Lines Matching +full:- +full:s
2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
30 * including handling of non-blocking IO events, flushing of the underlying
32 * separate sub-state machines which control reading and writing respectively.
40 * --------------------------------------------- -------------------
44 * | -------------------- -------------------- | Transition | Handshake state |
46 * | | sub-state | | sub-state | |----------->| |
49 * | -------------------- -------------------- | | |
51 * --------------------------------------------- -------------------
65 static int state_machine(SSL *s, int server);
66 static void init_read_state_machine(SSL *s);
67 static SUB_STATE_RETURN read_state_machine(SSL *s);
68 static void init_write_state_machine(SSL *s);
69 static SUB_STATE_RETURN write_state_machine(SSL *s);
73 return ssl->statem.hand_state; in SSL_get_state()
76 int SSL_in_init(const SSL *s) in SSL_in_init() argument
78 return s->statem.in_init; in SSL_in_init()
81 int SSL_is_init_finished(const SSL *s) in SSL_is_init_finished() argument
83 return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK); in SSL_is_init_finished()
86 int SSL_in_before(const SSL *s) in SSL_in_before() argument
95 return (s->statem.hand_state == TLS_ST_BEFORE) in SSL_in_before()
96 && (s->statem.state == MSG_FLOW_UNINITED); in SSL_in_before()
102 void ossl_statem_clear(SSL *s) in ossl_statem_clear() argument
104 s->statem.state = MSG_FLOW_UNINITED; in ossl_statem_clear()
105 s->statem.hand_state = TLS_ST_BEFORE; in ossl_statem_clear()
106 s->statem.in_init = 1; in ossl_statem_clear()
107 s->statem.no_cert_verify = 0; in ossl_statem_clear()
113 void ossl_statem_set_renegotiate(SSL *s) in ossl_statem_set_renegotiate() argument
115 s->statem.in_init = 1; in ossl_statem_set_renegotiate()
116 s->statem.request_state = TLS_ST_SW_HELLO_REQ; in ossl_statem_set_renegotiate()
119 void ossl_statem_send_fatal(SSL *s, int al) in ossl_statem_send_fatal() argument
122 if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) in ossl_statem_send_fatal()
124 s->statem.in_init = 1; in ossl_statem_send_fatal()
125 s->statem.state = MSG_FLOW_ERROR; in ossl_statem_send_fatal()
127 && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) in ossl_statem_send_fatal()
128 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ossl_statem_send_fatal()
132 * Error reporting building block that's used instead of ERR_set_error().
137 void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) in ossl_statem_fatal() argument
145 ossl_statem_send_fatal(s, al); in ossl_statem_fatal()
153 #define check_fatal(s) \ argument
155 if (!ossl_assert((s)->statem.in_init \
156 && (s)->statem.state == MSG_FLOW_ERROR)) \
157 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_FATAL); \
167 int ossl_statem_in_error(const SSL *s) in ossl_statem_in_error() argument
169 if (s->statem.state == MSG_FLOW_ERROR) in ossl_statem_in_error()
175 void ossl_statem_set_in_init(SSL *s, int init) in ossl_statem_set_in_init() argument
177 s->statem.in_init = init; in ossl_statem_set_in_init()
180 int ossl_statem_get_in_handshake(SSL *s) in ossl_statem_get_in_handshake() argument
182 return s->statem.in_handshake; in ossl_statem_get_in_handshake()
185 void ossl_statem_set_in_handshake(SSL *s, int inhand) in ossl_statem_set_in_handshake() argument
188 s->statem.in_handshake++; in ossl_statem_set_in_handshake()
190 s->statem.in_handshake--; in ossl_statem_set_in_handshake()
194 int ossl_statem_skip_early_data(SSL *s) in ossl_statem_skip_early_data() argument
196 if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) in ossl_statem_skip_early_data()
199 if (!s->server in ossl_statem_skip_early_data()
200 || s->statem.hand_state != TLS_ST_EARLY_DATA in ossl_statem_skip_early_data()
201 || s->hello_retry_request == SSL_HRR_COMPLETE) in ossl_statem_skip_early_data()
212 * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
215 void ossl_statem_check_finish_init(SSL *s, int sending) in ossl_statem_check_finish_init() argument
217 if (sending == -1) { in ossl_statem_check_finish_init()
218 if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END in ossl_statem_check_finish_init()
219 || s->statem.hand_state == TLS_ST_EARLY_DATA) { in ossl_statem_check_finish_init()
220 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
221 if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { in ossl_statem_check_finish_init()
226 s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; in ossl_statem_check_finish_init()
229 } else if (!s->server) { in ossl_statem_check_finish_init()
230 if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END in ossl_statem_check_finish_init()
231 || s->statem.hand_state == TLS_ST_EARLY_DATA) in ossl_statem_check_finish_init()
232 && s->early_data_state != SSL_EARLY_DATA_WRITING) in ossl_statem_check_finish_init()
233 || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { in ossl_statem_check_finish_init()
234 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
239 if (sending && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) in ossl_statem_check_finish_init()
240 s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; in ossl_statem_check_finish_init()
243 if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING in ossl_statem_check_finish_init()
244 && s->statem.hand_state == TLS_ST_EARLY_DATA) in ossl_statem_check_finish_init()
245 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
249 void ossl_statem_set_hello_verify_done(SSL *s) in ossl_statem_set_hello_verify_done() argument
251 s->statem.state = MSG_FLOW_UNINITED; in ossl_statem_set_hello_verify_done()
252 s->statem.in_init = 1; in ossl_statem_set_hello_verify_done()
260 s->statem.hand_state = TLS_ST_SR_CLNT_HELLO; in ossl_statem_set_hello_verify_done()
263 int ossl_statem_connect(SSL *s) in ossl_statem_connect() argument
265 return state_machine(s, 0); in ossl_statem_connect()
268 int ossl_statem_accept(SSL *s) in ossl_statem_accept() argument
270 return state_machine(s, 1); in ossl_statem_accept()
275 static info_cb get_callback(SSL *s) in get_callback() argument
277 if (s->info_callback != NULL) in get_callback()
278 return s->info_callback; in get_callback()
279 else if (s->ctx->info_callback != NULL) in get_callback()
280 return s->ctx->info_callback; in get_callback()
292 * +-----------------------+
294 * MSG_FLOW_WRITING <---> MSG_FLOW_READING
304 * MSG_FLOW_WRITING and MSG_FLOW_READING have sub-state machines associated with them.
313 static int state_machine(SSL *s, int server) in state_machine() argument
317 OSSL_STATEM *st = &s->statem; in state_machine()
318 int ret = -1; in state_machine()
321 if (st->state == MSG_FLOW_ERROR) { in state_machine()
323 return -1; in state_machine()
329 cb = get_callback(s); in state_machine()
331 st->in_handshake++; in state_machine()
332 if (!SSL_in_init(s) || SSL_in_before(s)) { in state_machine()
334 * If we are stateless then we already called SSL_clear() - don't do in state_machine()
337 if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) in state_machine()
338 return -1; in state_machine()
341 if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { in state_machine()
346 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, in state_machine()
347 st->in_handshake, NULL); in state_machine()
352 if (st->state == MSG_FLOW_UNINITED in state_machine()
353 || st->state == MSG_FLOW_FINISHED) { in state_machine()
354 if (st->state == MSG_FLOW_UNINITED) { in state_machine()
355 st->hand_state = TLS_ST_BEFORE; in state_machine()
356 st->request_state = TLS_ST_BEFORE; in state_machine()
359 s->server = server; in state_machine()
361 if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s)) in state_machine()
362 cb(s, SSL_CB_HANDSHAKE_START, 1); in state_machine()
371 if (SSL_IS_DTLS(s)) { in state_machine()
372 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && in state_machine()
373 (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { in state_machine()
374 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
378 if ((s->version >> 8) != SSL3_VERSION_MAJOR) { in state_machine()
379 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
384 if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { in state_machine()
385 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
389 if (s->init_buf == NULL) { in state_machine()
391 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
395 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
398 s->init_buf = buf; in state_machine()
402 if (!ssl3_setup_buffers(s)) { in state_machine()
403 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
406 s->init_num = 0; in state_machine()
411 s->s3.change_cipher_spec = 0; in state_machine()
418 if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s))) in state_machine()
420 if (!ssl_init_wbio_buffer(s)) { in state_machine()
421 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
425 if ((SSL_in_before(s)) in state_machine()
426 || s->renegotiate) { in state_machine()
427 if (!tls_setup_handshake(s)) { in state_machine()
432 if (SSL_IS_FIRST_HANDSHAKE(s)) in state_machine()
433 st->read_state_first_init = 1; in state_machine()
436 st->state = MSG_FLOW_WRITING; in state_machine()
437 init_write_state_machine(s); in state_machine()
440 while (st->state != MSG_FLOW_FINISHED) { in state_machine()
441 if (st->state == MSG_FLOW_READING) { in state_machine()
442 ssret = read_state_machine(s); in state_machine()
444 st->state = MSG_FLOW_WRITING; in state_machine()
445 init_write_state_machine(s); in state_machine()
450 } else if (st->state == MSG_FLOW_WRITING) { in state_machine()
451 ssret = write_state_machine(s); in state_machine()
453 st->state = MSG_FLOW_READING; in state_machine()
454 init_read_state_machine(s); in state_machine()
456 st->state = MSG_FLOW_FINISHED; in state_machine()
463 check_fatal(s); in state_machine()
472 st->in_handshake--; in state_machine()
475 if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { in state_machine()
480 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, in state_machine()
481 st->in_handshake, NULL); in state_machine()
488 cb(s, SSL_CB_ACCEPT_EXIT, ret); in state_machine()
490 cb(s, SSL_CB_CONNECT_EXIT, ret); in state_machine()
496 * Initialise the MSG_FLOW_READING sub-state machine
498 static void init_read_state_machine(SSL *s) in init_read_state_machine() argument
500 OSSL_STATEM *st = &s->statem; in init_read_state_machine()
502 st->read_state = READ_STATE_HEADER; in init_read_state_machine()
505 static int grow_init_buf(SSL *s, size_t size) { in grow_init_buf() argument
507 size_t msg_offset = (char *)s->init_msg - s->init_buf->data; in grow_init_buf()
509 if (!BUF_MEM_grow_clean(s->init_buf, (int)size)) in grow_init_buf()
515 s->init_msg = s->init_buf->data + msg_offset; in grow_init_buf()
521 * This function implements the sub-state machine when the message flow is in
522 * MSG_FLOW_READING. The valid sub-states and transitions are:
524 * READ_STATE_HEADER <--+<-------------+
527 * READ_STATE_BODY -----+-->READ_STATE_POST_PROCESS
529 * +----------------------------+
546 static SUB_STATE_RETURN read_state_machine(SSL *s) in read_state_machine() argument
548 OSSL_STATEM *st = &s->statem; in read_state_machine()
551 int (*transition) (SSL *s, int mt); in read_state_machine()
553 MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt); in read_state_machine()
554 WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst); in read_state_machine()
555 size_t (*max_message_size) (SSL *s); in read_state_machine()
558 cb = get_callback(s); in read_state_machine()
560 if (s->server) { in read_state_machine()
572 if (st->read_state_first_init) { in read_state_machine()
573 s->first_packet = 1; in read_state_machine()
574 st->read_state_first_init = 0; in read_state_machine()
578 switch (st->read_state) { in read_state_machine()
581 if (SSL_IS_DTLS(s)) { in read_state_machine()
583 * In DTLS we get the whole message in one go - header and body in read_state_machine()
585 ret = dtls_get_message(s, &mt); in read_state_machine()
587 ret = tls_get_message_header(s, &mt); in read_state_machine()
591 /* Could be non-blocking IO */ in read_state_machine()
597 if (s->server) in read_state_machine()
598 cb(s, SSL_CB_ACCEPT_LOOP, 1); in read_state_machine()
600 cb(s, SSL_CB_CONNECT_LOOP, 1); in read_state_machine()
606 if (!transition(s, mt)) in read_state_machine()
609 if (s->s3.tmp.message_size > max_message_size(s)) { in read_state_machine()
610 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in read_state_machine()
616 if (!SSL_IS_DTLS(s) in read_state_machine()
617 && s->s3.tmp.message_size > 0 in read_state_machine()
618 && !grow_init_buf(s, s->s3.tmp.message_size in read_state_machine()
620 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); in read_state_machine()
624 st->read_state = READ_STATE_BODY; in read_state_machine()
628 if (SSL_IS_DTLS(s)) { in read_state_machine()
633 ret = dtls_get_message_body(s, &len); in read_state_machine()
635 ret = tls_get_message_body(s, &len); in read_state_machine()
638 /* Could be non-blocking IO */ in read_state_machine()
642 s->first_packet = 0; in read_state_machine()
643 if (!PACKET_buf_init(&pkt, s->init_msg, len)) { in read_state_machine()
644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in read_state_machine()
647 ret = process_message(s, &pkt); in read_state_machine()
650 s->init_num = 0; in read_state_machine()
654 check_fatal(s); in read_state_machine()
658 if (SSL_IS_DTLS(s)) { in read_state_machine()
659 dtls1_stop_timer(s); in read_state_machine()
664 st->read_state = READ_STATE_POST_PROCESS; in read_state_machine()
665 st->read_state_work = WORK_MORE_A; in read_state_machine()
669 st->read_state = READ_STATE_HEADER; in read_state_machine()
675 st->read_state_work = post_process_message(s, st->read_state_work); in read_state_machine()
676 switch (st->read_state_work) { in read_state_machine()
678 check_fatal(s); in read_state_machine()
686 st->read_state = READ_STATE_HEADER; in read_state_machine()
690 if (SSL_IS_DTLS(s)) { in read_state_machine()
691 dtls1_stop_timer(s); in read_state_machine()
699 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in read_state_machine()
708 static int statem_do_write(SSL *s) in statem_do_write() argument
710 OSSL_STATEM *st = &s->statem; in statem_do_write()
712 if (st->hand_state == TLS_ST_CW_CHANGE in statem_do_write()
713 || st->hand_state == TLS_ST_SW_CHANGE) { in statem_do_write()
714 if (SSL_IS_DTLS(s)) in statem_do_write()
715 return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); in statem_do_write()
717 return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); in statem_do_write()
719 return ssl_do_write(s); in statem_do_write()
724 * Initialise the MSG_FLOW_WRITING sub-state machine
726 static void init_write_state_machine(SSL *s) in init_write_state_machine() argument
728 OSSL_STATEM *st = &s->statem; in init_write_state_machine()
730 st->write_state = WRITE_STATE_TRANSITION; in init_write_state_machine()
734 * This function implements the sub-state machine when the message flow is in
735 * MSG_FLOW_WRITING. The valid sub-states and transitions are:
737 * +-> WRITE_STATE_TRANSITION ------> [SUB_STATE_FINISHED]
740 * | WRITE_STATE_PRE_WORK -----> [SUB_STATE_END_HANDSHAKE]
748 * +-------------+
764 static SUB_STATE_RETURN write_state_machine(SSL *s) in write_state_machine() argument
766 OSSL_STATEM *st = &s->statem; in write_state_machine()
768 WRITE_TRAN(*transition) (SSL *s); in write_state_machine()
769 WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst); in write_state_machine()
770 WORK_STATE(*post_work) (SSL *s, WORK_STATE wst); in write_state_machine()
771 int (*get_construct_message_f) (SSL *s, WPACKET *pkt, in write_state_machine()
772 int (**confunc) (SSL *s, WPACKET *pkt), in write_state_machine()
775 int (*confunc) (SSL *s, WPACKET *pkt); in write_state_machine()
779 cb = get_callback(s); in write_state_machine()
781 if (s->server) { in write_state_machine()
794 switch (st->write_state) { in write_state_machine()
798 if (s->server) in write_state_machine()
799 cb(s, SSL_CB_ACCEPT_LOOP, 1); in write_state_machine()
801 cb(s, SSL_CB_CONNECT_LOOP, 1); in write_state_machine()
803 switch (transition(s)) { in write_state_machine()
805 st->write_state = WRITE_STATE_PRE_WORK; in write_state_machine()
806 st->write_state_work = WORK_MORE_A; in write_state_machine()
814 check_fatal(s); in write_state_machine()
820 switch (st->write_state_work = pre_work(s, st->write_state_work)) { in write_state_machine()
822 check_fatal(s); in write_state_machine()
830 st->write_state = WRITE_STATE_SEND; in write_state_machine()
836 if (!get_construct_message_f(s, &pkt, &confunc, &mt)) { in write_state_machine()
842 st->write_state = WRITE_STATE_POST_WORK; in write_state_machine()
843 st->write_state_work = WORK_MORE_A; in write_state_machine()
846 if (!WPACKET_init(&pkt, s->init_buf) in write_state_machine()
847 || !ssl_set_handshake_header(s, &pkt, mt)) { in write_state_machine()
849 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
855 tmpret = confunc(s, &pkt); in write_state_machine()
858 check_fatal(s); in write_state_machine()
866 st->write_state = WRITE_STATE_POST_WORK; in write_state_machine()
867 st->write_state_work = WORK_MORE_A; in write_state_machine()
871 if (!ssl_close_construct_packet(s, &pkt, mt) in write_state_machine()
874 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
881 if (SSL_IS_DTLS(s) && st->use_timer) { in write_state_machine()
882 dtls1_start_timer(s); in write_state_machine()
884 ret = statem_do_write(s); in write_state_machine()
888 st->write_state = WRITE_STATE_POST_WORK; in write_state_machine()
889 st->write_state_work = WORK_MORE_A; in write_state_machine()
893 switch (st->write_state_work = post_work(s, st->write_state_work)) { in write_state_machine()
895 check_fatal(s); in write_state_machine()
903 st->write_state = WRITE_STATE_TRANSITION; in write_state_machine()
912 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
921 int statem_flush(SSL *s) in statem_flush() argument
923 s->rwstate = SSL_WRITING; in statem_flush()
924 if (BIO_flush(s->wbio) <= 0) { in statem_flush()
927 s->rwstate = SSL_NOTHING; in statem_flush()
940 int ossl_statem_app_data_allowed(SSL *s) in ossl_statem_app_data_allowed() argument
942 OSSL_STATEM *st = &s->statem; in ossl_statem_app_data_allowed()
944 if (st->state == MSG_FLOW_UNINITED) in ossl_statem_app_data_allowed()
947 if (!s->s3.in_read_app_data || (s->s3.total_renegotiations == 0)) in ossl_statem_app_data_allowed()
950 if (s->server) { in ossl_statem_app_data_allowed()
955 if (st->hand_state == TLS_ST_BEFORE in ossl_statem_app_data_allowed()
956 || st->hand_state == TLS_ST_SR_CLNT_HELLO) in ossl_statem_app_data_allowed()
963 if (st->hand_state == TLS_ST_CW_CLNT_HELLO) in ossl_statem_app_data_allowed()
974 int ossl_statem_export_allowed(SSL *s) in ossl_statem_export_allowed() argument
976 return s->s3.previous_server_finished_len != 0 in ossl_statem_export_allowed()
977 && s->statem.hand_state != TLS_ST_SW_FINISHED; in ossl_statem_export_allowed()
984 int ossl_statem_export_early_allowed(SSL *s) in ossl_statem_export_early_allowed() argument
991 return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED in ossl_statem_export_early_allowed()
992 || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); in ossl_statem_export_early_allowed()