1 files changed, 51 insertions, 51 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 456f871a43..1431434ba8 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.123 2022/03/26 15:05:53 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.124 2022/10/02 16:36:41 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -193,8 +193,8 @@ dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata)
 {
        ssl3_release_buffer(&s->s3->rbuf);
-        s->internal->packet = rdata->packet;
+        s->packet = rdata->packet;
-        s->internal->packet_length = rdata->packet_length;
+        s->packet_length = rdata->packet_length;
        memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
        memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
@@ -216,15 +216,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        if (rdata == NULL || item == NULL)
                goto init_err;
-        rdata->packet = s->internal->packet;
+        rdata->packet = s->packet;
-        rdata->packet_length = s->internal->packet_length;
+        rdata->packet_length = s->packet_length;
        memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
        memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL));
        item->data = rdata;
-        s->internal->packet = NULL;
+        s->packet = NULL;
-        s->internal->packet_length = 0;
+        s->packet_length = 0;
        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
        memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
@@ -271,13 +271,13 @@ dtls1_process_buffered_record(SSL *s)
 {
        /* Check if epoch is current. */
        if (s->d1->unprocessed_rcds.epoch !=
-            tls12_record_layer_read_epoch(s->internal->rl))
+            tls12_record_layer_read_epoch(s->rl))
                return (0);
        /* Update epoch once all unprocessed records have been processed. */
        if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) {
                s->d1->unprocessed_rcds.epoch =
-                    tls12_record_layer_read_epoch(s->internal->rl) + 1;
+                    tls12_record_layer_read_epoch(s->rl) + 1;
                return (0);
        }
@@ -298,11 +298,11 @@ dtls1_process_record(SSL *s)
        uint8_t *out;
        size_t out_len;
-        tls12_record_layer_set_version(s->internal->rl, s->version);
+        tls12_record_layer_set_version(s->rl, s->version);
-        if (!tls12_record_layer_open_record(s->internal->rl, s->internal->packet,
+        if (!tls12_record_layer_open_record(s->rl, s->packet,
-            s->internal->packet_length, &out, &out_len)) {
+            s->packet_length, &out, &out_len)) {
-                tls12_record_layer_alert(s->internal->rl, &alert_desc);
+                tls12_record_layer_alert(s->rl, &alert_desc);
                if (alert_desc == 0)
                        goto err;
@@ -327,7 +327,7 @@ dtls1_process_record(SSL *s)
        rr->length = out_len;
        rr->off = 0;
-        s->internal->packet_length = 0;
+        s->packet_length = 0;
        return (1);
@@ -341,9 +341,9 @@ dtls1_process_record(SSL *s)
 * It will return <= 0 if more data is needed, normally due to an error
 * or non-blocking IO.
 * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->internal->rrec.type    - is the type of record
+ * ssl->s3->rrec.type    - is the type of record
- * ssl->s3->internal->rrec.data,         - data
+ * ssl->s3->rrec.data,   - data
- * ssl->s3->internal->rrec.length, - number of bytes
+ * ssl->s3->rrec.length, - number of bytes
 */
 /* used only by dtls1_read_bytes */
 int
@@ -364,12 +364,12 @@ dtls1_get_record(SSL *s)
 again:
                /* dump this record on all retries */
                rr->length = 0;
-                s->internal->packet_length = 0;
+                s->packet_length = 0;
        }
        /* check if we have the header */
-        if ((s->internal->rstate != SSL_ST_READ_BODY) ||
+        if ((s->rstate != SSL_ST_READ_BODY) ||
-            (s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) {
+            (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
                CBS header, seq_no;
                uint16_t epoch, len, ssl_version;
                uint8_t type;
@@ -382,9 +382,9 @@ dtls1_get_record(SSL *s)
                if (n != DTLS1_RT_HEADER_LENGTH)
                        goto again;
-                s->internal->rstate = SSL_ST_READ_BODY;
+                s->rstate = SSL_ST_READ_BODY;
-                CBS_init(&header, s->internal->packet, s->internal->packet_length);
+                CBS_init(&header, s->packet, s->packet_length);
                /* Pull apart the header into the DTLS1_RECORD */
                if (!CBS_get_u8(&header, &type))
@@ -409,7 +409,7 @@ dtls1_get_record(SSL *s)
                rr->length = len;
                /* unexpected version, silently discard */
-                if (!s->internal->first_packet && ssl_version != s->version)
+                if (!s->first_packet && ssl_version != s->version)
                        goto again;
                /* wrong version, silently discard record */
@@ -420,11 +420,11 @@ dtls1_get_record(SSL *s)
                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
                        goto again;
-                /* now s->internal->rstate == SSL_ST_READ_BODY */
+                /* now s->rstate == SSL_ST_READ_BODY */
                p = (unsigned char *)CBS_data(&header);
        }
-        /* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */
+        /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
        n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length);
        if (n <= 0)
@@ -434,7 +434,7 @@ dtls1_get_record(SSL *s)
        if (n != DTLS1_RT_HEADER_LENGTH + rr->length)
                goto again;
-        s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
+        s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
        /* match epochs.  NULL means the packet is dropped on the floor */
        bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
@@ -463,7 +463,7 @@ dtls1_get_record(SSL *s)
         * anything while listening.
         */
        if (is_next_epoch) {
-                if ((SSL_in_init(s) || s->internal->in_handshake) && !s->d1->listen) {
+                if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
                        if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
                            rr->seq_num) < 0)
                                return (-1);
@@ -490,7 +490,7 @@ dtls1_read_handshake_unexpected(SSL *s)
        CBS cbs;
        int ret;
-        if (s->internal->in_handshake) {
+        if (s->in_handshake) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return -1;
        }
@@ -506,7 +506,7 @@ dtls1_read_handshake_unexpected(SSL *s)
                return -1; /* XXX - probably should drop/continue. */
        /* This may just be a stale retransmit. */
-        if (rr->epoch != tls12_record_layer_read_epoch(s->internal->rl)) {
+        if (rr->epoch != tls12_record_layer_read_epoch(s->rl)) {
                rr->length = 0;
                return 1;
        }
@@ -556,7 +556,7 @@ dtls1_read_handshake_unexpected(SSL *s)
                s->d1->handshake_read_seq++;
                /* XXX - why is this set here but not in ssl3? */
-                s->internal->new_session = 1;
+                s->new_session = 1;
                if (!ssl3_renegotiate(s))
                        return 1;
@@ -589,7 +589,7 @@ dtls1_read_handshake_unexpected(SSL *s)
                        return -1;
                }
-                if ((s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) {
+                if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
                            SSL_AD_NO_RENEGOTIATION);
                        return -1;
@@ -609,8 +609,8 @@ dtls1_read_handshake_unexpected(SSL *s)
                }
                s->s3->hs.state = SSL_ST_ACCEPT;
-                s->internal->renegotiate = 1;
+                s->renegotiate = 1;
-                s->internal->new_session = 1;
+                s->new_session = 1;
        } else if (hs_msg_hdr.type == SSL3_MT_FINISHED && s->server) {
                /*
@@ -634,14 +634,14 @@ dtls1_read_handshake_unexpected(SSL *s)
                return -1;
        }
-        if ((ret = s->internal->handshake_func(s)) < 0)
+        if ((ret = s->handshake_func(s)) < 0)
                return ret;
        if (ret == 0) {
                SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
                return -1;
        }
-        if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
                if (s->s3->rbuf.left == 0) {
                        ssl_force_want_read(s);
                        return -1;
@@ -710,8 +710,8 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                return -1;
        }
-        if (SSL_in_init(s) && !s->internal->in_handshake) {
+        if (SSL_in_init(s) && !s->in_handshake) {
-                if ((ret = s->internal->handshake_func(s)) < 0)
+                if ((ret = s->handshake_func(s)) < 0)
                        return ret;
                if (ret == 0) {
                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
@@ -733,7 +733,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                return -1;
        }
-        s->internal->rwstate = SSL_NOTHING;
+        s->rwstate = SSL_NOTHING;
        rr = &s->s3->rrec;
@@ -747,7 +747,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        if (dtls1_handle_timeout(s) > 0)
                goto start;
-        if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) {
+        if (rr->length == 0 || s->rstate == SSL_ST_READ_BODY) {
                if ((ret = dtls1_get_record(s)) <= 0) {
                        /* Anything other than a timeout is an error. */
                        if ((ret = dtls1_read_failed(s, ret)) <= 0)
@@ -783,8 +783,8 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
         * If the other end has shut down, throw anything we read away (even in
         * 'peek' mode).
         */
-        if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-                s->internal->rwstate = SSL_NOTHING;
+                s->rwstate = SSL_NOTHING;
                rr->length = 0;
                return 0;
        }
@@ -796,7 +796,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                 * are doing a handshake for the first time.
                 */
                if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
-                    !tls12_record_layer_read_protected(s->internal->rl)) {
+                    !tls12_record_layer_read_protected(s->rl)) {
                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
                        ssl3_send_alert(s, SSL3_AL_FATAL,
                            SSL_AD_UNEXPECTED_MESSAGE);
@@ -817,7 +817,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                        rr->length -= n;
                        rr->off += n;
                        if (rr->length == 0) {
-                                s->internal->rstate = SSL_ST_READ_HEADER;
+                                s->rstate = SSL_ST_READ_HEADER;
                                rr->off = 0;
                        }
                }
@@ -836,8 +836,8 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                goto start;
        }
-        if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {
+        if (s->shutdown & SSL_SENT_SHUTDOWN) {
-                s->internal->rwstate = SSL_NOTHING;
+                s->rwstate = SSL_NOTHING;
                rr->length = 0;
                return (0);
        }
@@ -891,9 +891,9 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
 {
        int i;
-        if (SSL_in_init(s) && !s->internal->in_handshake)
+        if (SSL_in_init(s) && !s->in_handshake)
        {
-                i = s->internal->handshake_func(s);
+                i = s->handshake_func(s);
                if (i < 0)
                        return (i);
                if (i == 0) {
@@ -920,7 +920,7 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
        int i;
        OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
-        s->internal->rwstate = SSL_NOTHING;
+        s->rwstate = SSL_NOTHING;
        i = do_dtls1_write(s, type, buf, len);
        return i;
 }
@@ -959,9 +959,9 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        if (!CBB_init_fixed(&cbb, wb->buf, wb->len))
                goto err;
-        tls12_record_layer_set_version(s->internal->rl, s->version);
+        tls12_record_layer_set_version(s->rl, s->version);
-        if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb))
+        if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
                goto err;
        if (!CBB_finish(&cbb, NULL, &out_len))
@@ -1035,7 +1035,7 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
        *is_next_epoch = 0;
-        read_epoch = tls12_record_layer_read_epoch(s->internal->rl);
+        read_epoch = tls12_record_layer_read_epoch(s->rl);
        read_epoch_next = read_epoch + 1;
        /* In current epoch, accept HM, CCS, DATA, & ALERT */

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 456f871a43..1431434ba8 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.123 2022/03/26 15:05:53 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.124 2022/10/02 16:36:41 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -193,8 +193,8 @@ dtls1_copy_record(SSL s, DTLS1_RECORD_DATA_INTERNAL rdata)
193	{	193	{
194	ssl3_release_buffer(&s->s3->rbuf);	194	ssl3_release_buffer(&s->s3->rbuf);
195		195
196	s->internal->packet = rdata->packet;	196	s->packet = rdata->packet;
197	s->internal->packet_length = rdata->packet_length;	197	s->packet_length = rdata->packet_length;
198	memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));	198	memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
199	memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));	199	memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
200		200
@@ -216,15 +216,15 @@ dtls1_buffer_record(SSL s, record_pqueue queue, unsigned char *priority)
216	if (rdata == NULL \|\| item == NULL)	216	if (rdata == NULL \|\| item == NULL)
217	goto init_err;	217	goto init_err;
218		218
219	rdata->packet = s->internal->packet;	219	rdata->packet = s->packet;
220	rdata->packet_length = s->internal->packet_length;	220	rdata->packet_length = s->packet_length;
221	memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL));	221	memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
222	memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL));	222	memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL));
223		223
224	item->data = rdata;	224	item->data = rdata;
225		225
226	s->internal->packet = NULL;	226	s->packet = NULL;
227	s->internal->packet_length = 0;	227	s->packet_length = 0;
228	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));	228	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
229	memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));	229	memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
230		230
@@ -271,13 +271,13 @@ dtls1_process_buffered_record(SSL *s)
271	{	271	{
272	/* Check if epoch is current. */	272	/* Check if epoch is current. */
273	if (s->d1->unprocessed_rcds.epoch !=	273	if (s->d1->unprocessed_rcds.epoch !=
274	tls12_record_layer_read_epoch(s->internal->rl))	274	tls12_record_layer_read_epoch(s->rl))
275	return (0);	275	return (0);
276		276
277	/* Update epoch once all unprocessed records have been processed. */	277	/* Update epoch once all unprocessed records have been processed. */
278	if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) {	278	if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) {
279	s->d1->unprocessed_rcds.epoch =	279	s->d1->unprocessed_rcds.epoch =
280	tls12_record_layer_read_epoch(s->internal->rl) + 1;	280	tls12_record_layer_read_epoch(s->rl) + 1;
281	return (0);	281	return (0);
282	}	282	}
283		283
@@ -298,11 +298,11 @@ dtls1_process_record(SSL *s)
298	uint8_t *out;	298	uint8_t *out;
299	size_t out_len;	299	size_t out_len;
300		300
301	tls12_record_layer_set_version(s->internal->rl, s->version);	301	tls12_record_layer_set_version(s->rl, s->version);
302		302
303	if (!tls12_record_layer_open_record(s->internal->rl, s->internal->packet,	303	if (!tls12_record_layer_open_record(s->rl, s->packet,
304	s->internal->packet_length, &out, &out_len)) {	304	s->packet_length, &out, &out_len)) {
305	tls12_record_layer_alert(s->internal->rl, &alert_desc);	305	tls12_record_layer_alert(s->rl, &alert_desc);
306		306
307	if (alert_desc == 0)	307	if (alert_desc == 0)
308	goto err;	308	goto err;
@@ -327,7 +327,7 @@ dtls1_process_record(SSL *s)
327	rr->length = out_len;	327	rr->length = out_len;
328	rr->off = 0;	328	rr->off = 0;
329		329
330	s->internal->packet_length = 0;	330	s->packet_length = 0;
331		331
332	return (1);	332	return (1);
333		333
@@ -341,9 +341,9 @@ dtls1_process_record(SSL *s)
341	* It will return <= 0 if more data is needed, normally due to an error	341	* It will return <= 0 if more data is needed, normally due to an error
342	* or non-blocking IO.	342	* or non-blocking IO.
343	* When it finishes, one packet has been decoded and can be found in	343	* When it finishes, one packet has been decoded and can be found in
344	* ssl->s3->internal->rrec.type - is the type of record	344	* ssl->s3->rrec.type - is the type of record
345	* ssl->s3->internal->rrec.data, - data	345	* ssl->s3->rrec.data, - data
346	* ssl->s3->internal->rrec.length, - number of bytes	346	* ssl->s3->rrec.length, - number of bytes
347	*/	347	*/
348	/* used only by dtls1_read_bytes */	348	/* used only by dtls1_read_bytes */
349	int	349	int
@@ -364,12 +364,12 @@ dtls1_get_record(SSL *s)
364	again:	364	again:
365	/* dump this record on all retries */	365	/* dump this record on all retries */
366	rr->length = 0;	366	rr->length = 0;
367	s->internal->packet_length = 0;	367	s->packet_length = 0;
368	}	368	}
369		369
370	/* check if we have the header */	370	/* check if we have the header */
371	if ((s->internal->rstate != SSL_ST_READ_BODY) \|\|	371	if ((s->rstate != SSL_ST_READ_BODY) \|\|
372	(s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) {	372	(s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
373	CBS header, seq_no;	373	CBS header, seq_no;
374	uint16_t epoch, len, ssl_version;	374	uint16_t epoch, len, ssl_version;
375	uint8_t type;	375	uint8_t type;
@@ -382,9 +382,9 @@ dtls1_get_record(SSL *s)
382	if (n != DTLS1_RT_HEADER_LENGTH)	382	if (n != DTLS1_RT_HEADER_LENGTH)
383	goto again;	383	goto again;
384		384
385	s->internal->rstate = SSL_ST_READ_BODY;	385	s->rstate = SSL_ST_READ_BODY;
386		386
387	CBS_init(&header, s->internal->packet, s->internal->packet_length);	387	CBS_init(&header, s->packet, s->packet_length);
388		388
389	/* Pull apart the header into the DTLS1_RECORD */	389	/* Pull apart the header into the DTLS1_RECORD */
390	if (!CBS_get_u8(&header, &type))	390	if (!CBS_get_u8(&header, &type))
@@ -409,7 +409,7 @@ dtls1_get_record(SSL *s)
409	rr->length = len;	409	rr->length = len;
410		410
411	/* unexpected version, silently discard */	411	/* unexpected version, silently discard */
412	if (!s->internal->first_packet && ssl_version != s->version)	412	if (!s->first_packet && ssl_version != s->version)
413	goto again;	413	goto again;
414		414
415	/* wrong version, silently discard record */	415	/* wrong version, silently discard record */
@@ -420,11 +420,11 @@ dtls1_get_record(SSL *s)
420	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)	420	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
421	goto again;	421	goto again;
422		422
423	/* now s->internal->rstate == SSL_ST_READ_BODY */	423	/* now s->rstate == SSL_ST_READ_BODY */
424	p = (unsigned char *)CBS_data(&header);	424	p = (unsigned char *)CBS_data(&header);
425	}	425	}
426		426
427	/* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */	427	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */
428		428
429	n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length);	429	n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length);
430	if (n <= 0)	430	if (n <= 0)
@@ -434,7 +434,7 @@ dtls1_get_record(SSL *s)
434	if (n != DTLS1_RT_HEADER_LENGTH + rr->length)	434	if (n != DTLS1_RT_HEADER_LENGTH + rr->length)
435	goto again;	435	goto again;
436		436
437	s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */	437	s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
438		438
439	/* match epochs. NULL means the packet is dropped on the floor */	439	/* match epochs. NULL means the packet is dropped on the floor */
440	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);	440	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
@@ -463,7 +463,7 @@ dtls1_get_record(SSL *s)
463	* anything while listening.	463	* anything while listening.
464	*/	464	*/
465	if (is_next_epoch) {	465	if (is_next_epoch) {
466	if ((SSL_in_init(s) \|\| s->internal->in_handshake) && !s->d1->listen) {	466	if ((SSL_in_init(s) \|\| s->in_handshake) && !s->d1->listen) {
467	if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),	467	if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
468	rr->seq_num) < 0)	468	rr->seq_num) < 0)
469	return (-1);	469	return (-1);
@@ -490,7 +490,7 @@ dtls1_read_handshake_unexpected(SSL *s)
490	CBS cbs;	490	CBS cbs;
491	int ret;	491	int ret;
492		492
493	if (s->internal->in_handshake) {	493	if (s->in_handshake) {
494	SSLerror(s, ERR_R_INTERNAL_ERROR);	494	SSLerror(s, ERR_R_INTERNAL_ERROR);
495	return -1;	495	return -1;
496	}	496	}
@@ -506,7 +506,7 @@ dtls1_read_handshake_unexpected(SSL *s)
506	return -1; /* XXX - probably should drop/continue. */	506	return -1; /* XXX - probably should drop/continue. */
507		507
508	/* This may just be a stale retransmit. */	508	/* This may just be a stale retransmit. */
509	if (rr->epoch != tls12_record_layer_read_epoch(s->internal->rl)) {	509	if (rr->epoch != tls12_record_layer_read_epoch(s->rl)) {
510	rr->length = 0;	510	rr->length = 0;
511	return 1;	511	return 1;
512	}	512	}
@@ -556,7 +556,7 @@ dtls1_read_handshake_unexpected(SSL *s)
556	s->d1->handshake_read_seq++;	556	s->d1->handshake_read_seq++;
557		557
558	/* XXX - why is this set here but not in ssl3? */	558	/* XXX - why is this set here but not in ssl3? */
559	s->internal->new_session = 1;	559	s->new_session = 1;
560		560
561	if (!ssl3_renegotiate(s))	561	if (!ssl3_renegotiate(s))
562	return 1;	562	return 1;
@@ -589,7 +589,7 @@ dtls1_read_handshake_unexpected(SSL *s)
589	return -1;	589	return -1;
590	}	590	}
591		591
592	if ((s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) {	592	if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) {
593	ssl3_send_alert(s, SSL3_AL_FATAL,	593	ssl3_send_alert(s, SSL3_AL_FATAL,
594	SSL_AD_NO_RENEGOTIATION);	594	SSL_AD_NO_RENEGOTIATION);
595	return -1;	595	return -1;
@@ -609,8 +609,8 @@ dtls1_read_handshake_unexpected(SSL *s)
609	}	609	}
610		610
611	s->s3->hs.state = SSL_ST_ACCEPT;	611	s->s3->hs.state = SSL_ST_ACCEPT;
612	s->internal->renegotiate = 1;	612	s->renegotiate = 1;
613	s->internal->new_session = 1;	613	s->new_session = 1;
614		614
615	} else if (hs_msg_hdr.type == SSL3_MT_FINISHED && s->server) {	615	} else if (hs_msg_hdr.type == SSL3_MT_FINISHED && s->server) {
616	/*	616	/*
@@ -634,14 +634,14 @@ dtls1_read_handshake_unexpected(SSL *s)
634	return -1;	634	return -1;
635	}	635	}
636		636
637	if ((ret = s->internal->handshake_func(s)) < 0)	637	if ((ret = s->handshake_func(s)) < 0)
638	return ret;	638	return ret;
639	if (ret == 0) {	639	if (ret == 0) {
640	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);	640	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
641	return -1;	641	return -1;
642	}	642	}
643		643
644	if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {	644	if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
645	if (s->s3->rbuf.left == 0) {	645	if (s->s3->rbuf.left == 0) {
646	ssl_force_want_read(s);	646	ssl_force_want_read(s);
647	return -1;	647	return -1;
@@ -710,8 +710,8 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
710	return -1;	710	return -1;
711	}	711	}
712		712
713	if (SSL_in_init(s) && !s->internal->in_handshake) {	713	if (SSL_in_init(s) && !s->in_handshake) {
714	if ((ret = s->internal->handshake_func(s)) < 0)	714	if ((ret = s->handshake_func(s)) < 0)
715	return ret;	715	return ret;
716	if (ret == 0) {	716	if (ret == 0) {
717	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);	717	SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
@@ -733,7 +733,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
733	return -1;	733	return -1;
734	}	734	}
735		735
736	s->internal->rwstate = SSL_NOTHING;	736	s->rwstate = SSL_NOTHING;
737		737
738	rr = &s->s3->rrec;	738	rr = &s->s3->rrec;
739		739
@@ -747,7 +747,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
747	if (dtls1_handle_timeout(s) > 0)	747	if (dtls1_handle_timeout(s) > 0)
748	goto start;	748	goto start;
749		749
750	if (rr->length == 0 \|\| s->internal->rstate == SSL_ST_READ_BODY) {	750	if (rr->length == 0 \|\| s->rstate == SSL_ST_READ_BODY) {
751	if ((ret = dtls1_get_record(s)) <= 0) {	751	if ((ret = dtls1_get_record(s)) <= 0) {
752	/* Anything other than a timeout is an error. */	752	/* Anything other than a timeout is an error. */
753	if ((ret = dtls1_read_failed(s, ret)) <= 0)	753	if ((ret = dtls1_read_failed(s, ret)) <= 0)
@@ -783,8 +783,8 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
783	* If the other end has shut down, throw anything we read away (even in	783	* If the other end has shut down, throw anything we read away (even in
784	* 'peek' mode).	784	* 'peek' mode).
785	*/	785	*/
786	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {	786	if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
787	s->internal->rwstate = SSL_NOTHING;	787	s->rwstate = SSL_NOTHING;
788	rr->length = 0;	788	rr->length = 0;
789	return 0;	789	return 0;
790	}	790	}
@@ -796,7 +796,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
796	* are doing a handshake for the first time.	796	* are doing a handshake for the first time.
797	*/	797	*/
798	if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&	798	if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
799	!tls12_record_layer_read_protected(s->internal->rl)) {	799	!tls12_record_layer_read_protected(s->rl)) {
800	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);	800	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
801	ssl3_send_alert(s, SSL3_AL_FATAL,	801	ssl3_send_alert(s, SSL3_AL_FATAL,
802	SSL_AD_UNEXPECTED_MESSAGE);	802	SSL_AD_UNEXPECTED_MESSAGE);
@@ -817,7 +817,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
817	rr->length -= n;	817	rr->length -= n;
818	rr->off += n;	818	rr->off += n;
819	if (rr->length == 0) {	819	if (rr->length == 0) {
820	s->internal->rstate = SSL_ST_READ_HEADER;	820	s->rstate = SSL_ST_READ_HEADER;
821	rr->off = 0;	821	rr->off = 0;
822	}	822	}
823	}	823	}
@@ -836,8 +836,8 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
836	goto start;	836	goto start;
837	}	837	}
838		838
839	if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {	839	if (s->shutdown & SSL_SENT_SHUTDOWN) {
840	s->internal->rwstate = SSL_NOTHING;	840	s->rwstate = SSL_NOTHING;
841	rr->length = 0;	841	rr->length = 0;
842	return (0);	842	return (0);
843	}	843	}
@@ -891,9 +891,9 @@ dtls1_write_app_data_bytes(SSL s, int type, const void buf_, int len)
891	{	891	{
892	int i;	892	int i;
893		893
894	if (SSL_in_init(s) && !s->internal->in_handshake)	894	if (SSL_in_init(s) && !s->in_handshake)
895	{	895	{
896	i = s->internal->handshake_func(s);	896	i = s->handshake_func(s);
897	if (i < 0)	897	if (i < 0)
898	return (i);	898	return (i);
899	if (i == 0) {	899	if (i == 0) {
@@ -920,7 +920,7 @@ dtls1_write_bytes(SSL s, int type, const void buf, int len)
920	int i;	920	int i;
921		921
922	OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);	922	OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
923	s->internal->rwstate = SSL_NOTHING;	923	s->rwstate = SSL_NOTHING;
924	i = do_dtls1_write(s, type, buf, len);	924	i = do_dtls1_write(s, type, buf, len);
925	return i;	925	return i;
926	}	926	}
@@ -959,9 +959,9 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
959	if (!CBB_init_fixed(&cbb, wb->buf, wb->len))	959	if (!CBB_init_fixed(&cbb, wb->buf, wb->len))
960	goto err;	960	goto err;
961		961
962	tls12_record_layer_set_version(s->internal->rl, s->version);	962	tls12_record_layer_set_version(s->rl, s->version);
963		963
964	if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb))	964	if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
965	goto err;	965	goto err;
966		966
967	if (!CBB_finish(&cbb, NULL, &out_len))	967	if (!CBB_finish(&cbb, NULL, &out_len))
@@ -1035,7 +1035,7 @@ dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL rr, unsigned int *is_next_epoch)
1035		1035
1036	*is_next_epoch = 0;	1036	*is_next_epoch = 0;
1037		1037
1038	read_epoch = tls12_record_layer_read_epoch(s->internal->rl);	1038	read_epoch = tls12_record_layer_read_epoch(s->rl);
1039	read_epoch_next = read_epoch + 1;	1039	read_epoch_next = read_epoch + 1;
1040		1040
1041	/* In current epoch, accept HM, CCS, DATA, & ALERT */	1041	/* In current epoch, accept HM, CCS, DATA, & ALERT */