Lines Matching refs:s
65 static int state_machine(SSL *s, int server);
66 static void init_read_state_machine(SSL *s);
67 static SUB_STATE_RETURN read_state_machine(SSL *s);
68 static void init_write_state_machine(SSL *s);
69 static SUB_STATE_RETURN write_state_machine(SSL *s);
76 int SSL_in_init(const SSL *s) in SSL_in_init() argument
78 return s->statem.in_init; in SSL_in_init()
81 int SSL_is_init_finished(const SSL *s) in SSL_is_init_finished() argument
83 return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK); in SSL_is_init_finished()
86 int SSL_in_before(const SSL *s) in SSL_in_before() argument
95 return (s->statem.hand_state == TLS_ST_BEFORE) in SSL_in_before()
96 && (s->statem.state == MSG_FLOW_UNINITED); in SSL_in_before()
102 void ossl_statem_clear(SSL *s) in ossl_statem_clear() argument
104 s->statem.state = MSG_FLOW_UNINITED; in ossl_statem_clear()
105 s->statem.hand_state = TLS_ST_BEFORE; in ossl_statem_clear()
106 s->statem.in_init = 1; in ossl_statem_clear()
107 s->statem.no_cert_verify = 0; in ossl_statem_clear()
113 void ossl_statem_set_renegotiate(SSL *s) in ossl_statem_set_renegotiate() argument
115 s->statem.in_init = 1; in ossl_statem_set_renegotiate()
116 s->statem.request_state = TLS_ST_SW_HELLO_REQ; in ossl_statem_set_renegotiate()
119 void ossl_statem_send_fatal(SSL *s, int al) in ossl_statem_send_fatal() argument
122 if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) in ossl_statem_send_fatal()
124 s->statem.in_init = 1; in ossl_statem_send_fatal()
125 s->statem.state = MSG_FLOW_ERROR; in ossl_statem_send_fatal()
127 && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) in ossl_statem_send_fatal()
128 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ossl_statem_send_fatal()
137 void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) in ossl_statem_fatal() argument
145 ossl_statem_send_fatal(s, al); in ossl_statem_fatal()
153 #define check_fatal(s) \ argument
155 if (!ossl_assert((s)->statem.in_init \
156 && (s)->statem.state == MSG_FLOW_ERROR)) \
157 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_FATAL); \
167 int ossl_statem_in_error(const SSL *s) in ossl_statem_in_error() argument
169 if (s->statem.state == MSG_FLOW_ERROR) in ossl_statem_in_error()
175 void ossl_statem_set_in_init(SSL *s, int init) in ossl_statem_set_in_init() argument
177 s->statem.in_init = init; in ossl_statem_set_in_init()
180 int ossl_statem_get_in_handshake(SSL *s) in ossl_statem_get_in_handshake() argument
182 return s->statem.in_handshake; in ossl_statem_get_in_handshake()
185 void ossl_statem_set_in_handshake(SSL *s, int inhand) in ossl_statem_set_in_handshake() argument
188 s->statem.in_handshake++; in ossl_statem_set_in_handshake()
190 s->statem.in_handshake--; in ossl_statem_set_in_handshake()
194 int ossl_statem_skip_early_data(SSL *s) in ossl_statem_skip_early_data() argument
196 if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) in ossl_statem_skip_early_data()
199 if (!s->server in ossl_statem_skip_early_data()
200 || s->statem.hand_state != TLS_ST_EARLY_DATA in ossl_statem_skip_early_data()
201 || s->hello_retry_request == SSL_HRR_COMPLETE) in ossl_statem_skip_early_data()
215 void ossl_statem_check_finish_init(SSL *s, int sending) in ossl_statem_check_finish_init() argument
218 if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END in ossl_statem_check_finish_init()
219 || s->statem.hand_state == TLS_ST_EARLY_DATA) { in ossl_statem_check_finish_init()
220 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
221 if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { in ossl_statem_check_finish_init()
226 s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; in ossl_statem_check_finish_init()
229 } else if (!s->server) { in ossl_statem_check_finish_init()
230 if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END in ossl_statem_check_finish_init()
231 || s->statem.hand_state == TLS_ST_EARLY_DATA) in ossl_statem_check_finish_init()
232 && s->early_data_state != SSL_EARLY_DATA_WRITING) in ossl_statem_check_finish_init()
233 || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { in ossl_statem_check_finish_init()
234 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
239 if (sending && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) in ossl_statem_check_finish_init()
240 s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; in ossl_statem_check_finish_init()
243 if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING in ossl_statem_check_finish_init()
244 && s->statem.hand_state == TLS_ST_EARLY_DATA) in ossl_statem_check_finish_init()
245 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
249 void ossl_statem_set_hello_verify_done(SSL *s) in ossl_statem_set_hello_verify_done() argument
251 s->statem.state = MSG_FLOW_UNINITED; in ossl_statem_set_hello_verify_done()
252 s->statem.in_init = 1; in ossl_statem_set_hello_verify_done()
260 s->statem.hand_state = TLS_ST_SR_CLNT_HELLO; in ossl_statem_set_hello_verify_done()
263 int ossl_statem_connect(SSL *s) in ossl_statem_connect() argument
265 return state_machine(s, 0); in ossl_statem_connect()
268 int ossl_statem_accept(SSL *s) in ossl_statem_accept() argument
270 return state_machine(s, 1); in ossl_statem_accept()
275 static info_cb get_callback(SSL *s) in get_callback() argument
277 if (s->info_callback != NULL) in get_callback()
278 return s->info_callback; in get_callback()
279 else if (s->ctx->info_callback != NULL) in get_callback()
280 return s->ctx->info_callback; in get_callback()
313 static int state_machine(SSL *s, int server) in state_machine() argument
317 OSSL_STATEM *st = &s->statem; in state_machine()
329 cb = get_callback(s); in state_machine()
332 if (!SSL_in_init(s) || SSL_in_before(s)) { in state_machine()
337 if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) in state_machine()
341 if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { in state_machine()
346 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, in state_machine()
359 s->server = server; in state_machine()
361 if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s)) in state_machine()
362 cb(s, SSL_CB_HANDSHAKE_START, 1); in state_machine()
371 if (SSL_IS_DTLS(s)) { in state_machine()
372 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && in state_machine()
373 (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { in state_machine()
374 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
378 if ((s->version >> 8) != SSL3_VERSION_MAJOR) { in state_machine()
379 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
384 if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { in state_machine()
385 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
389 if (s->init_buf == NULL) { in state_machine()
391 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
395 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
398 s->init_buf = buf; in state_machine()
402 if (!ssl3_setup_buffers(s)) { in state_machine()
403 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
406 s->init_num = 0; in state_machine()
411 s->s3.change_cipher_spec = 0; in state_machine()
418 if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s))) in state_machine()
420 if (!ssl_init_wbio_buffer(s)) { in state_machine()
421 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
425 if ((SSL_in_before(s)) in state_machine()
426 || s->renegotiate) { in state_machine()
427 if (!tls_setup_handshake(s)) { in state_machine()
432 if (SSL_IS_FIRST_HANDSHAKE(s)) in state_machine()
437 init_write_state_machine(s); in state_machine()
442 ssret = read_state_machine(s); in state_machine()
445 init_write_state_machine(s); in state_machine()
451 ssret = write_state_machine(s); in state_machine()
454 init_read_state_machine(s); in state_machine()
463 check_fatal(s); in state_machine()
475 if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { in state_machine()
480 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, in state_machine()
488 cb(s, SSL_CB_ACCEPT_EXIT, ret); in state_machine()
490 cb(s, SSL_CB_CONNECT_EXIT, ret); in state_machine()
498 static void init_read_state_machine(SSL *s) in init_read_state_machine() argument
500 OSSL_STATEM *st = &s->statem; in init_read_state_machine()
505 static int grow_init_buf(SSL *s, size_t size) { in grow_init_buf() argument
507 size_t msg_offset = (char *)s->init_msg - s->init_buf->data; in grow_init_buf()
509 if (!BUF_MEM_grow_clean(s->init_buf, (int)size)) in grow_init_buf()
515 s->init_msg = s->init_buf->data + msg_offset; in grow_init_buf()
546 static SUB_STATE_RETURN read_state_machine(SSL *s) in read_state_machine() argument
548 OSSL_STATEM *st = &s->statem; in read_state_machine()
551 int (*transition) (SSL *s, int mt); in read_state_machine()
553 MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt); in read_state_machine()
554 WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst); in read_state_machine()
555 size_t (*max_message_size) (SSL *s); in read_state_machine()
558 cb = get_callback(s); in read_state_machine()
560 if (s->server) { in read_state_machine()
573 s->first_packet = 1; in read_state_machine()
581 if (SSL_IS_DTLS(s)) { in read_state_machine()
585 ret = dtls_get_message(s, &mt); in read_state_machine()
587 ret = tls_get_message_header(s, &mt); in read_state_machine()
597 if (s->server) in read_state_machine()
598 cb(s, SSL_CB_ACCEPT_LOOP, 1); in read_state_machine()
600 cb(s, SSL_CB_CONNECT_LOOP, 1); in read_state_machine()
606 if (!transition(s, mt)) in read_state_machine()
609 if (s->s3.tmp.message_size > max_message_size(s)) { in read_state_machine()
610 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in read_state_machine()
616 if (!SSL_IS_DTLS(s) in read_state_machine()
617 && s->s3.tmp.message_size > 0 in read_state_machine()
618 && !grow_init_buf(s, s->s3.tmp.message_size in read_state_machine()
620 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); in read_state_machine()
628 if (SSL_IS_DTLS(s)) { in read_state_machine()
633 ret = dtls_get_message_body(s, &len); in read_state_machine()
635 ret = tls_get_message_body(s, &len); in read_state_machine()
642 s->first_packet = 0; in read_state_machine()
643 if (!PACKET_buf_init(&pkt, s->init_msg, len)) { in read_state_machine()
644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in read_state_machine()
647 ret = process_message(s, &pkt); in read_state_machine()
650 s->init_num = 0; in read_state_machine()
654 check_fatal(s); in read_state_machine()
658 if (SSL_IS_DTLS(s)) { in read_state_machine()
659 dtls1_stop_timer(s); in read_state_machine()
675 st->read_state_work = post_process_message(s, st->read_state_work); in read_state_machine()
678 check_fatal(s); in read_state_machine()
690 if (SSL_IS_DTLS(s)) { in read_state_machine()
691 dtls1_stop_timer(s); in read_state_machine()
699 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in read_state_machine()
708 static int statem_do_write(SSL *s) in statem_do_write() argument
710 OSSL_STATEM *st = &s->statem; in statem_do_write()
714 if (SSL_IS_DTLS(s)) in statem_do_write()
715 return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); in statem_do_write()
717 return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); in statem_do_write()
719 return ssl_do_write(s); in statem_do_write()
726 static void init_write_state_machine(SSL *s) in init_write_state_machine() argument
728 OSSL_STATEM *st = &s->statem; in init_write_state_machine()
764 static SUB_STATE_RETURN write_state_machine(SSL *s) in write_state_machine() argument
766 OSSL_STATEM *st = &s->statem; in write_state_machine()
768 WRITE_TRAN(*transition) (SSL *s); in write_state_machine()
769 WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst); in write_state_machine()
770 WORK_STATE(*post_work) (SSL *s, WORK_STATE wst); in write_state_machine()
771 int (*get_construct_message_f) (SSL *s, WPACKET *pkt, in write_state_machine()
772 int (**confunc) (SSL *s, WPACKET *pkt), in write_state_machine()
775 int (*confunc) (SSL *s, WPACKET *pkt); in write_state_machine()
779 cb = get_callback(s); in write_state_machine()
781 if (s->server) { in write_state_machine()
798 if (s->server) in write_state_machine()
799 cb(s, SSL_CB_ACCEPT_LOOP, 1); in write_state_machine()
801 cb(s, SSL_CB_CONNECT_LOOP, 1); in write_state_machine()
803 switch (transition(s)) { in write_state_machine()
814 check_fatal(s); in write_state_machine()
820 switch (st->write_state_work = pre_work(s, st->write_state_work)) { in write_state_machine()
822 check_fatal(s); in write_state_machine()
836 if (!get_construct_message_f(s, &pkt, &confunc, &mt)) { in write_state_machine()
846 if (!WPACKET_init(&pkt, s->init_buf) in write_state_machine()
847 || !ssl_set_handshake_header(s, &pkt, mt)) { in write_state_machine()
849 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
855 tmpret = confunc(s, &pkt); in write_state_machine()
858 check_fatal(s); in write_state_machine()
871 if (!ssl_close_construct_packet(s, &pkt, mt) in write_state_machine()
874 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
881 if (SSL_IS_DTLS(s) && st->use_timer) { in write_state_machine()
882 dtls1_start_timer(s); in write_state_machine()
884 ret = statem_do_write(s); in write_state_machine()
893 switch (st->write_state_work = post_work(s, st->write_state_work)) { in write_state_machine()
895 check_fatal(s); in write_state_machine()
912 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
921 int statem_flush(SSL *s) in statem_flush() argument
923 s->rwstate = SSL_WRITING; in statem_flush()
924 if (BIO_flush(s->wbio) <= 0) { in statem_flush()
927 s->rwstate = SSL_NOTHING; in statem_flush()
940 int ossl_statem_app_data_allowed(SSL *s) in ossl_statem_app_data_allowed() argument
942 OSSL_STATEM *st = &s->statem; in ossl_statem_app_data_allowed()
947 if (!s->s3.in_read_app_data || (s->s3.total_renegotiations == 0)) in ossl_statem_app_data_allowed()
950 if (s->server) { in ossl_statem_app_data_allowed()
974 int ossl_statem_export_allowed(SSL *s) in ossl_statem_export_allowed() argument
976 return s->s3.previous_server_finished_len != 0 in ossl_statem_export_allowed()
977 && s->statem.hand_state != TLS_ST_SW_FINISHED; in ossl_statem_export_allowed()
984 int ossl_statem_export_early_allowed(SSL *s) in ossl_statem_export_early_allowed() argument
991 return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED in ossl_statem_export_early_allowed()
992 || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); in ossl_statem_export_early_allowed()