diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-22 02:47:42 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:52:55 +0000 |
commit | 40720ce3caf44294b5b87a18856b7aef06123314 (patch) | |
tree | 30d57dec407c05fe6ea57275517805e8c79a7dcc /demos/tunala | |
parent | 9d03aabea3ead1fe6a194297ddffd4a87f89b93c (diff) |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'demos/tunala')
-rw-r--r-- | demos/tunala/breakage.c | 106 | ||||
-rw-r--r-- | demos/tunala/buffer.c | 409 | ||||
-rw-r--r-- | demos/tunala/cb.c | 198 | ||||
-rw-r--r-- | demos/tunala/ip.c | 221 | ||||
-rw-r--r-- | demos/tunala/sm.c | 255 | ||||
-rw-r--r-- | demos/tunala/tunala.c | 1923 | ||||
-rw-r--r-- | demos/tunala/tunala.h | 360 |
7 files changed, 1816 insertions, 1656 deletions
diff --git a/demos/tunala/breakage.c b/demos/tunala/breakage.c index dcdd64b0ef..16a3b9e0c8 100644 --- a/demos/tunala/breakage.c +++ b/demos/tunala/breakage.c @@ -3,64 +3,66 @@ int int_strtoul(const char *str, unsigned long *val) { #ifdef HAVE_STRTOUL - char *tmp; - unsigned long ret = strtoul(str, &tmp, 10); - if((str == tmp) || (*tmp != '\0')) - /* The value didn't parse cleanly */ - return 0; - if(ret == ULONG_MAX) - /* We hit a limit */ - return 0; - *val = ret; - return 1; + char *tmp; + unsigned long ret = strtoul(str, &tmp, 10); + if ((str == tmp) || (*tmp != '\0')) + /* The value didn't parse cleanly */ + return 0; + if (ret == ULONG_MAX) + /* We hit a limit */ + return 0; + *val = ret; + return 1; #else - char buf[2]; - unsigned long ret = 0; - buf[1] = '\0'; - if(str == '\0') - /* An empty string ... */ - return 0; - while(*str != '\0') { - /* We have to multiply 'ret' by 10 before absorbing the next - * digit. If this will overflow, catch it now. */ - if(ret && (((ULONG_MAX + 10) / ret) < 10)) - return 0; - ret *= 10; - if(!isdigit(*str)) - return 0; - buf[0] = *str; - ret += atoi(buf); - str++; - } - *val = ret; - return 1; + char buf[2]; + unsigned long ret = 0; + buf[1] = '\0'; + if (str == '\0') + /* An empty string ... */ + return 0; + while (*str != '\0') { + /* + * We have to multiply 'ret' by 10 before absorbing the next digit. + * If this will overflow, catch it now. + */ + if (ret && (((ULONG_MAX + 10) / ret) < 10)) + return 0; + ret *= 10; + if (!isdigit(*str)) + return 0; + buf[0] = *str; + ret += atoi(buf); + str++; + } + *val = ret; + return 1; #endif } #ifndef HAVE_STRSTR char *int_strstr(const char *haystack, const char *needle) { - const char *sub_haystack = haystack, *sub_needle = needle; - unsigned int offset = 0; - if(!needle) - return haystack; - if(!haystack) - return NULL; - while((*sub_haystack != '\0') && (*sub_needle != '\0')) { - if(sub_haystack[offset] == sub_needle) { - /* sub_haystack is still a candidate */ - offset++; - sub_needle++; - } else { - /* sub_haystack is no longer a possibility */ - sub_haystack++; - offset = 0; - sub_needle = needle; - } - } - if(*sub_haystack == '\0') - /* Found nothing */ - return NULL; - return sub_haystack; + const char *sub_haystack = haystack, *sub_needle = needle; + unsigned int offset = 0; + if (!needle) + return haystack; + if (!haystack) + return NULL; + while ((*sub_haystack != '\0') && (*sub_needle != '\0')) { + if (sub_haystack[offset] == sub_needle) { + /* sub_haystack is still a candidate */ + offset++; + sub_needle++; + } else { + /* sub_haystack is no longer a possibility */ + sub_haystack++; + offset = 0; + sub_needle = needle; + } + } + if (*sub_haystack == '\0') + /* Found nothing */ + return NULL; + return sub_haystack; } #endif diff --git a/demos/tunala/buffer.c b/demos/tunala/buffer.c index c5cd004209..8e2cc9d200 100644 --- a/demos/tunala/buffer.c +++ b/demos/tunala/buffer.c @@ -2,204 +2,235 @@ #ifndef NO_BUFFER -void buffer_init(buffer_t *buf) +void buffer_init(buffer_t * buf) { - buf->used = 0; - buf->total_in = buf->total_out = 0; + buf->used = 0; + buf->total_in = buf->total_out = 0; } -void buffer_close(buffer_t *buf) +void buffer_close(buffer_t * buf) { - /* Our data is static - nothing needs "release", just reset it */ - buf->used = 0; + /* Our data is static - nothing needs "release", just reset it */ + buf->used = 0; } /* Code these simple ones in compact form */ -unsigned int buffer_used(buffer_t *buf) { - return buf->used; } -unsigned int buffer_unused(buffer_t *buf) { - return (MAX_DATA_SIZE - buf->used); } -int buffer_full(buffer_t *buf) { - return (buf->used == MAX_DATA_SIZE ? 1 : 0); } -int buffer_notfull(buffer_t *buf) { - return (buf->used < MAX_DATA_SIZE ? 1 : 0); } -int buffer_empty(buffer_t *buf) { - return (buf->used == 0 ? 1 : 0); } -int buffer_notempty(buffer_t *buf) { - return (buf->used > 0 ? 1 : 0); } -unsigned long buffer_total_in(buffer_t *buf) { - return buf->total_in; } -unsigned long buffer_total_out(buffer_t *buf) { - return buf->total_out; } - -/* These 3 static (internal) functions don't adjust the "total" variables as +unsigned int buffer_used(buffer_t * buf) +{ + return buf->used; +} + +unsigned int buffer_unused(buffer_t * buf) +{ + return (MAX_DATA_SIZE - buf->used); +} + +int buffer_full(buffer_t * buf) +{ + return (buf->used == MAX_DATA_SIZE ? 1 : 0); +} + +int buffer_notfull(buffer_t * buf) +{ + return (buf->used < MAX_DATA_SIZE ? 1 : 0); +} + +int buffer_empty(buffer_t * buf) +{ + return (buf->used == 0 ? 1 : 0); +} + +int buffer_notempty(buffer_t * buf) +{ + return (buf->used > 0 ? 1 : 0); +} + +unsigned long buffer_total_in(buffer_t * buf) +{ + return buf->total_in; +} + +unsigned long buffer_total_out(buffer_t * buf) +{ + return buf->total_out; +} + +/* + * These 3 static (internal) functions don't adjust the "total" variables as * it's not sure when they're called how it should be interpreted. Only the * higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these - * values. */ -#if 0 /* To avoid "unused" warnings */ -static unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr, - unsigned int size) -{ - unsigned int added = MAX_DATA_SIZE - buf->used; - if(added > size) - added = size; - if(added == 0) - return 0; - memcpy(buf->data + buf->used, ptr, added); - buf->used += added; - buf->total_in += added; - return added; -} - -static unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap) -{ - unsigned int moved, tomove = from->used; - if((int)tomove > cap) - tomove = cap; - if(tomove == 0) - return 0; - moved = buffer_adddata(to, from->data, tomove); - if(moved == 0) - return 0; - buffer_takedata(from, NULL, moved); - return moved; -} -#endif - -static unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr, - unsigned int size) -{ - unsigned int taken = buf->used; - if(taken > size) - taken = size; - if(taken == 0) - return 0; - if(ptr) - memcpy(ptr, buf->data, taken); - buf->used -= taken; - /* Do we have to scroll? */ - if(buf->used > 0) - memmove(buf->data, buf->data + taken, buf->used); - return taken; -} - -#ifndef NO_IP - -int buffer_from_fd(buffer_t *buf, int fd) -{ - int toread = buffer_unused(buf); - if(toread == 0) - /* Shouldn't be called in this case! */ - abort(); - toread = read(fd, buf->data + buf->used, toread); - if(toread > 0) { - buf->used += toread; - buf->total_in += toread; - } - return toread; -} - -int buffer_to_fd(buffer_t *buf, int fd) -{ - int towrite = buffer_used(buf); - if(towrite == 0) - /* Shouldn't be called in this case! */ - abort(); - towrite = write(fd, buf->data, towrite); - if(towrite > 0) { - buffer_takedata(buf, NULL, towrite); - buf->total_out += towrite; - } - return towrite; -} - -#endif /* !defined(NO_IP) */ - -#ifndef NO_OPENSSL + * values. + */ +# if 0 /* To avoid "unused" warnings */ +static unsigned int buffer_adddata(buffer_t * buf, const unsigned char *ptr, + unsigned int size) +{ + unsigned int added = MAX_DATA_SIZE - buf->used; + if (added > size) + added = size; + if (added == 0) + return 0; + memcpy(buf->data + buf->used, ptr, added); + buf->used += added; + buf->total_in += added; + return added; +} + +static unsigned int buffer_tobuffer(buffer_t * to, buffer_t * from, int cap) +{ + unsigned int moved, tomove = from->used; + if ((int)tomove > cap) + tomove = cap; + if (tomove == 0) + return 0; + moved = buffer_adddata(to, from->data, tomove); + if (moved == 0) + return 0; + buffer_takedata(from, NULL, moved); + return moved; +} +# endif + +static unsigned int buffer_takedata(buffer_t * buf, unsigned char *ptr, + unsigned int size) +{ + unsigned int taken = buf->used; + if (taken > size) + taken = size; + if (taken == 0) + return 0; + if (ptr) + memcpy(ptr, buf->data, taken); + buf->used -= taken; + /* Do we have to scroll? */ + if (buf->used > 0) + memmove(buf->data, buf->data + taken, buf->used); + return taken; +} + +# ifndef NO_IP + +int buffer_from_fd(buffer_t * buf, int fd) +{ + int toread = buffer_unused(buf); + if (toread == 0) + /* Shouldn't be called in this case! */ + abort(); + toread = read(fd, buf->data + buf->used, toread); + if (toread > 0) { + buf->used += toread; + buf->total_in += toread; + } + return toread; +} + +int buffer_to_fd(buffer_t * buf, int fd) +{ + int towrite = buffer_used(buf); + if (towrite == 0) + /* Shouldn't be called in this case! */ + abort(); + towrite = write(fd, buf->data, towrite); + if (towrite > 0) { + buffer_takedata(buf, NULL, towrite); + buf->total_out += towrite; + } + return towrite; +} + +# endif /* !defined(NO_IP) */ + +# ifndef NO_OPENSSL static void int_ssl_check(SSL *s, int ret) { - int e = SSL_get_error(s, ret); - switch(e) { - /* These seem to be harmless and already "dealt with" by our - * non-blocking environment. NB: "ZERO_RETURN" is the clean - * "error" indicating a successfully closed SSL tunnel. We let - * this happen because our IO loop should not appear to have - * broken on this condition - and outside the IO loop, the - * "shutdown" state is checked. */ - case SSL_ERROR_NONE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_X509_LOOKUP: - case SSL_ERROR_ZERO_RETURN: - return; - /* These seem to be indications of a genuine error that should - * result in the SSL tunnel being regarded as "dead". */ - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - SSL_set_app_data(s, (char *)1); - return; - default: - break; - } - /* For any other errors that (a) exist, and (b) crop up - we need to - * interpret what to do with them - so "politely inform" the caller that - * the code needs updating here. */ - abort(); -} - -void buffer_from_SSL(buffer_t *buf, SSL *ssl) -{ - int ret; - if(!ssl || buffer_full(buf)) - return; - ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf)); - if(ret > 0) { - buf->used += ret; - buf->total_in += ret; - } - if(ret < 0) - int_ssl_check(ssl, ret); -} - -void buffer_to_SSL(buffer_t *buf, SSL *ssl) -{ - int ret; - if(!ssl || buffer_empty(buf)) - return; - ret = SSL_write(ssl, buf->data, buf->used); - if(ret > 0) { - buffer_takedata(buf, NULL, ret); - buf->total_out += ret; - } - if(ret < 0) - int_ssl_check(ssl, ret); -} - -void buffer_from_BIO(buffer_t *buf, BIO *bio) -{ - int ret; - if(!bio || buffer_full(buf)) - return; - ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf)); - if(ret > 0) { - buf->used += ret; - buf->total_in += ret; - } -} - -void buffer_to_BIO(buffer_t *buf, BIO *bio) -{ - int ret; - if(!bio || buffer_empty(buf)) - return; - ret = BIO_write(bio, buf->data, buf->used); - if(ret > 0) { - buffer_takedata(buf, NULL, ret); - buf->total_out += ret; - } -} - -#endif /* !defined(NO_OPENSSL) */ - -#endif /* !defined(NO_BUFFER) */ + int e = SSL_get_error(s, ret); + switch (e) { + /* + * These seem to be harmless and already "dealt with" by our + * non-blocking environment. NB: "ZERO_RETURN" is the clean "error" + * indicating a successfully closed SSL tunnel. We let this happen + * because our IO loop should not appear to have broken on this + * condition - and outside the IO loop, the "shutdown" state is + * checked. + */ + case SSL_ERROR_NONE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_X509_LOOKUP: + case SSL_ERROR_ZERO_RETURN: + return; + /* + * These seem to be indications of a genuine error that should result + * in the SSL tunnel being regarded as "dead". + */ + case SSL_ERROR_SYSCALL: + case SSL_ERROR_SSL: + SSL_set_app_data(s, (char *)1); + return; + default: + break; + } + /* + * For any other errors that (a) exist, and (b) crop up - we need to + * interpret what to do with them - so "politely inform" the caller that + * the code needs updating here. + */ + abort(); +} + +void buffer_from_SSL(buffer_t * buf, SSL *ssl) +{ + int ret; + if (!ssl || buffer_full(buf)) + return; + ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf)); + if (ret > 0) { + buf->used += ret; + buf->total_in += ret; + } + if (ret < 0) + int_ssl_check(ssl, ret); +} + +void buffer_to_SSL(buffer_t * buf, SSL *ssl) +{ + int ret; + if (!ssl || buffer_empty(buf)) + return; + ret = SSL_write(ssl, buf->data, buf->used); + if (ret > 0) { + buffer_takedata(buf, NULL, ret); + buf->total_out += ret; + } + if (ret < 0) + int_ssl_check(ssl, ret); +} + +void buffer_from_BIO(buffer_t * buf, BIO *bio) +{ + int ret; + if (!bio || buffer_full(buf)) + return; + ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf)); + if (ret > 0) { + buf->used += ret; + buf->total_in += ret; + } +} + +void buffer_to_BIO(buffer_t * buf, BIO *bio) +{ + int ret; + if (!bio || buffer_empty(buf)) + return; + ret = BIO_write(bio, buf->data, buf->used); + if (ret > 0) { + buffer_takedata(buf, NULL, ret); + buf->total_out += ret; + } +} + +# endif /* !defined(NO_OPENSSL) */ + +#endif /* !defined(NO_BUFFER) */ diff --git a/demos/tunala/cb.c b/demos/tunala/cb.c index 0f6850ea97..deea66cc01 100644 --- a/demos/tunala/cb.c +++ b/demos/tunala/cb.c @@ -16,129 +16,139 @@ static unsigned int cb_ssl_verify_level = 1; /* Other static rubbish (to mirror s_cb.c where required) */ static int int_verify_depth = 10; -/* This function is largely borrowed from the one used in OpenSSL's "s_client" - * and "s_server" utilities. */ +/* + * This function is largely borrowed from the one used in OpenSSL's + * "s_client" and "s_server" utilities. + */ void cb_ssl_info(const SSL *s, int where, int ret) { - const char *str1, *str2; - int w; - - if(!fp_cb_ssl_info) - return; - - w = where & ~SSL_ST_MASK; - str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ? - "SSL_accept" : "undefined")), - str2 = SSL_state_string_long(s); - - if (where & SSL_CB_LOOP) - fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2); - else if (where & SSL_CB_EXIT) { - if (ret == 0) - fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2); -/* In a non-blocking model, we get a few of these "error"s simply because we're - * calling "reads" and "writes" on the state-machine that are virtual NOPs - * simply to avoid wasting the time seeing if we *should* call them. Removing - * this case makes the "-out_state" output a lot easier on the eye. */ -#if 0 - else if (ret < 0) - fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2); -#endif - } + const char *str1, *str2; + int w; + + if (!fp_cb_ssl_info) + return; + + w = where & ~SSL_ST_MASK; + str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ? + "SSL_accept" : + "undefined")), str2 = + SSL_state_string_long(s); + + if (where & SSL_CB_LOOP) + fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2); + else if (where & SSL_CB_EXIT) { + if (ret == 0) + fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2); + /* + * In a non-blocking model, we get a few of these "error"s simply + * because we're calling "reads" and "writes" on the state-machine + * that are virtual NOPs simply to avoid wasting the time seeing if + * we *should* call them. Removing this case makes the "-out_state" + * output a lot easier on the eye. + */ +# if 0 + else if (ret < 0) + fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2); +# endif + } } void cb_ssl_info_set_output(FILE *fp) { - fp_cb_ssl_info = fp; + fp_cb_ssl_info = fp; } -static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT"; +static const char *int_reason_no_issuer = + "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT"; static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID"; -static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD"; +static const char *int_reason_before = + "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD"; static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED"; -static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD"; +static const char *int_reason_after = + "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD"; /* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */ int cb_ssl_verify(int ok, X509_STORE_CTX *ctx) { - char buf1[256]; /* Used for the subject name */ - char buf2[256]; /* Used for the issuer name */ - const char *reason = NULL; /* Error reason (if any) */ - X509 *err_cert; - int err, depth; - - if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0)) - return ok; - err_cert = X509_STORE_CTX_get_current_cert(ctx); - err = X509_STORE_CTX_get_error(ctx); - depth = X509_STORE_CTX_get_error_depth(ctx); - - buf1[0] = buf2[0] = '\0'; - /* Fill buf1 */ - X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256); - /* Fill buf2 */ - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256); - switch (ctx->error) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - reason = int_reason_no_issuer; - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - reason = int_reason_not_yet; - break; - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - reason = int_reason_before; - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - reason = int_reason_expired; - break; - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - reason = int_reason_after; - break; - } - - if((cb_ssl_verify_level == 1) && ok) - return ok; - fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth); - if(reason) - fprintf(fp_cb_ssl_verify, "error=%s\n", reason); - else - fprintf(fp_cb_ssl_verify, "error=%d\n", err); - if(cb_ssl_verify_level < 3) - return ok; - fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1); - fprintf(fp_cb_ssl_verify, "--> issuer = %s\n", buf2); - if(!ok) - fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err, - X509_verify_cert_error_string(err)); - fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok); - return ok; + char buf1[256]; /* Used for the subject name */ + char buf2[256]; /* Used for the issuer name */ + const char *reason = NULL; /* Error reason (if any) */ + X509 *err_cert; + int err, depth; + + if (!fp_cb_ssl_verify || (cb_ssl_verify_level == 0)) + return ok; + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + + buf1[0] = buf2[0] = '\0'; + /* Fill buf1 */ + X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256); + /* Fill buf2 */ + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256); + switch (ctx->error) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + reason = int_reason_no_issuer; + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + reason = int_reason_not_yet; + break; + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + reason = int_reason_before; + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + reason = int_reason_expired; + break; + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + reason = int_reason_after; + break; + } + + if ((cb_ssl_verify_level == 1) && ok) + return ok; + fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth); + if (reason) + fprintf(fp_cb_ssl_verify, "error=%s\n", reason); + else + fprintf(fp_cb_ssl_verify, "error=%d\n", err); + if (cb_ssl_verify_level < 3) + return ok; + fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1); + fprintf(fp_cb_ssl_verify, "--> issuer = %s\n", buf2); + if (!ok) + fprintf(fp_cb_ssl_verify, "--> verify error:num=%d:%s\n", err, + X509_verify_cert_error_string(err)); + fprintf(fp_cb_ssl_verify, "--> verify return:%d\n", ok); + return ok; } void cb_ssl_verify_set_output(FILE *fp) { - fp_cb_ssl_verify = fp; + fp_cb_ssl_verify = fp; } void cb_ssl_verify_set_depth(unsigned int verify_depth) { - int_verify_depth = verify_depth; + int_verify_depth = verify_depth; } void cb_ssl_verify_set_level(unsigned int level) { - if(level < 4) - cb_ssl_verify_level = level; + if (level < 4) + cb_ssl_verify_level = level; } RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength) { - /* TODO: Perhaps make it so our global key can be generated on-the-fly - * after certain intervals? */ - static RSA *rsa_tmp = NULL; - if(!rsa_tmp) - rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); - return rsa_tmp; + /* + * TODO: Perhaps make it so our global key can be generated on-the-fly + * after certain intervals? + */ + static RSA *rsa_tmp = NULL; + if (!rsa_tmp) + rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); + return rsa_tmp; } -#endif /* !defined(NO_OPENSSL) */ - +#endif /* !defined(NO_OPENSSL) */ diff --git a/demos/tunala/ip.c b/demos/tunala/ip.c index 96ef4e6536..b172d2e4e2 100644 --- a/demos/tunala/ip.c +++ b/demos/tunala/ip.c @@ -2,145 +2,148 @@ #ifndef NO_IP -#define IP_LISTENER_BACKLOG 511 /* So if it gets masked by 256 or some other - such value it'll still be respectable */ +# define IP_LISTENER_BACKLOG 511/* So if it gets masked by 256 or some other + * such value it'll still be respectable */ /* Any IP-related initialisations. For now, this means blocking SIGPIPE */ int ip_initialise(void) { - struct sigaction sa; - - sa.sa_handler = SIG_IGN; - sa.sa_flags = 0; - sigemptyset(&sa.sa_mask); - if(sigaction(SIGPIPE, &sa, NULL) != 0) - return 0; - return 1; + struct sigaction sa; + + sa.sa_handler = SIG_IGN; + sa.sa_flags = 0; + sigemptyset(&sa.sa_mask); + if (sigaction(SIGPIPE, &sa, NULL) != 0) + return 0; + return 1; } int ip_create_listener_split(const char *ip, unsigned short port) { - struct sockaddr_in in_addr; - int fd = -1; - int reuseVal = 1; - - /* Create the socket */ - if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1) - goto err; - /* Set the SO_REUSEADDR flag - servers act weird without it */ - if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal), - sizeof(reuseVal)) != 0) - goto err; - /* Prepare the listen address stuff */ - in_addr.sin_family = AF_INET; - memcpy(&in_addr.sin_addr.s_addr, ip, 4); - in_addr.sin_port = htons(port); - /* Bind to the required port/address/interface */ - if(bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != 0) - goto err; - /* Start "listening" */ - if(listen(fd, IP_LISTENER_BACKLOG) != 0) - goto err; - return fd; -err: - if(fd != -1) - close(fd); - return -1; + struct sockaddr_in in_addr; + int fd = -1; + int reuseVal = 1; + + /* Create the socket */ + if ((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1) + goto err; + /* Set the SO_REUSEADDR flag - servers act weird without it */ + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal), + sizeof(reuseVal)) != 0) + goto err; + /* Prepare the listen address stuff */ + in_addr.sin_family = AF_INET; + memcpy(&in_addr.sin_addr.s_addr, ip, 4); + in_addr.sin_port = htons(port); + /* Bind to the required port/address/interface */ + if (bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != + 0) + goto err; + /* Start "listening" */ + if (listen(fd, IP_LISTENER_BACKLOG) != 0) + goto err; + return fd; + err: + if (fd != -1) + close(fd); + return -1; } int ip_create_connection_split(const char *ip, unsigned short port) { - struct sockaddr_in in_addr; - int flags, fd = -1; - - /* Create the socket */ - if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1) - goto err; - /* Make it non-blocking */ - if(((flags = fcntl(fd, F_GETFL, 0)) < 0) || - (fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0)) - goto err; - /* Prepare the connection address stuff */ - in_addr.sin_family = AF_INET; - memcpy(&in_addr.sin_addr.s_addr, ip, 4); - in_addr.sin_port = htons(port); - /* Start a connect (non-blocking, in all likelihood) */ - if((connect(fd, (struct sockaddr *)&in_addr, - sizeof(struct sockaddr_in)) != 0) && - (errno != EINPROGRESS)) - goto err; - return fd; -err: - if(fd != -1) - close(fd); - return -1; + struct sockaddr_in in_addr; + int flags, fd = -1; + + /* Create the socket */ + if ((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1) + goto err; + /* Make it non-blocking */ + if (((flags = fcntl(fd, F_GETFL, 0)) < 0) || + (fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0)) + goto err; + /* Prepare the connection address stuff */ + in_addr.sin_family = AF_INET; + memcpy(&in_addr.sin_addr.s_addr, ip, 4); + in_addr.sin_port = htons(port); + /* Start a connect (non-blocking, in all likelihood) */ + if ((connect(fd, (struct sockaddr *)&in_addr, + sizeof(struct sockaddr_in)) != 0) && (errno != EINPROGRESS)) + goto err; + return fd; + err: + if (fd != -1) + close(fd); + return -1; } -static char all_local_ip[] = {0x00,0x00,0x00,0x00}; +static char all_local_ip[] = { 0x00, 0x00, 0x00, 0x00 }; int ip_parse_address(const char *address, const char **parsed_ip, - unsigned short *parsed_port, int accept_all_ip) + unsigned short *parsed_port, int accept_all_ip) { - char buf[256]; - struct hostent *lookup; - unsigned long port; - const char *ptr = strstr(address, ":"); - const char *ip = all_local_ip; - - if(!ptr) { - /* We assume we're listening on all local interfaces and have - * only specified a port. */ - if(!accept_all_ip) - return 0; - ptr = address; - goto determine_port; - } - if((ptr - address) > 255) - return 0; - memset(buf, 0, 256); - memcpy(buf, address, ptr - address); - ptr++; - if((lookup = gethostbyname(buf)) == NULL) { - /* Spit a message to differentiate between lookup failures and - * bad strings. */ - fprintf(stderr, "hostname lookup for '%s' failed\n", buf); - return 0; - } - ip = lookup->h_addr_list[0]; -determine_port: - if(strlen(ptr) < 1) - return 0; - if(!int_strtoul(ptr, &port) || (port > 65535)) - return 0; - *parsed_ip = ip; - *parsed_port = (unsigned short)port; - return 1; + char buf[256]; + struct hostent *lookup; + unsigned long port; + const char *ptr = strstr(address, ":"); + const char *ip = all_local_ip; + + if (!ptr) { + /* + * We assume we're listening on all local interfaces and have only + * specified a port. + */ + if (!accept_all_ip) + return 0; + ptr = address; + goto determine_port; + } + if ((ptr - address) > 255) + return 0; + memset(buf, 0, 256); + memcpy(buf, address, ptr - address); + ptr++; + if ((lookup = gethostbyname(buf)) == NULL) { + /* + * Spit a message to differentiate between lookup failures and bad + * strings. + */ + fprintf(stderr, "hostname lookup for '%s' failed\n", buf); + return 0; + } + ip = lookup->h_addr_list[0]; + determine_port: + if (strlen(ptr) < 1) + return 0; + if (!int_strtoul(ptr, &port) || (port > 65535)) + return 0; + *parsed_ip = ip; + *parsed_port = (unsigned short)port; + return 1; } int ip_create_listener(const char *address) { - const char *ip; - unsigned short port; + const char *ip; + unsigned short port; - if(!ip_parse_address(address, &ip, &port, 1)) - return -1; - return ip_create_listener_split(ip, port); + if (!ip_parse_address(address, &ip, &port, 1)) + return -1; + return ip_create_listener_split(ip, port); } int ip_create_connection(const char *address) { - const char *ip; - unsigned short port; + const char *ip; + unsigned short port; - if(!ip_parse_address(address, &ip, &port, 0)) - return -1; - return ip_create_connection_split(ip, port); + if (!ip_parse_address(address, &ip, &port, 0)) + return -1; + return ip_create_connection_split(ip, port); } int ip_accept_connection(int listen_fd) { - return accept(listen_fd, NULL, NULL); + return accept(listen_fd, NULL, NULL); } -#endif /* !defined(NO_IP) */ - +#endif /* !defined(NO_IP) */ diff --git a/demos/tunala/sm.c b/demos/tunala/sm.c index 25359e67ef..5658dfff2d 100644 --- a/demos/tunala/sm.c +++ b/demos/tunala/sm.c @@ -2,150 +2,163 @@ #ifndef NO_TUNALA -void state_machine_init(state_machine_t *machine) +voi |