You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
164 lines
5.0 KiB
164 lines
5.0 KiB
#include "tunala.h" |
|
|
|
#ifndef NO_TUNALA |
|
|
|
void state_machine_init(state_machine_t * machine) |
|
{ |
|
machine->ssl = NULL; |
|
machine->bio_intossl = machine->bio_fromssl = NULL; |
|
buffer_init(&machine->clean_in); |
|
buffer_init(&machine->clean_out); |
|
buffer_init(&machine->dirty_in); |
|
buffer_init(&machine->dirty_out); |
|
} |
|
|
|
void state_machine_close(state_machine_t * machine) |
|
{ |
|
if (machine->ssl) |
|
SSL_free(machine->ssl); |
|
/* |
|
* SSL_free seems to decrement the reference counts already so doing this |
|
* goes kaboom. |
|
*/ |
|
# if 0 |
|
if (machine->bio_intossl) |
|
BIO_free(machine->bio_intossl); |
|
if (machine->bio_fromssl) |
|
BIO_free(machine->bio_fromssl); |
|
# endif |
|
buffer_close(&machine->clean_in); |
|
buffer_close(&machine->clean_out); |
|
buffer_close(&machine->dirty_in); |
|
buffer_close(&machine->dirty_out); |
|
state_machine_init(machine); |
|
} |
|
|
|
buffer_t *state_machine_get_buffer(state_machine_t * machine, |
|
sm_buffer_t type) |
|
{ |
|
switch (type) { |
|
case SM_CLEAN_IN: |
|
return &machine->clean_in; |
|
case SM_CLEAN_OUT: |
|
return &machine->clean_out; |
|
case SM_DIRTY_IN: |
|
return &machine->dirty_in; |
|
case SM_DIRTY_OUT: |
|
return &machine->dirty_out; |
|
default: |
|
break; |
|
} |
|
/* Should never get here */ |
|
abort(); |
|
return NULL; |
|
} |
|
|
|
SSL *state_machine_get_SSL(state_machine_t * machine) |
|
{ |
|
return machine->ssl; |
|
} |
|
|
|
int state_machine_set_SSL(state_machine_t * machine, SSL *ssl, int is_server) |
|
{ |
|
if (machine->ssl) |
|
/* Shouldn't ever be set twice */ |
|
abort(); |
|
machine->ssl = ssl; |
|
/* Create the BIOs to handle the dirty side of the SSL */ |
|
if ((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL) |
|
abort(); |
|
if ((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL) |
|
abort(); |
|
/* Hook up the BIOs on the dirty side of the SSL */ |
|
SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl); |
|
if (is_server) |
|
SSL_set_accept_state(machine->ssl); |
|
else |
|
SSL_set_connect_state(machine->ssl); |
|
/* |
|
* If we're the first one to generate traffic - do it now otherwise we go |
|
* into the next select empty-handed and our peer will not send data but |
|
* will similarly wait for us. |
|
*/ |
|
return state_machine_churn(machine); |
|
} |
|
|
|
/* Performs the data-IO loop and returns zero if the machine should close */ |
|
int state_machine_churn(state_machine_t * machine) |
|
{ |
|
unsigned int loop; |
|
if (machine->ssl == NULL) { |
|
if (buffer_empty(&machine->clean_out)) |
|
/* Time to close this state-machine altogether */ |
|
return 0; |
|
else |
|
/* Still buffered data on the clean side to go out */ |
|
return 1; |
|
} |
|
/* |
|
* Do this loop twice to cover any dependencies about which precise order |
|
* of reads and writes is required. |
|
*/ |
|
for (loop = 0; loop < 2; loop++) { |
|
buffer_to_SSL(&machine->clean_in, machine->ssl); |
|
buffer_to_BIO(&machine->dirty_in, machine->bio_intossl); |
|
buffer_from_SSL(&machine->clean_out, machine->ssl); |
|
buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl); |
|
} |
|
/* |
|
* We close on the SSL side if the info callback noticed some problems or |
|
* an SSL shutdown was underway and shutdown traffic had all been sent. |
|
*/ |
|
if (SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) && |
|
buffer_empty(&machine->dirty_out))) |
|
{ |
|
/* Great, we can seal off the dirty side completely */ |
|
if (!state_machine_close_dirty(machine)) |
|
return 0; |
|
} |
|
/* |
|
* Either the SSL is alive and well, or the closing process still has |
|
* outgoing data waiting to be sent |
|
*/ |
|
return 1; |
|
} |
|
|
|
/* Called when the clean side of the SSL has lost its connection */ |
|
int state_machine_close_clean(state_machine_t * machine) |
|
{ |
|
/* |
|
* Well, first thing to do is null out the clean-side buffers - they're |
|
* no use any more. |
|
*/ |
|
buffer_close(&machine->clean_in); |
|
buffer_close(&machine->clean_out); |
|
/* And start an SSL shutdown */ |
|
if (machine->ssl) |
|
SSL_shutdown(machine->ssl); |
|
/* This is an "event", so flush the SSL of any generated traffic */ |
|
state_machine_churn(machine); |
|
if (buffer_empty(&machine->dirty_in) && buffer_empty(&machine->dirty_out)) |
|
return 0; |
|
return 1; |
|
} |
|
|
|
/* |
|
* Called when the dirty side of the SSL has lost its connection. This is |
|
* pretty terminal as all that can be left to do is send any buffered output |
|
* on the clean side - after that, we're done. |
|
*/ |
|
int state_machine_close_dirty(state_machine_t * machine) |
|
{ |
|
buffer_close(&machine->dirty_in); |
|
buffer_close(&machine->dirty_out); |
|
buffer_close(&machine->clean_in); |
|
if (machine->ssl) |
|
SSL_free(machine->ssl); |
|
machine->ssl = NULL; |
|
machine->bio_intossl = machine->bio_fromssl = NULL; |
|
if (buffer_empty(&machine->clean_out)) |
|
return 0; |
|
return 1; |
|
} |
|
|
|
#endif /* !defined(NO_TUNALA) */
|
|
|