Update from 1.0.0-stable.
[openssl.git] / ssl / dtls1.h
index 5ec1372..177e55c 100644 (file)
 extern "C" {
 #endif
 
-#define DTLS1_VERSION                  0x0100
-#define DTLS1_VERSION_MAJOR            0x01
-#define DTLS1_VERSION_MINOR            0x00
+#define DTLS1_VERSION                  0xFEFF
+#define DTLS1_BAD_VER                  0x0100
 
+#if 0
+/* this alert description is not specified anywhere... */
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
+#endif
 
 /* lengths of messages */
 #define DTLS1_COOKIE_LENGTH                     32
@@ -83,18 +85,37 @@ extern "C" {
 #define DTLS1_HM_BAD_FRAGMENT                   -2
 #define DTLS1_HM_FRAGMENT_RETRY                 -3
 
-#define DTLS1_CCS_HEADER_LENGTH                  3
+#define DTLS1_CCS_HEADER_LENGTH                  1
 
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
 #define DTLS1_AL_HEADER_LENGTH                   7
+#else
+#define DTLS1_AL_HEADER_LENGTH                   2
+#endif
 
 
 typedef struct dtls1_bitmap_st
        {
-       BN_ULLONG map;
-       unsigned long length;     /* sizeof the bitmap in bits */
-       BN_ULLONG max_seq_num;  /* max record number seen so far */
+       unsigned long map;              /* track 32 packets on 32-bit systems
+                                          and 64 - on 64-bit systems */
+       unsigned char max_seq_num[8];   /* max record number seen so far,
+                                          64-bit value in big-endian
+                                          encoding */
        } DTLS1_BITMAP;
 
+struct dtls1_retransmit_state
+       {
+       EVP_CIPHER_CTX *enc_write_ctx;  /* cryptographic state */
+       EVP_MD_CTX *write_hash;                 /* used for mac generation */
+#ifndef OPENSSL_NO_COMP
+       COMP_CTX *compress;                             /* compression */
+#else
+       char *compress; 
+#endif
+       SSL_SESSION *session;
+       unsigned short epoch;
+       };
+
 struct hm_header_st
        {
        unsigned char type;
@@ -103,6 +124,7 @@ struct hm_header_st
        unsigned long frag_off;
        unsigned long frag_len;
        unsigned int is_ccs;
+       struct dtls1_retransmit_state saved_retransmit_state;
        };
 
 struct ccs_header_st
@@ -162,8 +184,8 @@ typedef struct dtls1_state_st
 
        unsigned short handshake_read_seq;
 
-       /* only matters for handshake messages */  
-       BN_ULLONG next_expected_seq_num; 
+       /* save last sequence number for retransmissions */
+       unsigned char last_write_sequence[8];
 
        /* Received handshake records (processed and unprocessed) */
        record_pqueue unprocessed_rcds;
@@ -175,13 +197,26 @@ typedef struct dtls1_state_st
        /* Buffered (sent) handshake records */
        pqueue sent_messages;
 
+       /* Buffered application records.
+        * Only for records between CCS and Finished
+        * to prevent either protocol violation or
+        * unnecessary message loss.
+        */
+       record_pqueue buffered_app_data;
+
        unsigned int mtu; /* max wire packet size */
 
        struct hm_header_st w_msg_hdr;
        struct hm_header_st r_msg_hdr;
 
        struct dtls1_timeout_st timeout;
-       
+
+       /* Indicates when the last handshake msg sent will timeout */
+       struct timeval next_timeout;
+
+       /* Timeout duration */
+       unsigned short timeout_duration;
+
        /* storage for Alert/Handshake protocol data received but not
         * yet processed by ssl3_read_bytes: */
        unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];