Move init of the WPACKET into write_state_machine()

                                 unsigned char *p);

__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);

void ssl3_free_digest_list(SSL *s);

__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);

__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,

                                            CERT_PKEY *cpk);

__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,

                                            STACK_OF(SSL_CIPHER) *clnt,

                                            STACK_OF(SSL_CIPHER) *srvr);

    WRITE_TRAN(*transition) (SSL *s);

    WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);

    WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);

    int (*construct_message) (SSL *s);

    int (*construct_message) (SSL *s, WPACKET *pkt);

    void (*cb) (const SSL *ssl, int type, int val) = NULL;

    WPACKET pkt;

    cb = get_callback(s);

            case WORK_FINISHED_STOP:

                return SUB_STATE_END_HANDSHAKE;

            }

            if (construct_message(s) == 0)

            if (!WPACKET_init(&pkt, s->init_buf)

                    || !construct_message(s, &pkt)

                    || !WPACKET_finish(&pkt)) {

                WPACKET_cleanup(&pkt);

                ossl_statem_set_error(s);

                return SUB_STATE_ERROR;

            }

            /* Fall through */

 *   1: Success

 *   0: Error

 */

int ossl_statem_client_construct_message(SSL *s)

int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt)

{

    OSSL_STATEM *st = &s->statem;

        return 0;

    case TLS_ST_CW_CLNT_HELLO:

        return tls_construct_client_hello(s);

        return tls_construct_client_hello(s, pkt);

    case TLS_ST_CW_CERT:

        return tls_construct_client_certificate(s);

        return tls_construct_client_certificate(s, pkt);

    case TLS_ST_CW_KEY_EXCH:

        return tls_construct_client_key_exchange(s);

        return tls_construct_client_key_exchange(s, pkt);

    case TLS_ST_CW_CERT_VRFY:

        return tls_construct_client_verify(s);

        return tls_construct_client_verify(s, pkt);

    case TLS_ST_CW_CHANGE:

        if (SSL_IS_DTLS(s))

            return dtls_construct_change_cipher_spec(s);

            return dtls_construct_change_cipher_spec(s, pkt);

        else

            return tls_construct_change_cipher_spec(s);

            return tls_construct_change_cipher_spec(s, pkt);

#if !defined(OPENSSL_NO_NEXTPROTONEG)

    case TLS_ST_CW_NEXT_PROTO:

        return tls_construct_next_proto(s);

        return tls_construct_next_proto(s, pkt);

#endif

    case TLS_ST_CW_FINISHED:

        return tls_construct_finished(s,

        return tls_construct_finished(s, pkt,

                                      s->method->

                                      ssl3_enc->client_finished_label,

                                      s->method->

    }

}

int tls_construct_client_hello(SSL *s)

int tls_construct_client_hello(SSL *s, WPACKET *pkt)

{

    unsigned char *p;

    int i;

    SSL_COMP *comp;

#endif

    SSL_SESSION *sess = s->session;

    WPACKET pkt;

    if (!WPACKET_init(&pkt, s->init_buf)

            || !WPACKET_set_max_size(&pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {

    if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {

        /* Should not happen */

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

    /* Work out what SSL/TLS/DTLS version to use */

    protverr = ssl_set_client_hello_version(s);

    if (protverr != 0) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, protverr);

        goto err;

        return 0;

    }

    if ((sess == NULL) || !ssl_version_supported(s, sess->ssl_version) ||

        (!sess->session_id_length && !sess->tlsext_tick) ||

        (sess->not_resumable)) {

        if (!ssl_get_new_session(s, 0))

            goto err;

            return 0;

    }

    /* else use the pre-loaded session */

        i = 1;

    if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0)

        goto err;

        return 0;

    if (!ssl_set_handshake_header(s, &pkt, SSL3_MT_CLIENT_HELLO)) {

    if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CLIENT_HELLO)) {

        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

    /*-

     * client_version in client hello and not resetting it to

     * the negotiated version.

     */

    if (!WPACKET_put_bytes_u16(&pkt, s->client_version)

            || !WPACKET_memcpy(&pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {

    if (!WPACKET_put_bytes_u16(pkt, s->client_version)

            || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

    /* Session ID */

    else

        i = s->session->session_id_length;

    if (i > (int)sizeof(s->session->session_id)

            || !WPACKET_start_sub_packet_u8(&pkt)

            || (i != 0 && !WPACKET_memcpy(&pkt, s->session->session_id, i))

            || !WPACKET_close(&pkt)) {

            || !WPACKET_start_sub_packet_u8(pkt)

            || (i != 0 && !WPACKET_memcpy(pkt, s->session->session_id, i))

            || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

    /* cookie stuff for DTLS */

    if (SSL_IS_DTLS(s)) {

        if (s->d1->cookie_len > sizeof(s->d1->cookie)

                || !WPACKET_sub_memcpy_u8(&pkt, s->d1->cookie,

                || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie,

                                          s->d1->cookie_len)) {

            SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

            goto err;

            return 0;

        }

    }

    /* Ciphers supported */

    if (!WPACKET_start_sub_packet_u16(&pkt)) {

    if (!WPACKET_start_sub_packet_u16(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

    /* ssl_cipher_list_to_bytes() raises SSLerr if appropriate */

    if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &pkt))

        goto err;

    if (!WPACKET_close(&pkt)) {

    if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt))

        return 0;

    if (!WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

    /* COMPRESSION */

    if (!WPACKET_start_sub_packet_u8(&pkt)) {

    if (!WPACKET_start_sub_packet_u8(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

#ifndef OPENSSL_NO_COMP

    if (ssl_allow_compression(s) && s->ctx->comp_methods) {

        int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);

        for (i = 0; i < compnum; i++) {

            comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);

            if (!WPACKET_put_bytes_u8(&pkt, comp->id)) {

            if (!WPACKET_put_bytes_u8(pkt, comp->id)) {

                SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

                goto err;

                return 0;

            }

        }

    }

#endif

    /* Add the NULL method */

    if (!WPACKET_put_bytes_u8(&pkt, 0) || !WPACKET_close(&pkt)) {

    if (!WPACKET_put_bytes_u8(pkt, 0) || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

    /* TLS extensions */

    if (ssl_prepare_clienthello_tlsext(s) <= 0) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);

        goto err;

        return 0;

    }

    if (!WPACKET_start_sub_packet_u16(&pkt)

    if (!WPACKET_start_sub_packet_u16(pkt)

               /*

                * If extensions are of zero length then we don't even add the

                * extensions length bytes

                */

            || !WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)

            || !ssl_add_clienthello_tlsext(s, &pkt, &al)

            || !WPACKET_close(&pkt)) {

            || !WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)

            || !ssl_add_clienthello_tlsext(s, pkt, &al)

            || !WPACKET_close(pkt)) {

        ssl3_send_alert(s, SSL3_AL_FATAL, al);

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

    if (!ssl_close_construct_packet(s, &pkt)) {

        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);

    if (!ssl_close_construct_packet(s, pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

        return 0;

    }

    return 1;

 err:

    ossl_statem_set_error(s);

    WPACKET_cleanup(&pkt);

    return 0;

}

MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)

#endif

}

int tls_construct_client_key_exchange(SSL *s)

int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)

{

    unsigned long alg_k;

    int al = -1;

    WPACKET pkt;

    if (!WPACKET_init(&pkt, s->init_buf)) {

        /* Should not happen */

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    if (!ssl_set_handshake_header(s, &pkt, SSL3_MT_CLIENT_KEY_EXCHANGE)) {

    if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CLIENT_KEY_EXCHANGE)) {

        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

        goto err;

    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

    if ((alg_k & SSL_PSK)

        && !tls_construct_cke_psk_preamble(s, &pkt, &al))

        && !tls_construct_cke_psk_preamble(s, pkt, &al))

        goto err;

    if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {

        if (!tls_construct_cke_rsa(s, &pkt, &al))

        if (!tls_construct_cke_rsa(s, pkt, &al))

            goto err;

    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {

        if (!tls_construct_cke_dhe(s, &pkt, &al))

        if (!tls_construct_cke_dhe(s, pkt, &al))

            goto err;

    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {

        if (!tls_construct_cke_ecdhe(s, &pkt, &al))

        if (!tls_construct_cke_ecdhe(s, pkt, &al))

            goto err;

    } else if (alg_k & SSL_kGOST) {

        if (!tls_construct_cke_gost(s, &pkt, &al))

        if (!tls_construct_cke_gost(s, pkt, &al))

            goto err;

    } else if (alg_k & SSL_kSRP) {

        if (!tls_construct_cke_srp(s, &pkt, &al))

        if (!tls_construct_cke_srp(s, pkt, &al))

            goto err;

    } else if (!(alg_k & SSL_kPSK)) {

        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);

        goto err;

    }

    if (!ssl_close_construct_packet(s, &pkt)) {

    if (!ssl_close_construct_packet(s, pkt)) {

        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

        goto err;

    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);

    s->s3->tmp.psk = NULL;

#endif

    WPACKET_cleanup(&pkt);

    ossl_statem_set_error(s);

    return 0;

}

    return 0;

}

int tls_construct_client_verify(SSL *s)

int tls_construct_client_verify(SSL *s, WPACKET *pkt)

{

    EVP_PKEY *pkey;

    const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];

    long hdatalen = 0;

    void *hdata;

    unsigned char *sig = NULL;

    WPACKET pkt;

    if (!WPACKET_init(&pkt, s->init_buf)) {

        /* Should not happen */

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    if (!ssl_set_handshake_header(s, &pkt, SSL3_MT_CERTIFICATE_VERIFY)) {

    if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CERTIFICATE_VERIFY)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);

        goto err;

    }

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    if (SSL_USE_SIGALGS(s)&& !tls12_get_sigandhash(&pkt, pkey, md)) {

    if (SSL_USE_SIGALGS(s)&& !tls12_get_sigandhash(pkt, pkey, md)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    }

#endif

    if (!WPACKET_sub_memcpy_u16(&pkt, sig, u)) {

    if (!WPACKET_sub_memcpy_u16(pkt, sig, u)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    if (!ssl3_digest_cached_records(s, 0))

        goto err;

    if (!ssl_close_construct_packet(s, &pkt)) {

    if (!ssl_close_construct_packet(s, pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    EVP_MD_CTX_free(mctx);

    return 1;

 err:

    WPACKET_cleanup(&pkt);

    OPENSSL_free(sig);

    EVP_MD_CTX_free(mctx);

    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);

    return WORK_ERROR;

}

int tls_construct_client_certificate(SSL *s)

int tls_construct_client_certificate(SSL *s, WPACKET *pkt)

{

    if (!ssl3_output_cert_chain(s,

    if (!ssl3_output_cert_chain(s, pkt,

                                (s->s3->tmp.cert_req ==

                                 2) ? NULL : s->cert->key)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);

        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);

        ossl_statem_set_error(s);

        return 0;

    }

}

#ifndef OPENSSL_NO_NEXTPROTONEG

int tls_construct_next_proto(SSL *s)

int tls_construct_next_proto(SSL *s, WPACKET *pkt)

{

    size_t len, padding_len;

    unsigned char *padding = NULL;

    WPACKET pkt;

    if (!WPACKET_init(&pkt, s->init_buf)) {

        /* Should not happen */

        SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    if (!ssl_set_handshake_header(s, &pkt, SSL3_MT_NEXT_PROTO)) {

    if (!ssl_set_handshake_header(s, pkt, SSL3_MT_NEXT_PROTO)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    len = s->next_proto_negotiated_len;

    padding_len = 32 - ((len + 2) % 32);

    if (!WPACKET_sub_memcpy_u8(&pkt, s->next_proto_negotiated, len)

            || !WPACKET_sub_allocate_bytes_u8(&pkt, padding_len, &padding)) {

    if (!WPACKET_sub_memcpy_u8(pkt, s->next_proto_negotiated, len)

            || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    memset(padding, 0, padding_len);

    if (!ssl_close_construct_packet(s, &pkt)) {

    if (!ssl_close_construct_packet(s, pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    return 1;

 err:

    WPACKET_cleanup(&pkt);

    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);

    return 0;

}

 * ssl->session->read_compression       assign

 * ssl->session->read_hash              assign

 */

int dtls_construct_change_cipher_spec(SSL *s)

int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)

{

    WPACKET pkt;

    if (!WPACKET_init(&pkt, s->init_buf)

            || !WPACKET_put_bytes_u8(&pkt, SSL3_MT_CCS)) {

    if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {

        SSLerr(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    if (s->version == DTLS1_BAD_VER) {

        s->d1->next_handshake_write_seq++;

        if (!WPACKET_put_bytes_u16(&pkt, s->d1->handshake_write_seq)) {

        if (!WPACKET_put_bytes_u16(pkt, s->d1->handshake_write_seq)) {

            SSLerr(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);

            goto err;

        }

        s->init_num += 2;

    }

    if (!WPACKET_finish(&pkt)) {

        SSLerr(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    s->init_off = 0;

    dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,

    }

    return 1;

 err:

    WPACKET_cleanup(&pkt);

    ossl_statem_set_error(s);

    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);

    return 0;

}

    if (!WPACKET_close(pkt)

            || !WPACKET_get_length(pkt, &msglen)

            || msglen > INT_MAX

            || !WPACKET_finish(pkt))

            || msglen > INT_MAX)

        return 0;

    s->d1->w_msg_hdr.msg_len = msglen - DTLS1_HM_HEADER_LENGTH;

    s->d1->w_msg_hdr.frag_len = msglen - DTLS1_HM_HEADER_LENGTH;

    if (!WPACKET_close(pkt)

            || !WPACKET_get_length(pkt, &msglen)

            || msglen > INT_MAX

            || !WPACKET_finish(pkt))

            || msglen > INT_MAX)

        return 0;

    s->init_num = (int)msglen;

    s->init_off = 0;

    return 1;

}

int tls_construct_finished(SSL *s, const char *sender, int slen)

int tls_construct_finished(SSL *s, WPACKET *pkt, const char *sender, int slen)

{

    int i;

    WPACKET pkt;

    if (!WPACKET_init(&pkt, s->init_buf)

            || !ssl_set_handshake_header(s, &pkt, SSL3_MT_FINISHED)) {

    if (!ssl_set_handshake_header(s, pkt, SSL3_MT_FINISHED)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    s->s3->tmp.finish_md_len = i;

    if (!WPACKET_memcpy(&pkt, s->s3->tmp.finish_md, i)) {

    if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, i)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);

        goto err;

    }

        s->s3->previous_server_finished_len = i;

    }

    if (!ssl_close_construct_packet(s, &pkt)) {

    if (!ssl_close_construct_packet(s, pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    return 1;

 err:

    ossl_statem_set_error(s);

    WPACKET_cleanup(&pkt);

    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);