struct ssl_session_st {
int ssl_version; /* what ssl version session info is being kept
* in here? */
- int master_key_length;
+ size_t master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */
- unsigned int session_id_length;
+ size_t session_id_length;
unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
/*
* this is used to determine whether the session is being reused in the
* appropriate context. It is up to the application to set this, via
* SSL_new
*/
- unsigned int sid_ctx_length;
+ size_t sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
# ifndef OPENSSL_NO_PSK
char *psk_identity_hint;
* Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
*/
- unsigned long session_cache_size;
+ size_t session_cache_size;
struct ssl_session_st *session_cache_head;
struct ssl_session_st *session_cache_tail;
/*
uint32_t mode;
int min_proto_version;
int max_proto_version;
- long max_cert_list;
+ size_t max_cert_list;
struct cert_st /* CERT */ *cert;
int read_ahead;
void *msg_callback_arg;
uint32_t verify_mode;
- unsigned int sid_ctx_length;
+ size_t sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* called 'verify_callback' in the SSL */
int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
* format.
*/
unsigned char *alpn_client_proto_list;
- unsigned alpn_client_proto_list_len;
+ size_t alpn_client_proto_list_len;
/* Shared DANE context */
struct dane_ctx_st dane;
* the session_id_context is used to ensure sessions are only reused in
* the appropriate context
*/
- unsigned int sid_ctx_length;
+ size_t sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This can also be in the session once a session is established */
SSL_SESSION *session;
uint32_t mode;
int min_proto_version;
int max_proto_version;
- long max_cert_list;
+ size_t max_cert_list;
int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */
int client_version;
* the Finished message.
*/
unsigned char *next_proto_negotiated;
- unsigned char next_proto_negotiated_len;
+ size_t next_proto_negotiated_len;
# endif
# define session_ctx initial_ctx
/* What we'll do */
* format.
*/
unsigned char *alpn_client_proto_list;
- unsigned alpn_client_proto_list_len;
+ size_t alpn_client_proto_list_len;
/*-
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake
typedef struct ssl3_state_st {
long flags;
- int read_mac_secret_size;
+ size_t read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
- int write_mac_secret_size;
+ size_t write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
unsigned char server_random[SSL3_RANDOM_SIZE];
unsigned char client_random[SSL3_RANDOM_SIZE];
struct {
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
- int finish_md_len;
+ size_t finish_md_len;
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
- int peer_finish_md_len;
+ size_t peer_finish_md_len;
size_t message_size;
int message_type;
/* used to hold the new cipher we are going to use */
int ctype_num;
char ctype[SSL3_CT_NUMBER];
STACK_OF(X509_NAME) *ca_names;
- int key_block_length;
+ size_t key_block_length;
unsigned char *key_block;
const EVP_CIPHER *new_sym_enc;
const EVP_MD *new_hash;
int new_mac_pkey_type;
- int new_mac_secret_size;
+ size_t new_mac_secret_size;
# ifndef OPENSSL_NO_COMP
const SSL_COMP *new_compression;
# else
/* Connection binding to prevent renegotiation attacks */
unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_client_finished_len;
+ size_t previous_client_finished_len;
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_server_finished_len;
+ size_t previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
# ifndef OPENSSL_NO_NEXTPROTONEG
typedef struct dtls1_state_st {
unsigned char cookie[DTLS1_COOKIE_LENGTH];
- unsigned int cookie_len;
+ size_t cookie_len;
unsigned int cookie_verified;
/* handshake message numbers */
unsigned short handshake_write_seq;
int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int);
int (*setup_key_block) (SSL *);
int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
- int);
+ size_t, size_t *);
int (*change_cipher_state) (SSL *, int);
- int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
+ size_t (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
int finish_mac_length;
const char *client_finished_label;
int client_finished_label_len;
void ssl_update_cache(SSL *s, int mode);
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
- int *mac_secret_size, SSL_COMP **comp,
+ size_t *mac_secret_size, SSL_COMP **comp,
int use_etm);
__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
size_t *int_overhead, size_t *blocksize,
__owur int ssl3_do_write(SSL *s, int type);
int ssl3_send_alert(SSL *s, int level, int desc);
__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
- unsigned char *p, int len);
+ unsigned char *p, size_t len,
+ size_t *secret_size);
__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt);
__owur int ssl3_num_ciphers(void);
__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl);
__owur int ssl3_dispatch_alert(SSL *s);
-__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
- unsigned char *p);
+__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+ unsigned char *p);
__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len);
void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
__owur int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
- unsigned char cookie_len);
+ size_t cookie_len);
__owur int dtls1_send_newsession_ticket(SSL *s);
__owur size_t dtls1_min_mtu(SSL *s);
void dtls1_hm_fragment_free(hm_fragment *frag);
__owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
-__owur int tls1_final_finish_mac(SSL *s,
- const char *str, int slen, unsigned char *p);
+__owur size_t tls1_final_finish_mac(SSL *s, const char *str, int slen,
+ unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
- unsigned char *p, int len);
+ unsigned char *p, size_t len,
+ size_t *secret_size);
__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *p, size_t plen,
__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
-__owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);
+__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
+ size_t *hashlen);
__owur const EVP_MD *ssl_md(int idx);
__owur const EVP_MD *ssl_handshake_md(SSL *s);
__owur const EVP_MD *ssl_prf_md(SSL *s);