1 #include "tunala.h"
2
3 #ifndef NO_TUNALA
4
state_machine_init(state_machine_t * machine)5 void state_machine_init(state_machine_t * machine)
6 {
7 machine->ssl = NULL;
8 machine->bio_intossl = machine->bio_fromssl = NULL;
9 buffer_init(&machine->clean_in);
10 buffer_init(&machine->clean_out);
11 buffer_init(&machine->dirty_in);
12 buffer_init(&machine->dirty_out);
13 }
14
state_machine_close(state_machine_t * machine)15 void state_machine_close(state_machine_t * machine)
16 {
17 if (machine->ssl)
18 SSL_free(machine->ssl);
19 /*
20 * SSL_free seems to decrement the reference counts already so doing this
21 * goes kaboom.
22 */
23 # if 0
24 if (machine->bio_intossl)
25 BIO_free(machine->bio_intossl);
26 if (machine->bio_fromssl)
27 BIO_free(machine->bio_fromssl);
28 # endif
29 buffer_close(&machine->clean_in);
30 buffer_close(&machine->clean_out);
31 buffer_close(&machine->dirty_in);
32 buffer_close(&machine->dirty_out);
33 state_machine_init(machine);
34 }
35
state_machine_get_buffer(state_machine_t * machine,sm_buffer_t type)36 buffer_t *state_machine_get_buffer(state_machine_t * machine,
37 sm_buffer_t type)
38 {
39 switch (type) {
40 case SM_CLEAN_IN:
41 return &machine->clean_in;
42 case SM_CLEAN_OUT:
43 return &machine->clean_out;
44 case SM_DIRTY_IN:
45 return &machine->dirty_in;
46 case SM_DIRTY_OUT:
47 return &machine->dirty_out;
48 default:
49 break;
50 }
51 /* Should never get here */
52 abort();
53 return NULL;
54 }
55
state_machine_get_SSL(state_machine_t * machine)56 SSL *state_machine_get_SSL(state_machine_t * machine)
57 {
58 return machine->ssl;
59 }
60
state_machine_set_SSL(state_machine_t * machine,SSL * ssl,int is_server)61 int state_machine_set_SSL(state_machine_t * machine, SSL *ssl, int is_server)
62 {
63 if (machine->ssl)
64 /* Shouldn't ever be set twice */
65 abort();
66 machine->ssl = ssl;
67 /* Create the BIOs to handle the dirty side of the SSL */
68 if ((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
69 abort();
70 if ((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
71 abort();
72 /* Hook up the BIOs on the dirty side of the SSL */
73 SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
74 if (is_server)
75 SSL_set_accept_state(machine->ssl);
76 else
77 SSL_set_connect_state(machine->ssl);
78 /*
79 * If we're the first one to generate traffic - do it now otherwise we go
80 * into the next select empty-handed and our peer will not send data but
81 * will similarly wait for us.
82 */
83 return state_machine_churn(machine);
84 }
85
86 /* Performs the data-IO loop and returns zero if the machine should close */
state_machine_churn(state_machine_t * machine)87 int state_machine_churn(state_machine_t * machine)
88 {
89 unsigned int loop;
90 if (machine->ssl == NULL) {
91 if (buffer_empty(&machine->clean_out))
92 /* Time to close this state-machine altogether */
93 return 0;
94 else
95 /* Still buffered data on the clean side to go out */
96 return 1;
97 }
98 /*
99 * Do this loop twice to cover any dependencies about which precise order
100 * of reads and writes is required.
101 */
102 for (loop = 0; loop < 2; loop++) {
103 buffer_to_SSL(&machine->clean_in, machine->ssl);
104 buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
105 buffer_from_SSL(&machine->clean_out, machine->ssl);
106 buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
107 }
108 /*
109 * We close on the SSL side if the info callback noticed some problems or
110 * an SSL shutdown was underway and shutdown traffic had all been sent.
111 */
112 if (SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&
113 buffer_empty(&machine->dirty_out)))
114 {
115 /* Great, we can seal off the dirty side completely */
116 if (!state_machine_close_dirty(machine))
117 return 0;
118 }
119 /*
120 * Either the SSL is alive and well, or the closing process still has
121 * outgoing data waiting to be sent
122 */
123 return 1;
124 }
125
126 /* Called when the clean side of the SSL has lost its connection */
state_machine_close_clean(state_machine_t * machine)127 int state_machine_close_clean(state_machine_t * machine)
128 {
129 /*
130 * Well, first thing to do is null out the clean-side buffers - they're
131 * no use any more.
132 */
133 buffer_close(&machine->clean_in);
134 buffer_close(&machine->clean_out);
135 /* And start an SSL shutdown */
136 if (machine->ssl)
137 SSL_shutdown(machine->ssl);
138 /* This is an "event", so flush the SSL of any generated traffic */
139 state_machine_churn(machine);
140 if (buffer_empty(&machine->dirty_in) && buffer_empty(&machine->dirty_out))
141 return 0;
142 return 1;
143 }
144
145 /*
146 * Called when the dirty side of the SSL has lost its connection. This is
147 * pretty terminal as all that can be left to do is send any buffered output
148 * on the clean side - after that, we're done.
149 */
state_machine_close_dirty(state_machine_t * machine)150 int state_machine_close_dirty(state_machine_t * machine)
151 {
152 buffer_close(&machine->dirty_in);
153 buffer_close(&machine->dirty_out);
154 buffer_close(&machine->clean_in);
155 if (machine->ssl)
156 SSL_free(machine->ssl);
157 machine->ssl = NULL;
158 machine->bio_intossl = machine->bio_fromssl = NULL;
159 if (buffer_empty(&machine->clean_out))
160 return 0;
161 return 1;
162 }
163
164 #endif /* !defined(NO_TUNALA) */
165