• Home
Name
Date
Size
#Lines
LOC

..--

README.mdD07-Sep-20243.3 KiB6457

extensions.cD07-Sep-202459.9 KiB1,7271,137

extensions_clnt.cD07-Sep-202464.5 KiB1,9841,401

extensions_cust.cD07-Sep-202417.6 KiB530383

extensions_srvr.cD07-Sep-202464.6 KiB1,9171,377

statem.cD07-Sep-202430.4 KiB994594

statem.hD07-Sep-20245.7 KiB15882

statem_clnt.cD07-Sep-2024119 KiB3,7862,653

statem_dtls.cD07-Sep-202443.6 KiB1,367908

statem_lib.cD07-Sep-202478.2 KiB2,4131,638

statem_local.hD07-Sep-202422.1 KiB431354

statem_srvr.cD07-Sep-2024133.2 KiB4,1382,897

README.md

1State Machine Design
2====================
3
4This file provides some guidance on the thinking behind the design of the
5state machine code to aid future maintenance.
6
7The state machine code replaces an older state machine present in OpenSSL
8versions 1.0.2 and below. The new state machine has the following objectives:
9
10  - Remove duplication of state code between client and server
11  - Remove duplication of state code between TLS and DTLS
12  - Simplify transitions and bring the logic together in a single location
13    so that it is easier to validate
14  - Remove duplication of code between each of the message handling functions
15  - Receive a message first and then work out whether that is a valid
16    transition - not the other way around (the other way causes lots of issues
17    where we are expecting one type of message next but actually get something
18    else)
19  - Separate message flow state from handshake state (in order to better
20    understand each)
21    * message flow state = when to flush buffers; handling restarts in the
22      event of NBIO events; handling the common flow of steps for reading a
23      message and the common flow of steps for writing a message etc
24    * handshake state = what handshake message are we working on now
25  - Control complexity: only the state machine can change state: keep all
26    the state changes local to the state machine component
27
28The message flow state machine is divided into a reading sub-state machine and a
29writing sub-state machine. See the source comments in statem.c for a more
30detailed description of the various states and transitions possible.
31
32Conceptually the state machine component is designed as follows:
33
34                          libssl
35                             |
36    -------------------------|-----statem.h------------------------------------
37                             |
38                      _______V____________________
39                     |                            |
40                     |    statem.c                |
41                     |                            |
42                     |    Core state machine code |
43                     |____________________________|
44          statem_local.h     ^          ^
45                   _________|          |_______
46                  |                            |
47     _____________|____________   _____________|____________
48    |                          | |                          |
49    | statem_clnt.c            | | statem_srvr.c            |
50    |                          | |                          |
51    | TLS/DTLS client specific | | TLS/DTLS server specific |
52    | state machine code       | | state machine code       |
53    |__________________________| |__________________________|
54                 |        |_______________|__       |
55                 |        ________________|  |      |
56                 |       |                   |      |
57     ____________V_______V________   ________V______V_______________
58    |                             | |                               |
59    | statem_lib.c                | | statem_dtls.c                 |
60    |                             | |                               |
61    | Non core functions common   | | Non core functions common to  |
62    | to both servers and clients | | both DTLS servers and clients |
63    |_____________________________| |_______________________________|
64