diff options
Diffstat (limited to 'demos')
| -rw-r--r-- | demos/tunala/.cvsignore | 4 | ||||
| -rw-r--r-- | demos/tunala/A-client.pem | 84 | ||||
| -rw-r--r-- | demos/tunala/A-server.pem | 84 | ||||
| -rw-r--r-- | demos/tunala/CA.pem | 24 | ||||
| -rw-r--r-- | demos/tunala/INSTALL | 107 | ||||
| -rw-r--r-- | demos/tunala/Makefile | 41 | ||||
| -rw-r--r-- | demos/tunala/Makefile.am | 7 | ||||
| -rw-r--r-- | demos/tunala/README | 233 | ||||
| -rwxr-xr-x | demos/tunala/autogunk.sh | 25 | ||||
| -rwxr-xr-x | demos/tunala/autoungunk.sh | 19 | ||||
| -rw-r--r-- | demos/tunala/breakage.c | 66 | ||||
| -rw-r--r-- | demos/tunala/buffer.c | 205 | ||||
| -rw-r--r-- | demos/tunala/cb.c | 162 | ||||
| -rw-r--r-- | demos/tunala/configure.in | 29 | ||||
| -rw-r--r-- | demos/tunala/ip.c | 146 | ||||
| -rw-r--r-- | demos/tunala/sm.c | 151 | ||||
| -rwxr-xr-x | demos/tunala/test.sh | 107 | ||||
| -rw-r--r-- | demos/tunala/tunala.c | 1109 | ||||
| -rw-r--r-- | demos/tunala/tunala.h | 215 |
19 files changed, 0 insertions, 2818 deletions
diff --git a/demos/tunala/.cvsignore b/demos/tunala/.cvsignore deleted file mode 100644 index f9eca981d2..0000000000 --- a/demos/tunala/.cvsignore +++ /dev/null @@ -1,4 +0,0 @@ -tunala - -*.flc -semantic.cache diff --git a/demos/tunala/A-client.pem b/demos/tunala/A-client.pem deleted file mode 100644 index a4caf6ef8a..0000000000 --- a/demos/tunala/A-client.pem +++ /dev/null @@ -1,84 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain - Validity - Not Before: Jan 16 05:19:30 2002 GMT - Not After : Jan 14 05:19:30 2012 GMT - Subject: C=NZ, L=Auckland, O=Mordor, OU=SSL grunt things, CN=tunala-client/Email=client@fake.domain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b0:d3:56:5c:c8:7f:fb:f4:95:9d:04:84:4f:82: - b7:a2:75:5c:81:48:8c:56:5d:52:ee:38:e1:5c:c8: - 9a:70:8e:72:f2:00:1c:17:ef:df:b7:06:59:82:04: - f1:f6:49:11:12:a6:4d:cb:1e:ed:ac:59:1c:4a:d0: - 3d:de:e6:f2:8d:cd:39:c2:0f:e0:46:2f:db:cb:9f: - 47:f7:56:e7:f8:16:5f:68:71:fb:3a:e3:ab:d2:e5: - 05:b7:da:65:61:fe:6d:30:e4:12:a8:b5:c1:71:24: - 6b:aa:80:05:41:17:a0:8b:6e:8b:e6:04:cf:85:7b: - 2a:ac:a1:79:7d:f4:96:6e:77 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - F8:43:CB:4F:4D:4F:BC:6E:52:1A:FD:F9:7B:E1:12:3F:A7:A3:BA:93 - X509v3 Authority Key Identifier: - keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17 - DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain - serial:00 - - Signature Algorithm: md5WithRSAEncryption - 8f:5f:0e:43:da:9d:61:43:7e:03:38:9a:e6:50:9d:42:e8:95: - 34:49:75:ec:04:8d:5c:85:99:94:70:a0:e7:1f:1e:a0:8b:0f: - d6:e2:cb:f7:35:d9:96:72:bd:a6:e9:8d:4e:b1:e2:ac:97:7f: - 2f:70:01:9d:aa:04:bc:d4:01:2b:63:77:a5:de:63:3c:a8:f5: - f2:72:af:ec:11:12:c0:d4:70:cf:71:a6:fb:e9:1d:b3:27:07: - aa:f2:b1:f3:87:d6:ab:8b:ce:c2:08:1b:3c:f9:ba:ff:77:71: - 86:09:ef:9e:4e:04:06:63:44:e9:93:20:90:c7:2d:50:c6:50: - f8:66 ------BEGIN CERTIFICATE----- -MIID9TCCA16gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox -EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp -YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy -dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3 -DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE5MzBaFw0xMjAxMTQw -NTE5MzBaMIGHMQswCQYDVQQGEwJOWjERMA8GA1UEBxMIQXVja2xhbmQxDzANBgNV -BAoTBk1vcmRvcjEZMBcGA1UECxMQU1NMIGdydW50IHRoaW5nczEWMBQGA1UEAxMN -dHVuYWxhLWNsaWVudDEhMB8GCSqGSIb3DQEJARYSY2xpZW50QGZha2UuZG9tYWlu -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw01ZcyH/79JWdBIRPgreidVyB -SIxWXVLuOOFcyJpwjnLyABwX79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnC -D+BGL9vLn0f3Vuf4Fl9ocfs646vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovm -BM+FeyqsoXl99JZudwIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglghkgBhvhC -AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPhD -y09NT7xuUhr9+XvhEj+no7qTMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6V -xCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3Rv -bjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBB -dXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQD -ExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9t -YWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAI9fDkPanWFDfgM4muZQnULolTRJdewE -jVyFmZRwoOcfHqCLD9biy/c12ZZyvabpjU6x4qyXfy9wAZ2qBLzUAStjd6XeYzyo -9fJyr+wREsDUcM9xpvvpHbMnB6rysfOH1quLzsIIGzz5uv93cYYJ755OBAZjROmT -IJDHLVDGUPhm ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQCw01ZcyH/79JWdBIRPgreidVyBSIxWXVLuOOFcyJpwjnLyABwX -79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnCD+BGL9vLn0f3Vuf4Fl9ocfs6 -46vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovmBM+FeyqsoXl99JZudwIDAQAB -AoGAU4chbqbPvkclPYzaq2yGLlneHrwUft+KwzlfS6L/QVgo+CQRIUWQmjaHpaGM -YtjVFcg1S1QK1bUqZjTEZT0XKhfbYmqW8yYTfbcDEbnY7esoYlvIlW8qRlPRlTBE -utKrtZafmVhLgoNawYGD0aLZofPqpYjbGUlrC7nrem2vNJECQQDVLD3Qb+OlEMET -73ApnJhYsK3e+G2LTrtjrS8y5zS4+Xv61XUqvdV7ogzRl0tpvSAmMOItVyoYadkB -S3xSIWX9AkEA1Fm1FhkQSZwGG5rf4c6gMN71jJ6JE3/kocdVa0sUjRevIupo4XQ2 -Vkykxi84MRP8cfHqyjewq7Ozv3op2MGWgwJBAKemsb66IJjzAkaBav7u70nhOf0/ -+Dc1Zl7QF2y7NVW8sGrnccx5m+ot2lMD4AV6/kvK6jaqdKrapBZGnbGiHqkCQQDI -T1r33mqz1R8Z2S2Jtzz6/McKf930a/dC+GLGVEutkILf39lRmytKmv/wB0jtWtoO -rlJ5sLDSNzC+1cE1u997AkEAu3IrtGmLKiuS6kDj6W47m+iiTIsuSJtTJb1SbUaK -fIoBNFxbvJYW6rUU9+PxpMRaEhzh5s24/jBOE+mlb17mRQ== ------END RSA PRIVATE KEY----- diff --git a/demos/tunala/A-server.pem b/demos/tunala/A-server.pem deleted file mode 100644 index e9f37b1895..0000000000 --- a/demos/tunala/A-server.pem +++ /dev/null @@ -1,84 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain - Validity - Not Before: Jan 16 05:14:06 2002 GMT - Not After : Jan 14 05:14:06 2012 GMT - Subject: C=NZ, L=Wellington, O=Middle Earth, OU=SSL dev things, CN=tunala-server/Email=server@fake.domain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:a9:3e:62:87:97:13:6b:de:8f:bc:1d:0a:3f:65: - 0c:f9:76:a3:53:ce:97:30:27:0d:c6:df:72:1f:8d: - 5a:ce:58:23:6a:65:e5:e3:72:1a:8d:7f:fe:90:01: - ea:42:f1:9f:6e:7b:0a:bd:eb:52:15:7b:f4:3d:9c: - 4e:db:74:29:2b:d1:81:9d:b9:9e:18:2b:87:e1:da: - 50:20:3c:59:6c:c9:83:3e:2c:11:0b:78:1e:03:f4: - 56:3a:db:95:6a:75:33:85:a9:7b:cc:3c:4a:67:96: - f2:24:b2:a0:cb:2e:cc:52:18:16:6f:44:d9:29:64: - 07:2e:fb:56:cc:7c:dc:a2:d7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 70:AC:7A:B5:6E:97:C2:82:AF:11:9E:32:CB:8D:48:49:93:B7:DC:22 - X509v3 Authority Key Identifier: - keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17 - DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain - serial:00 - - Signature Algorithm: md5WithRSAEncryption - 2e:cb:a3:cd:6d:a8:9d:d1:dc:e5:f0:e0:27:7e:4b:5a:90:a8: - 85:43:f0:05:f7:04:43:d7:5f:d1:a5:8f:5c:58:eb:fc:da:c6: - 7c:e0:0b:2b:98:72:95:f6:79:48:96:7a:fa:0c:6b:09:ec:c6: - 8c:91:74:45:9f:8f:0f:16:78:e3:66:14:fa:1e:f4:f0:23:ec: - cd:a9:52:77:20:4d:c5:05:2c:52:b6:7b:f3:42:33:fd:90:1f: - 3e:88:6f:9b:23:61:c8:80:3b:e6:57:84:2e:f7:26:c7:35:ed: - 00:8b:08:30:9b:aa:21:83:b6:6d:b8:7c:8a:9b:2a:ef:79:3d: - 96:31 ------BEGIN CERTIFICATE----- -MIID+zCCA2SgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox -EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp -YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy -dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3 -DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE0MDZaFw0xMjAxMTQw -NTE0MDZaMIGNMQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjEVMBMG -A1UEChMMTWlkZGxlIEVhcnRoMRcwFQYDVQQLEw5TU0wgZGV2IHRoaW5nczEWMBQG -A1UEAxMNdHVuYWxhLXNlcnZlcjEhMB8GCSqGSIb3DQEJARYSc2VydmVyQGZha2Uu -ZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpPmKHlxNr3o+8HQo/ -ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXjchqNf/6QAepC8Z9uewq961IVe/Q9nE7b -dCkr0YGduZ4YK4fh2lAgPFlsyYM+LBELeB4D9FY625VqdTOFqXvMPEpnlvIksqDL -LsxSGBZvRNkpZAcu+1bMfNyi1wIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglg -hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O -BBYEFHCserVul8KCrxGeMsuNSEmTt9wiMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzh -RaHTCJ6VxCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2Vs -bGluZ3RvbjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNh -dGlvbiBBdXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkw -FwYDVQQDExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZh -a2UuZG9tYWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAC7Lo81tqJ3R3OXw4Cd+S1qQ -qIVD8AX3BEPXX9Glj1xY6/zaxnzgCyuYcpX2eUiWevoMawnsxoyRdEWfjw8WeONm -FPoe9PAj7M2pUncgTcUFLFK2e/NCM/2QHz6Ib5sjYciAO+ZXhC73Jsc17QCLCDCb -qiGDtm24fIqbKu95PZYx ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCpPmKHlxNr3o+8HQo/ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXj -chqNf/6QAepC8Z9uewq961IVe/Q9nE7bdCkr0YGduZ4YK4fh2lAgPFlsyYM+LBEL -eB4D9FY625VqdTOFqXvMPEpnlvIksqDLLsxSGBZvRNkpZAcu+1bMfNyi1wIDAQAB -AoGANCwqHZhiAU/TyW6+WPqivEhpYw19p/dyFMuPF9DwnEmpaUROUQY8z0AUznn4 -qHhp6Jn/nrprTHowucl0ucweYIYVxZoUiUDFpxdFUbzMdFvo6HcyV1Pe4Rt81HaY -KYWrTZ6PaPtN65hLms8NhPEdGcGAFlY1owYv4QNGq2bU1JECQQDd32LM0NSfyGmK -4ziajqGcvzK9NO2XyV/nJsGlJZNgMh2zm1t7yR28l/6Q2uyU49cCN+2aYULZCAfs -taNvxBspAkEAw0alNub+xj2AVQvaxOB1sGfKzsJjHCzKIxUXn/tJi3j0+2asmkBZ -Umx1MWr9jKQBnCMciCRUbnMEZiElOxCN/wJAfAeQl6Z19gx206lJzzzEo3dOye54 -k02DSxijT8q9pBzf9bN3ZK987BybtiZr8p+bZiYVsSOF1wViSLURdD1QYQJAIaMU -qH1n24wShBPTrmAfxbBLTgxL+Dl65Eoo1KT7iSvfv0JzbuqwuDL4iPeuD0DdCiE+ -M/FWHeRwGIuTFzaFzwJBANKwx0jZS/h093w9g0Clw6UzeA1P5VcAt9y+qMC9hO3c -4KXwIxQAt9yRaFLpiIR9do5bjjKNnMguf3aO/XRSDQM= ------END RSA PRIVATE KEY----- diff --git a/demos/tunala/CA.pem b/demos/tunala/CA.pem deleted file mode 100644 index 7a55b5463e..0000000000 --- a/demos/tunala/CA.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID9zCCA2CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox -EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp -YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy -dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3 -DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTA5NTlaFw0xMjAxMTQw -NTA5NTlaMIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoG -A1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3Jp -dHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNr -b3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluMIGf -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7QdDfFIrJn3X24hKmpkyk3TG0Ivxd -K2wWmDPXq1wjr8lUTwrA6hM5Ba9N36jLieWpXhviLOWu9DBza5GmtgCuXloATKTC -94xOdKHlciTVujG3wDlLDB5e710Kar84nnj6VueL1RyZ0bmP5PANa4mbGW9Tqc7J -CkBTTW2y9d0SgQIDAQABo4IBFTCCAREwHQYDVR0OBBYEFEn7RXISxMzhRaHTCJ6V -xCxtVT8XMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6VxCxtVT8XoYG6pIG3 -MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoGA1UEChMz -UmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3JpdHkgKFJJ -QUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNrb3YgYWwt -VHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluggEAMAwGA1Ud -EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYQo95V/NY+eKxYxkhibZiUQygph+ -gTfgbDG20MsnH6+8//w5ArHauFCgDrf0P2VyACgq+N4pBTWFGaAaLwbjKy9HCe2E -j9C91tO1CqDS4MJkDB5AP13FTkK6fP1ZCiTQranOAp3DlGWTTWsFVyW5kVfQ9diS -ZOyJZ9Fit5XM2X0= ------END CERTIFICATE----- diff --git a/demos/tunala/INSTALL b/demos/tunala/INSTALL deleted file mode 100644 index a65bbeb8d1..0000000000 --- a/demos/tunala/INSTALL +++ /dev/null @@ -1,107 +0,0 @@ -There are two ways to build this code; - -(1) Manually - -(2) Using all-singing all-dancing (all-confusing) autotools, ie. autoconf, -automake, and their little friends (autoheader, etc). - -================= -Building Manually -================= - -There is a basic "Makefile" in this directory that gets moved out of the way and -ignored when building with autoconf et al. This Makefile is suitable for -building tunala on Linux using gcc. Any other platform probably requires some -tweaking. Here are the various bits you might need to do if you want to build -this way and the default Makefile isn't sufficient; - -* Compiler: Edit the "CC" definition in Makefile - -* Headers, features: tunala.h controls what happens in the non-autoconf world. - It, by default, assumes the system has *everything* (except autoconf's - "config.h") so if a target system is missing something it must define the - appropriate "NO_***" symbols in CFLAGS. These include; - - - NO_HAVE_UNISTD_H, NO_HAVE_FCNTL_H, NO_HAVE_LIMITS_H - Indicates the compiling system doesn't have (or need) these header files. - - NO_HAVE_STRSTR, NO_HAVE_STRTOUL - Indicates the compiling system doesn't have these functions. Replacements - are compiled and used in breakage.c - - NO_HAVE_SELECT, NO_HAVE_SOCKET - Pointless symbols - these indicate select() and/or socket() are missing in - which case the program won't compile anyway. - - If you want to specify any of these, add them with "-D" prefixed to each in - the CFLAGS definition in Makefile. - -* Compilation flags: edit DEBUG_FLAGS and/or CFLAGS directly to control the - flags passed to the compiler. This can also be used to change the degree of - optimisation. - -* Linker flags: some systems (eg. Solaris) require extra linker flags such as; - -ldl, -lsocket, -lnsl, etc. If unsure, bring up the man page for whichever - function is "undefined" when the linker fails - that usually indicates what - you need to add. Make changes to the LINK_FLAGS symbol. - -* Linker command: if a different linker syntax or even a different program is - required to link, edit the linker line directly in the "tunala:" target - definition - it currently assumes the "CC" (compiler) program is used to link. - -====================== -Building Automagically -====================== - -Automagic building is handled courtesy of autoconf, automake, etc. There are in -fact two steps required to build, and only the first has to be done on a system -with these tools installed (and if I was prepared to bloat out the CVS -repository, I could store these extra files, but I'm not). - -First step: "autogunk.sh" -------------------------- - -The "./autogunk.sh" script will call all the necessary autotool commands to -create missing files and run automake and autoconf. The result is that a -"./configure" script should be generated and a "Makefile.in" generated from the -supplied "Makefile.am". NB: This script also moves the "manual" Makefile (see -above) out of the way and calls it "Makefile.plain" - the "ungunk" script -reverses this to leave the directory it was previously. - -Once "ungunk" has been run, the resulting directory should be able to build on -other systems without autoconf, automake, or libtool. Which is what the second -step describes; - -Second step: "./configure" --------------------------- - -The second step is to run the generated "./configure" script to create a -config.h header for your system and to generate a "Makefile" (generated from -"Makefile.in") tweaked to compile on your system. This is the standard sort of -thing you see in GNU packages, for example, and the standard tricks also work. -Eg. to override "configure"'s choice of compiler, set the CC environment -variable prior to running configure, eg. - - CC=gcc ./configure - -would cause "gcc" to be used even if there is an otherwise preferable (to -autoconf) native compiler on your system. - -After this run "make" and it should build the "tunala" executable. - -Notes ------ - -- Some versions of autoconf (or automake?) generate a Makefile syntax that gives - trouble to some "make" programs on some systems (eg. OpenBSD). If this - happens, either build 'Manually' (see above) or use "gmake" instead of "make". - I don't like this either but like even less the idea of sifting into all the - script magic crud that's involved. - -- On a solaris system I tried, the "configure" script specified some broken - compiler flags in the resulting Makefile that don't even get echoed to - stdout/err when the error happens (evil!). If this happens, go into the - generated Makefile, find the two affected targets ("%.o:" and "%.lo"), and - remove the offending hidden option in the $(COMPILE) line all the sludge after - the two first lines of script (ie. after the "echo" and the "COMPILE" lines). - NB: This will probably only function if "--disable-shared" was used, otherwise - who knows what would result ... - diff --git a/demos/tunala/Makefile b/demos/tunala/Makefile deleted file mode 100644 index bef1704a3c..0000000000 --- a/demos/tunala/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -# Edit these to suit -# -# Oh yeah, and please read the README too. - - -SSL_HOMEDIR=../.. -SSL_INCLUDEDIR=$(SSL_HOMEDIR)/include -SSL_LIBDIR=$(SSL_HOMEDIR) - -RM=rm -f -CC=gcc -DEBUG_FLAGS=-g -ggdb3 -Wall -Wshadow -INCLUDE_FLAGS=-I$(SSL_INCLUDEDIR) -CFLAGS=$(DEBUG_FLAGS) $(INCLUDE_FLAGS) -DNO_CONFIG_H -COMPILE=$(CC) $(CFLAGS) -c - -# Edit, particularly the "-ldl" if not building with "dlfcn" support -LINK_FLAGS=-L$(SSL_LIBDIR) -lssl -lcrypto -ldl - -SRCS=buffer.c cb.c ip.c sm.c tunala.c breakage.c -OBJS=buffer.o cb.o ip.o sm.o tunala.o breakage.o - -TARGETS=tunala - -default: $(TARGETS) - -clean: - $(RM) $(OBJS) $(TARGETS) *.bak core - -.c.o: - $(COMPILE) $< - -tunala: $(OBJS) - $(CC) -o tunala $(OBJS) $(LINK_FLAGS) - -# Extra dependencies, should really use makedepend -buffer.o: buffer.c tunala.h -cb.o: cb.c tunala.h -ip.o: ip.c tunala.h -sm.o: sm.c tunala.h -tunala.o: tunala.c tunala.h diff --git a/demos/tunala/Makefile.am b/demos/tunala/Makefile.am deleted file mode 100644 index 706c7806c9..0000000000 --- a/demos/tunala/Makefile.am +++ /dev/null @@ -1,7 +0,0 @@ -# Our includes come from the OpenSSL build-tree we're in -INCLUDES = -I$(top_builddir)/../../include - -bin_PROGRAMS = tunala - -tunala_SOURCES = tunala.c buffer.c cb.c ip.c sm.c breakage.c -tunala_LDADD = -L$(top_builddir)/../.. -lssl -lcrypto diff --git a/demos/tunala/README b/demos/tunala/README deleted file mode 100644 index 15690088f3..0000000000 --- a/demos/tunala/README +++ /dev/null @@ -1,233 +0,0 @@ -This is intended to be an example of a state-machine driven SSL application. It -acts as an SSL tunneler (functioning as either the server or client half, -depending on command-line arguments). *PLEASE* read the comments in tunala.h -before you treat this stuff as anything more than a curiosity - YOU HAVE BEEN -WARNED!! There, that's the draconian bit out of the way ... - - -Why "tunala"?? --------------- - -I thought I asked you to read tunala.h?? :-) - - -Show me -------- - -If you want to simply see it running, skip to the end and see some example -command-line arguments to demonstrate with. - - -Where to look and what to do? ------------------------------ - -The code is split up roughly coinciding with the detaching of an "abstract" SSL -state machine (which is the purpose of all this) and its surrounding application -specifics. This is primarily to make it possible for me to know when I could cut -corners and when I needed to be rigorous (or at least maintain the pretense as -such :-). - -Network stuff: - -Basically, the network part of all this is what is supposed to be abstracted out -of the way. The intention is to illustrate one way to stick OpenSSL's mechanisms -inside a little memory-driven sandbox and operate it like a pure state-machine. -So, the network code is inside both ip.c (general utility functions and gory -IPv4 details) and tunala.c itself, which takes care of application specifics -like the main select() loop. The connectivity between the specifics of this -application (TCP/IP tunneling and the associated network code) and the -underlying abstract SSL state machine stuff is through the use of the "buffer_t" -type, declared in tunala.h and implemented in buffer.c. - -State machine: - -Which leaves us, generally speaking, with the abstract "state machine" code left -over and this is sitting inside sm.c, with declarations inside tunala.h. As can -be seen by the definition of the state_machine_t structure and the associated -functions to manipulate it, there are the 3 OpenSSL "handles" plus 4 buffer_t -structures dealing with IO on both the encrypted and unencrypted sides ("dirty" -and "clean" respectively). The "SSL" handle is what facilitates the reading and -writing of the unencrypted (tunneled) data. The two "BIO" handles act as the -read and write channels for encrypted tunnel traffic - in other applications -these are often socket BIOs so that the OpenSSL framework operates with the -network layer directly. In this example, those two BIOs are memory BIOs -(BIO_s_mem()) so that the sending and receiving of the tunnel traffic stays -within the state-machine, and we can handle where this gets send to (or read -from) ourselves. - - -Why? ----- - -If you take a look at the "state_machine_t" section of tunala.h and the code in -sm.c, you will notice that nothing related to the concept of 'transport' is -involved. The binding to TCP/IP networking occurs in tunala.c, specifically -within the "tunala_item_t" structure that associates a state_machine_t object -with 4 file-descriptors. The way to best see where the bridge between the -outside world (TCP/IP reads, writes, select()s, file-descriptors, etc) and the -state machine is, is to examine the "tunala_item_io()" function in tunala.c. -This is currently around lines 641-732 but of course could be subject to change. - - -And...? -------- - -Well, although that function is around 90 lines of code, it could easily have -been a lot less only I was trying to address an easily missed "gotcha" (item (2) -below). The main() code that drives the select/accept/IO loop initialises new -tunala_item_t structures when connections arrive, and works out which -file-descriptors go where depending on whether we're an SSL client or server -(client --> accepted connection is clean and proxied is dirty, server --> -accepted connection is dirty and proxied is clean). What that tunala_item_io() -function is attempting to do is 2 things; - - (1) Perform all reads and writes on the network directly into the - state_machine_t's buffers (based on a previous select() result), and only - then allow the abstact state_machine_t to "churn()" using those buffers. - This will cause the SSL machine to consume as much input data from the two - "IN" buffers as possible, and generate as much output data into the two - "OUT" buffers as possible. Back up in the main() function, the next main - loop loop will examine these output buffers and select() for writability - on the corresponding sockets if the buffers are non-empty. - - (2) Handle the complicated tunneling-specific issue of cascading "close"s. - This is the reason for most of the complexity in the logic - if one side - of the tunnel is closed, you can't simply close the other side and throw - away the whole thing - (a) there may still be outgoing data on the other - side of the tunnel that hasn't been sent yet, (b) the close (or things - happening during the close) may cause more data to be generated that needs - sending on the other side. Of course, this logic is complicated yet futher - by the fact that it's different depending on which side closes first :-) - state_machine_close_clean() will indicate to the state machine that the - unencrypted side of the tunnel has closed, so any existing outgoing data - needs to be flushed, and the SSL stream needs to be closed down using the - appropriate shutdown sequence. state_machine_close_dirty() is simpler - because it indicates that the SSL stream has been disconnected, so all - that remains before closing the other side is to flush out anything that - remains and wait for it to all be sent. - -Anyway, with those things in mind, the code should be a little easier to follow -in terms of "what is *this* bit supposed to achieve??!!". - - -How might this help? --------------------- - -Well, the reason I wrote this is that there seemed to be rather a flood of -questions of late on the openssl-dev and openssl-users lists about getting this -whole IO logic thing sorted out, particularly by those who were trying to either -use non-blocking IO, or wanted SSL in an environment where "something else" was -handling the network already and they needed to operate in memory only. This -code is loosely based on some other stuff I've been working on, although that -stuff is far more complete, far more dependant on a whole slew of other -network/framework code I don't want to incorporate here, and far harder to look -at for 5 minutes and follow where everything is going. I will be trying over -time to suck in a few things from that into this demo in the hopes it might be -more useful, and maybe to even make this demo usable as a utility of its own. -Possible things include: - - * controlling multiple processes/threads - this can be used to combat - latencies and get passed file-descriptor limits on some systems, and it uses - a "controller" process/thread that maintains IPC links with the - processes/threads doing the real work. - - * cert verification rules - having some say over which certs get in or out :-) - - * control over SSL protocols and cipher suites - - * A few other things you can already do in s_client and s_server :-) - - * Support (and control over) session resuming, particularly when functioning - as an SSL client. - -If you have a particular environment where this model might work to let you "do -SSL" without having OpenSSL be aware of the transport, then you should find you -could use the state_machine_t structure (or your own variant thereof) and hook -it up to your transport stuff in much the way tunala.c matches it up with those -4 file-descriptors. The state_machine_churn(), state_machine_close_clean(), and -state_machine_close_dirty() functions are the main things to understand - after -that's done, you just have to ensure you're feeding and bleeding the 4 -state_machine buffers in a logical fashion. This state_machine loop handles not -only handshakes and normal streaming, but also renegotiates - there's no special -handling required beyond keeping an eye on those 4 buffers and keeping them in -sync with your outer "loop" logic. Ie. if one of the OUT buffers is not empty, -you need to find an opportunity to try and forward its data on. If one of the IN -buffers is not full, you should keep an eye out for data arriving that should be -placed there. - -This approach could hopefully also allow you to run the SSL protocol in very -different environments. As an example, you could support encrypted event-driven -IPC where threads/processes pass messages to each other inside an SSL layer; -each IPC-message's payload would be in fact the "dirty" content, and the "clean" -payload coming out of the tunnel at each end would be the real intended message. -Likewise, this could *easily* be made to work across unix domain sockets, or -even entirely different network/comms protocols. - -This is also a quick and easy way to do VPN if you (and the remote network's -gateway) support virtual network devices that are encapsulted in a single -network connection, perhaps PPP going through an SSL tunnel? - - -Suggestions ------------ - -Please let me know if you find this useful, or if there's anything wrong or -simply too confusing about it. Patches are also welcome, but please attach a -description of what it changes and why, and "diff -urN" format is preferred. -Mail to geoff@openssl.org should do the trick. - - -Example -------- - -Here is an example of how to use "tunala" ... - -First, it's assumed that OpenSSL has already built, and that you are building -inside the ./demos/tunala/ directory. If not - please correct the paths and -flags inside the Makefile. Likewise, if you want to tweak the building, it's -best to try and do so in the makefile (eg. removing the debug flags and adding -optimisation flags). - -Secondly, this code has mostly only been tested on Linux. However, some -autoconf/etc support has been added and the code has been compiled on openbsd -and solaris using that. - -Thirdly, if you are Win32, you probably need to do some *major* rewriting of -ip.c to stand a hope in hell. Good luck, and please mail me the diff if you do -this, otherwise I will take a look at another time. It can certainly be done, -but it's very non-POSIXy. - -See the INSTALL document for details on building. - -Now, if you don't have an executable "tunala" compiled, go back to "First,...". -Rinse and repeat. - -Inside one console, try typing; - -(i) ./tunala -listen localhost:8080 -proxy localhost:8081 -cacert CA.pem \ - -cert A-client.pem -out_totals -v_peer -v_strict - -In another console, type; - -(ii) ./tunala -listen localhost:8081 -proxy localhost:23 -cacert CA.pem \ - -cert A-server.pem -server 1 -out_totals -v_peer -v_strict - -Now if you open another console and "telnet localhost 8080", you should be -tunneled through to the telnet service on your local machine (if it's running - -you could change it to port "22" and tunnel ssh instead if you so desired). When -you logout of the telnet session, the tunnel should cleanly shutdown and show -you some traffic stats in both consoles. Feel free to experiment. :-) - -Notes: - - - the format for the "-listen" argument can skip the host part (eg. "-listen - 8080" is fine). If you do, the listening socket will listen on all interfaces - so you can connect from other machines for example. Using the "localhost" - form listens only on 127.0.0.1 so you can only connect locally (unless, of - course, you've set up weird stuff with your networking in which case probably - none of the above applies). - - - ./tunala -? gives you a list of other command-line options, but tunala.c is - also a good place to look :-) - - diff --git a/demos/tunala/autogunk.sh b/demos/tunala/autogunk.sh deleted file mode 100755 index c9783c6261..0000000000 --- a/demos/tunala/autogunk.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh - -# This script tries to follow the "GNU way" w.r.t. the autobits. -# This does of course generate a number of irritating files. -# Try to get over it (I am getting there myself). - -# This should generate any missing crud, and then run autoconf which should turn -# configure.in into a "./configure" script and "Makefile.am" into a -# "Makefile.in". Then running "./configure" should turn "Makefile.in" into -# "Makefile" and should generate the config.h containing your systems various -# settings. I know ... what a hassle ... - -# Also, sometimes these autobits things generate bizarre output (looking like -# errors). So I direct everything "elsewhere" ... - -(aclocal -autoheader -libtoolize --copy --force -automake --foreign --add-missing --copy -autoconf) 1> /dev/null 2>&1 - -# Move the "no-autotools" Makefile out of the way -if test ! -f Makefile.plain; then - mv Makefile Makefile.plain -fi diff --git a/demos/tunala/autoungunk.sh b/demos/tunala/autoungunk.sh deleted file mode 100755 index 21790880d7..0000000000 --- a/demos/tunala/autoungunk.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -# This script tries to clean up as much as is possible from whatever diabolical -# mess has been left in the directory thanks to autoconf, automake, and their -# friends. - -if test -f Makefile.plain; then - if test -f Makefile; then - make distclean - fi - mv Makefile.plain Makefile -else - make clean -fi - -rm -f aclocal.m4 config.* configure install-sh \ - missing mkinstalldirs stamp-h.* Makefile.in \ - ltconfig ltmain.sh depcomp -rm -rf autom4te.cache diff --git a/demos/tunala/breakage.c b/demos/tunala/breakage.c deleted file mode 100644 index dcdd64b0ef..0000000000 --- a/demos/tunala/breakage.c +++ /dev/null @@ -1,66 +0,0 @@ -#include "tunala.h" - -int int_strtoul(const char *str, unsigned long *val) -{ -#ifdef HAVE_STRTOUL - char *tmp; - unsigned long ret = strtoul(str, &tmp, 10); - if((str == tmp) || (*tmp != '\0')) - /* The value didn't parse cleanly */ - return 0; - if(ret == ULONG_MAX) - /* We hit a limit */ - return 0; - *val = ret; - return 1; -#else - char buf[2]; - unsigned long ret = 0; - buf[1] = '\0'; - if(str == '\0') - /* An empty string ... */ - return 0; - while(*str != '\0') { - /* We have to multiply 'ret' by 10 before absorbing the next - * digit. If this will overflow, catch it now. */ - if(ret && (((ULONG_MAX + 10) / ret) &l |