xref: /openssl/ssl/statem/README.md (revision 8b6a7da3) 
1State Machine Design
2====================
3
4This file provides some guidance on the thinking behind the design of the
5state machine code to aid future maintenance.
6
7The state machine code replaces an older state machine present in OpenSSL
8versions 1.0.2 and below. The new state machine has the following objectives:
9
10  - Remove duplication of state code between client and server
11  - Remove duplication of state code between TLS and DTLS
12  - Simplify transitions and bring the logic together in a single location
13    so that it is easier to validate
14  - Remove duplication of code between each of the message handling functions
15  - Receive a message first and then work out whether that is a valid
16    transition - not the other way around (the other way causes lots of issues
17    where we are expecting one type of message next but actually get something
18    else)
19  - Separate message flow state from handshake state (in order to better
20    understand each)
21    * message flow state = when to flush buffers; handling restarts in the
22      event of NBIO events; handling the common flow of steps for reading a
23      message and the common flow of steps for writing a message etc
24    * handshake state = what handshake message are we working on now
25  - Control complexity: only the state machine can change state: keep all
26    the state changes local to the state machine component
27
28The message flow state machine is divided into a reading sub-state machine and a
29writing sub-state machine. See the source comments in statem.c for a more
30detailed description of the various states and transitions possible.
31
32Conceptually the state machine component is designed as follows:
33
34                          libssl
35                             |
36    -------------------------|-----statem.h------------------------------------
37                             |
38                      _______V____________________
39                     |                            |
40                     |    statem.c                |
41                     |                            |
42                     |    Core state machine code |
43                     |____________________________|
44          statem_local.h     ^          ^
45                   _________|          |_______
46                  |                            |
47     _____________|____________   _____________|____________
48    |                          | |                          |
49    | statem_clnt.c            | | statem_srvr.c            |
50    |                          | |                          |
51    | TLS/DTLS client specific | | TLS/DTLS server specific |
52    | state machine code       | | state machine code       |
53    |__________________________| |__________________________|
54                 |        |_______________|__       |
55                 |        ________________|  |      |
56                 |       |                   |      |
57     ____________V_______V________   ________V______V_______________
58    |                             | |                               |
59    | statem_lib.c                | | statem_dtls.c                 |
60    |                             | |                               |
61    | Non core functions common   | | Non core functions common to  |
62    | to both servers and clients | | both DTLS servers and clients |
63    |_____________________________| |_______________________________|
64