1 1.1 christos State Machine Design 2 1.1 christos ==================== 3 1.1 christos 4 1.1 christos This file provides some guidance on the thinking behind the design of the 5 1.1 christos state machine code to aid future maintenance. 6 1.1 christos 7 1.1 christos The state machine code replaces an older state machine present in OpenSSL 8 1.1 christos versions 1.0.2 and below. The new state machine has the following objectives: 9 1.1 christos 10 1.1 christos - Remove duplication of state code between client and server 11 1.1 christos - Remove duplication of state code between TLS and DTLS 12 1.1 christos - Simplify transitions and bring the logic together in a single location 13 1.1 christos so that it is easier to validate 14 1.1 christos - Remove duplication of code between each of the message handling functions 15 1.1 christos - Receive a message first and then work out whether that is a valid 16 1.1 christos transition - not the other way around (the other way causes lots of issues 17 1.1 christos where we are expecting one type of message next but actually get something 18 1.1 christos else) 19 1.1 christos - Separate message flow state from handshake state (in order to better 20 1.1 christos understand each) 21 1.1 christos * message flow state = when to flush buffers; handling restarts in the 22 1.1 christos event of NBIO events; handling the common flow of steps for reading a 23 1.1 christos message and the common flow of steps for writing a message etc 24 1.1 christos * handshake state = what handshake message are we working on now 25 1.1 christos - Control complexity: only the state machine can change state: keep all 26 1.1 christos the state changes local to the state machine component 27 1.1 christos 28 1.1 christos The message flow state machine is divided into a reading sub-state machine and a 29 1.1 christos writing sub-state machine. See the source comments in statem.c for a more 30 1.1 christos detailed description of the various states and transitions possible. 31 1.1 christos 32 1.1 christos Conceptually the state machine component is designed as follows: 33 1.1 christos 34 1.1 christos libssl 35 1.1 christos | 36 1.1 christos -------------------------|-----statem.h------------------------------------ 37 1.1 christos | 38 1.1 christos _______V____________________ 39 1.1 christos | | 40 1.1 christos | statem.c | 41 1.1 christos | | 42 1.1 christos | Core state machine code | 43 1.1 christos |____________________________| 44 1.1 christos statem_local.h ^ ^ 45 1.1 christos _________| |_______ 46 1.1 christos | | 47 1.1 christos _____________|____________ _____________|____________ 48 1.1 christos | | | | 49 1.1 christos | statem_clnt.c | | statem_srvr.c | 50 1.1 christos | | | | 51 1.1 christos | TLS/DTLS client specific | | TLS/DTLS server specific | 52 1.1 christos | state machine code | | state machine code | 53 1.1 christos |__________________________| |__________________________| 54 1.1 christos | |_______________|__ | 55 1.1 christos | ________________| | | 56 1.1 christos | | | | 57 1.1 christos ____________V_______V________ ________V______V_______________ 58 1.1 christos | | | | 59 1.1 christos | statem_lib.c | | statem_dtls.c | 60 1.1 christos | | | | 61 1.1 christos | Non core functions common | | Non core functions common to | 62 1.1 christos | to both servers and clients | | both DTLS servers and clients | 63 1.1 christos |_____________________________| |_______________________________| 64
Indexes created Mon Mar 02 05:31:46 UTC 2026