Address WPACKET review comments

        if (pkt->buf->length > SIZE_MAX / 2) {

            newlen = SIZE_MAX;

        } else {

            if (pkt->buf->length == 0)

                newlen = DEFAULT_BUF_SIZE;

            else

                newlen = pkt->buf->length * 2;

            newlen = (pkt->buf->length == 0) ? DEFAULT_BUF_SIZE

                                             : pkt->buf->length * 2;

        }

        if (BUF_MEM_grow(pkt->buf, newlen) == 0)

            return 0;

        if (pkt->curr == NULL) {

            /*

             * Can happen if initialised with a BUF_MEM that hasn't been

             * pre-allocated.

             */

            pkt->curr = (unsigned char *)pkt->buf->data;

        }

    }

    pkt->written += len;

    *allocbytes = pkt->curr;

    *allocbytes = (unsigned char *)pkt->buf->data + pkt->curr;

    pkt->curr += len;

    return 1;

int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)

{

    unsigned char *lenchars;

    /* Sanity check */

    if (buf == NULL)

        return 0;

    pkt->buf = buf;

    pkt->curr = (unsigned char *)buf->data;

    pkt->curr = 0;

    pkt->written = 0;

    pkt->maxsize = maxmaxsize(lenbytes);

    pkt->subs->pwritten = lenbytes;

    pkt->subs->lenbytes = lenbytes;

    if (!WPACKET_allocate_bytes(pkt, lenbytes, &(pkt->subs->packet_len))) {

    if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) {

        OPENSSL_free(pkt->subs);

        pkt->subs = NULL;

        return 0;

    }

    pkt->subs->packet_len = lenchars - (unsigned char *)pkt->buf->data;

    return 1;

}

    return WPACKET_init_len(pkt, buf, 0);

}

int WPACKET_set_packet_len(WPACKET *pkt, unsigned char *packet_len,

                           size_t lenbytes)

{

    size_t maxmax;

    /* We only allow this to be set once */

    if (pkt->subs == NULL || pkt->subs->lenbytes != 0)

        return 0;

    pkt->subs->lenbytes = lenbytes;

    pkt->subs->packet_len = packet_len;

    maxmax = maxmaxsize(lenbytes);

    if (pkt->maxsize > maxmax)

        pkt->maxsize = maxmax;

    return 1;

}

int WPACKET_set_flags(WPACKET *pkt, unsigned int flags)

{

    if (pkt->subs == NULL)

 */

static int wpacket_intern_close(WPACKET *pkt)

{

    size_t packlen;

    WPACKET_SUB *sub = pkt->subs;

    size_t packlen = pkt->written - sub->pwritten;

    packlen = pkt->written - sub->pwritten;

    if (packlen == 0

            && sub->flags & OPENSSL_WPACKET_FLAGS_NON_ZERO_LENGTH)

            && sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH)

        return 0;

    if (packlen == 0

            && sub->flags & OPENSSL_WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {

            && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {

        /* Deallocate any bytes allocated for the length of the WPACKET */

        if ((pkt->curr - sub->lenbytes) == sub->packet_len) {

            pkt->written -= sub->lenbytes;

        }

        /* Don't write out the packet length */

        sub->packet_len = NULL;

        sub->packet_len = 0;

        sub->lenbytes = 0;

    }

    /* Write out the WPACKET length if needed */

    if (sub->packet_len != NULL) {

    if (sub->lenbytes > 0) {

        size_t lenbytes;

        lenbytes = sub->lenbytes;

        for (; lenbytes > 0; lenbytes--) {

            sub->packet_len[lenbytes - 1]

        for (lenbytes = sub->lenbytes; lenbytes > 0; lenbytes--) {

            pkt->buf->data[sub->packet_len + lenbytes - 1]

                = (unsigned char)(packlen & 0xff);

            packlen >>= 8;

        }

        return 0;

    ret = wpacket_intern_close(pkt);

    if (ret) {

        OPENSSL_free(pkt->subs);

        pkt->subs = NULL;

    }

    return ret;

}

int WPACKET_start_sub_packet_len(WPACKET *pkt, size_t lenbytes)

{

    WPACKET_SUB *sub;

    unsigned char *lenchars;

    if (pkt->subs == NULL)

        return 0;

    sub->lenbytes = lenbytes;

    if (lenbytes == 0) {

        sub->packet_len = NULL;

        sub->packet_len = 0;

        return 1;

    }

    if (!WPACKET_allocate_bytes(pkt, lenbytes, &sub->packet_len)) {

    if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars))

        return 0;

    }

    sub->packet_len = lenchars - (unsigned char *)pkt->buf->data;

    return 1;

}

    return WPACKET_start_sub_packet_len(pkt, 0);

}

int WPACKET_put_bytes(WPACKET *pkt, unsigned int val, size_t bytes)

int WPACKET_put_bytes(WPACKET *pkt, unsigned int val, size_t size)

{

    unsigned char *data;

    if (bytes > sizeof(unsigned int)

            || !WPACKET_allocate_bytes(pkt, bytes, &data))

    if (size > sizeof(unsigned int)

            || !WPACKET_allocate_bytes(pkt, size, &data))

        return 0;

    data += bytes - 1;

    for (; bytes > 0; bytes--) {

    for (data += size - 1; size > 0; size--) {

        *data = (unsigned char)(val & 0xff);

        data--;

        val >>= 8;

        return 0;

    /* Find the WPACKET_SUB for the top level */

    for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent);

    for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent)

        continue;

    lenbytes = sub->lenbytes;

    if (lenbytes == 0)

    WPACKET_SUB *parent;

    /*

     * Pointer to where the length of this WPACKET goes (or NULL if we don't

     * write the length)

     * Offset into the buffer where the length of this WPACKET goes. We use an

     * offset in case the buffer grows and gets reallocated.

     */

    unsigned char *packet_len;

    size_t packet_len;

    /* Number of bytes in the packet_len */

    /* Number of bytes in the packet_len or 0 if we don't write the length */

    size_t lenbytes;

    /* Number of bytes written to the buf prior to this packet starting */

    /* The buffer where we store the output data */

    BUF_MEM *buf;

    /* Pointer to where we are currently writing */

    unsigned char *curr;

    /*

     * Offset into the buffer where we are currently writing. We use an offset

     * in case the buffer grows and gets reallocated.

     */

    size_t curr;

    /* Number of bytes written so far */

    size_t written;

/* Flags */

/* Default */

#define OPENSSL_WPACKET_FLAGS_NONE                      0

#define WPACKET_FLAGS_NONE                      0

/* Error on WPACKET_close() if no data written to the WPACKET */

#define OPENSSL_WPACKET_FLAGS_NON_ZERO_LENGTH           1

#define WPACKET_FLAGS_NON_ZERO_LENGTH           1

/*

 * Abandon all changes on WPACKET_close() if no data written to the WPACKET,

 * i.e. this does not write out a zero packet length

 */

#define OPENSSL_WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH    2

#define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH    2

/*

 */

int WPACKET_set_flags(WPACKET *pkt, unsigned int flags);

/*

 * Set the WPACKET length, and the location for where we should write that

 * length. Normally this will be at the start of the WPACKET, and therefore

 * the WPACKET would have been initialised via WPACKET_init_len(). However there

 * is the possibility that the length needs to be written to some other location

 * other than the start of the WPACKET. In that case init via WPACKET_init() and

 * then set the location for the length using this function.

 */

int WPACKET_set_packet_len(WPACKET *pkt, unsigned char *packet_len,

                           size_t lenbytes);

/*

 * Closes the most recent sub-packet. It also writes out the length of the

 * packet to the required location (normally the start of the WPACKET) if

 */

int WPACKET_start_sub_packet_len(WPACKET *pkt, size_t lenbytes);

/*

 * Convenience macros for calling WPACKET_start_sub_packet_len with different

 * lengths

 */

#define WPACKET_start_sub_packet_u8(pkt) \

    WPACKET_start_sub_packet_len((pkt), 1)

#define WPACKET_start_sub_packet_u16(pkt) \

    WPACKET_start_sub_packet_len((pkt), 2)

#define WPACKET_start_sub_packet_u24(pkt) \

    WPACKET_start_sub_packet_len((pkt), 3)

#define WPACKET_start_sub_packet_u32(pkt) \

    WPACKET_start_sub_packet_len((pkt), 4)

/*

 * Same as WPACKET_start_sub_packet_len() except no bytes are pre-allocated for

 * the sub-packet length.

{

    /* Set the content type and 3 bytes for the message len */

    if (!WPACKET_put_bytes(pkt, htype, 1)

            || !WPACKET_start_sub_packet_len(pkt, 3))

            || !WPACKET_start_sub_packet_u24(pkt))

        return 0;

    return 1;

    else

        i = s->session->session_id_length;

    if (i > (int)sizeof(s->session->session_id)

            || !WPACKET_start_sub_packet_len(&pkt, 1)

            || !WPACKET_start_sub_packet_u8(&pkt)

            || (i != 0 && !WPACKET_memcpy(&pkt, s->session->session_id, i))

            || !WPACKET_close(&pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

    }

    /* Ciphers supported */

    if (!WPACKET_start_sub_packet_len(&pkt, 2)) {

    if (!WPACKET_start_sub_packet_u16(&pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    }

    /* COMPRESSION */

    if (!WPACKET_start_sub_packet_len(&pkt, 1)) {

    if (!WPACKET_start_sub_packet_u8(&pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);

        goto err;

    }

        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);

        goto err;

    }

    if (!WPACKET_start_sub_packet_len(&pkt, 2)

    if (!WPACKET_start_sub_packet_u16(&pkt)

               /*

                * If extensions are of zero length then we don't even add the

                * extensions length bytes

                */

            || !WPACKET_set_flags(&pkt,

                                  OPENSSL_WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)

            || !WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)

            || !ssl_add_clienthello_tlsext(s, &pkt, &al)

            || !WPACKET_close(&pkt)) {

        ssl3_send_alert(s, SSL3_AL_FATAL, al);

int dtls1_set_handshake_header2(SSL *s, WPACKET *pkt, int htype)

{

    unsigned char *header;

    dtls1_set_message_header(s, htype, 0, 0, 0);

    /*