1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
/* ssl/statem/statem_locl.h */
/* ====================================================================
* Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*****************************************************************************
* *
* The following definitions are PRIVATE to the state machine. They should *
* NOT be used outside of the state machine. *
* *
*****************************************************************************/
/* Max message length definitions */
/* The spec allows for a longer length than this, but we limit it */
#define HELLO_VERIFY_REQUEST_MAX_LENGTH 258
#define SERVER_HELLO_MAX_LENGTH 20000
#define SERVER_KEY_EXCH_MAX_LENGTH 102400
#define SERVER_HELLO_DONE_MAX_LENGTH 0
#define CCS_MAX_LENGTH 1
/* Max should actually be 36 but we are generous */
#define FINISHED_MAX_LENGTH 64
/* Message processing return codes */
enum MSG_PROCESS_RETURN {
/* Something bad happened */
MSG_PROCESS_ERROR,
/* We've finished reading - swap to writing */
MSG_PROCESS_FINISHED_READING,
/*
* We've completed the main processing of this message but there is some
* post processing to be done.
*/
MSG_PROCESS_CONTINUE_PROCESSING,
/* We've finished this message - read the next message */
MSG_PROCESS_CONTINUE_READING
};
/* Flush the write BIO */
int statem_flush(SSL *s);
/*
* TLS/DTLS client state machine functions
*/
int client_read_transition(SSL *s, int mt);
enum WRITE_TRAN client_write_transition(SSL *s);
enum WORK_STATE client_pre_work(SSL *s, enum WORK_STATE wst);
enum WORK_STATE client_post_work(SSL *s, enum WORK_STATE wst);
int client_construct_message(SSL *s);
unsigned long client_max_message_size(SSL *s);
enum MSG_PROCESS_RETURN client_process_message(SSL *s, PACKET *pkt);
enum WORK_STATE client_post_process_message(SSL *s, enum WORK_STATE wst);
/*
* TLS/DTLS server state machine functions
*/
int server_read_transition(SSL *s, int mt);
enum WRITE_TRAN server_write_transition(SSL *s);
enum WORK_STATE server_pre_work(SSL *s, enum WORK_STATE wst);
enum WORK_STATE server_post_work(SSL *s, enum WORK_STATE wst);
int server_construct_message(SSL *s);
unsigned long server_max_message_size(SSL *s);
enum MSG_PROCESS_RETURN server_process_message(SSL *s, PACKET *pkt);
enum WORK_STATE server_post_process_message(SSL *s, enum WORK_STATE wst);
/* Functions for getting new message data */
__owur int tls_get_message_header(SSL *s, int *mt);
__owur int tls_get_message_body(SSL *s, unsigned long *len);
__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len);
/* Message construction and processing functions */
__owur enum MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s,
PACKET *pkt);
__owur enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt);
__owur int tls_construct_change_cipher_spec(SSL *s);
__owur int dtls_construct_change_cipher_spec(SSL *s);
__owur int tls_construct_finished(SSL *s, const char *sender, int slen);
__owur enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst);
__owur enum WORK_STATE dtls_wait_for_dry(SSL *s);
/* some client-only functions */
__owur int tls_construct_client_hello(SSL *s);
__owur enum MSG_PROCESS_RETURN tls_process_server_hello(SSL *s,
PACKET *pkt);
__owur enum MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s,
PACKET *pkt);
__owur enum MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s,
PACKET *pkt);
__owur enum MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt);
__owur enum MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt);
__owur int tls_construct_client_verify(SSL *s);
__owur enum WORK_STATE tls_prepare_client_certificate(SSL *s,
enum WORK_STATE wst);
__owur int tls_construct_client_certificate(SSL *s);
__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
__owur int tls_construct_client_key_exchange(SSL *s);
__owur int tls_client_key_exchange_post_work(SSL *s);
__owur int tls_construct_cert_status(SSL *s);
__owur enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s,
PACKET *pkt);
__owur enum MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s,
PACKET *pkt);
__owur int ssl3_check_cert_and_algorithm(SSL *s);
# ifndef OPENSSL_NO_NEXTPROTONEG
__owur int tls_construct_next_proto(SSL *s);
# endif
__owur enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
/* some server-only functions */
__owur enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt);
__owur enum WORK_STATE tls_post_process_client_hello(SSL *s,
enum WORK_STATE wst);
__owur int tls_construct_server_hello(SSL *s);
__owur int tls_construct_hello_request(SSL *s);
__owur int dtls_construct_hello_verify_request(SSL *s);
__owur int tls_construct_server_certificate(SSL *s);
__owur int tls_construct_server_key_exchange(SSL *s);
__owur int tls_construct_certificate_request(SSL *s);
__owur int tls_construct_server_done(SSL *s);
__owur enum MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s,
PACKET *pkt);
__owur enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s,
PACKET *pkt);
__owur enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
enum WORK_STATE wst);
__owur enum MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
# ifndef OPENSSL_NO_NEXTPROTONEG
__owur enum MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
# endif
__owur int tls_construct_new_session_ticket(SSL *s);
|
