fix SSLerr stuff for DTLS1 code;

author Bodo Möller <bodo@openssl.org>

Tue, 26 Apr 2005 18:08:00 +0000 (18:08 +0000)

committer Bodo Möller <bodo@openssl.org>

Tue, 26 Apr 2005 18:08:00 +0000 (18:08 +0000)
author Bodo Möller <bodo@openssl.org>
Tue, 26 Apr 2005 18:08:00 +0000 (18:08 +0000)
committer Bodo Möller <bodo@openssl.org>
Tue, 26 Apr 2005 18:08:00 +0000 (18:08 +0000)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c

index fb98bf49d0608a30806eb8569e4b5735cb27e90a..40d71e29d278f63448f830a27e0b8ccb94f105e3 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -324,8 +324,7 @@ int dtls1_do_write(SSL *s, int type)
   * Read an entire handshake message.  Handshake messages arrive in
   * fragments.
   */
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, 
-       int     *ok)
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
         {
         int i, al;
  
@@ -337,7 +336,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max,
                 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
                         {
                         al=SSL_AD_UNEXPECTED_MESSAGE;
-                       SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+                       SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
                         goto f_err;
                         }
                 *ok=1;
@@ -488,7 +487,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st *msg_hdr, int *ok)
      if ( (int)msg_hdr->frag_len && !BUF_MEM_grow_clean(s->init_buf, 
               (int)msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH + s->init_num))
          {
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
+        SSLerr(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE,ERR_R_BUF_LIB);
          goto err;
          }
  
@@ -519,7 +518,7 @@ err:
      }
  
  
-static long 
+static long
  dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
         {
         unsigned char *p;
@@ -573,7 +572,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
      if ( frag_off + frag_len > l)
          {
          al=SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
          goto f_err;
          }
  
@@ -598,7 +597,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
          else /* Incorrectly formated Hello request */
              {
              al=SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+            SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
              goto f_err;
              }
          }
@@ -613,13 +612,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
                 if (l > (INT_MAX-DTLS1_HM_HEADER_LENGTH)) 
                         {
                         al=SSL_AD_ILLEGAL_PARAMETER;
-                       SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                       SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
                         goto f_err;
                         }
                 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l
                         + DTLS1_HM_HEADER_LENGTH))
                         {
-                       SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
+                       SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB);
                         goto err;
                         }
          /* Only do this test when we're reading the expected message.
@@ -627,7 +626,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
          if ( l > (unsigned long)max)
                         {
                         al=SSL_AD_ILLEGAL_PARAMETER;
-                       SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                       SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
                         goto f_err;
                         }
  
@@ -637,20 +636,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
      if ( frag_len > (unsigned long)max)
          {
          al=SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
          goto f_err;
          }
      if ( frag_len + s->init_num > (INT_MAX - DTLS1_HM_HEADER_LENGTH))
          {
          al=SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
          goto f_err;
          }
  
      if ( frag_len & !BUF_MEM_grow_clean(s->init_buf, (int)frag_len 
               + DTLS1_HM_HEADER_LENGTH + s->init_num))
          {
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB);
          goto err;
          }
  
@@ -842,14 +841,14 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
         buf=s->init_buf;
         if (!BUF_MEM_grow_clean(buf,10))
                 {
-               SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+               SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                 return(0);
                 }
         if (x != NULL)
                 {
                 if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
                         {
-                       SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+                       SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
                         return(0);
                         }
  
@@ -858,7 +857,7 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
                         n=i2d_X509(x,NULL);
                         if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
                                 {
-                               SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                               SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                                 return(0);
                                 }
                         p=(unsigned char *)&(buf->data[l]);
@@ -888,7 +887,7 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
                 n=i2d_X509(x,NULL);
                 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
                         {
-                       SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                       SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                         return(0);
                         }
                 p=(unsigned char *)&(buf->data[l]);
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c

index c53eae17067e41422aefa8b373d7622530492333..d2340c8a3e02dc1132f4d99dfeb86cef5ae37db1 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -197,7 +197,7 @@ int dtls1_connect(SSL *s)
  
                         if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
                                 {
-                               SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
                                 ret = -1;
                                 goto end;
                                 }
@@ -499,7 +499,7 @@ int dtls1_connect(SSL *s)
                         /* break; */
                         
                 default:
-                       SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
+                       SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
                         ret= -1;
                         goto end;
                         /* break; */
@@ -579,7 +579,7 @@ int dtls1_client_hello(SSL *s)
                         {
                         if (i > sizeof s->session->session_id)
                                 {
-                               SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                                 goto err;
                                 }
                         memcpy(p,s->session->session_id,i);
@@ -589,7 +589,7 @@ int dtls1_client_hello(SSL *s)
                 /* cookie stuff */
                 if ( s->d1->cookie_len > sizeof(s->d1->cookie))
                         {
-                       SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                         goto err;
                         }
                 *(p++) = s->d1->cookie_len;
@@ -600,7 +600,7 @@ int dtls1_client_hello(SSL *s)
                 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
                 if (i == 0)
                         {
-                       SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                       SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
                         goto err;
                         }
                 s2n(i,p);
@@ -665,7 +665,7 @@ static int dtls1_get_hello_verify(SSL *s)
  
         if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
                 {
-               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
+               SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
                 s->version=(s->version&0xff00)|data[1];
                 al = SSL_AD_PROTOCOL_VERSION;
                 goto f_err;
@@ -727,7 +727,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                                         (pkey->type != EVP_PKEY_RSA) ||
                                         (pkey->pkey.rsa == NULL))
                                         {
-                                       SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                                       SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
                                         goto err;
                                         }
                                 rsa=pkey->pkey.rsa;
@@ -753,7 +753,7 @@ int dtls1_send_client_key_exchange(SSL *s)
  #endif
                         if (n <= 0)
                                 {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
                                 goto err;
                                 }
  
@@ -816,7 +816,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                                  {
                                  ssl3_send_alert(s,SSL3_AL_FATAL,
                                                 SSL_AD_HANDSHAKE_FAILURE);
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
                                                 kssl_err.reason);
                                  goto err;
                                  }
@@ -883,7 +883,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                         outl += padl;
                         if (outl > sizeof epms)
                                 {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                 goto err;
                                 }
                         EVP_CIPHER_CTX_cleanup(&ciph_ctx);
@@ -914,19 +914,19 @@ int dtls1_send_client_key_exchange(SSL *s)
                                 {
                                 /* we get them from the cert */
                                 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
                                 goto err;
                                 }
                         
                         /* generate a new random key */
                         if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
                                 {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
                                 goto err;
                                 }
                         if (!DH_generate_key(dh_clnt))
                                 {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
                                 goto err;
                                 }
  
@@ -937,7 +937,7 @@ int dtls1_send_client_key_exchange(SSL *s)
  
                         if (n <= 0)
                                 {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
                                 goto err;
                                 }
  
@@ -962,7 +962,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                 else
                         {
                         ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                       SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
                         goto err;
                         }
                 
@@ -1021,7 +1021,7 @@ int dtls1_send_client_verify(SSL *s)
                                          MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
                                         &(p[2]), &u, pkey->pkey.rsa) <= 0 )
                                 {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
                                 goto err;
                                 }
                         s2n(u,p);
@@ -1037,7 +1037,7 @@ int dtls1_send_client_verify(SSL *s)
                                 SHA_DIGEST_LENGTH,&(p[2]),
                                 (unsigned int *)&j,pkey->pkey.dsa))
                                 {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
                                 goto err;
                                 }
                         s2n(j,p);
@@ -1046,7 +1046,7 @@ int dtls1_send_client_verify(SSL *s)
                 else
  #endif
                         {
-                       SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
                         goto err;
                         }
  
@@ -1110,7 +1110,7 @@ int dtls1_send_client_certificate(SSL *s)
                 else if (i == 1)
                         {
                         i=0;
-                       SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+                       SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
                         }
  
                 if (x509 != NULL) X509_free(x509);
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c

index 7b369644ff8fbbbe8247772e4ade44706c4270c4..42997eaee99015cead88707fe4af3955c1c52deb 100644 (file)
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -217,7 +217,7 @@ int dtls1_enc(SSL *s, int send)
                         {
                         if (l == 0 || l%bs != 0)
                                 {
-                               SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                               SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                                 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
                                 return 0;
                                 }
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c

index c84e6865a0576621fcfea40654ff9c3b38024eb1..af71e389544d7eb971c124f830e537435c5f320c 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -173,7 +173,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned long long priority)
                 if (rdata != NULL) OPENSSL_free(rdata);
                 if (item != NULL) pitem_free(item);
                 
-               SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
+               SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
                 return(0);
                 }
         
@@ -348,7 +348,7 @@ dtls1_process_record(SSL *s)
         if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
                 {
                 al=SSL_AD_RECORD_OVERFLOW;
-               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+               SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
                 goto f_err;
                 }
  
@@ -386,7 +386,7 @@ if (        (sess == NULL) ||
                         {
  #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
                         al=SSL_AD_RECORD_OVERFLOW;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
                         goto f_err;
  #else
                         goto decryption_failed_or_bad_record_mac;
@@ -397,7 +397,7 @@ if (        (sess == NULL) ||
                         {
  #if 0 /* OK only for stream ciphers */
                         al=SSL_AD_DECODE_ERROR;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
                         goto f_err;
  #else
                         goto decryption_failed_or_bad_record_mac;
@@ -417,13 +417,13 @@ if (      (sess == NULL) ||
                 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
                         {
                         al=SSL_AD_RECORD_OVERFLOW;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
                         goto f_err;
                         }
                 if (!ssl3_do_uncompress(s))
                         {
                         al=SSL_AD_DECOMPRESSION_FAILURE;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
+                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
                         goto f_err;
                         }
                 }
@@ -431,7 +431,7 @@ if (        (sess == NULL) ||
         if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
                 {
                 al=SSL_AD_RECORD_OVERFLOW;
-               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+               SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
                 goto f_err;
                 }
  
@@ -456,7 +456,7 @@ decryption_failed_or_bad_record_mac:
          * we should not reveal which kind of error occured -- this
          * might become visible to an attacker (e.g. via logfile) */
         al=SSL_AD_BAD_RECORD_MAC;
-       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
  f_err:
         ssl3_send_alert(s,SSL3_AL_FATAL,al);
  err:
@@ -536,7 +536,7 @@ again:
                         {
                         if (version != s->version)
                                 {
-                               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                               SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
                                 /* Send back error using their
                                  * version number :-) */
                                 s->version=version;
@@ -547,14 +547,14 @@ again:
  
                 if ((version & 0xff00) != (DTLS1_VERSION & 0xff00))
                         {
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                       SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
                         goto err;
                         }
  
                 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
                         {
                         al=SSL_AD_RECORD_OVERFLOW;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+                       SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
                         goto f_err;
                         }
  
@@ -667,7 +667,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                 (type != SSL3_RT_HANDSHAKE) && type) ||
             (peek && (type != SSL3_RT_APPLICATION_DATA)))
                 {
-               SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+               SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
                 return -1;
                 }
  
@@ -684,7 +684,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                 if (i < 0) return(i);
                 if (i == 0)
                         {
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
                         return(-1);
                         }
                 }
@@ -720,7 +720,7 @@ start:
                 && (rr->type != SSL3_RT_HANDSHAKE))
                 {
                 al=SSL_AD_UNEXPECTED_MESSAGE;
-               SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+               SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
                 goto err;
                 }
  
@@ -742,7 +742,7 @@ start:
                         (s->enc_read_ctx == NULL))
                         {
                         al=SSL_AD_UNEXPECTED_MESSAGE;
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
                         goto f_err;
                         }
  
@@ -833,7 +833,7 @@ start:
                         (s->d1->handshake_fragment[3] != 0))
                         {
                         al=SSL_AD_DECODE_ERROR;
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
                         goto err;
                         }
  
@@ -854,7 +854,7 @@ start:
                                 if (i < 0) return(i);
                                 if (i == 0)
                                         {
-                                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
                                         return(-1);
                                         }
  
@@ -941,7 +941,7 @@ start:
  
                         s->rwstate=SSL_NOTHING;
                         s->s3->fatal_alert = alert_descr;
-                       SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
                         BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
                         ERR_add_error_data(2,"SSL alert number ",tmp);
                         s->shutdown|=SSL_RECEIVED_SHUTDOWN;
@@ -951,7 +951,7 @@ start:
                 else
                         {
                         al=SSL_AD_ILLEGAL_PARAMETER;
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
                         goto f_err;
                         }
  
@@ -980,7 +980,7 @@ start:
                                 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
                                 {
                                 i=SSL_AD_ILLEGAL_PARAMETER;
-                               SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                               SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
                                 goto err;
                                 }
                         
@@ -1041,7 +1041,7 @@ start:
                 if (i < 0) return(i);
                 if (i == 0)
                         {
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
                         return(-1);
                         }
  
@@ -1076,7 +1076,7 @@ start:
                         }
  #endif
                 al=SSL_AD_UNEXPECTED_MESSAGE;
-               SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+               SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
                 goto f_err;
         case SSL3_RT_CHANGE_CIPHER_SPEC:
         case SSL3_RT_ALERT:
@@ -1085,7 +1085,7 @@ start:
                  * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
                  * should not happen when type != rr->type */
                 al=SSL_AD_UNEXPECTED_MESSAGE;
-               SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
+               SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
                 goto f_err;
         case SSL3_RT_APPLICATION_DATA:
                 /* At this point, we were expecting handshake data,
@@ -1114,7 +1114,7 @@ start:
                 else
                         {
                         al=SSL_AD_UNEXPECTED_MESSAGE;
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
                         goto f_err;
                         }
                 }
@@ -1138,7 +1138,7 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
                 if (i < 0) return(i);
                 if (i == 0)
                         {
-                       SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                       SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
                         return -1;
                         }
                 }
@@ -1251,8 +1251,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)
         return tot + i;
         }
  
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-       unsigned int len, int create_empty_fragment)
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
         {
         unsigned char *p,*pseq;
         int i,mac_size,clear=0;
@@ -1319,7 +1318,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
                         if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
                                 {
                                 /* insufficient space */
-                               SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
                                 goto err;
                                 }
                         }
@@ -1365,7 +1364,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
                 {
                 if (!ssl3_do_compress(s))
                         {
-                       SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
+                       SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
                         goto err;
                         }
                 }
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c

index 81c1790ab33d5f302272c1d0322047148a66f51a..c4118bb26fc172e9005d1f60ec4b1040455aa411 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -180,7 +180,7 @@ int dtls1_accept(SSL *s)
  
         if (s->cert == NULL)
                 {
-               SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+               SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
                 return(-1);
                 }
  
@@ -204,7 +204,7 @@ int dtls1_accept(SSL *s)
  
                         if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
                                 {
-                               SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
                                 return -1;
                                 }
                         s->type=SSL_ST_ACCEPT;
@@ -569,7 +569,7 @@ int dtls1_accept(SSL *s)
                         /* break; */
  
                 default:
-                       SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
+                       SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
                         ret= -1;
                         goto end;
                         /* break; */
@@ -707,7 +707,7 @@ int dtls1_send_server_hello(SSL *s)
                 sl=s->session->session_id_length;
                 if (sl > sizeof s->session->session_id)
                         {
-                       SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
                         return -1;
                         }
                 *(p++)=sl;
@@ -812,7 +812,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                 if(rsa == NULL)
                                 {
                                         al=SSL_AD_HANDSHAKE_FAILURE;
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+                                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
                                         goto f_err;
                                 }
                                 RSA_up_ref(rsa);
@@ -821,7 +821,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                         if (rsa == NULL)
                                 {
                                 al=SSL_AD_HANDSHAKE_FAILURE;
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
                                 goto f_err;
                                 }
                         r[0]=rsa->n;
@@ -841,20 +841,20 @@ int dtls1_send_server_key_exchange(SSL *s)
                         if (dhp == NULL)
                                 {
                                 al=SSL_AD_HANDSHAKE_FAILURE;
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
                                 goto f_err;
                                 }
  
                         if (s->s3->tmp.dh != NULL)
                                 {
                                 DH_free(dh);
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                 goto err;
                                 }
  
                         if ((dh=DHparams_dup(dhp)) == NULL)
                                 {
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
                                 goto err;
                                 }
  
@@ -865,7 +865,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                 {
                                 if(!DH_generate_key(dh))
                                     {
-                                   SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                                   SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
                                            ERR_R_DH_LIB);
                                     goto err;
                                     }
@@ -877,7 +877,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                 if ((dh->pub_key == NULL) ||
                                         (dh->priv_key == NULL))
                                         {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
                                         goto err;
                                         }
                                 }
@@ -889,7 +889,7 @@ int dtls1_send_server_key_exchange(SSL *s)
  #endif
                         {
                         al=SSL_AD_HANDSHAKE_FAILURE;
-                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
                         goto f_err;
                         }
                 for (i=0; r[i] != NULL; i++)
@@ -916,7 +916,7 @@ int dtls1_send_server_key_exchange(SSL *s)
  
                 if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
                         {
-                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
                         goto err;
                         }
                 d=(unsigned char *)s->init_buf->data;
@@ -955,7 +955,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                 if (RSA_sign(NID_md5_sha1, md_buf, j,
                                         &(p[2]), &u, pkey->pkey.rsa) <= 0)
                                         {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
+                                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
                                         goto err;
                                         }
                                 s2n(u,p);
@@ -974,7 +974,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                 if (!EVP_SignFinal(&md_ctx,&(p[2]),
                                         (unsigned int *)&i,pkey))
                                         {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
+                                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
                                         goto err;
                                         }
                                 s2n(i,p);
@@ -985,7 +985,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                 {
                                 /* Is this error check actually needed? */
                                 al=SSL_AD_HANDSHAKE_FAILURE;
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
                                 goto f_err;
                                 }
                         }
@@ -1047,7 +1047,7 @@ int dtls1_send_certificate_request(SSL *s)
                                 j=i2d_X509_NAME(name,NULL);
                                 if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
                                         {
-                                       SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+                                       SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
                                         goto err;
                                         }
                                 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
@@ -1122,7 +1122,7 @@ int dtls1_send_server_certificate(SSL *s)
                                  & (SSL_MKEY_MASK|SSL_AUTH_MASK))
                          != (SSL_aKRB5|SSL_kKRB5))
                         {
-                       SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
                         return(0);
                         }
  
diff --git a/ssl/dtls1.h b/ssl/dtls1.h

index e3b6ad5ff24078ffc21320fdc5ff41212be5daf1..e83201e75f6023a669a2eaa0e640db86eb56fc66 100644 (file)
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -67,8 +67,6 @@
  extern "C" {
  #endif
  
-#define DTLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES  1
-
  #define DTLS1_VERSION                  0x0100
  #define DTLS1_VERSION_MAJOR            0x01
  #define DTLS1_VERSION_MINOR            0x00
@@ -104,7 +102,7 @@ struct hm_header_st
         unsigned short seq;
         unsigned long frag_off;
         unsigned long frag_len;
-    unsigned int is_ccs;
+       unsigned int is_ccs;
         };
  
  struct ccs_header_st
@@ -126,16 +124,16 @@ struct dtls1_timeout_st
         };
  
  typedef struct record_pqueue_st
-    {
-    unsigned short epoch;
-    pqueue q;
-    } record_pqueue;
+       {
+       unsigned short epoch;
+       pqueue q;
+       } record_pqueue;
  
  typedef struct hm_fragment_st
-    {
-    struct hm_header_st msg_header;
-    unsigned char *fragment;
-    } hm_fragment;
+       {
+       struct hm_header_st msg_header;
+       unsigned char *fragment;
+       } hm_fragment;
  
  typedef struct dtls1_state_st
         {
@@ -164,15 +162,15 @@ typedef struct dtls1_state_st
  
         unsigned short handshake_read_seq;
  
-    /* only matters for handshake messages */  
+       /* only matters for handshake messages */  
         unsigned long long next_expected_seq_num; 
  
         /* Received handshake records (processed and unprocessed) */
         record_pqueue unprocessed_rcds;
-    record_pqueue processed_rcds;
+       record_pqueue processed_rcds;
  
-    /* Buffered handshake messages */
-    pqueue buffered_messages;
+       /* Buffered handshake messages */
+       pqueue buffered_messages;
  
         /* Buffered (sent) handshake records */
         pqueue sent_messages;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index ff2fd3082196cd9ca32257b5ad6e7de00eea96ab..cd0cc819f99162cc8e25ba0cbdaf0d6e01ab0d88 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -767,60 +767,60 @@ int ssl3_get_client_hello(SSL *s)
                 /* cookie stuff */
                 cookie_len = *(p++);
  
-        if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
-            s->d1->send_cookie == 0)
-            {
-            /* HelloVerifyMessage has already been sent */
-            if ( cookie_len != s->d1->cookie_len)
-                {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
-                goto f_err;
-                }
-            }
+               if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+                       s->d1->send_cookie == 0)
+                       {
+                       /* HelloVerifyMessage has already been sent */
+                       if ( cookie_len != s->d1->cookie_len)
+                               {
+                               al = SSL_AD_HANDSHAKE_FAILURE;
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+                               goto f_err;
+                               }
+                       }
  
-        /* 
-         * The ClientHello may contain a cookie even if the
-         * HelloVerify message has not been sent--make sure that it
-         * does not cause an overflow.
-         */
+               /* 
+                * The ClientHello may contain a cookie even if the
+                * HelloVerify message has not been sent--make sure that it
+                * does not cause an overflow.
+                */
                 if ( cookie_len > sizeof(s->d1->rcvd_cookie))
                         {
                         /* too much data */
-            al = SSL_AD_DECODE_ERROR;
+                       al = SSL_AD_DECODE_ERROR;
                         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
                         goto f_err;
                         }
  
-        /* verify the cookie if appropriate option is set. */
-        if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
-            cookie_len > 0)
-            {
-            memcpy(s->d1->rcvd_cookie, p, cookie_len);
+               /* verify the cookie if appropriate option is set. */
+               if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+                       cookie_len > 0)
+                       {
+                       memcpy(s->d1->rcvd_cookie, p, cookie_len);
  
-            if ( s->ctx->app_verify_cookie_cb != NULL)
-                {
-                if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
-                    cookie_len) == 0)
-                    {
-                    al=SSL_AD_HANDSHAKE_FAILURE;
-                    SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
-                        SSL_R_COOKIE_MISMATCH);
-                    goto f_err;
-                    }
-                /* else cookie verification succeeded */
-                }
-            else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, 
-                          s->d1->cookie_len) != 0) /* default verification */
-                {
-                    al=SSL_AD_HANDSHAKE_FAILURE;
-                    SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
-                        SSL_R_COOKIE_MISMATCH);
-                    goto f_err;
-                }
-            }
+                       if ( s->ctx->app_verify_cookie_cb != NULL)
+                               {
+                               if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
+                                       cookie_len) == 0)
+                                       {
+                                       al=SSL_AD_HANDSHAKE_FAILURE;
+                                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
+                                               SSL_R_COOKIE_MISMATCH);
+                                       goto f_err;
+                                       }
+                               /* else cookie verification succeeded */
+                               }
+                       else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, 
+                                                 s->d1->cookie_len) != 0) /* default verification */
+                               {
+                                       al=SSL_AD_HANDSHAKE_FAILURE;
+                                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
+                                               SSL_R_COOKIE_MISMATCH);
+                                       goto f_err;
+                               }
+                       }
  
-        p += cookie_len;
+               p += cookie_len;
                 }
  
         n2s(p,i);
@@ -872,8 +872,7 @@ int ssl3_get_client_hello(SSL *s)
                         if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
                                 {
                                 /* Very bad for multi-threading.... */
-                               s->session->cipher=sk_SSL_CIPHER_value(ciphers,
-                                                                      0);
+                               s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0);
                                 }
                         else
                                 {
diff --git a/ssl/ssl.h b/ssl/ssl.h

index 8d33ca6cb77aaf3264a7d648245dfe19845a9361..344f117fc2a9b76bab122c955cd6e555bb8d4779 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -376,14 +376,12 @@ typedef struct ssl_method_st
         int (*ssl_shutdown)(SSL *s);
         int (*ssl_renegotiate)(SSL *s);
         int (*ssl_renegotiate_check)(SSL *s);
-       /* -- begin DTLS -- */
         long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
                 max, int *ok);
         int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
                 int peek);
         int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
         int (*ssl_dispatch_alert)(SSL *s);
-       /* -- end DTLS -- */
         long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
         long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
         SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
@@ -1549,7 +1547,31 @@ void ERR_load_SSL_strings(void);
  #define SSL_F_CLIENT_HELLO                              101
  #define SSL_F_CLIENT_MASTER_KEY                                 102
  #define SSL_F_D2I_SSL_SESSION                           103
+#define SSL_F_DO_DTLS1_WRITE                            1003
  #define SSL_F_DO_SSL3_WRITE                             104
+#define SSL_F_DTLS1_ACCEPT                              1004
+#define SSL_F_DTLS1_BUFFER_RECORD                       1005
+#define SSL_F_DTLS1_CLIENT_HELLO                        1006
+#define SSL_F_DTLS1_CONNECT                             1007
+#define SSL_F_DTLS1_ENC                                         1008
+#define SSL_F_DTLS1_GET_HELLO_VERIFY                    1009
+#define SSL_F_DTLS1_GET_MESSAGE                                 1010
+#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                1011
+#define SSL_F_DTLS1_GET_RECORD                          1012
+#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                   1013
+#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE          1014
+#define SSL_F_DTLS1_PROCESS_RECORD                      1015
+#define SSL_F_DTLS1_READ_BYTES                          1016
+#define SSL_F_DTLS1_READ_FAILED                                 1001
+#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST            1017
+#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE             1018
+#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE            1019
+#define SSL_F_DTLS1_SEND_CLIENT_VERIFY                  1020
+#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST           1002
+#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE             1021
+#define SSL_F_DTLS1_SEND_SERVER_HELLO                   1022
+#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE            1023
+#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                1024
  #define SSL_F_GET_CLIENT_FINISHED                       105
  #define SSL_F_GET_CLIENT_HELLO                          106
  #define SSL_F_GET_CLIENT_MASTER_KEY                     107
@@ -1690,9 +1712,6 @@ void ERR_load_SSL_strings(void);
  #define SSL_F_TLS1_SETUP_KEY_BLOCK                      211
  #define SSL_F_WRITE_PENDING                             212
  
-#define SSL_F_DTLS1_READ_FAILED          1001
-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST    1002
-
  /* Reason codes. */
  #define SSL_R_APP_DATA_IN_HANDSHAKE                     100
  #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
@@ -1745,6 +1764,7 @@ void ERR_load_SSL_strings(void);
  #define SSL_R_COMPRESSION_LIBRARY_ERROR                         142
  #define SSL_R_CONNECTION_ID_IS_DIFFERENT                143
  #define SSL_R_CONNECTION_TYPE_NOT_SET                   144
+#define SSL_R_COOKIE_MISMATCH                           2002
  #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED             145
  #define SSL_R_DATA_LENGTH_TOO_LONG                      146
  #define SSL_R_DECRYPTION_FAILED                                 147
@@ -1836,6 +1856,7 @@ void ERR_load_SSL_strings(void);
  #define SSL_R_PUBLIC_KEY_IS_NOT_RSA                     209
  #define SSL_R_PUBLIC_KEY_NOT_RSA                        210
  #define SSL_R_READ_BIO_NOT_SET                          211
+#define SSL_R_READ_TIMEOUT_EXPIRED                      2001
  #define SSL_R_READ_WRONG_PACKET_TYPE                    212
  #define SSL_R_RECORD_LENGTH_MISMATCH                    213
  #define SSL_R_RECORD_TOO_LARGE                          214
@@ -1931,9 +1952,6 @@ void ERR_load_SSL_strings(void);
  #define SSL_R_X509_LIB                                  268
  #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS          269
  
-#define SSL_R_READ_TIMEOUT_EXPIRED              2001
-#define SSL_R_COOKIE_MISMATCH                   2002
-
  #ifdef  __cplusplus
  }
  #endif
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c

index 56e7864de0070e430bf0ccecc31ecaccb519147f..e8e0790bab31e334f85cb13eb78a8c062999fb8d 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -75,7 +75,31 @@ static ERR_STRING_DATA SSL_str_functs[]=
  {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
  {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY),    "CLIENT_MASTER_KEY"},
  {ERR_FUNC(SSL_F_D2I_SSL_SESSION),      "d2i_SSL_SESSION"},
+{ERR_FUNC(SSL_F_DO_DTLS1_WRITE),       "DO_DTLS1_WRITE"},
  {ERR_FUNC(SSL_F_DO_SSL3_WRITE),        "DO_SSL3_WRITE"},
+{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
+{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),  "DTLS1_BUFFER_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),   "DTLS1_CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_DTLS1_CONNECT),        "DTLS1_CONNECT"},
+{ERR_FUNC(SSL_F_DTLS1_ENC),    "DTLS1_ENC"},
+{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY),       "DTLS1_GET_HELLO_VERIFY"},
+{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE),    "DTLS1_GET_MESSAGE"},
+{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),   "DTLS1_GET_MESSAGE_FRAGMENT"},
+{ERR_FUNC(SSL_F_DTLS1_GET_RECORD),     "DTLS1_GET_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN),      "DTLS1_OUTPUT_CERT_CHAIN"},
+{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),     "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
+{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_READ_BYTES),     "DTLS1_READ_BYTES"},
+{ERR_FUNC(SSL_F_DTLS1_READ_FAILED),    "DTLS1_READ_FAILED"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),       "DTLS1_SEND_CERTIFICATE_REQUEST"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),        "DTLS1_SEND_CLIENT_CERTIFICATE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),       "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY),     "DTLS1_SEND_CLIENT_VERIFY"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),      "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE),        "DTLS1_SEND_SERVER_CERTIFICATE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO),      "DTLS1_SEND_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),       "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),   "DTLS1_WRITE_APP_DATA_BYTES"},
  {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED),  "GET_CLIENT_FINISHED"},
  {ERR_FUNC(SSL_F_GET_CLIENT_HELLO),     "GET_CLIENT_HELLO"},
  {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY),        "GET_CLIENT_MASTER_KEY"},
@@ -271,6 +295,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
  {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
  {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
  {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
+{ERR_REASON(SSL_R_COOKIE_MISMATCH)       ,"cookie mismatch"},
  {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
  {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  ,"data length too long"},
  {ERR_REASON(SSL_R_DECRYPTION_FAILED)     ,"decryption failed"},
@@ -362,6 +387,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
  {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
  {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
  {ERR_REASON(SSL_R_READ_BIO_NOT_SET)      ,"read bio not set"},
+{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED)  ,"read timeout expired"},
  {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
  {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
  {ERR_REASON(SSL_R_RECORD_TOO_LARGE)      ,"record too large"},
@@ -456,8 +482,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
  {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  ,"wrong version number"},
  {ERR_REASON(SSL_R_X509_LIB)              ,"x509 lib"},
  {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
-{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED)  ,"read timeout expired"},
-{ERR_REASON(SSL_R_COOKIE_MISMATCH)       ,"cookie mismatch"},
  {0,NULL}
         };
  
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 21d43b425433fa23c2f329116d12a4e6dcb9c8ae..687dad7c2f482c88a0391e213bffcd1e278d776f 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -622,7 +622,9 @@ long        ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
  long   ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
  int    ssl3_pending(const SSL *s);
  
-/* -- begin DTLS -- */
+void ssl3_record_sequence_update(unsigned char *seq);
+int ssl3_do_change_cipher_spec(SSL *ssl);
+
  int dtls1_do_write(SSL *s,int type);
  int ssl3_read_n(SSL *s, int n, int max, int extend);
  int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
@@ -635,7 +637,32 @@ unsigned char *dtls1_set_message_header(SSL *s,
         unsigned long frag_off, unsigned long frag_len);
  int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
  int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
-/* -- end DTLS -- */
+
+/* client functionality */
+int ssl3_client_hello(SSL *s);
+int ssl3_get_server_hello(SSL *s);
+int ssl3_get_certificate_request(SSL *s);
+int ssl3_get_server_done(SSL *s);
+int ssl3_send_client_verify(SSL *s);
+int ssl3_send_client_certificate(SSL *s);
+int ssl3_send_client_key_exchange(SSL *s);
+int ssl3_get_key_exchange(SSL *s);
+int ssl3_get_server_certificate(SSL *s);
+int ssl3_check_cert_and_algorithm(SSL *s);
+
+/* server functionality */
+int ssl3_get_client_hello(SSL *s);
+int ssl3_send_server_hello(SSL *s);
+int ssl3_send_hello_request(SSL *s);
+int ssl3_send_server_key_exchange(SSL *s);
+int ssl3_send_certificate_request(SSL *s);
+int ssl3_send_server_done(SSL *s);
+int ssl3_check_client_hello(SSL *s);
+int ssl3_get_client_certificate(SSL *s);
+int ssl3_get_client_key_exchange(SSL *s);
+int ssl3_get_cert_verify(SSL *s);
+
+
  
  int ssl23_accept(SSL *s);
  int ssl23_connect(SSL *s);
@@ -649,7 +676,6 @@ long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
  long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
  SSL_METHOD *tlsv1_base_method(void );
  
-/* -- start DTLS functions -- */
  int dtls1_new(SSL *s);
  int    dtls1_accept(SSL *s);
  int    dtls1_connect(SSL *s);
@@ -664,7 +690,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
         unsigned int len, int create_empty_fragement);
  int dtls1_dispatch_alert(SSL *s);
  int dtls1_enc(SSL *s, int snd);
-/* -- end DTLS functions -- */
  
  int ssl_init_wbio_buffer(SSL *s, int push);
  void ssl_free_wbio_buffer(SSL *s);
diff --git a/util/ck_errf.pl b/util/ck_errf.pl

index 7a24d6c5a2e2909b7d0aff27e876933636d3d428..2b571e2412fc83715538701f937441f9796dfddd 100755 (executable)
--- a/util/ck_errf.pl
+++ b/util/ck_errf.pl
@@ -13,9 +13,9 @@ foreach $file (@ARGV)
         $func="";
         while (<IN>)
                 {
-               if (/^[a-zA-Z].+[\s*]([A-Za-z_0-9]+)\(.*\)/)
+               if (!/;$/ && /^([a-zA-Z].+[\s*])?([A-Za-z_0-9]+)\(.*\)/)
                         {
-                       $func=$1;
+                       $func=$2;
                         $func =~ tr/A-Z/a-z/;
                         }
                 if (/([A-Z0-9]+)err\(([^,]+)/)
author	Bodo Möller <bodo@openssl.org>
	Tue, 26 Apr 2005 18:08:00 +0000 (18:08 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Tue, 26 Apr 2005 18:08:00 +0000 (18:08 +0000)
ssl/d1_both.c		patch \| blob \| history
ssl/d1_clnt.c		patch \| blob \| history
ssl/d1_enc.c		patch \| blob \| history
ssl/d1_pkt.c		patch \| blob \| history
ssl/d1_srvr.c		patch \| blob \| history
ssl/dtls1.h		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history
ssl/ssl.h		patch \| blob \| history
ssl/ssl_err.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history
util/ck_errf.pl		patch \| blob \| history