diff options
| author | Matt Caswell <matt@openssl.org> | 2015-07-29 14:23:56 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-10-30 08:27:59 +0000 |
| commit | f8e0a5573820bd7318782d4954c6643ff7e58102 (patch) | |
| tree | 4b6a7fa073da7a0c12fbf856eb2ea58c526a627d /include | |
| parent | 9ab930b27d51a13362e6647074f13589a8ac004d (diff) | |
Add initial state machine rewrite code
This is the first drop of the new state machine code.
The rewrite has the following objectives:
- Remove duplication of state code between client and server
- Remove duplication of state code between TLS and DTLS
- Simplify transitions and bring the logic together in a single location
so that it is easier to validate
- Remove duplication of code between each of the message handling functions
- Receive a message first and then work out whether that is a valid
transition - not the other way around (the other way causes lots of issues
where we are expecting one type of message next but actually get something
else)
- Separate message flow state from handshake state (in order to better
understand each)
- message flow state = when to flush buffers; handling restarts in the
event of NBIO events; handling the common flow of steps for reading a
message and the common flow of steps for writing a message etc
- handshake state = what handshake message are we working on now
- Control complexity: only the state machine can change state: keep all
the state changes local to a file
This builds on previous state machine related work:
- Surface CCS processing in the state machine
- Version negotiation rewrite
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/ssl.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index fb626279af..7788f098e6 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1928,6 +1928,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_DTLS1_SEND_SERVER_HELLO 266 # define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 # define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +# define SSL_F_READ_STATE_MACHINE 352 # define SSL_F_SSL3_ACCEPT 128 # define SSL_F_SSL3_ADD_CERT_TO_BUF 296 # define SSL_F_SSL3_CALLBACK_CTRL 233 @@ -2085,6 +2086,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 # define SSL_F_SSL_WRITE 208 +# define SSL_F_STATE_MACHINE 353 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 # define SSL_F_TLS1_CERT_VERIFY_MAC 286 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 |