aboutsummaryrefslogtreecommitdiff
path: root/openssl/demos/tunala/tunala.h
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/demos/tunala/tunala.h')
-rw-r--r--openssl/demos/tunala/tunala.h363
1 files changed, 196 insertions, 167 deletions
diff --git a/openssl/demos/tunala/tunala.h b/openssl/demos/tunala/tunala.h
index 3a752f259..28860d781 100644
--- a/openssl/demos/tunala/tunala.h
+++ b/openssl/demos/tunala/tunala.h
@@ -1,215 +1,244 @@
-/* Tunala ("Tunneler with a New Zealand accent")
- *
- * Written by Geoff Thorpe, but endorsed/supported by noone. Please use this is
- * if it's useful or informative to you, but it's only here as a scratchpad for
- * ideas about how you might (or might not) program with OpenSSL. If you deploy
- * this is in a mission-critical environment, and have not read, understood,
- * audited, and modified this code to your satisfaction, and the result is that
- * all hell breaks loose and you are looking for a new employer, then it proves
- * nothing except perhaps that Darwinism is alive and well. Let's just say, *I*
- * don't use this in a mission-critical environment, so it would be stupid for
- * anyone to assume that it is solid and/or tested enough when even its author
- * doesn't place that much trust in it. You have been warned.
- *
+/*
+ * Tunala ("Tunneler with a New Zealand accent") Written by Geoff Thorpe,
+ * but endorsed/supported by noone. Please use this is if it's useful or
+ * informative to you, but it's only here as a scratchpad for ideas about how
+ * you might (or might not) program with OpenSSL. If you deploy this is in a
+ * mission-critical environment, and have not read, understood, audited, and
+ * modified this code to your satisfaction, and the result is that all hell
+ * breaks loose and you are looking for a new employer, then it proves
+ * nothing except perhaps that Darwinism is alive and well. Let's just say,
+ * *I* don't use this in a mission-critical environment, so it would be
+ * stupid for anyone to assume that it is solid and/or tested enough when
+ * even its author doesn't place that much trust in it. You have been warned.
* With thanks to Cryptographic Appliances, Inc.
*/
#ifndef _TUNALA_H
-#define _TUNALA_H
+# define _TUNALA_H
/* pull in autoconf fluff */
-#ifndef NO_CONFIG_H
-#include "config.h"
-#else
-/* We don't have autoconf, we have to set all of these unless a tweaked Makefile
- * tells us not to ... */
+# ifndef NO_CONFIG_H
+# include "config.h"
+# else
+/*
+ * We don't have autoconf, we have to set all of these unless a tweaked
+ * Makefile tells us not to ...
+ */
/* headers */
-#ifndef NO_HAVE_SELECT
-#define HAVE_SELECT
-#endif
-#ifndef NO_HAVE_SOCKET
-#define HAVE_SOCKET
-#endif
-#ifndef NO_HAVE_UNISTD_H
-#define HAVE_UNISTD_H
-#endif
-#ifndef NO_HAVE_FCNTL_H
-#define HAVE_FCNTL_H
-#endif
-#ifndef NO_HAVE_LIMITS_H
-#define HAVE_LIMITS_H
-#endif
+# ifndef NO_HAVE_SELECT
+# define HAVE_SELECT
+# endif
+# ifndef NO_HAVE_SOCKET
+# define HAVE_SOCKET
+# endif
+# ifndef NO_HAVE_UNISTD_H
+# define HAVE_UNISTD_H
+# endif
+# ifndef NO_HAVE_FCNTL_H
+# define HAVE_FCNTL_H
+# endif
+# ifndef NO_HAVE_LIMITS_H
+# define HAVE_LIMITS_H
+# endif
/* features */
-#ifndef NO_HAVE_STRSTR
-#define HAVE_STRSTR
-#endif
-#ifndef NO_HAVE_STRTOUL
-#define HAVE_STRTOUL
-#endif
-#endif
-
-#if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
-#error "can't build without some network basics like select() and socket()"
-#endif
-
-#include <stdlib.h>
-#ifndef NO_SYSTEM_H
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-#include <netdb.h>
-#include <signal.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#endif /* !defined(NO_SYSTEM_H) */
-
-#ifndef NO_OPENSSL
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include <openssl/ssl.h>
-#endif /* !defined(NO_OPENSSL) */
-
-#ifndef OPENSSL_NO_BUFFER
-/* This is the generic "buffer" type that is used when feeding the
+# ifndef NO_HAVE_STRSTR
+# define HAVE_STRSTR
+# endif
+# ifndef NO_HAVE_STRTOUL
+# define HAVE_STRTOUL
+# endif
+# endif
+
+# if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
+# error "can't build without some network basics like select() and socket()"
+# endif
+
+# include <stdlib.h>
+# ifndef NO_SYSTEM_H
+# include <string.h>
+# ifdef HAVE_UNISTD_H
+# include <unistd.h>
+# endif
+# ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+# endif
+# ifdef HAVE_LIMITS_H
+# include <limits.h>
+# endif
+# include <netdb.h>
+# include <signal.h>
+# include <sys/socket.h>
+# include <sys/types.h>
+# include <netinet/in.h>
+# endif /* !defined(NO_SYSTEM_H) */
+
+# ifndef NO_OPENSSL
+# include <openssl/err.h>
+# include <openssl/engine.h>
+# include <openssl/ssl.h>
+# endif /* !defined(NO_OPENSSL) */
+
+# ifndef OPENSSL_NO_BUFFER
+/*
+ * This is the generic "buffer" type that is used when feeding the
* state-machine. It's basically a FIFO with respect to the "adddata" &
- * "takedata" type functions that operate on it. */
-#define MAX_DATA_SIZE 16384
+ * "takedata" type functions that operate on it.
+ */
+# define MAX_DATA_SIZE 16384
typedef struct _buffer_t {
- unsigned char data[MAX_DATA_SIZE];
- unsigned int used;
- /* Statistical values - counts the total number of bytes read in and
- * read out (respectively) since "buffer_init()" */
- unsigned long total_in, total_out;
+ unsigned char data[MAX_DATA_SIZE];
+ unsigned int used;
+ /*
+ * Statistical values - counts the total number of bytes read in and read
+ * out (respectively) since "buffer_init()"
+ */
+ unsigned long total_in, total_out;
} buffer_t;
/* Initialise a buffer structure before use */
-void buffer_init(buffer_t *buf);
-/* Cleanup a buffer structure - presently not needed, but if buffer_t is
- * converted to using dynamic allocation, this would be required - so should be
- * called to protect against an explosion of memory leaks later if the change is
- * made. */
-void buffer_close(buffer_t *buf);
+void buffer_init(buffer_t * buf);
+/*
+ * Cleanup a buffer structure - presently not needed, but if buffer_t is
+ * converted to using dynamic allocation, this would be required - so should
+ * be called to protect against an explosion of memory leaks later if the
+ * change is made.
+ */
+void buffer_close(buffer_t * buf);
/* Basic functions to manipulate buffers */
-unsigned int buffer_used(buffer_t *buf); /* How much data in the buffer */
-unsigned int buffer_unused(buffer_t *buf); /* How much space in the buffer */
-int buffer_full(buffer_t *buf); /* Boolean, is it full? */
-int buffer_notfull(buffer_t *buf); /* Boolean, is it not full? */
-int buffer_empty(buffer_t *buf); /* Boolean, is it empty? */
-int buffer_notempty(buffer_t *buf); /* Boolean, is it not empty? */
-unsigned long buffer_total_in(buffer_t *buf); /* Total bytes written to buffer */
-unsigned long buffer_total_out(buffer_t *buf); /* Total bytes read from buffer */
-
-#if 0 /* Currently used only within buffer.c - better to expose only
- * higher-level functions anyway */
-/* Add data to the tail of the buffer, returns the amount that was actually
- * added (so, you need to check if return value is less than size) */
-unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
- unsigned int size);
-
-/* Take data from the front of the buffer (and scroll the rest forward). If
+unsigned int buffer_used(buffer_t * buf); /* How much data in the buffer */
+unsigned int buffer_unused(buffer_t * buf); /* How much space in the buffer */
+int buffer_full(buffer_t * buf); /* Boolean, is it full? */
+int buffer_notfull(buffer_t * buf); /* Boolean, is it not full? */
+int buffer_empty(buffer_t * buf); /* Boolean, is it empty? */
+int buffer_notempty(buffer_t * buf); /* Boolean, is it not empty? */
+unsigned long buffer_total_in(buffer_t * buf); /* Total bytes written to
+ * buffer */
+unsigned long buffer_total_out(buffer_t * buf); /* Total bytes read from
+ * buffer */
+
+# if 0 /* Currently used only within buffer.c -
+ * better to expose only higher-level
+ * functions anyway */
+/*
+ * Add data to the tail of the buffer, returns the amount that was actually
+ * added (so, you need to check if return value is less than size)
+ */
+unsigned int buffer_adddata(buffer_t * buf, const unsigned char *ptr,
+ unsigned int size);
+
+/*
+ * Take data from the front of the buffer (and scroll the rest forward). If
* "ptr" is NULL, this just removes data off the front of the buffer. Return
- * value is the amount actually removed (can be less than size if the buffer has
- * too little data). */
-unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
- unsigned int size);
-
-/* Flushes as much data as possible out of the "from" buffer into the "to"
- * buffer. Return value is the amount moved. The amount moved can be restricted
- * to a maximum by specifying "cap" - setting it to -1 means no limit. */
-unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap);
-#endif
-
-#ifndef NO_IP
+ * value is the amount actually removed (can be less than size if the buffer
+ * has too little data).
+ */
+unsigned int buffer_takedata(buffer_t * buf, unsigned char *ptr,
+ unsigned int size);
+
+/*
+ * Flushes as much data as possible out of the "from" buffer into the "to"
+ * buffer. Return value is the amount moved. The amount moved can be
+ * restricted to a maximum by specifying "cap" - setting it to -1 means no
+ * limit.
+ */
+unsigned int buffer_tobuffer(buffer_t * to, buffer_t * from, int cap);
+# endif
+
+# ifndef NO_IP
/* Read or write between a file-descriptor and a buffer */
-int buffer_from_fd(buffer_t *buf, int fd);
-int buffer_to_fd(buffer_t *buf, int fd);
-#endif /* !defined(NO_IP) */
+int buffer_from_fd(buffer_t * buf, int fd);
+int buffer_to_fd(buffer_t * buf, int fd);
+# endif /* !defined(NO_IP) */
-#ifndef NO_OPENSSL
+# ifndef NO_OPENSSL
/* Read or write between an SSL or BIO and a buffer */
-void buffer_from_SSL(buffer_t *buf, SSL *ssl);
-void buffer_to_SSL(buffer_t *buf, SSL *ssl);
-void buffer_from_BIO(buffer_t *buf, BIO *bio);
-void buffer_to_BIO(buffer_t *buf, BIO *bio);
+void buffer_from_SSL(buffer_t * buf, SSL *ssl);
+void buffer_to_SSL(buffer_t * buf, SSL *ssl);
+void buffer_from_BIO(buffer_t * buf, BIO *bio);
+void buffer_to_BIO(buffer_t * buf, BIO *bio);
/* Callbacks */
void cb_ssl_info(const SSL *s, int where, int ret);
-void cb_ssl_info_set_output(FILE *fp); /* Called if output should be sent too */
+/* Called if output should be sent too */
+void cb_ssl_info_set_output(FILE *fp);
int cb_ssl_verify(int ok, X509_STORE_CTX *ctx);
void cb_ssl_verify_set_output(FILE *fp);
void cb_ssl_verify_set_depth(unsigned int verify_depth);
void cb_ssl_verify_set_level(unsigned int level);
RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength);
-#endif /* !defined(NO_OPENSSL) */
-#endif /* !defined(OPENSSL_NO_BUFFER) */
+# endif /* !defined(NO_OPENSSL) */
+# endif /* !defined(OPENSSL_NO_BUFFER) */
-#ifndef NO_TUNALA
-#ifdef OPENSSL_NO_BUFFER
-#error "TUNALA section of tunala.h requires BUFFER support"
-#endif
+# ifndef NO_TUNALA
+# ifdef OPENSSL_NO_BUFFER
+# error "TUNALA section of tunala.h requires BUFFER support"
+# endif
typedef struct _state_machine_t {
- SSL *ssl;
- BIO *bio_intossl;
- BIO *bio_fromssl;
- buffer_t clean_in, clean_out;
- buffer_t dirty_in, dirty_out;
+ SSL *ssl;
+ BIO *bio_intossl;
+ BIO *bio_fromssl;
+ buffer_t clean_in, clean_out;
+ buffer_t dirty_in, dirty_out;
} state_machine_t;
typedef enum {
- SM_CLEAN_IN, SM_CLEAN_OUT,
- SM_DIRTY_IN, SM_DIRTY_OUT
+ SM_CLEAN_IN, SM_CLEAN_OUT,
+ SM_DIRTY_IN, SM_DIRTY_OUT
} sm_buffer_t;
-void state_machine_init(state_machine_t *machine);
-void state_machine_close(state_machine_t *machine);
-buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type);
-SSL *state_machine_get_SSL(state_machine_t *machine);
-int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server);
+void state_machine_init(state_machine_t * machine);
+void state_machine_close(state_machine_t * machine);
+buffer_t *state_machine_get_buffer(state_machine_t * machine,
+ sm_buffer_t type);
+SSL *state_machine_get_SSL(state_machine_t * machine);
+int state_machine_set_SSL(state_machine_t * machine, SSL *ssl, int is_server);
/* Performs the data-IO loop and returns zero if the machine should close */
-int state_machine_churn(state_machine_t *machine);
-/* Is used to handle closing conditions - namely when one side of the tunnel has
- * closed but the other should finish flushing. */
-int state_machine_close_clean(state_machine_t *machine);
-int state_machine_close_dirty(state_machine_t *machine);
-#endif /* !defined(NO_TUNALA) */
-
-#ifndef NO_IP
-/* Initialise anything related to the networking. This includes blocking pesky
- * SIGPIPE signals. */
+int state_machine_churn(state_machine_t * machine);
+/*
+ * Is used to handle closing conditions - namely when one side of the tunnel
+ * has closed but the other should finish flushing.
+ */
+int state_machine_close_clean(state_machine_t * machine);
+int state_machine_close_dirty(state_machine_t * machine);
+# endif /* !defined(NO_TUNALA) */
+
+# ifndef NO_IP
+/*
+ * Initialise anything related to the networking. This includes blocking
+ * pesky SIGPIPE signals.
+ */
int ip_initialise(void);
-/* ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port is
- * the port to listen on (host byte order), and the return value is the
- * file-descriptor or -1 on error. */
+/*
+ * ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port
+ * is the port to listen on (host byte order), and the return value is the
+ * file-descriptor or -1 on error.
+ */
int ip_create_listener_split(const char *ip, unsigned short port);
/* Same semantics as above. */
int ip_create_connection_split(const char *ip, unsigned short port);
/* Converts a string into the ip/port before calling the above */
int ip_create_listener(const char *address);
int ip_create_connection(const char *address);
-/* Just does a string conversion on its own. NB: If accept_all_ip is non-zero,
- * then the address string could be just a port. Ie. it's suitable for a
- * listening address but not a connecting address. */
+/*
+ * Just does a string conversion on its own. NB: If accept_all_ip is
+ * non-zero, then the address string could be just a port. Ie. it's suitable
+ * for a listening address but not a connecting address.
+ */
int ip_parse_address(const char *address, const char **parsed_ip,
- unsigned short *port, int accept_all_ip);
-/* Accepts an incoming connection through the listener. Assumes selects and
- * what-not have deemed it an appropriate thing to do. */
+ unsigned short *port, int accept_all_ip);
+/*
+ * Accepts an incoming connection through the listener. Assumes selects and
+ * what-not have deemed it an appropriate thing to do.
+ */
int ip_accept_connection(int listen_fd);
-#endif /* !defined(NO_IP) */
+# endif /* !defined(NO_IP) */
/* These functions wrap up things that can be portability hassles. */
int int_strtoul(const char *str, unsigned long *val);
-#ifdef HAVE_STRSTR
-#define int_strstr strstr
-#else
+# ifdef HAVE_STRSTR
+# define int_strstr strstr
+# else
char *int_strstr(const char *haystack, const char *needle);
-#endif
+# endif
-#endif /* !defined(_TUNALA_H) */
+#endif /* !defined(_TUNALA_H) */