* *
*****************************************************************************/
-typedef struct dtls1_bitmap_st {
- unsigned long map; /* track 32 packets on 32-bit systems and 64
- * - on 64-bit systems */
- unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit
- * value in big-endian encoding */
-} DTLS1_BITMAP;
-
-
typedef struct record_pqueue_st {
unsigned short epoch;
pqueue q;
# endif
} DTLS1_RECORD_DATA;
+typedef struct dtls_record_layer_st {
+ /*
+ * The current data and handshake epoch. This is initially
+ * undefined, and starts at zero once the initial handshake is
+ * completed
+ */
+ unsigned short r_epoch;
+ unsigned short w_epoch;
+
+ /* records being received in the current epoch */
+ DTLS1_BITMAP bitmap;
+ /* renegotiation starts a new set of sequence numbers */
+ DTLS1_BITMAP next_bitmap;
+
+ /* Received handshake records (processed and unprocessed) */
+ record_pqueue unprocessed_rcds;
+ record_pqueue processed_rcds;
+ /*
+ * Buffered application records. Only for records between CCS and
+ * Finished to prevent either protocol violation or unnecessary message
+ * loss.
+ */
+ record_pqueue buffered_app_data;
+ /*
+ * storage for Alert/Handshake protocol data received but not yet
+ * processed by ssl3_read_bytes:
+ */
+ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
+ unsigned int alert_fragment_len;
+ unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
+ unsigned int handshake_fragment_len;
+} DTLS_RECORD_LAYER;
+
typedef struct record_layer_st {
/* The parent SSL structure */
SSL *s;
unsigned char read_sequence[8];
unsigned char write_sequence[8];
+
+ DTLS_RECORD_LAYER *d;
} RECORD_LAYER;
#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence)
#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence)
+#define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch)
+#define DTLS_RECORD_LAYER_set_w_epoch(rl, e) ((rl)->d->w_epoch = (e))
+#define DTLS_RECORD_LAYER_get_processed_rcds(rl) \
+ ((rl)->d->processed_rcds)
+#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
+ ((rl)->d->unprocessed_rcds)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
__owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragment);
__owur int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
__owur int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0)
#define RECORD_LAYER_get_rstate(rl) ((rl)->rstate)
#define RECORD_LAYER_set_rstate(rl, st) ((rl)->rstate = (st))
+#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
__owur int ssl3_read_n(SSL *s, int n, int max, int extend);
__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len);
-int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
-void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch);
int dtls1_process_buffered_records(SSL *s);