From 188b05792fafa43904fb2c471a734dbfabc98f98 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 30 May 2005 22:34:37 +0000 Subject: [PATCH] pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't have a uniform representation for those over all architectures, so a little bit of hackery is needed. Contributed by nagendra modadugu --- crypto/pqueue/Makefile | 2 +- crypto/pqueue/pq_compat.h | 134 +++++++++++++++++++++++++++ crypto/pqueue/pqueue.c | 21 +++-- crypto/pqueue/pqueue.h | 8 +- ssl/d1_both.c | 22 ++++- ssl/d1_lib.c | 20 +++- ssl/d1_pkt.c | 186 +++++++++++++++++++++++++------------- ssl/dtls1.h | 7 +- ssl/s3_lib.c | 6 ++ ssl/ssl3.h | 3 +- 10 files changed, 322 insertions(+), 87 deletions(-) create mode 100644 crypto/pqueue/pq_compat.h diff --git a/crypto/pqueue/Makefile b/crypto/pqueue/Makefile index 9cdab2b00c..c76eab2b80 100644 --- a/crypto/pqueue/Makefile +++ b/crypto/pqueue/Makefile @@ -22,7 +22,7 @@ LIBOBJ=pqueue.o SRC= $(LIBSRC) -EXHEADER= pqueue.h +EXHEADER= pqueue.h pq_compat.h HEADER= $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) diff --git a/crypto/pqueue/pq_compat.h b/crypto/pqueue/pq_compat.h new file mode 100644 index 0000000000..2157a549da --- /dev/null +++ b/crypto/pqueue/pq_compat.h @@ -0,0 +1,134 @@ +/* crypto/pqueue/pqueue_compat.h */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "opensslconf.h" +#include + +/* + * The purpose of this header file is for supporting 64-bit integer + * manipulation on 32-bit (and lower) machines. Currently the only + * such environment is VMS. Other environments that do not natively + * support 64-bit integers can safely use the code developed for VMS. + * + * The only clients of this code are (1) pqueue for priority, and + * (2) DTLS, for sequence number manipulation. + */ + +#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST) + +#define PQ_64BIT BIGNUM +#define PQ_64BIT_CTX BN_CTX + +#define pq_64bit_init(x) BN_init(x) +#define pq_64bit_free(x) BN_free(x) + +#define pq_64bit_ctx_new(ctx) BN_CTX_new() +#define pq_64bit_ctx_free(x) BN_CTX_free(x) + +#define pq_64bit_assign(x, y) BN_copy(x, y) +#define pq_64bit_assign_word(x, y) BN_set_word(x, y) +#define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0 +#define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0 +#define pq_64bit_add_word(x, w) BN_add_word(x, w) +#define pq_64bit_sub(r, x, y) BN_sub(r, x, y) +#define pq_64bit_sub_word(x, w) BN_sub_word(x, w) +#define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx) + +#define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn) +#define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes) +#define pq_64bit_get_word(x) BN_get_word(x) +#define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset) +#define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift) +#define pq_64bit_set_bit(x, num) BN_set_bit(x, num) +#define pq_64bit_get_length(x) BN_num_bits((x)) + +#else + +#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +#define PQ_64BIT BN_ULONG +#elif defined(THIRTY_TWO_BIT) +#define PQ_64BIT BN_ULLONG +#endif + +#define PQ_64BIT_CTX void + +#define pq_64bit_init(x) +#define pq_64bit_free(x) +#define pq_64bit_ctx_new(ctx) (ctx) +#define pq_64bit_ctx_free(x) + +#define pq_64bit_assign(x, y) (*(x) = *(y)) +#define pq_64bit_assign_word(x, y) (*(x) = y) +#define pq_64bit_gt(x, y) (*(x) > *(y)) +#define pq_64bit_eq(x, y) (*(x) == *(y)) +#define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w))) +#define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y))) +#define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w))) +#define pq_64bit_mod(r, x, n, ctx) + +#define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num) +#define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes) +#define pq_64bit_get_word(x) *(x) +#define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift))) +#define pq_64bit_set_bit(x, num) do { \ + PQ_64BIT mask = 1; \ + mask = mask << (num); \ + *(x) |= mask; \ + } while(0) +#endif /* OPENSSL_SYS_VMS */ diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c index f4fa37fe64..6ec5c6756c 100644 --- a/crypto/pqueue/pqueue.c +++ b/crypto/pqueue/pqueue.c @@ -68,12 +68,14 @@ typedef struct _pqueue } pqueue_s; pitem * -pitem_new(BN_ULLONG priority, void *data) +pitem_new(PQ_64BIT priority, void *data) { pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem)); if (item == NULL) return NULL; - item->priority = priority; + pq_64bit_init(&(item->priority)); + pq_64bit_assign(&item->priority, &priority); + item->data = data; item->next = NULL; @@ -84,7 +86,8 @@ void pitem_free(pitem *item) { if (item == NULL) return; - + + pq_64bit_free(&(item->priority)); OPENSSL_free(item); } @@ -121,7 +124,7 @@ pqueue_insert(pqueue_s *pq, pitem *item) next != NULL; curr = next, next = next->next) { - if (item->priority < next->priority) + if (pq_64bit_gt(&(next->priority), &(item->priority))) { item->next = next; @@ -133,7 +136,7 @@ pqueue_insert(pqueue_s *pq, pitem *item) return item; } /* duplicates not allowed */ - if (item->priority == next->priority) + if (pq_64bit_eq(&(item->priority), &(next->priority))) return NULL; } @@ -161,7 +164,7 @@ pqueue_pop(pqueue_s *pq) } pitem * -pqueue_find(pqueue_s *pq, BN_ULLONG priority) +pqueue_find(pqueue_s *pq, PQ_64BIT priority) { pitem *next, *prev = NULL; pitem *found = NULL; @@ -172,7 +175,7 @@ pqueue_find(pqueue_s *pq, BN_ULLONG priority) for ( next = pq->items; next->next != NULL; prev = next, next = next->next) { - if ( next->priority == priority) + if ( pq_64bit_eq(&(next->priority), &priority)) { found = next; break; @@ -180,7 +183,7 @@ pqueue_find(pqueue_s *pq, BN_ULLONG priority) } /* check the one last node */ - if ( next->priority == priority) + if ( pq_64bit_eq(&(next->priority), &priority)) found = next; if ( ! found) @@ -196,6 +199,7 @@ pqueue_find(pqueue_s *pq, BN_ULLONG priority) return found; } +#if !(defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)) void pqueue_print(pqueue_s *pq) { @@ -207,6 +211,7 @@ pqueue_print(pqueue_s *pq) item = item->next; } } +#endif pitem * pqueue_iterator(pqueue_s *pq) diff --git a/crypto/pqueue/pqueue.h b/crypto/pqueue/pqueue.h index 2ac31e21f0..02386d130e 100644 --- a/crypto/pqueue/pqueue.h +++ b/crypto/pqueue/pqueue.h @@ -64,18 +64,20 @@ #include #include +#include + typedef struct _pqueue *pqueue; typedef struct _pitem { - BN_ULLONG priority; + PQ_64BIT priority; void *data; struct _pitem *next; } pitem; typedef struct _pitem *piterator; -pitem *pitem_new(BN_ULLONG priority, void *data); +pitem *pitem_new(PQ_64BIT priority, void *data); void pitem_free(pitem *item); pqueue pqueue_new(void); @@ -84,7 +86,7 @@ void pqueue_free(pqueue pq); pitem *pqueue_insert(pqueue pq, pitem *item); pitem *pqueue_peek(pqueue pq); pitem *pqueue_pop(pqueue pq); -pitem *pqueue_find(pqueue pq, BN_ULLONG priority); +pitem *pqueue_find(pqueue pq, PQ_64BIT priority); pitem *pqueue_iterator(pqueue pq); pitem *pqueue_next(piterator *iter); diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 6b8dd8080e..92661a9e3b 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -442,6 +442,7 @@ dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr) { hm_fragment *frag = NULL; pitem *item = NULL; + PQ_64BIT seq64; frag = dtls1_hm_fragment_new(msg_hdr->frag_len); if ( frag == NULL) @@ -452,10 +453,15 @@ dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr) memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - item = pitem_new(msg_hdr->seq, frag); + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, msg_hdr->seq); + + item = pitem_new(seq64, frag); if ( item == NULL) goto err; + pq_64bit_free(&seq64); + pqueue_insert(s->d1->buffered_messages, item); return 1; @@ -1037,6 +1043,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) { pitem *item; hm_fragment *frag; + PQ_64BIT seq64; /* this function is called immediately after a message has * been serialized */ @@ -1064,7 +1071,11 @@ dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; - item = pitem_new(frag->msg_header.seq, frag); + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, frag->msg_header.seq); + + item = pitem_new(seq64, frag); + pq_64bit_free(&seq64); if ( item == NULL) { dtls1_hm_fragment_free(frag); @@ -1090,6 +1101,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, pitem *item; hm_fragment *frag ; unsigned long header_length; + PQ_64BIT seq64; /* OPENSSL_assert(s->init_num == 0); @@ -1097,7 +1109,11 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, */ /* XDTLS: the requested message ought to be found, otherwise error */ - item = pqueue_find(s->d1->sent_messages, seq); + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, seq); + + item = pqueue_find(s->d1->sent_messages, seq64); + pq_64bit_free(&seq64); if ( item == NULL) { fprintf(stderr, "retransmit: message %d non-existant\n", seq); diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d774521aaf..458ce544d1 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -132,10 +132,20 @@ int dtls1_new(SSL *s) memset(d1,0, sizeof *d1); /* d1->handshake_epoch=0; */ +#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST) + d1->bitmap.length=64; +#else d1->bitmap.length=sizeof(d1->bitmap.map) * 8; +#endif + pq_64bit_init(&(d1->bitmap.map)); + pq_64bit_init(&(d1->bitmap.max_seq_num)); + + pq_64bit_init(&(d1->next_bitmap.map)); + pq_64bit_init(&(d1->next_bitmap.max_seq_num)); + d1->unprocessed_rcds.q=pqueue_new(); - d1->processed_rcds.q=pqueue_new(); - d1->buffered_messages = pqueue_new(); + d1->processed_rcds.q=pqueue_new(); + d1->buffered_messages = pqueue_new(); d1->sent_messages=pqueue_new(); if ( s->server) @@ -198,6 +208,12 @@ void dtls1_free(SSL *s) } pqueue_free(s->d1->sent_messages); + pq_64bit_free(&(s->d1->bitmap.map)); + pq_64bit_free(&(s->d1->bitmap.max_seq_num)); + + pq_64bit_free(&(s->d1->next_bitmap.map)); + pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); + OPENSSL_free(s->d1); } diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 09f1626313..77e1031a31 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -124,7 +124,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, int len, int peek); static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, - BN_ULLONG *seq_num); + PQ_64BIT *seq_num); static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch); @@ -133,13 +133,13 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority, unsigned long *offset); #endif static int dtls1_buffer_record(SSL *s, record_pqueue *q, - BN_ULLONG priority); + PQ_64BIT priority); static int dtls1_process_record(SSL *s); -static BN_ULLONG bytes_to_long_long(unsigned char *bytes); -static void long_long_to_bytes(BN_ULLONG num, unsigned char *bytes); +#if !(defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)) +static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num); +#endif static void dtls1_clear_timeouts(SSL *s); - /* copy buffered record into SSL structure */ static int dtls1_copy_record(SSL *s, pitem *item) @@ -161,7 +161,7 @@ dtls1_copy_record(SSL *s, pitem *item) static int -dtls1_buffer_record(SSL *s, record_pqueue *queue, BN_ULLONG priority) +dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority) { DTLS1_RECORD_DATA *rdata; pitem *item; @@ -275,9 +275,9 @@ static int dtls1_get_buffered_record(SSL *s) { pitem *item; - BN_ULLONG priority = - (((BN_ULLONG)s->d1->handshake_read_seq) << 32) | - ((BN_ULLONG)s->d1->r_msg_hdr.frag_off); + PQ_64BIT priority = + (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | + ((PQ_64BIT)s->d1->r_msg_hdr.frag_off); if ( ! SSL_in_init(s)) /* if we're not (re)negotiating, nothing buffered */ @@ -482,7 +482,6 @@ int dtls1_get_record(SSL *s) unsigned char *p; short version; DTLS1_BITMAP *bitmap; - BN_ULLONG read_sequence; unsigned int is_next_epoch; rr= &(s->s3->rrec); @@ -522,9 +521,9 @@ again: /* sequence number is 64 bits, with top 2 bytes = epoch */ n2s(p,rr->epoch); - read_sequence = 0; - n2l6(p, read_sequence); - long_long_to_bytes(read_sequence, s->s3->read_sequence); + memcpy(&(s->s3->read_sequence[2]), p, 6); + p+=6; + n2s(p,rr->length); /* Lets check version */ @@ -1406,7 +1405,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, /* else s2n(s->d1->handshake_epoch, pseq); */ - l2n6(bytes_to_long_long(s->s3->write_sequence), pseq); + memcpy(pseq, &(s->s3->write_sequence[2]), 6); + pseq+=6; s2n(wr->length,pseq); /* we should now have @@ -1419,7 +1419,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, /* buffer the record, making it easy to handle retransmits */ if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC) dtls1_buffer_record(s, wr->data, wr->length, - *((BN_ULLONG *)&(s->s3->write_sequence[0]))); + *((PQ_64BIT *)&(s->s3->write_sequence[0]))); #endif ssl3_record_sequence_update(&(s->s3->write_sequence[0])); @@ -1451,27 +1451,60 @@ err: static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, - BN_ULLONG *seq_num) + PQ_64BIT *seq_num) { - BN_ULLONG mask = 0x0000000000000001L; - BN_ULLONG rcd_num; +#if !(defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)) + PQ_64BIT mask = 0x0000000000000001L; +#endif + PQ_64BIT rcd_num, tmp; + + pq_64bit_init(&rcd_num); + pq_64bit_init(&tmp); + + /* this is the sequence number for the record just read */ + pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8); - rcd_num = bytes_to_long_long(s->s3->read_sequence); - if (rcd_num >= bitmap->max_seq_num) + if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) || + pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num))) { - *seq_num = rcd_num; + pq_64bit_assign(seq_num, &rcd_num); + pq_64bit_free(&rcd_num); + pq_64bit_free(&tmp); return 1; /* this record is new */ } - - if (bitmap->max_seq_num - rcd_num > bitmap->length) + + pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num); + + if ( pq_64bit_get_word(&tmp) > bitmap->length) + { + pq_64bit_free(&rcd_num); + pq_64bit_free(&tmp); return 0; /* stale, outside the window */ + } +#if (defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)) + { + int offset; + pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num); + pq_64bit_sub_word(&tmp, 1); + offset = pq_64bit_get_word(&tmp); + if ( pq_64bit_is_bit_set(&(bitmap->map), offset)) + { + pq_64bit_free(&rcd_num); + pq_64bit_free(&tmp); + return 0; + } + } +#else mask <<= (bitmap->max_seq_num - rcd_num - 1); if (bitmap->map & mask) return 0; /* record previously received */ +#endif - *seq_num = rcd_num; + pq_64bit_assign(seq_num, &rcd_num); + pq_64bit_free(&rcd_num); + pq_64bit_free(&tmp); return 1; } @@ -1479,23 +1512,49 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) { unsigned int shift; - BN_ULLONG mask = 0x0000000000000001L; - BN_ULLONG rcd_num; + PQ_64BIT rcd_num; + PQ_64BIT tmp; + PQ_64BIT_CTX *ctx; + + pq_64bit_init(&rcd_num); + pq_64bit_init(&tmp); - rcd_num = bytes_to_long_long(s->s3->read_sequence); + pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8); - if (rcd_num >= bitmap->max_seq_num) + /* unfortunate code complexity due to 64-bit manipulation support + * on 32-bit machines */ + if ( pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) || + pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num))) { - shift = (unsigned int)(rcd_num - bitmap->max_seq_num) + 1; - bitmap->max_seq_num = rcd_num + 1; - bitmap->map <<= shift; - bitmap->map |= 0x0000000000000001L; + pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num)); + pq_64bit_add_word(&tmp, 1); + + shift = (unsigned int)pq_64bit_get_word(&tmp); + + pq_64bit_lshift(&(tmp), &(bitmap->map), shift); + pq_64bit_assign(&(bitmap->map), &tmp); + + pq_64bit_set_bit(&(bitmap->map), 0); + pq_64bit_add_word(&rcd_num, 1); + pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num); + + pq_64bit_assign_word(&tmp, 1); + pq_64bit_lshift(&tmp, &tmp, bitmap->length); + ctx = pq_64bit_ctx_new(&ctx); + pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx); + pq_64bit_ctx_free(ctx); } else { - mask <<= (bitmap->max_seq_num - rcd_num - 1); - bitmap->map |= mask; + pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num); + pq_64bit_sub_word(&tmp, 1); + shift = (unsigned int)pq_64bit_get_word(&tmp); + + pq_64bit_set_bit(&(bitmap->map), shift); } + + pq_64bit_free(&rcd_num); + pq_64bit_free(&tmp); } @@ -1656,8 +1715,17 @@ dtls1_reset_seq_numbers(SSL *s, int rw) { seq = s->s3->read_sequence; s->d1->r_epoch++; - memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); + + pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map)); + s->d1->bitmap.length = s->d1->next_bitmap.length; + pq_64bit_assign(&(s->d1->bitmap.max_seq_num), + &(s->d1->next_bitmap.max_seq_num)); + + pq_64bit_free(&(s->d1->next_bitmap.map)); + pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); + pq_64bit_init(&(s->d1->next_bitmap.map)); + pq_64bit_init(&(s->d1->next_bitmap.max_seq_num)); } else { @@ -1668,36 +1736,26 @@ dtls1_reset_seq_numbers(SSL *s, int rw) memset(seq, 0x00, seq_bytes); } +#if !(defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)) +static PQ_64BIT +bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num) + { + PQ_64BIT _num; + + _num = (((PQ_64BIT)bytes[0]) << 56) | + (((PQ_64BIT)bytes[1]) << 48) | + (((PQ_64BIT)bytes[2]) << 40) | + (((PQ_64BIT)bytes[3]) << 32) | + (((PQ_64BIT)bytes[4]) << 24) | + (((PQ_64BIT)bytes[5]) << 16) | + (((PQ_64BIT)bytes[6]) << 8) | + (((PQ_64BIT)bytes[7]) ); + + *num = _num ; + return _num; + } +#endif -static BN_ULLONG -bytes_to_long_long(unsigned char *bytes) - { - BN_ULLONG num; - - num = (((BN_ULLONG)bytes[0]) << 56) | - (((BN_ULLONG)bytes[1]) << 48) | - (((BN_ULLONG)bytes[2]) << 40) | - (((BN_ULLONG)bytes[3]) << 32) | - (((BN_ULLONG)bytes[4]) << 24) | - (((BN_ULLONG)bytes[5]) << 16) | - (((BN_ULLONG)bytes[6]) << 8) | - (((BN_ULLONG)bytes[7]) ); - - return num; - } - -static void -long_long_to_bytes(BN_ULLONG num, unsigned char *bytes) - { - bytes[0] = (unsigned char)((num >> 56)&0xff); - bytes[1] = (unsigned char)((num >> 48)&0xff); - bytes[2] = (unsigned char)((num >> 40)&0xff); - bytes[3] = (unsigned char)((num >> 32)&0xff); - bytes[4] = (unsigned char)((num >> 24)&0xff); - bytes[5] = (unsigned char)((num >> 16)&0xff); - bytes[6] = (unsigned char)((num >> 8)&0xff); - bytes[7] = (unsigned char)((num )&0xff); - } static void dtls1_clear_timeouts(SSL *s) diff --git a/ssl/dtls1.h b/ssl/dtls1.h index 5ec13720cd..b377cc5f6b 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -90,9 +90,9 @@ extern "C" { typedef struct dtls1_bitmap_st { - BN_ULLONG map; + PQ_64BIT map; unsigned long length; /* sizeof the bitmap in bits */ - BN_ULLONG max_seq_num; /* max record number seen so far */ + PQ_64BIT max_seq_num; /* max record number seen so far */ } DTLS1_BITMAP; struct hm_header_st @@ -162,9 +162,6 @@ typedef struct dtls1_state_st unsigned short handshake_read_seq; - /* only matters for handshake messages */ - BN_ULLONG next_expected_seq_num; - /* Received handshake records (processed and unprocessed) */ record_pqueue unprocessed_rcds; record_pqueue processed_rcds; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 2b2d2bdade..4585ac3014 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -128,6 +128,7 @@ #include "kssl_lcl.h" #include #include +#include const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; @@ -1441,6 +1442,8 @@ int ssl3_new(SSL *s) memset(s3,0,sizeof *s3); EVP_MD_CTX_init(&s3->finish_dgst1); EVP_MD_CTX_init(&s3->finish_dgst2); + pq_64bit_init(&(s3->rrec.seq_num)); + pq_64bit_init(&(s3->wrec.seq_num)); s->s3=s3; @@ -1475,6 +1478,9 @@ void ssl3_free(SSL *s) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); + pq_64bit_free(&(s->s3->rrec.seq_num)); + pq_64bit_free(&(s->s3->wrec.seq_num)); + OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 162bc79e04..1e762f276e 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -123,6 +123,7 @@ #include #include #include +#include #ifdef __cplusplus extern "C" { @@ -295,7 +296,7 @@ typedef struct ssl3_record_st /*rw*/ unsigned char *input; /* where the decode bytes are */ /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ -/*r */ BN_ULLONG seq_num; /* sequence number, needed by DTLS1 */ +/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ } SSL3_RECORD; typedef struct ssl3_buffer_st -- 2.25.1