Change SSLerror() back to taking two args, with the first one being an SSL *.

Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
author: beck <> 2017-02-07 02:08:38 +0000
committer: beck <> 2017-02-07 02:08:38 +0000
commit: 91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree: a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/d1_pkt.c
parent: 8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download: openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip
1 files changed, 21 insertions, 21 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 5e33a966de..5fdd176800 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.61 2017/01/26 10:40:21 beck Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.62 2017/02/07 02:08:38 beck Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -255,7 +255,7 @@ err:
        free(rdata->rbuf.buf);
 init_err:
-        SSLerror(ERR_R_INTERNAL_ERROR);
+        SSLerror(s, ERR_R_INTERNAL_ERROR);
        free(rdata);
        pitem_free(item);
        return (-1);
@@ -354,7 +354,7 @@ dtls1_process_record(SSL *s)
        /* check is not needed I believe */
        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
                al = SSL_AD_RECORD_OVERFLOW;
-                SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
                goto f_err;
        }
@@ -396,7 +396,7 @@ dtls1_process_record(SSL *s)
                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
                    orig_len < mac_size + 1)) {
                        al = SSL_AD_DECODE_ERROR;
-                        SSLerror(SSL_R_LENGTH_TOO_SHORT);
+                        SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
                }
@@ -433,7 +433,7 @@ dtls1_process_record(SSL *s)
        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
                al = SSL_AD_RECORD_OVERFLOW;
-                SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
+                SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
                goto f_err;
        }
@@ -650,7 +650,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        if ((type &&
             type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) ||
            (peek && (type != SSL3_RT_APPLICATION_DATA))) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -667,7 +667,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                        return (-1);
                }
        }
@@ -731,7 +731,7 @@ start:
                 */
                if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data),
                    rr->seq_num) < 0) {
-                        SSLerror(ERR_R_INTERNAL_ERROR);
+                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        return (-1);
                }
                rr->length = 0;
@@ -754,7 +754,7 @@ start:
                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
                        (s->enc_read_ctx == NULL)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_APP_DATA_IN_HANDSHAKE);
+                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
                        goto f_err;
                }
@@ -817,7 +817,7 @@ start:
                        /* Not certain if this is the right error handling */
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_UNEXPECTED_RECORD);
+                        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
                        goto f_err;
                }
@@ -862,7 +862,7 @@ start:
                    (D1I(s)->handshake_fragment[2] != 0) ||
                    (D1I(s)->handshake_fragment[3] != 0)) {
                        al = SSL_AD_DECODE_ERROR;
-                        SSLerror(SSL_R_BAD_HELLO_REQUEST);
+                        SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
                        goto err;
                }
@@ -883,7 +883,7 @@ start:
                                if (i < 0)
                                        return (i);
                                if (i == 0) {
-                                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                                        return (-1);
                                }
@@ -940,7 +940,7 @@ start:
                {
                        s->internal->rwstate = SSL_NOTHING;
                        S3I(s)->fatal_alert = alert_descr;
-                        SSLerror(SSL_AD_REASON_OFFSET + alert_descr);
+                        SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
                        ERR_asprintf_error_data("SSL alert number %d",
                            alert_descr);
                        s->internal->shutdown|=SSL_RECEIVED_SHUTDOWN;
@@ -948,7 +948,7 @@ start:
                        return (0);
                } else {
                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(SSL_R_UNKNOWN_ALERT_TYPE);
+                        SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
                        goto f_err;
                }
@@ -974,7 +974,7 @@ start:
                if ((rr->length != ccs_hdr_len) ||
                    (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
                        i = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                        SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
                        goto err;
                }
@@ -1038,7 +1038,7 @@ start:
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                        return (-1);
                }
@@ -1068,7 +1068,7 @@ start:
                        goto start;
                }
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(SSL_R_UNEXPECTED_RECORD);
+                SSLerror(s, SSL_R_UNEXPECTED_RECORD);
                goto f_err;
        case SSL3_RT_CHANGE_CIPHER_SPEC:
        case SSL3_RT_ALERT:
@@ -1077,7 +1077,7 @@ start:
                 * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
                 * should not happen when type != rr->type */
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto f_err;
        case SSL3_RT_APPLICATION_DATA:
                /* At this point, we were expecting handshake data,
@@ -1099,7 +1099,7 @@ start:
                        return (-1);
                } else {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_UNEXPECTED_RECORD);
+                        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
                        goto f_err;
                }
        }
@@ -1122,13 +1122,13 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                        return -1;
                }
        }
        if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
-                SSLerror(SSL_R_DTLS_MESSAGE_TOO_BIG);
+                SSLerror(s, SSL_R_DTLS_MESSAGE_TOO_BIG);
                return -1;
        }
author	beck <>	2017-02-07 02:08:38 +0000
committer	beck <>	2017-02-07 02:08:38 +0000
commit	91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree	a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/d1_pkt.c
parent	8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download	openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2 openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 5e33a966de..5fdd176800 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.61 2017/01/26 10:40:21 beck Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.62 2017/02/07 02:08:38 beck Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -255,7 +255,7 @@ err:
255	free(rdata->rbuf.buf);	255	free(rdata->rbuf.buf);
256		256
257	init_err:	257	init_err:
258	SSLerror(ERR_R_INTERNAL_ERROR);	258	SSLerror(s, ERR_R_INTERNAL_ERROR);
259	free(rdata);	259	free(rdata);
260	pitem_free(item);	260	pitem_free(item);
261	return (-1);	261	return (-1);
@@ -354,7 +354,7 @@ dtls1_process_record(SSL *s)
354	/* check is not needed I believe */	354	/* check is not needed I believe */
355	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {	355	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
356	al = SSL_AD_RECORD_OVERFLOW;	356	al = SSL_AD_RECORD_OVERFLOW;
357	SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG);	357	SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
358	goto f_err;	358	goto f_err;
359	}	359	}
360		360
@@ -396,7 +396,7 @@ dtls1_process_record(SSL *s)
396	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&	396	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
397	orig_len < mac_size + 1)) {	397	orig_len < mac_size + 1)) {
398	al = SSL_AD_DECODE_ERROR;	398	al = SSL_AD_DECODE_ERROR;
399	SSLerror(SSL_R_LENGTH_TOO_SHORT);	399	SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
400	goto f_err;	400	goto f_err;
401	}	401	}
402		402
@@ -433,7 +433,7 @@ dtls1_process_record(SSL *s)
433		433
434	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {	434	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
435	al = SSL_AD_RECORD_OVERFLOW;	435	al = SSL_AD_RECORD_OVERFLOW;
436	SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);	436	SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
437	goto f_err;	437	goto f_err;
438	}	438	}
439		439
@@ -650,7 +650,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
650	if ((type &&	650	if ((type &&
651	type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) \|\|	651	type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) \|\|
652	(peek && (type != SSL3_RT_APPLICATION_DATA))) {	652	(peek && (type != SSL3_RT_APPLICATION_DATA))) {
653	SSLerror(ERR_R_INTERNAL_ERROR);	653	SSLerror(s, ERR_R_INTERNAL_ERROR);
654	return -1;	654	return -1;
655	}	655	}
656		656
@@ -667,7 +667,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
667	if (i < 0)	667	if (i < 0)
668	return (i);	668	return (i);
669	if (i == 0) {	669	if (i == 0) {
670	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	670	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
671	return (-1);	671	return (-1);
672	}	672	}
673	}	673	}
@@ -731,7 +731,7 @@ start:
731	*/	731	*/
732	if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data),	732	if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data),
733	rr->seq_num) < 0) {	733	rr->seq_num) < 0) {
734	SSLerror(ERR_R_INTERNAL_ERROR);	734	SSLerror(s, ERR_R_INTERNAL_ERROR);
735	return (-1);	735	return (-1);
736	}	736	}
737	rr->length = 0;	737	rr->length = 0;
@@ -754,7 +754,7 @@ start:
754	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&	754	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
755	(s->enc_read_ctx == NULL)) {	755	(s->enc_read_ctx == NULL)) {
756	al = SSL_AD_UNEXPECTED_MESSAGE;	756	al = SSL_AD_UNEXPECTED_MESSAGE;
757	SSLerror(SSL_R_APP_DATA_IN_HANDSHAKE);	757	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
758	goto f_err;	758	goto f_err;
759	}	759	}
760		760
@@ -817,7 +817,7 @@ start:
817		817
818	/* Not certain if this is the right error handling */	818	/* Not certain if this is the right error handling */
819	al = SSL_AD_UNEXPECTED_MESSAGE;	819	al = SSL_AD_UNEXPECTED_MESSAGE;
820	SSLerror(SSL_R_UNEXPECTED_RECORD);	820	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
821	goto f_err;	821	goto f_err;
822	}	822	}
823		823
@@ -862,7 +862,7 @@ start:
862	(D1I(s)->handshake_fragment[2] != 0) \|\|	862	(D1I(s)->handshake_fragment[2] != 0) \|\|
863	(D1I(s)->handshake_fragment[3] != 0)) {	863	(D1I(s)->handshake_fragment[3] != 0)) {
864	al = SSL_AD_DECODE_ERROR;	864	al = SSL_AD_DECODE_ERROR;
865	SSLerror(SSL_R_BAD_HELLO_REQUEST);	865	SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
866	goto err;	866	goto err;
867	}	867	}
868		868
@@ -883,7 +883,7 @@ start:
883	if (i < 0)	883	if (i < 0)
884	return (i);	884	return (i);
885	if (i == 0) {	885	if (i == 0) {
886	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	886	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
887	return (-1);	887	return (-1);
888	}	888	}
889		889
@@ -940,7 +940,7 @@ start:
940	{	940	{
941	s->internal->rwstate = SSL_NOTHING;	941	s->internal->rwstate = SSL_NOTHING;
942	S3I(s)->fatal_alert = alert_descr;	942	S3I(s)->fatal_alert = alert_descr;
943	SSLerror(SSL_AD_REASON_OFFSET + alert_descr);	943	SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
944	ERR_asprintf_error_data("SSL alert number %d",	944	ERR_asprintf_error_data("SSL alert number %d",
945	alert_descr);	945	alert_descr);
946	s->internal->shutdown\|=SSL_RECEIVED_SHUTDOWN;	946	s->internal->shutdown\|=SSL_RECEIVED_SHUTDOWN;
@@ -948,7 +948,7 @@ start:
948	return (0);	948	return (0);
949	} else {	949	} else {
950	al = SSL_AD_ILLEGAL_PARAMETER;	950	al = SSL_AD_ILLEGAL_PARAMETER;
951	SSLerror(SSL_R_UNKNOWN_ALERT_TYPE);	951	SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
952	goto f_err;	952	goto f_err;
953	}	953	}
954		954
@@ -974,7 +974,7 @@ start:
974	if ((rr->length != ccs_hdr_len) \|\|	974	if ((rr->length != ccs_hdr_len) \|\|
975	(rr->off != 0) \|\| (rr->data[0] != SSL3_MT_CCS)) {	975	(rr->off != 0) \|\| (rr->data[0] != SSL3_MT_CCS)) {
976	i = SSL_AD_ILLEGAL_PARAMETER;	976	i = SSL_AD_ILLEGAL_PARAMETER;
977	SSLerror(SSL_R_BAD_CHANGE_CIPHER_SPEC);	977	SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
978	goto err;	978	goto err;
979	}	979	}
980		980
@@ -1038,7 +1038,7 @@ start:
1038	if (i < 0)	1038	if (i < 0)
1039	return (i);	1039	return (i);
1040	if (i == 0) {	1040	if (i == 0) {
1041	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	1041	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
1042	return (-1);	1042	return (-1);
1043	}	1043	}
1044		1044
@@ -1068,7 +1068,7 @@ start:
1068	goto start;	1068	goto start;
1069	}	1069	}
1070	al = SSL_AD_UNEXPECTED_MESSAGE;	1070	al = SSL_AD_UNEXPECTED_MESSAGE;
1071	SSLerror(SSL_R_UNEXPECTED_RECORD);	1071	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1072	goto f_err;	1072	goto f_err;
1073	case SSL3_RT_CHANGE_CIPHER_SPEC:	1073	case SSL3_RT_CHANGE_CIPHER_SPEC:
1074	case SSL3_RT_ALERT:	1074	case SSL3_RT_ALERT:
@@ -1077,7 +1077,7 @@ start:
1077	* of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that	1077	* of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
1078	* should not happen when type != rr->type */	1078	* should not happen when type != rr->type */
1079	al = SSL_AD_UNEXPECTED_MESSAGE;	1079	al = SSL_AD_UNEXPECTED_MESSAGE;
1080	SSLerror(ERR_R_INTERNAL_ERROR);	1080	SSLerror(s, ERR_R_INTERNAL_ERROR);
1081	goto f_err;	1081	goto f_err;
1082	case SSL3_RT_APPLICATION_DATA:	1082	case SSL3_RT_APPLICATION_DATA:
1083	/* At this point, we were expecting handshake data,	1083	/* At this point, we were expecting handshake data,
@@ -1099,7 +1099,7 @@ start:
1099	return (-1);	1099	return (-1);
1100	} else {	1100	} else {
1101	al = SSL_AD_UNEXPECTED_MESSAGE;	1101	al = SSL_AD_UNEXPECTED_MESSAGE;
1102	SSLerror(SSL_R_UNEXPECTED_RECORD);	1102	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1103	goto f_err;	1103	goto f_err;
1104	}	1104	}
1105	}	1105	}
@@ -1122,13 +1122,13 @@ dtls1_write_app_data_bytes(SSL s, int type, const void buf_, int len)
1122	if (i < 0)	1122	if (i < 0)
1123	return (i);	1123	return (i);
1124	if (i == 0) {	1124	if (i == 0) {
1125	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	1125	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
1126	return -1;	1126	return -1;
1127	}	1127	}
1128	}	1128	}
1129		1129
1130	if (len > SSL3_RT_MAX_PLAIN_LENGTH) {	1130	if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
1131	SSLerror(SSL_R_DTLS_MESSAGE_TOO_BIG);	1131	SSLerror(s, SSL_R_DTLS_MESSAGE_TOO_BIG);
1132	return -1;	1132	return -1;
1133	}	1133	}
1134		1134