X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=eed11985c6348fad79006fbcbff945e351a99aec;hp=ad6ae0ebca6c0a6185453e1e9936d91247172329;hb=4e3458a565da5bccf30fe598e87ad7da1ee9daa7;hpb=310115448188415e270bb0bef958c7c130939838 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ad6ae0ebca..eed11985c6 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -717,6 +717,140 @@ struct ssl_comp_st { DECLARE_STACK_OF(SSL_COMP) DECLARE_LHASH_OF(SSL_SESSION); +/* + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +enum HANDSHAKE_STATE { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED +}; + +/* + * Valid return codes used for functions performing work prior to or after + * sending or receiving a message + */ +enum WORK_STATE { + /* Something went wrong */ + WORK_ERROR, + /* We're done working and there shouldn't be anything else to do after */ + WORK_FINISHED_STOP, + /* We're done working move onto the next thing */ + WORK_FINISHED_CONTINUE, + /* We're working on phase A */ + WORK_MORE_A, + /* We're working on phase B */ + WORK_MORE_B +}; + +/* Write transition return codes */ +enum WRITE_TRAN { + /* Something went wrong */ + WRITE_TRAN_ERROR, + /* A transition was successfully completed and we should continue */ + WRITE_TRAN_CONTINUE, + /* There is no more write work to be done */ + WRITE_TRAN_FINISHED +}; + +/* Message processing return codes */ +enum MSG_PROCESS_RETURN { + MSG_PROCESS_ERROR, + MSG_PROCESS_FINISHED_READING, + MSG_PROCESS_CONTINUE_PROCESSING, + MSG_PROCESS_CONTINUE_READING +}; + +/* Message flow states */ +enum MSG_FLOW_STATE { + /* No handshake in progress */ + MSG_FLOW_UNINITED, + /* A permanent error with this connection */ + MSG_FLOW_ERROR, + /* We are about to renegotiate */ + MSG_FLOW_RENEGOTIATE, + /* We are reading messages */ + MSG_FLOW_READING, + /* We are writing messages */ + MSG_FLOW_WRITING, + /* Handshake has finished */ + MSG_FLOW_FINISHED +}; + +/* Read states */ +enum READ_STATE { + READ_STATE_HEADER, + READ_STATE_BODY, + READ_STATE_POST_PROCESS +}; + +/* Write states */ +enum WRITE_STATE { + WRITE_STATE_TRANSITION, + WRITE_STATE_PRE_WORK, + WRITE_STATE_SEND, + WRITE_STATE_POST_WORK +}; + +struct statem_st { + enum MSG_FLOW_STATE state; + enum WRITE_STATE write_state; + enum WORK_STATE write_state_work; + enum READ_STATE read_state; + enum WORK_STATE read_state_work; + enum HANDSHAKE_STATE hand_state; + int read_state_first_init; + int use_timer; +#ifndef OPENSSL_NO_SCTP + int in_sctp_read_sock; +#endif +}; +typedef struct statem_st STATEM; + + struct ssl_ctx_st { const SSL_METHOD *method; STACK_OF(SSL_CIPHER) *cipher_list; @@ -1012,6 +1146,8 @@ struct ssl_st { int shutdown; /* where we are */ int state; + STATEM statem; + BUF_MEM *init_buf; /* buffer used during init */ void *init_msg; /* pointer to handshake message body, set by * ssl3_get_message() */ @@ -1419,7 +1555,6 @@ typedef struct hm_fragment_st { } hm_fragment; typedef struct dtls1_state_st { - unsigned int send_cookie; unsigned char cookie[DTLS1_COOKIE_LENGTH]; unsigned int cookie_len; @@ -1920,8 +2055,13 @@ __owur int ssl3_send_newsession_ticket(SSL *s); __owur int ssl3_send_cert_status(SSL *s); __owur int ssl3_get_change_cipher_spec(SSL *s, int a, int b); __owur int ssl3_get_finished(SSL *s, int state_a, int state_b); +__owur int tls_construct_cert_status(SSL *s); +__owur enum MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, long n); +__owur enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, unsigned long n); __owur int ssl3_setup_key_block(SSL *s); __owur int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b); +__owur int tls_construct_change_cipher_spec(SSL *s); +__owur int dtls_construct_change_cipher_spec(SSL *s); __owur int ssl3_change_cipher_state(SSL *s, int which); void ssl3_cleanup_key_block(SSL *s); __owur int ssl3_do_write(SSL *s, int type); @@ -1930,7 +2070,12 @@ __owur int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len); __owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p); __owur long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); +__owur int tls_get_message_header(SSL *s, int *mt); +__owur int tls_get_message_body(SSL *s, unsigned long *len); __owur int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); +__owur int tls_construct_finished(SSL *s, const char *sender, int slen); +__owur enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst); +__owur enum WORK_STATE dtls_wait_for_dry(SSL *s); __owur int ssl3_num_ciphers(void); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); @@ -1949,6 +2094,14 @@ __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); __owur int ssl3_accept(SSL *s); __owur int ssl3_connect(SSL *s); +void statem_clear(SSL *s); +void statem_set_renegotiate(SSL *s); +void statem_set_error(SSL *s); +__owur int statem_app_data_allowed(SSL *s); +#ifndef OPENSSL_NO_SCTP +void statem_set_sctp_read_sock(SSL *s, int read_sock); +__owur int statem_in_sctp_read_sock(SSL *s); +#endif __owur int ssl3_read(SSL *s, void *buf, int len); __owur int ssl3_peek(SSL *s, void *buf, int len); __owur int ssl3_write(SSL *s, const void *buf, int len); @@ -2005,28 +2158,40 @@ __owur unsigned int dtls1_link_min_mtu(void); void dtls1_hm_fragment_free(hm_fragment *frag); /* some client-only functions */ -__owur int ssl3_client_hello(SSL *s); -__owur int ssl3_get_server_hello(SSL *s); -__owur int ssl3_get_certificate_request(SSL *s); -__owur int ssl3_get_new_session_ticket(SSL *s); -__owur int ssl3_get_cert_status(SSL *s); -__owur int ssl3_get_server_done(SSL *s); -__owur int ssl3_send_client_verify(SSL *s); -__owur int ssl3_send_client_certificate(SSL *s); +__owur int tls_construct_client_hello(SSL *s); +__owur enum MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, + unsigned long n); +__owur enum MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, + unsigned long n); +__owur enum MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, + unsigned long n); +__owur enum MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, unsigned long n); +__owur enum MSG_PROCESS_RETURN tls_process_server_done(SSL *s, unsigned long n); +__owur int tls_construct_client_verify(SSL *s); +__owur enum WORK_STATE tls_prepare_client_certificate(SSL *s, + enum WORK_STATE wst); +__owur int tls_construct_client_certificate(SSL *s); __owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); -__owur int ssl3_send_client_key_exchange(SSL *s); -__owur int ssl3_get_key_exchange(SSL *s); -__owur int ssl3_get_server_certificate(SSL *s); +__owur int tls_construct_client_key_exchange(SSL *s); +__owur int tls_client_key_exchange_post_work(SSL *s); +__owur enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, + unsigned long n); +__owur enum MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, + unsigned long n); __owur int ssl3_check_cert_and_algorithm(SSL *s); # ifndef OPENSSL_NO_NEXTPROTONEG -__owur int ssl3_send_next_proto(SSL *s); +__owur int tls_construct_next_proto(SSL *s); # endif - -int dtls1_client_hello(SSL *s); +__owur enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, + unsigned long n); /* some server-only functions */ __owur int ssl3_get_client_hello(SSL *s); __owur int ssl3_send_server_hello(SSL *s); +__owur enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, long n); +__owur enum WORK_STATE tls_post_process_client_hello(SSL *s, + enum WORK_STATE wst); +__owur int tls_construct_server_hello(SSL *s); __owur int ssl3_send_hello_request(SSL *s); __owur int ssl3_send_server_key_exchange(SSL *s); __owur int ssl3_send_certificate_request(SSL *s); @@ -2034,8 +2199,14 @@ __owur int ssl3_send_server_done(SSL *s); __owur int ssl3_get_client_certificate(SSL *s); __owur int ssl3_get_client_key_exchange(SSL *s); __owur int ssl3_get_cert_verify(SSL *s); +__owur enum MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, long n); +__owur enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, long n); +__owur enum WORK_STATE tls_post_process_client_key_exchange(SSL *s, + enum WORK_STATE wst); +__owur enum MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, long n); # ifndef OPENSSL_NO_NEXTPROTONEG __owur int ssl3_get_next_proto(SSL *s); +__owur enum MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, long n); # endif __owur int tls1_new(SSL *s); @@ -2053,6 +2224,7 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); __owur int dtls1_shutdown(SSL *s); __owur long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); +__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len); __owur int dtls1_dispatch_alert(SSL *s); __owur int ssl_init_wbio_buffer(SSL *s, int push);