return 1;
}
-int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
+size_t ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
{
int ret;
EVP_MD_CTX *ctx = NULL;
int ssl3_do_change_cipher_spec(SSL *s)
{
int i;
+ size_t finish_md_len;
const char *sender;
int slen;
slen = s->method->ssl3_enc->client_finished_label_len;
}
- i = s->method->ssl3_enc->final_finish_mac(s,
- sender, slen,
- s->s3->tmp.peer_finish_md);
- if (i == 0) {
+ finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+ s->s3->tmp.peer_finish_md);
+ if (finish_md_len == 0) {
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
return 0;
}
- s->s3->tmp.peer_finish_md_len = i;
+ s->s3->tmp.peer_finish_md_len = finish_md_len;
return (1);
}
(int (*)(SSL *, unsigned char *, unsigned char *, size_t, size_t *))
ssl_undefined_function,
(int (*)(SSL *, int))ssl_undefined_function,
- (int (*)(SSL *, const char *, int, unsigned char *))
+ (size_t (*)(SSL *, const char *, int, unsigned char *))
ssl_undefined_function,
0, /* finish_mac_length */
NULL, /* client_finished_label */
* Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
*/
- unsigned long session_cache_size;
+ size_t session_cache_size;
struct ssl_session_st *session_cache_head;
struct ssl_session_st *session_cache_tail;
/*
uint32_t mode;
int min_proto_version;
int max_proto_version;
- long max_cert_list;
+ size_t max_cert_list;
struct cert_st /* CERT */ *cert;
int read_ahead;
* format.
*/
unsigned char *alpn_client_proto_list;
- unsigned alpn_client_proto_list_len;
+ size_t alpn_client_proto_list_len;
/* Shared DANE context */
struct dane_ctx_st dane;
uint32_t mode;
int min_proto_version;
int max_proto_version;
- long max_cert_list;
+ size_t max_cert_list;
int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */
int client_version;
* the Finished message.
*/
unsigned char *next_proto_negotiated;
- unsigned char next_proto_negotiated_len;
+ size_t next_proto_negotiated_len;
# endif
# define session_ctx initial_ctx
/* What we'll do */
* format.
*/
unsigned char *alpn_client_proto_list;
- unsigned alpn_client_proto_list_len;
+ size_t alpn_client_proto_list_len;
/*-
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake
struct {
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
- int finish_md_len;
+ size_t finish_md_len;
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
- int peer_finish_md_len;
+ size_t peer_finish_md_len;
size_t message_size;
int message_type;
/* used to hold the new cipher we are going to use */
/* Connection binding to prevent renegotiation attacks */
unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_client_finished_len;
+ size_t previous_client_finished_len;
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_server_finished_len;
+ size_t previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
# ifndef OPENSSL_NO_NEXTPROTONEG
int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
size_t, size_t *);
int (*change_cipher_state) (SSL *, int);
- int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
+ size_t (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
int finish_mac_length;
const char *client_finished_label;
int client_finished_label_len;
int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl);
__owur int ssl3_dispatch_alert(SSL *s);
-__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
- unsigned char *p);
+__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+ unsigned char *p);
__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len);
void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
__owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
-__owur int tls1_final_finish_mac(SSL *s,
- const char *str, int slen, unsigned char *p);
+__owur size_t tls1_final_finish_mac(SSL *s, const char *str, int slen,
+ unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, size_t len,
size_t *secret_size);
int tls_construct_finished(SSL *s, WPACKET *pkt)
{
- int i;
+ size_t finish_md_len;
const char *sender;
int slen;
slen = s->method->ssl3_enc->client_finished_label_len;
}
- i = s->method->ssl3_enc->final_finish_mac(s,
- sender, slen,
- s->s3->tmp.finish_md);
- if (i <= 0) {
+ finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+ sender, slen,
+ s->s3->tmp.finish_md);
+ if (finish_md_len == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
goto err;
}
- s->s3->tmp.finish_md_len = i;
+ s->s3->tmp.finish_md_len = finish_md_len;
- if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, i)) {
+ if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
goto err;
}
* Copy the finished so we can use it for renegotiation checks
*/
if (!s->server) {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
- s->s3->previous_client_finished_len = i;
+ OPENSSL_assert(finish_md_len <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md,
+ finish_md_len);
+ s->s3->previous_client_finished_len = finish_md_len;
} else {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
- s->s3->previous_server_finished_len = i;
+ OPENSSL_assert(finish_md_len <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md,
+ finish_md_len);
+ s->s3->previous_server_finished_len = finish_md_len;
}
return 1;
MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
{
- int al, i;
+ int al;
+ size_t md_len;
/* If this occurs, we have missed a message */
if (!s->s3->change_cipher_spec) {
}
s->s3->change_cipher_spec = 0;
- i = s->s3->tmp.peer_finish_md_len;
+ md_len = s->s3->tmp.peer_finish_md_len;
- if ((unsigned long)i != PACKET_remaining(pkt)) {
+ if (md_len != PACKET_remaining(pkt)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
goto f_err;
}
- if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md, i) != 0) {
+ if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md,
+ md_len) != 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
goto f_err;
* Copy the finished so we can use it for renegotiation checks
*/
if (s->server) {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i);
- s->s3->previous_client_finished_len = i;
+ OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md,
+ md_len);
+ s->s3->previous_client_finished_len = md_len;
} else {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i);
- s->s3->previous_server_finished_len = i;
+ OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md,
+ md_len);
+ s->s3->previous_server_finished_len = md_len;
}
return MSG_PROCESS_FINISHED_READING;
return (ret);
}
-int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
+size_t tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
{
size_t hashlen;
unsigned char hash[EVP_MAX_MD_SIZE];
projects / oweals / openssl.git / commitdiff