Send the error function codes to rot in the depths of hell where they belong

We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
author: beck <> 2017-01-26 10:40:21 +0000
committer: beck <> 2017-01-26 10:40:21 +0000
commit: a4abf558fd44464a5a48bfeb5393b01002f66c5e (patch)
tree: e105a2b33d3aefb54727a955e9c746cc8edb0e50 /src/lib/libssl/ssl_pkt.c
parent: b7978753e566fd60946300b252a9d9d89559733e (diff)
download: openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.gz
openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.bz2
openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.zip
1 files changed, 37 insertions, 37 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 2fa7852b80..f354fb82bf 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.5 2017/01/26 08:19:43 beck Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.6 2017/01/26 10:40:21 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -224,7 +224,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
        if (n > (int)(rb->len - rb->offset)) {
                /* does not happen */
-                SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
+                SSLerror(ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -248,7 +248,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
                        s->internal->rwstate = SSL_READING;
                        i = BIO_read(s->rbio, pkt + len + left, max - left);
                } else {
-                        SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
+                        SSLerror(SSL_R_READ_BIO_NOT_SET);
                        i = -1;
                }
@@ -364,7 +364,7 @@ ssl3_get_record(SSL *s)
                if (!CBS_get_u8(&header, &type) ||
                    !CBS_get_u16(&header, &ssl_version) ||
                    !CBS_get_u16(&header, &len)) {
-                        SSLerr(SSL_F_SSL3_GET_RECORD,
+                        SSLerror(
                            SSL_R_BAD_PACKET_LENGTH);
                        goto err;
                }
@@ -374,7 +374,7 @@ ssl3_get_record(SSL *s)
                /* Lets check version */
                if (!s->internal->first_packet && ssl_version != s->version) {
-                        SSLerr(SSL_F_SSL3_GET_RECORD,
+                        SSLerror(
                            SSL_R_WRONG_VERSION_NUMBER);
                        if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
                            !s->internal->enc_write_ctx && !s->internal->write_hash)
@@ -385,14 +385,14 @@ ssl3_get_record(SSL *s)
                }
                if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
-                        SSLerr(SSL_F_SSL3_GET_RECORD,
+                        SSLerror(
                            SSL_R_WRONG_VERSION_NUMBER);
                        goto err;
                }
                if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
                        al = SSL_AD_RECORD_OVERFLOW;
-                        SSLerr(SSL_F_SSL3_GET_RECORD,
+                        SSLerror(
                            SSL_R_PACKET_LENGTH_TOO_LONG);
                        goto f_err;
                }
@@ -428,7 +428,7 @@ ssl3_get_record(SSL *s)
        /* check is not needed I believe */
        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
                al = SSL_AD_RECORD_OVERFLOW;
-                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
                goto f_err;
        }
@@ -442,7 +442,7 @@ ssl3_get_record(SSL *s)
         *    -1: if the padding is invalid */
        if (enc_err == 0) {
                al = SSL_AD_DECRYPTION_FAILED;
-                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                SSLerror(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                goto f_err;
        }
@@ -470,7 +470,7 @@ ssl3_get_record(SSL *s)
                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
                    orig_len < mac_size + 1)) {
                        al = SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
+                        SSLerror(SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
                }
@@ -510,14 +510,14 @@ ssl3_get_record(SSL *s)
                 * (e.g. via a logfile)
                 */
                al = SSL_AD_BAD_RECORD_MAC;
-                SSLerr(SSL_F_SSL3_GET_RECORD,
+                SSLerror(
                    SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
                goto f_err;
        }
        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
                al = SSL_AD_RECORD_OVERFLOW;
-                SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
+                SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
                goto f_err;
        }
@@ -543,7 +543,7 @@ ssl3_get_record(SSL *s)
                 * empty record without forcing want_read.
                 */
                if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
-                        SSLerr(SSL_F_SSL3_GET_RECORD,
+                        SSLerror(
                            SSL_R_PEER_BEHAVING_BADLY);
                        return -1;
                }
@@ -575,7 +575,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
        int i;
        if (len < 0) {
-                SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
+                SSLerror(ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -588,7 +588,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerr(SSL_F_SSL3_WRITE_BYTES,
+                        SSLerror(
                            SSL_R_SSL_HANDSHAKE_FAILURE);
                        return -1;
                }
@@ -698,7 +698,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                        if (prefix_len >
                                (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
                                /* insufficient space */
-                                SSLerr(SSL_F_DO_SSL3_WRITE,
+                                SSLerror(
                                    ERR_R_INTERNAL_ERROR);
                                goto err;
                        }
@@ -842,7 +842,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
        if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
            !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
            (S3I(s)->wpend_type != type)) {
-                SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
+                SSLerror(SSL_R_BAD_WRITE_RETRY);
                return (-1);
        }
@@ -854,7 +854,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
                        (char *)&(wb->buf[wb->offset]),
                        (unsigned int)wb->left);
                } else {
-                        SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
+                        SSLerror(SSL_R_BIO_NOT_SET);
                        i = -1;
                }
                if (i == wb->left) {
@@ -919,14 +919,14 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                        return (-1);
        if (len < 0) {
-                SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+                SSLerror(ERR_R_INTERNAL_ERROR);
                return -1;
        }
        if ((type && type != SSL3_RT_APPLICATION_DATA &&
            type != SSL3_RT_HANDSHAKE) ||
            (peek && (type != SSL3_RT_APPLICATION_DATA))) {
-                SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+                SSLerror(ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -961,7 +961,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerr(SSL_F_SSL3_READ_BYTES,
+                        SSLerror(
                            SSL_R_SSL_HANDSHAKE_FAILURE);
                        return (-1);
                }
@@ -1004,7 +1004,7 @@ start:
                                       * reset by ssl3_get_finished */
            && (rr->type != SSL3_RT_HANDSHAKE)) {
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_READ_BYTES,
+                SSLerror(
                    SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
                goto f_err;
        }
@@ -1025,7 +1025,7 @@ start:
                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
                        (s->enc_read_ctx == NULL)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,
+                        SSLerror(
                            SSL_R_APP_DATA_IN_HANDSHAKE);
                        goto f_err;
                }
@@ -1108,7 +1108,7 @@ start:
                    (S3I(s)->handshake_fragment[2] != 0) ||
                    (S3I(s)->handshake_fragment[3] != 0)) {
                        al = SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
+                        SSLerror(SSL_R_BAD_HELLO_REQUEST);
                        goto f_err;
                }
@@ -1126,7 +1126,7 @@ start:
                                if (i < 0)
                                        return (i);
                                if (i == 0) {
-                                        SSLerr(SSL_F_SSL3_READ_BYTES,
+                                        SSLerror(
                                            SSL_R_SSL_HANDSHAKE_FAILURE);
                                        return (-1);
                                }
@@ -1200,14 +1200,14 @@ start:
                         */
                        else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_READ_BYTES,
+                                SSLerror(
                                    SSL_R_NO_RENEGOTIATION);
                                goto f_err;
                        }
                } else if (alert_level == SSL3_AL_FATAL) {
                        s->internal->rwstate = SSL_NOTHING;
                        S3I(s)->fatal_alert = alert_descr;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,
+                        SSLerror(
                            SSL_AD_REASON_OFFSET + alert_descr);
                        ERR_asprintf_error_data("SSL alert number %d",
                            alert_descr);
@@ -1216,7 +1216,7 @@ start:
                        return (0);
                } else {
                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+                        SSLerror(SSL_R_UNKNOWN_ALERT_TYPE);
                        goto f_err;
                }
@@ -1236,7 +1236,7 @@ start:
                if ((rr->length != 1) || (rr->off != 0) ||
                        (rr->data[0] != SSL3_MT_CCS)) {
                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,
+                        SSLerror(
                            SSL_R_BAD_CHANGE_CIPHER_SPEC);
                        goto f_err;
                }
@@ -1244,7 +1244,7 @@ start:
                /* Check we have a cipher to change to */
                if (S3I(s)->tmp.new_cipher == NULL) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,
+                        SSLerror(
                            SSL_R_CCS_RECEIVED_EARLY);
                        goto f_err;
                }
@@ -1252,7 +1252,7 @@ start:
                /* Check that we should be receiving a Change Cipher Spec. */
                if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_READ_BYTES,
+                        SSLerror(
                            SSL_R_CCS_RECEIVED_EARLY);
                        goto f_err;
                }
@@ -1285,7 +1285,7 @@ start:
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerr(SSL_F_SSL3_READ_BYTES,
+                        SSLerror(
                            SSL_R_SSL_HANDSHAKE_FAILURE);
                        return (-1);
                }
@@ -1315,7 +1315,7 @@ start:
                        goto start;
                }
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+                SSLerror(SSL_R_UNEXPECTED_RECORD);
                goto f_err;
        case SSL3_RT_CHANGE_CIPHER_SPEC:
        case SSL3_RT_ALERT:
@@ -1324,7 +1324,7 @@ start:
                 * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
                 * should not happen when type != rr->type */
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+                SSLerror(ERR_R_INTERNAL_ERROR);
                goto f_err;
        case SSL3_RT_APPLICATION_DATA:
                /* At this point, we were expecting handshake data,
@@ -1346,7 +1346,7 @@ start:
                        return (-1);
                } else {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+                        SSLerror(SSL_R_UNEXPECTED_RECORD);
                        goto f_err;
                }
        }
@@ -1373,7 +1373,7 @@ ssl3_do_change_cipher_spec(SSL *s)
        if (S3I(s)->tmp.key_block == NULL) {
                if (s->session == NULL || s->session->master_key_length == 0) {
                        /* might happen if dtls1_read_bytes() calls this */
-                        SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
+                        SSLerror(
                            SSL_R_CCS_RECEIVED_EARLY);
                        return (0);
                }
@@ -1400,7 +1400,7 @@ ssl3_do_change_cipher_spec(SSL *s)
        i = tls1_final_finish_mac(s, sender, slen,
            S3I(s)->tmp.peer_finish_md);
        if (i == 0) {
-                SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+                SSLerror(ERR_R_INTERNAL_ERROR);
                return 0;
        }
        S3I(s)->tmp.peer_finish_md_len = i;
author	beck <>	2017-01-26 10:40:21 +0000
committer	beck <>	2017-01-26 10:40:21 +0000
commit	a4abf558fd44464a5a48bfeb5393b01002f66c5e (patch)
tree	e105a2b33d3aefb54727a955e9c746cc8edb0e50 /src/lib/libssl/ssl_pkt.c
parent	b7978753e566fd60946300b252a9d9d89559733e (diff)
download	openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.gz openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.bz2 openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.zip

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 2fa7852b80..f354fb82bf 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.5 2017/01/26 08:19:43 beck Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.6 2017/01/26 10:40:21 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -224,7 +224,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
224		224
225	if (n > (int)(rb->len - rb->offset)) {	225	if (n > (int)(rb->len - rb->offset)) {
226	/* does not happen */	226	/* does not happen */
227	SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);	227	SSLerror(ERR_R_INTERNAL_ERROR);
228	return -1;	228	return -1;
229	}	229	}
230		230
@@ -248,7 +248,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
248	s->internal->rwstate = SSL_READING;	248	s->internal->rwstate = SSL_READING;
249	i = BIO_read(s->rbio, pkt + len + left, max - left);	249	i = BIO_read(s->rbio, pkt + len + left, max - left);
250	} else {	250	} else {
251	SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);	251	SSLerror(SSL_R_READ_BIO_NOT_SET);
252	i = -1;	252	i = -1;
253	}	253	}
254		254
@@ -364,7 +364,7 @@ ssl3_get_record(SSL *s)
364	if (!CBS_get_u8(&header, &type) \|\|	364	if (!CBS_get_u8(&header, &type) \|\|
365	!CBS_get_u16(&header, &ssl_version) \|\|	365	!CBS_get_u16(&header, &ssl_version) \|\|
366	!CBS_get_u16(&header, &len)) {	366	!CBS_get_u16(&header, &len)) {
367	SSLerr(SSL_F_SSL3_GET_RECORD,	367	SSLerror(
368	SSL_R_BAD_PACKET_LENGTH);	368	SSL_R_BAD_PACKET_LENGTH);
369	goto err;	369	goto err;
370	}	370	}
@@ -374,7 +374,7 @@ ssl3_get_record(SSL *s)
374		374
375	/* Lets check version */	375	/* Lets check version */
376	if (!s->internal->first_packet && ssl_version != s->version) {	376	if (!s->internal->first_packet && ssl_version != s->version) {
377	SSLerr(SSL_F_SSL3_GET_RECORD,	377	SSLerror(
378	SSL_R_WRONG_VERSION_NUMBER);	378	SSL_R_WRONG_VERSION_NUMBER);
379	if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&	379	if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
380	!s->internal->enc_write_ctx && !s->internal->write_hash)	380	!s->internal->enc_write_ctx && !s->internal->write_hash)
@@ -385,14 +385,14 @@ ssl3_get_record(SSL *s)
385	}	385	}
386		386
387	if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {	387	if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
388	SSLerr(SSL_F_SSL3_GET_RECORD,	388	SSLerror(
389	SSL_R_WRONG_VERSION_NUMBER);	389	SSL_R_WRONG_VERSION_NUMBER);
390	goto err;	390	goto err;
391	}	391	}
392		392
393	if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {	393	if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
394	al = SSL_AD_RECORD_OVERFLOW;	394	al = SSL_AD_RECORD_OVERFLOW;
395	SSLerr(SSL_F_SSL3_GET_RECORD,	395	SSLerror(
396	SSL_R_PACKET_LENGTH_TOO_LONG);	396	SSL_R_PACKET_LENGTH_TOO_LONG);
397	goto f_err;	397	goto f_err;
398	}	398	}
@@ -428,7 +428,7 @@ ssl3_get_record(SSL *s)
428	/* check is not needed I believe */	428	/* check is not needed I believe */
429	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {	429	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
430	al = SSL_AD_RECORD_OVERFLOW;	430	al = SSL_AD_RECORD_OVERFLOW;
431	SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);	431	SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
432	goto f_err;	432	goto f_err;
433	}	433	}
434		434
@@ -442,7 +442,7 @@ ssl3_get_record(SSL *s)
442	* -1: if the padding is invalid */	442	* -1: if the padding is invalid */
443	if (enc_err == 0) {	443	if (enc_err == 0) {
444	al = SSL_AD_DECRYPTION_FAILED;	444	al = SSL_AD_DECRYPTION_FAILED;
445	SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);	445	SSLerror(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
446	goto f_err;	446	goto f_err;
447	}	447	}
448		448
@@ -470,7 +470,7 @@ ssl3_get_record(SSL *s)
470	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&	470	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
471	orig_len < mac_size + 1)) {	471	orig_len < mac_size + 1)) {
472	al = SSL_AD_DECODE_ERROR;	472	al = SSL_AD_DECODE_ERROR;
473	SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);	473	SSLerror(SSL_R_LENGTH_TOO_SHORT);
474	goto f_err;	474	goto f_err;
475	}	475	}
476		476
@@ -510,14 +510,14 @@ ssl3_get_record(SSL *s)
510	* (e.g. via a logfile)	510	* (e.g. via a logfile)
511	*/	511	*/
512	al = SSL_AD_BAD_RECORD_MAC;	512	al = SSL_AD_BAD_RECORD_MAC;
513	SSLerr(SSL_F_SSL3_GET_RECORD,	513	SSLerror(
514	SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);	514	SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
515	goto f_err;	515	goto f_err;
516	}	516	}
517		517
518	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {	518	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
519	al = SSL_AD_RECORD_OVERFLOW;	519	al = SSL_AD_RECORD_OVERFLOW;
520	SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);	520	SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
521	goto f_err;	521	goto f_err;
522	}	522	}
523		523
@@ -543,7 +543,7 @@ ssl3_get_record(SSL *s)
543	* empty record without forcing want_read.	543	* empty record without forcing want_read.
544	*/	544	*/
545	if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {	545	if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
546	SSLerr(SSL_F_SSL3_GET_RECORD,	546	SSLerror(
547	SSL_R_PEER_BEHAVING_BADLY);	547	SSL_R_PEER_BEHAVING_BADLY);
548	return -1;	548	return -1;
549	}	549	}
@@ -575,7 +575,7 @@ ssl3_write_bytes(SSL s, int type, const void buf_, int len)
575	int i;	575	int i;
576		576
577	if (len < 0) {	577	if (len < 0) {
578	SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);	578	SSLerror(ERR_R_INTERNAL_ERROR);
579	return -1;	579	return -1;
580	}	580	}
581		581
@@ -588,7 +588,7 @@ ssl3_write_bytes(SSL s, int type, const void buf_, int len)
588	if (i < 0)	588	if (i < 0)
589	return (i);	589	return (i);
590	if (i == 0) {	590	if (i == 0) {
591	SSLerr(SSL_F_SSL3_WRITE_BYTES,	591	SSLerror(
592	SSL_R_SSL_HANDSHAKE_FAILURE);	592	SSL_R_SSL_HANDSHAKE_FAILURE);
593	return -1;	593	return -1;
594	}	594	}
@@ -698,7 +698,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
698	if (prefix_len >	698	if (prefix_len >
699	(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {	699	(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
700	/* insufficient space */	700	/* insufficient space */
701	SSLerr(SSL_F_DO_SSL3_WRITE,	701	SSLerror(
702	ERR_R_INTERNAL_ERROR);	702	ERR_R_INTERNAL_ERROR);
703	goto err;	703	goto err;
704	}	704	}
@@ -842,7 +842,7 @@ ssl3_write_pending(SSL s, int type, const unsigned char buf, unsigned int len)
842	if ((S3I(s)->wpend_tot > (int)len) \|\| ((S3I(s)->wpend_buf != buf) &&	842	if ((S3I(s)->wpend_tot > (int)len) \|\| ((S3I(s)->wpend_buf != buf) &&
843	!(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) \|\|	843	!(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) \|\|
844	(S3I(s)->wpend_type != type)) {	844	(S3I(s)->wpend_type != type)) {
845	SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);	845	SSLerror(SSL_R_BAD_WRITE_RETRY);
846	return (-1);	846	return (-1);
847	}	847	}
848		848
@@ -854,7 +854,7 @@ ssl3_write_pending(SSL s, int type, const unsigned char buf, unsigned int len)
854	(char *)&(wb->buf[wb->offset]),	854	(char *)&(wb->buf[wb->offset]),
855	(unsigned int)wb->left);	855	(unsigned int)wb->left);
856	} else {	856	} else {
857	SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);	857	SSLerror(SSL_R_BIO_NOT_SET);
858	i = -1;	858	i = -1;
859	}	859	}
860	if (i == wb->left) {	860	if (i == wb->left) {
@@ -919,14 +919,14 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
919	return (-1);	919	return (-1);
920		920
921	if (len < 0) {	921	if (len < 0) {
922	SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);	922	SSLerror(ERR_R_INTERNAL_ERROR);
923	return -1;	923	return -1;
924	}	924	}
925		925
926	if ((type && type != SSL3_RT_APPLICATION_DATA &&	926	if ((type && type != SSL3_RT_APPLICATION_DATA &&
927	type != SSL3_RT_HANDSHAKE) \|\|	927	type != SSL3_RT_HANDSHAKE) \|\|
928	(peek && (type != SSL3_RT_APPLICATION_DATA))) {	928	(peek && (type != SSL3_RT_APPLICATION_DATA))) {
929	SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);	929	SSLerror(ERR_R_INTERNAL_ERROR);
930	return -1;	930	return -1;
931	}	931	}
932		932
@@ -961,7 +961,7 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
961	if (i < 0)	961	if (i < 0)
962	return (i);	962	return (i);
963	if (i == 0) {	963	if (i == 0) {
964	SSLerr(SSL_F_SSL3_READ_BYTES,	964	SSLerror(
965	SSL_R_SSL_HANDSHAKE_FAILURE);	965	SSL_R_SSL_HANDSHAKE_FAILURE);
966	return (-1);	966	return (-1);
967	}	967	}
@@ -1004,7 +1004,7 @@ start:
1004	* reset by ssl3_get_finished */	1004	* reset by ssl3_get_finished */
1005	&& (rr->type != SSL3_RT_HANDSHAKE)) {	1005	&& (rr->type != SSL3_RT_HANDSHAKE)) {
1006	al = SSL_AD_UNEXPECTED_MESSAGE;	1006	al = SSL_AD_UNEXPECTED_MESSAGE;
1007	SSLerr(SSL_F_SSL3_READ_BYTES,	1007	SSLerror(
1008	SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);	1008	SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1009	goto f_err;	1009	goto f_err;
1010	}	1010	}
@@ -1025,7 +1025,7 @@ start:
1025	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&	1025	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
1026	(s->enc_read_ctx == NULL)) {	1026	(s->enc_read_ctx == NULL)) {
1027	al = SSL_AD_UNEXPECTED_MESSAGE;	1027	al = SSL_AD_UNEXPECTED_MESSAGE;
1028	SSLerr(SSL_F_SSL3_READ_BYTES,	1028	SSLerror(
1029	SSL_R_APP_DATA_IN_HANDSHAKE);	1029	SSL_R_APP_DATA_IN_HANDSHAKE);
1030	goto f_err;	1030	goto f_err;
1031	}	1031	}
@@ -1108,7 +1108,7 @@ start:
1108	(S3I(s)->handshake_fragment[2] != 0) \|\|	1108	(S3I(s)->handshake_fragment[2] != 0) \|\|
1109	(S3I(s)->handshake_fragment[3] != 0)) {	1109	(S3I(s)->handshake_fragment[3] != 0)) {
1110	al = SSL_AD_DECODE_ERROR;	1110	al = SSL_AD_DECODE_ERROR;
1111	SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);	1111	SSLerror(SSL_R_BAD_HELLO_REQUEST);
1112	goto f_err;	1112	goto f_err;
1113	}	1113	}
1114		1114
@@ -1126,7 +1126,7 @@ start:
1126	if (i < 0)	1126	if (i < 0)
1127	return (i);	1127	return (i);
1128	if (i == 0) {	1128	if (i == 0) {
1129	SSLerr(SSL_F_SSL3_READ_BYTES,	1129	SSLerror(
1130	SSL_R_SSL_HANDSHAKE_FAILURE);	1130	SSL_R_SSL_HANDSHAKE_FAILURE);
1131	return (-1);	1131	return (-1);
1132	}	1132	}
@@ -1200,14 +1200,14 @@ start:
1200	*/	1200	*/
1201	else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {	1201	else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1202	al = SSL_AD_HANDSHAKE_FAILURE;	1202	al = SSL_AD_HANDSHAKE_FAILURE;
1203	SSLerr(SSL_F_SSL3_READ_BYTES,	1203	SSLerror(
1204	SSL_R_NO_RENEGOTIATION);	1204	SSL_R_NO_RENEGOTIATION);
1205	goto f_err;	1205	goto f_err;
1206	}	1206	}
1207	} else if (alert_level == SSL3_AL_FATAL) {	1207	} else if (alert_level == SSL3_AL_FATAL) {
1208	s->internal->rwstate = SSL_NOTHING;	1208	s->internal->rwstate = SSL_NOTHING;
1209	S3I(s)->fatal_alert = alert_descr;	1209	S3I(s)->fatal_alert = alert_descr;
1210	SSLerr(SSL_F_SSL3_READ_BYTES,	1210	SSLerror(
1211	SSL_AD_REASON_OFFSET + alert_descr);	1211	SSL_AD_REASON_OFFSET + alert_descr);
1212	ERR_asprintf_error_data("SSL alert number %d",	1212	ERR_asprintf_error_data("SSL alert number %d",
1213	alert_descr);	1213	alert_descr);
@@ -1216,7 +1216,7 @@ start:
1216	return (0);	1216	return (0);
1217	} else {	1217	} else {
1218	al = SSL_AD_ILLEGAL_PARAMETER;	1218	al = SSL_AD_ILLEGAL_PARAMETER;
1219	SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);	1219	SSLerror(SSL_R_UNKNOWN_ALERT_TYPE);
1220	goto f_err;	1220	goto f_err;
1221	}	1221	}
1222		1222
@@ -1236,7 +1236,7 @@ start:
1236	if ((rr->length != 1) \|\| (rr->off != 0) \|\|	1236	if ((rr->length != 1) \|\| (rr->off != 0) \|\|
1237	(rr->data[0] != SSL3_MT_CCS)) {	1237	(rr->data[0] != SSL3_MT_CCS)) {
1238	al = SSL_AD_ILLEGAL_PARAMETER;	1238	al = SSL_AD_ILLEGAL_PARAMETER;
1239	SSLerr(SSL_F_SSL3_READ_BYTES,	1239	SSLerror(
1240	SSL_R_BAD_CHANGE_CIPHER_SPEC);	1240	SSL_R_BAD_CHANGE_CIPHER_SPEC);
1241	goto f_err;	1241	goto f_err;
1242	}	1242	}
@@ -1244,7 +1244,7 @@ start:
1244	/* Check we have a cipher to change to */	1244	/* Check we have a cipher to change to */
1245	if (S3I(s)->tmp.new_cipher == NULL) {	1245	if (S3I(s)->tmp.new_cipher == NULL) {
1246	al = SSL_AD_UNEXPECTED_MESSAGE;	1246	al = SSL_AD_UNEXPECTED_MESSAGE;
1247	SSLerr(SSL_F_SSL3_READ_BYTES,	1247	SSLerror(
1248	SSL_R_CCS_RECEIVED_EARLY);	1248	SSL_R_CCS_RECEIVED_EARLY);
1249	goto f_err;	1249	goto f_err;
1250	}	1250	}
@@ -1252,7 +1252,7 @@ start:
1252	/* Check that we should be receiving a Change Cipher Spec. */	1252	/* Check that we should be receiving a Change Cipher Spec. */
1253	if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {	1253	if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
1254	al = SSL_AD_UNEXPECTED_MESSAGE;	1254	al = SSL_AD_UNEXPECTED_MESSAGE;
1255	SSLerr(SSL_F_SSL3_READ_BYTES,	1255	SSLerror(
1256	SSL_R_CCS_RECEIVED_EARLY);	1256	SSL_R_CCS_RECEIVED_EARLY);
1257	goto f_err;	1257	goto f_err;
1258	}	1258	}
@@ -1285,7 +1285,7 @@ start:
1285	if (i < 0)	1285	if (i < 0)
1286	return (i);	1286	return (i);
1287	if (i == 0) {	1287	if (i == 0) {
1288	SSLerr(SSL_F_SSL3_READ_BYTES,	1288	SSLerror(
1289	SSL_R_SSL_HANDSHAKE_FAILURE);	1289	SSL_R_SSL_HANDSHAKE_FAILURE);
1290	return (-1);	1290	return (-1);
1291	}	1291	}
@@ -1315,7 +1315,7 @@ start:
1315	goto start;	1315	goto start;
1316	}	1316	}
1317	al = SSL_AD_UNEXPECTED_MESSAGE;	1317	al = SSL_AD_UNEXPECTED_MESSAGE;
1318	SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);	1318	SSLerror(SSL_R_UNEXPECTED_RECORD);
1319	goto f_err;	1319	goto f_err;
1320	case SSL3_RT_CHANGE_CIPHER_SPEC:	1320	case SSL3_RT_CHANGE_CIPHER_SPEC:
1321	case SSL3_RT_ALERT:	1321	case SSL3_RT_ALERT:
@@ -1324,7 +1324,7 @@ start:
1324	* of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that	1324	* of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
1325	* should not happen when type != rr->type */	1325	* should not happen when type != rr->type */
1326	al = SSL_AD_UNEXPECTED_MESSAGE;	1326	al = SSL_AD_UNEXPECTED_MESSAGE;
1327	SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);	1327	SSLerror(ERR_R_INTERNAL_ERROR);
1328	goto f_err;	1328	goto f_err;
1329	case SSL3_RT_APPLICATION_DATA:	1329	case SSL3_RT_APPLICATION_DATA:
1330	/* At this point, we were expecting handshake data,	1330	/* At this point, we were expecting handshake data,
@@ -1346,7 +1346,7 @@ start:
1346	return (-1);	1346	return (-1);
1347	} else {	1347	} else {
1348	al = SSL_AD_UNEXPECTED_MESSAGE;	1348	al = SSL_AD_UNEXPECTED_MESSAGE;
1349	SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);	1349	SSLerror(SSL_R_UNEXPECTED_RECORD);
1350	goto f_err;	1350	goto f_err;
1351	}	1351	}
1352	}	1352	}
@@ -1373,7 +1373,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1373	if (S3I(s)->tmp.key_block == NULL) {	1373	if (S3I(s)->tmp.key_block == NULL) {
1374	if (s->session == NULL \|\| s->session->master_key_length == 0) {	1374	if (s->session == NULL \|\| s->session->master_key_length == 0) {
1375	/* might happen if dtls1_read_bytes() calls this */	1375	/* might happen if dtls1_read_bytes() calls this */
1376	SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,	1376	SSLerror(
1377	SSL_R_CCS_RECEIVED_EARLY);	1377	SSL_R_CCS_RECEIVED_EARLY);
1378	return (0);	1378	return (0);
1379	}	1379	}
@@ -1400,7 +1400,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1400	i = tls1_final_finish_mac(s, sender, slen,	1400	i = tls1_final_finish_mac(s, sender, slen,
1401	S3I(s)->tmp.peer_finish_md);	1401	S3I(s)->tmp.peer_finish_md);
1402	if (i == 0) {	1402	if (i == 0) {
1403	SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);	1403	SSLerror(ERR_R_INTERNAL_ERROR);
1404	return 0;	1404	return 0;
1405	}	1405	}
1406	S3I(s)->tmp.peer_finish_md_len = i;	1406	S3I(s)->tmp.peer_finish_md_len = i;