*/
void ossl_statem_set_renegotiate(SSL *s)
{
- s->statem.state = MSG_FLOW_RENEGOTIATE;
s->statem.in_init = 1;
+ s->statem.request_state = TLS_ST_SW_HELLO_REQ;
}
/*
s->statem.in_handshake--;
}
+/* Are we in a sensible state to skip over unreadable early data? */
+int ossl_statem_skip_early_data(SSL *s)
+{
+ if (!s->ext.expect_early_data)
+ return 0;
+
+ if (s->statem.hand_state != TLS_ST_SW_FINISHED)
+ return 0;
+
+ return 1;
+}
+
void ossl_statem_set_hello_verify_done(SSL *s)
{
s->statem.state = MSG_FLOW_UNINITED;
/*
* The main message flow state machine. We start in the MSG_FLOW_UNINITED or
- * MSG_FLOW_RENEGOTIATE state and finish in MSG_FLOW_FINISHED. Valid states and
+ * MSG_FLOW_FINISHED state and finish in MSG_FLOW_FINISHED. Valid states and
* transitions are as follows:
*
- * MSG_FLOW_UNINITED MSG_FLOW_RENEGOTIATE
+ * MSG_FLOW_UNINITED MSG_FLOW_FINISHED
* | |
* +-----------------------+
* v
}
#endif
-#ifndef OPENSSL_NO_HEARTBEATS
- /*
- * If we're awaiting a HeartbeatResponse, pretend we already got and
- * don't await it anymore, because Heartbeats don't make sense during
- * handshakes anyway.
- */
- if (s->tlsext_hb_pending) {
- if (SSL_IS_DTLS(s))
- dtls1_stop_timer(s);
- s->tlsext_hb_pending = 0;
- s->tlsext_hb_seq++;
- }
-#endif
-
/* Initialise state machine */
-
- if (st->state == MSG_FLOW_RENEGOTIATE) {
- s->renegotiate = 1;
- if (!server)
- s->ctx->stats.sess_connect_renegotiate++;
- }
-
- if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE) {
+ if (st->state == MSG_FLOW_UNINITED
+ || st->state == MSG_FLOW_FINISHED) {
if (st->state == MSG_FLOW_UNINITED) {
st->hand_state = TLS_ST_BEFORE;
+ st->request_state = TLS_ST_BEFORE;
}
s->server = server;
goto end;
}
- if (!server || st->state != MSG_FLOW_RENEGOTIATE) {
- if (!ssl3_init_finished_mac(s)) {
- ossl_statem_set_error(s);
- goto end;
- }
- }
-
- if (server) {
- if (st->state != MSG_FLOW_RENEGOTIATE) {
- s->ctx->stats.sess_accept++;
- } else if (!s->s3->send_connection_binding &&
- !(s->options &
- SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
- /*
- * Server attempting to renegotiate with client that doesn't
- * support secure renegotiation.
- */
- SSLerr(SSL_F_STATE_MACHINE,
- SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ if ((SSL_IS_FIRST_HANDSHAKE(s)
+ && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)
+ || s->renegotiate) {
+ if (!tls_setup_handshake(s)) {
ossl_statem_set_error(s);
goto end;
- } else {
- /*
- * st->state == MSG_FLOW_RENEGOTIATE, we will just send a
- * HelloRequest
- */
- s->ctx->stats.sess_accept_renegotiate++;
}
- } else {
- s->ctx->stats.sess_connect++;
- /* mark client_random uninitialized */
- memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
- s->hit = 0;
-
- s->s3->tmp.cert_request = 0;
-
- if (SSL_IS_DTLS(s)) {
- st->use_timer = 1;
- }
+ if (SSL_IS_FIRST_HANDSHAKE(s))
+ st->read_state_first_init = 1;
}
st->state = MSG_FLOW_WRITING;
init_write_state_machine(s);
- st->read_state_first_init = 1;
}
while (st->state != MSG_FLOW_FINISHED) {
}
}
- st->state = MSG_FLOW_UNINITED;
ret = 1;
end:
case WORK_ERROR:
case WORK_MORE_A:
case WORK_MORE_B:
+ case WORK_MORE_C:
return SUB_STATE_ERROR;
case WORK_FINISHED_CONTINUE:
case WORK_ERROR:
case WORK_MORE_A:
case WORK_MORE_B:
+ case WORK_MORE_C:
return SUB_STATE_ERROR;
case WORK_FINISHED_CONTINUE:
case WORK_ERROR:
case WORK_MORE_A:
case WORK_MORE_B:
+ case WORK_MORE_C:
return SUB_STATE_ERROR;
case WORK_FINISHED_CONTINUE:
/*
* Called by the record layer to determine whether application data is
- * allowed to be sent in the current handshake state or not.
+ * allowed to be received in the current handshake state or not.
*
* Return values are:
* 1: Yes (application data allowed)
{
OSSL_STATEM *st = &s->statem;
- if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE)
+ if (st->state == MSG_FLOW_UNINITED)
return 0;
if (!s->s3->in_read_app_data || (s->s3->total_renegotiations == 0))