ssl/record/dtls1_bitmap.c - third_party/openssl - Git at Google

 /*
  * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */

 #include "../ssl_locl.h"
 #include "record_locl.h"

 /* mod 128 saturating subtract of two 64-bit values in big-endian order */
 static int satsub64be(const unsigned char *v1, const unsigned char *v2)
 {
     int ret, i;

     if (sizeof(long) == 8)
         do {
             const union {
                 long one;
                 char little;
             } is_endian = {
                 1
             };
             long l;

             if (is_endian.little)
                 break;
             /* not reached on little-endians */
             /*
              * following test is redundant, because input is always aligned,
              * but I take no chances...
              */
             if (((size_t)v1 | (size_t)v2) & 0x7)
                 break;

             l = *((long *)v1);
             l -= *((long *)v2);
             if (l > 128)
                 return 128;
             else if (l < -128)
                 return -128;
             else
                 return (int)l;
         } while (0);

     ret = 0;
     for (i=0; i<7; i++) {
         if (v1[i] > v2[i]) {
             /* v1 is larger... but by how much? */
             if (v1[i] != v2[i] + 1)
                 return 128;
             while (++i <= 6) {
                 if (v1[i] != 0x00 || v2[i] != 0xff)
                     return 128; /* too much */
             }
             /* We checked all the way to the penultimate byte,
              * so despite higher bytes changing we actually
              * know that it only changed from (e.g.)
              *       ... (xx)  ff ff ff ??
              * to   ... (xx+1) 00 00 00 ??
              * so we add a 'bias' of 256 for the carry that
              * happened, and will eventually return
              * 256 + v1[7] - v2[7]. */
             ret = 256;
             break;
         } else if (v2[i] > v1[i]) {
             /* v2 is larger... but by how much? */
             if (v2[i] != v1[i] + 1)
                 return -128;
             while (++i <= 6) {
                 if (v2[i] != 0x00 || v1[i] != 0xff)
                     return -128; /* too much */
             }
             /* Similar to the case above, we know it changed
              * from    ... (xx)  00 00 00 ??
              * to     ... (xx-1) ff ff ff ??
              * so we add a 'bias' of -256 for the borrow,
              * to return -256 + v1[7] - v2[7]. */
             ret = -256;
         }
     }

     ret += (int)v1[7] - (int)v2[7];

     if (ret > 128)
         return 128;
     else if (ret < -128)
         return -128;
     else
         return ret;
 }

 int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
 {
     int cmp;
     unsigned int shift;
     const unsigned char *seq = s->rlayer.read_sequence;

     cmp = satsub64be(seq, bitmap->max_seq_num);
     if (cmp > 0) {
         SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
         return 1;               /* this record in new */
     }
     shift = -cmp;
     if (shift >= sizeof(bitmap->map) * 8)
         return 0;               /* stale, outside the window */
     else if (bitmap->map & (1UL << shift))
         return 0;               /* record previously received */

     SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
     return 1;
 }

 void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
 {
     int cmp;
     unsigned int shift;
     const unsigned char *seq = RECORD_LAYER_get_read_sequence(&s->rlayer);

     cmp = satsub64be(seq, bitmap->max_seq_num);
     if (cmp > 0) {
         shift = cmp;
         if (shift < sizeof(bitmap->map) * 8)
             bitmap->map <<= shift, bitmap->map |= 1UL;
         else
             bitmap->map = 1UL;
         memcpy(bitmap->max_seq_num, seq, SEQ_NUM_SIZE);
     } else {
         shift = -cmp;
         if (shift < sizeof(bitmap->map) * 8)
             bitmap->map |= 1UL << shift;
     }
 }
	/*
	* Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
	*
	* Licensed under the OpenSSL license (the "License"). You may not use
	* this file except in compliance with the License. You can obtain a copy
	* in the file LICENSE in the source distribution or at
	* https://www.openssl.org/source/license.html
	*/

	#include "../ssl_locl.h"
	#include "record_locl.h"

	/* mod 128 saturating subtract of two 64-bit values in big-endian order */
	static int satsub64be(const unsigned char v1, const unsigned char v2)
	{
	int ret, i;

	if (sizeof(long) == 8)
	do {
	const union {
	long one;
	char little;
	} is_endian = {
	1
	};
	long l;

	if (is_endian.little)
	break;
	/* not reached on little-endians */
	/*
	* following test is redundant, because input is always aligned,
	* but I take no chances...
	*/
	if (((size_t)v1 \| (size_t)v2) & 0x7)
	break;

	l = ((long )v1);
	l -= ((long )v2);
	if (l > 128)
	return 128;
	else if (l < -128)
	return -128;
	else
	return (int)l;
	} while (0);

	ret = 0;
	for (i=0; i<7; i++) {
	if (v1[i] > v2[i]) {
	/* v1 is larger... but by how much? */
	if (v1[i] != v2[i] + 1)
	return 128;
	while (++i <= 6) {
	if (v1[i] != 0x00 \|\| v2[i] != 0xff)
	return 128; /* too much */
	}
	/* We checked all the way to the penultimate byte,
	* so despite higher bytes changing we actually
	* know that it only changed from (e.g.)
	* ... (xx) ff ff ff ??
	* to ... (xx+1) 00 00 00 ??
	* so we add a 'bias' of 256 for the carry that
	* happened, and will eventually return
	* 256 + v1[7] - v2[7]. */
	ret = 256;
	break;
	} else if (v2[i] > v1[i]) {
	/* v2 is larger... but by how much? */
	if (v2[i] != v1[i] + 1)
	return -128;
	while (++i <= 6) {
	if (v2[i] != 0x00 \|\| v1[i] != 0xff)
	return -128; /* too much */
	}
	/* Similar to the case above, we know it changed
	* from ... (xx) 00 00 00 ??
	* to ... (xx-1) ff ff ff ??
	* so we add a 'bias' of -256 for the borrow,
	* to return -256 + v1[7] - v2[7]. */
	ret = -256;
	}
	}

	ret += (int)v1[7] - (int)v2[7];

	if (ret > 128)
	return 128;
	else if (ret < -128)
	return -128;
	else
	return ret;
	}

	int dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap)
	{
	int cmp;
	unsigned int shift;
	const unsigned char *seq = s->rlayer.read_sequence;

	cmp = satsub64be(seq, bitmap->max_seq_num);
	if (cmp > 0) {
	SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
	return 1; /* this record in new */
	}
	shift = -cmp;
	if (shift >= sizeof(bitmap->map) * 8)
	return 0; /* stale, outside the window */
	else if (bitmap->map & (1UL << shift))
	return 0; /* record previously received */

	SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
	return 1;
	}

	void dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap)
	{
	int cmp;
	unsigned int shift;
	const unsigned char *seq = RECORD_LAYER_get_read_sequence(&s->rlayer);

	cmp = satsub64be(seq, bitmap->max_seq_num);
	if (cmp > 0) {
	shift = cmp;
	if (shift < sizeof(bitmap->map) * 8)
	bitmap->map <<= shift, bitmap->map \|= 1UL;
	else
	bitmap->map = 1UL;
	memcpy(bitmap->max_seq_num, seq, SEQ_NUM_SIZE);
	} else {
	shift = -cmp;
	if (shift < sizeof(bitmap->map) * 8)
	bitmap->map \|= 1UL << shift;
	}
	}