static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
int len, int peek);
static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
- unsigned long long *seq_num);
+ BN_ULLONG *seq_num);
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch);
unsigned short *priority, unsigned long *offset);
#endif
static int dtls1_buffer_record(SSL *s, record_pqueue *q,
- unsigned long long priority);
+ BN_ULLONG priority);
static int dtls1_process_record(SSL *s);
-static unsigned long long bytes_to_long_long(unsigned char *bytes);
-static void long_long_to_bytes(unsigned long long num, unsigned char *bytes);
+static BN_ULLONG bytes_to_long_long(unsigned char *bytes);
+static void long_long_to_bytes(BN_ULLONG num, unsigned char *bytes);
static void dtls1_clear_timeouts(SSL *s);
static int
-dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned long long priority)
+dtls1_buffer_record(SSL *s, record_pqueue *queue, BN_ULLONG priority)
{
DTLS1_RECORD_DATA *rdata;
pitem *item;
if (rdata != NULL) OPENSSL_free(rdata);
if (item != NULL) pitem_free(item);
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
return(0);
}
dtls1_get_buffered_record(SSL *s)
{
pitem *item;
- unsigned long long priority =
- (((unsigned long long)s->d1->handshake_read_seq) << 32) |
- ((unsigned long long)s->d1->r_msg_hdr.frag_off);
+ BN_ULLONG priority =
+ (((BN_ULLONG)s->d1->handshake_read_seq) << 32) |
+ ((BN_ULLONG)s->d1->r_msg_hdr.frag_off);
if ( ! SSL_in_init(s)) /* if we're not (re)negotiating,
nothing buffered */
if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
{
al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
goto f_err;
}
{
#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
goto decryption_failed_or_bad_record_mac;
{
#if 0 /* OK only for stream ciphers */
al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
#else
goto decryption_failed_or_bad_record_mac;
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
{
al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
goto f_err;
}
if (!ssl3_do_uncompress(s))
{
al=SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
goto f_err;
}
}
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
{
al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
goto f_err;
}
* we should not reveal which kind of error occured -- this
* might become visible to an attacker (e.g. via logfile) */
al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
unsigned char *p;
short version;
DTLS1_BITMAP *bitmap;
- unsigned long long read_sequence;
+ BN_ULLONG read_sequence;
unsigned int is_next_epoch;
rr= &(s->s3->rrec);
{
if (version != s->version)
{
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+ SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
/* Send back error using their
* version number :-) */
s->version=version;
if ((version & 0xff00) != (DTLS1_VERSION & 0xff00))
{
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+ SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
goto err;
}
if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
{
al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+ SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
goto f_err;
}
(type != SSL3_RT_HANDSHAKE) && type) ||
(peek && (type != SSL3_RT_APPLICATION_DATA)))
{
- SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
return -1;
}
if (i < 0) return(i);
if (i == 0)
{
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
return(-1);
}
}
&& (rr->type != SSL3_RT_HANDSHAKE))
{
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
goto err;
}
(s->enc_read_ctx == NULL))
{
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
goto f_err;
}
(s->d1->handshake_fragment[3] != 0))
{
al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
goto err;
}
if (i < 0) return(i);
if (i == 0)
{
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
return(-1);
}
s->rwstate=SSL_NOTHING;
s->s3->fatal_alert = alert_descr;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
ERR_add_error_data(2,"SSL alert number ",tmp);
s->shutdown|=SSL_RECEIVED_SHUTDOWN;
else
{
al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
goto f_err;
}
(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
{
i=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
goto err;
}
if (i < 0) return(i);
if (i == 0)
{
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
return(-1);
}
}
#endif
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
goto f_err;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
* of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
* should not happen when type != rr->type */
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
goto f_err;
case SSL3_RT_APPLICATION_DATA:
/* At this point, we were expecting handshake data,
else
{
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
goto f_err;
}
}
if (i < 0) return(i);
if (i == 0)
{
- SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
return -1;
}
}
return i;
}
- if ( s->s3->wnum + i == len)
+ if ( (int)s->s3->wnum + i == len)
s->s3->wnum = 0;
else
s->s3->wnum += i;
return tot + i;
}
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragment)
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
{
unsigned char *p,*pseq;
int i,mac_size,clear=0;
if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
{
/* insufficient space */
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
goto err;
}
}
{
if (!ssl3_do_compress(s))
{
- SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
+ SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
goto err;
}
}
/* buffer the record, making it easy to handle retransmits */
if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
dtls1_buffer_record(s, wr->data, wr->length,
- *((unsigned long long *)&(s->s3->write_sequence[0])));
+ *((BN_ULLONG *)&(s->s3->write_sequence[0])));
#endif
ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
- unsigned long long *seq_num)
+ BN_ULLONG *seq_num)
{
- unsigned long long mask = 0x0000000000000001LL;
- unsigned long long rcd_num;
+ BN_ULLONG mask = 0x0000000000000001L;
+ BN_ULLONG rcd_num;
rcd_num = bytes_to_long_long(s->s3->read_sequence);
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
{
unsigned int shift;
- unsigned long long mask = 0x0000000000000001L;
- unsigned long long rcd_num;
+ BN_ULLONG mask = 0x0000000000000001L;
+ BN_ULLONG rcd_num;
rcd_num = bytes_to_long_long(s->s3->read_sequence);
if (rcd_num >= bitmap->max_seq_num)
{
- shift = rcd_num - bitmap->max_seq_num + 1;
+ shift = (unsigned int)(rcd_num - bitmap->max_seq_num) + 1;
bitmap->max_seq_num = rcd_num + 1;
bitmap->map <<= shift;
- bitmap->map |= 0x0000000000000001LL;
+ bitmap->map |= 0x0000000000000001L;
}
else
{
return &s->d1->bitmap;
/* Only HM and ALERT messages can be from the next epoch */
- else if (rr->epoch == s->d1->r_epoch + 1 &&
+ else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
(rr->type == SSL3_RT_HANDSHAKE ||
rr->type == SSL3_RT_ALERT))
{
}
-static unsigned long long
+static BN_ULLONG
bytes_to_long_long(unsigned char *bytes)
{
- unsigned long long num;
+ BN_ULLONG num;
- num = (((unsigned long long)bytes[0]) << 56) |
- (((unsigned long long)bytes[1]) << 48) |
- (((unsigned long long)bytes[2]) << 40) |
- (((unsigned long long)bytes[3]) << 32) |
- (((unsigned long long)bytes[4]) << 24) |
- (((unsigned long long)bytes[5]) << 16) |
- (((unsigned long long)bytes[6]) << 8) |
- (((unsigned long long)bytes[7]) );
+ num = (((BN_ULLONG)bytes[0]) << 56) |
+ (((BN_ULLONG)bytes[1]) << 48) |
+ (((BN_ULLONG)bytes[2]) << 40) |
+ (((BN_ULLONG)bytes[3]) << 32) |
+ (((BN_ULLONG)bytes[4]) << 24) |
+ (((BN_ULLONG)bytes[5]) << 16) |
+ (((BN_ULLONG)bytes[6]) << 8) |
+ (((BN_ULLONG)bytes[7]) );
return num;
}
static void
-long_long_to_bytes(unsigned long long num, unsigned char *bytes)
+long_long_to_bytes(BN_ULLONG num, unsigned char *bytes)
{
bytes[0] = (unsigned char)((num >> 56)&0xff);
bytes[1] = (unsigned char)((num >> 48)&0xff);