* Returns the maximum allowed length for the current message that we are
* reading. Excludes the message header.
*/
-unsigned long ossl_statem_client_max_message_size(SSL *s)
+size_t ossl_statem_client_max_message_size(SSL *s)
{
OSSL_STATEM *st = &s->statem;
int tls_construct_client_hello(SSL *s, WPACKET *pkt)
{
unsigned char *p;
- int i;
- int protverr;
+ size_t sess_id_len;
+ int i, protverr;
int al = SSL_AD_HANDSHAKE_FAILURE;
#ifndef OPENSSL_NO_COMP
SSL_COMP *comp;
/* Session ID */
if (s->new_session)
- i = 0;
+ sess_id_len = 0;
else
- i = s->session->session_id_length;
- if (i > (int)sizeof(s->session->session_id)
+ sess_id_len = s->session->session_id_length;
+ if (sess_id_len > sizeof(s->session->session_id)
|| !WPACKET_start_sub_packet_u8(pkt)
- || (i != 0 && !WPACKET_memcpy(pkt, s->session->session_id, i))
+ || (sess_id_len != 0 && !WPACKET_memcpy(pkt, s->session->session_id,
+ sess_id_len))
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return 0;
MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
{
int al;
- unsigned int cookie_len;
+ size_t cookie_len;
PACKET cookiepkt;
if (!PACKET_forward(pkt, 2)
if (s->version >= TLS1_VERSION && s->tls_session_secret_cb &&
s->session->tlsext_tick) {
const SSL_CIPHER *pref_cipher = NULL;
- s->session->master_key_length = sizeof(s->session->master_key);
+ /*
+ * s->session->master_key_length is a size_t, but this is an int for
+ * backwards compat reasons
+ */
+ int master_key_length;
+ master_key_length = sizeof(s->session->master_key);
if (s->tls_session_secret_cb(s, s->session->master_key,
- &s->session->master_key_length,
+ &master_key_length,
NULL, &pref_cipher,
- s->tls_session_secret_cb_arg)) {
+ s->tls_session_secret_cb_arg)
+ && master_key_length > 0) {
+ s->session->master_key_length = master_key_length;
s->session->cipher = pref_cipher ?
pref_cipher : ssl_get_cipher_by_char(s, cipherchars);
} else {
int al;
unsigned int ticklen;
unsigned long ticket_lifetime_hint;
+ unsigned int sess_len;
if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
|| !PACKET_get_net_2(pkt, &ticklen)
* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
* SHA256 is disabled) hash of the ticket.
*/
+ /*
+ * TODO(size_t): we use sess_len here because EVP_Digest expects an int
+ * but s->session->session_id_length is a size_t
+ */
if (!EVP_Digest(s->session->tlsext_tick, ticklen,
- s->session->session_id, &s->session->session_id_length,
+ s->session->session_id, &sess_len,
EVP_sha256(), NULL)) {
SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
goto err;
}
+ s->session->session_id_length = sess_len;
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);