• Home
Name Date Size #Lines LOC

..--

READMED12-May-20243.3 KiB6457

extensions.cD12-May-202460.8 KiB1,7481,164

extensions_clnt.cD12-May-202466.9 KiB2,0151,456

extensions_cust.cD12-May-202417.8 KiB535388

extensions_srvr.cD12-May-202468.5 KiB1,9821,459

statem.cD12-May-202430.2 KiB973587

statem.hD12-May-20245.6 KiB15882

statem_clnt.cD12-May-2024123.2 KiB3,8512,748

statem_dtls.cD12-May-202440.6 KiB1,282866

statem_lib.cD12-May-202479.7 KiB2,4421,685

statem_local.hD12-May-202421.7 KiB423353

statem_srvr.cD12-May-2024141.5 KiB4,3003,049

README

1State Machine Design
2====================
3
4This file provides some guidance on the thinking behind the design of the
5state machine code to aid future maintenance.
6
7The state machine code replaces an older state machine present in OpenSSL
8versions 1.0.2 and below. The new state machine has the following objectives:
9    - Remove duplication of state code between client and server
10    - Remove duplication of state code between TLS and DTLS
11    - Simplify transitions and bring the logic together in a single location
12      so that it is easier to validate
13    - Remove duplication of code between each of the message handling functions
14    - Receive a message first and then work out whether that is a valid
15      transition - not the other way around (the other way causes lots of issues
16      where we are expecting one type of message next but actually get something
17      else)
18    - Separate message flow state from handshake state (in order to better
19      understand each)
20      - message flow state = when to flush buffers; handling restarts in the
21        event of NBIO events; handling the common flow of steps for reading a
22        message and the common flow of steps for writing a message etc
23      - handshake state = what handshake message are we working on now
24    - Control complexity: only the state machine can change state: keep all
25      the state changes local to the state machine component
26
27The message flow state machine is divided into a reading sub-state machine and a
28writing sub-state machine. See the source comments in statem.c for a more
29detailed description of the various states and transitions possible.
30
31Conceptually the state machine component is designed as follows:
32
33                        libssl
34                           |
35---------------------------|-----statem.h--------------------------------------
36                           |
37                    _______V____________________
38                   |                            |
39                   |    statem.c                |
40                   |                            |
41                   |    Core state machine code |
42                   |____________________________|
43        statem_local.h     ^          ^
44                 _________|          |_______
45                |                            |
46   _____________|____________   _____________|____________
47  |                          | |                          |
48  | statem_clnt.c            | | statem_srvr.c            |
49  |                          | |                          |
50  | TLS/DTLS client specific | | TLS/DTLS server specific |
51  | state machine code       | | state machine code       |
52  |__________________________| |__________________________|
53               |        |_______________|__       |
54               |        ________________|  |      |
55               |       |                   |      |
56   ____________V_______V________   ________V______V_______________
57  |                             | |                               |
58  | statem_lib.c                | | statem_dtls.c                 |
59  |                             | |                               |
60  | Non core functions common   | | Non core functions common to  |
61  | to both servers and clients | | both DTLS servers and clients |
62  |_____________________________| |_______________________________|
63
64