Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(364)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: openssl/ssl/d1_pkt.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: '' Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « openssl/ssl/d1_meth.c ('k') | openssl/ssl/d1_srvr.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* ssl/d1_pkt.c */ 1 /* ssl/d1_pkt.c */
2 /* 2 /*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */ 5 */
6 /* ==================================================================== 6 /* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
115 115
116 #include <stdio.h> 116 #include <stdio.h>
117 #include <errno.h> 117 #include <errno.h>
118 #define USE_SOCKETS 118 #define USE_SOCKETS
119 #include "ssl_locl.h" 119 #include "ssl_locl.h"
120 #include <openssl/evp.h> 120 #include <openssl/evp.h>
121 #include <openssl/buffer.h> 121 #include <openssl/buffer.h>
122 #include <openssl/pqueue.h> 122 #include <openssl/pqueue.h>
123 #include <openssl/rand.h> 123 #include <openssl/rand.h>
124 124
125 /* mod 128 saturating subtract of two 64-bit values in big-endian order */
126 static int satsub64be(const unsigned char *v1,const unsigned char *v2)
127 { int ret,sat,brw,i;
128
129 if (sizeof(long) == 8) do
130 { const union { long one; char little; } is_endian = {1};
131 long l;
132
133 if (is_endian.little) break;
134 /* not reached on little-endians */
135 /* following test is redundant, because input is
136 * always aligned, but I take no chances... */
137 if (((size_t)v1|(size_t)v2)&0x7) break;
138
139 l = *((long *)v1);
140 l -= *((long *)v2);
141 if (l>128) return 128;
142 else if (l<-128) return -128;
143 else return (int)l;
144 } while (0);
145
146 ret = (int)v1[7]-(int)v2[7];
147 sat = 0;
148 brw = ret>>8; /* brw is either 0 or -1 */
149 if (ret & 0x80)
150 { for (i=6;i>=0;i--)
151 { brw += (int)v1[i]-(int)v2[i];
152 sat |= ~brw;
153 brw >>= 8;
154 }
155 }
156 else
157 { for (i=6;i>=0;i--)
158 { brw += (int)v1[i]-(int)v2[i];
159 sat |= brw;
160 brw >>= 8;
161 }
162 }
163 brw <<= 8; /* brw is either 0 or -256 */
164
165 if (sat&0xff) return brw | 0x80;
166 else return brw + (ret&0xFF);
167 }
168
125 static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 169 static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
126 int len, int peek); 170 int len, int peek);
127 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, 171 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
128 » PQ_64BIT *seq_num);
129 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); 172 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
130 static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 173 static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
131 unsigned int *is_next_epoch); 174 unsigned int *is_next_epoch);
132 #if 0 175 #if 0
133 static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, 176 static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
134 unsigned short *priority, unsigned long *offset); 177 unsigned short *priority, unsigned long *offset);
135 #endif 178 #endif
136 static int dtls1_buffer_record(SSL *s, record_pqueue *q, 179 static int dtls1_buffer_record(SSL *s, record_pqueue *q,
137 » PQ_64BIT *priority); 180 » unsigned char *priority);
138 static int dtls1_process_record(SSL *s); 181 static int dtls1_process_record(SSL *s);
139 #if PQ_64BIT_IS_INTEGER
140 static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
141 #endif
142 static void dtls1_clear_timeouts(SSL *s); 182 static void dtls1_clear_timeouts(SSL *s);
143 183
144 /* copy buffered record into SSL structure */ 184 /* copy buffered record into SSL structure */
145 static int 185 static int
146 dtls1_copy_record(SSL *s, pitem *item) 186 dtls1_copy_record(SSL *s, pitem *item)
147 { 187 {
148 DTLS1_RECORD_DATA *rdata; 188 DTLS1_RECORD_DATA *rdata;
149 189
150 rdata = (DTLS1_RECORD_DATA *)item->data; 190 rdata = (DTLS1_RECORD_DATA *)item->data;
151 191
152 if (s->s3->rbuf.buf != NULL) 192 if (s->s3->rbuf.buf != NULL)
153 OPENSSL_free(s->s3->rbuf.buf); 193 OPENSSL_free(s->s3->rbuf.buf);
154 194
155 s->packet = rdata->packet; 195 s->packet = rdata->packet;
156 s->packet_length = rdata->packet_length; 196 s->packet_length = rdata->packet_length;
157 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 197 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
158 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 198 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
159 199
160 /* Set proper sequence number for mac calculation */ 200 /* Set proper sequence number for mac calculation */
161 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); 201 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
162 202
163 return(1); 203 return(1);
164 } 204 }
165 205
166 206
167 static int 207 static int
168 dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT *priority) 208 dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
169 { 209 » {
170 DTLS1_RECORD_DATA *rdata; 210 » DTLS1_RECORD_DATA *rdata;
171 pitem *item; 211 pitem *item;
172 212
173 /* Limit the size of the queue to prevent DOS attacks */ 213 /* Limit the size of the queue to prevent DOS attacks */
174 if (pqueue_size(queue->q) >= 100) 214 if (pqueue_size(queue->q) >= 100)
175 return 0; 215 return 0;
176 216
177 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); 217 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
178 » item = pitem_new(*priority, rdata); 218 » item = pitem_new(priority, rdata);
179 if (rdata == NULL || item == NULL) 219 if (rdata == NULL || item == NULL)
180 { 220 {
181 if (rdata != NULL) OPENSSL_free(rdata); 221 if (rdata != NULL) OPENSSL_free(rdata);
182 if (item != NULL) pitem_free(item); 222 if (item != NULL) pitem_free(item);
183 223
184 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); 224 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
185 return(0); 225 return(0);
186 } 226 }
187 227
188 rdata->packet = s->packet; 228 rdata->packet = s->packet;
(...skipping 18 matching lines...) Expand all
207 247
208 if (!ssl3_setup_buffers(s)) 248 if (!ssl3_setup_buffers(s))
209 { 249 {
210 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); 250 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
211 OPENSSL_free(rdata); 251 OPENSSL_free(rdata);
212 pitem_free(item); 252 pitem_free(item);
213 return(0); 253 return(0);
214 } 254 }
215 255
216 return(1); 256 return(1);
217 } 257 » }
218 258
219 259
220 static int 260 static int
221 dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) 261 dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
222 { 262 {
223 pitem *item; 263 pitem *item;
224 264
225 item = pqueue_pop(queue->q); 265 item = pqueue_pop(queue->q);
226 if (item) 266 if (item)
227 { 267 {
(...skipping 21 matching lines...) Expand all
249 &((s)->d1->processed_rcds)) 289 &((s)->d1->processed_rcds))
250 290
251 static int 291 static int
252 dtls1_process_buffered_records(SSL *s) 292 dtls1_process_buffered_records(SSL *s)
253 { 293 {
254 pitem *item; 294 pitem *item;
255 295
256 item = pqueue_peek(s->d1->unprocessed_rcds.q); 296 item = pqueue_peek(s->d1->unprocessed_rcds.q);
257 if (item) 297 if (item)
258 { 298 {
259 DTLS1_RECORD_DATA *rdata;
260 rdata = (DTLS1_RECORD_DATA *)item->data;
261
262 /* Check if epoch is current. */ 299 /* Check if epoch is current. */
263 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) 300 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
264 return(1); /* Nothing to do. */ 301 return(1); /* Nothing to do. */
265 302
266 /* Process all the records. */ 303 /* Process all the records. */
267 while (pqueue_peek(s->d1->unprocessed_rcds.q)) 304 while (pqueue_peek(s->d1->unprocessed_rcds.q))
268 { 305 {
269 dtls1_get_unprocessed_record(s); 306 dtls1_get_unprocessed_record(s);
270 if ( ! dtls1_process_record(s)) 307 if ( ! dtls1_process_record(s))
271 return(0); 308 return(0);
272 dtls1_buffer_record(s, &(s->d1->processed_rcds), 309 dtls1_buffer_record(s, &(s->d1->processed_rcds),
273 &s->s3->rrec.seq_num); 310 s->s3->rrec.seq_num);
274 } 311 }
275 } 312 }
276 313
277 /* sync epoch numbers once all the unprocessed records 314 /* sync epoch numbers once all the unprocessed records
278 * have been processed */ 315 * have been processed */
279 s->d1->processed_rcds.epoch = s->d1->r_epoch; 316 s->d1->processed_rcds.epoch = s->d1->r_epoch;
280 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; 317 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
281 318
282 return(1); 319 return(1);
283 } 320 }
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
324 } 361 }
325 362
326 return 0; 363 return 0;
327 } 364 }
328 365
329 #endif 366 #endif
330 367
331 static int 368 static int
332 dtls1_process_record(SSL *s) 369 dtls1_process_record(SSL *s)
333 { 370 {
334 int i,al; 371 » int i,al;
335 int clear=0; 372 int clear=0;
336 int enc_err; 373 » int enc_err;
337 SSL_SESSION *sess; 374 SSL_SESSION *sess;
338 SSL3_RECORD *rr; 375 » SSL3_RECORD *rr;
339 unsigned int mac_size; 376 unsigned int mac_size;
340 unsigned char md[EVP_MAX_MD_SIZE]; 377 unsigned char md[EVP_MAX_MD_SIZE];
378 int decryption_failed_or_bad_record_mac = 0;
341 379
342 380
343 rr= &(s->s3->rrec); 381 rr= &(s->s3->rrec);
344 sess = s->session; 382 » sess = s->session;
345 383
346 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 384 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
347 * and we have that many bytes in s->packet 385 * and we have that many bytes in s->packet
348 */ 386 */
349 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); 387 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
350 388
351 /* ok, we can now read from 's->packet' data into 'rr' 389 /* ok, we can now read from 's->packet' data into 'rr'
352 * rr->input points at rr->length bytes, which 390 * rr->input points at rr->length bytes, which
353 * need to be copied into rr->data by either 391 * need to be copied into rr->data by either
354 * the decryption or by the decompression 392 * the decryption or by the decompression
(...skipping 10 matching lines...) Expand all
365 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LON G); 403 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LON G);
366 goto f_err; 404 goto f_err;
367 } 405 }
368 406
369 /* decrypt in place in 'rr->input' */ 407 /* decrypt in place in 'rr->input' */
370 rr->data=rr->input; 408 rr->data=rr->input;
371 409
372 enc_err = s->method->ssl3_enc->enc(s,0); 410 enc_err = s->method->ssl3_enc->enc(s,0);
373 if (enc_err <= 0) 411 if (enc_err <= 0)
374 { 412 {
375 » » if (enc_err == 0) 413 » » /* To minimize information leaked via timing, we will always
376 » » » /* SSLerr() and ssl3_send_alert() have been called */ 414 » » * perform all computations before discarding the message.
377 » » » goto err; 415 » » */
378 416 » » decryption_failed_or_bad_record_mac = 1;
379 » » /* otherwise enc_err == -1 */
380 » » goto err;
381 } 417 }
382 418
383 #ifdef TLS_DEBUG 419 #ifdef TLS_DEBUG
384 printf("dec %d\n",rr->length); 420 printf("dec %d\n",rr->length);
385 { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1 )%16)?' ':'\n'); } 421 { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1 )%16)?' ':'\n'); }
386 printf("\n"); 422 printf("\n");
387 #endif 423 #endif
388 424
389 /* r->length is now the compressed data plus mac */ 425 /* r->length is now the compressed data plus mac */
390 if (» (sess == NULL) || 426 » if (» (sess == NULL) ||
391 (s->enc_read_ctx == NULL) || 427 (s->enc_read_ctx == NULL) ||
392 (s->read_hash == NULL)) 428 (s->read_hash == NULL))
393 clear=1; 429 » » clear=1;
394 430
395 if (!clear) 431 if (!clear)
396 { 432 {
397 » » mac_size=EVP_MD_size(s->read_hash); 433 » » /* !clear => s->read_hash != NULL => mac_size != -1 */
434 » » int t;
435 » » t=EVP_MD_CTX_size(s->read_hash);
436 » » OPENSSL_assert(t >= 0);
437 » » mac_size=t;
398 438
399 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 439 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
400 { 440 {
401 #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ 441 #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
402 al=SSL_AD_RECORD_OVERFLOW; 442 al=SSL_AD_RECORD_OVERFLOW;
403 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_T OO_LONG); 443 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_T OO_LONG);
404 goto f_err; 444 goto f_err;
405 #else 445 #else
406 » » » goto err; 446 » » » decryption_failed_or_bad_record_mac = 1;
407 #endif 447 #endif
408 } 448 }
409 /* check the MAC for rr->input (it's in mac_size bytes at the ta il) */ 449 /* check the MAC for rr->input (it's in mac_size bytes at the ta il) */
410 if (rr->length < mac_size) 450 if (rr->length < mac_size)
411 { 451 {
412 #if 0 /* OK only for stream ciphers */ 452 #if 0 /* OK only for stream ciphers */
413 al=SSL_AD_DECODE_ERROR; 453 al=SSL_AD_DECODE_ERROR;
414 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT ); 454 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT );
415 goto f_err; 455 goto f_err;
416 #else 456 #else
417 » » » goto err; 457 » » » decryption_failed_or_bad_record_mac = 1;
418 #endif 458 #endif
419 } 459 }
420 rr->length-=mac_size; 460 rr->length-=mac_size;
421 i=s->method->ssl3_enc->mac(s,md,0); 461 i=s->method->ssl3_enc->mac(s,md,0);
422 » » if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) 462 » » if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
423 { 463 {
424 » » » goto err; 464 » » » decryption_failed_or_bad_record_mac = 1;
425 } 465 }
426 } 466 }
427 467
468 if (decryption_failed_or_bad_record_mac)
469 {
470 /* decryption failed, silently discard message */
471 rr->length = 0;
472 s->packet_length = 0;
473 goto err;
474 }
475
428 /* r->length is now just compressed */ 476 /* r->length is now just compressed */
429 if (s->expand != NULL) 477 if (s->expand != NULL)
430 { 478 {
431 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) 479 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
432 { 480 {
433 al=SSL_AD_RECORD_OVERFLOW; 481 al=SSL_AD_RECORD_OVERFLOW;
434 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGT H_TOO_LONG); 482 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGT H_TOO_LONG);
435 goto f_err; 483 goto f_err;
436 } 484 }
437 if (!ssl3_do_uncompress(s)) 485 if (!ssl3_do_uncompress(s))
(...skipping 15 matching lines...) Expand all
453 /* So at this point the following is true 501 /* So at this point the following is true
454 * ssl->s3->rrec.type is the type of record 502 * ssl->s3->rrec.type is the type of record
455 * ssl->s3->rrec.length == number of bytes in record 503 * ssl->s3->rrec.length == number of bytes in record
456 * ssl->s3->rrec.off == offset to first valid byte 504 * ssl->s3->rrec.off == offset to first valid byte
457 * ssl->s3->rrec.data == where to take bytes from, increment 505 * ssl->s3->rrec.data == where to take bytes from, increment
458 * after use :-). 506 * after use :-).
459 */ 507 */
460 508
461 /* we have pulled in a full packet so zero things */ 509 /* we have pulled in a full packet so zero things */
462 s->packet_length=0; 510 s->packet_length=0;
463 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. * / 511 » dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of recor d. */
464 return(1); 512 » return(1);
465 513
466 f_err: 514 f_err:
467 ssl3_send_alert(s,SSL3_AL_FATAL,al); 515 ssl3_send_alert(s,SSL3_AL_FATAL,al);
468 err: 516 err:
469 return(0); 517 return(0);
470 } 518 }
471 519
472 520
473 /* Call this to get a new input record. 521 /* Call this to get a new input record.
474 * It will return <= 0 if more data is needed, normally due to an error 522 * It will return <= 0 if more data is needed, normally due to an error
475 * or non-blocking IO. 523 * or non-blocking IO.
476 * When it finishes, one packet has been decoded and can be found in 524 * When it finishes, one packet has been decoded and can be found in
477 * ssl->s3->rrec.type - is the type of record 525 * ssl->s3->rrec.type - is the type of record
478 * ssl->s3->rrec.data, - data 526 * ssl->s3->rrec.data, - data
479 * ssl->s3->rrec.length, - number of bytes 527 * ssl->s3->rrec.length, - number of bytes
480 */ 528 */
481 /* used only by dtls1_read_bytes */ 529 /* used only by dtls1_read_bytes */
482 int dtls1_get_record(SSL *s) 530 int dtls1_get_record(SSL *s)
483 { 531 {
484 int ssl_major,ssl_minor; 532 int ssl_major,ssl_minor;
485 int i,n; 533 int i,n;
486 SSL3_RECORD *rr; 534 SSL3_RECORD *rr;
487 SSL_SESSION *sess;
488 unsigned char *p = NULL; 535 unsigned char *p = NULL;
489 unsigned short version; 536 unsigned short version;
490 DTLS1_BITMAP *bitmap; 537 DTLS1_BITMAP *bitmap;
491 unsigned int is_next_epoch; 538 unsigned int is_next_epoch;
492 539
493 rr= &(s->s3->rrec); 540 rr= &(s->s3->rrec);
494 sess=s->session;
495 541
496 /* The epoch may have changed. If so, process all the 542 » /* The epoch may have changed. If so, process all the
497 * pending records. This is a non-blocking operation. */ 543 » * pending records. This is a non-blocking operation. */
498 dtls1_process_buffered_records(s); 544 » dtls1_process_buffered_records(s);
499 545
500 /* if we're renegotiating, then there may be buffered records */ 546 /* if we're renegotiating, then there may be buffered records */
501 if (dtls1_get_processed_record(s)) 547 if (dtls1_get_processed_record(s))
502 return 1; 548 return 1;
503 549
504 /* get something from the wire */ 550 /* get something from the wire */
505 again: 551 again:
506 /* check if we have the header */ 552 /* check if we have the header */
507 if ( (s->rstate != SSL_ST_READ_BODY) || 553 if ( (s->rstate != SSL_ST_READ_BODY) ||
508 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) 554 (s->packet_length < DTLS1_RT_HEADER_LENGTH))
(...skipping 23 matching lines...) Expand all
532 n2s(p,rr->epoch); 578 n2s(p,rr->epoch);
533 579
534 memcpy(&(s->s3->read_sequence[2]), p, 6); 580 memcpy(&(s->s3->read_sequence[2]), p, 6);
535 p+=6; 581 p+=6;
536 582
537 n2s(p,rr->length); 583 n2s(p,rr->length);
538 584
539 /* Lets check version */ 585 /* Lets check version */
540 if (!s->first_packet) 586 if (!s->first_packet)
541 { 587 {
542 » » » if (version != s->version && version != DTLS1_BAD_VER) 588 » » » if (version != s->version)
543 { 589 {
544 /* unexpected version, silently discard */ 590 /* unexpected version, silently discard */
545 rr->length = 0; 591 rr->length = 0;
546 s->packet_length = 0; 592 s->packet_length = 0;
547 goto again; 593 goto again;
548 } 594 }
549 } 595 }
550 596
551 » » if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) && 597 » » if ((version & 0xff00) != (s->version & 0xff00))
552 » » (version & 0xff00) != (DTLS1_BAD_VER & 0xff00))
553 { 598 {
554 /* wrong version, silently discard record */ 599 /* wrong version, silently discard record */
555 rr->length = 0; 600 rr->length = 0;
556 s->packet_length = 0; 601 s->packet_length = 0;
557 goto again; 602 goto again;
558 } 603 }
559 604
560 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 605 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
561 { 606 {
562 /* record too long, silently discard it */ 607 /* record too long, silently discard it */
563 rr->length = 0; 608 rr->length = 0;
564 s->packet_length = 0; 609 s->packet_length = 0;
565 goto again; 610 goto again;
566 } 611 }
567 612
568 » » s->client_version = version; 613 » » /* If we receive a valid record larger than the current buffer s ize,
614 » » * allocate some memory for it.
615 » » */
616 » » if (rr->length > s->s3->rbuf.len - DTLS1_RT_HEADER_LENGTH)
617 » » » {
618 » » » unsigned char *pp;
619 » » » unsigned int newlen = rr->length + DTLS1_RT_HEADER_LENGT H;
620 » » » if ((pp=OPENSSL_realloc(s->s3->rbuf.buf, newlen))==NULL)
621 » » » » {
622 » » » » SSLerr(SSL_F_DTLS1_GET_RECORD,ERR_R_MALLOC_FAILU RE);
623 » » » » return(-1);
624 » » » » }
625 » » » p = pp + (p - s->s3->rbuf.buf);
626 » » » s->s3->rbuf.buf=pp;
627 » » » s->s3->rbuf.len=newlen;
628 » » » s->packet= &(s->s3->rbuf.buf[0]);
629 » » » }
630
569 /* now s->rstate == SSL_ST_READ_BODY */ 631 /* now s->rstate == SSL_ST_READ_BODY */
570 } 632 }
571 633
572 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 634 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
573 635
574 if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH) 636 if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
575 { 637 {
576 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ 638 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
577 i=rr->length; 639 i=rr->length;
578 n=ssl3_read_n(s,i,i,1); 640 n=ssl3_read_n(s,i,i,1);
579 if (n <= 0) return(n); /* error or non-blocking io */ 641 if (n <= 0) return(n); /* error or non-blocking io */
580 642
581 /* this packet contained a partial record, dump it */ 643 /* this packet contained a partial record, dump it */
582 if ( n != i) 644 if ( n != i)
583 { 645 {
584 rr->length = 0; 646 rr->length = 0;
585 s->packet_length = 0; 647 s->packet_length = 0;
586 goto again; 648 goto again;
587 } 649 }
588 650
589 /* now n == rr->length, 651 /* now n == rr->length,
590 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length * / 652 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length * /
591 } 653 }
592 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ 654 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
593 655
594 /* match epochs. NULL means the packet is dropped on the floor */ 656 /* match epochs. NULL means the packet is dropped on the floor */
595 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); 657 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
596 if ( bitmap == NULL) 658 if ( bitmap == NULL)
597 { 659 » » {
598 » rr->length = 0; 660 » » rr->length = 0;
599 s->packet_length = 0; /* dump this record */ 661 » » s->packet_length = 0; /* dump this record */
600 goto again; /* get another record */ 662 » » goto again; /* get another record */
601 } 663 }
602 664
603 » /* Check whether this is a repeat, or aged record. 665 » /* Check whether this is a repeat, or aged record.
604 * Don't check if we're listening and this message is 666 * Don't check if we're listening and this message is
605 * a ClientHello. They can look as if they're replayed, 667 * a ClientHello. They can look as if they're replayed,
606 * since they arrive from different connections and 668 * since they arrive from different connections and
607 * would be dropped unnecessarily. 669 * would be dropped unnecessarily.
608 */ 670 */
609 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && 671 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
610 *p == SSL3_MT_CLIENT_HELLO) && 672 *p == SSL3_MT_CLIENT_HELLO) &&
611 » » ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) 673 » » !dtls1_record_replay_check(s, bitmap))
612 { 674 {
613 rr->length = 0; 675 rr->length = 0;
614 s->packet_length=0; /* dump this record */ 676 s->packet_length=0; /* dump this record */
615 goto again; /* get another record */ 677 goto again; /* get another record */
616 } 678 }
617 679
618 /* just read a 0 length packet */ 680 /* just read a 0 length packet */
619 if (rr->length == 0) goto again; 681 if (rr->length == 0) goto again;
620 682
621 /* If this record is from the next epoch (either HM or ALERT), 683 /* If this record is from the next epoch (either HM or ALERT),
622 * and a handshake is currently in progress, buffer it since it 684 * and a handshake is currently in progress, buffer it since it
623 » * cannot be processed at this time. */ 685 » * cannot be processed at this time. However, do not buffer
686 » * anything while listening.
687 » */
624 if (is_next_epoch) 688 if (is_next_epoch)
625 { 689 {
626 » » if (SSL_in_init(s) || s->in_handshake) 690 » » if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
627 { 691 {
628 » » » dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr-> seq_num); 692 » » » dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->s eq_num);
629 } 693 }
630 rr->length = 0; 694 rr->length = 0;
631 s->packet_length = 0; 695 » » s->packet_length = 0;
632 goto again; 696 » » goto again;
633 } 697 » » }
634 698
635 if (!dtls1_process_record(s)) 699 » if (!dtls1_process_record(s))
636 { 700 {
637 rr->length = 0; 701 rr->length = 0;
638 » » s->packet_length=0; /* dump this record */ 702 » » s->packet_length = 0; /* dump this record */
639 » » goto again; /* get another record */ 703 » » goto again; /* get another record */
640 } 704 }
641 705
642 dtls1_clear_timeouts(s); /* done waiting */ 706 dtls1_clear_timeouts(s); /* done waiting */
643 return(1); 707 return(1);
644 708
645 } 709 }
646 710
647 /* Return up to 'len' payload bytes received in 'type' records. 711 /* Return up to 'len' payload bytes received in 'type' records.
648 * 'type' is one of the following: 712 * 'type' is one of the following:
649 * 713 *
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after
758 822
759 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 823 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
760 * reset by ssl3_get_finished */ 824 * reset by ssl3_get_finished */
761 && (rr->type != SSL3_RT_HANDSHAKE)) 825 && (rr->type != SSL3_RT_HANDSHAKE))
762 { 826 {
763 /* We now have application data between CCS and Finished. 827 /* We now have application data between CCS and Finished.
764 * Most likely the packets were reordered on their way, so 828 * Most likely the packets were reordered on their way, so
765 * buffer the application data for later processing rather 829 * buffer the application data for later processing rather
766 * than dropping the connection. 830 * than dropping the connection.
767 */ 831 */
768 » » dtls1_buffer_record(s, &(s->d1->buffered_app_data), &rr->seq_num ); 832 » » dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num) ;
769 rr->length = 0; 833 rr->length = 0;
770 goto start; 834 goto start;
771 } 835 }
772 836
773 /* If the other end has shut down, throw anything we read away 837 /* If the other end has shut down, throw anything we read away
774 * (even in 'peek' mode) */ 838 * (even in 'peek' mode) */
775 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 839 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
776 { 840 {
777 rr->length=0; 841 rr->length=0;
778 s->rwstate=SSL_NOTHING; 842 s->rwstate=SSL_NOTHING;
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after
1040 return(0); 1104 return(0);
1041 } 1105 }
1042 1106
1043 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1107 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1044 { 1108 {
1045 struct ccs_header_st ccs_hdr; 1109 struct ccs_header_st ccs_hdr;
1046 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; 1110 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
1047 1111
1048 dtls1_get_ccs_header(rr->data, &ccs_hdr); 1112 dtls1_get_ccs_header(rr->data, &ccs_hdr);
1049 1113
1114 if (s->version == DTLS1_BAD_VER)
1115 ccs_hdr_len = 3;
1116
1050 /* 'Change Cipher Spec' is just a single byte, so we know 1117 /* 'Change Cipher Spec' is just a single byte, so we know
1051 * exactly what the record payload has to look like */ 1118 * exactly what the record payload has to look like */
1052 /* XDTLS: check that epoch is consistent */ 1119 /* XDTLS: check that epoch is consistent */
1053 » » if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BA D_VER) 1120 » » if (» (rr->length != ccs_hdr_len) ||
1054 » » » ccs_hdr_len = 3; 1121 » » » (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
1055
1056 » » if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0 ] != SSL3_MT_CCS))
1057 { 1122 {
1058 i=SSL_AD_ILLEGAL_PARAMETER; 1123 i=SSL_AD_ILLEGAL_PARAMETER;
1059 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SP EC); 1124 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SP EC);
1060 goto err; 1125 goto err;
1061 } 1126 }
1062 1127
1063 rr->length=0; 1128 rr->length=0;
1064 1129
1065 if (s->msg_callback) 1130 if (s->msg_callback)
1066 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPE C, 1131 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPE C,
1067 rr->data, 1, s, s->msg_callback_arg); 1132 rr->data, 1, s, s->msg_callback_arg);
1068 1133
1069 /* We can't process a CCS now, because previous handshake 1134 /* We can't process a CCS now, because previous handshake
1070 * messages are still missing, so just drop it. 1135 * messages are still missing, so just drop it.
1071 */ 1136 */
1072 if (!s->d1->change_cipher_spec_ok) 1137 if (!s->d1->change_cipher_spec_ok)
1073 { 1138 {
1074 goto start; 1139 goto start;
1075 } 1140 }
1076 1141
1077 s->d1->change_cipher_spec_ok = 0; 1142 s->d1->change_cipher_spec_ok = 0;
1078 1143
1079 s->s3->change_cipher_spec=1; 1144 s->s3->change_cipher_spec=1;
1080 if (!ssl3_do_change_cipher_spec(s)) 1145 if (!ssl3_do_change_cipher_spec(s))
1081 goto err; 1146 goto err;
1082 1147
1083 /* do this whenever CCS is processed */ 1148 /* do this whenever CCS is processed */
1084 dtls1_reset_seq_numbers(s, SSL3_CC_READ); 1149 dtls1_reset_seq_numbers(s, SSL3_CC_READ);
1085 1150
1086 » » if (s->client_version == DTLS1_BAD_VER) 1151 » » if (s->version == DTLS1_BAD_VER)
1087 s->d1->handshake_read_seq++; 1152 s->d1->handshake_read_seq++;
1088 1153
1089 goto start; 1154 goto start;
1090 } 1155 }
1091 1156
1092 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1157 /* Unexpected handshake message (Client Hello, or protocol violation) */
1093 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 1158 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1094 !s->in_handshake) 1159 !s->in_handshake)
1095 { 1160 {
1096 struct hm_header_st msg_hdr; 1161 struct hm_header_st msg_hdr;
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after
1292 1357
1293 int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) 1358 int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
1294 { 1359 {
1295 unsigned char *p,*pseq; 1360 unsigned char *p,*pseq;
1296 int i,mac_size,clear=0; 1361 int i,mac_size,clear=0;
1297 int prefix_len = 0; 1362 int prefix_len = 0;
1298 SSL3_RECORD *wr; 1363 SSL3_RECORD *wr;
1299 SSL3_BUFFER *wb; 1364 SSL3_BUFFER *wb;
1300 SSL_SESSION *sess; 1365 SSL_SESSION *sess;
1301 int bs; 1366 int bs;
1367 unsigned int len_with_overhead = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD;
1302 1368
1303 /* first check if there is a SSL3_BUFFER still being written 1369 /* first check if there is a SSL3_BUFFER still being written
1304 * out. This will happen with non blocking IO */ 1370 * out. This will happen with non blocking IO */
1305 if (s->s3->wbuf.left != 0) 1371 if (s->s3->wbuf.left != 0)
1306 { 1372 {
1307 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ 1373 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1308 return(ssl3_write_pending(s,type,buf,len)); 1374 return(ssl3_write_pending(s,type,buf,len));
1309 } 1375 }
1310 1376
1377 if (s->s3->wbuf.len < len_with_overhead)
1378 {
1379 if ((p=OPENSSL_realloc(s->s3->wbuf.buf, len_with_overhead)) == N ULL) {
1380 SSLerr(SSL_F_DO_DTLS1_WRITE,ERR_R_MALLOC_FAILURE);
1381 goto err;
1382 }
1383 s->s3->wbuf.buf = p;
1384 s->s3->wbuf.len = len_with_overhead;
1385 }
1386
1311 /* If we have an alert to send, lets send it */ 1387 /* If we have an alert to send, lets send it */
1312 if (s->s3->alert_dispatch) 1388 if (s->s3->alert_dispatch)
1313 { 1389 {
1314 i=s->method->ssl_dispatch_alert(s); 1390 i=s->method->ssl_dispatch_alert(s);
1315 if (i <= 0) 1391 if (i <= 0)
1316 return(i); 1392 return(i);
1317 /* if it went, fall through and send more stuff */ 1393 /* if it went, fall through and send more stuff */
1318 } 1394 }
1319 1395
1320 if (len == 0 && !create_empty_fragment) 1396 if (len == 0 && !create_empty_fragment)
1321 return 0; 1397 return 0;
1322 1398
1323 wr= &(s->s3->wrec); 1399 wr= &(s->s3->wrec);
1324 wb= &(s->s3->wbuf); 1400 wb= &(s->s3->wbuf);
1325 sess=s->session; 1401 sess=s->session;
1326 1402
1327 if ( (sess == NULL) || 1403 if ( (sess == NULL) ||
1328 (s->enc_write_ctx == NULL) || 1404 (s->enc_write_ctx == NULL) ||
1329 » » (s->write_hash == NULL)) 1405 » » (EVP_MD_CTX_md(s->write_hash) == NULL))
1330 clear=1; 1406 clear=1;
1331 1407
1332 if (clear) 1408 if (clear)
1333 mac_size=0; 1409 mac_size=0;
1334 else 1410 else
1335 » » mac_size=EVP_MD_size(s->write_hash); 1411 » » {
1412 » » mac_size=EVP_MD_CTX_size(s->write_hash);
1413 » » if (mac_size < 0)
1414 » » » goto err;
1415 » » }
1336 1416
1337 /* DTLS implements explicit IV, so no need for empty fragments */ 1417 /* DTLS implements explicit IV, so no need for empty fragments */
1338 #if 0 1418 #if 0
1339 /* 'create_empty_fragment' is true only when this function calls itself */ 1419 /* 'create_empty_fragment' is true only when this function calls itself */
1340 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done 1420 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
1341 && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VE R) 1421 && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VE R)
1342 { 1422 {
1343 /* countermeasure against known-IV weakness in CBC ciphersuites 1423 /* countermeasure against known-IV weakness in CBC ciphersuites
1344 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 1424 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1345 */ 1425 */
(...skipping 12 matching lines...) Expand all
1358 { 1438 {
1359 /* insufficient space */ 1439 /* insufficient space */
1360 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERRO R); 1440 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERRO R);
1361 goto err; 1441 goto err;
1362 } 1442 }
1363 } 1443 }
1364 1444
1365 s->s3->empty_fragment_done = 1; 1445 s->s3->empty_fragment_done = 1;
1366 } 1446 }
1367 #endif 1447 #endif
1368
1369 p = wb->buf + prefix_len; 1448 p = wb->buf + prefix_len;
1370 1449
1371 /* write the header */ 1450 /* write the header */
1372 1451
1373 *(p++)=type&0xff; 1452 *(p++)=type&0xff;
1374 wr->type=type; 1453 wr->type=type;
1375 1454
1376 » if (s->client_version == DTLS1_BAD_VER) 1455 » *(p++)=(s->version>>8);
1377 » » *(p++) = DTLS1_BAD_VER>>8, 1456 » *(p++)=s->version&0xff;
1378 » » *(p++) = DTLS1_BAD_VER&0xff;
1379 » else
1380 » » *(p++)=(s->version>>8),
1381 » » *(p++)=s->version&0xff;
1382 1457
1383 /* field where we are to write out packet epoch, seq num and len */ 1458 /* field where we are to write out packet epoch, seq num and len */
1384 pseq=p; 1459 pseq=p;
1385 p+=10; 1460 p+=10;
1386 1461
1387 /* lets setup the record stuff. */ 1462 /* lets setup the record stuff. */
1388 1463
1389 /* Make space for the explicit IV in case of CBC. 1464 /* Make space for the explicit IV in case of CBC.
1390 * (this is a bit of a boundary violation, but what the heck). 1465 * (this is a bit of a boundary violation, but what the heck).
1391 */ 1466 */
(...skipping 24 matching lines...) Expand all
1416 memcpy(wr->data,wr->input,wr->length); 1491 memcpy(wr->data,wr->input,wr->length);
1417 wr->input=wr->data; 1492 wr->input=wr->data;
1418 } 1493 }
1419 1494
1420 /* we should still have the output to wr->data and the input 1495 /* we should still have the output to wr->data and the input
1421 * from wr->input. Length should be wr->length. 1496 * from wr->input. Length should be wr->length.
1422 * wr->data still points in the wb->buf */ 1497 * wr->data still points in the wb->buf */
1423 1498
1424 if (mac_size != 0) 1499 if (mac_size != 0)
1425 { 1500 {
1426 » » s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1); 1501 » » if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
1502 » » » goto err;
1427 wr->length+=mac_size; 1503 wr->length+=mac_size;
1428 } 1504 }
1429 1505
1430 /* this is true regardless of mac size */ 1506 /* this is true regardless of mac size */
1431 wr->input=p; 1507 wr->input=p;
1432 wr->data=p; 1508 wr->data=p;
1433 1509
1434 1510
1435 /* ssl3_enc can only have an error on read */ 1511 /* ssl3_enc can only have an error on read */
1436 if (bs) /* bs != 0 in case of CBC */ 1512 if (bs) /* bs != 0 in case of CBC */
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
1493 s->s3->wpend_ret=len; 1569 s->s3->wpend_ret=len;
1494 1570
1495 /* we now just need to write the buffer */ 1571 /* we now just need to write the buffer */
1496 return ssl3_write_pending(s,type,buf,len); 1572 return ssl3_write_pending(s,type,buf,len);
1497 err: 1573 err:
1498 return -1; 1574 return -1;
1499 } 1575 }
1500 1576
1501 1577
1502 1578
1503 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, 1579 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1504 » PQ_64BIT *seq_num)
1505 { 1580 {
1506 #if PQ_64BIT_IS_INTEGER 1581 » int cmp;
1507 » PQ_64BIT mask = 0x0000000000000001L; 1582 » unsigned int shift;
1508 #endif 1583 » const unsigned char *seq = s->s3->read_sequence;
1509 » PQ_64BIT rcd_num, tmp;
1510 1584
1511 » pq_64bit_init(&rcd_num); 1585 » cmp = satsub64be(seq,bitmap->max_seq_num);
1512 » pq_64bit_init(&tmp); 1586 » if (cmp > 0)
1587 » » {
1588 » » memcpy (s->s3->rrec.seq_num,seq,8);
1589 » » return 1; /* this record in new */
1590 » » }
1591 » shift = -cmp;
1592 » if (shift >= sizeof(bitmap->map)*8)
1593 » » return 0; /* stale, outside the window */
1594 » else if (bitmap->map & (1UL<<shift))
1595 » » return 0; /* record previously received */
1513 1596
1514 » /* this is the sequence number for the record just read */ 1597 » memcpy (s->s3->rrec.seq_num,seq,8);
1515 » pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
1516
1517 »
1518 » if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
1519 » » pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
1520 » » {
1521 » » pq_64bit_assign(seq_num, &rcd_num);
1522 » » pq_64bit_free(&rcd_num);
1523 » » pq_64bit_free(&tmp);
1524 » » return 1; /* this record is new */
1525 » » }
1526
1527 » pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
1528
1529 » if ( pq_64bit_get_word(&tmp) > bitmap->length)
1530 » » {
1531 » » pq_64bit_free(&rcd_num);
1532 » » pq_64bit_free(&tmp);
1533 » » return 0; /* stale, outside the window */
1534 » » }
1535
1536 #if PQ_64BIT_IS_BIGNUM
1537 » {
1538 » int offset;
1539 » pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
1540 » pq_64bit_sub_word(&tmp, 1);
1541 » offset = pq_64bit_get_word(&tmp);
1542 » if ( pq_64bit_is_bit_set(&(bitmap->map), offset))
1543 » » {
1544 » » pq_64bit_free(&rcd_num);
1545 » » pq_64bit_free(&tmp);
1546 » » return 0;
1547 » » }
1548 » }
1549 #else
1550 » mask <<= (bitmap->max_seq_num - rcd_num - 1);
1551 » if (bitmap->map & mask)
1552 » » return 0; /* record previously received */
1553 #endif
1554 »
1555 » pq_64bit_assign(seq_num, &rcd_num);
1556 » pq_64bit_free(&rcd_num);
1557 » pq_64bit_free(&tmp);
1558 return 1; 1598 return 1;
1559 } 1599 }
1560 1600
1561 1601
1562 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) 1602 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1563 { 1603 {
1604 int cmp;
1564 unsigned int shift; 1605 unsigned int shift;
1565 » PQ_64BIT rcd_num; 1606 » const unsigned char *seq = s->s3->read_sequence;
1566 » PQ_64BIT tmp;
1567 » PQ_64BIT_CTX *ctx;
1568 1607
1569 » pq_64bit_init(&rcd_num); 1608 » cmp = satsub64be(seq,bitmap->max_seq_num);
1570 » pq_64bit_init(&tmp); 1609 » if (cmp > 0)
1571
1572 » pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
1573
1574 » /* unfortunate code complexity due to 64-bit manipulation support
1575 » * on 32-bit machines */
1576 » if ( pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
1577 » » pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
1578 { 1610 {
1579 » » pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num)); 1611 » » shift = cmp;
1580 » » pq_64bit_add_word(&tmp, 1); 1612 » » if (shift < sizeof(bitmap->map)*8)
1581 1613 » » » bitmap->map <<= shift, bitmap->map |= 1UL;
1582 » » shift = (unsigned int)pq_64bit_get_word(&tmp); 1614 » » else
1583 1615 » » » bitmap->map = 1UL;
1584 » » pq_64bit_lshift(&(tmp), &(bitmap->map), shift); 1616 » » memcpy(bitmap->max_seq_num,seq,8);
1585 » » pq_64bit_assign(&(bitmap->map), &tmp);
1586
1587 » » pq_64bit_set_bit(&(bitmap->map), 0);
1588 » » pq_64bit_add_word(&rcd_num, 1);
1589 » » pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num);
1590
1591 » » pq_64bit_assign_word(&tmp, 1);
1592 » » pq_64bit_lshift(&tmp, &tmp, bitmap->length);
1593 » » ctx = pq_64bit_ctx_new(&ctx);
1594 » » pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx);
1595 » » pq_64bit_ctx_free(ctx);
1596 } 1617 }
1597 » else 1618 » else» {
1598 » » { 1619 » » shift = -cmp;
1599 » » pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num); 1620 » » if (shift < sizeof(bitmap->map)*8)
1600 » » pq_64bit_sub_word(&tmp, 1); 1621 » » » bitmap->map |= 1UL<<shift;
1601 » » shift = (unsigned int)pq_64bit_get_word(&tmp);
1602
1603 » » pq_64bit_set_bit(&(bitmap->map), shift);
1604 } 1622 }
1605
1606 pq_64bit_free(&rcd_num);
1607 pq_64bit_free(&tmp);
1608 } 1623 }
1609 1624
1610 1625
1611 int dtls1_dispatch_alert(SSL *s) 1626 int dtls1_dispatch_alert(SSL *s)
1612 { 1627 {
1613 int i,j; 1628 int i,j;
1614 void (*cb)(const SSL *ssl,int type,int val)=NULL; 1629 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1615 unsigned char buf[DTLS1_AL_HEADER_LENGTH]; 1630 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1616 unsigned char *ptr = &buf[0]; 1631 unsigned char *ptr = &buf[0];
1617 1632
(...skipping 26 matching lines...) Expand all
1644 { 1659 {
1645 s->s3->alert_dispatch=1; 1660 s->s3->alert_dispatch=1;
1646 /* fprintf( stderr, "not done with alert\n" ); */ 1661 /* fprintf( stderr, "not done with alert\n" ); */
1647 } 1662 }
1648 else 1663 else
1649 { 1664 {
1650 if (s->s3->send_alert[0] == SSL3_AL_FATAL 1665 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1651 #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1666 #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1652 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAG E 1667 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAG E
1653 #endif 1668 #endif
1654 » » ) 1669 » » )
1655 (void)BIO_flush(s->wbio); 1670 (void)BIO_flush(s->wbio);
1656 1671
1657 if (s->msg_callback) 1672 if (s->msg_callback)
1658 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->sen d_alert, 1673 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->sen d_alert,
1659 2, s, s->msg_callback_arg); 1674 2, s, s->msg_callback_arg);
1660 1675
1661 if (s->info_callback != NULL) 1676 if (s->info_callback != NULL)
1662 cb=s->info_callback; 1677 cb=s->info_callback;
1663 else if (s->ctx->info_callback != NULL) 1678 else if (s->ctx->info_callback != NULL)
1664 cb=s->ctx->info_callback; 1679 cb=s->ctx->info_callback;
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
1763 void 1778 void
1764 dtls1_reset_seq_numbers(SSL *s, int rw) 1779 dtls1_reset_seq_numbers(SSL *s, int rw)
1765 { 1780 {
1766 unsigned char *seq; 1781 unsigned char *seq;
1767 unsigned int seq_bytes = sizeof(s->s3->read_sequence); 1782 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1768 1783
1769 if ( rw & SSL3_CC_READ) 1784 if ( rw & SSL3_CC_READ)
1770 { 1785 {
1771 seq = s->s3->read_sequence; 1786 seq = s->s3->read_sequence;
1772 s->d1->r_epoch++; 1787 s->d1->r_epoch++;
1773 1788 » » memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BIT MAP));
1774 » » pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map)) ;
1775 » » s->d1->bitmap.length = s->d1->next_bitmap.length;
1776 » » pq_64bit_assign(&(s->d1->bitmap.max_seq_num),
1777 » » » &(s->d1->next_bitmap.max_seq_num));
1778
1779 » » pq_64bit_free(&(s->d1->next_bitmap.map));
1780 » » pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
1781 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); 1789 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1782 pq_64bit_init(&(s->d1->next_bitmap.map));
1783 pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
1784 } 1790 }
1785 else 1791 else
1786 { 1792 {
1787 seq = s->s3->write_sequence; 1793 seq = s->s3->write_sequence;
1788 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequ ence)); 1794 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequ ence));
1789 s->d1->w_epoch++; 1795 s->d1->w_epoch++;
1790 } 1796 }
1791 1797
1792 memset(seq, 0x00, seq_bytes); 1798 memset(seq, 0x00, seq_bytes);
1793 } 1799 }
1794 1800
1795 #if PQ_64BIT_IS_INTEGER
1796 static PQ_64BIT
1797 bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num)
1798 {
1799 PQ_64BIT _num;
1800
1801 _num = (((PQ_64BIT)bytes[0]) << 56) |
1802 (((PQ_64BIT)bytes[1]) << 48) |
1803 (((PQ_64BIT)bytes[2]) << 40) |
1804 (((PQ_64BIT)bytes[3]) << 32) |
1805 (((PQ_64BIT)bytes[4]) << 24) |
1806 (((PQ_64BIT)bytes[5]) << 16) |
1807 (((PQ_64BIT)bytes[6]) << 8) |
1808 (((PQ_64BIT)bytes[7]) );
1809
1810 *num = _num ;
1811 return _num;
1812 }
1813 #endif
1814
1815 1801
1816 static void 1802 static void
1817 dtls1_clear_timeouts(SSL *s) 1803 dtls1_clear_timeouts(SSL *s)
1818 { 1804 {
1819 memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st)); 1805 memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
1820 } 1806 }
OLDNEW
« no previous file with comments | « openssl/ssl/d1_meth.c ('k') | openssl/ssl/d1_srvr.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698