Commit f8e0a557 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add initial state machine rewrite code 



This is the first drop of the new state machine code.

The rewrite has the following objectives:
- Remove duplication of state code between client and server
- Remove duplication of state code between TLS and DTLS
- Simplify transitions and bring the logic together in a single location
  so that it is easier to validate
- Remove duplication of code between each of the message handling functions
- Receive a message first and then work out whether that is a valid
  transition - not the other way around (the other way causes lots of issues
  where we are expecting one type of message next but actually get something
  else)
- Separate message flow state from handshake state (in order to better
  understand each)
  - message flow state = when to flush buffers; handling restarts in the
    event of NBIO events; handling the common flow of steps for reading a
    message and the common flow of steps for writing a message etc
  - handshake state = what handshake message are we working on now
- Control complexity: only the state machine can change state: keep all
  the state changes local to a file

This builds on previous state machine related work:
- Surface CCS processing in the state machine
- Version negotiation rewrite

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 9ab930b2

include/openssl/ssl.h

+2 −0
Original line number Diff line number Diff line
@@ -1928,6 +1928,7 @@ void ERR_load_SSL_strings(void); 
# define SSL_F_DTLS1_SEND_SERVER_HELLO                    266

# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE             267

# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268

# define SSL_F_READ_STATE_MACHINE                         352

# define SSL_F_SSL3_ACCEPT                                128

# define SSL_F_SSL3_ADD_CERT_TO_BUF                       296

# define SSL_F_SSL3_CALLBACK_CTRL                         233
@@ -2085,6 +2086,7 @@ void ERR_load_SSL_strings(void); 
# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206

# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207

# define SSL_F_SSL_WRITE                                  208

# define SSL_F_STATE_MACHINE                              353

# define SSL_F_TLS12_CHECK_PEER_SIGALG                    333

# define SSL_F_TLS1_CERT_VERIFY_MAC                       286

# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209

ssl/Makefile

+24 −2
Original line number Diff line number Diff line
@@ -26,7 +26,8 @@ LIBSRC= \ 
	ssl_ciph.c ssl_stat.c ssl_rsa.c \

	ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \

	bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \

	record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c

	record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \

	statem.c

LIBOBJ= \

	s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o record/rec_layer_s3.o \

	s3_both.o s3_cbc.o s3_msg.o \
@@ -37,7 +38,8 @@ LIBOBJ= \ 
	ssl_ciph.o ssl_stat.o ssl_rsa.o \

	ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \

	bio_ssl.o ssl_err.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \

	record/ssl3_buffer.o record/ssl3_record.o record/dtls1_bitmap.o

	record/ssl3_buffer.o record/ssl3_record.o record/dtls1_bitmap.o \

	statem.o



SRC= $(LIBSRC)
@@ -781,6 +783,26 @@ ssl_utst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
ssl_utst.o: ../include/openssl/tls1.h ../include/openssl/x509.h

ssl_utst.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h

ssl_utst.o: ssl_locl.h ssl_utst.c

statem.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

statem.o: ../include/openssl/bn.h ../include/openssl/buffer.h

statem.o: ../include/openssl/comp.h ../include/openssl/crypto.h

statem.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h

statem.o: ../include/openssl/e_os2.h ../include/openssl/ec.h

statem.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h

statem.o: ../include/openssl/err.h ../include/openssl/evp.h

statem.o: ../include/openssl/hmac.h ../include/openssl/lhash.h

statem.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

statem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

statem.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

statem.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

statem.o: ../include/openssl/pqueue.h ../include/openssl/rand.h

statem.o: ../include/openssl/rsa.h ../include/openssl/safestack.h

statem.o: ../include/openssl/sha.h ../include/openssl/srtp.h

statem.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h

statem.o: ../include/openssl/ssl3.h ../include/openssl/stack.h

statem.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h

statem.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h

statem.o: record/record.h ssl_locl.h statem.c

t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h

t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h

ssl/s3_both.c

+1 −0
Original line number Diff line number Diff line
@@ -478,6 +478,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 
    return n;

 f_err:

    ssl3_send_alert(s, SSL3_AL_FATAL, al);

    statem_set_error(s);

    *ok = 0;

    return 0;

}

ssl/s3_lib.c

+1 −0
Original line number Diff line number Diff line
@@ -5132,6 +5132,7 @@ int ssl3_renegotiate_check(SSL *s) 
             */

            /* SSL_ST_ACCEPT */

            s->state = SSL_ST_RENEGOTIATE;

            statem_set_renegotiate(s);

            s->s3->renegotiate = 0;

            s->s3->num_renegotiations++;

            s->s3->total_renegotiations++;

ssl/ssl_err.c

+2 −0
Original line number Diff line number Diff line
@@ -112,6 +112,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { 
    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),

     "dtls1_send_server_key_exchange"},

    {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"},

    {ERR_FUNC(SSL_F_READ_STATE_MACHINE), "READ_STATE_MACHINE"},

    {ERR_FUNC(SSL_F_SSL3_ACCEPT), "ssl3_accept"},

    {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},

    {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "ssl3_callback_ctrl"},
@@ -313,6 +314,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { 
    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},

    {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},

    {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},

    {ERR_FUNC(SSL_F_STATE_MACHINE), "STATE_MACHINE"},

    {ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"},

    {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},

    {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"},