Move a large part of ssl_st into internal, so we can see what squeals.

ok jsing@
author: beck <> 2017-01-23 06:45:30 +0000
committer: beck <> 2017-01-23 06:45:30 +0000
commit: fedd988b9f44e5e0ccf1a340f14354f32800d524 (patch)
tree: dfb700c2a3d1498e8069f1fab4c6691ef0f3fef1 /src/lib/libssl/d1_clnt.c
parent: 3b1c7c5973d7e6aca42940bd4e07900c35d585f5 (diff)
download: openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.tar.gz
openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.tar.bz2
openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.zip
1 files changed, 41 insertions, 41 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 67b874ef6b..5a972f3292 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.65 2017/01/23 04:55:26 beck Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.66 2017/01/23 06:45:30 beck Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -203,7 +203,7 @@ dtls1_connect(SSL *s)
                switch (s->state) {
                case SSL_ST_RENEGOTIATE:
-                        s->renegotiate = 1;
+                        s->internal->renegotiate = 1;
                        s->state = SSL_ST_CONNECT;
                        s->ctx->internal->stats.sess_connect_renegotiate++;
                        /* break */
@@ -224,7 +224,7 @@ dtls1_connect(SSL *s)
                        }
                        /* s->version=SSL3_VERSION; */
-                        s->type = SSL_ST_CONNECT;
+                        s->internal->type = SSL_ST_CONNECT;
                        if (!ssl3_setup_init_buffer(s)) {
                                ret = -1;
@@ -243,19 +243,19 @@ dtls1_connect(SSL *s)
                        s->state = SSL3_ST_CW_CLNT_HELLO_A;
                        s->ctx->internal->stats.sess_connect++;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        /* mark client_random uninitialized */
                        memset(s->s3->client_random, 0,
                            sizeof(s->s3->client_random));
                        D1I(s)->send_cookie = 0;
-                        s->hit = 0;
+                        s->internal->hit = 0;
                        break;
                case SSL3_ST_CW_CLNT_HELLO_A:
                case SSL3_ST_CW_CLNT_HELLO_B:
-                        s->shutdown = 0;
+                        s->internal->shutdown = 0;
                        /* every DTLS ClientHello resets Finished MAC */
                        if (!tls1_init_finished_mac(s)) {
@@ -274,7 +274,7 @@ dtls1_connect(SSL *s)
                        } else
                                s->state = SSL3_ST_CR_SRVR_HELLO_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        /* turn on buffering for the next lot of output */
                        if (s->bbio != s->wbio)
@@ -288,13 +288,13 @@ dtls1_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        else {
-                                if (s->hit) {
+                                if (s->internal->hit) {
                                        s->state = SSL3_ST_CR_FINISHED_A;
                                } else
                                        s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
                        }
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
@@ -308,7 +308,7 @@ dtls1_connect(SSL *s)
                                s->state = SSL3_ST_CW_CLNT_HELLO_A;
                        else
                                s->state = SSL3_ST_CR_CERT_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_CERT_A:
@@ -317,12 +317,12 @@ dtls1_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        if (ret == 2) {
-                                s->hit = 1;
+                                s->internal->hit = 1;
-                                if (s->tlsext_ticket_expected)
+                                if (s->internal->tlsext_ticket_expected)
                                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
                                else
                                        s->state = SSL3_ST_CR_FINISHED_A;
-                                s->init_num = 0;
+                                s->internal->init_num = 0;
                                break;
                        }
                        /* Check if it is anon DH. */
@@ -331,7 +331,7 @@ dtls1_connect(SSL *s)
                                ret = ssl3_get_server_certificate(s);
                                if (ret <= 0)
                                        goto end;
-                                if (s->tlsext_status_expected)
+                                if (s->internal->tlsext_status_expected)
                                        s->state = SSL3_ST_CR_CERT_STATUS_A;
                                else
                                        s->state = SSL3_ST_CR_KEY_EXCH_A;
@@ -339,7 +339,7 @@ dtls1_connect(SSL *s)
                                skip = 1;
                                s->state = SSL3_ST_CR_KEY_EXCH_A;
                        }
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_KEY_EXCH_A:
@@ -348,7 +348,7 @@ dtls1_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CR_CERT_REQ_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        /* at this point we check that we have the
                         * required stuff from the server */
@@ -364,7 +364,7 @@ dtls1_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CR_SRVR_DONE_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_SRVR_DONE_A:
@@ -377,7 +377,7 @@ dtls1_connect(SSL *s)
                                S3I(s)->tmp.next_state = SSL3_ST_CW_CERT_A;
                        else
                                S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        s->state = S3I(s)->tmp.next_state;
                        break;
@@ -390,7 +390,7 @@ dtls1_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CW_KEY_EXCH_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CW_KEY_EXCH_A:
@@ -411,7 +411,7 @@ dtls1_connect(SSL *s)
                                S3I(s)->change_cipher_spec = 0;
                        }
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CW_CERT_VRFY_A:
@@ -421,13 +421,13 @@ dtls1_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CW_CHANGE_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        S3I(s)->change_cipher_spec = 0;
                        break;
                case SSL3_ST_CW_CHANGE_A:
                case SSL3_ST_CW_CHANGE_B:
-                        if (!s->hit)
+                        if (!s->internal->hit)
                                dtls1_start_timer(s);
                        ret = dtls1_send_change_cipher_spec(s,
                            SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
@@ -435,7 +435,7 @@ dtls1_connect(SSL *s)
                                goto end;
                        s->state = SSL3_ST_CW_FINISHED_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        s->session->cipher = S3I(s)->tmp.new_cipher;
                        if (!s->method->ssl3_enc->setup_key_block(s)) {
@@ -455,7 +455,7 @@ dtls1_connect(SSL *s)
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
-                        if (!s->hit)
+                        if (!s->internal->hit)
                                dtls1_start_timer(s);
                        ret = ssl3_send_finished(s,
                            SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
@@ -467,7 +467,7 @@ dtls1_connect(SSL *s)
                        /* clear flags */
                        s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-                        if (s->hit) {
+                        if (s->internal->hit) {
                                S3I(s)->tmp.next_state = SSL_ST_OK;
                                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
                                        s->state = SSL_ST_OK;
@@ -477,14 +477,14 @@ dtls1_connect(SSL *s)
                        } else {
                                /* Allow NewSessionTicket if ticket expected */
-                                if (s->tlsext_ticket_expected)
+                                if (s->internal->tlsext_ticket_expected)
                                        S3I(s)->tmp.next_state =
                                            SSL3_ST_CR_SESSION_TICKET_A;
                                else
                                        S3I(s)->tmp.next_state =
                                            SSL3_ST_CR_FINISHED_A;
                        }
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_SESSION_TICKET_A:
@@ -493,7 +493,7 @@ dtls1_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CR_FINISHED_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_CERT_STATUS_A:
@@ -502,7 +502,7 @@ dtls1_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CR_KEY_EXCH_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_FINISHED_A:
@@ -514,28 +514,28 @@ dtls1_connect(SSL *s)
                                goto end;
                        dtls1_stop_timer(s);
-                        if (s->hit)
+                        if (s->internal->hit)
                                s->state = SSL3_ST_CW_CHANGE_A;
                        else
                                s->state = SSL_ST_OK;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CW_FLUSH:
-                        s->rwstate = SSL_WRITING;
+                        s->internal->rwstate = SSL_WRITING;
                        if (BIO_flush(s->wbio) <= 0) {
                                /* If the write error was fatal, stop trying */
                                if (!BIO_should_retry(s->wbio)) {
-                                        s->rwstate = SSL_NOTHING;
+                                        s->internal->rwstate = SSL_NOTHING;
                                        s->state = S3I(s)->tmp.next_state;
                                }
                                ret = -1;
                                goto end;
                        }
-                        s->rwstate = SSL_NOTHING;
+                        s->internal->rwstate = SSL_NOTHING;
                        s->state = S3I(s)->tmp.next_state;
                        break;
@@ -549,12 +549,12 @@ dtls1_connect(SSL *s)
                                ssl_free_wbio_buffer(s);
                        /* else do it later in ssl3_write */
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
-                        s->renegotiate = 0;
+                        s->internal->renegotiate = 0;
-                        s->new_session = 0;
+                        s->internal->new_session = 0;
                        ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
-                        if (s->hit)
+                        if (s->internal->hit)
                                s->ctx->internal->stats.sess_hit++;
                        ret = 1;
@@ -580,7 +580,7 @@ dtls1_connect(SSL *s)
                /* did we do anything */
                if (!S3I(s)->tmp.reuse_message && !skip) {
-                        if (s->debug) {
+                        if (s->internal->debug) {
                                if ((ret = BIO_flush(s->wbio)) <= 0)
                                        goto end;
                        }
@@ -613,7 +613,7 @@ dtls1_get_hello_verify(SSL *s)
        CBS hello_verify_request, cookie;
        n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
-            DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok);
+            DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok);
        if (!ok)
                return ((int)n);
@@ -627,7 +627,7 @@ dtls1_get_hello_verify(SSL *s)
        if (n < 0)
                goto truncated;
-        CBS_init(&hello_verify_request, s->init_msg, n);
+        CBS_init(&hello_verify_request, s->internal->init_msg, n);
        if (!CBS_get_u16(&hello_verify_request, &ssl_version))
                goto truncated;
author	beck <>	2017-01-23 06:45:30 +0000
committer	beck <>	2017-01-23 06:45:30 +0000
commit	fedd988b9f44e5e0ccf1a340f14354f32800d524 (patch)
tree	dfb700c2a3d1498e8069f1fab4c6691ef0f3fef1 /src/lib/libssl/d1_clnt.c
parent	3b1c7c5973d7e6aca42940bd4e07900c35d585f5 (diff)
download	openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.tar.gz openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.tar.bz2 openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.zip

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 67b874ef6b..5a972f3292 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_clnt.c,v 1.65 2017/01/23 04:55:26 beck Exp $ */	1	/* $OpenBSD: d1_clnt.c,v 1.66 2017/01/23 06:45:30 beck Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -203,7 +203,7 @@ dtls1_connect(SSL *s)
203		203
204	switch (s->state) {	204	switch (s->state) {
205	case SSL_ST_RENEGOTIATE:	205	case SSL_ST_RENEGOTIATE:
206	s->renegotiate = 1;	206	s->internal->renegotiate = 1;
207	s->state = SSL_ST_CONNECT;	207	s->state = SSL_ST_CONNECT;
208	s->ctx->internal->stats.sess_connect_renegotiate++;	208	s->ctx->internal->stats.sess_connect_renegotiate++;
209	/* break */	209	/* break */
@@ -224,7 +224,7 @@ dtls1_connect(SSL *s)
224	}	224	}
225		225
226	/* s->version=SSL3_VERSION; */	226	/* s->version=SSL3_VERSION; */
227	s->type = SSL_ST_CONNECT;	227	s->internal->type = SSL_ST_CONNECT;
228		228
229	if (!ssl3_setup_init_buffer(s)) {	229	if (!ssl3_setup_init_buffer(s)) {
230	ret = -1;	230	ret = -1;
@@ -243,19 +243,19 @@ dtls1_connect(SSL *s)
243		243
244	s->state = SSL3_ST_CW_CLNT_HELLO_A;	244	s->state = SSL3_ST_CW_CLNT_HELLO_A;
245	s->ctx->internal->stats.sess_connect++;	245	s->ctx->internal->stats.sess_connect++;
246	s->init_num = 0;	246	s->internal->init_num = 0;
247	/* mark client_random uninitialized */	247	/* mark client_random uninitialized */
248	memset(s->s3->client_random, 0,	248	memset(s->s3->client_random, 0,
249	sizeof(s->s3->client_random));	249	sizeof(s->s3->client_random));
250	D1I(s)->send_cookie = 0;	250	D1I(s)->send_cookie = 0;
251	s->hit = 0;	251	s->internal->hit = 0;
252	break;	252	break;
253		253
254		254
255	case SSL3_ST_CW_CLNT_HELLO_A:	255	case SSL3_ST_CW_CLNT_HELLO_A:
256	case SSL3_ST_CW_CLNT_HELLO_B:	256	case SSL3_ST_CW_CLNT_HELLO_B:
257		257
258	s->shutdown = 0;	258	s->internal->shutdown = 0;
259		259
260	/* every DTLS ClientHello resets Finished MAC */	260	/* every DTLS ClientHello resets Finished MAC */
261	if (!tls1_init_finished_mac(s)) {	261	if (!tls1_init_finished_mac(s)) {
@@ -274,7 +274,7 @@ dtls1_connect(SSL *s)
274	} else	274	} else
275	s->state = SSL3_ST_CR_SRVR_HELLO_A;	275	s->state = SSL3_ST_CR_SRVR_HELLO_A;
276		276
277	s->init_num = 0;	277	s->internal->init_num = 0;
278		278
279	/* turn on buffering for the next lot of output */	279	/* turn on buffering for the next lot of output */
280	if (s->bbio != s->wbio)	280	if (s->bbio != s->wbio)
@@ -288,13 +288,13 @@ dtls1_connect(SSL *s)
288	if (ret <= 0)	288	if (ret <= 0)
289	goto end;	289	goto end;
290	else {	290	else {
291	if (s->hit) {	291	if (s->internal->hit) {
292		292
293	s->state = SSL3_ST_CR_FINISHED_A;	293	s->state = SSL3_ST_CR_FINISHED_A;
294	} else	294	} else
295	s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;	295	s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
296	}	296	}
297	s->init_num = 0;	297	s->internal->init_num = 0;
298	break;	298	break;
299		299
300	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:	300	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
@@ -308,7 +308,7 @@ dtls1_connect(SSL *s)
308	s->state = SSL3_ST_CW_CLNT_HELLO_A;	308	s->state = SSL3_ST_CW_CLNT_HELLO_A;
309	else	309	else
310	s->state = SSL3_ST_CR_CERT_A;	310	s->state = SSL3_ST_CR_CERT_A;
311	s->init_num = 0;	311	s->internal->init_num = 0;
312	break;	312	break;
313		313
314	case SSL3_ST_CR_CERT_A:	314	case SSL3_ST_CR_CERT_A:
@@ -317,12 +317,12 @@ dtls1_connect(SSL *s)
317	if (ret <= 0)	317	if (ret <= 0)
318	goto end;	318	goto end;
319	if (ret == 2) {	319	if (ret == 2) {
320	s->hit = 1;	320	s->internal->hit = 1;
321	if (s->tlsext_ticket_expected)	321	if (s->internal->tlsext_ticket_expected)
322	s->state = SSL3_ST_CR_SESSION_TICKET_A;	322	s->state = SSL3_ST_CR_SESSION_TICKET_A;
323	else	323	else
324	s->state = SSL3_ST_CR_FINISHED_A;	324	s->state = SSL3_ST_CR_FINISHED_A;
325	s->init_num = 0;	325	s->internal->init_num = 0;
326	break;	326	break;
327	}	327	}
328	/* Check if it is anon DH. */	328	/* Check if it is anon DH. */
@@ -331,7 +331,7 @@ dtls1_connect(SSL *s)
331	ret = ssl3_get_server_certificate(s);	331	ret = ssl3_get_server_certificate(s);
332	if (ret <= 0)	332	if (ret <= 0)
333	goto end;	333	goto end;
334	if (s->tlsext_status_expected)	334	if (s->internal->tlsext_status_expected)
335	s->state = SSL3_ST_CR_CERT_STATUS_A;	335	s->state = SSL3_ST_CR_CERT_STATUS_A;
336	else	336	else
337	s->state = SSL3_ST_CR_KEY_EXCH_A;	337	s->state = SSL3_ST_CR_KEY_EXCH_A;
@@ -339,7 +339,7 @@ dtls1_connect(SSL *s)
339	skip = 1;	339	skip = 1;
340	s->state = SSL3_ST_CR_KEY_EXCH_A;	340	s->state = SSL3_ST_CR_KEY_EXCH_A;
341	}	341	}
342	s->init_num = 0;	342	s->internal->init_num = 0;
343	break;	343	break;
344		344
345	case SSL3_ST_CR_KEY_EXCH_A:	345	case SSL3_ST_CR_KEY_EXCH_A:
@@ -348,7 +348,7 @@ dtls1_connect(SSL *s)
348	if (ret <= 0)	348	if (ret <= 0)
349	goto end;	349	goto end;
350	s->state = SSL3_ST_CR_CERT_REQ_A;	350	s->state = SSL3_ST_CR_CERT_REQ_A;
351	s->init_num = 0;	351	s->internal->init_num = 0;
352		352
353	/* at this point we check that we have the	353	/* at this point we check that we have the
354	* required stuff from the server */	354	* required stuff from the server */
@@ -364,7 +364,7 @@ dtls1_connect(SSL *s)
364	if (ret <= 0)	364	if (ret <= 0)
365	goto end;	365	goto end;
366	s->state = SSL3_ST_CR_SRVR_DONE_A;	366	s->state = SSL3_ST_CR_SRVR_DONE_A;
367	s->init_num = 0;	367	s->internal->init_num = 0;
368	break;	368	break;
369		369
370	case SSL3_ST_CR_SRVR_DONE_A:	370	case SSL3_ST_CR_SRVR_DONE_A:
@@ -377,7 +377,7 @@ dtls1_connect(SSL *s)
377	S3I(s)->tmp.next_state = SSL3_ST_CW_CERT_A;	377	S3I(s)->tmp.next_state = SSL3_ST_CW_CERT_A;
378	else	378	else
379	S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;	379	S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
380	s->init_num = 0;	380	s->internal->init_num = 0;
381	s->state = S3I(s)->tmp.next_state;	381	s->state = S3I(s)->tmp.next_state;
382	break;	382	break;
383		383
@@ -390,7 +390,7 @@ dtls1_connect(SSL *s)
390	if (ret <= 0)	390	if (ret <= 0)
391	goto end;	391	goto end;
392	s->state = SSL3_ST_CW_KEY_EXCH_A;	392	s->state = SSL3_ST_CW_KEY_EXCH_A;
393	s->init_num = 0;	393	s->internal->init_num = 0;
394	break;	394	break;
395		395
396	case SSL3_ST_CW_KEY_EXCH_A:	396	case SSL3_ST_CW_KEY_EXCH_A:
@@ -411,7 +411,7 @@ dtls1_connect(SSL *s)
411	S3I(s)->change_cipher_spec = 0;	411	S3I(s)->change_cipher_spec = 0;
412	}	412	}
413		413
414	s->init_num = 0;	414	s->internal->init_num = 0;
415	break;	415	break;
416		416
417	case SSL3_ST_CW_CERT_VRFY_A:	417	case SSL3_ST_CW_CERT_VRFY_A:
@@ -421,13 +421,13 @@ dtls1_connect(SSL *s)
421	if (ret <= 0)	421	if (ret <= 0)
422	goto end;	422	goto end;
423	s->state = SSL3_ST_CW_CHANGE_A;	423	s->state = SSL3_ST_CW_CHANGE_A;
424	s->init_num = 0;	424	s->internal->init_num = 0;
425	S3I(s)->change_cipher_spec = 0;	425	S3I(s)->change_cipher_spec = 0;
426	break;	426	break;
427		427
428	case SSL3_ST_CW_CHANGE_A:	428	case SSL3_ST_CW_CHANGE_A:
429	case SSL3_ST_CW_CHANGE_B:	429	case SSL3_ST_CW_CHANGE_B:
430	if (!s->hit)	430	if (!s->internal->hit)
431	dtls1_start_timer(s);	431	dtls1_start_timer(s);
432	ret = dtls1_send_change_cipher_spec(s,	432	ret = dtls1_send_change_cipher_spec(s,
433	SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);	433	SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
@@ -435,7 +435,7 @@ dtls1_connect(SSL *s)
435	goto end;	435	goto end;
436		436
437	s->state = SSL3_ST_CW_FINISHED_A;	437	s->state = SSL3_ST_CW_FINISHED_A;
438	s->init_num = 0;	438	s->internal->init_num = 0;
439		439
440	s->session->cipher = S3I(s)->tmp.new_cipher;	440	s->session->cipher = S3I(s)->tmp.new_cipher;
441	if (!s->method->ssl3_enc->setup_key_block(s)) {	441	if (!s->method->ssl3_enc->setup_key_block(s)) {
@@ -455,7 +455,7 @@ dtls1_connect(SSL *s)
455		455
456	case SSL3_ST_CW_FINISHED_A:	456	case SSL3_ST_CW_FINISHED_A:
457	case SSL3_ST_CW_FINISHED_B:	457	case SSL3_ST_CW_FINISHED_B:
458	if (!s->hit)	458	if (!s->internal->hit)
459	dtls1_start_timer(s);	459	dtls1_start_timer(s);
460	ret = ssl3_send_finished(s,	460	ret = ssl3_send_finished(s,
461	SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,	461	SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
@@ -467,7 +467,7 @@ dtls1_connect(SSL *s)
467		467
468	/* clear flags */	468	/* clear flags */
469	s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;	469	s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
470	if (s->hit) {	470	if (s->internal->hit) {
471	S3I(s)->tmp.next_state = SSL_ST_OK;	471	S3I(s)->tmp.next_state = SSL_ST_OK;
472	if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {	472	if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
473	s->state = SSL_ST_OK;	473	s->state = SSL_ST_OK;
@@ -477,14 +477,14 @@ dtls1_connect(SSL *s)
477	} else {	477	} else {
478		478
479	/* Allow NewSessionTicket if ticket expected */	479	/* Allow NewSessionTicket if ticket expected */
480	if (s->tlsext_ticket_expected)	480	if (s->internal->tlsext_ticket_expected)
481	S3I(s)->tmp.next_state =	481	S3I(s)->tmp.next_state =
482	SSL3_ST_CR_SESSION_TICKET_A;	482	SSL3_ST_CR_SESSION_TICKET_A;
483	else	483	else
484	S3I(s)->tmp.next_state =	484	S3I(s)->tmp.next_state =
485	SSL3_ST_CR_FINISHED_A;	485	SSL3_ST_CR_FINISHED_A;
486	}	486	}
487	s->init_num = 0;	487	s->internal->init_num = 0;
488	break;	488	break;
489		489
490	case SSL3_ST_CR_SESSION_TICKET_A:	490	case SSL3_ST_CR_SESSION_TICKET_A:
@@ -493,7 +493,7 @@ dtls1_connect(SSL *s)
493	if (ret <= 0)	493	if (ret <= 0)
494	goto end;	494	goto end;
495	s->state = SSL3_ST_CR_FINISHED_A;	495	s->state = SSL3_ST_CR_FINISHED_A;
496	s->init_num = 0;	496	s->internal->init_num = 0;
497	break;	497	break;
498		498
499	case SSL3_ST_CR_CERT_STATUS_A:	499	case SSL3_ST_CR_CERT_STATUS_A:
@@ -502,7 +502,7 @@ dtls1_connect(SSL *s)
502	if (ret <= 0)	502	if (ret <= 0)
503	goto end;	503	goto end;
504	s->state = SSL3_ST_CR_KEY_EXCH_A;	504	s->state = SSL3_ST_CR_KEY_EXCH_A;
505	s->init_num = 0;	505	s->internal->init_num = 0;
506	break;	506	break;
507		507
508	case SSL3_ST_CR_FINISHED_A:	508	case SSL3_ST_CR_FINISHED_A:
@@ -514,28 +514,28 @@ dtls1_connect(SSL *s)
514	goto end;	514	goto end;
515	dtls1_stop_timer(s);	515	dtls1_stop_timer(s);
516		516
517	if (s->hit)	517	if (s->internal->hit)
518	s->state = SSL3_ST_CW_CHANGE_A;	518	s->state = SSL3_ST_CW_CHANGE_A;
519	else	519	else
520	s->state = SSL_ST_OK;	520	s->state = SSL_ST_OK;
521		521
522		522
523	s->init_num = 0;	523	s->internal->init_num = 0;
524	break;	524	break;
525		525
526	case SSL3_ST_CW_FLUSH:	526	case SSL3_ST_CW_FLUSH:
527	s->rwstate = SSL_WRITING;	527	s->internal->rwstate = SSL_WRITING;
528	if (BIO_flush(s->wbio) <= 0) {	528	if (BIO_flush(s->wbio) <= 0) {
529	/* If the write error was fatal, stop trying */	529	/* If the write error was fatal, stop trying */
530	if (!BIO_should_retry(s->wbio)) {	530	if (!BIO_should_retry(s->wbio)) {
531	s->rwstate = SSL_NOTHING;	531	s->internal->rwstate = SSL_NOTHING;
532	s->state = S3I(s)->tmp.next_state;	532	s->state = S3I(s)->tmp.next_state;
533	}	533	}
534		534
535	ret = -1;	535	ret = -1;
536	goto end;	536	goto end;
537	}	537	}
538	s->rwstate = SSL_NOTHING;	538	s->internal->rwstate = SSL_NOTHING;
539	s->state = S3I(s)->tmp.next_state;	539	s->state = S3I(s)->tmp.next_state;
540	break;	540	break;
541		541
@@ -549,12 +549,12 @@ dtls1_connect(SSL *s)
549	ssl_free_wbio_buffer(s);	549	ssl_free_wbio_buffer(s);
550	/* else do it later in ssl3_write */	550	/* else do it later in ssl3_write */
551		551
552	s->init_num = 0;	552	s->internal->init_num = 0;
553	s->renegotiate = 0;	553	s->internal->renegotiate = 0;
554	s->new_session = 0;	554	s->internal->new_session = 0;
555		555
556	ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);	556	ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
557	if (s->hit)	557	if (s->internal->hit)
558	s->ctx->internal->stats.sess_hit++;	558	s->ctx->internal->stats.sess_hit++;
559		559
560	ret = 1;	560	ret = 1;
@@ -580,7 +580,7 @@ dtls1_connect(SSL *s)
580		580
581	/* did we do anything */	581	/* did we do anything */
582	if (!S3I(s)->tmp.reuse_message && !skip) {	582	if (!S3I(s)->tmp.reuse_message && !skip) {
583	if (s->debug) {	583	if (s->internal->debug) {
584	if ((ret = BIO_flush(s->wbio)) <= 0)	584	if ((ret = BIO_flush(s->wbio)) <= 0)
585	goto end;	585	goto end;
586	}	586	}
@@ -613,7 +613,7 @@ dtls1_get_hello_verify(SSL *s)
613	CBS hello_verify_request, cookie;	613	CBS hello_verify_request, cookie;
614		614
615	n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,	615	n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
616	DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok);	616	DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok);
617		617
618	if (!ok)	618	if (!ok)
619	return ((int)n);	619	return ((int)n);
@@ -627,7 +627,7 @@ dtls1_get_hello_verify(SSL *s)
627	if (n < 0)	627	if (n < 0)
628	goto truncated;	628	goto truncated;
629		629
630	CBS_init(&hello_verify_request, s->init_msg, n);	630	CBS_init(&hello_verify_request, s->internal->init_msg, n);
631		631
632	if (!CBS_get_u16(&hello_verify_request, &ssl_version))	632	if (!CBS_get_u16(&hello_verify_request, &ssl_version))
633	goto truncated;	633	goto truncated;