fix SSLerr stuff for DTLS1 code;
authorBodo Möller <bodo@openssl.org>
Tue, 26 Apr 2005 18:08:00 +0000 (18:08 +0000)
committerBodo Möller <bodo@openssl.org>
Tue, 26 Apr 2005 18:08:00 +0000 (18:08 +0000)
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)

ssl/d1_both.c
ssl/d1_clnt.c
ssl/d1_enc.c
ssl/d1_pkt.c
ssl/d1_srvr.c
ssl/dtls1.h
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_err.c
ssl/ssl_locl.h
util/ck_errf.pl

index fb98bf4..40d71e2 100644 (file)
@@ -324,8 +324,7 @@ int dtls1_do_write(SSL *s, int type)
  * Read an entire handshake message.  Handshake messages arrive in
  * fragments.
  */
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, 
-       int     *ok)
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        {
        int i, al;
 
@@ -337,7 +336,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max,
                if ((mt >= 0) && (s->s3->tmp.message_type != mt))
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                       SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+                       SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
                        goto f_err;
                        }
                *ok=1;
@@ -488,7 +487,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st *msg_hdr, int *ok)
     if ( (int)msg_hdr->frag_len && !BUF_MEM_grow_clean(s->init_buf, 
              (int)msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH + s->init_num))
         {
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
+        SSLerr(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE,ERR_R_BUF_LIB);
         goto err;
         }
 
@@ -519,7 +518,7 @@ err:
     }
 
 
-static long 
+static long
 dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
        {
        unsigned char *p;
@@ -573,7 +572,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
     if ( frag_off + frag_len > l)
         {
         al=SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
         goto f_err;
         }
 
@@ -598,7 +597,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
         else /* Incorrectly formated Hello request */
             {
             al=SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
+            SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
             goto f_err;
             }
         }
@@ -613,13 +612,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
                if (l > (INT_MAX-DTLS1_HM_HEADER_LENGTH)) 
                        {
                        al=SSL_AD_ILLEGAL_PARAMETER;
-                       SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                       SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
                        goto f_err;
                        }
                if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l
                        + DTLS1_HM_HEADER_LENGTH))
                        {
-                       SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
+                       SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB);
                        goto err;
                        }
         /* Only do this test when we're reading the expected message.
@@ -627,7 +626,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
         if ( l > (unsigned long)max)
                        {
                        al=SSL_AD_ILLEGAL_PARAMETER;
-                       SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                       SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
                        goto f_err;
                        }
 
@@ -637,20 +636,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
     if ( frag_len > (unsigned long)max)
         {
         al=SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
         goto f_err;
         }
     if ( frag_len + s->init_num > (INT_MAX - DTLS1_HM_HEADER_LENGTH))
         {
         al=SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
         goto f_err;
         }
 
     if ( frag_len & !BUF_MEM_grow_clean(s->init_buf, (int)frag_len 
              + DTLS1_HM_HEADER_LENGTH + s->init_num))
         {
-        SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB);
         goto err;
         }
 
@@ -842,14 +841,14 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
        buf=s->init_buf;
        if (!BUF_MEM_grow_clean(buf,10))
                {
-               SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+               SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                return(0);
                }
        if (x != NULL)
                {
                if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
                        {
-                       SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+                       SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
                        return(0);
                        }
 
@@ -858,7 +857,7 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
                        n=i2d_X509(x,NULL);
                        if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
                                {
-                               SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                               SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                                return(0);
                                }
                        p=(unsigned char *)&(buf->data[l]);
@@ -888,7 +887,7 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
                n=i2d_X509(x,NULL);
                if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
                        {
-                       SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                       SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                        return(0);
                        }
                p=(unsigned char *)&(buf->data[l]);
index c53eae1..d2340c8 100644 (file)
@@ -197,7 +197,7 @@ int dtls1_connect(SSL *s)
 
                        if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
                                {
-                               SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
                                ret = -1;
                                goto end;
                                }
@@ -499,7 +499,7 @@ int dtls1_connect(SSL *s)
                        /* break; */
                        
                default:
-                       SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
+                       SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
                        ret= -1;
                        goto end;
                        /* break; */
@@ -579,7 +579,7 @@ int dtls1_client_hello(SSL *s)
                        {
                        if (i > sizeof s->session->session_id)
                                {
-                               SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                                goto err;
                                }
                        memcpy(p,s->session->session_id,i);
@@ -589,7 +589,7 @@ int dtls1_client_hello(SSL *s)
                /* cookie stuff */
                if ( s->d1->cookie_len > sizeof(s->d1->cookie))
                        {
-                       SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                        goto err;
                        }
                *(p++) = s->d1->cookie_len;
@@ -600,7 +600,7 @@ int dtls1_client_hello(SSL *s)
                i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
                if (i == 0)
                        {
-                       SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                       SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
                        goto err;
                        }
                s2n(i,p);
@@ -665,7 +665,7 @@ static int dtls1_get_hello_verify(SSL *s)
 
        if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
                {
-               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
+               SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
                s->version=(s->version&0xff00)|data[1];
                al = SSL_AD_PROTOCOL_VERSION;
                goto f_err;
@@ -727,7 +727,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                                        (pkey->type != EVP_PKEY_RSA) ||
                                        (pkey->pkey.rsa == NULL))
                                        {
-                                       SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                                       SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
                                        goto err;
                                        }
                                rsa=pkey->pkey.rsa;
@@ -753,7 +753,7 @@ int dtls1_send_client_key_exchange(SSL *s)
 #endif
                        if (n <= 0)
                                {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
                                goto err;
                                }
 
@@ -816,7 +816,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                                 {
                                 ssl3_send_alert(s,SSL3_AL_FATAL,
                                                SSL_AD_HANDSHAKE_FAILURE);
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
                                                kssl_err.reason);
                                 goto err;
                                 }
@@ -883,7 +883,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                        outl += padl;
                        if (outl > sizeof epms)
                                {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                goto err;
                                }
                        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
@@ -914,19 +914,19 @@ int dtls1_send_client_key_exchange(SSL *s)
                                {
                                /* we get them from the cert */
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
                                goto err;
                                }
                        
                        /* generate a new random key */
                        if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
                                {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
                                goto err;
                                }
                        if (!DH_generate_key(dh_clnt))
                                {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
                                goto err;
                                }
 
@@ -937,7 +937,7 @@ int dtls1_send_client_key_exchange(SSL *s)
 
                        if (n <= 0)
                                {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
                                goto err;
                                }
 
@@ -962,7 +962,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                else
                        {
                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                       SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
                        goto err;
                        }
                
@@ -1021,7 +1021,7 @@ int dtls1_send_client_verify(SSL *s)
                                         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
                                        &(p[2]), &u, pkey->pkey.rsa) <= 0 )
                                {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
                                goto err;
                                }
                        s2n(u,p);
@@ -1037,7 +1037,7 @@ int dtls1_send_client_verify(SSL *s)
                                SHA_DIGEST_LENGTH,&(p[2]),
                                (unsigned int *)&j,pkey->pkey.dsa))
                                {
-                               SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
                                goto err;
                                }
                        s2n(j,p);
@@ -1046,7 +1046,7 @@ int dtls1_send_client_verify(SSL *s)
                else
 #endif
                        {
-                       SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
                        goto err;
                        }
 
@@ -1110,7 +1110,7 @@ int dtls1_send_client_certificate(SSL *s)
                else if (i == 1)
                        {
                        i=0;
-                       SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+                       SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
                        }
 
                if (x509 != NULL) X509_free(x509);
index 7b36964..42997ea 100644 (file)
@@ -217,7 +217,7 @@ int dtls1_enc(SSL *s, int send)
                        {
                        if (l == 0 || l%bs != 0)
                                {
-                               SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                               SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
                                return 0;
                                }
index c84e686..af71e38 100644 (file)
@@ -173,7 +173,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned long long priority)
                if (rdata != NULL) OPENSSL_free(rdata);
                if (item != NULL) pitem_free(item);
                
-               SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
+               SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
                return(0);
                }
        
@@ -348,7 +348,7 @@ dtls1_process_record(SSL *s)
        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
                {
                al=SSL_AD_RECORD_OVERFLOW;
-               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+               SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
                goto f_err;
                }
 
@@ -386,7 +386,7 @@ if (        (sess == NULL) ||
                        {
 #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
                        al=SSL_AD_RECORD_OVERFLOW;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
                        goto f_err;
 #else
                        goto decryption_failed_or_bad_record_mac;
@@ -397,7 +397,7 @@ if (        (sess == NULL) ||
                        {
 #if 0 /* OK only for stream ciphers */
                        al=SSL_AD_DECODE_ERROR;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
 #else
                        goto decryption_failed_or_bad_record_mac;
@@ -417,13 +417,13 @@ if (      (sess == NULL) ||
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
                        {
                        al=SSL_AD_RECORD_OVERFLOW;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
                        goto f_err;
                        }
                if (!ssl3_do_uncompress(s))
                        {
                        al=SSL_AD_DECOMPRESSION_FAILURE;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
+                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
                        goto f_err;
                        }
                }
@@ -431,7 +431,7 @@ if (        (sess == NULL) ||
        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
                {
                al=SSL_AD_RECORD_OVERFLOW;
-               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+               SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
                goto f_err;
                }
 
@@ -456,7 +456,7 @@ decryption_failed_or_bad_record_mac:
         * we should not reveal which kind of error occured -- this
         * might become visible to an attacker (e.g. via logfile) */
        al=SSL_AD_BAD_RECORD_MAC;
-       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
 f_err:
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
@@ -536,7 +536,7 @@ again:
                        {
                        if (version != s->version)
                                {
-                               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                               SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
                                /* Send back error using their
                                 * version number :-) */
                                s->version=version;
@@ -547,14 +547,14 @@ again:
 
                if ((version & 0xff00) != (DTLS1_VERSION & 0xff00))
                        {
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+                       SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
                        goto err;
                        }
 
                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
                        {
                        al=SSL_AD_RECORD_OVERFLOW;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+                       SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
                        goto f_err;
                        }
 
@@ -667,7 +667,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                (type != SSL3_RT_HANDSHAKE) && type) ||
            (peek && (type != SSL3_RT_APPLICATION_DATA)))
                {
-               SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+               SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
                return -1;
                }
 
@@ -684,7 +684,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                if (i < 0) return(i);
                if (i == 0)
                        {
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
                        return(-1);
                        }
                }
@@ -720,7 +720,7 @@ start:
                && (rr->type != SSL3_RT_HANDSHAKE))
                {
                al=SSL_AD_UNEXPECTED_MESSAGE;
-               SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+               SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
                goto err;
                }
 
@@ -742,7 +742,7 @@ start:
                        (s->enc_read_ctx == NULL))
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
                        goto f_err;
                        }
 
@@ -833,7 +833,7 @@ start:
                        (s->d1->handshake_fragment[3] != 0))
                        {
                        al=SSL_AD_DECODE_ERROR;
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
                        goto err;
                        }
 
@@ -854,7 +854,7 @@ start:
                                if (i < 0) return(i);
                                if (i == 0)
                                        {
-                                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
                                        return(-1);
                                        }
 
@@ -941,7 +941,7 @@ start:
 
                        s->rwstate=SSL_NOTHING;
                        s->s3->fatal_alert = alert_descr;
-                       SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
                        BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
                        ERR_add_error_data(2,"SSL alert number ",tmp);
                        s->shutdown|=SSL_RECEIVED_SHUTDOWN;
@@ -951,7 +951,7 @@ start:
                else
                        {
                        al=SSL_AD_ILLEGAL_PARAMETER;
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
                        goto f_err;
                        }
 
@@ -980,7 +980,7 @@ start:
                                (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
                                {
                                i=SSL_AD_ILLEGAL_PARAMETER;
-                               SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                               SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
                                goto err;
                                }
                        
@@ -1041,7 +1041,7 @@ start:
                if (i < 0) return(i);
                if (i == 0)
                        {
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
                        return(-1);
                        }
 
@@ -1076,7 +1076,7 @@ start:
                        }
 #endif
                al=SSL_AD_UNEXPECTED_MESSAGE;
-               SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+               SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
                goto f_err;
        case SSL3_RT_CHANGE_CIPHER_SPEC:
        case SSL3_RT_ALERT:
@@ -1085,7 +1085,7 @@ start:
                 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
                 * should not happen when type != rr->type */
                al=SSL_AD_UNEXPECTED_MESSAGE;
-               SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
+               SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
                goto f_err;
        case SSL3_RT_APPLICATION_DATA:
                /* At this point, we were expecting handshake data,
@@ -1114,7 +1114,7 @@ start:
                else
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
-                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
                        goto f_err;
                        }
                }
@@ -1138,7 +1138,7 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
                if (i < 0) return(i);
                if (i == 0)
                        {
-                       SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+                       SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
                        return -1;
                        }
                }
@@ -1251,8 +1251,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)
        return tot + i;
        }
 
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-       unsigned int len, int create_empty_fragment)
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
        {
        unsigned char *p,*pseq;
        int i,mac_size,clear=0;
@@ -1319,7 +1318,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
                        if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
                                {
                                /* insufficient space */
-                               SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
                                goto err;
                                }
                        }
@@ -1365,7 +1364,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
                {
                if (!ssl3_do_compress(s))
                        {
-                       SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
+                       SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
                        goto err;
                        }
                }
index 81c1790..c4118bb 100644 (file)
@@ -180,7 +180,7 @@ int dtls1_accept(SSL *s)
 
        if (s->cert == NULL)
                {
-               SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
+               SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
                return(-1);
                }
 
@@ -204,7 +204,7 @@ int dtls1_accept(SSL *s)
 
                        if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
                                {
-                               SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
                                return -1;
                                }
                        s->type=SSL_ST_ACCEPT;
@@ -569,7 +569,7 @@ int dtls1_accept(SSL *s)
                        /* break; */
 
                default:
-                       SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
+                       SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
                        ret= -1;
                        goto end;
                        /* break; */
@@ -707,7 +707,7 @@ int dtls1_send_server_hello(SSL *s)
                sl=s->session->session_id_length;
                if (sl > sizeof s->session->session_id)
                        {
-                       SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
                        return -1;
                        }
                *(p++)=sl;
@@ -812,7 +812,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                if(rsa == NULL)
                                {
                                        al=SSL_AD_HANDSHAKE_FAILURE;
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+                                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
                                        goto f_err;
                                }
                                RSA_up_ref(rsa);
@@ -821,7 +821,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                        if (rsa == NULL)
                                {
                                al=SSL_AD_HANDSHAKE_FAILURE;
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
                                goto f_err;
                                }
                        r[0]=rsa->n;
@@ -841,20 +841,20 @@ int dtls1_send_server_key_exchange(SSL *s)
                        if (dhp == NULL)
                                {
                                al=SSL_AD_HANDSHAKE_FAILURE;
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
                                goto f_err;
                                }
 
                        if (s->s3->tmp.dh != NULL)
                                {
                                DH_free(dh);
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                goto err;
                                }
 
                        if ((dh=DHparams_dup(dhp)) == NULL)
                                {
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
                                goto err;
                                }
 
@@ -865,7 +865,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                {
                                if(!DH_generate_key(dh))
                                    {
-                                   SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                                   SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
                                           ERR_R_DH_LIB);
                                    goto err;
                                    }
@@ -877,7 +877,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                if ((dh->pub_key == NULL) ||
                                        (dh->priv_key == NULL))
                                        {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
+                                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
                                        goto err;
                                        }
                                }
@@ -889,7 +889,7 @@ int dtls1_send_server_key_exchange(SSL *s)
 #endif
                        {
                        al=SSL_AD_HANDSHAKE_FAILURE;
-                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
                        goto f_err;
                        }
                for (i=0; r[i] != NULL; i++)
@@ -916,7 +916,7 @@ int dtls1_send_server_key_exchange(SSL *s)
 
                if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
                        {
-                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
                        goto err;
                        }
                d=(unsigned char *)s->init_buf->data;
@@ -955,7 +955,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                if (RSA_sign(NID_md5_sha1, md_buf, j,
                                        &(p[2]), &u, pkey->pkey.rsa) <= 0)
                                        {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
+                                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
                                        goto err;
                                        }
                                s2n(u,p);
@@ -974,7 +974,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                if (!EVP_SignFinal(&md_ctx,&(p[2]),
                                        (unsigned int *)&i,pkey))
                                        {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
+                                       SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
                                        goto err;
                                        }
                                s2n(i,p);
@@ -985,7 +985,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                                {
                                /* Is this error check actually needed? */
                                al=SSL_AD_HANDSHAKE_FAILURE;
-                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
+                               SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
                                goto f_err;
                                }
                        }
@@ -1047,7 +1047,7 @@ int dtls1_send_certificate_request(SSL *s)
                                j=i2d_X509_NAME(name,NULL);
                                if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
                                        {
-                                       SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+                                       SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
                                        goto err;
                                        }
                                p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
@@ -1122,7 +1122,7 @@ int dtls1_send_server_certificate(SSL *s)
                                 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
                         != (SSL_aKRB5|SSL_kKRB5))
                        {
-                       SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
                        return(0);
                        }
 
index e3b6ad5..e83201e 100644 (file)
@@ -67,8 +67,6 @@
 extern "C" {
 #endif
 
-#define DTLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES  1
-
 #define DTLS1_VERSION                  0x0100
 #define DTLS1_VERSION_MAJOR            0x01
 #define DTLS1_VERSION_MINOR            0x00
@@ -104,7 +102,7 @@ struct hm_header_st
        unsigned short seq;
        unsigned long frag_off;
        unsigned long frag_len;
-    unsigned int is_ccs;
+       unsigned int is_ccs;
        };
 
 struct ccs_header_st
@@ -126,16 +124,16 @@ struct dtls1_timeout_st
        };
 
 typedef struct record_pqueue_st
-    {
-    unsigned short epoch;
-    pqueue q;
-    } record_pqueue;
+       {
+       unsigned short epoch;
+       pqueue q;
+       } record_pqueue;
 
 typedef struct hm_fragment_st
-    {
-    struct hm_header_st msg_header;
-    unsigned char *fragment;
-    } hm_fragment;
+       {
+       struct hm_header_st msg_header;
+       unsigned char *fragment;
+       } hm_fragment;
 
 typedef struct dtls1_state_st
        {
@@ -164,15 +162,15 @@ typedef struct dtls1_state_st
 
        unsigned short handshake_read_seq;
 
-    /* only matters for handshake messages */  
+       /* only matters for handshake messages */  
        unsigned long long next_expected_seq_num; 
 
        /* Received handshake records (processed and unprocessed) */
        record_pqueue unprocessed_rcds;
-    record_pqueue processed_rcds;
+       record_pqueue processed_rcds;
 
-    /* Buffered handshake messages */
-    pqueue buffered_messages;
+       /* Buffered handshake messages */
+       pqueue buffered_messages;
 
        /* Buffered (sent) handshake records */
        pqueue sent_messages;
index ff2fd30..cd0cc81 100644 (file)
@@ -767,60 +767,60 @@ int ssl3_get_client_hello(SSL *s)
                /* cookie stuff */
                cookie_len = *(p++);
 
-        if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
-            s->d1->send_cookie == 0)
-            {
-            /* HelloVerifyMessage has already been sent */
-            if ( cookie_len != s->d1->cookie_len)
-                {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
-                goto f_err;
-                }
-            }
+               if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+                       s->d1->send_cookie == 0)
+                       {
+                       /* HelloVerifyMessage has already been sent */
+                       if ( cookie_len != s->d1->cookie_len)
+                               {
+                               al = SSL_AD_HANDSHAKE_FAILURE;
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+                               goto f_err;
+                               }
+                       }
 
-        /* 
-         * The ClientHello may contain a cookie even if the
-         * HelloVerify message has not been sent--make sure that it
-         * does not cause an overflow.
-         */
+               /* 
+                * The ClientHello may contain a cookie even if the
+                * HelloVerify message has not been sent--make sure that it
+                * does not cause an overflow.
+                */
                if ( cookie_len > sizeof(s->d1->rcvd_cookie))
                        {
                        /* too much data */
-            al = SSL_AD_DECODE_ERROR;
+                       al = SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
                        goto f_err;
                        }
 
-        /* verify the cookie if appropriate option is set. */
-        if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
-            cookie_len > 0)
-            {
-            memcpy(s->d1->rcvd_cookie, p, cookie_len);
+               /* verify the cookie if appropriate option is set. */
+               if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+                       cookie_len > 0)
+                       {
+                       memcpy(s->d1->rcvd_cookie, p, cookie_len);
 
-            if ( s->ctx->app_verify_cookie_cb != NULL)
-                {
-                if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
-                    cookie_len) == 0)
-                    {
-                    al=SSL_AD_HANDSHAKE_FAILURE;
-                    SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
-                        SSL_R_COOKIE_MISMATCH);
-                    goto f_err;
-                    }
-                /* else cookie verification succeeded */
-                }
-            else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, 
-                          s->d1->cookie_len) != 0) /* default verification */
-                {
-                    al=SSL_AD_HANDSHAKE_FAILURE;
-                    SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
-                        SSL_R_COOKIE_MISMATCH);
-                    goto f_err;
-                }
-            }
+                       if ( s->ctx->app_verify_cookie_cb != NULL)
+                               {
+                               if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
+                                       cookie_len) == 0)
+                                       {
+                                       al=SSL_AD_HANDSHAKE_FAILURE;
+                                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
+                                               SSL_R_COOKIE_MISMATCH);
+                                       goto f_err;
+                                       }
+                               /* else cookie verification succeeded */
+                               }
+                       else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, 
+                                                 s->d1->cookie_len) != 0) /* default verification */
+                               {
+                                       al=SSL_AD_HANDSHAKE_FAILURE;
+                                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
+                                               SSL_R_COOKIE_MISMATCH);
+                                       goto f_err;
+                               }
+                       }
 
-        p += cookie_len;
+               p += cookie_len;
                }
 
        n2s(p,i);
@@ -872,8 +872,7 @@ int ssl3_get_client_hello(SSL *s)
                        if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
                                {
                                /* Very bad for multi-threading.... */
-                               s->session->cipher=sk_SSL_CIPHER_value(ciphers,
-                                                                      0);
+                               s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0);
                                }
                        else
                                {
index 8d33ca6..344f117 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -376,14 +376,12 @@ typedef struct ssl_method_st
        int (*ssl_shutdown)(SSL *s);
        int (*ssl_renegotiate)(SSL *s);
        int (*ssl_renegotiate_check)(SSL *s);
-       /* -- begin DTLS -- */
        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
                max, int *ok);
        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
                int peek);
        int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
        int (*ssl_dispatch_alert)(SSL *s);
-       /* -- end DTLS -- */
        long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
        long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
        SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
@@ -1549,7 +1547,31 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_CLIENT_HELLO                              101
 #define SSL_F_CLIENT_MASTER_KEY                                 102
 #define SSL_F_D2I_SSL_SESSION                           103
+#define SSL_F_DO_DTLS1_WRITE                            1003
 #define SSL_F_DO_SSL3_WRITE                             104
+#define SSL_F_DTLS1_ACCEPT                              1004
+#define SSL_F_DTLS1_BUFFER_RECORD                       1005
+#define SSL_F_DTLS1_CLIENT_HELLO                        1006
+#define SSL_F_DTLS1_CONNECT                             1007
+#define SSL_F_DTLS1_ENC                                         1008
+#define SSL_F_DTLS1_GET_HELLO_VERIFY                    1009
+#define SSL_F_DTLS1_GET_MESSAGE                                 1010
+#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                1011
+#define SSL_F_DTLS1_GET_RECORD                          1012
+#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                   1013
+#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE          1014
+#define SSL_F_DTLS1_PROCESS_RECORD                      1015
+#define SSL_F_DTLS1_READ_BYTES                          1016
+#define SSL_F_DTLS1_READ_FAILED                                 1001
+#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST            1017
+#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE             1018
+#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE            1019
+#define SSL_F_DTLS1_SEND_CLIENT_VERIFY                  1020
+#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST           1002
+#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE             1021
+#define SSL_F_DTLS1_SEND_SERVER_HELLO                   1022
+#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE            1023
+#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                1024
 #define SSL_F_GET_CLIENT_FINISHED                       105
 #define SSL_F_GET_CLIENT_HELLO                          106
 #define SSL_F_GET_CLIENT_MASTER_KEY                     107
@@ -1690,9 +1712,6 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_TLS1_SETUP_KEY_BLOCK                      211
 #define SSL_F_WRITE_PENDING                             212
 
-#define SSL_F_DTLS1_READ_FAILED          1001
-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST    1002
-
 /* Reason codes. */
 #define SSL_R_APP_DATA_IN_HANDSHAKE                     100
 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
@@ -1745,6 +1764,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_COMPRESSION_LIBRARY_ERROR                         142
 #define SSL_R_CONNECTION_ID_IS_DIFFERENT                143
 #define SSL_R_CONNECTION_TYPE_NOT_SET                   144
+#define SSL_R_COOKIE_MISMATCH                           2002
 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED             145
 #define SSL_R_DATA_LENGTH_TOO_LONG                      146
 #define SSL_R_DECRYPTION_FAILED                                 147
@@ -1836,6 +1856,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_PUBLIC_KEY_IS_NOT_RSA                     209
 #define SSL_R_PUBLIC_KEY_NOT_RSA                        210
 #define SSL_R_READ_BIO_NOT_SET                          211
+#define SSL_R_READ_TIMEOUT_EXPIRED                      2001
 #define SSL_R_READ_WRONG_PACKET_TYPE                    212
 #define SSL_R_RECORD_LENGTH_MISMATCH                    213
 #define SSL_R_RECORD_TOO_LARGE                          214
@@ -1931,9 +1952,6 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_X509_LIB                                  268
 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS          269
 
-#define SSL_R_READ_TIMEOUT_EXPIRED              2001
-#define SSL_R_COOKIE_MISMATCH                   2002
-
 #ifdef  __cplusplus
 }
 #endif
index 56e7864..e8e0790 100644 (file)
@@ -75,7 +75,31 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY),    "CLIENT_MASTER_KEY"},
 {ERR_FUNC(SSL_F_D2I_SSL_SESSION),      "d2i_SSL_SESSION"},
+{ERR_FUNC(SSL_F_DO_DTLS1_WRITE),       "DO_DTLS1_WRITE"},
 {ERR_FUNC(SSL_F_DO_SSL3_WRITE),        "DO_SSL3_WRITE"},
+{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
+{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),  "DTLS1_BUFFER_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),   "DTLS1_CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_DTLS1_CONNECT),        "DTLS1_CONNECT"},
+{ERR_FUNC(SSL_F_DTLS1_ENC),    "DTLS1_ENC"},
+{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY),       "DTLS1_GET_HELLO_VERIFY"},
+{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE),    "DTLS1_GET_MESSAGE"},
+{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),   "DTLS1_GET_MESSAGE_FRAGMENT"},
+{ERR_FUNC(SSL_F_DTLS1_GET_RECORD),     "DTLS1_GET_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN),      "DTLS1_OUTPUT_CERT_CHAIN"},
+{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),     "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
+{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_READ_BYTES),     "DTLS1_READ_BYTES"},
+{ERR_FUNC(SSL_F_DTLS1_READ_FAILED),    "DTLS1_READ_FAILED"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),       "DTLS1_SEND_CERTIFICATE_REQUEST"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),        "DTLS1_SEND_CLIENT_CERTIFICATE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),       "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY),     "DTLS1_SEND_CLIENT_VERIFY"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),      "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE),        "DTLS1_SEND_SERVER_CERTIFICATE"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO),      "DTLS1_SEND_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),       "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),   "DTLS1_WRITE_APP_DATA_BYTES"},
 {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED),  "GET_CLIENT_FINISHED"},
 {ERR_FUNC(SSL_F_GET_CLIENT_HELLO),     "GET_CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY),        "GET_CLIENT_MASTER_KEY"},
@@ -271,6 +295,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
 {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
 {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
+{ERR_REASON(SSL_R_COOKIE_MISMATCH)       ,"cookie mismatch"},
 {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
 {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  ,"data length too long"},
 {ERR_REASON(SSL_R_DECRYPTION_FAILED)     ,"decryption failed"},
@@ -362,6 +387,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
 {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
 {ERR_REASON(SSL_R_READ_BIO_NOT_SET)      ,"read bio not set"},
+{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED)  ,"read timeout expired"},
 {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
 {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
 {ERR_REASON(SSL_R_RECORD_TOO_LARGE)      ,"record too large"},
@@ -456,8 +482,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  ,"wrong version number"},
 {ERR_REASON(SSL_R_X509_LIB)              ,"x509 lib"},
 {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
-{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED)  ,"read timeout expired"},
-{ERR_REASON(SSL_R_COOKIE_MISMATCH)       ,"cookie mismatch"},
 {0,NULL}
        };
 
index 21d43b4..687dad7 100644 (file)
@@ -622,7 +622,9 @@ long        ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
 long   ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
 int    ssl3_pending(const SSL *s);
 
-/* -- begin DTLS -- */
+void ssl3_record_sequence_update(unsigned char *seq);
+int ssl3_do_change_cipher_spec(SSL *ssl);
+
 int dtls1_do_write(SSL *s,int type);
 int ssl3_read_n(SSL *s, int n, int max, int extend);
 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
@@ -635,7 +637,32 @@ unsigned char *dtls1_set_message_header(SSL *s,
        unsigned long frag_off, unsigned long frag_len);
 int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
 int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
-/* -- end DTLS -- */
+
+/* client functionality */
+int ssl3_client_hello(SSL *s);
+int ssl3_get_server_hello(SSL *s);
+int ssl3_get_certificate_request(SSL *s);
+int ssl3_get_server_done(SSL *s);
+int ssl3_send_client_verify(SSL *s);
+int ssl3_send_client_certificate(SSL *s);
+int ssl3_send_client_key_exchange(SSL *s);
+int ssl3_get_key_exchange(SSL *s);
+int ssl3_get_server_certificate(SSL *s);
+int ssl3_check_cert_and_algorithm(SSL *s);
+
+/* server functionality */
+int ssl3_get_client_hello(SSL *s);
+int ssl3_send_server_hello(SSL *s);
+int ssl3_send_hello_request(SSL *s);
+int ssl3_send_server_key_exchange(SSL *s);
+int ssl3_send_certificate_request(SSL *s);
+int ssl3_send_server_done(SSL *s);
+int ssl3_check_client_hello(SSL *s);
+int ssl3_get_client_certificate(SSL *s);
+int ssl3_get_client_key_exchange(SSL *s);
+int ssl3_get_cert_verify(SSL *s);
+
+
 
 int ssl23_accept(SSL *s);
 int ssl23_connect(SSL *s);
@@ -649,7 +676,6 @@ long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
 long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
 SSL_METHOD *tlsv1_base_method(void );
 
-/* -- start DTLS functions -- */
 int dtls1_new(SSL *s);
 int    dtls1_accept(SSL *s);
 int    dtls1_connect(SSL *s);
@@ -664,7 +690,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
        unsigned int len, int create_empty_fragement);
 int dtls1_dispatch_alert(SSL *s);
 int dtls1_enc(SSL *s, int snd);
-/* -- end DTLS functions -- */
 
 int ssl_init_wbio_buffer(SSL *s, int push);
 void ssl_free_wbio_buffer(SSL *s);
index 7a24d6c..2b571e2 100755 (executable)
@@ -13,9 +13,9 @@ foreach $file (@ARGV)
        $func="";
        while (<IN>)
                {
-               if (/^[a-zA-Z].+[\s*]([A-Za-z_0-9]+)\(.*\)/)
+               if (!/;$/ && /^([a-zA-Z].+[\s*])?([A-Za-z_0-9]+)\(.*\)/)
                        {
-                       $func=$1;
+                       $func=$2;
                        $func =~ tr/A-Z/a-z/;
                        }
                if (/([A-Z0-9]+)err\(([^,]+)/)