Move SSL3_RECORD oriented functions into ssl3_record.c

static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,

                                   int len, int peek);

static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);

static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);

static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,

                                      unsigned int *is_next_epoch);

static int dtls1_buffer_record(SSL *s, record_pqueue *q,

                               unsigned char *priority);

static int dtls1_process_record(SSL *s);

/* copy buffered record into SSL structure */

static int dtls1_copy_record(SSL *s, pitem *item)

    return (1);

}

static int

int

dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)

{

    DTLS1_RECORD_DATA *rdata;

    return (1);

}

static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)

int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)

{

    pitem *item;

                   dtls1_retrieve_buffered_record((s), \

                   &((s)->d1->unprocessed_rcds))

/*

 * retrieve a buffered record that belongs to the current epoch, ie,

 * processed

 */

#define dtls1_get_processed_record(s) \

                   dtls1_retrieve_buffered_record((s), \

                   &((s)->d1->processed_rcds))

static int dtls1_process_buffered_records(SSL *s)

int dtls1_process_buffered_records(SSL *s)

{

    pitem *item;

    return (1);

}

static int dtls1_process_record(SSL *s)

{

    int i, al;

    int enc_err;

    SSL_SESSION *sess;

    SSL3_RECORD *rr;

    unsigned int mac_size;

    unsigned char md[EVP_MAX_MD_SIZE];

    rr = RECORD_LAYER_get_rrec(&s->rlayer);

    sess = s->session;

    /*

     * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,

     * and we have that many bytes in s->packet

     */

    rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);

    /*

     * ok, we can now read from 's->packet' data into 'rr' rr->input points

     * at rr->length bytes, which need to be copied into rr->data by either

     * the decryption or by the decompression When the data is 'copied' into

     * the rr->data buffer, rr->input will be pointed at the new buffer

     */

    /*

     * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length

     * bytes of encrypted compressed stuff.

     */

    /* check is not needed I believe */

    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {

        al = SSL_AD_RECORD_OVERFLOW;

        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);

        goto f_err;

    }

    /* decrypt in place in 'rr->input' */

    rr->data = rr->input;

    rr->orig_len = rr->length;

    enc_err = s->method->ssl3_enc->enc(s, 0);

    /*-

     * enc_err is:

     *    0: (in non-constant time) if the record is publically invalid.

     *    1: if the padding is valid

     *   -1: if the padding is invalid

     */

    if (enc_err == 0) {

        /* For DTLS we simply ignore bad packets. */

        rr->length = 0;

        s->packet_length = 0;

        goto err;

    }

#ifdef TLS_DEBUG

    printf("dec %d\n", rr->length);

    {

        unsigned int z;

        for (z = 0; z < rr->length; z++)

            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');

    }

    printf("\n");

#endif

    /* r->length is now the compressed data plus mac */

    if ((sess != NULL) &&

        (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {

        /* s->read_hash != NULL => mac_size != -1 */

        unsigned char *mac = NULL;

        unsigned char mac_tmp[EVP_MAX_MD_SIZE];

        mac_size = EVP_MD_CTX_size(s->read_hash);

        OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);

        /*

         * orig_len is the length of the record before any padding was

         * removed. This is public information, as is the MAC in use,

         * therefore we can safely process the record in a different amount

         * of time if it's too short to possibly contain a MAC.

         */

        if (rr->orig_len < mac_size ||

            /* CBC records must have a padding length byte too. */

            (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

             rr->orig_len < mac_size + 1)) {

            al = SSL_AD_DECODE_ERROR;

            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);

            goto f_err;

        }

        if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {

            /*

             * We update the length so that the TLS header bytes can be

             * constructed correctly but we need to extract the MAC in

             * constant time from within the record, without leaking the

             * contents of the padding bytes.

             */

            mac = mac_tmp;

            ssl3_cbc_copy_mac(mac_tmp, rr, mac_size);

            rr->length -= mac_size;

        } else {

            /*

             * In this case there's no padding, so |rec->orig_len| equals

             * |rec->length| and we checked that there's enough bytes for

             * |mac_size| above.

             */

            rr->length -= mac_size;

            mac = &rr->data[rr->length];

        }

        i = s->method->ssl3_enc->mac(s, md, 0 /* not send */ );

        if (i < 0 || mac == NULL

            || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)

            enc_err = -1;

        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)

            enc_err = -1;

    }

    if (enc_err < 0) {

        /* decryption failed, silently discard message */

        rr->length = 0;

        s->packet_length = 0;

        goto err;

    }

    /* r->length is now just compressed */

    if (s->expand != NULL) {

        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {

            al = SSL_AD_RECORD_OVERFLOW;

            SSLerr(SSL_F_DTLS1_PROCESS_RECORD,

                   SSL_R_COMPRESSED_LENGTH_TOO_LONG);

            goto f_err;

        }

        if (!ssl3_do_uncompress(s)) {

            al = SSL_AD_DECOMPRESSION_FAILURE;

            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);

            goto f_err;

        }

    }

    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {

        al = SSL_AD_RECORD_OVERFLOW;

        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);

        goto f_err;

    }

    rr->off = 0;

    /*-

     * So at this point the following is true

     * ssl->s3->rrec.type   is the type of record

     * ssl->s3->rrec.length == number of bytes in record

     * ssl->s3->rrec.off    == offset to first valid byte

     * ssl->s3->rrec.data   == where to take bytes from, increment

     *                         after use :-).

     */

    /* we have pulled in a full packet so zero things */

    s->packet_length = 0;

    return (1);

 f_err:

    ssl3_send_alert(s, SSL3_AL_FATAL, al);

 err:

    return (0);

}

/*-

 * Call this to get a new input record.

 * It will return <= 0 if more data is needed, normally due to an error

 * or non-blocking IO.

 * When it finishes, one packet has been decoded and can be found in

 * ssl->s3->rrec.type    - is the type of record

 * ssl->s3->rrec.data,   - data

 * ssl->s3->rrec.length, - number of bytes

 */

/* used only by dtls1_read_bytes */

int dtls1_get_record(SSL *s)

{

    int ssl_major, ssl_minor;

    int i, n;

    SSL3_RECORD *rr;

    unsigned char *p = NULL;

    unsigned short version;

    DTLS1_BITMAP *bitmap;

    unsigned int is_next_epoch;

    rr = RECORD_LAYER_get_rrec(&s->rlayer);

    /*

     * The epoch may have changed.  If so, process all the pending records.

     * This is a non-blocking operation.

     */

    if (dtls1_process_buffered_records(s) < 0)

        return -1;

    /* if we're renegotiating, then there may be buffered records */

    if (dtls1_get_processed_record(s))

        return 1;

    /* get something from the wire */

 again:

    /* check if we have the header */

    if ((s->rstate != SSL_ST_READ_BODY) ||

        (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {

        n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,

            SSL3_BUFFER_get_len(RECORD_LAYER_get_rbuf(&s->rlayer)), 0);

        /* read timeout is handled by dtls1_read_bytes */

        if (n <= 0)

            return (n);         /* error or non-blocking */

        /* this packet contained a partial record, dump it */

        if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {

            s->packet_length = 0;

            goto again;

        }

        s->rstate = SSL_ST_READ_BODY;

        p = s->packet;

        if (s->msg_callback)

            s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,

                            s, s->msg_callback_arg);

        /* Pull apart the header into the DTLS1_RECORD */

        rr->type = *(p++);

        ssl_major = *(p++);

        ssl_minor = *(p++);

        version = (ssl_major << 8) | ssl_minor;

        /* sequence number is 64 bits, with top 2 bytes = epoch */

        n2s(p, rr->epoch);

        memcpy(&(s->s3->read_sequence[2]), p, 6);

        p += 6;

        n2s(p, rr->length);

        /* Lets check version */

        if (!s->first_packet) {

            if (version != s->version) {

                /* unexpected version, silently discard */

                rr->length = 0;

                s->packet_length = 0;

                goto again;

            }

        }

        if ((version & 0xff00) != (s->version & 0xff00)) {

            /* wrong version, silently discard record */

            rr->length = 0;

            s->packet_length = 0;

            goto again;

        }

        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {

            /* record too long, silently discard it */

            rr->length = 0;

            s->packet_length = 0;

            goto again;

        }

        /* now s->rstate == SSL_ST_READ_BODY */

    }

    /* s->rstate == SSL_ST_READ_BODY, get and decode the data */

    if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {

        /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */

        i = rr->length;

        n = ssl3_read_n(s, i, i, 1);

        /* this packet contained a partial record, dump it */

        if (n != i) {

            rr->length = 0;

            s->packet_length = 0;

            goto again;

        }

        /*

         * now n == rr->length, and s->packet_length ==

         * DTLS1_RT_HEADER_LENGTH + rr->length

         */

    }

    s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */

    /* match epochs.  NULL means the packet is dropped on the floor */

    bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);

    if (bitmap == NULL) {

        rr->length = 0;

        s->packet_length = 0;   /* dump this record */

        goto again;             /* get another record */

    }

#ifndef OPENSSL_NO_SCTP

    /* Only do replay check if no SCTP bio */

    if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {

#endif

        /*

         * Check whether this is a repeat, or aged record. Don't check if

         * we're listening and this message is a ClientHello. They can look

         * as if they're replayed, since they arrive from different

         * connections and would be dropped unnecessarily.

         */

        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&

              s->packet_length > DTLS1_RT_HEADER_LENGTH &&

              s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&

            !dtls1_record_replay_check(s, bitmap)) {

            rr->length = 0;

            s->packet_length = 0; /* dump this record */

            goto again;         /* get another record */

        }

#ifndef OPENSSL_NO_SCTP

    }

#endif

    /* just read a 0 length packet */

    if (rr->length == 0)

        goto again;

    /*

     * If this record is from the next epoch (either HM or ALERT), and a

     * handshake is currently in progress, buffer it since it cannot be

     * processed at this time. However, do not buffer anything while

     * listening.

     */

    if (is_next_epoch) {

        if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {

            if (dtls1_buffer_record

                (s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0)

                return -1;

            /* Mark receipt of record. */

            dtls1_record_bitmap_update(s, bitmap);

        }

        rr->length = 0;

        s->packet_length = 0;

        goto again;

    }

    if (!dtls1_process_record(s)) {

        rr->length = 0;

        s->packet_length = 0;   /* dump this record */

        goto again;             /* get another record */

    }

    dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */

    return (1);

}

/*-

 * Return up to 'len' payload bytes received in 'type' records.

    return -1;

}

static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)

int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)

{

    int cmp;

    unsigned int shift;

    return 1;

}

static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)

void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)

{

    int cmp;

    unsigned int shift;

    return (i);

}

static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,

DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,

                                      unsigned int *is_next_epoch)

{

void SSL3_RECORD_release(SSL3_RECORD *r);

int SSL3_RECORD_setup(SSL3_RECORD *r, size_t len);

void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);

int ssl3_get_record(SSL *s);

__owur int ssl3_do_compress(SSL *ssl);

__owur int ssl3_do_uncompress(SSL *ssl);

int dtls1_process_record(SSL *s);

int dtls1_get_record(SSL *s);

__owur int dtls1_do_write(SSL *s, int type);

__owur int ssl3_read_n(SSL *s, int n, int max, int extend);

__owur int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);

__owur int ssl3_do_compress(SSL *ssl);

__owur int ssl3_do_uncompress(SSL *ssl);

__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,

                       unsigned int len);

void dtls1_set_message_header(SSL *s,

__owur unsigned int dtls1_min_mtu(SSL *s);

__owur unsigned int dtls1_link_min_mtu(void);

void dtls1_hm_fragment_free(hm_fragment *frag);

int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);

void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);

DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,

                                      unsigned int *is_next_epoch);

int dtls1_process_buffered_records(SSL *s);

int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue);

int dtls1_buffer_record(SSL *s, record_pqueue *q,

                               unsigned char *priority);

/* some client-only functions */

__owur int ssl3_client_hello(SSL *s);

long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);

__owur int dtls1_shutdown(SSL *s);

<<<<<<< HEAD

__owur long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);

__owur int dtls1_get_record(SSL *s);

__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,

=======

long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);

int do_dtls1_write(SSL *s, int type, const unsigned char *buf,

>>>>>>> Move SSL3_RECORD oriented functions into ssl3_record.c

                   unsigned int len, int create_empty_fragement);

__owur int dtls1_dispatch_alert(SSL *s);