diff options
Diffstat (limited to 'doc/examples/tlsproxy')
-rw-r--r-- | doc/examples/tlsproxy/buffer.c | 20 | ||||
-rw-r--r-- | doc/examples/tlsproxy/buffer.h | 26 | ||||
-rw-r--r-- | doc/examples/tlsproxy/crypto-gnutls.c | 132 | ||||
-rw-r--r-- | doc/examples/tlsproxy/crypto-gnutls.h | 19 | ||||
-rw-r--r-- | doc/examples/tlsproxy/tlsproxy.c | 61 |
5 files changed, 124 insertions, 134 deletions
diff --git a/doc/examples/tlsproxy/buffer.c b/doc/examples/tlsproxy/buffer.c index e983495f80..b4d34a8d67 100644 --- a/doc/examples/tlsproxy/buffer.c +++ b/doc/examples/tlsproxy/buffer.c @@ -88,7 +88,7 @@ buffer_t *bufNew(ssize_t size, ssize_t hwm) return b; } -void bufFree(buffer_t * b) +void bufFree(buffer_t *b) { free(b->buf); free(b); @@ -97,7 +97,7 @@ void bufFree(buffer_t * b) /* get a maximal span to read. Returns 0 if buffer * is empty */ -ssize_t bufGetReadSpan(buffer_t * b, void **addr) +ssize_t bufGetReadSpan(buffer_t *b, void **addr) { if (b->empty) { *addr = NULL; @@ -112,7 +112,7 @@ ssize_t bufGetReadSpan(buffer_t * b, void **addr) /* get a maximal span to write. Returns 0 id buffer is full */ -ssize_t bufGetWriteSpan(buffer_t * b, void **addr) +ssize_t bufGetWriteSpan(buffer_t *b, void **addr) { if (b->empty) { *addr = b->buf; @@ -132,7 +132,7 @@ ssize_t bufGetWriteSpan(buffer_t * b, void **addr) } /* mark size bytes as read */ -void bufDoneRead(buffer_t * b, ssize_t size) +void bufDoneRead(buffer_t *b, ssize_t size) { while (!b->empty && (size > 0)) { /* empty can't occur here, so equal pointers means full */ @@ -159,7 +159,7 @@ void bufDoneRead(buffer_t * b, ssize_t size) } /* mark size bytes as written */ -void bufDoneWrite(buffer_t * b, ssize_t size) +void bufDoneWrite(buffer_t *b, ssize_t size) { while ((b->empty || (b->ridx != b->widx)) && (size > 0)) { /* full can't occur here, so equal pointers means empty */ @@ -182,27 +182,27 @@ void bufDoneWrite(buffer_t * b, ssize_t size) } } -int bufIsEmpty(buffer_t * b) +int bufIsEmpty(buffer_t *b) { return b->empty; } -int bufIsFull(buffer_t * b) +int bufIsFull(buffer_t *b) { return !b->empty && (b->ridx == b->widx); } -int bufIsOverHWM(buffer_t * b) +int bufIsOverHWM(buffer_t *b) { return bufGetCount(b) > b->hwm; } -ssize_t bufGetFree(buffer_t * b) +ssize_t bufGetFree(buffer_t *b) { return b->size - bufGetCount(b); } -ssize_t bufGetCount(buffer_t * b) +ssize_t bufGetCount(buffer_t *b) { if (b->empty) return 0; diff --git a/doc/examples/tlsproxy/buffer.h b/doc/examples/tlsproxy/buffer.h index 6d8a205a56..28b08e4632 100644 --- a/doc/examples/tlsproxy/buffer.h +++ b/doc/examples/tlsproxy/buffer.h @@ -23,23 +23,23 @@ OTHER DEALINGS IN THE SOFTWARE. */ #ifndef __TLSPROXY_BUFFERS_H -# define __TLSPROXY_BUFFERS_H +#define __TLSPROXY_BUFFERS_H -# include <stdlib.h> -# include <sys/types.h> +#include <stdlib.h> +#include <sys/types.h> typedef struct buffer buffer_t; buffer_t *bufNew(ssize_t size, ssize_t hwm); -void bufFree(buffer_t * b); -ssize_t bufGetReadSpan(buffer_t * b, void **addr); -ssize_t bufGetWriteSpan(buffer_t * b, void **addr); -void bufDoneRead(buffer_t * b, ssize_t size); -void bufDoneWrite(buffer_t * b, ssize_t size); -int bufIsEmpty(buffer_t * b); -int bufIsFull(buffer_t * b); -int bufIsOverHWM(buffer_t * b); -ssize_t bufGetFree(buffer_t * b); -ssize_t bufGetCount(buffer_t * b); +void bufFree(buffer_t *b); +ssize_t bufGetReadSpan(buffer_t *b, void **addr); +ssize_t bufGetWriteSpan(buffer_t *b, void **addr); +void bufDoneRead(buffer_t *b, ssize_t size); +void bufDoneWrite(buffer_t *b, ssize_t size); +int bufIsEmpty(buffer_t *b); +int bufIsFull(buffer_t *b); +int bufIsOverHWM(buffer_t *b); +ssize_t bufGetFree(buffer_t *b); +ssize_t bufGetCount(buffer_t *b); #endif diff --git a/doc/examples/tlsproxy/crypto-gnutls.c b/doc/examples/tlsproxy/crypto-gnutls.c index a9da58912b..b0495f99b9 100644 --- a/doc/examples/tlsproxy/crypto-gnutls.c +++ b/doc/examples/tlsproxy/crypto-gnutls.c @@ -60,20 +60,20 @@ struct tlssession { }; #define BUF_SIZE 65536 -#define BUF_HWM ((BUF_SIZE*3)/4) +#define BUF_HWM ((BUF_SIZE * 3) / 4) static int falsequit(void *opaque) { return FALSE; } -static int quit(tlssession_t * s) +static int quit(tlssession_t *s) { return s->quitfn(s->opaque); } #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) -# pragma GCC diagnostic ignored "-Wsuggest-attribute=format" +#pragma GCC diagnostic ignored "-Wsuggest-attribute=format" #endif static int stderrout(void *opaque, const char *format, va_list ap) @@ -81,7 +81,7 @@ static int stderrout(void *opaque, const char *format, va_list ap) return vfprintf(stderr, format, ap); } -static int errout(tlssession_t * s, const char *format, ...) +static int errout(tlssession_t *s, const char *format, ...) { va_list ap; int ret; @@ -91,7 +91,7 @@ static int errout(tlssession_t * s, const char *format, ...) return ret; } -static int debugout(tlssession_t * s, const char *format, ...) +static int debugout(tlssession_t *s, const char *format, ...) { va_list ap; int ret = 0; @@ -122,7 +122,7 @@ static int verify_certificate_callback(gnutls_session_t session) tlssession_t *s; /* read session pointer */ - s = (tlssession_t *) gnutls_session_get_ptr(session); + s = (tlssession_t *)gnutls_session_get_ptr(session); if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) return GNUTLS_E_CERTIFICATE_ERROR; @@ -131,9 +131,8 @@ static int verify_certificate_callback(gnutls_session_t session) * structure. So you must have installed one or more CA certificates. */ if (s->hostname && *s->hostname) - ret = - gnutls_certificate_verify_peers3(session, s->hostname, - &status); + ret = gnutls_certificate_verify_peers3(session, s->hostname, + &status); else ret = gnutls_certificate_verify_peers2(session, &status); @@ -145,10 +144,8 @@ static int verify_certificate_callback(gnutls_session_t session) if (status) { gnutls_datum_t txt; - ret = - gnutls_certificate_verification_status_print(status, - GNUTLS_CRT_X509, - &txt, 0); + ret = gnutls_certificate_verification_status_print( + status, GNUTLS_CRT_X509, &txt, 0); if (ret >= 0) { debugout(s, "verification error: %s\n", txt.data); gnutls_free(txt.data); @@ -163,12 +160,12 @@ static int verify_certificate_callback(gnutls_session_t session) return 0; } -tlssession_t *tlssession_new(int isserver, - char *keyfile, char *certfile, char *cacertfile, - char *hostname, int insecure, int debug, - int (*quitfn)(void *opaque), +tlssession_t *tlssession_new(int isserver, char *keyfile, char *certfile, + char *cacertfile, char *hostname, int insecure, + int debug, int (*quitfn)(void *opaque), int (*erroutfn)(void *opaque, const char *format, - va_list ap), void *opaque) + va_list ap), + void *opaque) { int ret; tlssession_t *s = calloc(1, sizeof(tlssession_t)); @@ -196,9 +193,8 @@ tlssession_t *tlssession_new(int isserver, } if (cacertfile != NULL) { - ret = - gnutls_certificate_set_x509_trust_file(s->creds, cacertfile, - GNUTLS_X509_FMT_PEM); + ret = gnutls_certificate_set_x509_trust_file( + s->creds, cacertfile, GNUTLS_X509_FMT_PEM); if (ret < 0) { errout(s, "Error setting the x509 trust file: %s\n", gnutls_strerror(ret)); @@ -206,10 +202,10 @@ tlssession_t *tlssession_new(int isserver, } if (!insecure) { - gnutls_certificate_set_verify_function(s->creds, - verify_certificate_callback); - gnutls_certificate_set_verify_flags(s->creds, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + gnutls_certificate_set_verify_function( + s->creds, verify_certificate_callback); + gnutls_certificate_set_verify_flags( + s->creds, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); } } @@ -217,10 +213,8 @@ tlssession_t *tlssession_new(int isserver, certfile = keyfile; if (certfile != NULL && keyfile != NULL) { - ret = - gnutls_certificate_set_x509_key_file(s->creds, certfile, - keyfile, - GNUTLS_X509_FMT_PEM); + ret = gnutls_certificate_set_x509_key_file( + s->creds, certfile, keyfile, GNUTLS_X509_FMT_PEM); if (ret < 0) { errout(s, @@ -244,9 +238,8 @@ tlssession_t *tlssession_new(int isserver, gnutls_session_set_ptr(s->session, (void *)s); if (!isserver && s->hostname && *s->hostname) { - ret = - gnutls_server_name_set(s->session, GNUTLS_NAME_DNS, - s->hostname, strlen(s->hostname)); + ret = gnutls_server_name_set(s->session, GNUTLS_NAME_DNS, + s->hostname, strlen(s->hostname)); if (ret < 0) { errout(s, "Cannot set server name: %s\n", gnutls_strerror(ret)); @@ -261,9 +254,8 @@ tlssession_t *tlssession_new(int isserver, goto error; } - ret = - gnutls_credentials_set(s->session, GNUTLS_CRD_CERTIFICATE, - s->creds); + ret = gnutls_credentials_set(s->session, GNUTLS_CRD_CERTIFICATE, + s->creds); if (ret < 0) { errout(s, "Cannot set session GNUTL credentials: %s\n", gnutls_strerror(ret)); @@ -278,14 +270,14 @@ tlssession_t *tlssession_new(int isserver, return s; - error: +error: if (s->session) gnutls_deinit(s->session); free(s); return NULL; } -void tlssession_close(tlssession_t * s) +void tlssession_close(tlssession_t *s) { if (s->session) gnutls_deinit(s->session); @@ -298,7 +290,7 @@ int tlssession_init(void) return gnutls_global_init(); } -int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) +int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t *s) { fd_set readfds; fd_set writefds; @@ -318,7 +310,7 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) /* set it up to work with our FD */ gnutls_transport_set_ptr(s->session, - (gnutls_transport_ptr_t) (intptr_t) cryptfd); + (gnutls_transport_ptr_t)(intptr_t)cryptfd); /* Now do the handshake */ ret = gnutls_handshake(s->session); @@ -350,7 +342,7 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) size_t buffered = gnutls_record_check_pending(s->session); if (buffered) - wait = FALSE; /* do not wait for select to return if we have buffered data */ + wait = FALSE; /* do not wait for select to return if we have buffered data */ if (plainEOF) { /* plain text end has closed, but me may still have @@ -384,12 +376,11 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) do { timeout.tv_sec = wait ? 1 : 0; timeout.tv_usec = 0; - result = - select(maxfd, &readfds, &writefds, NULL, &timeout); + result = select(maxfd, &readfds, &writefds, NULL, + &timeout); selecterrno = errno; - } - while ((result == -1) && (selecterrno == EINTR) && !quit(s)); + } while ((result == -1) && (selecterrno == EINTR) && !quit(s)); if (quit(s)) break; @@ -404,9 +395,8 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) if (len > 0) { do { ret = read(plainfd, addr, (size_t)len); - } - while ((ret < 0) && (errno == EINTR) - && !quit(s)); + } while ((ret < 0) && (errno == EINTR) && + !quit(s)); if (quit(s)) break; if (ret < 0) { @@ -417,7 +407,9 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) if (ret == 0) { plainEOF = TRUE; } else { - bufDoneWrite(plainToCrypt, ret); /* mark ret bytes as written to the buffer */ + bufDoneWrite( + plainToCrypt, + ret); /* mark ret bytes as written to the buffer */ } } } @@ -433,9 +425,8 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) if (len > 0) { do { ret = write(plainfd, addr, (size_t)len); - } - while ((ret < 0) && (errno == EINTR) - && !quit(s)); + } while ((ret < 0) && (errno == EINTR) && + !quit(s)); if (quit(s)) break; if (ret < 0) { @@ -443,7 +434,9 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) "Error on write to plain socket: %m\n"); goto error; } - bufDoneRead(cryptToPlain, ret); /* mark ret bytes as read from the buffer */ + bufDoneRead( + cryptToPlain, + ret); /* mark ret bytes as read from the buffer */ } } @@ -457,11 +450,10 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) ssize_t len = bufGetWriteSpan(cryptToPlain, &addr); if (len > 0) { do { - ret = - gnutls_record_recv(s->session, addr, - (size_t)len); - } - while (ret == GNUTLS_E_INTERRUPTED && !quit(s)); + ret = gnutls_record_recv( + s->session, addr, (size_t)len); + } while (ret == GNUTLS_E_INTERRUPTED && + !quit(s)); /* do not loop on GNUTLS_E_AGAIN - this means we'd block so we'd loop for * ever */ @@ -476,7 +468,9 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) if (ret == 0) { cryptEOF = TRUE; } else { - bufDoneWrite(cryptToPlain, ret); /* mark ret bytes as written to the buffer */ + bufDoneWrite( + cryptToPlain, + ret); /* mark ret bytes as written to the buffer */ } } } @@ -492,16 +486,14 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) if (len > 0) { do { if (tls_wr_interrupted) { - ret = - gnutls_record_send - (s->session, NULL, 0); + ret = gnutls_record_send( + s->session, NULL, 0); } else { - ret = - gnutls_record_send - (s->session, addr, len); + ret = gnutls_record_send( + s->session, addr, len); } - } - while (ret == GNUTLS_E_INTERRUPTED && !quit(s)); + } while (ret == GNUTLS_E_INTERRUPTED && + !quit(s)); if (quit(s)) break; if (ret == GNUTLS_E_AGAIN) { @@ -515,7 +507,9 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) gnutls_strerror(ret)); goto error; } else { - bufDoneRead(plainToCrypt, ret); /* mark ret bytes as read from the buffer */ + bufDoneRead( + plainToCrypt, + ret); /* mark ret bytes as read from the buffer */ } } } @@ -524,10 +518,10 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s) ret = 0; goto freereturn; - error: +error: ret = -1; - freereturn: +freereturn: gnutls_bye(s->session, GNUTLS_SHUT_RDWR); shutdown(plainfd, SHUT_RDWR); bufFree(plainToCrypt); diff --git a/doc/examples/tlsproxy/crypto-gnutls.h b/doc/examples/tlsproxy/crypto-gnutls.h index be04e665d2..b315c9a274 100644 --- a/doc/examples/tlsproxy/crypto-gnutls.h +++ b/doc/examples/tlsproxy/crypto-gnutls.h @@ -25,19 +25,18 @@ OTHER DEALINGS IN THE SOFTWARE. */ #ifndef __TLSPROXY_CRYPTO_GNUTLS_H -# define __TLSPROXY_CRYPTO_GNUTLS_H +#define __TLSPROXY_CRYPTO_GNUTLS_H int tlssession_init(void); typedef struct tlssession tlssession_t; -tlssession_t *tlssession_new(int isserver, - char *keyfile, char *certfile, char *cacertfile, - char *hostname, int insecure, int debug, - int (*quitfn)(void *opaque), - int (*erroutfn)(void *opaque, - const char *format, - va_list ap), void *opaque); -void tlssession_close(tlssession_t * s); -int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * session); +tlssession_t *tlssession_new(int isserver, char *keyfile, char *certfile, + char *cacertfile, char *hostname, int insecure, + int debug, int (*quitfn)(void *opaque), + int (*erroutfn)(void *opaque, const char *format, + va_list ap), + void *opaque); +void tlssession_close(tlssession_t *s); +int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t *session); #endif diff --git a/doc/examples/tlsproxy/tlsproxy.c b/doc/examples/tlsproxy/tlsproxy.c index f9ce373fdc..dc5bea2aee 100644 --- a/doc/examples/tlsproxy/tlsproxy.c +++ b/doc/examples/tlsproxy/tlsproxy.c @@ -64,10 +64,10 @@ static int bindtoaddress(char *addrport) snprintf(addr, sizeof(addr), "%s", addrport); memset(&hints, 0, sizeof(struct addrinfo)); - hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */ - hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ - hints.ai_socktype = SOCK_STREAM; /* Stream socket */ - hints.ai_protocol = 0; /* any protocol */ + hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */ + hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ + hints.ai_socktype = SOCK_STREAM; /* Stream socket */ + hints.ai_protocol = 0; /* any protocol */ char *colon = strrchr(addr, ':'); const char *port = defaultport; @@ -90,9 +90,8 @@ static int bindtoaddress(char *addrport) if (fd >= 0) { int one = 1; - if (setsockopt - (fd, SOL_SOCKET, SO_REUSEADDR, &one, - sizeof(one)) < 0) { + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, + sizeof(one)) < 0) { close(fd); continue; } @@ -108,7 +107,7 @@ static int bindtoaddress(char *addrport) return -1; } - freeaddrinfo(result); /* No longer needed */ + freeaddrinfo(result); /* No longer needed */ if (listen(fd, 5) < 0) { close(fd); @@ -128,10 +127,10 @@ static int connecttoaddress(char *addrport) snprintf(addr, sizeof(addr), "%s", addrport); memset(&hints, 0, sizeof(struct addrinfo)); - hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */ - hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ - hints.ai_socktype = SOCK_STREAM; /* Stream socket */ - hints.ai_protocol = 0; /* any protocol */ + hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */ + hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ + hints.ai_socktype = SOCK_STREAM; /* Stream socket */ + hints.ai_protocol = 0; /* any protocol */ char *colon = strrchr(addr, ':'); const char *port = defaultport; @@ -166,7 +165,7 @@ static int connecttoaddress(char *addrport) return -1; } - freeaddrinfo(result); /* No longer needed */ + freeaddrinfo(result); /* No longer needed */ return fd; } @@ -185,10 +184,9 @@ static int runproxy(int acceptfd) return -1; } - tlssession_t *session = - tlssession_new(server, keyfile, certfile, cacertfile, hostname, - insecure, - debug, quitfn, NULL, NULL); + tlssession_t *session = tlssession_new(server, keyfile, certfile, + cacertfile, hostname, insecure, + debug, quitfn, NULL, NULL); if (!session) { fprintf(stderr, "Could create TLS session\n"); close(connectfd); @@ -235,8 +233,7 @@ static int runlistener(void) return -1; } } - } - while (fd < 0 && !rxsigquit); + } while (fd < 0 && !rxsigquit); if (rxsigquit) break; if (nofork < 2) { @@ -287,18 +284,18 @@ static void processoptions(int argc, char **argv) { while (1) { static const struct option longopts[] = { - {"connect", required_argument, 0, 'c'}, - {"listen", required_argument, 0, 'l'}, - {"key", required_argument, 0, 'K'}, - {"cert", required_argument, 0, 'C'}, - {"cacert", required_argument, 0, 'A'}, - {"hostname", required_argument, 0, 'H'}, - {"server", no_argument, 0, 's'}, - {"insecure", no_argument, 0, 'i'}, - {"nofork", no_argument, 0, 'n'}, - {"debug", no_argument, 0, 'd'}, - {"help", no_argument, 0, 'h'}, - {0, 0, 0, 0} + { "connect", required_argument, 0, 'c' }, + { "listen", required_argument, 0, 'l' }, + { "key", required_argument, 0, 'K' }, + { "cert", required_argument, 0, 'C' }, + { "cacert", required_argument, 0, 'A' }, + { "hostname", required_argument, 0, 'H' }, + { "server", no_argument, 0, 's' }, + { "insecure", no_argument, 0, 'i' }, + { "nofork", no_argument, 0, 'n' }, + { "debug", no_argument, 0, 'd' }, + { "help", no_argument, 0, 'h' }, + { 0, 0, 0, 0 } }; int optidx = 0; @@ -309,7 +306,7 @@ static void processoptions(int argc, char **argv) break; switch (c) { - case 0: /* set a flag, nothing else to do */ + case 0: /* set a flag, nothing else to do */ break; case 'c': |