(linenum→info "unix/slp.c:2238")

openssl/0.9.8g/ssl/d1_pkt.c

    1: /* ssl/d1_pkt.c */
    2: /* 
    3:  * DTLS implementation written by Nagendra Modadugu
    4:  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
    5:  */
    6: /* ====================================================================
    7:  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
    8:  *
    9:  * Redistribution and use in source and binary forms, with or without
   10:  * modification, are permitted provided that the following conditions
   11:  * are met:
   12:  *
   13:  * 1. Redistributions of source code must retain the above copyright
   14:  *    notice, this list of conditions and the following disclaimer. 
   15:  *
   16:  * 2. Redistributions in binary form must reproduce the above copyright
   17:  *    notice, this list of conditions and the following disclaimer in
   18:  *    the documentation and/or other materials provided with the
   19:  *    distribution.
   20:  *
   21:  * 3. All advertising materials mentioning features or use of this
   22:  *    software must display the following acknowledgment:
   23:  *    "This product includes software developed by the OpenSSL Project
   24:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   25:  *
   26:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   27:  *    endorse or promote products derived from this software without
   28:  *    prior written permission. For written permission, please contact
   29:  *    openssl-core@openssl.org.
   30:  *
   31:  * 5. Products derived from this software may not be called "OpenSSL"
   32:  *    nor may "OpenSSL" appear in their names without prior written
   33:  *    permission of the OpenSSL Project.
   34:  *
   35:  * 6. Redistributions of any form whatsoever must retain the following
   36:  *    acknowledgment:
   37:  *    "This product includes software developed by the OpenSSL Project
   38:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   39:  *
   40:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   41:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   42:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   43:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   44:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   45:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   46:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   47:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
   49:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   50:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   51:  * OF THE POSSIBILITY OF SUCH DAMAGE.
   52:  * ====================================================================
   53:  *
   54:  * This product includes cryptographic software written by Eric Young
   55:  * (eay@cryptsoft.com).  This product includes software written by Tim
   56:  * Hudson (tjh@cryptsoft.com).
   57:  *
   58:  */
   59: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   60:  * All rights reserved.
   61:  *
   62:  * This package is an SSL implementation written
   63:  * by Eric Young (eay@cryptsoft.com).
   64:  * The implementation was written so as to conform with Netscapes SSL.
   65:  * 
   66:  * This library is free for commercial and non-commercial use as long as
   67:  * the following conditions are aheared to.  The following conditions
   68:  * apply to all code found in this distribution, be it the RC4, RSA,
   69:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   70:  * included with this distribution is covered by the same copyright terms
   71:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   72:  * 
   73:  * Copyright remains Eric Young's, and as such any Copyright notices in
   74:  * the code are not to be removed.
   75:  * If this package is used in a product, Eric Young should be given attribution
   76:  * as the author of the parts of the library used.
   77:  * This can be in the form of a textual message at program startup or
   78:  * in documentation (online or textual) provided with the package.
   79:  * 
   80:  * Redistribution and use in source and binary forms, with or without
   81:  * modification, are permitted provided that the following conditions
   82:  * are met:
   83:  * 1. Redistributions of source code must retain the copyright
   84:  *    notice, this list of conditions and the following disclaimer.
   85:  * 2. Redistributions in binary form must reproduce the above copyright
   86:  *    notice, this list of conditions and the following disclaimer in the
   87:  *    documentation and/or other materials provided with the distribution.
   88:  * 3. All advertising materials mentioning features or use of this software
   89:  *    must display the following acknowledgement:
   90:  *    "This product includes cryptographic software written by
   91:  *     Eric Young (eay@cryptsoft.com)"
   92:  *    The word 'cryptographic' can be left out if the rouines from the library
   93:  *    being used are not cryptographic related :-).
   94:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   95:  *    the apps directory (application code) you must include an acknowledgement:
   96:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   97:  * 
   98:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   99:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  100:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  101:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  102:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  103:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  104:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  105:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  106:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  107:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  108:  * SUCH DAMAGE.
  109:  * 
  110:  * The licence and distribution terms for any publically available version or
  111:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  112:  * copied and put under another distribution licence
  113:  * [including the GNU Public Licence.]
  114:  */
  115: 
  116: #include <stdio.h>
  117: #include <errno.h>
  118: #define USE_SOCKETS
  119: #include "ssl_locl.h"
  120: #include <openssl/evp.h>
  121: #include <openssl/buffer.h>
  122: #include <openssl/pqueue.h>
  123: #include <openssl/rand.h>
  124: 
  125: static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 
  126:         int len, int peek);
  127: static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
  128:         PQ_64BIT *seq_num);
  129: static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
  130: static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 
  131:     unsigned int *is_next_epoch);
  132: #if 0
  133: static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
  134:         unsigned short *priority, unsigned long *offset);
  135: #endif
  136: static int dtls1_buffer_record(SSL *s, record_pqueue *q,
  137:         PQ_64BIT priority);
  138: static int dtls1_process_record(SSL *s);
  139: #if PQ_64BIT_IS_INTEGER
  140: static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
  141: #endif
  142: static void dtls1_clear_timeouts(SSL *s);
  143: 
  144: /* copy buffered record into SSL structure */
  145: static int
  146: dtls1_copy_record(SSL *s, pitem *item)
  147:     {
  148:     DTLS1_RECORD_DATA *rdata;
  149: 
  150:     rdata = (DTLS1_RECORD_DATA *)item->data;
  151:     
  152:     if (s->s3->rbuf.buf != NULL)
  153:         OPENSSL_free(s->s3->rbuf.buf);
  154:     
  155:     s->packet = rdata->packet;
  156:     s->packet_length = rdata->packet_length;
  157:     memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
  158:     memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
  159:     
  160:     return(1);
  161:     }
  162: 
  163: 
  164: static int
  165: dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)
  166: {
  167:     DTLS1_RECORD_DATA *rdata;
  168:         pitem *item;
  169: 
  170:         rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
  171:         item = pitem_new(priority, rdata);
  172:         if (rdata == NULL || item == NULL)
  173:                 {
  174:                 if (rdata != NULL) OPENSSL_free(rdata);
  175:                 if (item != NULL) pitem_free(item);
  176:                 
  177:                 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
  178:                 return(0);
  179:                 }
  180:         
  181:         rdata->packet = s->packet;
  182:         rdata->packet_length = s->packet_length;
  183:         memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
  184:         memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
  185: 
  186:         item->data = rdata;
  187: 
  188:         /* insert should not fail, since duplicates are dropped */
  189:         if (pqueue_insert(queue->q, item) == NULL)
  190:                 {
  191:                 OPENSSL_free(rdata);
  192:                 pitem_free(item);
  193:                 return(0);
  194:                 }
  195: 
  196:         s->packet = NULL;
  197:         s->packet_length = 0;
  198:         memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
  199:         memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
  200:         
  201:         if (!ssl3_setup_buffers(s))
  202:                 {
  203:                 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
  204:                 OPENSSL_free(rdata);
  205:                 pitem_free(item);
  206:                 return(0);
  207:                 }
  208:         
  209:         return(1);
  210:     }
  211: 
  212: 
  213: static int
  214: dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
  215:     {
  216:     pitem *item;
  217: 
  218:     item = pqueue_pop(queue->q);
  219:     if (item)
  220:         {
  221:         dtls1_copy_record(s, item);
  222: 
  223:         OPENSSL_free(item->data);
  224:                 pitem_free(item);
  225: 
  226:         return(1);
  227:         }
  228: 
  229:     return(0);
  230:     }
  231: 
  232: 
  233: /* retrieve a buffered record that belongs to the new epoch, i.e., not processed 
  234:  * yet */
  235: #define dtls1_get_unprocessed_record(s) \
  236:                    dtls1_retrieve_buffered_record((s), \
  237:                    &((s)->d1->unprocessed_rcds))
  238: 
  239: /* retrieve a buffered record that belongs to the current epoch, ie, processed */
  240: #define dtls1_get_processed_record(s) \
  241:                    dtls1_retrieve_buffered_record((s), \
  242:                    &((s)->d1->processed_rcds))
  243: 
  244: static int
  245: dtls1_process_buffered_records(SSL *s)
  246:     {
  247:     pitem *item;
  248:     
  249:     item = pqueue_peek(s->d1->unprocessed_rcds.q);
  250:     if (item)
  251:         {
  252:         DTLS1_RECORD_DATA *rdata;
  253:         rdata = (DTLS1_RECORD_DATA *)item->data;
  254:         
  255:         /* Check if epoch is current. */
  256:         if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
  257:             return(1);  /* Nothing to do. */
  258:         
  259:         /* Process all the records. */
  260:         while (pqueue_peek(s->d1->unprocessed_rcds.q))
  261:             {
  262:             dtls1_get_unprocessed_record(s);
  263:             if ( ! dtls1_process_record(s))
  264:                 return(0);
  265:             dtls1_buffer_record(s, &(s->d1->processed_rcds), 
  266:                 s->s3->rrec.seq_num);
  267:             }
  268:         }
  269: 
  270:     /* sync epoch numbers once all the unprocessed records 
  271:      * have been processed */
  272:     s->d1->processed_rcds.epoch = s->d1->r_epoch;
  273:     s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
  274: 
  275:     return(1);
  276:     }
  277: 
  278: 
  279: #if 0
  280: 
  281: static int
  282: dtls1_get_buffered_record(SSL *s)
  283:         {
  284:         pitem *item;
  285:         PQ_64BIT priority = 
  286:                 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | 
  287:                 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
  288:         
  289:         if ( ! SSL_in_init(s))  /* if we're not (re)negotiating, 
  290:                                                            nothing buffered */
  291:                 return 0;
  292: 
  293: 
  294:         item = pqueue_peek(s->d1->rcvd_records);
  295:         if (item && item->priority == priority)
  296:                 {
  297:                 /* Check if we've received the record of interest.  It must be
  298:                  * a handshake record, since data records as passed up without
  299:                  * buffering */
  300:                 DTLS1_RECORD_DATA *rdata;
  301:                 item = pqueue_pop(s->d1->rcvd_records);
  302:                 rdata = (DTLS1_RECORD_DATA *)item->data;
  303:                 
  304:                 if (s->s3->rbuf.buf != NULL)
  305:                         OPENSSL_free(s->s3->rbuf.buf);
  306:                 
  307:                 s->packet = rdata->packet;
  308:                 s->packet_length = rdata->packet_length;
  309:                 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
  310:                 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
  311:                 
  312:                 OPENSSL_free(item->data);
  313:                 pitem_free(item);
  314:                 
  315:                 /* s->d1->next_expected_seq_num++; */
  316:                 return(1);
  317:                 }
  318:         
  319:         return 0;
  320:         }
  321: 
  322: #endif
  323: 
  324: static int
  325: dtls1_process_record(SSL *s)
  326: {
  327:     int i,al;
  328:         int clear=0;
  329:     int enc_err;
  330:         SSL_SESSION *sess;
  331:     SSL3_RECORD *rr;
  332:         unsigned int mac_size;
  333:         unsigned char md[EVP_MAX_MD_SIZE];
  334: 
  335: 
  336:         rr= &(s->s3->rrec);
  337:     sess = s->session;
  338: 
  339:         /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
  340:          * and we have that many bytes in s->packet
  341:          */
  342:         rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
  343: 
  344:         /* ok, we can now read from 's->packet' data into 'rr'
  345:          * rr->input points at rr->length bytes, which
  346:          * need to be copied into rr->data by either
  347:          * the decryption or by the decompression
  348:          * When the data is 'copied' into the rr->data buffer,
  349:          * rr->input will be pointed at the new buffer */ 
  350: 
  351:         /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
  352:          * rr->length bytes of encrypted compressed stuff. */
  353: 
  354:         /* check is not needed I believe */
  355:         if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
  356:                 {
  357:                 al=SSL_AD_RECORD_OVERFLOW;
  358:                 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
  359:                 goto f_err;
  360:                 }
  361: 
  362:         /* decrypt in place in 'rr->input' */
  363:         rr->data=rr->input;
  364: 
  365:         enc_err = s->method->ssl3_enc->enc(s,0);
  366:         if (enc_err <= 0)
  367:                 {
  368:                 if (enc_err == 0)
  369:                         /* SSLerr() and ssl3_send_alert() have been called */
  370:                         goto err;
  371: 
  372:                 /* otherwise enc_err == -1 */
  373:                 goto decryption_failed_or_bad_record_mac;
  374:                 }
  375: 
  376: #ifdef TLS_DEBUG
  377: printf("dec %d\n",rr->length);
  378: { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
  379: printf("\n");
  380: #endif
  381: 
  382:         /* r->length is now the compressed data plus mac */
  383: if (    (sess == NULL) ||
  384:                 (s->enc_read_ctx == NULL) ||
  385:                 (s->read_hash == NULL))
  386:     clear=1;
  387: 
  388:         if (!clear)
  389:                 {
  390:                 mac_size=EVP_MD_size(s->read_hash);
  391: 
  392:                 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
  393:                         {
  394: #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
  395:                         al=SSL_AD_RECORD_OVERFLOW;
  396:                         SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
  397:                         goto f_err;
  398: #else
  399:                         goto decryption_failed_or_bad_record_mac;
  400: #endif                  
  401:                         }
  402:                 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
  403:                 if (rr->length < mac_size)
  404:                         {
  405: #if 0 /* OK only for stream ciphers */
  406:                         al=SSL_AD_DECODE_ERROR;
  407:                         SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
  408:                         goto f_err;
  409: #else
  410:                         goto decryption_failed_or_bad_record_mac;
  411: #endif
  412:                         }
  413:                 rr->length-=mac_size;
  414:                 i=s->method->ssl3_enc->mac(s,md,0);
  415:                 if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
  416:                         {
  417:                         goto decryption_failed_or_bad_record_mac;
  418:                         }
  419:                 }
  420: 
  421:         /* r->length is now just compressed */
  422:         if (s->expand != NULL)
  423:                 {
  424:                 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
  425:                         {
  426:                         al=SSL_AD_RECORD_OVERFLOW;
  427:                         SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
  428:                         goto f_err;
  429:                         }
  430:                 if (!ssl3_do_uncompress(s))
  431:                         {
  432:                         al=SSL_AD_DECOMPRESSION_FAILURE;
  433:                         SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
  434:                         goto f_err;
  435:                         }
  436:                 }
  437: 
  438:         if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
  439:                 {
  440:                 al=SSL_AD_RECORD_OVERFLOW;
  441:                 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
  442:                 goto f_err;
  443:                 }
  444: 
  445:         rr->off=0;
  446:         /* So at this point the following is true
  447:          * ssl->s3->rrec.type  is the type of record
  448:          * ssl->s3->rrec.length        == number of bytes in record
  449:          * ssl->s3->rrec.off   == offset to first valid byte
  450:          * ssl->s3->rrec.data  == where to take bytes from, increment
  451:          *                        after use :-).
  452:          */
  453: 
  454:         /* we have pulled in a full packet so zero things */
  455:         s->packet_length=0;
  456:     dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
  457:     return(1);
  458: 
  459: decryption_failed_or_bad_record_mac:
  460:         /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
  461:          * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
  462:          * failure is directly visible from the ciphertext anyway,
  463:          * we should not reveal which kind of error occured -- this
  464:          * might become visible to an attacker (e.g. via logfile) */
  465:         al=SSL_AD_BAD_RECORD_MAC;
  466:         SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
  467: f_err:
  468:         ssl3_send_alert(s,SSL3_AL_FATAL,al);
  469: err:
  470:         return(0);
  471: }
  472: 
  473: 
  474: /* Call this to get a new input record.
  475:  * It will return <= 0 if more data is needed, normally due to an error
  476:  * or non-blocking IO.
  477:  * When it finishes, one packet has been decoded and can be found in
  478:  * ssl->s3->rrec.type    - is the type of record
  479:  * ssl->s3->rrec.data,   - data
  480:  * ssl->s3->rrec.length, - number of bytes
  481:  */
  482: /* used only by dtls1_read_bytes */
  483: int dtls1_get_record(SSL *s)
  484:         {
  485:         int ssl_major,ssl_minor,al;
  486:         int i,n;
  487:         SSL3_RECORD *rr;
  488:         SSL_SESSION *sess;
  489:         unsigned char *p;
  490:         unsigned short version;
  491:         DTLS1_BITMAP *bitmap;
  492:         unsigned int is_next_epoch;
  493: 
  494:         rr= &(s->s3->rrec);
  495:         sess=s->session;
  496: 
  497:     /* The epoch may have changed.  If so, process all the
  498:      * pending records.  This is a non-blocking operation. */
  499:     if ( ! dtls1_process_buffered_records(s))
  500:         return 0;
  501: 
  502:         /* if we're renegotiating, then there may be buffered records */
  503:         if (dtls1_get_processed_record(s))
  504:                 return 1;
  505: 
  506:         /* get something from the wire */
  507: again:
  508:         /* check if we have the header */
  509:         if (   (s->rstate != SSL_ST_READ_BODY) ||
  510:                 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) 
  511:                 {
  512:                 n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
  513:                 /* read timeout is handled by dtls1_read_bytes */
  514:                 if (n <= 0) return(n); /* error or non-blocking */
  515: 
  516:                 OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH);
  517: 
  518:                 s->rstate=SSL_ST_READ_BODY;
  519: 
  520:                 p=s->packet;
  521: 
  522:                 /* Pull apart the header into the DTLS1_RECORD */
  523:                 rr->type= *(p++);
  524:                 ssl_major= *(p++);
  525:                 ssl_minor= *(p++);
  526:                 version=(ssl_major<<8)|ssl_minor;
  527: 
  528:                 /* sequence number is 64 bits, with top 2 bytes = epoch */ 
  529:                 n2s(p,rr->epoch);
  530: 
  531:                 memcpy(&(s->s3->read_sequence[2]), p, 6);
  532:                 p+=6;
  533: 
  534:                 n2s(p,rr->length);
  535: 
  536:                 /* Lets check version */
  537:                 if (!s->first_packet)
  538:                         {
  539:                         if (version != s->version && version != DTLS1_BAD_VER)
  540:                                 {
  541:                                 SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
  542:                                 /* Send back error using their
  543:                                  * version number :-) */
  544:                                 s->version=version;
  545:                                 al=SSL_AD_PROTOCOL_VERSION;
  546:                                 goto f_err;
  547:                                 }
  548:                         }
  549: 
  550:                 if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
  551:                     (version & 0xff00) != (DTLS1_BAD_VER & 0xff00))
  552:                         {
  553:                         SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
  554:                         goto err;
  555:                         }
  556: 
  557:                 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
  558:                         {
  559:                         al=SSL_AD_RECORD_OVERFLOW;
  560:                         SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
  561:                         goto f_err;
  562:                         }
  563: 
  564:                 s->client_version = version;
  565:                 /* now s->rstate == SSL_ST_READ_BODY */
  566:                 }
  567: 
  568:         /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
  569: 
  570:         if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
  571:                 {
  572:                 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
  573:                 i=rr->length;
  574:                 n=ssl3_read_n(s,i,i,1);
  575:                 if (n <=