diff options
Diffstat (limited to 'runtime/nsd_ossl.h')
| -rw-r--r-- | runtime/nsd_ossl.h | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/runtime/nsd_ossl.h b/runtime/nsd_ossl.h new file mode 100644 index 0000000..000b277 --- /dev/null +++ b/runtime/nsd_ossl.h @@ -0,0 +1,85 @@ +/* An implementation of the nsd interface for OpenSSL. + * + * Copyright 2018-2023 Adiscon GmbH. + * Author: Andre Lorbach + * + * This file is part of the rsyslog runtime library. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * -or- + * see COPYING.ASL20 in the source distribution + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef INCLUDED_NSD_OSSL_H +#define INCLUDED_NSD_OSSL_H + +#include "nsd.h" + +#define NSD_OSSL_MAX_RCVBUF 16 * 1024 + 1/* TLS RFC 8449: max size of buffer for message reception */ + +typedef enum { + osslRtry_None = 0, /**< no call needs to be retried */ + osslRtry_handshake = 1, + osslRtry_recv = 2 +} osslRtryCall_t; /**< IDs of calls that needs to be retried */ + +typedef nsd_if_t nsd_ossl_if_t; /* we just *implement* this interface */ + +/* the nsd_ossl object */ +struct nsd_ossl_s { + BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ + nsd_t *pTcp; /**< our aggregated nsd_ptcp data */ + uchar *pszConnectHost; /**< hostname used for connect - may be used to + authenticate peer if no other name given */ + int iMode; /* 0 - plain tcp, 1 - TLS */ + int bAbortConn; /* if set, abort conncection (fatal error had happened) */ + PermitExpiredCerts permitExpiredCerts; + osslRtryCall_t rtryCall;/**< what must we retry? */ + int rtryOsslErr; /**< store ssl error code into like SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE */ + int bIsInitiator; /**< 0 if socket is the server end (listener), 1 if it is the initiator */ + int bHaveSess; /* as we don't know exactly which gnutls_session values + are invalid, we use this one to flag whether or + not we are in a session (same as -1 for a socket + meaning no sess) */ + uchar *gnutlsPriorityString; /* gnutls priority string */ + int DrvrVerifyDepth; /* Verify Depth for certificate chains */ + short bOurCertIsInit; /**< 1 if our certificate is initialized and must be deinit on destruction */ + short bOurKeyIsInit; /**< 1 if our private key is initialized and must be deinit on destruction */ + char *pszRcvBuf; + int lenRcvBuf; + /**< -1: empty, 0: connection closed, 1..NSD_OSSL_MAX_RCVBUF-1: data of that size present */ + int ptrRcvBuf; /**< offset for next recv operation if 0 < lenRcvBuf < NSD_OSSL_MAX_RCVBUF */ + + /* OpenSSL and Config Cert vars inside net_ossl_t now */ + net_ossl_t *pNetOssl; /* OSSL shared Config and object vars are here */ +}; + +/* interface is defined in nsd.h, we just implement it! */ +#define nsd_osslCURR_IF_VERSION nsdCURR_IF_VERSION + +/* prototypes */ +PROTOTYPEObj(nsd_ossl); + +/* some prototypes for things used by our nsdsel_ossl helper class */ +uchar *osslStrerror(int error); +rsRetVal osslChkPeerAuth(nsd_ossl_t *pThis); +rsRetVal osslRecordRecv(nsd_ossl_t *pThis); +rsRetVal osslHandshakeCheck(nsd_ossl_t *pNsd); +void nsd_ossl_lastOpenSSLErrorMsg(nsd_ossl_t const *pThis, const int ret, SSL *ssl, int severity, + const char* pszCallSource, const char* pszOsslApi); +rsRetVal osslPostHandshakeCheck(nsd_ossl_t *pNsd); + +/* the name of our library binary */ +#define LM_NSD_OSSL_FILENAME "lmnsd_ossl" + +#endif /* #ifndef INCLUDED_NSD_OSSL_H */ |