2 * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "../ssl_locl.h"
11 #include "record_locl.h"
13 /* mod 128 saturating subtract of two 64-bit values in big-endian order */
14 static int satsub64be(const unsigned char *v1, const unsigned char *v2)
18 if (sizeof(long) == 8)
30 /* not reached on little-endians */
32 * following test is redundant, because input is always aligned,
33 * but I take no chances...
35 if (((size_t)v1 | (size_t)v2) & 0x7)
51 /* v1 is larger... but by how much? */
52 if (v1[i] != v2[i] + 1)
55 if (v1[i] != 0x00 || v2[i] != 0xff)
56 return 128; /* too much */
58 /* We checked all the way to the penultimate byte,
59 * so despite higher bytes changing we actually
60 * know that it only changed from (e.g.)
61 * ... (xx) ff ff ff ??
62 * to ... (xx+1) 00 00 00 ??
63 * so we add a 'bias' of 256 for the carry that
64 * happened, and will eventually return
65 * 256 + v1[7] - v2[7]. */
68 } else if (v2[i] > v1[i]) {
69 /* v2 is larger... but by how much? */
70 if (v2[i] != v1[i] + 1)
73 if (v2[i] != 0x00 || v1[i] != 0xff)
74 return -128; /* too much */
76 /* Similar to the case above, we know it changed
77 * from ... (xx) 00 00 00 ??
78 * to ... (xx-1) ff ff ff ??
79 * so we add a 'bias' of -256 for the borrow,
80 * to return -256 + v1[7] - v2[7]. */
85 ret += (int)v1[7] - (int)v2[7];
95 int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
99 const unsigned char *seq = s->rlayer.read_sequence;
101 cmp = satsub64be(seq, bitmap->max_seq_num);
103 SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
104 return 1; /* this record in new */
107 if (shift >= sizeof(bitmap->map) * 8)
108 return 0; /* stale, outside the window */
109 else if (bitmap->map & (1UL << shift))
110 return 0; /* record previously received */
112 SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
116 void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
120 const unsigned char *seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
122 cmp = satsub64be(seq, bitmap->max_seq_num);
125 if (shift < sizeof(bitmap->map) * 8)
126 bitmap->map <<= shift, bitmap->map |= 1UL;
129 memcpy(bitmap->max_seq_num, seq, SEQ_NUM_SIZE);
132 if (shift < sizeof(bitmap->map) * 8)
133 bitmap->map |= 1UL << shift;