diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 552dec0528..338fdb7ea1 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -612,7 +612,7 @@ struct ssl_ctx_st { * Most session-ids that will be cached, default is * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ - size_t session_cache_size; + size_t session_cache_size; struct ssl_session_st *session_cache_head; struct ssl_session_st *session_cache_tail; /* @@ -1378,7 +1378,7 @@ int pqueue_size(pqueue *pq); typedef struct dtls1_state_st { unsigned char cookie[DTLS1_COOKIE_LENGTH]; - unsigned int cookie_len; + size_t cookie_len; unsigned int cookie_verified; /* handshake message numbers */ unsigned short handshake_write_seq; @@ -1958,7 +1958,7 @@ void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); void dtls1_double_timeout(SSL *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, - unsigned char cookie_len); + size_t cookie_len); __owur int dtls1_send_newsession_ticket(SSL *s); __owur size_t dtls1_min_mtu(SSL *s); void dtls1_hm_fragment_free(hm_fragment *frag); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 3129456ce7..af0882597c 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -870,7 +870,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt) { int al; - unsigned int cookie_len; + size_t cookie_len; PACKET cookiepkt; if (!PACKET_forward(pkt, 2) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 853020582b..83e698b999 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -853,7 +853,7 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) #endif int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, - unsigned char cookie_len) + size_t cookie_len) { /* Always use DTLS 1.0 version: see RFC 6347 */ if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION) @@ -865,14 +865,16 @@ int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) { + unsigned int cookie_leni; if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0 || - s->d1->cookie_len > 255) { + &cookie_leni) == 0 || + cookie_leni > 255) { SSLerr(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return 0; } + s->d1->cookie_len = cookie_leni; if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie, s->d1->cookie_len)) {