/* ==================================================================== * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /***************************************************************************** * * * These enums should be considered PRIVATE to the state machine. No * * non-state machine code should need to use these * * * *****************************************************************************/ /* * Valid return codes used for functions performing work prior to or after * sending or receiving a message */ typedef enum { /* Something went wrong */ WORK_ERROR, /* We're done working and there shouldn't be anything else to do after */ WORK_FINISHED_STOP, /* We're done working move onto the next thing */ WORK_FINISHED_CONTINUE, /* We're working on phase A */ WORK_MORE_A, /* We're working on phase B */ WORK_MORE_B } WORK_STATE; /* Write transition return codes */ typedef enum { /* Something went wrong */ WRITE_TRAN_ERROR, /* A transition was successfully completed and we should continue */ WRITE_TRAN_CONTINUE, /* There is no more write work to be done */ WRITE_TRAN_FINISHED } WRITE_TRAN; /* Message flow states */ typedef enum { /* No handshake in progress */ MSG_FLOW_UNINITED, /* A permanent error with this connection */ MSG_FLOW_ERROR, /* We are about to renegotiate */ MSG_FLOW_RENEGOTIATE, /* We are reading messages */ MSG_FLOW_READING, /* We are writing messages */ MSG_FLOW_WRITING, /* Handshake has finished */ MSG_FLOW_FINISHED } MSG_FLOW_STATE; /* Read states */ typedef enum { READ_STATE_HEADER, READ_STATE_BODY, READ_STATE_POST_PROCESS } READ_STATE; /* Write states */ typedef enum { WRITE_STATE_TRANSITION, WRITE_STATE_PRE_WORK, WRITE_STATE_SEND, WRITE_STATE_POST_WORK } WRITE_STATE; /***************************************************************************** * * * This structure should be considered "opaque" to anything outside of the * * state machine. No non-state machine code should be accessing the members * * of this structure. * * * *****************************************************************************/ struct ossl_statem_st { MSG_FLOW_STATE state; WRITE_STATE write_state; WORK_STATE write_state_work; READ_STATE read_state; WORK_STATE read_state_work; OSSL_HANDSHAKE_STATE hand_state; int in_init; int read_state_first_init; /* true when we are actually in SSL_accept() or SSL_connect() */ int in_handshake; /* Should we skip the CertificateVerify message? */ unsigned int no_cert_verify; int use_timer; #ifndef OPENSSL_NO_SCTP int in_sctp_read_sock; #endif }; typedef struct ossl_statem_st OSSL_STATEM; /***************************************************************************** * * * The following macros/functions represent the libssl internal API to the * * state machine. Any libssl code may call these functions/macros * * * *****************************************************************************/ __owur int ossl_statem_accept(SSL *s); __owur int ossl_statem_connect(SSL *s); void ossl_statem_clear(SSL *s); void ossl_statem_set_renegotiate(SSL *s); void ossl_statem_set_error(SSL *s); int ossl_statem_in_error(const SSL *s); void ossl_statem_set_in_init(SSL *s, int init); int ossl_statem_get_in_handshake(SSL *s); void ossl_statem_set_in_handshake(SSL *s, int inhand); void ossl_statem_set_hello_verify_done(SSL *s); __owur int ossl_statem_app_data_allowed(SSL *s); #ifndef OPENSSL_NO_SCTP void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock); __owur int ossl_statem_in_sctp_read_sock(SSL *s); #endif