# include <openssl/symhacks.h>
#include "record/record.h"
+#include "statem/statem.h"
#include "packet_locl.h"
# ifdef OPENSSL_BUILD_SHLIBSSL
int alg_bits; /* Number of bits for algorithm */
};
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+/* Used to hold SSL/TLS functions */
struct ssl_method_st {
int version;
int (*ssl_new) (SSL *s);
int (*ssl_shutdown) (SSL *s);
int (*ssl_renegotiate) (SSL *s);
int (*ssl_renegotiate_check) (SSL *s);
- long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long
- max, int *ok);
int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
unsigned char *buf, int len, int peek);
int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
DECLARE_STACK_OF(SSL_COMP)
DECLARE_LHASH_OF(SSL_SESSION);
-/*
- * The valid handshake states (one for each type message sent and one for each
- * type of message received). There are also two "special" states:
- * TLS = TLS or DTLS state
- * DTLS = DTLS specific state
- * CR/SR = Client Read/Server Read
- * CW/SW = Client Write/Server Write
- *
- * The "special" states are:
- * TLS_ST_BEFORE = No handshake has been initiated yet
- * TLS_ST_OK = A handshake has been successfully completed
- */
-enum HANDSHAKE_STATE {
- TLS_ST_BEFORE,
- TLS_ST_OK,
- DTLS_ST_CR_HELLO_VERIFY_REQUEST,
- TLS_ST_CR_SRVR_HELLO,
- TLS_ST_CR_CERT,
- TLS_ST_CR_CERT_STATUS,
- TLS_ST_CR_KEY_EXCH,
- TLS_ST_CR_CERT_REQ,
- TLS_ST_CR_SRVR_DONE,
- TLS_ST_CR_SESSION_TICKET,
- TLS_ST_CR_CHANGE,
- TLS_ST_CR_FINISHED,
- TLS_ST_CW_CLNT_HELLO,
- TLS_ST_CW_CERT,
- TLS_ST_CW_KEY_EXCH,
- TLS_ST_CW_CERT_VRFY,
- TLS_ST_CW_CHANGE,
- TLS_ST_CW_NEXT_PROTO,
- TLS_ST_CW_FINISHED,
- TLS_ST_SW_HELLO_REQ,
- TLS_ST_SR_CLNT_HELLO,
- DTLS_ST_SW_HELLO_VERIFY_REQUEST,
- TLS_ST_SW_SRVR_HELLO,
- TLS_ST_SW_CERT,
- TLS_ST_SW_KEY_EXCH,
- TLS_ST_SW_CERT_REQ,
- TLS_ST_SW_SRVR_DONE,
- TLS_ST_SR_CERT,
- TLS_ST_SR_KEY_EXCH,
- TLS_ST_SR_CERT_VRFY,
- TLS_ST_SR_NEXT_PROTO,
- TLS_ST_SR_CHANGE,
- TLS_ST_SR_FINISHED,
- TLS_ST_SW_SESSION_TICKET,
- TLS_ST_SW_CERT_STATUS,
- TLS_ST_SW_CHANGE,
- TLS_ST_SW_FINISHED
-};
-
-/*
- * Valid return codes used for functions performing work prior to or after
- * sending or receiving a message
- */
-enum WORK_STATE {
- /* Something went wrong */
- WORK_ERROR,
- /* We're done working and there shouldn't be anything else to do after */
- WORK_FINISHED_STOP,
- /* We're done working move onto the next thing */
- WORK_FINISHED_CONTINUE,
- /* We're working on phase A */
- WORK_MORE_A,
- /* We're working on phase B */
- WORK_MORE_B
-};
-
-/* Write transition return codes */
-enum WRITE_TRAN {
- /* Something went wrong */
- WRITE_TRAN_ERROR,
- /* A transition was successfully completed and we should continue */
- WRITE_TRAN_CONTINUE,
- /* There is no more write work to be done */
- WRITE_TRAN_FINISHED
-};
-
-/* Message processing return codes */
-enum MSG_PROCESS_RETURN {
- MSG_PROCESS_ERROR,
- MSG_PROCESS_FINISHED_READING,
- MSG_PROCESS_CONTINUE_PROCESSING,
- MSG_PROCESS_CONTINUE_READING
-};
-
-/* Message flow states */
-enum MSG_FLOW_STATE {
- /* No handshake in progress */
- MSG_FLOW_UNINITED,
- /* A permanent error with this connection */
- MSG_FLOW_ERROR,
- /* We are about to renegotiate */
- MSG_FLOW_RENEGOTIATE,
- /* We are reading messages */
- MSG_FLOW_READING,
- /* We are writing messages */
- MSG_FLOW_WRITING,
- /* Handshake has finished */
- MSG_FLOW_FINISHED
-};
-
-/* Read states */
-enum READ_STATE {
- READ_STATE_HEADER,
- READ_STATE_BODY,
- READ_STATE_POST_PROCESS
-};
-
-/* Write states */
-enum WRITE_STATE {
- WRITE_STATE_TRANSITION,
- WRITE_STATE_PRE_WORK,
- WRITE_STATE_SEND,
- WRITE_STATE_POST_WORK
-};
-
-struct statem_st {
- enum MSG_FLOW_STATE state;
- enum WRITE_STATE write_state;
- enum WORK_STATE write_state_work;
- enum READ_STATE read_state;
- enum WORK_STATE read_state_work;
- enum HANDSHAKE_STATE hand_state;
- int read_state_first_init;
- int use_timer;
-#ifndef OPENSSL_NO_SCTP
- int in_sctp_read_sock;
-#endif
-};
-typedef struct statem_st STATEM;
-
struct ssl_ctx_st {
const SSL_METHOD *method;
* DTLS1_VERSION)
*/
int version;
- /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
- int type;
+
/* SSLv3 */
const SSL_METHOD *method;
/*
* request needs re-doing when in SSL_accept or SSL_connect
*/
int rwstate;
- /* true when we are actually in SSL_accept() or SSL_connect() */
- int in_handshake;
+
int (*handshake_func) (SSL *);
/*
* Imagine that here's a boolean member "init" that is switched as soon
* handshake_func is == 0 until then, we use this test instead of an
* "init" member.
*/
- /* are we the server side? - mostly used by SSL_clear */
+ /* are we the server side? */
int server;
/*
* Generate a new session or reuse an old one.
/* we have shut things down, 0x01 sent, 0x02 for received */
int shutdown;
/* where we are */
- int state;
- STATEM statem;
+ OSSL_STATEM statem;
BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
- /* Should we skip the CertificateVerify message? */
- unsigned int no_cert_verify;
-
/* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
# ifndef OPENSSL_NO_EC
EC_KEY *ecdh; /* holds short lived ECDH key */
# endif
- /* used when SSL_ST_FLUSH_DATA is entered */
- int next_state;
- int reuse_message;
/* used for certificate requests */
int cert_req;
int ctype_num;
unsigned int retransmitting;
# ifndef OPENSSL_NO_SCTP
- /* used when SSL_ST_XX_FLUSH is entered */
- int next_state;
int shutdown_received;
# endif
} DTLS1_STATE;
ssl3_shutdown, \
ssl3_renegotiate, \
ssl3_renegotiate_check, \
- ssl3_get_message, \
ssl3_read_bytes, \
ssl3_write_bytes, \
ssl3_dispatch_alert, \
ssl3_shutdown, \
ssl3_renegotiate, \
ssl3_renegotiate_check, \
- ssl3_get_message, \
ssl3_read_bytes, \
ssl3_write_bytes, \
ssl3_dispatch_alert, \
dtls1_shutdown, \
ssl3_renegotiate, \
ssl3_renegotiate_check, \
- dtls1_get_message, \
dtls1_read_bytes, \
dtls1_write_app_data_bytes, \
dtls1_dispatch_alert, \
__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
void ssl3_init_finished_mac(SSL *s);
-__owur int ssl3_send_server_certificate(SSL *s);
-__owur int tls_construct_server_certificate(SSL *s);
-__owur int ssl3_send_newsession_ticket(SSL *s);
-__owur int tls_construct_new_session_ticket(SSL *s);
-__owur int ssl3_send_cert_status(SSL *s);
-__owur int ssl3_get_change_cipher_spec(SSL *s, int a, int b);
-__owur int ssl3_get_finished(SSL *s, int state_a, int state_b);
-__owur int tls_construct_cert_status(SSL *s);
-__owur enum MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, long n);
-__owur enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, unsigned long n);
__owur int ssl3_setup_key_block(SSL *s);
-__owur int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
-__owur int tls_construct_change_cipher_spec(SSL *s);
-__owur int dtls_construct_change_cipher_spec(SSL *s);
__owur int ssl3_change_cipher_state(SSL *s, int which);
void ssl3_cleanup_key_block(SSL *s);
__owur int ssl3_do_write(SSL *s, int type);
__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);
__owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
-__owur long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-__owur int tls_get_message_header(SSL *s, int *mt);
-__owur int tls_get_message_body(SSL *s, unsigned long *len);
-__owur int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-__owur int tls_construct_finished(SSL *s, const char *sender, int slen);
-__owur enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst);
-__owur enum WORK_STATE dtls_wait_for_dry(SSL *s);
__owur int ssl3_num_ciphers(void);
__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl);
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
-__owur int ssl3_accept(SSL *s);
-__owur int ssl3_connect(SSL *s);
-void statem_clear(SSL *s);
-void statem_set_renegotiate(SSL *s);
-void statem_set_error(SSL *s);
-__owur int statem_app_data_allowed(SSL *s);
-#ifndef OPENSSL_NO_SCTP
-void statem_set_sctp_read_sock(SSL *s, int read_sock);
-__owur int statem_in_sctp_read_sock(SSL *s);
-#endif
__owur int ssl3_read(SSL *s, void *buf, int len);
__owur int ssl3_peek(SSL *s, void *buf, int len);
__owur int ssl3_write(SSL *s, const void *buf, int len);
__owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
-__owur int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
__owur int dtls1_read_failed(SSL *s, int code);
__owur int dtls1_buffer_message(SSL *s, int ccs);
__owur int dtls1_retransmit_message(SSL *s, unsigned short seq,
void dtls1_stop_timer(SSL *s);
__owur int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
-__owur unsigned int dtls1_raw_hello_verify_request(unsigned char *buf,
- unsigned char *cookie,
- unsigned char cookie_len);
+__owur unsigned int dtls_raw_hello_verify_request(unsigned char *buf,
+ unsigned char *cookie,
+ unsigned char cookie_len);
__owur int dtls1_send_newsession_ticket(SSL *s);
__owur unsigned int dtls1_min_mtu(SSL *s);
-__owur unsigned int dtls1_link_min_mtu(void);
void dtls1_hm_fragment_free(hm_fragment *frag);
-
-/* some client-only functions */
-__owur int tls_construct_client_hello(SSL *s);
-__owur enum MSG_PROCESS_RETURN tls_process_server_hello(SSL *s,
- unsigned long n);
-__owur enum MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s,
- unsigned long n);
-__owur enum MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s,
- unsigned long n);
-__owur enum MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, unsigned long n);
-__owur enum MSG_PROCESS_RETURN tls_process_server_done(SSL *s, unsigned long n);
-__owur int tls_construct_client_verify(SSL *s);
-__owur enum WORK_STATE tls_prepare_client_certificate(SSL *s,
- enum WORK_STATE wst);
-__owur int tls_construct_client_certificate(SSL *s);
-__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
-__owur int tls_construct_client_key_exchange(SSL *s);
-__owur int tls_client_key_exchange_post_work(SSL *s);
-__owur enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s,
- unsigned long n);
-__owur enum MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s,
- unsigned long n);
-__owur int ssl3_check_cert_and_algorithm(SSL *s);
-# ifndef OPENSSL_NO_NEXTPROTONEG
-__owur int tls_construct_next_proto(SSL *s);
-# endif
-__owur enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s,
- unsigned long n);
-
-/* some server-only functions */
-__owur int ssl3_get_client_hello(SSL *s);
-__owur int ssl3_send_server_hello(SSL *s);
-__owur enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, long n);
-__owur enum WORK_STATE tls_post_process_client_hello(SSL *s,
- enum WORK_STATE wst);
-__owur int tls_construct_server_hello(SSL *s);
-__owur int ssl3_send_hello_request(SSL *s);
-__owur int tls_construct_hello_request(SSL *s);
-__owur int ssl3_send_server_key_exchange(SSL *s);
-__owur int dtls_construct_hello_verify_request(SSL *s);
-__owur int tls_construct_server_key_exchange(SSL *s);
-__owur int ssl3_send_certificate_request(SSL *s);
-__owur int tls_construct_certificate_request(SSL *s);
-__owur int ssl3_send_server_done(SSL *s);
-__owur int tls_construct_server_done(SSL *s);
-__owur int ssl3_get_client_certificate(SSL *s);
-__owur int ssl3_get_client_key_exchange(SSL *s);
-__owur int ssl3_get_cert_verify(SSL *s);
-__owur enum MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, long n);
-__owur enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, long n);
-__owur enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
- enum WORK_STATE wst);
-__owur enum MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, long n);
-# ifndef OPENSSL_NO_NEXTPROTONEG
-__owur int ssl3_get_next_proto(SSL *s);
-__owur enum MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, long n);
-# endif
+__owur int dtls1_query_mtu(SSL *s);
__owur int tls1_new(SSL *s);
void tls1_free(SSL *s);
long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur int dtls1_new(SSL *s);
-__owur int dtls1_accept(SSL *s);
-__owur int dtls1_connect(SSL *s);
void dtls1_free(SSL *s);
void dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur int dtls1_shutdown(SSL *s);
-__owur long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len);
__owur int dtls1_dispatch_alert(SSL *s);
__owur int ssl_init_wbio_buffer(SSL *s, int push);
projects / openssl.git / blobdiff