diff options
Diffstat (limited to 'lib/record.c')
-rw-r--r-- | lib/record.c | 92 |
1 files changed, 45 insertions, 47 deletions
diff --git a/lib/record.c b/lib/record.c index ced217c245..af993fe6e5 100644 --- a/lib/record.c +++ b/lib/record.c @@ -58,7 +58,7 @@ struct tls_record_st { uint16_t header_size; uint8_t version[2]; - gnutls_uint64 sequence; /* DTLS */ + uint64_t sequence; /* DTLS */ uint16_t length; uint16_t packet_size; /* header_size + length */ content_type_t type; @@ -390,13 +390,28 @@ copy_record_version(gnutls_session_t session, /* Increments the sequence value */ inline static int -sequence_increment(gnutls_session_t session, gnutls_uint64 * value) +sequence_increment(gnutls_session_t session, uint64_t * value) { + uint64_t snmax = UINT64_C(0xffffffffffffffff); + if (IS_DTLS(session)) { - return _gnutls_uint48pp(value); + uint64_t mask; + + snmax = UINT64_C(0xffffffffffff); + mask = snmax; + + if ((*value & mask) == snmax) + return -1; + + *value = ((*value & mask) + 1) | (*value & ~mask); } else { - return _gnutls_uint64pp(value); + if (*value == snmax) + return -1; + + (*value)++; } + + return 0; } /* This function behaves exactly like write(). The only difference is @@ -516,8 +531,7 @@ _gnutls_send_tlen_int(gnutls_session_t session, content_type_t type, /* Adjust header length and add sequence for DTLS */ if (IS_DTLS(session)) - memcpy(&headers[3], - record_state->sequence_number.i, 8); + _gnutls_write_uint64(record_state->sequence_number, &headers[3]); _gnutls_record_log ("REC[%p]: Preparing Packet %s(%d) with length: %d and min pad: %d\n", @@ -577,17 +591,14 @@ _gnutls_send_tlen_int(gnutls_session_t session, content_type_t type, session->internals.record_send_buffer_user_size = 0; _gnutls_record_log - ("REC[%p]: Sent Packet[%d] %s(%d) in epoch %d and length: %d\n", - session, (unsigned int) - _gnutls_uint64touint32(&record_state->sequence_number), + ("REC[%p]: Sent Packet[%ld] %s(%d) in epoch %d and length: %d\n", + session, (unsigned long)(record_state->sequence_number), _gnutls_packet2str(type), type, (int) record_params->epoch, (int) cipher_size); if (vers->tls13_sem && !(session->internals.flags & GNUTLS_NO_AUTO_REKEY) && !(record_params->cipher->flags & GNUTLS_CIPHER_FLAG_NO_REKEY)) { - if (unlikely(record_state->sequence_number.i[7] == 0xfd && - record_state->sequence_number.i[6] == 0xff && - record_state->sequence_number.i[5] == 0xff)) { + if (unlikely((record_state->sequence_number & UINT64_C(0xffffff)) == UINT64_C(0xfffffd))) { /* After we have sent 2^24 messages, mark the session * as needing a key update. */ session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_1; @@ -798,7 +809,7 @@ static int record_add_to_buffers(gnutls_session_t session, struct tls_record_st *recv, content_type_t type, gnutls_handshake_description_t htype, - const gnutls_uint64 * seq, mbuffer_st * bufel) + uint64_t seq, mbuffer_st * bufel) { int ret; @@ -1122,10 +1133,9 @@ record_read_headers(gnutls_session_t session, record->version[1] = headers[2]; if (IS_DTLS(session)) { - memcpy(record->sequence.i, &headers[3], 8); + record->sequence = _gnutls_read_uint64(&headers[3]); record->length = _gnutls_read_uint16(&headers[11]); - record->epoch = - _gnutls_read_uint16(record->sequence.i); + record->epoch = record->sequence >> 48; } else { memset(&record->sequence, 0, sizeof(record->sequence)); @@ -1190,14 +1200,9 @@ static int recv_headers(gnutls_session_t session, if (IS_DTLS(session)) { if (_gnutls_epoch_is_valid(session, record->epoch) == 0) { _gnutls_audit_log(session, - "Discarded message[%u] with invalid epoch %u.\n", - (unsigned int) - _gnutls_uint64touint32(&record-> - sequence), - (unsigned int) record->sequence. - i[0] * 256 + - (unsigned int) record->sequence. - i[1]); + "Discarded message[%lu] with invalid epoch %u.\n", + (unsigned long)record->sequence, + (unsigned int) (record->sequence >> 48)); gnutls_assert(); /* doesn't matter, just a fatal error */ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; @@ -1260,7 +1265,7 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, gnutls_handshake_description_t htype, unsigned int ms) { - const gnutls_uint64 *packet_sequence; + uint64_t packet_sequence; gnutls_datum_t ciphertext; mbuffer_st *bufel = NULL, *decrypted = NULL; gnutls_datum_t t; @@ -1306,9 +1311,9 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, } if (IS_DTLS(session)) - packet_sequence = &record.sequence; + packet_sequence = record.sequence; else - packet_sequence = &record_state->sequence_number; + packet_sequence = record_state->sequence_number; /* Read the packet data and insert it to record_recv_buffer. */ @@ -1451,10 +1456,9 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, goto sanity_check_error; } - _gnutls_record_log("REC[%p]: Discarded early data[%u] due to invalid decryption, length: %u\n", + _gnutls_record_log("REC[%p]: Discarded early data[%lu] due to invalid decryption, length: %u\n", session, - (unsigned int) - _gnutls_uint64touint32(packet_sequence), + (unsigned long)packet_sequence, (unsigned int) record.length); session->internals.early_data_received += record.length; @@ -1470,9 +1474,8 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, if (ret < 0) { gnutls_assert(); _gnutls_audit_log(session, - "Discarded message[%u] due to invalid decryption\n", - (unsigned int) - _gnutls_uint64touint32(packet_sequence)); + "Discarded message[%lu] due to invalid decryption\n", + (unsigned long)packet_sequence); goto sanity_check_error; } @@ -1484,24 +1487,20 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, ret = _dtls_record_check(record_params, packet_sequence); if (ret < 0) { _gnutls_record_log - ("REC[%p]: Discarded duplicate message[%u.%u]: %s\n", + ("REC[%p]: Discarded duplicate message[%u.%lu]: %s\n", session, - (unsigned int) record.sequence.i[0] * 256 + - (unsigned int) record.sequence.i[1], - (unsigned int) - _gnutls_uint64touint32(packet_sequence), + (unsigned int) (record.sequence >> 48), + (unsigned long) (packet_sequence), _gnutls_packet2str(record.type)); goto sanity_check_error; } } _gnutls_record_log - ("REC[%p]: Decrypted Packet[%u.%u] %s(%d) with length: %d\n", + ("REC[%p]: Decrypted Packet[%u.%lu] %s(%d) with length: %d\n", session, - (unsigned int) record.sequence.i[0] * 256 + - (unsigned int) record.sequence.i[1], - (unsigned int) - _gnutls_uint64touint32(packet_sequence), + (unsigned int) (record.sequence >> 48), + (unsigned long) packet_sequence, _gnutls_packet2str(record.type), record.type, (int) _mbuffer_get_udata_size(decrypted)); @@ -1510,10 +1509,9 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, record_state->sequence_number = record.sequence; } else { _gnutls_record_log - ("REC[%p]: Decrypted Packet[%u] %s(%d) with length: %d\n", + ("REC[%p]: Decrypted Packet[%lu] %s(%d) with length: %d\n", session, - (unsigned int) - _gnutls_uint64touint32(packet_sequence), + (unsigned long) packet_sequence, _gnutls_packet2str(record.type), record.type, (int) _mbuffer_get_udata_size(decrypted)); @@ -1805,7 +1803,7 @@ void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned ch assert(packet != NULL); if (sequence) { - memcpy(sequence, packet->record_sequence.i, 8); + _gnutls_write_uint64(packet->record_sequence, sequence); } if (data) { |