openssl/ssl/statem
anupamam13 42141197a1 Fix for negative return value from SSL_CTX_sess_accept()
Fixes #13183

From the original issue report, before this commit, on master and on
1.1.1, the issue can be detected with the following steps:

- Start with a default SSL_CTX, initiate a TLS 1.3 connection with SNI,
  "Accept" count of default context gets incremented
- After servername lookup, "Accept" count of default context gets
  decremented and that of SNI context is incremented
- Server sends a "Hello Retry Request"
- Client sends the second "Client Hello", now again "Accept" count of
  default context is decremented. Hence giving a negative value.

This commit fixes it by adding a check on `s->hello_retry_request` in
addition to `SSL_IS_FIRST_HANDSHAKE(s)`, to ensure the counter is moved
only on the first ClientHello.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13297)
2021-01-09 00:55:02 +02:00
..
extensions_clnt.c tag unused function arguments as ossl_unused 2020-12-03 11:22:06 +10:00
extensions_cust.c Update copyright year 2020-11-26 14:18:57 +00:00
extensions_srvr.c tag unused function arguments as ossl_unused 2020-12-03 11:22:06 +10:00
extensions.c Fix for negative return value from SSL_CTX_sess_accept() 2021-01-09 00:55:02 +02:00
README.md Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 2020-07-05 11:29:43 +02:00
statem_clnt.c Drop OPENSSL_NO_RSA everywhere 2020-12-20 12:19:42 +01:00
statem_dtls.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
statem_lib.c Modify is_tls13_capable() to take account of the servername cb 2020-12-09 14:46:16 +00:00
statem_local.h
statem_srvr.c Drop OPENSSL_NO_RSA everywhere 2020-12-20 12:19:42 +01:00
statem.c Update copyright year 2020-11-26 14:18:57 +00:00
statem.h Update copyright year 2020-11-26 14:18:57 +00:00

State Machine Design

This file provides some guidance on the thinking behind the design of the state machine code to aid future maintenance.

The state machine code replaces an older state machine present in OpenSSL versions 1.0.2 and below. The new state machine has the following objectives:

  • Remove duplication of state code between client and server
  • Remove duplication of state code between TLS and DTLS
  • Simplify transitions and bring the logic together in a single location so that it is easier to validate
  • Remove duplication of code between each of the message handling functions
  • Receive a message first and then work out whether that is a valid transition - not the other way around (the other way causes lots of issues where we are expecting one type of message next but actually get something else)
  • Separate message flow state from handshake state (in order to better understand each)
    • message flow state = when to flush buffers; handling restarts in the event of NBIO events; handling the common flow of steps for reading a message and the common flow of steps for writing a message etc
    • handshake state = what handshake message are we working on now
  • Control complexity: only the state machine can change state: keep all the state changes local to the state machine component

The message flow state machine is divided into a reading sub-state machine and a writing sub-state machine. See the source comments in statem.c for a more detailed description of the various states and transitions possible.

Conceptually the state machine component is designed as follows:

                      libssl
                         |
-------------------------|-----statem.h------------------------------------
                         |
                  _______V____________________
                 |                            |
                 |    statem.c                |
                 |                            |
                 |    Core state machine code |
                 |____________________________|
      statem_local.h     ^          ^
               _________|          |_______
              |                            |
 _____________|____________   _____________|____________
|                          | |                          |
| statem_clnt.c            | | statem_srvr.c            |
|                          | |                          |
| TLS/DTLS client specific | | TLS/DTLS server specific |
| state machine code       | | state machine code       |
|__________________________| |__________________________|
             |        |_______________|__       |
             |        ________________|  |      |
             |       |                   |      |
 ____________V_______V________   ________V______V_______________
|                             | |                               |
| statem_both.c               | | statem_dtls.c                 |
|                             | |                               |
| Non core functions common   | | Non core functions common to  |
| to both servers and clients | | both DTLS servers and clients |
|_____________________________| |_______________________________|