Lines Matching refs:s
67 static int state_machine(SSL_CONNECTION *s, int server);
68 static void init_read_state_machine(SSL_CONNECTION *s);
69 static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s);
70 static void init_write_state_machine(SSL_CONNECTION *s);
71 static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s);
83 int SSL_in_init(const SSL *s) in SSL_in_init() argument
85 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); in SSL_in_init()
93 int SSL_is_init_finished(const SSL *s) in SSL_is_init_finished() argument
95 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); in SSL_is_init_finished()
103 int SSL_in_before(const SSL *s) in SSL_in_before() argument
105 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); in SSL_in_before()
121 OSSL_HANDSHAKE_STATE ossl_statem_get_state(SSL_CONNECTION *s) in ossl_statem_get_state() argument
123 return s != NULL ? s->statem.hand_state : TLS_ST_BEFORE; in ossl_statem_get_state()
129 void ossl_statem_clear(SSL_CONNECTION *s) in ossl_statem_clear() argument
131 s->statem.state = MSG_FLOW_UNINITED; in ossl_statem_clear()
132 s->statem.hand_state = TLS_ST_BEFORE; in ossl_statem_clear()
133 ossl_statem_set_in_init(s, 1); in ossl_statem_clear()
134 s->statem.no_cert_verify = 0; in ossl_statem_clear()
140 void ossl_statem_set_renegotiate(SSL_CONNECTION *s) in ossl_statem_set_renegotiate() argument
142 ossl_statem_set_in_init(s, 1); in ossl_statem_set_renegotiate()
143 s->statem.request_state = TLS_ST_SW_HELLO_REQ; in ossl_statem_set_renegotiate()
146 void ossl_statem_send_fatal(SSL_CONNECTION *s, int al) in ossl_statem_send_fatal() argument
149 if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) in ossl_statem_send_fatal()
151 ossl_statem_set_in_init(s, 1); in ossl_statem_send_fatal()
152 s->statem.state = MSG_FLOW_ERROR; in ossl_statem_send_fatal()
154 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ossl_statem_send_fatal()
163 void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, in ossl_statem_fatal() argument
172 ossl_statem_send_fatal(s, al); in ossl_statem_fatal()
180 #define check_fatal(s) \ argument
182 if (!ossl_assert((s)->statem.in_init \
183 && (s)->statem.state == MSG_FLOW_ERROR)) \
184 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_FATAL); \
194 int ossl_statem_in_error(const SSL_CONNECTION *s) in ossl_statem_in_error() argument
196 if (s->statem.state == MSG_FLOW_ERROR) in ossl_statem_in_error()
202 void ossl_statem_set_in_init(SSL_CONNECTION *s, int init) in ossl_statem_set_in_init() argument
204 s->statem.in_init = init; in ossl_statem_set_in_init()
205 if (s->rlayer.rrlmethod != NULL && s->rlayer.rrlmethod->set_in_init != NULL) in ossl_statem_set_in_init()
206 s->rlayer.rrlmethod->set_in_init(s->rlayer.rrl, init); in ossl_statem_set_in_init()
209 int ossl_statem_get_in_handshake(SSL_CONNECTION *s) in ossl_statem_get_in_handshake() argument
211 return s->statem.in_handshake; in ossl_statem_get_in_handshake()
214 void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand) in ossl_statem_set_in_handshake() argument
217 s->statem.in_handshake++; in ossl_statem_set_in_handshake()
219 s->statem.in_handshake--; in ossl_statem_set_in_handshake()
223 int ossl_statem_skip_early_data(SSL_CONNECTION *s) in ossl_statem_skip_early_data() argument
225 if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) in ossl_statem_skip_early_data()
228 if (!s->server in ossl_statem_skip_early_data()
229 || s->statem.hand_state != TLS_ST_EARLY_DATA in ossl_statem_skip_early_data()
230 || s->hello_retry_request == SSL_HRR_COMPLETE) in ossl_statem_skip_early_data()
244 void ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending) in ossl_statem_check_finish_init() argument
247 if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END in ossl_statem_check_finish_init()
248 || s->statem.hand_state == TLS_ST_EARLY_DATA) { in ossl_statem_check_finish_init()
249 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
250 if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { in ossl_statem_check_finish_init()
255 s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; in ossl_statem_check_finish_init()
258 } else if (!s->server) { in ossl_statem_check_finish_init()
259 if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END in ossl_statem_check_finish_init()
260 || s->statem.hand_state == TLS_ST_EARLY_DATA) in ossl_statem_check_finish_init()
261 && s->early_data_state != SSL_EARLY_DATA_WRITING) in ossl_statem_check_finish_init()
262 || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { in ossl_statem_check_finish_init()
263 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
268 if (sending && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) in ossl_statem_check_finish_init()
269 s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; in ossl_statem_check_finish_init()
272 if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING in ossl_statem_check_finish_init()
273 && s->statem.hand_state == TLS_ST_EARLY_DATA) in ossl_statem_check_finish_init()
274 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
278 void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s) in ossl_statem_set_hello_verify_done() argument
280 s->statem.state = MSG_FLOW_UNINITED; in ossl_statem_set_hello_verify_done()
281 ossl_statem_set_in_init(s, 1); in ossl_statem_set_hello_verify_done()
289 s->statem.hand_state = TLS_ST_SR_CLNT_HELLO; in ossl_statem_set_hello_verify_done()
292 int ossl_statem_connect(SSL *s) in ossl_statem_connect() argument
294 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); in ossl_statem_connect()
302 int ossl_statem_accept(SSL *s) in ossl_statem_accept() argument
304 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); in ossl_statem_accept()
314 static info_cb get_callback(SSL_CONNECTION *s) in get_callback() argument
316 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in get_callback()
318 if (s->info_callback != NULL) in get_callback()
319 return s->info_callback; in get_callback()
354 static int state_machine(SSL_CONNECTION *s, int server) in state_machine() argument
358 OSSL_STATEM *st = &s->statem; in state_machine()
361 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in state_machine()
362 SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); in state_machine()
372 cb = get_callback(s); in state_machine()
380 if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(ssl)) in state_machine()
384 if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) { in state_machine()
402 s->server = server; in state_machine()
404 if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_CONNECTION_IS_TLS13(s)) in state_machine()
414 if (SSL_CONNECTION_IS_DTLS(s)) { in state_machine()
415 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && in state_machine()
416 (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { in state_machine()
417 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
421 if ((s->version >> 8) != SSL3_VERSION_MAJOR) { in state_machine()
422 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
427 if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { in state_machine()
428 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
432 if (s->init_buf == NULL) { in state_machine()
434 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
438 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
441 s->init_buf = buf; in state_machine()
445 s->init_num = 0; in state_machine()
450 s->s3.change_cipher_spec = 0; in state_machine()
457 if (!SSL_CONNECTION_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(ssl))) in state_machine()
459 if (!ssl_init_wbio_buffer(s)) { in state_machine()
460 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
465 || s->renegotiate) { in state_machine()
466 if (!tls_setup_handshake(s)) { in state_machine()
471 if (SSL_IS_FIRST_HANDSHAKE(s)) in state_machine()
476 init_write_state_machine(s); in state_machine()
481 ssret = read_state_machine(s); in state_machine()
484 init_write_state_machine(s); in state_machine()
490 ssret = write_state_machine(s); in state_machine()
493 init_read_state_machine(s); in state_machine()
502 check_fatal(s); in state_machine()
514 if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) { in state_machine()
537 static void init_read_state_machine(SSL_CONNECTION *s) in init_read_state_machine() argument
539 OSSL_STATEM *st = &s->statem; in init_read_state_machine()
544 static int grow_init_buf(SSL_CONNECTION *s, size_t size) { in grow_init_buf() argument
546 size_t msg_offset = (char *)s->init_msg - s->init_buf->data; in grow_init_buf()
548 if (!BUF_MEM_grow_clean(s->init_buf, (int)size)) in grow_init_buf()
554 s->init_msg = s->init_buf->data + msg_offset; in grow_init_buf()
585 static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s) in read_state_machine() argument
587 OSSL_STATEM *st = &s->statem; in read_state_machine()
590 int (*transition) (SSL_CONNECTION *s, int mt); in read_state_machine()
592 MSG_PROCESS_RETURN(*process_message) (SSL_CONNECTION *s, PACKET *pkt); in read_state_machine()
593 WORK_STATE(*post_process_message) (SSL_CONNECTION *s, WORK_STATE wst); in read_state_machine()
594 size_t (*max_message_size) (SSL_CONNECTION *s); in read_state_machine()
596 SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); in read_state_machine()
598 cb = get_callback(s); in read_state_machine()
600 if (s->server) { in read_state_machine()
613 s->first_packet = 1; in read_state_machine()
621 if (SSL_CONNECTION_IS_DTLS(s)) { in read_state_machine()
625 ret = dtls_get_message(s, &mt); in read_state_machine()
627 ret = tls_get_message_header(s, &mt); in read_state_machine()
637 if (s->server) in read_state_machine()
646 if (!transition(s, mt)) in read_state_machine()
649 if (s->s3.tmp.message_size > max_message_size(s)) { in read_state_machine()
650 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in read_state_machine()
656 if (!SSL_CONNECTION_IS_DTLS(s) in read_state_machine()
657 && s->s3.tmp.message_size > 0 in read_state_machine()
658 && !grow_init_buf(s, s->s3.tmp.message_size in read_state_machine()
660 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); in read_state_machine()
668 if (SSL_CONNECTION_IS_DTLS(s)) { in read_state_machine()
673 ret = dtls_get_message_body(s, &len); in read_state_machine()
675 ret = tls_get_message_body(s, &len); in read_state_machine()
682 s->first_packet = 0; in read_state_machine()
683 if (!PACKET_buf_init(&pkt, s->init_msg, len)) { in read_state_machine()
684 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in read_state_machine()
687 ret = process_message(s, &pkt); in read_state_machine()
690 s->init_num = 0; in read_state_machine()
694 check_fatal(s); in read_state_machine()
698 if (SSL_CONNECTION_IS_DTLS(s)) { in read_state_machine()
699 dtls1_stop_timer(s); in read_state_machine()
715 st->read_state_work = post_process_message(s, st->read_state_work); in read_state_machine()
718 check_fatal(s); in read_state_machine()
730 if (SSL_CONNECTION_IS_DTLS(s)) { in read_state_machine()
731 dtls1_stop_timer(s); in read_state_machine()
739 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in read_state_machine()
748 static int statem_do_write(SSL_CONNECTION *s) in statem_do_write() argument
750 OSSL_STATEM *st = &s->statem; in statem_do_write()
754 if (SSL_CONNECTION_IS_DTLS(s)) in statem_do_write()
755 return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); in statem_do_write()
757 return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); in statem_do_write()
759 return ssl_do_write(s); in statem_do_write()
766 static void init_write_state_machine(SSL_CONNECTION *s) in init_write_state_machine() argument
768 OSSL_STATEM *st = &s->statem; in init_write_state_machine()
804 static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s) in write_state_machine() argument
806 OSSL_STATEM *st = &s->statem; in write_state_machine()
808 WRITE_TRAN(*transition) (SSL_CONNECTION *s); in write_state_machine()
809 WORK_STATE(*pre_work) (SSL_CONNECTION *s, WORK_STATE wst); in write_state_machine()
810 WORK_STATE(*post_work) (SSL_CONNECTION *s, WORK_STATE wst); in write_state_machine()
811 int (*get_construct_message_f) (SSL_CONNECTION *s, in write_state_machine()
812 CON_FUNC_RETURN (**confunc) (SSL_CONNECTION *s, in write_state_machine()
816 CON_FUNC_RETURN (*confunc) (SSL_CONNECTION *s, WPACKET *pkt); in write_state_machine()
819 SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); in write_state_machine()
821 cb = get_callback(s); in write_state_machine()
823 if (s->server) { in write_state_machine()
840 if (s->server) in write_state_machine()
845 switch (transition(s)) { in write_state_machine()
856 check_fatal(s); in write_state_machine()
862 switch (st->write_state_work = pre_work(s, st->write_state_work)) { in write_state_machine()
864 check_fatal(s); in write_state_machine()
878 if (!get_construct_message_f(s, &confunc, &mt)) { in write_state_machine()
888 if (!WPACKET_init(&pkt, s->init_buf) in write_state_machine()
889 || !ssl_set_handshake_header(s, &pkt, mt)) { in write_state_machine()
891 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
897 tmpret = confunc(s, &pkt); in write_state_machine()
900 check_fatal(s); in write_state_machine()
913 if (!ssl_close_construct_packet(s, &pkt, mt) in write_state_machine()
916 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
923 if (SSL_CONNECTION_IS_DTLS(s) && st->use_timer) { in write_state_machine()
924 dtls1_start_timer(s); in write_state_machine()
926 ret = statem_do_write(s); in write_state_machine()
935 switch (st->write_state_work = post_work(s, st->write_state_work)) { in write_state_machine()
937 check_fatal(s); in write_state_machine()
954 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
963 int statem_flush(SSL_CONNECTION *s) in statem_flush() argument
965 s->rwstate = SSL_WRITING; in statem_flush()
966 if (BIO_flush(s->wbio) <= 0) { in statem_flush()
969 s->rwstate = SSL_NOTHING; in statem_flush()
982 int ossl_statem_app_data_allowed(SSL_CONNECTION *s) in ossl_statem_app_data_allowed() argument
984 OSSL_STATEM *st = &s->statem; in ossl_statem_app_data_allowed()
989 if (!s->s3.in_read_app_data || (s->s3.total_renegotiations == 0)) in ossl_statem_app_data_allowed()
992 if (s->server) { in ossl_statem_app_data_allowed()
1016 int ossl_statem_export_allowed(SSL_CONNECTION *s) in ossl_statem_export_allowed() argument
1018 return s->s3.previous_server_finished_len != 0 in ossl_statem_export_allowed()
1019 && s->statem.hand_state != TLS_ST_SW_FINISHED; in ossl_statem_export_allowed()
1026 int ossl_statem_export_early_allowed(SSL_CONNECTION *s) in ossl_statem_export_early_allowed() argument
1033 return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED in ossl_statem_export_early_allowed()
1034 || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); in ossl_statem_export_early_allowed()
