--- /dev/null
+#include "tunala.h"
+
+#ifndef NO_TUNALA
+
+void state_machine_init(state_machine_t *machine)
+{
+ machine->ssl = NULL;
+ machine->bio_intossl = machine->bio_fromssl = NULL;
+ buffer_init(&machine->clean_in);
+ buffer_init(&machine->clean_out);
+ buffer_init(&machine->dirty_in);
+ buffer_init(&machine->dirty_out);
+}
+
+void state_machine_close(state_machine_t *machine)
+{
+ if(machine->ssl)
+ SSL_free(machine->ssl);
+/* SSL_free seems to decrement the reference counts already so doing this goes
+ * kaboom. */
+#if 0
+ if(machine->bio_intossl)
+ BIO_free(machine->bio_intossl);
+ if(machine->bio_fromssl)
+ BIO_free(machine->bio_fromssl);
+#endif
+ buffer_close(&machine->clean_in);
+ buffer_close(&machine->clean_out);
+ buffer_close(&machine->dirty_in);
+ buffer_close(&machine->dirty_out);
+ state_machine_init(machine);
+}
+
+buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type)
+{
+ switch(type) {
+ case SM_CLEAN_IN:
+ return &machine->clean_in;
+ case SM_CLEAN_OUT:
+ return &machine->clean_out;
+ case SM_DIRTY_IN:
+ return &machine->dirty_in;
+ case SM_DIRTY_OUT:
+ return &machine->dirty_out;
+ default:
+ break;
+ }
+ /* Should never get here */
+ abort();
+ return NULL;
+}
+
+SSL *state_machine_get_SSL(state_machine_t *machine)
+{
+ return machine->ssl;
+}
+
+void state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server)
+{
+ if(machine->ssl)
+ /* Shouldn't ever be set twice */
+ abort();
+ machine->ssl = ssl;
+ /* Create the BIOs to handle the dirty side of the SSL */
+ if((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
+ abort();
+ if((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
+ abort();
+ /* Hook up the BIOs on the dirty side of the SSL */
+ SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
+ if(is_server)
+ SSL_set_accept_state(machine->ssl);
+ else
+ SSL_set_connect_state(machine->ssl);
+ /* If we're the first one to generate traffic - do it now otherwise we
+ * go into the next select empty-handed and our peer will not send data
+ * but will similarly wait for us. */
+ state_machine_churn(machine);
+}
+
+/* Performs the data-IO loop and returns zero if the machine should close */
+int state_machine_churn(state_machine_t *machine)
+{
+ unsigned int loop;
+ /* Do this loop twice to cover any dependencies about which precise
+ * order of reads and writes is required. */
+ for(loop = 0; loop < 2; loop++) {
+ buffer_to_SSL(&machine->clean_in, machine->ssl);
+ buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
+ buffer_from_SSL(&machine->clean_out, machine->ssl);
+ buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
+ }
+ if(machine->ssl == NULL) {
+ if(buffer_empty(&machine->clean_out))
+ /* Time to close this state-machine altogether */
+ return 0;
+ else
+ /* Still buffered data on the clean side to go out */
+ return 1;
+ }
+ if(SSL_get_shutdown(machine->ssl)) {
+ /* An SSL shutdown was underway */
+ if(buffer_empty(&machine->dirty_out)) {
+ /* Great, we can seal off the dirty side completely */
+ if(!state_machine_close_dirty(machine))
+ return 0;
+ }
+ }
+ /* Either the SSL is alive and well, or the closing process still has
+ * outgoing data waiting to be sent */
+ return 1;
+}
+
+/* Called when the clean side of the SSL has lost its connection */
+int state_machine_close_clean(state_machine_t *machine)
+{
+ /* Well, first thing to do is null out the clean-side buffers - they're
+ * no use any more. */
+ buffer_close(&machine->clean_in);
+ buffer_close(&machine->clean_out);
+ /* And start an SSL shutdown */
+ SSL_shutdown(machine->ssl);
+ /* This is an "event", so flush the SSL of any generated traffic */
+ state_machine_churn(machine);
+ if(buffer_empty(&machine->dirty_in) &&
+ buffer_empty(&machine->dirty_out))
+ return 0;
+ return 1;
+}
+
+/* Called when the dirty side of the SSL has lost its connection. This is pretty
+ * terminal as all that can be left to do is send any buffered output on the
+ * clean side - after that, we're done. */
+int state_machine_close_dirty(state_machine_t *machine)
+{
+ buffer_close(&machine->dirty_in);
+ buffer_close(&machine->dirty_out);
+ buffer_close(&machine->clean_in);
+ if(machine->ssl)
+ SSL_free(machine->ssl);
+ machine->ssl = NULL;
+ machine->bio_intossl = machine->bio_fromssl = NULL;
+ if(buffer_empty(&machine->clean_out))
+ return 0;
+ return 1;
+}
+
+#endif /* !defined(NO_TUNALA) */
+
projects / openssl.git / blobdiff