Lots of Win32 fixes for DTLS.

1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.

apps/s_client.c

@@ -275,7 +275,7 @@ int MAIN(int argc, char **argv)
 #endif
 
 	struct sockaddr peer;
-	socklen_t peerlen = sizeof(peer);
+	int peerlen = sizeof(peer);
 	int enable_timeouts = 0 ;
 	long mtu = 0;
 
@@ -643,7 +643,7 @@ re_start:
 		struct timeval timeout;
 
 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
-		if (getsockname(s, &peer, &peerlen) < 0)
+		if (getsockname(s, &peer, (void *)&peerlen) < 0)
 			{
 			BIO_printf(bio_err, "getsockname:errno=%d\n",
 				get_last_socket_error());

crypto/bio/bss_dgram.c

@@ -64,8 +64,6 @@
 #define USE_SOCKETS
 #include "cryptlib.h"
 
-#include <sys/socket.h>
-
 #include <openssl/bio.h>
 
 #define IP_MTU      14 /* linux is lame */
@@ -174,13 +172,18 @@ static int dgram_read(BIO *b, char *out, int outl)
 	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
 
 	struct sockaddr peer;
-	socklen_t peerlen = sizeof(peer);
+	int peerlen = sizeof(peer);
 
 	if (out != NULL)
 		{
 		clear_socket_error();
 		memset(&peer, 0x00, peerlen);
-		ret=recvfrom(b->num,out,outl,0,&peer,&peerlen);
+		/* Last arg in recvfrom is signed on some platforms and
+		 * unsigned on others. It is of type socklen_t on some
+		 * but this is not universal. Cast to (void *) to avoid
+		 * compiler warnings.
+		 */
+		ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
 
 		if ( ! data->connected  && ret > 0)
 			BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
@@ -303,7 +306,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
 	case BIO_CTRL_DGRAM_QUERY_MTU:
          sockopt_len = sizeof(sockopt_val);
-		if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, &sockopt_val,
+		if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
 			&sockopt_len)) < 0 || sockopt_val < 0)
 			{ ret = 0; }
 		else
@@ -345,7 +348,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 	case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
 		if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-			ptr, (socklen_t *)&ret) < 0)
+			ptr, (void *)&ret) < 0)
 			{ perror("getsockopt"); ret = -1; }
 		break;
 	case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
@@ -355,7 +358,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 	case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
 		if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
-			ptr, (socklen_t *)&ret) < 0)
+			ptr, (void *)&ret) < 0)
 			{ perror("getsockopt"); ret = -1; }
 		break;
 	case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
@@ -369,6 +372,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 		else
 			ret = 0;
 		break;
+#ifdef EMSGSIZE
 	case BIO_CTRL_DGRAM_MTU_EXCEEDED:
 		if ( data->_errno == EMSGSIZE)
 			{
@@ -378,6 +382,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 		else
 			ret = 0;
 		break;
+#endif
 	default:
 		ret=0;
 		break;

crypto/pqueue/pqueue.c

@@ -57,8 +57,9 @@
  *
  */
 
+#include "cryptlib.h"
+#include <openssl/bn.h>
 #include "pqueue.h"
-#include "crypto.h"
 
 typedef struct _pqueue
 	{
@@ -67,7 +68,7 @@ typedef struct _pqueue
 	} pqueue_s;
 
 pitem *
-pitem_new(unsigned long long priority, void *data)
+pitem_new(BN_ULLONG priority, void *data)
 	{
 	pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem));
 	if (item == NULL) return NULL;
@@ -160,7 +161,7 @@ pqueue_pop(pqueue_s *pq)
 	}
 
 pitem *
-pqueue_find(pqueue_s *pq, unsigned long long priority)
+pqueue_find(pqueue_s *pq, BN_ULLONG priority)
 	{
 	pitem *next, *prev = NULL;
 	pitem *found = NULL;

crypto/pqueue/pqueue.h

@@ -68,14 +68,14 @@ typedef struct _pqueue *pqueue;
 
 typedef struct _pitem
 	{
-	unsigned long long priority;
+	BN_ULLONG priority;
 	void *data;
 	struct _pitem *next;
 	} pitem;
 
 typedef struct _pitem *piterator;
 
-pitem *pitem_new(unsigned long long priority, void *data);
+pitem *pitem_new(BN_ULLONG priority, void *data);
 void   pitem_free(pitem *item);
 
 pqueue pqueue_new(void);
@@ -84,7 +84,7 @@ void   pqueue_free(pqueue pq);
 pitem *pqueue_insert(pqueue pq, pitem *item);
 pitem *pqueue_peek(pqueue pq);
 pitem *pqueue_pop(pqueue pq);
-pitem *pqueue_find(pqueue pq, unsigned long long priority);
+pitem *pqueue_find(pqueue pq, BN_ULLONG priority);
 pitem *pqueue_iterator(pqueue pq);
 pitem *pqueue_next(piterator *iter);
 

ssl/d1_both.c

@@ -222,7 +222,7 @@ int dtls1_do_write(SSL *s, int type)
 
 	if ( s->init_off == 0  && type == SSL3_RT_HANDSHAKE)
 		OPENSSL_assert(s->init_num == 
-			s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+			(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
 
 	frag_off = 0;
 	while( s->init_num)
@@ -289,7 +289,7 @@ int dtls1_do_write(SSL *s, int type)
 			
 			/* bad if this assert fails, only part of the handshake
 			 * message got sent.  but why would this happen? */
-			OPENSSL_assert(len == ret); 
+			OPENSSL_assert(len == (unsigned int)ret); 
 			
 			if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
 				/* should not be done for 'Hello Request's, but in that case
@@ -360,7 +360,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 		else if ( i <= 0 && !*ok)
 			return i;
 
-		if (s->d1->r_msg_hdr.msg_len == s->init_num - DTLS1_HM_HEADER_LENGTH)
+		if (s->d1->r_msg_hdr.msg_len == (unsigned int)s->init_num - DTLS1_HM_HEADER_LENGTH)
 			{
 			memset(&(s->d1->r_msg_hdr), 0x00, sizeof(struct hm_header_st));
 
@@ -413,7 +413,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, unsigned long *copied)
     frag = (hm_fragment *)item->data;
     
     if ( s->d1->handshake_read_seq == frag->msg_header.seq &&
-        frag->msg_header.frag_off <= s->init_num - DTLS1_HM_HEADER_LENGTH)
+        frag->msg_header.frag_off <= (unsigned int)s->init_num - DTLS1_HM_HEADER_LENGTH)
         {
         pqueue_pop(s->d1->buffered_messages);
         overlap = s->init_num - DTLS1_HM_HEADER_LENGTH 
@@ -685,7 +685,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
     /* XDTLS:  an incorrectly formatted fragment should cause the 
      * handshake to fail */
-	OPENSSL_assert(i == frag_len);
+	OPENSSL_assert(i == (int)frag_len);
 
 #if 0
     /* Successfully read a fragment.
@@ -1049,12 +1049,12 @@ dtls1_buffer_message(SSL *s, int is_ccs)
     if ( is_ccs)
         {
         OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
-            DTLS1_CCS_HEADER_LENGTH == s->init_num);
+            DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
         }
     else
         {
         OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
-            DTLS1_HM_HEADER_LENGTH == s->init_num);
+            DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
         }
 
     frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;

ssl/d1_pkt.c

@@ -124,7 +124,7 @@
 static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 
 	int len, int peek);
 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
-	unsigned long long *seq_num);
+	BN_ULLONG *seq_num);
 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
 static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 
     unsigned int *is_next_epoch);
@@ -133,10 +133,10 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
 	unsigned short *priority, unsigned long *offset);
 #endif
 static int dtls1_buffer_record(SSL *s, record_pqueue *q,
-	unsigned long long priority);
+	BN_ULLONG priority);
 static int dtls1_process_record(SSL *s);
-static unsigned long long bytes_to_long_long(unsigned char *bytes);
-static void long_long_to_bytes(unsigned long long num, unsigned char *bytes);
+static BN_ULLONG bytes_to_long_long(unsigned char *bytes);
+static void long_long_to_bytes(BN_ULLONG num, unsigned char *bytes);
 static void dtls1_clear_timeouts(SSL *s);
 
 
@@ -161,7 +161,7 @@ dtls1_copy_record(SSL *s, pitem *item)
 
 
 static int
-dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned long long priority)
+dtls1_buffer_record(SSL *s, record_pqueue *queue, BN_ULLONG priority)
 {
     DTLS1_RECORD_DATA *rdata;
 	pitem *item;
@@ -275,9 +275,9 @@ static int
 dtls1_get_buffered_record(SSL *s)
 	{
 	pitem *item;
-	unsigned long long priority = 
-		(((unsigned long long)s->d1->handshake_read_seq) << 32) | 
-		((unsigned long long)s->d1->r_msg_hdr.frag_off);
+	BN_ULLONG priority = 
+		(((BN_ULLONG)s->d1->handshake_read_seq) << 32) | 
+		((BN_ULLONG)s->d1->r_msg_hdr.frag_off);
 	
 	if ( ! SSL_in_init(s))  /* if we're not (re)negotiating, 
 							   nothing buffered */
@@ -482,7 +482,7 @@ int dtls1_get_record(SSL *s)
 	unsigned char *p;
 	short version;
 	DTLS1_BITMAP *bitmap;
-	unsigned long long read_sequence;
+	BN_ULLONG read_sequence;
     unsigned int is_next_epoch;
 
 	rr= &(s->s3->rrec);
@@ -1243,7 +1243,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)
 		return i;
 		}
 
-	if ( s->s3->wnum + i == len)
+	if ( (int)s->s3->wnum + i == len)
 		s->s3->wnum = 0;
 	else 
 		s->s3->wnum += i;
@@ -1419,7 +1419,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 	/* buffer the record, making it easy to handle retransmits */
 	if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
 		dtls1_buffer_record(s, wr->data, wr->length, 
-			*((unsigned long long *)&(s->s3->write_sequence[0])));
+			*((BN_ULLONG *)&(s->s3->write_sequence[0])));
 #endif
 
 	ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
@@ -1451,10 +1451,10 @@ err:
 
 
 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
-	unsigned long long *seq_num)
+	BN_ULLONG *seq_num)
 	{
-	unsigned long long mask = 0x0000000000000001LL;
-	unsigned long long rcd_num;
+	BN_ULLONG mask = 0x0000000000000001L;
+	BN_ULLONG rcd_num;
 
 	rcd_num = bytes_to_long_long(s->s3->read_sequence);
 	
@@ -1479,17 +1479,17 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
 	{
 	unsigned int shift;
-	unsigned long long mask = 0x0000000000000001L;
-	unsigned long long rcd_num;
+	BN_ULLONG mask = 0x0000000000000001L;
+	BN_ULLONG rcd_num;
 
 	rcd_num = bytes_to_long_long(s->s3->read_sequence);
 
 	if (rcd_num >= bitmap->max_seq_num)
 		{
-		shift = rcd_num - bitmap->max_seq_num + 1;
+		shift = (unsigned int)(rcd_num - bitmap->max_seq_num) + 1;
 		bitmap->max_seq_num = rcd_num + 1;
 		bitmap->map <<= shift;
-		bitmap->map |= 0x0000000000000001LL;
+		bitmap->map |= 0x0000000000000001L;
 		}
 	else
 		{
@@ -1570,7 +1570,7 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
         return &s->d1->bitmap;
 
     /* Only HM and ALERT messages can be from the next epoch */
-    else if (rr->epoch == s->d1->r_epoch + 1 &&
+    else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
         (rr->type == SSL3_RT_HANDSHAKE ||
             rr->type == SSL3_RT_ALERT))
         {
@@ -1669,25 +1669,25 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
 	}
 
 
-static unsigned long long
+static BN_ULLONG
 bytes_to_long_long(unsigned char *bytes)
 	{
-	unsigned long long num;
+	BN_ULLONG num;
 
-	num = (((unsigned long long)bytes[0]) << 56) |
-		(((unsigned long long)bytes[1]) << 48) |
-		(((unsigned long long)bytes[2]) << 40) |
-		(((unsigned long long)bytes[3]) << 32) |
-		(((unsigned long long)bytes[4]) << 24) |
-		(((unsigned long long)bytes[5]) << 16) |
-		(((unsigned long long)bytes[6]) <<  8) |
-		(((unsigned long long)bytes[7])      );
+	num = (((BN_ULLONG)bytes[0]) << 56) |
+		(((BN_ULLONG)bytes[1]) << 48) |
+		(((BN_ULLONG)bytes[2]) << 40) |
+		(((BN_ULLONG)bytes[3]) << 32) |
+		(((BN_ULLONG)bytes[4]) << 24) |
+		(((BN_ULLONG)bytes[5]) << 16) |
+		(((BN_ULLONG)bytes[6]) <<  8) |
+		(((BN_ULLONG)bytes[7])      );
 
 	return num;
 	}
 
 static void
-long_long_to_bytes(unsigned long long num, unsigned char *bytes)
+long_long_to_bytes(BN_ULLONG num, unsigned char *bytes)
 	{
 	bytes[0] = (unsigned char)((num >> 56)&0xff);
 	bytes[1] = (unsigned char)((num >> 48)&0xff);

ssl/dtls1.h

@@ -90,9 +90,9 @@ extern "C" {
 
 typedef struct dtls1_bitmap_st
 	{
-	unsigned long long map;
+	BN_ULLONG map;
 	unsigned long length;     /* sizeof the bitmap in bits */
-	unsigned long long max_seq_num;  /* max record number seen so far */
+	BN_ULLONG max_seq_num;  /* max record number seen so far */
 	} DTLS1_BITMAP;
 
 struct hm_header_st
@@ -163,7 +163,7 @@ typedef struct dtls1_state_st
 	unsigned short handshake_read_seq;
 
 	/* only matters for handshake messages */  
-	unsigned long long next_expected_seq_num; 
+	BN_ULLONG next_expected_seq_num; 
 
 	/* Received handshake records (processed and unprocessed) */
 	record_pqueue unprocessed_rcds;

ssl/s3_srvr.c

@@ -677,7 +677,7 @@ int ssl3_check_client_hello(SSL *s)
 int ssl3_get_client_hello(SSL *s)
 	{
 	int i,j,ok,al,ret= -1;
-	int cookie_len;
+	unsigned int cookie_len;
 	long n;
 	unsigned long id;
 	unsigned char *p,*d,*q;

ssl/ssl3.h

@@ -295,7 +295,7 @@ typedef struct ssl3_record_st
 /*rw*/	unsigned char *input;   /* where the decode bytes are */
 /*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
-/*r */  unsigned long long seq_num; /* sequence number, needed by DTLS1 */
+/*r */  BN_ULLONG seq_num; /* sequence number, needed by DTLS1 */
 	} SSL3_RECORD;
 
 typedef struct ssl3_buffer_st

ssl/ssl_locl.h

@@ -183,12 +183,12 @@
 			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
 			 *((c)++)=(unsigned char)(((l)    )&0xff))
 
-#define n2l6(c,l)	(l =((unsigned long long)(*((c)++)))<<40, \
-			 l|=((unsigned long long)(*((c)++)))<<32, \
-			 l|=((unsigned long long)(*((c)++)))<<24, \
-			 l|=((unsigned long long)(*((c)++)))<<16, \
-			 l|=((unsigned long long)(*((c)++)))<< 8, \
-			 l|=((unsigned long long)(*((c)++))))
+#define n2l6(c,l)	(l =((BN_ULLONG)(*((c)++)))<<40, \
+			 l|=((BN_ULLONG)(*((c)++)))<<32, \
+			 l|=((BN_ULLONG)(*((c)++)))<<24, \
+			 l|=((BN_ULLONG)(*((c)++)))<<16, \
+			 l|=((BN_ULLONG)(*((c)++)))<< 8, \
+			 l|=((BN_ULLONG)(*((c)++))))
 
 /* NOTE - c is not incremented as per l2c */
 #define l2cn(l1,l2,c,n)	{ \

util/libeay.num

@@ -3313,3 +3313,15 @@ BN_BLINDING_set_flags                   3712	EXIST::FUNCTION:
 BN_BLINDING_invert_ex                   3713	EXIST::FUNCTION:
 BN_BLINDING_get_thread_id               3714	EXIST::FUNCTION:
 BN_BLINDING_get_flags                   3715	EXIST::FUNCTION:
+pitem_new                               3716	EXIST::FUNCTION:
+pqueue_iterator                         3717	EXIST::FUNCTION:
+pqueue_print                            3718	EXIST::FUNCTION:
+pqueue_find                             3719	EXIST::FUNCTION:
+pqueue_peek                             3720	EXIST::FUNCTION:
+pqueue_pop                              3721	EXIST::FUNCTION:
+BN_MONT_CTX_set_locked                  3722	EXIST::FUNCTION:
+pqueue_free                             3723	EXIST::FUNCTION:
+pqueue_next                             3724	EXIST::FUNCTION:
+pqueue_new                              3725	EXIST::FUNCTION:
+pqueue_insert                           3726	EXIST::FUNCTION:
+pitem_free                              3727	EXIST::FUNCTION:

util/mkdef.pl

@@ -277,6 +277,7 @@ $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
 $crypto.=" crypto/krb5/krb5_asn.h";
 $crypto.=" crypto/tmdiff.h";
 $crypto.=" crypto/store/store.h";
+$crypto.=" crypto/pqueue/pqueue.h";
 
 my $symhacks="crypto/symhacks.h";
 

util/mkfiles.pl

@@ -54,6 +54,7 @@ my @dirs = (
 "crypto/ui",
 "crypto/krb5",
 "crypto/store",
+"crypto/pqueue",
 "ssl",
 "apps",
 "engines",