Change SSLerror() back to taking two args, with the first one being an SSL *.

Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
author: beck <> 2017-02-07 02:08:38 +0000
committer: beck <> 2017-02-07 02:08:38 +0000
commit: 91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree: a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/ssl_pkt.c
parent: 8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download: openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip
1 files changed, 37 insertions, 37 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index c57eacd770..f49cc45efd 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.9 2017/01/31 15:35:46 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.10 2017/02/07 02:08:38 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -224,7 +224,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
        if (n > (int)(rb->len - rb->offset)) {
                /* does not happen */
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -248,7 +248,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
                        s->internal->rwstate = SSL_READING;
                        i = BIO_read(s->rbio, pkt + len + left, max - left);
                } else {
-                        SSLerror(SSL_R_READ_BIO_NOT_SET);
+                        SSLerror(s, SSL_R_READ_BIO_NOT_SET);
                        i = -1;
                }
@@ -364,7 +364,7 @@ ssl3_get_record(SSL *s)
                if (!CBS_get_u8(&header, &type) ||
                    !CBS_get_u16(&header, &ssl_version) ||
                    !CBS_get_u16(&header, &len)) {
-                        SSLerror(SSL_R_BAD_PACKET_LENGTH);
+                        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
                        goto err;
                }
@@ -373,7 +373,7 @@ ssl3_get_record(SSL *s)
                /* Lets check version */
                if (!s->internal->first_packet && ssl_version != s->version) {
-                        SSLerror(SSL_R_WRONG_VERSION_NUMBER);
+                        SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
                        if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
                            !s->internal->enc_write_ctx && !s->internal->write_hash)
                                /* Send back error using their minor version number :-) */
@@ -383,13 +383,13 @@ ssl3_get_record(SSL *s)
                }
                if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
-                        SSLerror(SSL_R_WRONG_VERSION_NUMBER);
+                        SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
                        goto err;
                }
                if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
                        al = SSL_AD_RECORD_OVERFLOW;
-                        SSLerror(SSL_R_PACKET_LENGTH_TOO_LONG);
+                        SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
                        goto f_err;
                }
@@ -424,7 +424,7 @@ ssl3_get_record(SSL *s)
        /* check is not needed I believe */
        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
                al = SSL_AD_RECORD_OVERFLOW;
-                SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
                goto f_err;
        }
@@ -438,7 +438,7 @@ ssl3_get_record(SSL *s)
         *    -1: if the padding is invalid */
        if (enc_err == 0) {
                al = SSL_AD_DECRYPTION_FAILED;
-                SSLerror(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                goto f_err;
        }
@@ -466,7 +466,7 @@ ssl3_get_record(SSL *s)
                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
                    orig_len < mac_size + 1)) {
                        al = SSL_AD_DECODE_ERROR;
-                        SSLerror(SSL_R_LENGTH_TOO_SHORT);
+                        SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
                }
@@ -506,13 +506,13 @@ ssl3_get_record(SSL *s)
                 * (e.g. via a logfile)
                 */
                al = SSL_AD_BAD_RECORD_MAC;
-                SSLerror(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+                SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
                goto f_err;
        }
        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
                al = SSL_AD_RECORD_OVERFLOW;
-                SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
+                SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
                goto f_err;
        }
@@ -538,7 +538,7 @@ ssl3_get_record(SSL *s)
                 * empty record without forcing want_read.
                 */
                if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
-                        SSLerror(SSL_R_PEER_BEHAVING_BADLY);
+                        SSLerror(s, SSL_R_PEER_BEHAVING_BADLY);
                        return -1;
                }
                if (s->internal->empty_record_count > 1) {
@@ -569,7 +569,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
        int i;
        if (len < 0) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -582,7 +582,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                        return -1;
                }
        }
@@ -691,7 +691,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                        if (prefix_len >
                                (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
                                /* insufficient space */
-                                SSLerror(ERR_R_INTERNAL_ERROR);
+                                SSLerror(s, ERR_R_INTERNAL_ERROR);
                                goto err;
                        }
                }
@@ -834,7 +834,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
        if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
            !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
            (S3I(s)->wpend_type != type)) {
-                SSLerror(SSL_R_BAD_WRITE_RETRY);
+                SSLerror(s, SSL_R_BAD_WRITE_RETRY);
                return (-1);
        }
@@ -846,7 +846,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
                        (char *)&(wb->buf[wb->offset]),
                        (unsigned int)wb->left);
                } else {
-                        SSLerror(SSL_R_BIO_NOT_SET);
+                        SSLerror(s, SSL_R_BIO_NOT_SET);
                        i = -1;
                }
                if (i == wb->left) {
@@ -911,14 +911,14 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                        return (-1);
        if (len < 0) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
        if ((type && type != SSL3_RT_APPLICATION_DATA &&
            type != SSL3_RT_HANDSHAKE) ||
            (peek && (type != SSL3_RT_APPLICATION_DATA))) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -953,7 +953,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                        return (-1);
                }
        }
@@ -995,7 +995,7 @@ start:
                                       * reset by ssl3_get_finished */
            && (rr->type != SSL3_RT_HANDSHAKE)) {
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+                SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
                goto f_err;
        }
@@ -1015,7 +1015,7 @@ start:
                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
                        (s->enc_read_ctx == NULL)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_APP_DATA_IN_HANDSHAKE);
+                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
                        goto f_err;
                }
@@ -1097,7 +1097,7 @@ start:
                    (S3I(s)->handshake_fragment[2] != 0) ||
                    (S3I(s)->handshake_fragment[3] != 0)) {
                        al = SSL_AD_DECODE_ERROR;
-                        SSLerror(SSL_R_BAD_HELLO_REQUEST);
+                        SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
                        goto f_err;
                }
@@ -1115,7 +1115,7 @@ start:
                                if (i < 0)
                                        return (i);
                                if (i == 0) {
-                                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                                        return (-1);
                                }
@@ -1196,13 +1196,13 @@ start:
                         */
                        else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerror(SSL_R_NO_RENEGOTIATION);
+                                SSLerror(s, SSL_R_NO_RENEGOTIATION);
                                goto f_err;
                        }
                } else if (alert_level == SSL3_AL_FATAL) {
                        s->internal->rwstate = SSL_NOTHING;
                        S3I(s)->fatal_alert = alert_descr;
-                        SSLerror(SSL_AD_REASON_OFFSET + alert_descr);
+                        SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
                        ERR_asprintf_error_data("SSL alert number %d",
                            alert_descr);
                        s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
@@ -1210,7 +1210,7 @@ start:
                        return (0);
                } else {
                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(SSL_R_UNKNOWN_ALERT_TYPE);
+                        SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
                        goto f_err;
                }
@@ -1230,21 +1230,21 @@ start:
                if ((rr->length != 1) || (rr->off != 0) ||
                        (rr->data[0] != SSL3_MT_CCS)) {
                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                        SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
                        goto f_err;
                }
                /* Check we have a cipher to change to */
                if (S3I(s)->tmp.new_cipher == NULL) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_CCS_RECEIVED_EARLY);
+                        SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
                        goto f_err;
                }
                /* Check that we should be receiving a Change Cipher Spec. */
                if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_CCS_RECEIVED_EARLY);
+                        SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
                        goto f_err;
                }
                s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
@@ -1276,7 +1276,7 @@ start:
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                        return (-1);
                }
@@ -1305,7 +1305,7 @@ start:
                        goto start;
                }
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(SSL_R_UNEXPECTED_RECORD);
+                SSLerror(s, SSL_R_UNEXPECTED_RECORD);
                goto f_err;
        case SSL3_RT_CHANGE_CIPHER_SPEC:
        case SSL3_RT_ALERT:
@@ -1314,7 +1314,7 @@ start:
                 * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
                 * should not happen when type != rr->type */
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto f_err;
        case SSL3_RT_APPLICATION_DATA:
                /* At this point, we were expecting handshake data,
@@ -1336,7 +1336,7 @@ start:
                        return (-1);
                } else {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_UNEXPECTED_RECORD);
+                        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
                        goto f_err;
                }
        }
@@ -1363,7 +1363,7 @@ ssl3_do_change_cipher_spec(SSL *s)
        if (S3I(s)->tmp.key_block == NULL) {
                if (s->session == NULL || s->session->master_key_length == 0) {
                        /* might happen if dtls1_read_bytes() calls this */
-                        SSLerror(SSL_R_CCS_RECEIVED_EARLY);
+                        SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
                        return (0);
                }
@@ -1389,7 +1389,7 @@ ssl3_do_change_cipher_spec(SSL *s)
        i = tls1_final_finish_mac(s, sender, slen,
            S3I(s)->tmp.peer_finish_md);
        if (i == 0) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return 0;
        }
        S3I(s)->tmp.peer_finish_md_len = i;
author	beck <>	2017-02-07 02:08:38 +0000
committer	beck <>	2017-02-07 02:08:38 +0000
commit	91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree	a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/ssl_pkt.c
parent	8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download	openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2 openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index c57eacd770..f49cc45efd 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.9 2017/01/31 15:35:46 jsing Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.10 2017/02/07 02:08:38 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -224,7 +224,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
224		224
225	if (n > (int)(rb->len - rb->offset)) {	225	if (n > (int)(rb->len - rb->offset)) {
226	/* does not happen */	226	/* does not happen */
227	SSLerror(ERR_R_INTERNAL_ERROR);	227	SSLerror(s, ERR_R_INTERNAL_ERROR);
228	return -1;	228	return -1;
229	}	229	}
230		230
@@ -248,7 +248,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
248	s->internal->rwstate = SSL_READING;	248	s->internal->rwstate = SSL_READING;
249	i = BIO_read(s->rbio, pkt + len + left, max - left);	249	i = BIO_read(s->rbio, pkt + len + left, max - left);
250	} else {	250	} else {
251	SSLerror(SSL_R_READ_BIO_NOT_SET);	251	SSLerror(s, SSL_R_READ_BIO_NOT_SET);
252	i = -1;	252	i = -1;
253	}	253	}
254		254
@@ -364,7 +364,7 @@ ssl3_get_record(SSL *s)
364	if (!CBS_get_u8(&header, &type) \|\|	364	if (!CBS_get_u8(&header, &type) \|\|
365	!CBS_get_u16(&header, &ssl_version) \|\|	365	!CBS_get_u16(&header, &ssl_version) \|\|
366	!CBS_get_u16(&header, &len)) {	366	!CBS_get_u16(&header, &len)) {
367	SSLerror(SSL_R_BAD_PACKET_LENGTH);	367	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
368	goto err;	368	goto err;
369	}	369	}
370		370
@@ -373,7 +373,7 @@ ssl3_get_record(SSL *s)
373		373
374	/* Lets check version */	374	/* Lets check version */
375	if (!s->internal->first_packet && ssl_version != s->version) {	375	if (!s->internal->first_packet && ssl_version != s->version) {
376	SSLerror(SSL_R_WRONG_VERSION_NUMBER);	376	SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
377	if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&	377	if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
378	!s->internal->enc_write_ctx && !s->internal->write_hash)	378	!s->internal->enc_write_ctx && !s->internal->write_hash)
379	/* Send back error using their minor version number :-) */	379	/* Send back error using their minor version number :-) */
@@ -383,13 +383,13 @@ ssl3_get_record(SSL *s)
383	}	383	}
384		384
385	if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {	385	if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
386	SSLerror(SSL_R_WRONG_VERSION_NUMBER);	386	SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
387	goto err;	387	goto err;
388	}	388	}
389		389
390	if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {	390	if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
391	al = SSL_AD_RECORD_OVERFLOW;	391	al = SSL_AD_RECORD_OVERFLOW;
392	SSLerror(SSL_R_PACKET_LENGTH_TOO_LONG);	392	SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
393	goto f_err;	393	goto f_err;
394	}	394	}
395		395
@@ -424,7 +424,7 @@ ssl3_get_record(SSL *s)
424	/* check is not needed I believe */	424	/* check is not needed I believe */
425	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {	425	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
426	al = SSL_AD_RECORD_OVERFLOW;	426	al = SSL_AD_RECORD_OVERFLOW;
427	SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG);	427	SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
428	goto f_err;	428	goto f_err;
429	}	429	}
430		430
@@ -438,7 +438,7 @@ ssl3_get_record(SSL *s)
438	* -1: if the padding is invalid */	438	* -1: if the padding is invalid */
439	if (enc_err == 0) {	439	if (enc_err == 0) {
440	al = SSL_AD_DECRYPTION_FAILED;	440	al = SSL_AD_DECRYPTION_FAILED;
441	SSLerror(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);	441	SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
442	goto f_err;	442	goto f_err;
443	}	443	}
444		444
@@ -466,7 +466,7 @@ ssl3_get_record(SSL *s)
466	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&	466	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
467	orig_len < mac_size + 1)) {	467	orig_len < mac_size + 1)) {
468	al = SSL_AD_DECODE_ERROR;	468	al = SSL_AD_DECODE_ERROR;
469	SSLerror(SSL_R_LENGTH_TOO_SHORT);	469	SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
470	goto f_err;	470	goto f_err;
471	}	471	}
472		472
@@ -506,13 +506,13 @@ ssl3_get_record(SSL *s)
506	* (e.g. via a logfile)	506	* (e.g. via a logfile)
507	*/	507	*/
508	al = SSL_AD_BAD_RECORD_MAC;	508	al = SSL_AD_BAD_RECORD_MAC;
509	SSLerror(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);	509	SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
510	goto f_err;	510	goto f_err;
511	}	511	}
512		512
513	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {	513	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
514	al = SSL_AD_RECORD_OVERFLOW;	514	al = SSL_AD_RECORD_OVERFLOW;
515	SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);	515	SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
516	goto f_err;	516	goto f_err;
517	}	517	}
518		518
@@ -538,7 +538,7 @@ ssl3_get_record(SSL *s)
538	* empty record without forcing want_read.	538	* empty record without forcing want_read.
539	*/	539	*/
540	if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {	540	if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
541	SSLerror(SSL_R_PEER_BEHAVING_BADLY);	541	SSLerror(s, SSL_R_PEER_BEHAVING_BADLY);
542	return -1;	542	return -1;
543	}	543	}
544	if (s->internal->empty_record_count > 1) {	544	if (s->internal->empty_record_count > 1) {
@@ -569,7 +569,7 @@ ssl3_write_bytes(SSL s, int type, const void buf_, int len)
569	int i;	569	int i;
570		570
571	if (len < 0) {	571	if (len < 0) {
572	SSLerror(ERR_R_INTERNAL_ERROR);	572	SSLerror(s, ERR_R_INTERNAL_ERROR);
573	return -1;	573	return -1;
574	}	574	}
575		575
@@ -582,7 +582,7 @@ ssl3_write_bytes(SSL s, int type, const void buf_, int len)
582	if (i < 0)	582	if (i < 0)
583	return (i);	583	return (i);
584	if (i == 0) {	584	if (i == 0) {
585	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	585	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
586	return -1;	586	return -1;
587	}	587	}
588	}	588	}
@@ -691,7 +691,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
691	if (prefix_len >	691	if (prefix_len >
692	(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {	692	(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
693	/* insufficient space */	693	/* insufficient space */
694	SSLerror(ERR_R_INTERNAL_ERROR);	694	SSLerror(s, ERR_R_INTERNAL_ERROR);
695	goto err;	695	goto err;
696	}	696	}
697	}	697	}
@@ -834,7 +834,7 @@ ssl3_write_pending(SSL s, int type, const unsigned char buf, unsigned int len)
834	if ((S3I(s)->wpend_tot > (int)len) \|\| ((S3I(s)->wpend_buf != buf) &&	834	if ((S3I(s)->wpend_tot > (int)len) \|\| ((S3I(s)->wpend_buf != buf) &&
835	!(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) \|\|	835	!(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) \|\|
836	(S3I(s)->wpend_type != type)) {	836	(S3I(s)->wpend_type != type)) {
837	SSLerror(SSL_R_BAD_WRITE_RETRY);	837	SSLerror(s, SSL_R_BAD_WRITE_RETRY);
838	return (-1);	838	return (-1);
839	}	839	}
840		840
@@ -846,7 +846,7 @@ ssl3_write_pending(SSL s, int type, const unsigned char buf, unsigned int len)
846	(char *)&(wb->buf[wb->offset]),	846	(char *)&(wb->buf[wb->offset]),
847	(unsigned int)wb->left);	847	(unsigned int)wb->left);
848	} else {	848	} else {
849	SSLerror(SSL_R_BIO_NOT_SET);	849	SSLerror(s, SSL_R_BIO_NOT_SET);
850	i = -1;	850	i = -1;
851	}	851	}
852	if (i == wb->left) {	852	if (i == wb->left) {
@@ -911,14 +911,14 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
911	return (-1);	911	return (-1);
912		912
913	if (len < 0) {	913	if (len < 0) {
914	SSLerror(ERR_R_INTERNAL_ERROR);	914	SSLerror(s, ERR_R_INTERNAL_ERROR);
915	return -1;	915	return -1;
916	}	916	}
917		917
918	if ((type && type != SSL3_RT_APPLICATION_DATA &&	918	if ((type && type != SSL3_RT_APPLICATION_DATA &&
919	type != SSL3_RT_HANDSHAKE) \|\|	919	type != SSL3_RT_HANDSHAKE) \|\|
920	(peek && (type != SSL3_RT_APPLICATION_DATA))) {	920	(peek && (type != SSL3_RT_APPLICATION_DATA))) {
921	SSLerror(ERR_R_INTERNAL_ERROR);	921	SSLerror(s, ERR_R_INTERNAL_ERROR);
922	return -1;	922	return -1;
923	}	923	}
924		924
@@ -953,7 +953,7 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
953	if (i < 0)	953	if (i < 0)
954	return (i);	954	return (i);
955	if (i == 0) {	955	if (i == 0) {
956	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	956	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
957	return (-1);	957	return (-1);
958	}	958	}
959	}	959	}
@@ -995,7 +995,7 @@ start:
995	* reset by ssl3_get_finished */	995	* reset by ssl3_get_finished */
996	&& (rr->type != SSL3_RT_HANDSHAKE)) {	996	&& (rr->type != SSL3_RT_HANDSHAKE)) {
997	al = SSL_AD_UNEXPECTED_MESSAGE;	997	al = SSL_AD_UNEXPECTED_MESSAGE;
998	SSLerror(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);	998	SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
999	goto f_err;	999	goto f_err;
1000	}	1000	}
1001		1001
@@ -1015,7 +1015,7 @@ start:
1015	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&	1015	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
1016	(s->enc_read_ctx == NULL)) {	1016	(s->enc_read_ctx == NULL)) {
1017	al = SSL_AD_UNEXPECTED_MESSAGE;	1017	al = SSL_AD_UNEXPECTED_MESSAGE;
1018	SSLerror(SSL_R_APP_DATA_IN_HANDSHAKE);	1018	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
1019	goto f_err;	1019	goto f_err;
1020	}	1020	}
1021		1021
@@ -1097,7 +1097,7 @@ start:
1097	(S3I(s)->handshake_fragment[2] != 0) \|\|	1097	(S3I(s)->handshake_fragment[2] != 0) \|\|
1098	(S3I(s)->handshake_fragment[3] != 0)) {	1098	(S3I(s)->handshake_fragment[3] != 0)) {
1099	al = SSL_AD_DECODE_ERROR;	1099	al = SSL_AD_DECODE_ERROR;
1100	SSLerror(SSL_R_BAD_HELLO_REQUEST);	1100	SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
1101	goto f_err;	1101	goto f_err;
1102	}	1102	}
1103		1103
@@ -1115,7 +1115,7 @@ start:
1115	if (i < 0)	1115	if (i < 0)
1116	return (i);	1116	return (i);
1117	if (i == 0) {	1117	if (i == 0) {
1118	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	1118	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
1119	return (-1);	1119	return (-1);
1120	}	1120	}
1121		1121
@@ -1196,13 +1196,13 @@ start:
1196	*/	1196	*/
1197	else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {	1197	else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1198	al = SSL_AD_HANDSHAKE_FAILURE;	1198	al = SSL_AD_HANDSHAKE_FAILURE;
1199	SSLerror(SSL_R_NO_RENEGOTIATION);	1199	SSLerror(s, SSL_R_NO_RENEGOTIATION);
1200	goto f_err;	1200	goto f_err;
1201	}	1201	}
1202	} else if (alert_level == SSL3_AL_FATAL) {	1202	} else if (alert_level == SSL3_AL_FATAL) {
1203	s->internal->rwstate = SSL_NOTHING;	1203	s->internal->rwstate = SSL_NOTHING;
1204	S3I(s)->fatal_alert = alert_descr;	1204	S3I(s)->fatal_alert = alert_descr;
1205	SSLerror(SSL_AD_REASON_OFFSET + alert_descr);	1205	SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
1206	ERR_asprintf_error_data("SSL alert number %d",	1206	ERR_asprintf_error_data("SSL alert number %d",
1207	alert_descr);	1207	alert_descr);
1208	s->internal->shutdown \|= SSL_RECEIVED_SHUTDOWN;	1208	s->internal->shutdown \|= SSL_RECEIVED_SHUTDOWN;
@@ -1210,7 +1210,7 @@ start:
1210	return (0);	1210	return (0);
1211	} else {	1211	} else {
1212	al = SSL_AD_ILLEGAL_PARAMETER;	1212	al = SSL_AD_ILLEGAL_PARAMETER;
1213	SSLerror(SSL_R_UNKNOWN_ALERT_TYPE);	1213	SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
1214	goto f_err;	1214	goto f_err;
1215	}	1215	}
1216		1216
@@ -1230,21 +1230,21 @@ start:
1230	if ((rr->length != 1) \|\| (rr->off != 0) \|\|	1230	if ((rr->length != 1) \|\| (rr->off != 0) \|\|
1231	(rr->data[0] != SSL3_MT_CCS)) {	1231	(rr->data[0] != SSL3_MT_CCS)) {
1232	al = SSL_AD_ILLEGAL_PARAMETER;	1232	al = SSL_AD_ILLEGAL_PARAMETER;
1233	SSLerror(SSL_R_BAD_CHANGE_CIPHER_SPEC);	1233	SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
1234	goto f_err;	1234	goto f_err;
1235	}	1235	}
1236		1236
1237	/* Check we have a cipher to change to */	1237	/* Check we have a cipher to change to */
1238	if (S3I(s)->tmp.new_cipher == NULL) {	1238	if (S3I(s)->tmp.new_cipher == NULL) {
1239	al = SSL_AD_UNEXPECTED_MESSAGE;	1239	al = SSL_AD_UNEXPECTED_MESSAGE;
1240	SSLerror(SSL_R_CCS_RECEIVED_EARLY);	1240	SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1241	goto f_err;	1241	goto f_err;
1242	}	1242	}
1243		1243
1244	/* Check that we should be receiving a Change Cipher Spec. */	1244	/* Check that we should be receiving a Change Cipher Spec. */
1245	if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {	1245	if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
1246	al = SSL_AD_UNEXPECTED_MESSAGE;	1246	al = SSL_AD_UNEXPECTED_MESSAGE;
1247	SSLerror(SSL_R_CCS_RECEIVED_EARLY);	1247	SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1248	goto f_err;	1248	goto f_err;
1249	}	1249	}
1250	s->s3->flags &= ~SSL3_FLAGS_CCS_OK;	1250	s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
@@ -1276,7 +1276,7 @@ start:
1276	if (i < 0)	1276	if (i < 0)
1277	return (i);	1277	return (i);
1278	if (i == 0) {	1278	if (i == 0) {
1279	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	1279	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
1280	return (-1);	1280	return (-1);
1281	}	1281	}
1282		1282
@@ -1305,7 +1305,7 @@ start:
1305	goto start;	1305	goto start;
1306	}	1306	}
1307	al = SSL_AD_UNEXPECTED_MESSAGE;	1307	al = SSL_AD_UNEXPECTED_MESSAGE;
1308	SSLerror(SSL_R_UNEXPECTED_RECORD);	1308	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1309	goto f_err;	1309	goto f_err;
1310	case SSL3_RT_CHANGE_CIPHER_SPEC:	1310	case SSL3_RT_CHANGE_CIPHER_SPEC:
1311	case SSL3_RT_ALERT:	1311	case SSL3_RT_ALERT:
@@ -1314,7 +1314,7 @@ start:
1314	* of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that	1314	* of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
1315	* should not happen when type != rr->type */	1315	* should not happen when type != rr->type */
1316	al = SSL_AD_UNEXPECTED_MESSAGE;	1316	al = SSL_AD_UNEXPECTED_MESSAGE;
1317	SSLerror(ERR_R_INTERNAL_ERROR);	1317	SSLerror(s, ERR_R_INTERNAL_ERROR);
1318	goto f_err;	1318	goto f_err;
1319	case SSL3_RT_APPLICATION_DATA:	1319	case SSL3_RT_APPLICATION_DATA:
1320	/* At this point, we were expecting handshake data,	1320	/* At this point, we were expecting handshake data,
@@ -1336,7 +1336,7 @@ start:
1336	return (-1);	1336	return (-1);
1337	} else {	1337	} else {
1338	al = SSL_AD_UNEXPECTED_MESSAGE;	1338	al = SSL_AD_UNEXPECTED_MESSAGE;
1339	SSLerror(SSL_R_UNEXPECTED_RECORD);	1339	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1340	goto f_err;	1340	goto f_err;
1341	}	1341	}
1342	}	1342	}
@@ -1363,7 +1363,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1363	if (S3I(s)->tmp.key_block == NULL) {	1363	if (S3I(s)->tmp.key_block == NULL) {
1364	if (s->session == NULL \|\| s->session->master_key_length == 0) {	1364	if (s->session == NULL \|\| s->session->master_key_length == 0) {
1365	/* might happen if dtls1_read_bytes() calls this */	1365	/* might happen if dtls1_read_bytes() calls this */
1366	SSLerror(SSL_R_CCS_RECEIVED_EARLY);	1366	SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1367	return (0);	1367	return (0);
1368	}	1368	}
1369		1369
@@ -1389,7 +1389,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1389	i = tls1_final_finish_mac(s, sender, slen,	1389	i = tls1_final_finish_mac(s, sender, slen,
1390	S3I(s)->tmp.peer_finish_md);	1390	S3I(s)->tmp.peer_finish_md);
1391	if (i == 0) {	1391	if (i == 0) {
1392	SSLerror(ERR_R_INTERNAL_ERROR);	1392	SSLerror(s, ERR_R_INTERNAL_ERROR);
1393	return 0;	1393	return 0;
1394	}	1394	}
1395	S3I(s)->tmp.peer_finish_md_len = i;	1395	S3I(s)->tmp.peer_finish_md_len = i;