1 files changed, 37 insertions, 37 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index c57eacd770..f49cc45efd 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.9 2017/01/31 15:35:46 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.10 2017/02/07 02:08:38 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -224,7 +224,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
        if (n > (int)(rb->len - rb->offset)) {
                /* does not happen */
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -248,7 +248,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
                        s->internal->rwstate = SSL_READING;
                        i = BIO_read(s->rbio, pkt + len + left, max - left);
                } else {
-                        SSLerror(SSL_R_READ_BIO_NOT_SET);
+                        SSLerror(s, SSL_R_READ_BIO_NOT_SET);
                        i = -1;
                }
@@ -364,7 +364,7 @@ ssl3_get_record(SSL *s)
                if (!CBS_get_u8(&header, &type) ||
                    !CBS_get_u16(&header, &ssl_version) ||
                    !CBS_get_u16(&header, &len)) {
-                        SSLerror(SSL_R_BAD_PACKET_LENGTH);
+                        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
                        goto err;
                }
@@ -373,7 +373,7 @@ ssl3_get_record(SSL *s)
                /* Lets check version */
                if (!s->internal->first_packet && ssl_version != s->version) {
-                        SSLerror(SSL_R_WRONG_VERSION_NUMBER);
+                        SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
                        if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
                            !s->internal->enc_write_ctx && !s->internal->write_hash)
                                /* Send back error using their minor version number :-) */
@@ -383,13 +383,13 @@ ssl3_get_record(SSL *s)
                }
                if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
-                        SSLerror(SSL_R_WRONG_VERSION_NUMBER);
+                        SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
                        goto err;
                }
                if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
                        al = SSL_AD_RECORD_OVERFLOW;
-                        SSLerror(SSL_R_PACKET_LENGTH_TOO_LONG);
+                        SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
                        goto f_err;
                }
@@ -424,7 +424,7 @@ ssl3_get_record(SSL *s)
        /* check is not needed I believe */
        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
                al = SSL_AD_RECORD_OVERFLOW;
-                SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
                goto f_err;
        }
@@ -438,7 +438,7 @@ ssl3_get_record(SSL *s)
         *    -1: if the padding is invalid */
        if (enc_err == 0) {
                al = SSL_AD_DECRYPTION_FAILED;
-                SSLerror(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                goto f_err;
        }
@@ -466,7 +466,7 @@ ssl3_get_record(SSL *s)
                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
                    orig_len < mac_size + 1)) {
                        al = SSL_AD_DECODE_ERROR;
-                        SSLerror(SSL_R_LENGTH_TOO_SHORT);
+                        SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
                }
@@ -506,13 +506,13 @@ ssl3_get_record(SSL *s)
                 * (e.g. via a logfile)
                 */
                al = SSL_AD_BAD_RECORD_MAC;
-                SSLerror(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+                SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
                goto f_err;
        }
        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
                al = SSL_AD_RECORD_OVERFLOW;
-                SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
+                SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
                goto f_err;
        }
@@ -538,7 +538,7 @@ ssl3_get_record(SSL *s)
                 * empty record without forcing want_read.
                 */
                if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
-                        SSLerror(SSL_R_PEER_BEHAVING_BADLY);
+                        SSLerror(s, SSL_R_PEER_BEHAVING_BADLY);
                        return -1;
                }
                if (s->internal->empty_record_count > 1) {
@@ -569,7 +569,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
        int i;
        if (len < 0) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -582,7 +582,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                        return -1;
                }
        }
@@ -691,7 +691,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                        if (prefix_len >
                                (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
                                /* insufficient space */
-                                SSLerror(ERR_R_INTERNAL_ERROR);
+                                SSLerror(s, ERR_R_INTERNAL_ERROR);
                                goto err;
                        }
                }
@@ -834,7 +834,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
        if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
            !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
            (S3I(s)->wpend_type != type)) {
-                SSLerror(SSL_R_BAD_WRITE_RETRY);
+                SSLerror(s, SSL_R_BAD_WRITE_RETRY);
                return (-1);
        }
@@ -846,7 +846,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
                        (char *)&(wb->buf[wb->offset]),
                        (unsigned int)wb->left);
                } else {
-                        SSLerror(SSL_R_BIO_NOT_SET);
+                        SSLerror(s, SSL_R_BIO_NOT_SET);
                        i = -1;
                }
                if (i == wb->left) {
@@ -911,14 +911,14 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                        return (-1);
        if (len < 0) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
        if ((type && type != SSL3_RT_APPLICATION_DATA &&
            type != SSL3_RT_HANDSHAKE) ||
            (peek && (type != SSL3_RT_APPLICATION_DATA))) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -953,7 +953,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                        return (-1);
                }
        }
@@ -995,7 +995,7 @@ start:
                                       * reset by ssl3_get_finished */
            && (rr->type != SSL3_RT_HANDSHAKE)) {
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+                SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
                goto f_err;
        }
@@ -1015,7 +1015,7 @@ start:
                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
                        (s->enc_read_ctx == NULL)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_APP_DATA_IN_HANDSHAKE);
+                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
                        goto f_err;
                }
@@ -1097,7 +1097,7 @@ start:
                    (S3I(s)->handshake_fragment[2] != 0) ||
                    (S3I(s)->handshake_fragment[3] != 0)) {
                        al = SSL_AD_DECODE_ERROR;
-                        SSLerror(SSL_R_BAD_HELLO_REQUEST);
+                        SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
                        goto f_err;
                }
@@ -1115,7 +1115,7 @@ start:
                                if (i < 0)
                                        return (i);
                                if (i == 0) {
-                                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                                        return (-1);
                                }
@@ -1196,13 +1196,13 @@ start:
                         */
                        else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerror(SSL_R_NO_RENEGOTIATION);
+                                SSLerror(s, SSL_R_NO_RENEGOTIATION);
                                goto f_err;
                        }
                } else if (alert_level == SSL3_AL_FATAL) {
                        s->internal->rwstate = SSL_NOTHING;
                        S3I(s)->fatal_alert = alert_descr;
-                        SSLerror(SSL_AD_REASON_OFFSET + alert_descr);
+                        SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
                        ERR_asprintf_error_data("SSL alert number %d",
                            alert_descr);
                        s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
@@ -1210,7 +1210,7 @@ start:
                        return (0);
                } else {
                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(SSL_R_UNKNOWN_ALERT_TYPE);
+                        SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
                        goto f_err;
                }
@@ -1230,21 +1230,21 @@ start:
                if ((rr->length != 1) || (rr->off != 0) ||
                        (rr->data[0] != SSL3_MT_CCS)) {
                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                        SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
                        goto f_err;
                }
                /* Check we have a cipher to change to */
                if (S3I(s)->tmp.new_cipher == NULL) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_CCS_RECEIVED_EARLY);
+                        SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
                        goto f_err;
                }
                /* Check that we should be receiving a Change Cipher Spec. */
                if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_CCS_RECEIVED_EARLY);
+                        SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
                        goto f_err;
                }
                s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
@@ -1276,7 +1276,7 @@ start:
                if (i < 0)
                        return (i);
                if (i == 0) {
-                        SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                        return (-1);
                }
@@ -1305,7 +1305,7 @@ start:
                        goto start;
                }
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(SSL_R_UNEXPECTED_RECORD);
+                SSLerror(s, SSL_R_UNEXPECTED_RECORD);
                goto f_err;
        case SSL3_RT_CHANGE_CIPHER_SPEC:
        case SSL3_RT_ALERT:
@@ -1314,7 +1314,7 @@ start:
                 * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
                 * should not happen when type != rr->type */
                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto f_err;
        case SSL3_RT_APPLICATION_DATA:
                /* At this point, we were expecting handshake data,
@@ -1336,7 +1336,7 @@ start:
                        return (-1);
                } else {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(SSL_R_UNEXPECTED_RECORD);
+                        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
                        goto f_err;
                }
        }
@@ -1363,7 +1363,7 @@ ssl3_do_change_cipher_spec(SSL *s)
        if (S3I(s)->tmp.key_block == NULL) {
                if (s->session == NULL || s->session->master_key_length == 0) {
                        /* might happen if dtls1_read_bytes() calls this */
-                        SSLerror(SSL_R_CCS_RECEIVED_EARLY);
+                        SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
                        return (0);
                }
@@ -1389,7 +1389,7 @@ ssl3_do_change_cipher_spec(SSL *s)
        i = tls1_final_finish_mac(s, sender, slen,
            S3I(s)->tmp.peer_finish_md);
        if (i == 0) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return 0;
        }
        S3I(s)->tmp.peer_finish_md_len = i;

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index c57eacd770..f49cc45efd 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.9 2017/01/31 15:35:46 jsing Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.10 2017/02/07 02:08:38 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -224,7 +224,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
224		224
225	if (n > (int)(rb->len - rb->offset)) {	225	if (n > (int)(rb->len - rb->offset)) {
226	/* does not happen */	226	/* does not happen */
227	SSLerror(ERR_R_INTERNAL_ERROR);	227	SSLerror(s, ERR_R_INTERNAL_ERROR);
228	return -1;	228	return -1;
229	}	229	}
230		230
@@ -248,7 +248,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
248	s->internal->rwstate = SSL_READING;	248	s->internal->rwstate = SSL_READING;
249	i = BIO_read(s->rbio, pkt + len + left, max - left);	249	i = BIO_read(s->rbio, pkt + len + left, max - left);
250	} else {	250	} else {
251	SSLerror(SSL_R_READ_BIO_NOT_SET);	251	SSLerror(s, SSL_R_READ_BIO_NOT_SET);
252	i = -1;	252	i = -1;
253	}	253	}
254		254
@@ -364,7 +364,7 @@ ssl3_get_record(SSL *s)
364	if (!CBS_get_u8(&header, &type) \|\|	364	if (!CBS_get_u8(&header, &type) \|\|
365	!CBS_get_u16(&header, &ssl_version) \|\|	365	!CBS_get_u16(&header, &ssl_version) \|\|
366	!CBS_get_u16(&header, &len)) {	366	!CBS_get_u16(&header, &len)) {
367	SSLerror(SSL_R_BAD_PACKET_LENGTH);	367	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
368	goto err;	368	goto err;
369	}	369	}
370		370
@@ -373,7 +373,7 @@ ssl3_get_record(SSL *s)
373		373
374	/* Lets check version */	374	/* Lets check version */
375	if (!s->internal->first_packet && ssl_version != s->version) {	375	if (!s->internal->first_packet && ssl_version != s->version) {
376	SSLerror(SSL_R_WRONG_VERSION_NUMBER);	376	SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
377	if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&	377	if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
378	!s->internal->enc_write_ctx && !s->internal->write_hash)	378	!s->internal->enc_write_ctx && !s->internal->write_hash)
379	/* Send back error using their minor version number :-) */	379	/* Send back error using their minor version number :-) */
@@ -383,13 +383,13 @@ ssl3_get_record(SSL *s)
383	}	383	}
384		384
385	if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {	385	if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
386	SSLerror(SSL_R_WRONG_VERSION_NUMBER);	386	SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
387	goto err;	387	goto err;
388	}	388	}
389		389
390	if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {	390	if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
391	al = SSL_AD_RECORD_OVERFLOW;	391	al = SSL_AD_RECORD_OVERFLOW;
392	SSLerror(SSL_R_PACKET_LENGTH_TOO_LONG);	392	SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
393	goto f_err;	393	goto f_err;
394	}	394	}
395		395
@@ -424,7 +424,7 @@ ssl3_get_record(SSL *s)
424	/* check is not needed I believe */	424	/* check is not needed I believe */
425	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {	425	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
426	al = SSL_AD_RECORD_OVERFLOW;	426	al = SSL_AD_RECORD_OVERFLOW;
427	SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG);	427	SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
428	goto f_err;	428	goto f_err;
429	}	429	}
430		430
@@ -438,7 +438,7 @@ ssl3_get_record(SSL *s)
438	* -1: if the padding is invalid */	438	* -1: if the padding is invalid */
439	if (enc_err == 0) {	439	if (enc_err == 0) {
440	al = SSL_AD_DECRYPTION_FAILED;	440	al = SSL_AD_DECRYPTION_FAILED;
441	SSLerror(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);	441	SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
442	goto f_err;	442	goto f_err;
443	}	443	}
444		444
@@ -466,7 +466,7 @@ ssl3_get_record(SSL *s)
466	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&	466	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
467	orig_len < mac_size + 1)) {	467	orig_len < mac_size + 1)) {
468	al = SSL_AD_DECODE_ERROR;	468	al = SSL_AD_DECODE_ERROR;
469	SSLerror(SSL_R_LENGTH_TOO_SHORT);	469	SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
470	goto f_err;	470	goto f_err;
471	}	471	}
472		472
@@ -506,13 +506,13 @@ ssl3_get_record(SSL *s)
506	* (e.g. via a logfile)	506	* (e.g. via a logfile)
507	*/	507	*/
508	al = SSL_AD_BAD_RECORD_MAC;	508	al = SSL_AD_BAD_RECORD_MAC;
509	SSLerror(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);	509	SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
510	goto f_err;	510	goto f_err;
511	}	511	}
512		512
513	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {	513	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
514	al = SSL_AD_RECORD_OVERFLOW;	514	al = SSL_AD_RECORD_OVERFLOW;
515	SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);	515	SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
516	goto f_err;	516	goto f_err;
517	}	517	}
518		518
@@ -538,7 +538,7 @@ ssl3_get_record(SSL *s)
538	* empty record without forcing want_read.	538	* empty record without forcing want_read.
539	*/	539	*/
540	if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {	540	if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
541	SSLerror(SSL_R_PEER_BEHAVING_BADLY);	541	SSLerror(s, SSL_R_PEER_BEHAVING_BADLY);
542	return -1;	542	return -1;
543	}	543	}
544	if (s->internal->empty_record_count > 1) {	544	if (s->internal->empty_record_count > 1) {
@@ -569,7 +569,7 @@ ssl3_write_bytes(SSL s, int type, const void buf_, int len)
569	int i;	569	int i;
570		570
571	if (len < 0) {	571	if (len < 0) {
572	SSLerror(ERR_R_INTERNAL_ERROR);	572	SSLerror(s, ERR_R_INTERNAL_ERROR);
573	return -1;	573	return -1;
574	}	574	}
575		575
@@ -582,7 +582,7 @@ ssl3_write_bytes(SSL s, int type, const void buf_, int len)
582	if (i < 0)	582	if (i < 0)
583	return (i);	583	return (i);
584	if (i == 0) {	584	if (i == 0) {
585	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	585	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
586	return -1;	586	return -1;
587	}	587	}
588	}	588	}
@@ -691,7 +691,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
691	if (prefix_len >	691	if (prefix_len >
692	(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {	692	(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
693	/* insufficient space */	693	/* insufficient space */
694	SSLerror(ERR_R_INTERNAL_ERROR);	694	SSLerror(s, ERR_R_INTERNAL_ERROR);
695	goto err;	695	goto err;
696	}	696	}
697	}	697	}
@@ -834,7 +834,7 @@ ssl3_write_pending(SSL s, int type, const unsigned char buf, unsigned int len)
834	if ((S3I(s)->wpend_tot > (int)len) \|\| ((S3I(s)->wpend_buf != buf) &&	834	if ((S3I(s)->wpend_tot > (int)len) \|\| ((S3I(s)->wpend_buf != buf) &&
835	!(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) \|\|	835	!(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) \|\|
836	(S3I(s)->wpend_type != type)) {	836	(S3I(s)->wpend_type != type)) {
837	SSLerror(SSL_R_BAD_WRITE_RETRY);	837	SSLerror(s, SSL_R_BAD_WRITE_RETRY);
838	return (-1);	838	return (-1);
839	}	839	}
840		840
@@ -846,7 +846,7 @@ ssl3_write_pending(SSL s, int type, const unsigned char buf, unsigned int len)
846	(char *)&(wb->buf[wb->offset]),	846	(char *)&(wb->buf[wb->offset]),
847	(unsigned int)wb->left);	847	(unsigned int)wb->left);
848	} else {	848	} else {
849	SSLerror(SSL_R_BIO_NOT_SET);	849	SSLerror(s, SSL_R_BIO_NOT_SET);
850	i = -1;	850	i = -1;
851	}	851	}
852	if (i == wb->left) {	852	if (i == wb->left) {
@@ -911,14 +911,14 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
911	return (-1);	911	return (-1);
912		912
913	if (len < 0) {	913	if (len < 0) {
914	SSLerror(ERR_R_INTERNAL_ERROR);	914	SSLerror(s, ERR_R_INTERNAL_ERROR);
915	return -1;	915	return -1;
916	}	916	}
917		917
918	if ((type && type != SSL3_RT_APPLICATION_DATA &&	918	if ((type && type != SSL3_RT_APPLICATION_DATA &&
919	type != SSL3_RT_HANDSHAKE) \|\|	919	type != SSL3_RT_HANDSHAKE) \|\|
920	(peek && (type != SSL3_RT_APPLICATION_DATA))) {	920	(peek && (type != SSL3_RT_APPLICATION_DATA))) {
921	SSLerror(ERR_R_INTERNAL_ERROR);	921	SSLerror(s, ERR_R_INTERNAL_ERROR);
922	return -1;	922	return -1;
923	}	923	}
924		924
@@ -953,7 +953,7 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
953	if (i < 0)	953	if (i < 0)
954	return (i);	954	return (i);
955	if (i == 0) {	955	if (i == 0) {
956	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	956	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
957	return (-1);	957	return (-1);
958	}	958	}
959	}	959	}
@@ -995,7 +995,7 @@ start:
995	* reset by ssl3_get_finished */	995	* reset by ssl3_get_finished */
996	&& (rr->type != SSL3_RT_HANDSHAKE)) {	996	&& (rr->type != SSL3_RT_HANDSHAKE)) {
997	al = SSL_AD_UNEXPECTED_MESSAGE;	997	al = SSL_AD_UNEXPECTED_MESSAGE;
998	SSLerror(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);	998	SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
999	goto f_err;	999	goto f_err;
1000	}	1000	}
1001		1001
@@ -1015,7 +1015,7 @@ start:
1015	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&	1015	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
1016	(s->enc_read_ctx == NULL)) {	1016	(s->enc_read_ctx == NULL)) {
1017	al = SSL_AD_UNEXPECTED_MESSAGE;	1017	al = SSL_AD_UNEXPECTED_MESSAGE;
1018	SSLerror(SSL_R_APP_DATA_IN_HANDSHAKE);	1018	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
1019	goto f_err;	1019	goto f_err;
1020	}	1020	}
1021		1021
@@ -1097,7 +1097,7 @@ start:
1097	(S3I(s)->handshake_fragment[2] != 0) \|\|	1097	(S3I(s)->handshake_fragment[2] != 0) \|\|
1098	(S3I(s)->handshake_fragment[3] != 0)) {	1098	(S3I(s)->handshake_fragment[3] != 0)) {
1099	al = SSL_AD_DECODE_ERROR;	1099	al = SSL_AD_DECODE_ERROR;
1100	SSLerror(SSL_R_BAD_HELLO_REQUEST);	1100	SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
1101	goto f_err;	1101	goto f_err;
1102	}	1102	}
1103		1103
@@ -1115,7 +1115,7 @@ start:
1115	if (i < 0)	1115	if (i < 0)
1116	return (i);	1116	return (i);
1117	if (i == 0) {	1117	if (i == 0) {
1118	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	1118	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
1119	return (-1);	1119	return (-1);
1120	}	1120	}
1121		1121
@@ -1196,13 +1196,13 @@ start:
1196	*/	1196	*/
1197	else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {	1197	else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1198	al = SSL_AD_HANDSHAKE_FAILURE;	1198	al = SSL_AD_HANDSHAKE_FAILURE;
1199	SSLerror(SSL_R_NO_RENEGOTIATION);	1199	SSLerror(s, SSL_R_NO_RENEGOTIATION);
1200	goto f_err;	1200	goto f_err;
1201	}	1201	}
1202	} else if (alert_level == SSL3_AL_FATAL) {	1202	} else if (alert_level == SSL3_AL_FATAL) {
1203	s->internal->rwstate = SSL_NOTHING;	1203	s->internal->rwstate = SSL_NOTHING;
1204	S3I(s)->fatal_alert = alert_descr;	1204	S3I(s)->fatal_alert = alert_descr;
1205	SSLerror(SSL_AD_REASON_OFFSET + alert_descr);	1205	SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
1206	ERR_asprintf_error_data("SSL alert number %d",	1206	ERR_asprintf_error_data("SSL alert number %d",
1207	alert_descr);	1207	alert_descr);
1208	s->internal->shutdown \|= SSL_RECEIVED_SHUTDOWN;	1208	s->internal->shutdown \|= SSL_RECEIVED_SHUTDOWN;
@@ -1210,7 +1210,7 @@ start:
1210	return (0);	1210	return (0);
1211	} else {	1211	} else {
1212	al = SSL_AD_ILLEGAL_PARAMETER;	1212	al = SSL_AD_ILLEGAL_PARAMETER;
1213	SSLerror(SSL_R_UNKNOWN_ALERT_TYPE);	1213	SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
1214	goto f_err;	1214	goto f_err;
1215	}	1215	}
1216		1216
@@ -1230,21 +1230,21 @@ start:
1230	if ((rr->length != 1) \|\| (rr->off != 0) \|\|	1230	if ((rr->length != 1) \|\| (rr->off != 0) \|\|
1231	(rr->data[0] != SSL3_MT_CCS)) {	1231	(rr->data[0] != SSL3_MT_CCS)) {
1232	al = SSL_AD_ILLEGAL_PARAMETER;	1232	al = SSL_AD_ILLEGAL_PARAMETER;
1233	SSLerror(SSL_R_BAD_CHANGE_CIPHER_SPEC);	1233	SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
1234	goto f_err;	1234	goto f_err;
1235	}	1235	}
1236		1236
1237	/* Check we have a cipher to change to */	1237	/* Check we have a cipher to change to */
1238	if (S3I(s)->tmp.new_cipher == NULL) {	1238	if (S3I(s)->tmp.new_cipher == NULL) {
1239	al = SSL_AD_UNEXPECTED_MESSAGE;	1239	al = SSL_AD_UNEXPECTED_MESSAGE;
1240	SSLerror(SSL_R_CCS_RECEIVED_EARLY);	1240	SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1241	goto f_err;	1241	goto f_err;
1242	}	1242	}
1243		1243
1244	/* Check that we should be receiving a Change Cipher Spec. */	1244	/* Check that we should be receiving a Change Cipher Spec. */
1245	if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {	1245	if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
1246	al = SSL_AD_UNEXPECTED_MESSAGE;	1246	al = SSL_AD_UNEXPECTED_MESSAGE;
1247	SSLerror(SSL_R_CCS_RECEIVED_EARLY);	1247	SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1248	goto f_err;	1248	goto f_err;
1249	}	1249	}
1250	s->s3->flags &= ~SSL3_FLAGS_CCS_OK;	1250	s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
@@ -1276,7 +1276,7 @@ start:
1276	if (i < 0)	1276	if (i < 0)
1277	return (i);	1277	return (i);
1278	if (i == 0) {	1278	if (i == 0) {
1279	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	1279	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
1280	return (-1);	1280	return (-1);
1281	}	1281	}
1282		1282
@@ -1305,7 +1305,7 @@ start:
1305	goto start;	1305	goto start;
1306	}	1306	}
1307	al = SSL_AD_UNEXPECTED_MESSAGE;	1307	al = SSL_AD_UNEXPECTED_MESSAGE;
1308	SSLerror(SSL_R_UNEXPECTED_RECORD);	1308	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1309	goto f_err;	1309	goto f_err;
1310	case SSL3_RT_CHANGE_CIPHER_SPEC:	1310	case SSL3_RT_CHANGE_CIPHER_SPEC:
1311	case SSL3_RT_ALERT:	1311	case SSL3_RT_ALERT:
@@ -1314,7 +1314,7 @@ start:
1314	* of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that	1314	* of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that
1315	* should not happen when type != rr->type */	1315	* should not happen when type != rr->type */
1316	al = SSL_AD_UNEXPECTED_MESSAGE;	1316	al = SSL_AD_UNEXPECTED_MESSAGE;
1317	SSLerror(ERR_R_INTERNAL_ERROR);	1317	SSLerror(s, ERR_R_INTERNAL_ERROR);
1318	goto f_err;	1318	goto f_err;
1319	case SSL3_RT_APPLICATION_DATA:	1319	case SSL3_RT_APPLICATION_DATA:
1320	/* At this point, we were expecting handshake data,	1320	/* At this point, we were expecting handshake data,
@@ -1336,7 +1336,7 @@ start:
1336	return (-1);	1336	return (-1);
1337	} else {	1337	} else {
1338	al = SSL_AD_UNEXPECTED_MESSAGE;	1338	al = SSL_AD_UNEXPECTED_MESSAGE;
1339	SSLerror(SSL_R_UNEXPECTED_RECORD);	1339	SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1340	goto f_err;	1340	goto f_err;
1341	}	1341	}
1342	}	1342	}
@@ -1363,7 +1363,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1363	if (S3I(s)->tmp.key_block == NULL) {	1363	if (S3I(s)->tmp.key_block == NULL) {
1364	if (s->session == NULL \|\| s->session->master_key_length == 0) {	1364	if (s->session == NULL \|\| s->session->master_key_length == 0) {
1365	/* might happen if dtls1_read_bytes() calls this */	1365	/* might happen if dtls1_read_bytes() calls this */
1366	SSLerror(SSL_R_CCS_RECEIVED_EARLY);	1366	SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1367	return (0);	1367	return (0);
1368	}	1368	}
1369		1369
@@ -1389,7 +1389,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1389	i = tls1_final_finish_mac(s, sender, slen,	1389	i = tls1_final_finish_mac(s, sender, slen,
1390	S3I(s)->tmp.peer_finish_md);	1390	S3I(s)->tmp.peer_finish_md);
1391	if (i == 0) {	1391	if (i == 0) {
1392	SSLerror(ERR_R_INTERNAL_ERROR);	1392	SSLerror(s, ERR_R_INTERNAL_ERROR);
1393	return 0;	1393	return 0;
1394	}	1394	}
1395	S3I(s)->tmp.peer_finish_md_len = i;	1395	S3I(s)->tmp.peer_finish_md_len = i;