• Home
  • History
  • Annotate
  • only in this directory
NameDateSize

..22-Jun-202137

extensions.cH A D22-Jun-202160 KiB

extensions_clnt.cH A D22-Jun-202166.7 KiB

extensions_cust.cH A D22-Jun-202117.8 KiB

extensions_srvr.cH A D22-Jun-202168.2 KiB

READMEH A D22-Jun-20213.3 KiB

statem.cH A D22-Jun-202130.2 KiB

statem.hH A D22-Jun-20215.6 KiB

statem_clnt.cH A D22-Jun-2021123.1 KiB

statem_dtls.cH A D22-Jun-202140.6 KiB

statem_lib.cH A D22-Jun-202179.6 KiB

statem_local.hH A D22-Jun-202121.6 KiB

statem_srvr.cH A D22-Jun-2021141.4 KiB

README

1State Machine Design
2====================
3
4This file provides some guidance on the thinking behind the design of the
5state machine code to aid future maintenance.
6
7The state machine code replaces an older state machine present in OpenSSL
8versions 1.0.2 and below. The new state machine has the following objectives:
9    - Remove duplication of state code between client and server
10    - Remove duplication of state code between TLS and DTLS
11    - Simplify transitions and bring the logic together in a single location
12      so that it is easier to validate
13    - Remove duplication of code between each of the message handling functions
14    - Receive a message first and then work out whether that is a valid
15      transition - not the other way around (the other way causes lots of issues
16      where we are expecting one type of message next but actually get something
17      else)
18    - Separate message flow state from handshake state (in order to better
19      understand each)
20      - message flow state = when to flush buffers; handling restarts in the
21        event of NBIO events; handling the common flow of steps for reading a
22        message and the common flow of steps for writing a message etc
23      - handshake state = what handshake message are we working on now
24    - Control complexity: only the state machine can change state: keep all
25      the state changes local to the state machine component
26
27The message flow state machine is divided into a reading sub-state machine and a
28writing sub-state machine. See the source comments in statem.c for a more
29detailed description of the various states and transitions possible.
30
31Conceptually the state machine component is designed as follows:
32
33                        libssl
34                           |
35---------------------------|-----statem.h--------------------------------------
36                           |
37                    _______V____________________
38                   |                            |
39                   |    statem.c                |
40                   |                            |
41                   |    Core state machine code |
42                   |____________________________|
43        statem_local.h     ^          ^
44                 _________|          |_______
45                |                            |
46   _____________|____________   _____________|____________
47  |                          | |                          |
48  | statem_clnt.c            | | statem_srvr.c            |
49  |                          | |                          |
50  | TLS/DTLS client specific | | TLS/DTLS server specific |
51  | state machine code       | | state machine code       |
52  |__________________________| |__________________________|
53               |        |_______________|__       |
54               |        ________________|  |      |
55               |       |                   |      |
56   ____________V_______V________   ________V______V_______________
57  |                             | |                               |
58  | statem_both.c               | | statem_dtls.c                 |
59  |                             | |                               |
60  | Non core functions common   | | Non core functions common to  |
61  | to both servers and clients | | both DTLS servers and clients |
62  |_____________________________| |_______________________________|
63
64