}
/*
- * Construct a message to be sent from the server to the client.
+ * Get the message construction function and message type for sending from the
+ * server
*
* Valid return values are:
* 1: Success
* 0: Error
*/
-int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt)
+int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+ confunc_f *confunc, int *mt)
{
OSSL_STATEM *st = &s->statem;
- int (*confunc) (SSL *s, WPACKET *pkt) = NULL;
- int ret = 1, mt;
switch (st->hand_state) {
default:
case TLS_ST_SW_CHANGE:
if (SSL_IS_DTLS(s))
- confunc = dtls_construct_change_cipher_spec;
+ *confunc = dtls_construct_change_cipher_spec;
else
- confunc = tls_construct_change_cipher_spec;
- mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+ *confunc = tls_construct_change_cipher_spec;
+ *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
break;
case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
- confunc = dtls_construct_hello_verify_request;
- mt = DTLS1_MT_HELLO_VERIFY_REQUEST;
+ *confunc = dtls_construct_hello_verify_request;
+ *mt = DTLS1_MT_HELLO_VERIFY_REQUEST;
break;
case TLS_ST_SW_HELLO_REQ:
/* No construction function needed */
- mt = SSL3_MT_HELLO_REQUEST;
+ *confunc = NULL;
+ *mt = SSL3_MT_HELLO_REQUEST;
break;
case TLS_ST_SW_SRVR_HELLO:
- confunc = tls_construct_server_hello;
- mt = SSL3_MT_SERVER_HELLO;
+ *confunc = tls_construct_server_hello;
+ *mt = SSL3_MT_SERVER_HELLO;
break;
case TLS_ST_SW_CERT:
- confunc = tls_construct_server_certificate;
- mt = SSL3_MT_CERTIFICATE;
+ *confunc = tls_construct_server_certificate;
+ *mt = SSL3_MT_CERTIFICATE;
break;
case TLS_ST_SW_KEY_EXCH:
- confunc = tls_construct_server_key_exchange;
- mt = SSL3_MT_SERVER_KEY_EXCHANGE;
+ *confunc = tls_construct_server_key_exchange;
+ *mt = SSL3_MT_SERVER_KEY_EXCHANGE;
break;
case TLS_ST_SW_CERT_REQ:
- confunc = tls_construct_certificate_request;
- mt = SSL3_MT_CERTIFICATE_REQUEST;
+ *confunc = tls_construct_certificate_request;
+ *mt = SSL3_MT_CERTIFICATE_REQUEST;
break;
case TLS_ST_SW_SRVR_DONE:
- confunc = tls_construct_server_done;
- mt = SSL3_MT_SERVER_DONE;
+ *confunc = tls_construct_server_done;
+ *mt = SSL3_MT_SERVER_DONE;
break;
case TLS_ST_SW_SESSION_TICKET:
- confunc = tls_construct_new_session_ticket;
- mt = SSL3_MT_NEWSESSION_TICKET;
+ *confunc = tls_construct_new_session_ticket;
+ *mt = SSL3_MT_NEWSESSION_TICKET;
break;
case TLS_ST_SW_CERT_STATUS:
- confunc = tls_construct_cert_status;
- mt = SSL3_MT_CERTIFICATE_STATUS;
+ *confunc = tls_construct_cert_status;
+ *mt = SSL3_MT_CERTIFICATE_STATUS;
break;
case TLS_ST_SW_FINISHED:
- mt = SSL3_MT_FINISHED;
+ *confunc = tls_construct_finished;
+ *mt = SSL3_MT_FINISHED;
break;
}
- if (!ssl_set_handshake_header(s, pkt, mt)) {
- SSLerr(SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
- ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- if (st->hand_state == TLS_ST_SW_FINISHED)
- ret = tls_construct_finished(s, pkt,
- s->method->
- ssl3_enc->server_finished_label,
- s->method->
- ssl3_enc->server_finished_label_len);
- else if (confunc != NULL)
- ret = confunc(s, pkt);
-
- if (!ret || !ssl_close_construct_packet(s, pkt, mt)) {
- SSLerr(SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
- ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
return 1;
}
* Returns the maximum allowed length for the current message that we are
* reading. Excludes the message header.
*/
-unsigned long ossl_statem_server_max_message_size(SSL *s)
+size_t ossl_statem_server_max_message_size(SSL *s)
{
OSSL_STATEM *st = &s->statem;
#endif
int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
- unsigned char cookie_len)
+ size_t cookie_len)
{
/* Always use DTLS 1.0 version: see RFC 6347 */
if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION)
int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
{
+ unsigned int cookie_leni;
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
- &(s->d1->cookie_len)) == 0 ||
- s->d1->cookie_len > 255) {
+ &cookie_leni) == 0 ||
+ cookie_leni > 255) {
SSLerr(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
return 0;
}
+ s->d1->cookie_len = cookie_leni;
if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie,
s->d1->cookie_len)) {
if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
const SSL_CIPHER *pref_cipher = NULL;
+ /*
+ * s->session->master_key_length is a size_t, but this is an int for
+ * backwards compat reasons
+ */
+ int master_key_length;
- s->session->master_key_length = sizeof(s->session->master_key);
+ master_key_length = sizeof(s->session->master_key);
if (s->tls_session_secret_cb(s, s->session->master_key,
- &s->session->master_key_length, ciphers,
+ &master_key_length, ciphers,
&pref_cipher,
- s->tls_session_secret_cb_arg)) {
+ s->tls_session_secret_cb_arg)
+ && master_key_length > 0) {
+ s->session->master_key_length = master_key_length;
s->hit = 1;
s->session->ciphers = ciphers;
s->session->verify_result = X509_V_OK;
int tls_construct_server_hello(SSL *s, WPACKET *pkt)
{
- int sl, compm, al = SSL_AD_INTERNAL_ERROR;
- size_t len;
+ int compm, al = SSL_AD_INTERNAL_ERROR;
+ size_t sl, len;
if (!WPACKET_put_bytes_u16(pkt, s->version)
/*
s->session->session_id_length = 0;
sl = s->session->session_id_length;
- if (sl > (int)sizeof(s->session->session_id)) {
+ if (sl > sizeof(s->session->session_id)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}