*
*/
-#ifndef HEADER_DTLS1_H
-#define HEADER_DTLS1_H
+#ifndef HEADER_DTLS1_H
+#define HEADER_DTLS1_H
#include <openssl/buffer.h>
#include <openssl/pqueue.h>
+#ifdef OPENSSL_SYS_VMS
+#include <resource.h>
+#include <sys/timeb.h>
+#endif
+#ifdef OPENSSL_SYS_WIN32
+/* Needed for struct timeval */
+#include <winsock.h>
+#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
+#include <sys/timeval.h>
+#else
+#if defined(OPENSSL_SYS_VXWORKS)
+#include <sys/times.h>
+#else
+#include <sys/time.h>
+#endif
+#endif
#ifdef __cplusplus
extern "C" {
#endif
-#define DTLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1
-
-#define DTLS1_VERSION 0x0100
-#define DTLS1_VERSION_MAJOR 0x01
-#define DTLS1_VERSION_MINOR 0x00
+#define DTLS1_VERSION 0xFEFF
+#define DTLS1_BAD_VER 0x0100
+#if 0
+/* this alert description is not specified anywhere... */
#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
+#endif
/* lengths of messages */
-#define DTLS1_COOKIE_LENGTH 32
+#define DTLS1_COOKIE_LENGTH 256
#define DTLS1_RT_HEADER_LENGTH 13
#define DTLS1_HM_BAD_FRAGMENT -2
#define DTLS1_HM_FRAGMENT_RETRY -3
-#define DTLS1_CCS_HEADER_LENGTH 3
+#define DTLS1_CCS_HEADER_LENGTH 1
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
#define DTLS1_AL_HEADER_LENGTH 7
+#else
+#define DTLS1_AL_HEADER_LENGTH 2
+#endif
+#ifndef OPENSSL_NO_SSL_INTERN
+
+#ifndef OPENSSL_NO_SCTP
+#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
+#endif
typedef struct dtls1_bitmap_st
{
- unsigned long long map;
- unsigned long length; /* sizeof the bitmap in bits */
- unsigned long long max_seq_num; /* max record number seen so far */
+ unsigned long map; /* track 32 packets on 32-bit systems
+ and 64 - on 64-bit systems */
+ unsigned char max_seq_num[8]; /* max record number seen so far,
+ 64-bit value in big-endian
+ encoding */
} DTLS1_BITMAP;
+struct dtls1_retransmit_state
+ {
+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+ EVP_MD_CTX *write_hash; /* used for mac generation */
+#ifndef OPENSSL_NO_COMP
+ COMP_CTX *compress; /* compression */
+#else
+ char *compress;
+#endif
+ SSL_SESSION *session;
+ unsigned short epoch;
+ };
+
struct hm_header_st
{
unsigned char type;
unsigned short seq;
unsigned long frag_off;
unsigned long frag_len;
- unsigned int is_ccs;
+ unsigned int is_ccs;
+ struct dtls1_retransmit_state saved_retransmit_state;
};
struct ccs_header_st
};
typedef struct record_pqueue_st
- {
- unsigned short epoch;
- pqueue q;
- } record_pqueue;
+ {
+ unsigned short epoch;
+ pqueue q;
+ } record_pqueue;
typedef struct hm_fragment_st
- {
- struct hm_header_st msg_header;
- unsigned char *fragment;
- } hm_fragment;
+ {
+ struct hm_header_st msg_header;
+ unsigned char *fragment;
+ unsigned char *reassembly;
+ } hm_fragment;
typedef struct dtls1_state_st
{
unsigned short handshake_read_seq;
- /* only matters for handshake messages */
- unsigned long long next_expected_seq_num;
+ /* save last sequence number for retransmissions */
+ unsigned char last_write_sequence[8];
/* Received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds;
- record_pqueue processed_rcds;
+ record_pqueue processed_rcds;
- /* Buffered handshake messages */
- pqueue buffered_messages;
+ /* Buffered handshake messages */
+ pqueue buffered_messages;
/* Buffered (sent) handshake records */
pqueue sent_messages;
- unsigned int mtu; /* max wire packet size */
+ /* Buffered application records.
+ * Only for records between CCS and Finished
+ * to prevent either protocol violation or
+ * unnecessary message loss.
+ */
+ record_pqueue buffered_app_data;
+
+ /* Is set when listening for new connections with dtls1_listen() */
+ unsigned int listen;
+
+ unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
struct hm_header_st r_msg_hdr;
struct dtls1_timeout_st timeout;
-
+
+ /* Indicates when the last handshake msg or heartbeat sent will timeout */
+ struct timeval next_timeout;
+
+ /* Timeout duration */
+ unsigned short timeout_duration;
+
/* storage for Alert/Handshake protocol data received but not
* yet processed by ssl3_read_bytes: */
unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
unsigned int handshake_fragment_len;
unsigned int retransmitting;
+ unsigned int change_cipher_spec_ok;
+
+#ifndef OPENSSL_NO_SCTP
+ /* used when SSL_ST_XX_FLUSH is entered */
+ int next_state;
+
+ int shutdown_received;
+#endif
} DTLS1_STATE;
unsigned int packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
+#ifndef OPENSSL_NO_SCTP
+ struct bio_dgram_sctp_rcvinfo recordinfo;
+#endif
} DTLS1_RECORD_DATA;
-/* client methods */
-int dtls1_client_hello(SSL *s);
-int dtls1_send_client_certificate(SSL *s);
-int dtls1_send_client_key_exchange(SSL *s);
-int dtls1_send_client_verify(SSL *s);
-
-
-/* server methods */
-int dtls1_send_hello_request(SSL *s);
-int dtls1_send_server_hello(SSL *s);
-int dtls1_send_server_certificate(SSL *s);
-int dtls1_send_server_key_exchange(SSL *s);
-int dtls1_send_certificate_request(SSL *s);
-int dtls1_send_server_done(SSL *s);
-
-/* common methods */
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
-int dtls1_read_failed(SSL *s, int code);
-int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq,
- unsigned long frag_off, int *found);
-void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
-void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
-void dtls1_reset_seq_numbers(SSL *s, int rw);
+#endif
/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
#define DTLS1_TMO_READ_COUNT 2