Lines Matching refs:s
67 static int state_machine(SSL_CONNECTION *s, int server);
68 static void init_read_state_machine(SSL_CONNECTION *s);
69 static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s);
70 static void init_write_state_machine(SSL_CONNECTION *s);
71 static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s);
83 int SSL_in_init(const SSL *s) in SSL_in_init() argument
85 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); in SSL_in_init()
93 int SSL_is_init_finished(const SSL *s) in SSL_is_init_finished() argument
95 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); in SSL_is_init_finished()
103 int SSL_in_before(const SSL *s) in SSL_in_before() argument
105 const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); in SSL_in_before()
121 OSSL_HANDSHAKE_STATE ossl_statem_get_state(SSL_CONNECTION *s) in ossl_statem_get_state() argument
123 return s != NULL ? s->statem.hand_state : TLS_ST_BEFORE; in ossl_statem_get_state()
129 void ossl_statem_clear(SSL_CONNECTION *s) in ossl_statem_clear() argument
131 s->statem.state = MSG_FLOW_UNINITED; in ossl_statem_clear()
132 s->statem.hand_state = TLS_ST_BEFORE; in ossl_statem_clear()
133 ossl_statem_set_in_init(s, 1); in ossl_statem_clear()
134 s->statem.no_cert_verify = 0; in ossl_statem_clear()
140 void ossl_statem_set_renegotiate(SSL_CONNECTION *s) in ossl_statem_set_renegotiate() argument
142 ossl_statem_set_in_init(s, 1); in ossl_statem_set_renegotiate()
143 s->statem.request_state = TLS_ST_SW_HELLO_REQ; in ossl_statem_set_renegotiate()
146 void ossl_statem_send_fatal(SSL_CONNECTION *s, int al) in ossl_statem_send_fatal() argument
149 if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) in ossl_statem_send_fatal()
151 ossl_statem_set_in_init(s, 1); in ossl_statem_send_fatal()
152 s->statem.state = MSG_FLOW_ERROR; in ossl_statem_send_fatal()
154 ssl3_send_alert(s, SSL3_AL_FATAL, al); in ossl_statem_send_fatal()
163 void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, in ossl_statem_fatal() argument
172 ossl_statem_send_fatal(s, al); in ossl_statem_fatal()
180 #define check_fatal(s) \ argument
182 if (!ossl_assert((s)->statem.in_init \
183 && (s)->statem.state == MSG_FLOW_ERROR)) \
184 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_FATAL); \
194 int ossl_statem_in_error(const SSL_CONNECTION *s) in ossl_statem_in_error() argument
196 if (s->statem.state == MSG_FLOW_ERROR) in ossl_statem_in_error()
202 void ossl_statem_set_in_init(SSL_CONNECTION *s, int init) in ossl_statem_set_in_init() argument
204 s->statem.in_init = init; in ossl_statem_set_in_init()
205 if (s->rlayer.rrlmethod != NULL && s->rlayer.rrlmethod->set_in_init != NULL) in ossl_statem_set_in_init()
206 s->rlayer.rrlmethod->set_in_init(s->rlayer.rrl, init); in ossl_statem_set_in_init()
209 int ossl_statem_get_in_handshake(SSL_CONNECTION *s) in ossl_statem_get_in_handshake() argument
211 return s->statem.in_handshake; in ossl_statem_get_in_handshake()
214 void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand) in ossl_statem_set_in_handshake() argument
217 s->statem.in_handshake++; in ossl_statem_set_in_handshake()
219 s->statem.in_handshake--; in ossl_statem_set_in_handshake()
223 int ossl_statem_skip_early_data(SSL_CONNECTION *s) in ossl_statem_skip_early_data() argument
225 if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) in ossl_statem_skip_early_data()
228 if (!s->server in ossl_statem_skip_early_data()
229 || s->statem.hand_state != TLS_ST_EARLY_DATA in ossl_statem_skip_early_data()
230 || s->hello_retry_request == SSL_HRR_COMPLETE) in ossl_statem_skip_early_data()
244 void ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending) in ossl_statem_check_finish_init() argument
247 if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END in ossl_statem_check_finish_init()
248 || s->statem.hand_state == TLS_ST_EARLY_DATA) { in ossl_statem_check_finish_init()
249 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
250 if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { in ossl_statem_check_finish_init()
255 s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; in ossl_statem_check_finish_init()
258 } else if (!s->server) { in ossl_statem_check_finish_init()
259 if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END in ossl_statem_check_finish_init()
260 || s->statem.hand_state == TLS_ST_EARLY_DATA) in ossl_statem_check_finish_init()
261 && s->early_data_state != SSL_EARLY_DATA_WRITING) in ossl_statem_check_finish_init()
262 || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { in ossl_statem_check_finish_init()
263 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
268 if (sending && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) in ossl_statem_check_finish_init()
269 s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; in ossl_statem_check_finish_init()
272 if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING in ossl_statem_check_finish_init()
273 && s->statem.hand_state == TLS_ST_EARLY_DATA) in ossl_statem_check_finish_init()
274 ossl_statem_set_in_init(s, 1); in ossl_statem_check_finish_init()
278 void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s) in ossl_statem_set_hello_verify_done() argument
280 s->statem.state = MSG_FLOW_UNINITED; in ossl_statem_set_hello_verify_done()
281 ossl_statem_set_in_init(s, 1); in ossl_statem_set_hello_verify_done()
289 s->statem.hand_state = TLS_ST_SR_CLNT_HELLO; in ossl_statem_set_hello_verify_done()
292 int ossl_statem_connect(SSL *s) in ossl_statem_connect() argument
294 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); in ossl_statem_connect()
302 int ossl_statem_accept(SSL *s) in ossl_statem_accept() argument
304 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); in ossl_statem_accept()
314 static info_cb get_callback(SSL_CONNECTION *s) in get_callback() argument
316 SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); in get_callback()
318 if (s->info_callback != NULL) in get_callback()
319 return s->info_callback; in get_callback()
354 static int state_machine(SSL_CONNECTION *s, int server) in state_machine() argument
358 OSSL_STATEM *st = &s->statem; in state_machine()
361 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in state_machine()
371 cb = get_callback(s); in state_machine()
379 if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(ssl)) in state_machine()
383 if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) { in state_machine()
401 s->server = server; in state_machine()
403 if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_CONNECTION_IS_TLS13(s)) in state_machine()
413 if (SSL_CONNECTION_IS_DTLS(s)) { in state_machine()
414 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && in state_machine()
415 (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { in state_machine()
416 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
420 if ((s->version >> 8) != SSL3_VERSION_MAJOR) { in state_machine()
421 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
426 if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { in state_machine()
427 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
431 if (s->init_buf == NULL) { in state_machine()
433 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
437 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
440 s->init_buf = buf; in state_machine()
444 s->init_num = 0; in state_machine()
449 s->s3.change_cipher_spec = 0; in state_machine()
456 if (!SSL_CONNECTION_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(ssl))) in state_machine()
458 if (!ssl_init_wbio_buffer(s)) { in state_machine()
459 SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); in state_machine()
464 || s->renegotiate) { in state_machine()
465 if (!tls_setup_handshake(s)) { in state_machine()
470 if (SSL_IS_FIRST_HANDSHAKE(s)) in state_machine()
475 init_write_state_machine(s); in state_machine()
480 ssret = read_state_machine(s); in state_machine()
483 init_write_state_machine(s); in state_machine()
489 ssret = write_state_machine(s); in state_machine()
492 init_read_state_machine(s); in state_machine()
501 check_fatal(s); in state_machine()
513 if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) { in state_machine()
536 static void init_read_state_machine(SSL_CONNECTION *s) in init_read_state_machine() argument
538 OSSL_STATEM *st = &s->statem; in init_read_state_machine()
543 static int grow_init_buf(SSL_CONNECTION *s, size_t size) { in grow_init_buf() argument
545 size_t msg_offset = (char *)s->init_msg - s->init_buf->data; in grow_init_buf()
547 if (!BUF_MEM_grow_clean(s->init_buf, (int)size)) in grow_init_buf()
553 s->init_msg = s->init_buf->data + msg_offset; in grow_init_buf()
584 static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s) in read_state_machine() argument
586 OSSL_STATEM *st = &s->statem; in read_state_machine()
589 int (*transition) (SSL_CONNECTION *s, int mt); in read_state_machine()
591 MSG_PROCESS_RETURN(*process_message) (SSL_CONNECTION *s, PACKET *pkt); in read_state_machine()
592 WORK_STATE(*post_process_message) (SSL_CONNECTION *s, WORK_STATE wst); in read_state_machine()
593 size_t (*max_message_size) (SSL_CONNECTION *s); in read_state_machine()
595 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in read_state_machine()
597 cb = get_callback(s); in read_state_machine()
599 if (s->server) { in read_state_machine()
612 s->first_packet = 1; in read_state_machine()
620 if (SSL_CONNECTION_IS_DTLS(s)) { in read_state_machine()
624 ret = dtls_get_message(s, &mt); in read_state_machine()
626 ret = tls_get_message_header(s, &mt); in read_state_machine()
636 if (s->server) in read_state_machine()
645 if (!transition(s, mt)) in read_state_machine()
648 if (s->s3.tmp.message_size > max_message_size(s)) { in read_state_machine()
649 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, in read_state_machine()
655 if (!SSL_CONNECTION_IS_DTLS(s) in read_state_machine()
656 && s->s3.tmp.message_size > 0 in read_state_machine()
657 && !grow_init_buf(s, s->s3.tmp.message_size in read_state_machine()
659 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); in read_state_machine()
667 if (SSL_CONNECTION_IS_DTLS(s)) { in read_state_machine()
672 ret = dtls_get_message_body(s, &len); in read_state_machine()
674 ret = tls_get_message_body(s, &len); in read_state_machine()
681 s->first_packet = 0; in read_state_machine()
682 if (!PACKET_buf_init(&pkt, s->init_msg, len)) { in read_state_machine()
683 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in read_state_machine()
686 ret = process_message(s, &pkt); in read_state_machine()
689 s->init_num = 0; in read_state_machine()
693 check_fatal(s); in read_state_machine()
697 if (SSL_CONNECTION_IS_DTLS(s)) { in read_state_machine()
698 dtls1_stop_timer(s); in read_state_machine()
714 st->read_state_work = post_process_message(s, st->read_state_work); in read_state_machine()
717 check_fatal(s); in read_state_machine()
729 if (SSL_CONNECTION_IS_DTLS(s)) { in read_state_machine()
730 dtls1_stop_timer(s); in read_state_machine()
738 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in read_state_machine()
747 static int statem_do_write(SSL_CONNECTION *s) in statem_do_write() argument
749 OSSL_STATEM *st = &s->statem; in statem_do_write()
753 if (SSL_CONNECTION_IS_DTLS(s)) in statem_do_write()
754 return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); in statem_do_write()
756 return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); in statem_do_write()
758 return ssl_do_write(s); in statem_do_write()
765 static void init_write_state_machine(SSL_CONNECTION *s) in init_write_state_machine() argument
767 OSSL_STATEM *st = &s->statem; in init_write_state_machine()
803 static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s) in write_state_machine() argument
805 OSSL_STATEM *st = &s->statem; in write_state_machine()
807 WRITE_TRAN(*transition) (SSL_CONNECTION *s); in write_state_machine()
808 WORK_STATE(*pre_work) (SSL_CONNECTION *s, WORK_STATE wst); in write_state_machine()
809 WORK_STATE(*post_work) (SSL_CONNECTION *s, WORK_STATE wst); in write_state_machine()
810 int (*get_construct_message_f) (SSL_CONNECTION *s, in write_state_machine()
811 CON_FUNC_RETURN (**confunc) (SSL_CONNECTION *s, in write_state_machine()
815 CON_FUNC_RETURN (*confunc) (SSL_CONNECTION *s, WPACKET *pkt); in write_state_machine()
818 SSL *ssl = SSL_CONNECTION_GET_SSL(s); in write_state_machine()
820 cb = get_callback(s); in write_state_machine()
822 if (s->server) { in write_state_machine()
839 if (s->server) in write_state_machine()
844 switch (transition(s)) { in write_state_machine()
855 check_fatal(s); in write_state_machine()
861 switch (st->write_state_work = pre_work(s, st->write_state_work)) { in write_state_machine()
863 check_fatal(s); in write_state_machine()
877 if (!get_construct_message_f(s, &confunc, &mt)) { in write_state_machine()
887 if (!WPACKET_init(&pkt, s->init_buf) in write_state_machine()
888 || !ssl_set_handshake_header(s, &pkt, mt)) { in write_state_machine()
890 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
896 tmpret = confunc(s, &pkt); in write_state_machine()
899 check_fatal(s); in write_state_machine()
912 if (!ssl_close_construct_packet(s, &pkt, mt) in write_state_machine()
915 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
922 if (SSL_CONNECTION_IS_DTLS(s) && st->use_timer) { in write_state_machine()
923 dtls1_start_timer(s); in write_state_machine()
925 ret = statem_do_write(s); in write_state_machine()
934 switch (st->write_state_work = post_work(s, st->write_state_work)) { in write_state_machine()
936 check_fatal(s); in write_state_machine()
953 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in write_state_machine()
962 int statem_flush(SSL_CONNECTION *s) in statem_flush() argument
964 s->rwstate = SSL_WRITING; in statem_flush()
965 if (BIO_flush(s->wbio) <= 0) { in statem_flush()
968 s->rwstate = SSL_NOTHING; in statem_flush()
981 int ossl_statem_app_data_allowed(SSL_CONNECTION *s) in ossl_statem_app_data_allowed() argument
983 OSSL_STATEM *st = &s->statem; in ossl_statem_app_data_allowed()
988 if (!s->s3.in_read_app_data || (s->s3.total_renegotiations == 0)) in ossl_statem_app_data_allowed()
991 if (s->server) { in ossl_statem_app_data_allowed()
1015 int ossl_statem_export_allowed(SSL_CONNECTION *s) in ossl_statem_export_allowed() argument
1017 return s->s3.previous_server_finished_len != 0 in ossl_statem_export_allowed()
1018 && s->statem.hand_state != TLS_ST_SW_FINISHED; in ossl_statem_export_allowed()
1025 int ossl_statem_export_early_allowed(SSL_CONNECTION *s) in ossl_statem_export_early_allowed() argument
1032 return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED in ossl_statem_export_early_allowed()
1033 || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); in ossl_statem_export_early_allowed()
