* Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
*/
- unsigned long session_cache_size;
+ size_t session_cache_size;
struct ssl_session_st *session_cache_head;
struct ssl_session_st *session_cache_tail;
/*
uint32_t mode;
int min_proto_version;
int max_proto_version;
- long max_cert_list;
+ size_t max_cert_list;
struct cert_st /* CERT */ *cert;
int read_ahead;
* format.
*/
unsigned char *alpn_client_proto_list;
- unsigned alpn_client_proto_list_len;
+ size_t alpn_client_proto_list_len;
/* Shared DANE context */
struct dane_ctx_st dane;
uint32_t mode;
int min_proto_version;
int max_proto_version;
- long max_cert_list;
+ size_t max_cert_list;
int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */
int client_version;
* the Finished message.
*/
unsigned char *next_proto_negotiated;
- unsigned char next_proto_negotiated_len;
+ size_t next_proto_negotiated_len;
# endif
# define session_ctx initial_ctx
/* What we'll do */
* format.
*/
unsigned char *alpn_client_proto_list;
- unsigned alpn_client_proto_list_len;
+ size_t alpn_client_proto_list_len;
/*-
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake
struct {
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
- int finish_md_len;
+ size_t finish_md_len;
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
- int peer_finish_md_len;
+ size_t peer_finish_md_len;
size_t message_size;
int message_type;
/* used to hold the new cipher we are going to use */
/* Connection binding to prevent renegotiation attacks */
unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_client_finished_len;
+ size_t previous_client_finished_len;
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_server_finished_len;
+ size_t previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
# ifndef OPENSSL_NO_NEXTPROTONEG
typedef struct dtls1_state_st {
unsigned char cookie[DTLS1_COOKIE_LENGTH];
- unsigned int cookie_len;
+ size_t cookie_len;
unsigned int cookie_verified;
/* handshake message numbers */
unsigned short handshake_write_seq;
int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
size_t, size_t *);
int (*change_cipher_state) (SSL *, int);
- int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
+ size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *);
int finish_mac_length;
const char *client_finished_label;
int client_finished_label_len;
void ssl_sort_cipher_list(void);
void ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
- int len);
+ size_t len);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms);
__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl);
__owur int ssl3_dispatch_alert(SSL *s);
-__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
- unsigned char *p);
+__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen,
+ unsigned char *p);
__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len);
void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
__owur int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
- unsigned char cookie_len);
+ size_t cookie_len);
__owur int dtls1_send_newsession_ticket(SSL *s);
__owur size_t dtls1_min_mtu(SSL *s);
void dtls1_hm_fragment_free(hm_fragment *frag);
__owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
-__owur int tls1_final_finish_mac(SSL *s,
- const char *str, int slen, unsigned char *p);
+__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
+ unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, size_t len,
size_t *secret_size);