Move state from ssl->internal to the handshake structure.

while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
author: beck <> 2017-05-07 04:22:24 +0000
committer: beck <> 2017-05-07 04:22:24 +0000
commit: 3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5 (patch)
tree: 9f980ffff8490ca0af628971a6d8ceb4a23d3b99 /src/lib/libssl/ssl_srvr.c
parent: 2145114fc4f04a6a75134ef92bc551a976292150 (diff)
download: openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.gz
openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.bz2
openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.zip
1 files changed, 59 insertions, 59 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 35a9ace527..730d4ed1ad 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.16 2017/05/06 22:24:58 beck Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.17 2017/05/07 04:22:24 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -195,12 +195,12 @@ ssl3_accept(SSL *s)
        }
        for (;;) {
-                state = s->internal->state;
+                state = S3I(s)->hs.state;
-                switch (s->internal->state) {
+                switch (S3I(s)->hs.state) {
                case SSL_ST_RENEGOTIATE:
                        s->internal->renegotiate = 1;
-                        /* s->internal->state=SSL_ST_ACCEPT; */
+                        /* S3I(s)->hs.state=SSL_ST_ACCEPT; */
                case SSL_ST_BEFORE:
                case SSL_ST_ACCEPT:
@@ -229,7 +229,7 @@ ssl3_accept(SSL *s)
                        s->internal->init_num = 0;
-                        if (s->internal->state != SSL_ST_RENEGOTIATE) {
+                        if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
                                /*
                                 * Ok, we now need to push on a buffering BIO
                                 * so that the output is sent in a way that
@@ -245,7 +245,7 @@ ssl3_accept(SSL *s)
                                        goto end;
                                }
-                                s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
+                                S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
                                s->ctx->internal->stats.sess_accept++;
                        } else if (!S3I(s)->send_connection_binding) {
                                /*
@@ -260,11 +260,11 @@ ssl3_accept(SSL *s)
                                goto end;
                        } else {
                                /*
-                                 * s->internal->state == SSL_ST_RENEGOTIATE,
+                                 * S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
                                 * we will just send a HelloRequest
                                 */
                                s->ctx->internal->stats.sess_accept_renegotiate++;
-                                s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
                        }
                        break;
@@ -276,7 +276,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
-                        s->internal->state = SSL3_ST_SW_FLUSH;
+                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
                        if (!tls1_init_finished_mac(s)) {
@@ -286,7 +286,7 @@ ssl3_accept(SSL *s)
                        break;
                case SSL3_ST_SW_HELLO_REQ_C:
-                        s->internal->state = SSL_ST_OK;
+                        S3I(s)->hs.state = SSL_ST_OK;
                        break;
                case SSL3_ST_SR_CLNT_HELLO_A:
@@ -301,7 +301,7 @@ ssl3_accept(SSL *s)
                        }
                        s->internal->renegotiate = 2;
-                        s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;
+                        S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
                        s->internal->init_num = 0;
                        break;
@@ -312,12 +312,12 @@ ssl3_accept(SSL *s)
                                goto end;
                        if (s->internal->hit) {
                                if (s->internal->tlsext_ticket_expected)
-                                        s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
+                                        S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
                                else
-                                        s->internal->state = SSL3_ST_SW_CHANGE_A;
+                                        S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
                        }
                        else
-                                s->internal->state = SSL3_ST_SW_CERT_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
                        s->internal->init_num = 0;
                        break;
@@ -330,12 +330,12 @@ ssl3_accept(SSL *s)
                                if (ret <= 0)
                                        goto end;
                                if (s->internal->tlsext_status_expected)
-                                        s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
+                                        S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A;
                                else
-                                        s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+                                        S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
                        } else {
                                skip = 1;
-                                s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
                        }
                        s->internal->init_num = 0;
                        break;
@@ -359,7 +359,7 @@ ssl3_accept(SSL *s)
                        } else
                                skip = 1;
-                        s->internal->state = SSL3_ST_SW_CERT_REQ_A;
+                        S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A;
                        s->internal->init_num = 0;
                        break;
@@ -391,7 +391,7 @@ ssl3_accept(SSL *s)
                                /* No cert request */
                                skip = 1;
                                S3I(s)->tmp.cert_request = 0;
-                                s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
                                if (S3I(s)->handshake_buffer) {
                                        if (!tls1_digest_cached_records(s)) {
                                                ret = -1;
@@ -403,7 +403,7 @@ ssl3_accept(SSL *s)
                                ret = ssl3_send_certificate_request(s);
                                if (ret <= 0)
                                        goto end;
-                                s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
                                s->internal->init_num = 0;
                        }
                        break;
@@ -414,7 +414,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
-                        s->internal->state = SSL3_ST_SW_FLUSH;
+                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
                        break;
@@ -438,7 +438,7 @@ ssl3_accept(SSL *s)
                        }
                        s->internal->rwstate = SSL_NOTHING;
-                        s->internal->state = S3I(s)->hs.next_state;
+                        S3I(s)->hs.state = S3I(s)->hs.next_state;
                        break;
                case SSL3_ST_SR_CERT_A:
@@ -449,7 +449,7 @@ ssl3_accept(SSL *s)
                                        goto end;
                        }
                        s->internal->init_num = 0;
-                        s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
+                        S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A;
                        break;
                case SSL3_ST_SR_KEY_EXCH_A:
@@ -469,12 +469,12 @@ ssl3_accept(SSL *s)
                                 * for key exchange.
                                 */
                                if (S3I(s)->next_proto_neg_seen)
-                                        s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
+                                        S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
                                else
-                                        s->internal->state = SSL3_ST_SR_FINISHED_A;
+                                        S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
                                s->internal->init_num = 0;
                        } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
-                                s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+                                S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
                                if (!s->session->peer)
                                        break;
@@ -493,7 +493,7 @@ ssl3_accept(SSL *s)
                                        goto end;
                                }
                        } else {
-                                s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+                                S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
                                /*
@@ -526,9 +526,9 @@ ssl3_accept(SSL *s)
                                goto end;
                        if (S3I(s)->next_proto_neg_seen)
-                                s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
+                                S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
                        else
-                                s->internal->state = SSL3_ST_SR_FINISHED_A;
+                                S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
                        s->internal->init_num = 0;
                        break;
@@ -538,7 +538,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->internal->init_num = 0;
-                        s->internal->state = SSL3_ST_SR_FINISHED_A;
+                        S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
                        break;
                case SSL3_ST_SR_FINISHED_A:
@@ -549,11 +549,11 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        if (s->internal->hit)
-                                s->internal->state = SSL_ST_OK;
+                                S3I(s)->hs.state = SSL_ST_OK;
                        else if (s->internal->tlsext_ticket_expected)
-                                s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
                        else
-                                s->internal->state = SSL3_ST_SW_CHANGE_A;
+                                S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
                        s->internal->init_num = 0;
                        break;
@@ -562,7 +562,7 @@ ssl3_accept(SSL *s)
                        ret = ssl3_send_newsession_ticket(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SW_CHANGE_A;
+                        S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
                        s->internal->init_num = 0;
                        break;
@@ -571,7 +571,7 @@ ssl3_accept(SSL *s)
                        ret = ssl3_send_cert_status(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+                        S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
                        s->internal->init_num = 0;
                        break;
@@ -590,7 +590,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SW_FINISHED_A;
+                        S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
                        s->internal->init_num = 0;
                        if (!tls1_change_cipher_state(
@@ -609,7 +609,7 @@ ssl3_accept(SSL *s)
                        TLS_MD_SERVER_FINISH_CONST_SIZE);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_SW_FLUSH;
+                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
                        if (s->internal->hit) {
                                if (S3I(s)->next_proto_neg_seen) {
                                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -668,11 +668,11 @@ ssl3_accept(SSL *s)
                        }
-                        if ((cb != NULL) && (s->internal->state != state)) {
+                        if ((cb != NULL) && (S3I(s)->hs.state != state)) {
-                                new_state = s->internal->state;
+                                new_state = S3I(s)->hs.state;
-                                s->internal->state = state;
+                                S3I(s)->hs.state = state;
                                cb(s, SSL_CB_ACCEPT_LOOP, 1);
-                                s->internal->state = new_state;
+                                S3I(s)->hs.state = new_state;
                        }
                }
                skip = 0;
@@ -693,14 +693,14 @@ ssl3_send_hello_request(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) {
                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello,
                    SSL3_MT_HELLO_REQUEST))
                        goto err;
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->internal->state = SSL3_ST_SW_HELLO_REQ_B;
+                S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B;
        }
        /* SSL3_ST_SW_HELLO_REQ_B */
@@ -738,8 +738,8 @@ ssl3_get_client_hello(SSL *s)
         * If we are SSLv3, we will respond with SSLv3, even if prompted with
         * TLSv1.
         */
-        if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) {
-                s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
+                S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
        }
        s->internal->first_packet = 1;
@@ -1087,7 +1087,7 @@ ssl3_send_server_hello(SSL *s)
        bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
-        if (s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
                d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
                if (!CBB_init_fixed(&cbb, p, bufend - p))
@@ -1169,14 +1169,14 @@ ssl3_send_server_done(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) {
                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done,
                    SSL3_MT_SERVER_DONE))
                        goto err;
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->internal->state = SSL3_ST_SW_SRVR_DONE_B;
+                S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B;
        }
        /* SSL3_ST_SW_SRVR_DONE_B */
@@ -1457,7 +1457,7 @@ ssl3_send_server_key_exchange(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
        EVP_MD_CTX_init(&md_ctx);
-        if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
                type = S3I(s)->hs.new_cipher->algorithm_mkey;
                buf = s->internal->init_buf;
@@ -1576,7 +1576,7 @@ ssl3_send_server_key_exchange(SSL *s)
                ssl3_handshake_msg_finish(s, n);
        }
-        s->internal->state = SSL3_ST_SW_KEY_EXCH_B;
+        S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
        EVP_MD_CTX_cleanup(&md_ctx);
@@ -1601,7 +1601,7 @@ ssl3_send_certificate_request(SSL *s)
        X509_NAME *name;
        BUF_MEM *buf;
-        if (s->internal->state == SSL3_ST_SW_CERT_REQ_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) {
                buf = s->internal->init_buf;
                d = p = ssl3_handshake_msg_start(s,
@@ -1652,7 +1652,7 @@ ssl3_send_certificate_request(SSL *s)
                ssl3_handshake_msg_finish(s, n);
-                s->internal->state = SSL3_ST_SW_CERT_REQ_B;
+                S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B;
        }
        /* SSL3_ST_SW_CERT_REQ_B */
@@ -2539,7 +2539,7 @@ ssl3_send_server_certificate(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->internal->state == SSL3_ST_SW_CERT_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) {
                if ((x = ssl_get_server_send_cert(s)) == NULL) {
                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        return (0);
@@ -2553,7 +2553,7 @@ ssl3_send_server_certificate(SSL *s)
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->internal->state = SSL3_ST_SW_CERT_B;
+                S3I(s)->hs.state = SSL3_ST_SW_CERT_B;
        }
        /* SSL3_ST_SW_CERT_B */
@@ -2581,7 +2581,7 @@ ssl3_send_newsession_ticket(SSL *s)
        unsigned char iv[EVP_MAX_IV_LENGTH];
        unsigned char key_name[16];
-        if (s->internal->state == SSL3_ST_SW_SESSION_TICKET_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) {
                /* get session encoding length */
                slen_full = i2d_SSL_SESSION(s->session, NULL);
                /*
@@ -2694,7 +2694,7 @@ ssl3_send_newsession_ticket(SSL *s)
                ssl3_handshake_msg_finish(s, len);
-                s->internal->state = SSL3_ST_SW_SESSION_TICKET_B;
+                S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B;
                freezero(senc, slen_full);
        }
@@ -2715,7 +2715,7 @@ ssl3_send_cert_status(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {
+        if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) {
                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus,
                    SSL3_MT_CERTIFICATE_STATUS))
                        goto err;
@@ -2729,7 +2729,7 @@ ssl3_send_cert_status(SSL *s)
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->internal->state = SSL3_ST_SW_CERT_STATUS_B;
+                S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B;
        }
        /* SSL3_ST_SW_CERT_STATUS_B */
@@ -2769,7 +2769,7 @@ ssl3_get_next_proto(SSL *s)
                return ((int)n);
        /*
-         * s->internal->state doesn't reflect whether ChangeCipherSpec has been received
+         * S3I(s)->hs.state doesn't reflect whether ChangeCipherSpec has been received
         * in this handshake, but S3I(s)->change_cipher_spec does (will be reset
         * by ssl3_get_finished).
         */
author	beck <>	2017-05-07 04:22:24 +0000
committer	beck <>	2017-05-07 04:22:24 +0000
commit	3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5 (patch)
tree	9f980ffff8490ca0af628971a6d8ceb4a23d3b99 /src/lib/libssl/ssl_srvr.c
parent	2145114fc4f04a6a75134ef92bc551a976292150 (diff)
download	openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.gz openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.bz2 openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 35a9ace527..730d4ed1ad 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.16 2017/05/06 22:24:58 beck Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.17 2017/05/07 04:22:24 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -195,12 +195,12 @@ ssl3_accept(SSL *s)
195	}	195	}
196		196
197	for (;;) {	197	for (;;) {
198	state = s->internal->state;	198	state = S3I(s)->hs.state;
199		199
200	switch (s->internal->state) {	200	switch (S3I(s)->hs.state) {
201	case SSL_ST_RENEGOTIATE:	201	case SSL_ST_RENEGOTIATE:
202	s->internal->renegotiate = 1;	202	s->internal->renegotiate = 1;
203	/* s->internal->state=SSL_ST_ACCEPT; */	203	/* S3I(s)->hs.state=SSL_ST_ACCEPT; */
204		204
205	case SSL_ST_BEFORE:	205	case SSL_ST_BEFORE:
206	case SSL_ST_ACCEPT:	206	case SSL_ST_ACCEPT:
@@ -229,7 +229,7 @@ ssl3_accept(SSL *s)
229		229
230	s->internal->init_num = 0;	230	s->internal->init_num = 0;
231		231
232	if (s->internal->state != SSL_ST_RENEGOTIATE) {	232	if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
233	/*	233	/*
234	* Ok, we now need to push on a buffering BIO	234	* Ok, we now need to push on a buffering BIO
235	* so that the output is sent in a way that	235	* so that the output is sent in a way that
@@ -245,7 +245,7 @@ ssl3_accept(SSL *s)
245	goto end;	245	goto end;
246	}	246	}
247		247
248	s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;	248	S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
249	s->ctx->internal->stats.sess_accept++;	249	s->ctx->internal->stats.sess_accept++;
250	} else if (!S3I(s)->send_connection_binding) {	250	} else if (!S3I(s)->send_connection_binding) {
251	/*	251	/*
@@ -260,11 +260,11 @@ ssl3_accept(SSL *s)
260	goto end;	260	goto end;
261	} else {	261	} else {
262	/*	262	/*
263	* s->internal->state == SSL_ST_RENEGOTIATE,	263	* S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
264	* we will just send a HelloRequest	264	* we will just send a HelloRequest
265	*/	265	*/
266	s->ctx->internal->stats.sess_accept_renegotiate++;	266	s->ctx->internal->stats.sess_accept_renegotiate++;
267	s->internal->state = SSL3_ST_SW_HELLO_REQ_A;	267	S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
268	}	268	}
269	break;	269	break;
270		270
@@ -276,7 +276,7 @@ ssl3_accept(SSL *s)
276	if (ret <= 0)	276	if (ret <= 0)
277	goto end;	277	goto end;
278	S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;	278	S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
279	s->internal->state = SSL3_ST_SW_FLUSH;	279	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
280	s->internal->init_num = 0;	280	s->internal->init_num = 0;
281		281
282	if (!tls1_init_finished_mac(s)) {	282	if (!tls1_init_finished_mac(s)) {
@@ -286,7 +286,7 @@ ssl3_accept(SSL *s)
286	break;	286	break;
287		287
288	case SSL3_ST_SW_HELLO_REQ_C:	288	case SSL3_ST_SW_HELLO_REQ_C:
289	s->internal->state = SSL_ST_OK;	289	S3I(s)->hs.state = SSL_ST_OK;
290	break;	290	break;
291		291
292	case SSL3_ST_SR_CLNT_HELLO_A:	292	case SSL3_ST_SR_CLNT_HELLO_A:
@@ -301,7 +301,7 @@ ssl3_accept(SSL *s)
301	}	301	}
302		302
303	s->internal->renegotiate = 2;	303	s->internal->renegotiate = 2;
304	s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;	304	S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
305	s->internal->init_num = 0;	305	s->internal->init_num = 0;
306	break;	306	break;
307		307
@@ -312,12 +312,12 @@ ssl3_accept(SSL *s)
312	goto end;	312	goto end;
313	if (s->internal->hit) {	313	if (s->internal->hit) {
314	if (s->internal->tlsext_ticket_expected)	314	if (s->internal->tlsext_ticket_expected)
315	s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;	315	S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
316	else	316	else
317	s->internal->state = SSL3_ST_SW_CHANGE_A;	317	S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
318	}	318	}
319	else	319	else
320	s->internal->state = SSL3_ST_SW_CERT_A;	320	S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
321	s->internal->init_num = 0;	321	s->internal->init_num = 0;
322	break;	322	break;
323		323
@@ -330,12 +330,12 @@ ssl3_accept(SSL *s)
330	if (ret <= 0)	330	if (ret <= 0)
331	goto end;	331	goto end;
332	if (s->internal->tlsext_status_expected)	332	if (s->internal->tlsext_status_expected)
333	s->internal->state = SSL3_ST_SW_CERT_STATUS_A;	333	S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A;
334	else	334	else
335	s->internal->state = SSL3_ST_SW_KEY_EXCH_A;	335	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
336	} else {	336	} else {
337	skip = 1;	337	skip = 1;
338	s->internal->state = SSL3_ST_SW_KEY_EXCH_A;	338	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
339	}	339	}
340	s->internal->init_num = 0;	340	s->internal->init_num = 0;
341	break;	341	break;
@@ -359,7 +359,7 @@ ssl3_accept(SSL *s)
359	} else	359	} else
360	skip = 1;	360	skip = 1;
361		361
362	s->internal->state = SSL3_ST_SW_CERT_REQ_A;	362	S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A;
363	s->internal->init_num = 0;	363	s->internal->init_num = 0;
364	break;	364	break;
365		365
@@ -391,7 +391,7 @@ ssl3_accept(SSL *s)
391	/* No cert request */	391	/* No cert request */
392	skip = 1;	392	skip = 1;
393	S3I(s)->tmp.cert_request = 0;	393	S3I(s)->tmp.cert_request = 0;
394	s->internal->state = SSL3_ST_SW_SRVR_DONE_A;	394	S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
395	if (S3I(s)->handshake_buffer) {	395	if (S3I(s)->handshake_buffer) {
396	if (!tls1_digest_cached_records(s)) {	396	if (!tls1_digest_cached_records(s)) {
397	ret = -1;	397	ret = -1;
@@ -403,7 +403,7 @@ ssl3_accept(SSL *s)
403	ret = ssl3_send_certificate_request(s);	403	ret = ssl3_send_certificate_request(s);
404	if (ret <= 0)	404	if (ret <= 0)
405	goto end;	405	goto end;
406	s->internal->state = SSL3_ST_SW_SRVR_DONE_A;	406	S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
407	s->internal->init_num = 0;	407	s->internal->init_num = 0;
408	}	408	}
409	break;	409	break;
@@ -414,7 +414,7 @@ ssl3_accept(SSL *s)
414	if (ret <= 0)	414	if (ret <= 0)
415	goto end;	415	goto end;
416	S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;	416	S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
417	s->internal->state = SSL3_ST_SW_FLUSH;	417	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
418	s->internal->init_num = 0;	418	s->internal->init_num = 0;
419	break;	419	break;
420		420
@@ -438,7 +438,7 @@ ssl3_accept(SSL *s)
438	}	438	}
439	s->internal->rwstate = SSL_NOTHING;	439	s->internal->rwstate = SSL_NOTHING;
440		440
441	s->internal->state = S3I(s)->hs.next_state;	441	S3I(s)->hs.state = S3I(s)->hs.next_state;
442	break;	442	break;
443		443
444	case SSL3_ST_SR_CERT_A:	444	case SSL3_ST_SR_CERT_A:
@@ -449,7 +449,7 @@ ssl3_accept(SSL *s)
449	goto end;	449	goto end;
450	}	450	}
451	s->internal->init_num = 0;	451	s->internal->init_num = 0;
452	s->internal->state = SSL3_ST_SR_KEY_EXCH_A;	452	S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A;
453	break;	453	break;
454		454
455	case SSL3_ST_SR_KEY_EXCH_A:	455	case SSL3_ST_SR_KEY_EXCH_A:
@@ -469,12 +469,12 @@ ssl3_accept(SSL *s)
469	* for key exchange.	469	* for key exchange.
470	*/	470	*/
471	if (S3I(s)->next_proto_neg_seen)	471	if (S3I(s)->next_proto_neg_seen)
472	s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;	472	S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
473	else	473	else
474	s->internal->state = SSL3_ST_SR_FINISHED_A;	474	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
475	s->internal->init_num = 0;	475	s->internal->init_num = 0;
476	} else if (SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) {	476	} else if (SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) {
477	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;	477	S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
478	s->internal->init_num = 0;	478	s->internal->init_num = 0;
479	if (!s->session->peer)	479	if (!s->session->peer)
480	break;	480	break;
@@ -493,7 +493,7 @@ ssl3_accept(SSL *s)
493	goto end;	493	goto end;
494	}	494	}
495	} else {	495	} else {
496	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;	496	S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
497	s->internal->init_num = 0;	497	s->internal->init_num = 0;
498		498
499	/*	499	/*
@@ -526,9 +526,9 @@ ssl3_accept(SSL *s)
526	goto end;	526	goto end;
527		527
528	if (S3I(s)->next_proto_neg_seen)	528	if (S3I(s)->next_proto_neg_seen)
529	s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;	529	S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
530	else	530	else
531	s->internal->state = SSL3_ST_SR_FINISHED_A;	531	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
532	s->internal->init_num = 0;	532	s->internal->init_num = 0;
533	break;	533	break;
534		534
@@ -538,7 +538,7 @@ ssl3_accept(SSL *s)
538	if (ret <= 0)	538	if (ret <= 0)
539	goto end;	539	goto end;
540	s->internal->init_num = 0;	540	s->internal->init_num = 0;
541	s->internal->state = SSL3_ST_SR_FINISHED_A;	541	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
542	break;	542	break;
543		543
544	case SSL3_ST_SR_FINISHED_A:	544	case SSL3_ST_SR_FINISHED_A:
@@ -549,11 +549,11 @@ ssl3_accept(SSL *s)
549	if (ret <= 0)	549	if (ret <= 0)
550	goto end;	550	goto end;
551	if (s->internal->hit)	551	if (s->internal->hit)
552	s->internal->state = SSL_ST_OK;	552	S3I(s)->hs.state = SSL_ST_OK;
553	else if (s->internal->tlsext_ticket_expected)	553	else if (s->internal->tlsext_ticket_expected)
554	s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;	554	S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
555	else	555	else
556	s->internal->state = SSL3_ST_SW_CHANGE_A;	556	S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
557	s->internal->init_num = 0;	557	s->internal->init_num = 0;
558	break;	558	break;
559		559
@@ -562,7 +562,7 @@ ssl3_accept(SSL *s)
562	ret = ssl3_send_newsession_ticket(s);	562	ret = ssl3_send_newsession_ticket(s);
563	if (ret <= 0)	563	if (ret <= 0)
564	goto end;	564	goto end;
565	s->internal->state = SSL3_ST_SW_CHANGE_A;	565	S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
566	s->internal->init_num = 0;	566	s->internal->init_num = 0;
567	break;	567	break;
568		568
@@ -571,7 +571,7 @@ ssl3_accept(SSL *s)
571	ret = ssl3_send_cert_status(s);	571	ret = ssl3_send_cert_status(s);
572	if (ret <= 0)	572	if (ret <= 0)
573	goto end;	573	goto end;
574	s->internal->state = SSL3_ST_SW_KEY_EXCH_A;	574	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
575	s->internal->init_num = 0;	575	s->internal->init_num = 0;
576	break;	576	break;
577		577
@@ -590,7 +590,7 @@ ssl3_accept(SSL *s)
590		590
591	if (ret <= 0)	591	if (ret <= 0)
592	goto end;	592	goto end;
593	s->internal->state = SSL3_ST_SW_FINISHED_A;	593	S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
594	s->internal->init_num = 0;	594	s->internal->init_num = 0;
595		595
596	if (!tls1_change_cipher_state(	596	if (!tls1_change_cipher_state(
@@ -609,7 +609,7 @@ ssl3_accept(SSL *s)
609	TLS_MD_SERVER_FINISH_CONST_SIZE);	609	TLS_MD_SERVER_FINISH_CONST_SIZE);
610	if (ret <= 0)	610	if (ret <= 0)
611	goto end;	611	goto end;
612	s->internal->state = SSL3_ST_SW_FLUSH;	612	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
613	if (s->internal->hit) {	613	if (s->internal->hit) {
614	if (S3I(s)->next_proto_neg_seen) {	614	if (S3I(s)->next_proto_neg_seen) {
615	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	615	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
@@ -668,11 +668,11 @@ ssl3_accept(SSL *s)
668	}	668	}
669		669
670		670
671	if ((cb != NULL) && (s->internal->state != state)) {	671	if ((cb != NULL) && (S3I(s)->hs.state != state)) {
672	new_state = s->internal->state;	672	new_state = S3I(s)->hs.state;
673	s->internal->state = state;	673	S3I(s)->hs.state = state;
674	cb(s, SSL_CB_ACCEPT_LOOP, 1);	674	cb(s, SSL_CB_ACCEPT_LOOP, 1);
675	s->internal->state = new_state;	675	S3I(s)->hs.state = new_state;
676	}	676	}
677	}	677	}
678	skip = 0;	678	skip = 0;
@@ -693,14 +693,14 @@ ssl3_send_hello_request(SSL *s)
693		693
694	memset(&cbb, 0, sizeof(cbb));	694	memset(&cbb, 0, sizeof(cbb));
695		695
696	if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {	696	if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) {
697	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello,	697	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello,
698	SSL3_MT_HELLO_REQUEST))	698	SSL3_MT_HELLO_REQUEST))
699	goto err;	699	goto err;
700	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	700	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
701	goto err;	701	goto err;
702		702
703	s->internal->state = SSL3_ST_SW_HELLO_REQ_B;	703	S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B;
704	}	704	}
705		705
706	/* SSL3_ST_SW_HELLO_REQ_B */	706	/* SSL3_ST_SW_HELLO_REQ_B */
@@ -738,8 +738,8 @@ ssl3_get_client_hello(SSL *s)
738	* If we are SSLv3, we will respond with SSLv3, even if prompted with	738	* If we are SSLv3, we will respond with SSLv3, even if prompted with
739	* TLSv1.	739	* TLSv1.
740	*/	740	*/
741	if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) {	741	if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) {
742	s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;	742	S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
743	}	743	}
744		744
745	s->internal->first_packet = 1;	745	s->internal->first_packet = 1;
@@ -1087,7 +1087,7 @@ ssl3_send_server_hello(SSL *s)
1087		1087
1088	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;	1088	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
1089		1089
1090	if (s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {	1090	if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
1091	d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);	1091	d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
1092		1092
1093	if (!CBB_init_fixed(&cbb, p, bufend - p))	1093	if (!CBB_init_fixed(&cbb, p, bufend - p))
@@ -1169,14 +1169,14 @@ ssl3_send_server_done(SSL *s)
1169		1169
1170	memset(&cbb, 0, sizeof(cbb));	1170	memset(&cbb, 0, sizeof(cbb));
1171		1171
1172	if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {	1172	if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) {
1173	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done,	1173	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done,
1174	SSL3_MT_SERVER_DONE))	1174	SSL3_MT_SERVER_DONE))
1175	goto err;	1175	goto err;
1176	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	1176	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
1177	goto err;	1177	goto err;
1178		1178
1179	s->internal->state = SSL3_ST_SW_SRVR_DONE_B;	1179	S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B;
1180	}	1180	}
1181		1181
1182	/* SSL3_ST_SW_SRVR_DONE_B */	1182	/* SSL3_ST_SW_SRVR_DONE_B */
@@ -1457,7 +1457,7 @@ ssl3_send_server_key_exchange(SSL *s)
1457	memset(&cbb, 0, sizeof(cbb));	1457	memset(&cbb, 0, sizeof(cbb));
1458		1458
1459	EVP_MD_CTX_init(&md_ctx);	1459	EVP_MD_CTX_init(&md_ctx);
1460	if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {	1460	if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
1461	type = S3I(s)->hs.new_cipher->algorithm_mkey;	1461	type = S3I(s)->hs.new_cipher->algorithm_mkey;
1462		1462
1463	buf = s->internal->init_buf;	1463	buf = s->internal->init_buf;
@@ -1576,7 +1576,7 @@ ssl3_send_server_key_exchange(SSL *s)
1576	ssl3_handshake_msg_finish(s, n);	1576	ssl3_handshake_msg_finish(s, n);
1577	}	1577	}
1578		1578
1579	s->internal->state = SSL3_ST_SW_KEY_EXCH_B;	1579	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
1580		1580
1581	EVP_MD_CTX_cleanup(&md_ctx);	1581	EVP_MD_CTX_cleanup(&md_ctx);
1582		1582
@@ -1601,7 +1601,7 @@ ssl3_send_certificate_request(SSL *s)
1601	X509_NAME *name;	1601	X509_NAME *name;
1602	BUF_MEM *buf;	1602	BUF_MEM *buf;
1603		1603
1604	if (s->internal->state == SSL3_ST_SW_CERT_REQ_A) {	1604	if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) {
1605	buf = s->internal->init_buf;	1605	buf = s->internal->init_buf;
1606		1606
1607	d = p = ssl3_handshake_msg_start(s,	1607	d = p = ssl3_handshake_msg_start(s,
@@ -1652,7 +1652,7 @@ ssl3_send_certificate_request(SSL *s)
1652		1652
1653	ssl3_handshake_msg_finish(s, n);	1653	ssl3_handshake_msg_finish(s, n);
1654		1654
1655	s->internal->state = SSL3_ST_SW_CERT_REQ_B;	1655	S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B;
1656	}	1656	}
1657		1657
1658	/* SSL3_ST_SW_CERT_REQ_B */	1658	/* SSL3_ST_SW_CERT_REQ_B */
@@ -2539,7 +2539,7 @@ ssl3_send_server_certificate(SSL *s)
2539		2539
2540	memset(&cbb, 0, sizeof(cbb));	2540	memset(&cbb, 0, sizeof(cbb));
2541		2541
2542	if (s->internal->state == SSL3_ST_SW_CERT_A) {	2542	if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) {
2543	if ((x = ssl_get_server_send_cert(s)) == NULL) {	2543	if ((x = ssl_get_server_send_cert(s)) == NULL) {
2544	SSLerror(s, ERR_R_INTERNAL_ERROR);	2544	SSLerror(s, ERR_R_INTERNAL_ERROR);
2545	return (0);	2545	return (0);
@@ -2553,7 +2553,7 @@ ssl3_send_server_certificate(SSL *s)
2553	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	2553	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2554	goto err;	2554	goto err;
2555		2555
2556	s->internal->state = SSL3_ST_SW_CERT_B;	2556	S3I(s)->hs.state = SSL3_ST_SW_CERT_B;
2557	}	2557	}
2558		2558
2559	/* SSL3_ST_SW_CERT_B */	2559	/* SSL3_ST_SW_CERT_B */
@@ -2581,7 +2581,7 @@ ssl3_send_newsession_ticket(SSL *s)
2581	unsigned char iv[EVP_MAX_IV_LENGTH];	2581	unsigned char iv[EVP_MAX_IV_LENGTH];
2582	unsigned char key_name[16];	2582	unsigned char key_name[16];
2583		2583
2584	if (s->internal->state == SSL3_ST_SW_SESSION_TICKET_A) {	2584	if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) {
2585	/* get session encoding length */	2585	/* get session encoding length */
2586	slen_full = i2d_SSL_SESSION(s->session, NULL);	2586	slen_full = i2d_SSL_SESSION(s->session, NULL);
2587	/*	2587	/*
@@ -2694,7 +2694,7 @@ ssl3_send_newsession_ticket(SSL *s)
2694		2694
2695	ssl3_handshake_msg_finish(s, len);	2695	ssl3_handshake_msg_finish(s, len);
2696		2696
2697	s->internal->state = SSL3_ST_SW_SESSION_TICKET_B;	2697	S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B;
2698		2698
2699	freezero(senc, slen_full);	2699	freezero(senc, slen_full);
2700	}	2700	}
@@ -2715,7 +2715,7 @@ ssl3_send_cert_status(SSL *s)
2715		2715
2716	memset(&cbb, 0, sizeof(cbb));	2716	memset(&cbb, 0, sizeof(cbb));
2717		2717
2718	if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {	2718	if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) {
2719	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus,	2719	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus,
2720	SSL3_MT_CERTIFICATE_STATUS))	2720	SSL3_MT_CERTIFICATE_STATUS))
2721	goto err;	2721	goto err;
@@ -2729,7 +2729,7 @@ ssl3_send_cert_status(SSL *s)
2729	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	2729	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2730	goto err;	2730	goto err;
2731		2731
2732	s->internal->state = SSL3_ST_SW_CERT_STATUS_B;	2732	S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B;
2733	}	2733	}
2734		2734
2735	/* SSL3_ST_SW_CERT_STATUS_B */	2735	/* SSL3_ST_SW_CERT_STATUS_B */
@@ -2769,7 +2769,7 @@ ssl3_get_next_proto(SSL *s)
2769	return ((int)n);	2769	return ((int)n);
2770		2770
2771	/*	2771	/*
2772	* s->internal->state doesn't reflect whether ChangeCipherSpec has been received	2772	* S3I(s)->hs.state doesn't reflect whether ChangeCipherSpec has been received
2773	* in this handshake, but S3I(s)->change_cipher_spec does (will be reset	2773	* in this handshake, but S3I(s)->change_cipher_spec does (will be reset
2774	* by ssl3_get_finished).	2774	* by ssl3_get_finished).
2775	*/	2775	*/