/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
+#include "internal/cryptlib.h"
#include <openssl/rand.h>
#include "../ssl_locl.h"
#include "statem_locl.h"
/* Are we in a sensible state to skip over unreadable early data? */
int ossl_statem_skip_early_data(SSL *s)
{
- if (!s->ext.expect_early_data)
+ if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
return 0;
- if (s->statem.hand_state != TLS_ST_SW_FINISHED)
+ if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)
return 0;
return 1;
}
+/*
+ * Called when we are in SSL_read*(), SSL_write*(), or SSL_accept()
+ * /SSL_connect()/SSL_do_handshake(). Used to test whether we are in an early
+ * data state and whether we should attempt to move the handshake on if so.
+ * |sending| is 1 if we are attempting to send data (SSL_write*()), 0 if we are
+ * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
+ * or similar.
+ */
+void ossl_statem_check_finish_init(SSL *s, int sending)
+{
+ if (sending == -1) {
+ if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
+ || s->statem.hand_state == TLS_ST_EARLY_DATA) {
+ ossl_statem_set_in_init(s, 1);
+ if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
+ /*
+ * SSL_connect() or SSL_do_handshake() has been called directly.
+ * We don't allow any more writing of early data.
+ */
+ s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+ }
+ }
+ } else if (!s->server) {
+ if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
+ || s->statem.hand_state == TLS_ST_EARLY_DATA)
+ && s->early_data_state != SSL_EARLY_DATA_WRITING)
+ || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) {
+ ossl_statem_set_in_init(s, 1);
+ /*
+ * SSL_write() has been called directly. We don't allow any more
+ * writing of early data.
+ */
+ if (sending && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
+ s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+ }
+ } else {
+ if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING
+ && s->statem.hand_state == TLS_ST_EARLY_DATA)
+ ossl_statem_set_in_init(s, 1);
+ }
+}
+
void ossl_statem_set_hello_verify_done(SSL *s)
{
s->statem.state = MSG_FLOW_UNINITED;
static int state_machine(SSL *s, int server)
{
BUF_MEM *buf = NULL;
- unsigned long Time = (unsigned long)time(NULL);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
OSSL_STATEM *st = &s->statem;
int ret = -1;
return -1;
}
- RAND_add(&Time, sizeof(Time), 0);
ERR_clear_error();
clear_sys_error();
return -1;
}
#ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s)) {
+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
/*
* Notify SCTP BIO socket to enter handshake mode and prevent stream
- * identifier other than 0. Will be ignored if no SCTP is used.
+ * identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
goto end;
}
- if ((SSL_IS_FIRST_HANDSHAKE(s)
- && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)
+ if ((SSL_in_before(s))
|| s->renegotiate) {
if (!tls_setup_handshake(s)) {
ossl_statem_set_error(s);
st->in_handshake--;
#ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s)) {
+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
/*
* Notify SCTP BIO socket to leave handshake mode and allow stream
- * identifier other than 0. Will be ignored if no SCTP is used.
+ * identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
case WORK_FINISHED_STOP:
return SUB_STATE_END_HANDSHAKE;
}
+ if (!get_construct_message_f(s, &pkt, &confunc, &mt)) {
+ ossl_statem_set_error(s);
+ return SUB_STATE_ERROR;
+ }
+ if (mt == SSL3_MT_DUMMY) {
+ /* Skip construction and sending. This isn't a "real" state */
+ st->write_state = WRITE_STATE_POST_WORK;
+ st->write_state_work = WORK_MORE_A;
+ break;
+ }
if (!WPACKET_init(&pkt, s->init_buf)
- || !get_construct_message_f(s, &pkt, &confunc, &mt)
|| !ssl_set_handshake_header(s, &pkt, mt)
|| (confunc != NULL && !confunc(s, &pkt))
|| !ssl_close_construct_packet(s, &pkt, mt)
return 0;
}
-
-#ifndef OPENSSL_NO_SCTP
-/*
- * Set flag used by SCTP to determine whether we are in the read sock state
- */
-void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock)
-{
- s->statem.in_sctp_read_sock = read_sock;
-}
-
-/*
- * Called by the record layer to determine whether we are in the read sock
- * state or not.
- *
- * Return values are:
- * 1: Yes (we are in the read sock state)
- * 0: No (we are not in the read sock state)
- */
-int ossl_statem_in_sctp_read_sock(SSL *s)
-{
- return s->statem.in_sctp_read_sock;
-}
-#endif