* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN);
* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPTION_FAILED);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_RECORD_OVERFLOW);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_UNKNOWN_CA);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_ACCESS_DENIED);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECODE_ERROR);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPT_ERROR);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_EXPORT_RESTRICION);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_PROTOCOL_VERSION);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INTERNAL_ERROR);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_USER_CANCLED);
+ * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_NO_RENEGOTIATION);
*/
#ifndef NOPROTO
-static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len);
-static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len);
+static int do_ssl3_write(SSL *s, int type, const char *buf, unsigned int len);
+static int ssl3_write_pending(SSL *s, int type, const char *buf,
+ unsigned int len);
static int ssl3_get_record(SSL *s);
static int do_compress(SSL *ssl);
static int do_uncompress(SSL *ssl);
static int do_change_cipher_spec();
#endif
-static int ssl3_read_n(s,n,max,extend)
-SSL *s;
-int n;
-int max;
-int extend;
+static int ssl3_read_n(SSL *s, int n, int max, int extend)
{
int i,off,newb;
* ssl->s3->rrec.data, - data
* ssl->s3->rrec.length, - number of bytes
*/
-static int ssl3_get_record(s)
-SSL *s;
+static int ssl3_get_record(SSL *s)
{
- char tmp_buf[512];
int ssl_major,ssl_minor,al;
int n,i,ret= -1;
SSL3_BUFFER *rb;
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
- memcpy(tmp_buf,rr->input,(rr->length > 512)?512:rr->length);
if (!s->method->ssl3_enc->enc(s,0))
{
}
#ifdef TLS_DEBUG
printf("dec %d\n",rr->length);
-{ int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
printf("\n");
#endif
/* r->length is now the compressed data plus mac */
}
/* r->length is now just compressed */
- if ((sess != NULL) && (sess->read_compression != NULL))
+ if (s->expand != NULL)
{
if (rr->length >
(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
return(ret);
}
-static int do_uncompress(ssl)
-SSL *ssl;
+static int do_uncompress(SSL *ssl)
{
+ int i;
+ SSL3_RECORD *rr;
+
+ rr= &(ssl->s3->rrec);
+ i=COMP_expand_block(ssl->expand,rr->comp,
+ SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
+ if (i < 0)
+ return(0);
+ else
+ rr->length=i;
+ rr->data=rr->comp;
+
return(1);
}
-static int do_compress(ssl)
-SSL *ssl;
+static int do_compress(SSL *ssl)
{
+ int i;
+ SSL3_RECORD *wr;
+
+ wr= &(ssl->s3->wrec);
+ i=COMP_compress_block(ssl->compress,wr->data,
+ SSL3_RT_MAX_COMPRESSED_LENGTH,
+ wr->input,(int)wr->length);
+ if (i < 0)
+ return(0);
+ else
+ wr->length=i;
+
+ wr->input=wr->data;
return(1);
}
/* Call this to write data
* It will return <= 0 if not all data has been sent or non-blocking IO.
*/
-int ssl3_write_bytes(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-int len;
+int ssl3_write_bytes(SSL *s, int type, const char *buf, int len)
{
unsigned int tot,n,nw;
int i;
}
if (type == SSL3_RT_HANDSHAKE)
- ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i);
+ ssl3_finish_mac(s,&(buf[tot]),i);
if (i == (int)n) return(tot+i);
}
}
-static int do_ssl3_write(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-unsigned int len;
+static int do_ssl3_write(SSL *s, int type, const char *buf,
+ unsigned int len)
{
unsigned char *p,*plen;
int i,mac_size,clear=0;
* wr->data */
/* first we compress */
- if ((sess != NULL) && (sess->write_compression != NULL))
+ if (s->compress != NULL)
{
if (!do_compress(s))
{
}
/* if s->s3->wbuf.left != 0, we need to call this */
-static int ssl3_write_pending(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-unsigned int len;
+static int ssl3_write_pending(SSL *s, int type, const char *buf,
+ unsigned int len)
{
int i;
}
}
-int ssl3_read_bytes(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-int len;
+int ssl3_read_bytes(SSL *s, int type, char *buf, int len)
{
int al,i,j,n,ret;
SSL3_RECORD *rr;
void (*cb)()=NULL;
BIO *bio;
- if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
+ if (s->s3->rbuf.buf == NULL) /* Not initialize yet */
if (!ssl3_setup_buffers(s))
return(-1);
s->rwstate=SSL_NOTHING;
s->s3->fatal_alert=n;
- SSLerr(SSL_F_SSL3_READ_BYTES,1000+n);
+ SSLerr(SSL_F_SSL3_READ_BYTES,
+ SSL_AD_REASON_OFFSET+n);
sprintf(tmp,"%d",n);
ERR_add_error_data(2,"SSL alert number ",tmp);
s->shutdown|=SSL_RECEIVED_SHUTDOWN;
if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
{
- s->state=SSL_ST_BEFORE;
+ s->state=SSL_ST_BEFORE|(s->server)
+ ?SSL_ST_ACCEPT
+ :SSL_ST_CONNECT;
s->new_session=1;
}
n=s->handshake_func(s);
}
if (type == SSL3_RT_HANDSHAKE)
- ssl3_finish_mac(s,(unsigned char *)buf,n);
+ ssl3_finish_mac(s,buf,n);
return(n);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
return(-1);
}
-static int do_change_cipher_spec(s)
-SSL *s;
+static int do_change_cipher_spec(SSL *s)
{
int i;
unsigned char *sender;
return(1);
}
-int ssl3_do_write(s,type)
-SSL *s;
-int type;
+int ssl3_do_write(SSL *s, int type)
{
int ret;
return(0);
}
-void ssl3_send_alert(s,level,desc)
-SSL *s;
-int level;
-int desc;
+void ssl3_send_alert(SSL *s, int level, int desc)
{
/* Map tls/ssl alert value to correct one */
desc=s->method->ssl3_enc->alert_value(desc);
* some time in the future */
}
-int ssl3_dispatch_alert(s)
-SSL *s;
+int ssl3_dispatch_alert(SSL *s)
{
int i,j;
void (*cb)()=NULL;
projects / openssl.git / blobdiff