Move state from ssl->internal to the handshake structure.

while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
author: beck <> 2017-05-07 04:22:24 +0000
committer: beck <> 2017-05-07 04:22:24 +0000
commit: 3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5 (patch)
tree: 9f980ffff8490ca0af628971a6d8ceb4a23d3b99 /src/lib/libssl/d1_srvr.c
parent: 2145114fc4f04a6a75134ef92bc551a976292150 (diff)
download: openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.gz
openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.bz2
openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.zip
1 files changed, 46 insertions, 46 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 1ef8bce56b..ae90ee2093 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.87 2017/05/06 22:24:57 beck Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.88 2017/05/07 04:22:24 beck Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -208,12 +208,12 @@ dtls1_accept(SSL *s)
        }
        for (;;) {
-                state = s->internal->state;
+                state = S3I(s)->hs.state;
-                switch (s->internal->state) {
+                switch (S3I(s)->hs.state) {
                case SSL_ST_RENEGOTIATE:
                        s->internal->renegotiate = 1;
-                        /* s->internal->state=SSL_ST_ACCEPT; */
+                        /* S3I(s)->hs.state=SSL_ST_ACCEPT; */
                case SSL_ST_BEFORE:
                case SSL_ST_ACCEPT:
@@ -242,7 +242,7 @@ dtls1_accept(SSL *s)
                        s->internal->init_num = 0;
-                        if (s->internal->state != SSL_ST_RENEGOTIATE) {
+                        if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
                                /* Ok, we now need to push on a buffering BIO so that
                                 * the output is sent in a way that TCP likes :-)
                                 * ...but not with SCTP :-)
@@ -257,13 +257,13 @@ dtls1_accept(SSL *s)
                                        goto end;
                                }
-                                s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
+                                S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
                                s->ctx->internal->stats.sess_accept++;
                        } else {
-                                /* s->internal->state == SSL_ST_RENEGOTIATE,
+                                /* S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
                                 * we will just send a HelloRequest */
                                s->ctx->internal->stats.sess_accept_renegotiate++;
-                                s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
                        }
                        break;
@@ -278,7 +278,7 @@ dtls1_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
-                        s->internal->state = SSL3_ST_SW_FLUSH;
+                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
                        if (!tls1_init_finished_mac(s)) {
@@ -288,7 +288,7 @@ dtls1_accept(SSL *s)
                        break;
                case SSL3_ST_SW_HELLO_REQ_C:
-                        s->internal->state = SSL_ST_OK;
+                        S3I(s)->hs.state = SSL_ST_OK;
                        break;
                case SSL3_ST_SR_CLNT_HELLO_A:
@@ -302,9 +302,9 @@ dtls1_accept(SSL *s)
                        dtls1_stop_timer(s);
                        if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
-                                s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
+                                S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
                        else
-                                s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
                        s->internal->init_num = 0;
@@ -314,7 +314,7 @@ dtls1_accept(SSL *s)
                        }
                        /* If we're just listening, stop here */
-                        if (listen && s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
+                        if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
                                ret = 2;
                                D1I(s)->listen = 0;
                                /* Set expected sequence numbers
@@ -334,7 +334,7 @@ dtls1_accept(SSL *s)
                        ret = dtls1_send_hello_verify_request(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SW_FLUSH;
+                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
                        /* HelloVerifyRequest resets Finished MAC */
@@ -355,11 +355,11 @@ dtls1_accept(SSL *s)
                        if (s->internal->hit) {
                                if (s->internal->tlsext_ticket_expected)
-                                        s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
+                                        S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
                                else
-                                        s->internal->state = SSL3_ST_SW_CHANGE_A;
+                                        S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
                        } else
-                                s->internal->state = SSL3_ST_SW_CERT_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
                        s->internal->init_num = 0;
                        break;
@@ -373,12 +373,12 @@ dtls1_accept(SSL *s)
                                if (ret <= 0)
                                        goto end;
                                if (s->internal->tlsext_status_expected)
-                                        s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
+                                        S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A;
                                else
-                                        s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+                                        S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
                        } else {
                                skip = 1;
-                                s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
                        }
                        s->internal->init_num = 0;
                        break;
@@ -396,7 +396,7 @@ dtls1_accept(SSL *s)
                        } else
                                skip = 1;
-                        s->internal->state = SSL3_ST_SW_CERT_REQ_A;
+                        S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A;
                        s->internal->init_num = 0;
                        break;
@@ -428,14 +428,14 @@ dtls1_accept(SSL *s)
                                /* no cert request */
                                skip = 1;
                                S3I(s)->tmp.cert_request = 0;
-                                s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
                        } else {
                                S3I(s)->tmp.cert_request = 1;
                                dtls1_start_timer(s);
                                ret = ssl3_send_certificate_request(s);
                                if (ret <= 0)
                                        goto end;
-                                s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
                                s->internal->init_num = 0;
                        }
                        break;
@@ -447,7 +447,7 @@ dtls1_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
-                        s->internal->state = SSL3_ST_SW_FLUSH;
+                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
                        break;
@@ -457,14 +457,14 @@ dtls1_accept(SSL *s)
                                /* If the write error was fatal, stop trying */
                                if (!BIO_should_retry(s->wbio)) {
                                        s->internal->rwstate = SSL_NOTHING;
-                                        s->internal->state = S3I(s)->hs.next_state;
+                                        S3I(s)->hs.state = S3I(s)->hs.next_state;
                                }
                                ret = -1;
                                goto end;
                        }
                        s->internal->rwstate = SSL_NOTHING;
-                        s->internal->state = S3I(s)->hs.next_state;
+                        S3I(s)->hs.state = S3I(s)->hs.next_state;
                        break;
                case SSL3_ST_SR_CERT_A:
@@ -475,7 +475,7 @@ dtls1_accept(SSL *s)
                                        goto end;
                        }
                        s->internal->init_num = 0;
-                        s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
+                        S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A;
                        break;
                case SSL3_ST_SR_KEY_EXCH_A:
@@ -484,7 +484,7 @@ dtls1_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+                        S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
                        s->internal->init_num = 0;
                        if (ret == 2) {
@@ -493,10 +493,10 @@ dtls1_accept(SSL *s)
                                 * a certificate, the CertificateVerify
                                 * message is not sent.
                                 */
-                                s->internal->state = SSL3_ST_SR_FINISHED_A;
+                                S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
                                s->internal->init_num = 0;
                        } else if (SSL_USE_SIGALGS(s)) {
-                                s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+                                S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
                                if (!s->session->peer)
                                        break;
@@ -516,7 +516,7 @@ dtls1_accept(SSL *s)
                                        goto end;
                                }
                        } else {
-                                s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+                                S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
                                /*
@@ -547,7 +547,7 @@ dtls1_accept(SSL *s)
                        ret = ssl3_get_cert_verify(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SR_FINISHED_A;
+                        S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
                        s->internal->init_num = 0;
                        break;
@@ -560,11 +560,11 @@ dtls1_accept(SSL *s)
                                goto end;
                        dtls1_stop_timer(s);
                        if (s->internal->hit)
-                                s->internal->state = SSL_ST_OK;
+                                S3I(s)->hs.state = SSL_ST_OK;
                        else if (s->internal->tlsext_ticket_expected)
-                                s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
                        else
-                                s->internal->state = SSL3_ST_SW_CHANGE_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
                        s->internal->init_num = 0;
                        break;
@@ -573,7 +573,7 @@ dtls1_accept(SSL *s)
                        ret = ssl3_send_newsession_ticket(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SW_CHANGE_A;
+                        S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
                        s->internal->init_num = 0;
                        break;
@@ -582,7 +582,7 @@ dtls1_accept(SSL *s)
                        ret = ssl3_send_cert_status(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+                        S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
                        s->internal->init_num = 0;
                        break;
@@ -603,7 +603,7 @@ dtls1_accept(SSL *s)
                                goto end;
-                        s->internal->state = SSL3_ST_SW_FINISHED_A;
+                        S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
                        s->internal->init_num = 0;
                        if (!tls1_change_cipher_state(s,
@@ -623,7 +623,7 @@ dtls1_accept(SSL *s)
                            TLS_MD_SERVER_FINISH_CONST_SIZE);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SW_FLUSH;
+                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        if (s->internal->hit) {
                                S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
@@ -680,11 +680,11 @@ dtls1_accept(SSL *s)
                                        goto end;
                        }
-                        if ((cb != NULL) && (s->internal->state != state)) {
+                        if ((cb != NULL) && (S3I(s)->hs.state != state)) {
-                                new_state = s->internal->state;
+                                new_state = S3I(s)->hs.state;
-                                s->internal->state = state;
+                                S3I(s)->hs.state = state;
                                cb(s, SSL_CB_ACCEPT_LOOP, 1);
-                                s->internal->state = new_state;
+                                S3I(s)->hs.state = new_state;
                        }
                }
                skip = 0;
@@ -707,7 +707,7 @@ dtls1_send_hello_verify_request(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->internal->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
+        if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
                if (s->ctx->internal->app_gen_cookie_cb == NULL ||
                    s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie,
                        &(D1I(s)->cookie_len)) == 0) {
@@ -727,10 +727,10 @@ dtls1_send_hello_verify_request(SSL *s)
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
+                S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
        }
-        /* s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+        /* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
        return (ssl3_handshake_write(s));
 err:
author	beck <>	2017-05-07 04:22:24 +0000
committer	beck <>	2017-05-07 04:22:24 +0000
commit	3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5 (patch)
tree	9f980ffff8490ca0af628971a6d8ceb4a23d3b99 /src/lib/libssl/d1_srvr.c
parent	2145114fc4f04a6a75134ef92bc551a976292150 (diff)
download	openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.gz openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.bz2 openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.zip

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 1ef8bce56b..ae90ee2093 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.87 2017/05/06 22:24:57 beck Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.88 2017/05/07 04:22:24 beck Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -208,12 +208,12 @@ dtls1_accept(SSL *s)
208	}	208	}
209		209
210	for (;;) {	210	for (;;) {
211	state = s->internal->state;	211	state = S3I(s)->hs.state;
212		212
213	switch (s->internal->state) {	213	switch (S3I(s)->hs.state) {
214	case SSL_ST_RENEGOTIATE:	214	case SSL_ST_RENEGOTIATE:
215	s->internal->renegotiate = 1;	215	s->internal->renegotiate = 1;
216	/* s->internal->state=SSL_ST_ACCEPT; */	216	/* S3I(s)->hs.state=SSL_ST_ACCEPT; */
217		217
218	case SSL_ST_BEFORE:	218	case SSL_ST_BEFORE:
219	case SSL_ST_ACCEPT:	219	case SSL_ST_ACCEPT:
@@ -242,7 +242,7 @@ dtls1_accept(SSL *s)
242		242
243	s->internal->init_num = 0;	243	s->internal->init_num = 0;
244		244
245	if (s->internal->state != SSL_ST_RENEGOTIATE) {	245	if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
246	/* Ok, we now need to push on a buffering BIO so that	246	/* Ok, we now need to push on a buffering BIO so that
247	* the output is sent in a way that TCP likes :-)	247	* the output is sent in a way that TCP likes :-)
248	* ...but not with SCTP :-)	248	* ...but not with SCTP :-)
@@ -257,13 +257,13 @@ dtls1_accept(SSL *s)
257	goto end;	257	goto end;
258	}	258	}
259		259
260	s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;	260	S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
261	s->ctx->internal->stats.sess_accept++;	261	s->ctx->internal->stats.sess_accept++;
262	} else {	262	} else {
263	/* s->internal->state == SSL_ST_RENEGOTIATE,	263	/* S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
264	* we will just send a HelloRequest */	264	* we will just send a HelloRequest */
265	s->ctx->internal->stats.sess_accept_renegotiate++;	265	s->ctx->internal->stats.sess_accept_renegotiate++;
266	s->internal->state = SSL3_ST_SW_HELLO_REQ_A;	266	S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
267	}	267	}
268		268
269	break;	269	break;
@@ -278,7 +278,7 @@ dtls1_accept(SSL *s)
278	if (ret <= 0)	278	if (ret <= 0)
279	goto end;	279	goto end;
280	S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;	280	S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
281	s->internal->state = SSL3_ST_SW_FLUSH;	281	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
282	s->internal->init_num = 0;	282	s->internal->init_num = 0;
283		283
284	if (!tls1_init_finished_mac(s)) {	284	if (!tls1_init_finished_mac(s)) {
@@ -288,7 +288,7 @@ dtls1_accept(SSL *s)
288	break;	288	break;
289		289
290	case SSL3_ST_SW_HELLO_REQ_C:	290	case SSL3_ST_SW_HELLO_REQ_C:
291	s->internal->state = SSL_ST_OK;	291	S3I(s)->hs.state = SSL_ST_OK;
292	break;	292	break;
293		293
294	case SSL3_ST_SR_CLNT_HELLO_A:	294	case SSL3_ST_SR_CLNT_HELLO_A:
@@ -302,9 +302,9 @@ dtls1_accept(SSL *s)
302	dtls1_stop_timer(s);	302	dtls1_stop_timer(s);
303		303
304	if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))	304	if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
305	s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;	305	S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
306	else	306	else
307	s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;	307	S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
308		308
309	s->internal->init_num = 0;	309	s->internal->init_num = 0;
310		310
@@ -314,7 +314,7 @@ dtls1_accept(SSL *s)
314	}	314	}
315		315
316	/* If we're just listening, stop here */	316	/* If we're just listening, stop here */
317	if (listen && s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {	317	if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
318	ret = 2;	318	ret = 2;
319	D1I(s)->listen = 0;	319	D1I(s)->listen = 0;
320	/* Set expected sequence numbers	320	/* Set expected sequence numbers
@@ -334,7 +334,7 @@ dtls1_accept(SSL *s)
334	ret = dtls1_send_hello_verify_request(s);	334	ret = dtls1_send_hello_verify_request(s);
335	if (ret <= 0)	335	if (ret <= 0)
336	goto end;	336	goto end;
337	s->internal->state = SSL3_ST_SW_FLUSH;	337	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
338	S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;	338	S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
339		339
340	/* HelloVerifyRequest resets Finished MAC */	340	/* HelloVerifyRequest resets Finished MAC */
@@ -355,11 +355,11 @@ dtls1_accept(SSL *s)
355		355
356	if (s->internal->hit) {	356	if (s->internal->hit) {
357	if (s->internal->tlsext_ticket_expected)	357	if (s->internal->tlsext_ticket_expected)
358	s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;	358	S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
359	else	359	else
360	s->internal->state = SSL3_ST_SW_CHANGE_A;	360	S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
361	} else	361	} else
362	s->internal->state = SSL3_ST_SW_CERT_A;	362	S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
363	s->internal->init_num = 0;	363	s->internal->init_num = 0;
364	break;	364	break;
365		365
@@ -373,12 +373,12 @@ dtls1_accept(SSL *s)
373	if (ret <= 0)	373	if (ret <= 0)
374	goto end;	374	goto end;
375	if (s->internal->tlsext_status_expected)	375	if (s->internal->tlsext_status_expected)
376	s->internal->state = SSL3_ST_SW_CERT_STATUS_A;	376	S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A;
377	else	377	else
378	s->internal->state = SSL3_ST_SW_KEY_EXCH_A;	378	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
379	} else {	379	} else {
380	skip = 1;	380	skip = 1;
381	s->internal->state = SSL3_ST_SW_KEY_EXCH_A;	381	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
382	}	382	}
383	s->internal->init_num = 0;	383	s->internal->init_num = 0;
384	break;	384	break;
@@ -396,7 +396,7 @@ dtls1_accept(SSL *s)
396	} else	396	} else
397	skip = 1;	397	skip = 1;
398		398
399	s->internal->state = SSL3_ST_SW_CERT_REQ_A;	399	S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A;
400	s->internal->init_num = 0;	400	s->internal->init_num = 0;
401	break;	401	break;
402		402
@@ -428,14 +428,14 @@ dtls1_accept(SSL *s)
428	/* no cert request */	428	/* no cert request */
429	skip = 1;	429	skip = 1;
430	S3I(s)->tmp.cert_request = 0;	430	S3I(s)->tmp.cert_request = 0;
431	s->internal->state = SSL3_ST_SW_SRVR_DONE_A;	431	S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
432	} else {	432	} else {
433	S3I(s)->tmp.cert_request = 1;	433	S3I(s)->tmp.cert_request = 1;
434	dtls1_start_timer(s);	434	dtls1_start_timer(s);
435	ret = ssl3_send_certificate_request(s);	435	ret = ssl3_send_certificate_request(s);
436	if (ret <= 0)	436	if (ret <= 0)
437	goto end;	437	goto end;
438	s->internal->state = SSL3_ST_SW_SRVR_DONE_A;	438	S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
439	s->internal->init_num = 0;	439	s->internal->init_num = 0;
440	}	440	}
441	break;	441	break;
@@ -447,7 +447,7 @@ dtls1_accept(SSL *s)
447	if (ret <= 0)	447	if (ret <= 0)
448	goto end;	448	goto end;
449	S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;	449	S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
450	s->internal->state = SSL3_ST_SW_FLUSH;	450	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
451	s->internal->init_num = 0;	451	s->internal->init_num = 0;
452	break;	452	break;
453		453
@@ -457,14 +457,14 @@ dtls1_accept(SSL *s)
457	/* If the write error was fatal, stop trying */	457	/* If the write error was fatal, stop trying */
458	if (!BIO_should_retry(s->wbio)) {	458	if (!BIO_should_retry(s->wbio)) {
459	s->internal->rwstate = SSL_NOTHING;	459	s->internal->rwstate = SSL_NOTHING;
460	s->internal->state = S3I(s)->hs.next_state;	460	S3I(s)->hs.state = S3I(s)->hs.next_state;
461	}	461	}
462		462
463	ret = -1;	463	ret = -1;
464	goto end;	464	goto end;
465	}	465	}
466	s->internal->rwstate = SSL_NOTHING;	466	s->internal->rwstate = SSL_NOTHING;
467	s->internal->state = S3I(s)->hs.next_state;	467	S3I(s)->hs.state = S3I(s)->hs.next_state;
468	break;	468	break;
469		469
470	case SSL3_ST_SR_CERT_A:	470	case SSL3_ST_SR_CERT_A:
@@ -475,7 +475,7 @@ dtls1_accept(SSL *s)
475	goto end;	475	goto end;
476	}	476	}
477	s->internal->init_num = 0;	477	s->internal->init_num = 0;
478	s->internal->state = SSL3_ST_SR_KEY_EXCH_A;	478	S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A;
479	break;	479	break;
480		480
481	case SSL3_ST_SR_KEY_EXCH_A:	481	case SSL3_ST_SR_KEY_EXCH_A:
@@ -484,7 +484,7 @@ dtls1_accept(SSL *s)
484	if (ret <= 0)	484	if (ret <= 0)
485	goto end;	485	goto end;
486		486
487	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;	487	S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
488	s->internal->init_num = 0;	488	s->internal->init_num = 0;
489		489
490	if (ret == 2) {	490	if (ret == 2) {
@@ -493,10 +493,10 @@ dtls1_accept(SSL *s)
493	* a certificate, the CertificateVerify	493	* a certificate, the CertificateVerify
494	* message is not sent.	494	* message is not sent.
495	*/	495	*/
496	s->internal->state = SSL3_ST_SR_FINISHED_A;	496	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
497	s->internal->init_num = 0;	497	s->internal->init_num = 0;
498	} else if (SSL_USE_SIGALGS(s)) {	498	} else if (SSL_USE_SIGALGS(s)) {
499	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;	499	S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
500	s->internal->init_num = 0;	500	s->internal->init_num = 0;
501	if (!s->session->peer)	501	if (!s->session->peer)
502	break;	502	break;
@@ -516,7 +516,7 @@ dtls1_accept(SSL *s)
516	goto end;	516	goto end;
517	}	517	}
518	} else {	518	} else {
519	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;	519	S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
520	s->internal->init_num = 0;	520	s->internal->init_num = 0;
521		521
522	/*	522	/*
@@ -547,7 +547,7 @@ dtls1_accept(SSL *s)
547	ret = ssl3_get_cert_verify(s);	547	ret = ssl3_get_cert_verify(s);
548	if (ret <= 0)	548	if (ret <= 0)
549	goto end;	549	goto end;
550	s->internal->state = SSL3_ST_SR_FINISHED_A;	550	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
551	s->internal->init_num = 0;	551	s->internal->init_num = 0;
552	break;	552	break;
553		553
@@ -560,11 +560,11 @@ dtls1_accept(SSL *s)
560	goto end;	560	goto end;
561	dtls1_stop_timer(s);	561	dtls1_stop_timer(s);
562	if (s->internal->hit)	562	if (s->internal->hit)
563	s->internal->state = SSL_ST_OK;	563	S3I(s)->hs.state = SSL_ST_OK;
564	else if (s->internal->tlsext_ticket_expected)	564	else if (s->internal->tlsext_ticket_expected)
565	s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;	565	S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
566	else	566	else
567	s->internal->state = SSL3_ST_SW_CHANGE_A;	567	S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
568	s->internal->init_num = 0;	568	s->internal->init_num = 0;
569	break;	569	break;
570		570
@@ -573,7 +573,7 @@ dtls1_accept(SSL *s)
573	ret = ssl3_send_newsession_ticket(s);	573	ret = ssl3_send_newsession_ticket(s);
574	if (ret <= 0)	574	if (ret <= 0)
575	goto end;	575	goto end;
576	s->internal->state = SSL3_ST_SW_CHANGE_A;	576	S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
577	s->internal->init_num = 0;	577	s->internal->init_num = 0;
578	break;	578	break;
579		579
@@ -582,7 +582,7 @@ dtls1_accept(SSL *s)
582	ret = ssl3_send_cert_status(s);	582	ret = ssl3_send_cert_status(s);
583	if (ret <= 0)	583	if (ret <= 0)
584	goto end;	584	goto end;
585	s->internal->state = SSL3_ST_SW_KEY_EXCH_A;	585	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
586	s->internal->init_num = 0;	586	s->internal->init_num = 0;
587	break;	587	break;
588		588
@@ -603,7 +603,7 @@ dtls1_accept(SSL *s)
603	goto end;	603	goto end;
604		604
605		605
606	s->internal->state = SSL3_ST_SW_FINISHED_A;	606	S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
607	s->internal->init_num = 0;	607	s->internal->init_num = 0;
608		608
609	if (!tls1_change_cipher_state(s,	609	if (!tls1_change_cipher_state(s,
@@ -623,7 +623,7 @@ dtls1_accept(SSL *s)
623	TLS_MD_SERVER_FINISH_CONST_SIZE);	623	TLS_MD_SERVER_FINISH_CONST_SIZE);
624	if (ret <= 0)	624	if (ret <= 0)
625	goto end;	625	goto end;
626	s->internal->state = SSL3_ST_SW_FLUSH;	626	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
627	if (s->internal->hit) {	627	if (s->internal->hit) {
628	S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;	628	S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
629		629
@@ -680,11 +680,11 @@ dtls1_accept(SSL *s)
680	goto end;	680	goto end;
681	}	681	}
682		682
683	if ((cb != NULL) && (s->internal->state != state)) {	683	if ((cb != NULL) && (S3I(s)->hs.state != state)) {
684	new_state = s->internal->state;	684	new_state = S3I(s)->hs.state;
685	s->internal->state = state;	685	S3I(s)->hs.state = state;
686	cb(s, SSL_CB_ACCEPT_LOOP, 1);	686	cb(s, SSL_CB_ACCEPT_LOOP, 1);
687	s->internal->state = new_state;	687	S3I(s)->hs.state = new_state;
688	}	688	}
689	}	689	}
690	skip = 0;	690	skip = 0;
@@ -707,7 +707,7 @@ dtls1_send_hello_verify_request(SSL *s)
707		707
708	memset(&cbb, 0, sizeof(cbb));	708	memset(&cbb, 0, sizeof(cbb));
709		709
710	if (s->internal->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {	710	if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
711	if (s->ctx->internal->app_gen_cookie_cb == NULL \|\|	711	if (s->ctx->internal->app_gen_cookie_cb == NULL \|\|
712	s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie,	712	s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie,
713	&(D1I(s)->cookie_len)) == 0) {	713	&(D1I(s)->cookie_len)) == 0) {
@@ -727,10 +727,10 @@ dtls1_send_hello_verify_request(SSL *s)
727	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	727	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
728	goto err;	728	goto err;
729		729
730	s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;	730	S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
731	}	731	}
732		732
733	/* s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */	733	/* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
734	return (ssl3_handshake_write(s));	734	return (ssl3_handshake_write(s));
735		735
736	err:	736	err: