1 files changed, 53 insertions, 53 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 0893682e75..a6feb68e91 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.168 2017/01/23 06:45:30 beck Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.169 2017/01/23 08:48:44 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -193,12 +193,12 @@ ssl3_connect(SSL *s)
                SSL_clear(s);
        for (;;) {
-                state = s->state;
+                state = s->internal->state;
-                switch (s->state) {
+                switch (s->internal->state) {
                case SSL_ST_RENEGOTIATE:
                        s->internal->renegotiate = 1;
-                        s->state = SSL_ST_CONNECT;
+                        s->internal->state = SSL_ST_CONNECT;
                        s->ctx->internal->stats.sess_connect_renegotiate++;
                        /* break */
                case SSL_ST_BEFORE:
@@ -240,7 +240,7 @@ ssl3_connect(SSL *s)
                                goto end;
                        }
-                        s->state = SSL3_ST_CW_CLNT_HELLO_A;
+                        s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
                        s->ctx->internal->stats.sess_connect++;
                        s->internal->init_num = 0;
                        break;
@@ -252,7 +252,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_client_hello(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_CR_SRVR_HELLO_A;
+                        s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
                        s->internal->init_num = 0;
                        /* turn on buffering for the next lot of output */
@@ -268,13 +268,13 @@ ssl3_connect(SSL *s)
                                goto end;
                        if (s->internal->hit) {
-                                s->state = SSL3_ST_CR_FINISHED_A;
+                                s->internal->state = SSL3_ST_CR_FINISHED_A;
                                if (s->internal->tlsext_ticket_expected) {
                                        /* receive renewed session ticket */
-                                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
+                                        s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
                                }
                        } else
-                                s->state = SSL3_ST_CR_CERT_A;
+                                s->internal->state = SSL3_ST_CR_CERT_A;
                        s->internal->init_num = 0;
                        break;
@@ -286,9 +286,9 @@ ssl3_connect(SSL *s)
                        if (ret == 2) {
                                s->internal->hit = 1;
                                if (s->internal->tlsext_ticket_expected)
-                                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
+                                        s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
                                else
-                                        s->state = SSL3_ST_CR_FINISHED_A;
+                                        s->internal->state = SSL3_ST_CR_FINISHED_A;
                                s->internal->init_num = 0;
                                break;
                        }
@@ -299,12 +299,12 @@ ssl3_connect(SSL *s)
                                if (ret <= 0)
                                        goto end;
                                if (s->internal->tlsext_status_expected)
-                                        s->state = SSL3_ST_CR_CERT_STATUS_A;
+                                        s->internal->state = SSL3_ST_CR_CERT_STATUS_A;
                                else
-                                        s->state = SSL3_ST_CR_KEY_EXCH_A;
+                                        s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
                        } else {
                                skip = 1;
-                                s->state = SSL3_ST_CR_KEY_EXCH_A;
+                                s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
                        }
                        s->internal->init_num = 0;
                        break;
@@ -314,7 +314,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_server_key_exchange(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_CR_CERT_REQ_A;
+                        s->internal->state = SSL3_ST_CR_CERT_REQ_A;
                        s->internal->init_num = 0;
                        /*
@@ -332,7 +332,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_certificate_request(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_CR_SRVR_DONE_A;
+                        s->internal->state = SSL3_ST_CR_SRVR_DONE_A;
                        s->internal->init_num = 0;
                        break;
@@ -342,9 +342,9 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        if (S3I(s)->tmp.cert_req)
-                                s->state = SSL3_ST_CW_CERT_A;
+                                s->internal->state = SSL3_ST_CW_CERT_A;
                        else
-                                s->state = SSL3_ST_CW_KEY_EXCH_A;
+                                s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
                        s->internal->init_num = 0;
                        break;
@@ -356,7 +356,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_send_client_certificate(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_CW_KEY_EXCH_A;
+                        s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
                        s->internal->init_num = 0;
                        break;
@@ -382,13 +382,13 @@ ssl3_connect(SSL *s)
                         * inside the client certificate.
                         */
                        if (S3I(s)->tmp.cert_req == 1) {
-                                s->state = SSL3_ST_CW_CERT_VRFY_A;
+                                s->internal->state = SSL3_ST_CW_CERT_VRFY_A;
                        } else {
-                                s->state = SSL3_ST_CW_CHANGE_A;
+                                s->internal->state = SSL3_ST_CW_CHANGE_A;
                                S3I(s)->change_cipher_spec = 0;
                        }
                        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-                                s->state = SSL3_ST_CW_CHANGE_A;
+                                s->internal->state = SSL3_ST_CW_CHANGE_A;
                                S3I(s)->change_cipher_spec = 0;
                        }
@@ -400,7 +400,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_send_client_verify(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_CW_CHANGE_A;
+                        s->internal->state = SSL3_ST_CW_CHANGE_A;
                        s->internal->init_num = 0;
                        S3I(s)->change_cipher_spec = 0;
                        break;
@@ -413,9 +413,9 @@ ssl3_connect(SSL *s)
                                goto end;
                        if (S3I(s)->next_proto_neg_seen)
-                                s->state = SSL3_ST_CW_NEXT_PROTO_A;
+                                s->internal->state = SSL3_ST_CW_NEXT_PROTO_A;
                        else
-                                s->state = SSL3_ST_CW_FINISHED_A;
+                                s->internal->state = SSL3_ST_CW_FINISHED_A;
                        s->internal->init_num = 0;
                        s->session->cipher = S3I(s)->tmp.new_cipher;
@@ -437,7 +437,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_send_next_proto(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_CW_FINISHED_A;
+                        s->internal->state = SSL3_ST_CW_FINISHED_A;
                        break;
                case SSL3_ST_CW_FINISHED_A:
@@ -449,7 +449,7 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
-                        s->state = SSL3_ST_CW_FLUSH;
+                        s->internal->state = SSL3_ST_CW_FLUSH;
                        /* clear flags */
                        s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
@@ -457,7 +457,7 @@ ssl3_connect(SSL *s)
                                S3I(s)->tmp.next_state = SSL_ST_OK;
                                if (s->s3->flags &
                                    SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
-                                        s->state = SSL_ST_OK;
+                                        s->internal->state = SSL_ST_OK;
                                        s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
                                        S3I(s)->delay_buf_pop_ret = 0;
                                }
@@ -478,7 +478,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_new_session_ticket(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_CR_FINISHED_A;
+                        s->internal->state = SSL3_ST_CR_FINISHED_A;
                        s->internal->init_num = 0;
                        break;
@@ -487,7 +487,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_cert_status(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_CR_KEY_EXCH_A;
+                        s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
                        s->internal->init_num = 0;
                        break;
@@ -500,9 +500,9 @@ ssl3_connect(SSL *s)
                                goto end;
                        if (s->internal->hit)
-                                s->state = SSL3_ST_CW_CHANGE_A;
+                                s->internal->state = SSL3_ST_CW_CHANGE_A;
                        else
-                                s->state = SSL_ST_OK;
+                                s->internal->state = SSL_ST_OK;
                        s->internal->init_num = 0;
                        break;
@@ -513,7 +513,7 @@ ssl3_connect(SSL *s)
                                goto end;
                        }
                        s->internal->rwstate = SSL_NOTHING;
-                        s->state = S3I(s)->tmp.next_state;
+                        s->internal->state = S3I(s)->tmp.next_state;
                        break;
                case SSL_ST_OK:
@@ -567,11 +567,11 @@ ssl3_connect(SSL *s)
                                        goto end;
                        }
-                        if ((cb != NULL) && (s->state != state)) {
+                        if ((cb != NULL) && (s->internal->state != state)) {
-                                new_state = s->state;
+                                new_state = s->internal->state;
-                                s->state = state;
+                                s->internal->state = state;
                                cb(s, SSL_CB_CONNECT_LOOP, 1);
-                                s->state = new_state;
+                                s->internal->state = new_state;
                        }
                }
                skip = 0;
@@ -594,7 +594,7 @@ ssl3_client_hello(SSL *s)
        bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
-        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
+        if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
                if ((sess == NULL) ||
@@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s)
                ssl3_handshake_msg_finish(s, p - d);
-                s->state = SSL3_ST_CW_CLNT_HELLO_B;
+                s->internal->state = SSL3_ST_CW_CLNT_HELLO_B;
        }
        /* SSL3_ST_CW_CLNT_HELLO_B */
@@ -2339,7 +2339,7 @@ ssl3_send_client_key_exchange(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
+        if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) {
                alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
                if ((sess_cert = SSI(s)->sess_cert) == NULL) {
@@ -2377,7 +2377,7 @@ ssl3_send_client_key_exchange(SSL *s)
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->state = SSL3_ST_CW_KEY_EXCH_B;
+                s->internal->state = SSL3_ST_CW_KEY_EXCH_B;
        }
        /* SSL3_ST_CW_KEY_EXCH_B */
@@ -2403,7 +2403,7 @@ ssl3_send_client_verify(SSL *s)
        EVP_MD_CTX_init(&mctx);
-        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
+        if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) {
                p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
                /*
@@ -2530,7 +2530,7 @@ ssl3_send_client_verify(SSL *s)
                        goto err;
                }
-                s->state = SSL3_ST_CW_CERT_VRFY_B;
+                s->internal->state = SSL3_ST_CW_CERT_VRFY_B;
                ssl3_handshake_msg_finish(s, n);
        }
@@ -2556,16 +2556,16 @@ ssl3_send_client_certificate(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->state == SSL3_ST_CW_CERT_A) {
+        if (s->internal->state == SSL3_ST_CW_CERT_A) {
                if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
                    (s->cert->key->privatekey == NULL))
-                        s->state = SSL3_ST_CW_CERT_B;
+                        s->internal->state = SSL3_ST_CW_CERT_B;
                else
-                        s->state = SSL3_ST_CW_CERT_C;
+                        s->internal->state = SSL3_ST_CW_CERT_C;
        }
        /* We need to get a client cert */
-        if (s->state == SSL3_ST_CW_CERT_B) {
+        if (s->internal->state == SSL3_ST_CW_CERT_B) {
                /*
                 * If we get an error, we need to
                 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
@@ -2578,7 +2578,7 @@ ssl3_send_client_certificate(SSL *s)
                }
                s->internal->rwstate = SSL_NOTHING;
                if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-                        s->state = SSL3_ST_CW_CERT_B;
+                        s->internal->state = SSL3_ST_CW_CERT_B;
                        if (!SSL_use_certificate(s, x509) ||
                            !SSL_use_PrivateKey(s, pkey))
                                i = 0;
@@ -2594,10 +2594,10 @@ ssl3_send_client_certificate(SSL *s)
                        S3I(s)->tmp.cert_req = 2;
                /* Ok, we have a cert */
-                s->state = SSL3_ST_CW_CERT_C;
+                s->internal->state = SSL3_ST_CW_CERT_C;
        }
-        if (s->state == SSL3_ST_CW_CERT_C) {
+        if (s->internal->state == SSL3_ST_CW_CERT_C) {
                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,
                    SSL3_MT_CERTIFICATE))
                        goto err;
@@ -2607,7 +2607,7 @@ ssl3_send_client_certificate(SSL *s)
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->state = SSL3_ST_CW_CERT_D;
+                s->internal->state = SSL3_ST_CW_CERT_D;
        }
        /* SSL3_ST_CW_CERT_D */
@@ -2700,7 +2700,7 @@ ssl3_send_next_proto(SSL *s)
        unsigned int     len, padding_len;
        unsigned char   *d, *p;
-        if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
+        if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) {
                d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
                len = s->internal->next_proto_negotiated_len;
@@ -2714,7 +2714,7 @@ ssl3_send_next_proto(SSL *s)
                ssl3_handshake_msg_finish(s, p - d);
-                s->state = SSL3_ST_CW_NEXT_PROTO_B;
+                s->internal->state = SSL3_ST_CW_NEXT_PROTO_B;
        }
        return (ssl3_handshake_write(s));

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 0893682e75..a6feb68e91 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.168 2017/01/23 06:45:30 beck Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.169 2017/01/23 08:48:44 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -193,12 +193,12 @@ ssl3_connect(SSL *s)
193	SSL_clear(s);	193	SSL_clear(s);
194		194
195	for (;;) {	195	for (;;) {
196	state = s->state;	196	state = s->internal->state;
197		197
198	switch (s->state) {	198	switch (s->internal->state) {
199	case SSL_ST_RENEGOTIATE:	199	case SSL_ST_RENEGOTIATE:
200	s->internal->renegotiate = 1;	200	s->internal->renegotiate = 1;
201	s->state = SSL_ST_CONNECT;	201	s->internal->state = SSL_ST_CONNECT;
202	s->ctx->internal->stats.sess_connect_renegotiate++;	202	s->ctx->internal->stats.sess_connect_renegotiate++;
203	/* break */	203	/* break */
204	case SSL_ST_BEFORE:	204	case SSL_ST_BEFORE:
@@ -240,7 +240,7 @@ ssl3_connect(SSL *s)
240	goto end;	240	goto end;
241	}	241	}
242		242
243	s->state = SSL3_ST_CW_CLNT_HELLO_A;	243	s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
244	s->ctx->internal->stats.sess_connect++;	244	s->ctx->internal->stats.sess_connect++;
245	s->internal->init_num = 0;	245	s->internal->init_num = 0;
246	break;	246	break;
@@ -252,7 +252,7 @@ ssl3_connect(SSL *s)
252	ret = ssl3_client_hello(s);	252	ret = ssl3_client_hello(s);
253	if (ret <= 0)	253	if (ret <= 0)
254	goto end;	254	goto end;
255	s->state = SSL3_ST_CR_SRVR_HELLO_A;	255	s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
256	s->internal->init_num = 0;	256	s->internal->init_num = 0;
257		257
258	/* turn on buffering for the next lot of output */	258	/* turn on buffering for the next lot of output */
@@ -268,13 +268,13 @@ ssl3_connect(SSL *s)
268	goto end;	268	goto end;
269		269
270	if (s->internal->hit) {	270	if (s->internal->hit) {
271	s->state = SSL3_ST_CR_FINISHED_A;	271	s->internal->state = SSL3_ST_CR_FINISHED_A;
272	if (s->internal->tlsext_ticket_expected) {	272	if (s->internal->tlsext_ticket_expected) {
273	/* receive renewed session ticket */	273	/* receive renewed session ticket */
274	s->state = SSL3_ST_CR_SESSION_TICKET_A;	274	s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
275	}	275	}
276	} else	276	} else
277	s->state = SSL3_ST_CR_CERT_A;	277	s->internal->state = SSL3_ST_CR_CERT_A;
278	s->internal->init_num = 0;	278	s->internal->init_num = 0;
279	break;	279	break;
280		280
@@ -286,9 +286,9 @@ ssl3_connect(SSL *s)
286	if (ret == 2) {	286	if (ret == 2) {
287	s->internal->hit = 1;	287	s->internal->hit = 1;
288	if (s->internal->tlsext_ticket_expected)	288	if (s->internal->tlsext_ticket_expected)
289	s->state = SSL3_ST_CR_SESSION_TICKET_A;	289	s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
290	else	290	else
291	s->state = SSL3_ST_CR_FINISHED_A;	291	s->internal->state = SSL3_ST_CR_FINISHED_A;
292	s->internal->init_num = 0;	292	s->internal->init_num = 0;
293	break;	293	break;
294	}	294	}
@@ -299,12 +299,12 @@ ssl3_connect(SSL *s)
299	if (ret <= 0)	299	if (ret <= 0)
300	goto end;	300	goto end;
301	if (s->internal->tlsext_status_expected)	301	if (s->internal->tlsext_status_expected)
302	s->state = SSL3_ST_CR_CERT_STATUS_A;	302	s->internal->state = SSL3_ST_CR_CERT_STATUS_A;
303	else	303	else
304	s->state = SSL3_ST_CR_KEY_EXCH_A;	304	s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
305	} else {	305	} else {
306	skip = 1;	306	skip = 1;
307	s->state = SSL3_ST_CR_KEY_EXCH_A;	307	s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
308	}	308	}
309	s->internal->init_num = 0;	309	s->internal->init_num = 0;
310	break;	310	break;
@@ -314,7 +314,7 @@ ssl3_connect(SSL *s)
314	ret = ssl3_get_server_key_exchange(s);	314	ret = ssl3_get_server_key_exchange(s);
315	if (ret <= 0)	315	if (ret <= 0)
316	goto end;	316	goto end;
317	s->state = SSL3_ST_CR_CERT_REQ_A;	317	s->internal->state = SSL3_ST_CR_CERT_REQ_A;
318	s->internal->init_num = 0;	318	s->internal->init_num = 0;
319		319
320	/*	320	/*
@@ -332,7 +332,7 @@ ssl3_connect(SSL *s)
332	ret = ssl3_get_certificate_request(s);	332	ret = ssl3_get_certificate_request(s);
333	if (ret <= 0)	333	if (ret <= 0)
334	goto end;	334	goto end;
335	s->state = SSL3_ST_CR_SRVR_DONE_A;	335	s->internal->state = SSL3_ST_CR_SRVR_DONE_A;
336	s->internal->init_num = 0;	336	s->internal->init_num = 0;
337	break;	337	break;
338		338
@@ -342,9 +342,9 @@ ssl3_connect(SSL *s)
342	if (ret <= 0)	342	if (ret <= 0)
343	goto end;	343	goto end;
344	if (S3I(s)->tmp.cert_req)	344	if (S3I(s)->tmp.cert_req)
345	s->state = SSL3_ST_CW_CERT_A;	345	s->internal->state = SSL3_ST_CW_CERT_A;
346	else	346	else
347	s->state = SSL3_ST_CW_KEY_EXCH_A;	347	s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
348	s->internal->init_num = 0;	348	s->internal->init_num = 0;
349		349
350	break;	350	break;
@@ -356,7 +356,7 @@ ssl3_connect(SSL *s)
356	ret = ssl3_send_client_certificate(s);	356	ret = ssl3_send_client_certificate(s);
357	if (ret <= 0)	357	if (ret <= 0)
358	goto end;	358	goto end;
359	s->state = SSL3_ST_CW_KEY_EXCH_A;	359	s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
360	s->internal->init_num = 0;	360	s->internal->init_num = 0;
361	break;	361	break;
362		362
@@ -382,13 +382,13 @@ ssl3_connect(SSL *s)
382	* inside the client certificate.	382	* inside the client certificate.
383	*/	383	*/
384	if (S3I(s)->tmp.cert_req == 1) {	384	if (S3I(s)->tmp.cert_req == 1) {
385	s->state = SSL3_ST_CW_CERT_VRFY_A;	385	s->internal->state = SSL3_ST_CW_CERT_VRFY_A;
386	} else {	386	} else {
387	s->state = SSL3_ST_CW_CHANGE_A;	387	s->internal->state = SSL3_ST_CW_CHANGE_A;
388	S3I(s)->change_cipher_spec = 0;	388	S3I(s)->change_cipher_spec = 0;
389	}	389	}
390	if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {	390	if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
391	s->state = SSL3_ST_CW_CHANGE_A;	391	s->internal->state = SSL3_ST_CW_CHANGE_A;
392	S3I(s)->change_cipher_spec = 0;	392	S3I(s)->change_cipher_spec = 0;
393	}	393	}
394		394
@@ -400,7 +400,7 @@ ssl3_connect(SSL *s)
400	ret = ssl3_send_client_verify(s);	400	ret = ssl3_send_client_verify(s);
401	if (ret <= 0)	401	if (ret <= 0)
402	goto end;	402	goto end;
403	s->state = SSL3_ST_CW_CHANGE_A;	403	s->internal->state = SSL3_ST_CW_CHANGE_A;
404	s->internal->init_num = 0;	404	s->internal->init_num = 0;
405	S3I(s)->change_cipher_spec = 0;	405	S3I(s)->change_cipher_spec = 0;
406	break;	406	break;
@@ -413,9 +413,9 @@ ssl3_connect(SSL *s)
413	goto end;	413	goto end;
414		414
415	if (S3I(s)->next_proto_neg_seen)	415	if (S3I(s)->next_proto_neg_seen)
416	s->state = SSL3_ST_CW_NEXT_PROTO_A;	416	s->internal->state = SSL3_ST_CW_NEXT_PROTO_A;
417	else	417	else
418	s->state = SSL3_ST_CW_FINISHED_A;	418	s->internal->state = SSL3_ST_CW_FINISHED_A;
419	s->internal->init_num = 0;	419	s->internal->init_num = 0;
420		420
421	s->session->cipher = S3I(s)->tmp.new_cipher;	421	s->session->cipher = S3I(s)->tmp.new_cipher;
@@ -437,7 +437,7 @@ ssl3_connect(SSL *s)
437	ret = ssl3_send_next_proto(s);	437	ret = ssl3_send_next_proto(s);
438	if (ret <= 0)	438	if (ret <= 0)
439	goto end;	439	goto end;
440	s->state = SSL3_ST_CW_FINISHED_A;	440	s->internal->state = SSL3_ST_CW_FINISHED_A;
441	break;	441	break;
442		442
443	case SSL3_ST_CW_FINISHED_A:	443	case SSL3_ST_CW_FINISHED_A:
@@ -449,7 +449,7 @@ ssl3_connect(SSL *s)
449	if (ret <= 0)	449	if (ret <= 0)
450	goto end;	450	goto end;
451	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	451	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
452	s->state = SSL3_ST_CW_FLUSH;	452	s->internal->state = SSL3_ST_CW_FLUSH;
453		453
454	/* clear flags */	454	/* clear flags */
455	s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;	455	s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
@@ -457,7 +457,7 @@ ssl3_connect(SSL *s)
457	S3I(s)->tmp.next_state = SSL_ST_OK;	457	S3I(s)->tmp.next_state = SSL_ST_OK;
458	if (s->s3->flags &	458	if (s->s3->flags &
459	SSL3_FLAGS_DELAY_CLIENT_FINISHED) {	459	SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
460	s->state = SSL_ST_OK;	460	s->internal->state = SSL_ST_OK;
461	s->s3->flags\|=SSL3_FLAGS_POP_BUFFER;	461	s->s3->flags\|=SSL3_FLAGS_POP_BUFFER;
462	S3I(s)->delay_buf_pop_ret = 0;	462	S3I(s)->delay_buf_pop_ret = 0;
463	}	463	}
@@ -478,7 +478,7 @@ ssl3_connect(SSL *s)
478	ret = ssl3_get_new_session_ticket(s);	478	ret = ssl3_get_new_session_ticket(s);
479	if (ret <= 0)	479	if (ret <= 0)
480	goto end;	480	goto end;
481	s->state = SSL3_ST_CR_FINISHED_A;	481	s->internal->state = SSL3_ST_CR_FINISHED_A;
482	s->internal->init_num = 0;	482	s->internal->init_num = 0;
483	break;	483	break;
484		484
@@ -487,7 +487,7 @@ ssl3_connect(SSL *s)
487	ret = ssl3_get_cert_status(s);	487	ret = ssl3_get_cert_status(s);
488	if (ret <= 0)	488	if (ret <= 0)
489	goto end;	489	goto end;
490	s->state = SSL3_ST_CR_KEY_EXCH_A;	490	s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
491	s->internal->init_num = 0;	491	s->internal->init_num = 0;
492	break;	492	break;
493		493
@@ -500,9 +500,9 @@ ssl3_connect(SSL *s)
500	goto end;	500	goto end;
501		501
502	if (s->internal->hit)	502	if (s->internal->hit)
503	s->state = SSL3_ST_CW_CHANGE_A;	503	s->internal->state = SSL3_ST_CW_CHANGE_A;
504	else	504	else
505	s->state = SSL_ST_OK;	505	s->internal->state = SSL_ST_OK;
506	s->internal->init_num = 0;	506	s->internal->init_num = 0;
507	break;	507	break;
508		508
@@ -513,7 +513,7 @@ ssl3_connect(SSL *s)
513	goto end;	513	goto end;
514	}	514	}
515	s->internal->rwstate = SSL_NOTHING;	515	s->internal->rwstate = SSL_NOTHING;
516	s->state = S3I(s)->tmp.next_state;	516	s->internal->state = S3I(s)->tmp.next_state;
517	break;	517	break;
518		518
519	case SSL_ST_OK:	519	case SSL_ST_OK:
@@ -567,11 +567,11 @@ ssl3_connect(SSL *s)
567	goto end;	567	goto end;
568	}	568	}
569		569
570	if ((cb != NULL) && (s->state != state)) {	570	if ((cb != NULL) && (s->internal->state != state)) {
571	new_state = s->state;	571	new_state = s->internal->state;
572	s->state = state;	572	s->internal->state = state;
573	cb(s, SSL_CB_CONNECT_LOOP, 1);	573	cb(s, SSL_CB_CONNECT_LOOP, 1);
574	s->state = new_state;	574	s->internal->state = new_state;
575	}	575	}
576	}	576	}
577	skip = 0;	577	skip = 0;
@@ -594,7 +594,7 @@ ssl3_client_hello(SSL *s)
594		594
595	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;	595	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
596		596
597	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {	597	if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) {
598	SSL_SESSION *sess = s->session;	598	SSL_SESSION *sess = s->session;
599		599
600	if ((sess == NULL) \|\|	600	if ((sess == NULL) \|\|
@@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s)
706		706
707	ssl3_handshake_msg_finish(s, p - d);	707	ssl3_handshake_msg_finish(s, p - d);
708		708
709	s->state = SSL3_ST_CW_CLNT_HELLO_B;	709	s->internal->state = SSL3_ST_CW_CLNT_HELLO_B;
710	}	710	}
711		711
712	/* SSL3_ST_CW_CLNT_HELLO_B */	712	/* SSL3_ST_CW_CLNT_HELLO_B */
@@ -2339,7 +2339,7 @@ ssl3_send_client_key_exchange(SSL *s)
2339		2339
2340	memset(&cbb, 0, sizeof(cbb));	2340	memset(&cbb, 0, sizeof(cbb));
2341		2341
2342	if (s->state == SSL3_ST_CW_KEY_EXCH_A) {	2342	if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) {
2343	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;	2343	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2344		2344
2345	if ((sess_cert = SSI(s)->sess_cert) == NULL) {	2345	if ((sess_cert = SSI(s)->sess_cert) == NULL) {
@@ -2377,7 +2377,7 @@ ssl3_send_client_key_exchange(SSL *s)
2377	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	2377	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2378	goto err;	2378	goto err;
2379		2379
2380	s->state = SSL3_ST_CW_KEY_EXCH_B;	2380	s->internal->state = SSL3_ST_CW_KEY_EXCH_B;
2381	}	2381	}
2382		2382
2383	/* SSL3_ST_CW_KEY_EXCH_B */	2383	/* SSL3_ST_CW_KEY_EXCH_B */
@@ -2403,7 +2403,7 @@ ssl3_send_client_verify(SSL *s)
2403		2403
2404	EVP_MD_CTX_init(&mctx);	2404	EVP_MD_CTX_init(&mctx);
2405		2405
2406	if (s->state == SSL3_ST_CW_CERT_VRFY_A) {	2406	if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) {
2407	p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);	2407	p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
2408		2408
2409	/*	2409	/*
@@ -2530,7 +2530,7 @@ ssl3_send_client_verify(SSL *s)
2530	goto err;	2530	goto err;
2531	}	2531	}
2532		2532
2533	s->state = SSL3_ST_CW_CERT_VRFY_B;	2533	s->internal->state = SSL3_ST_CW_CERT_VRFY_B;
2534		2534
2535	ssl3_handshake_msg_finish(s, n);	2535	ssl3_handshake_msg_finish(s, n);
2536	}	2536	}
@@ -2556,16 +2556,16 @@ ssl3_send_client_certificate(SSL *s)
2556		2556
2557	memset(&cbb, 0, sizeof(cbb));	2557	memset(&cbb, 0, sizeof(cbb));
2558		2558
2559	if (s->state == SSL3_ST_CW_CERT_A) {	2559	if (s->internal->state == SSL3_ST_CW_CERT_A) {
2560	if ((s->cert == NULL) \|\| (s->cert->key->x509 == NULL) \|\|	2560	if ((s->cert == NULL) \|\| (s->cert->key->x509 == NULL) \|\|
2561	(s->cert->key->privatekey == NULL))	2561	(s->cert->key->privatekey == NULL))
2562	s->state = SSL3_ST_CW_CERT_B;	2562	s->internal->state = SSL3_ST_CW_CERT_B;
2563	else	2563	else
2564	s->state = SSL3_ST_CW_CERT_C;	2564	s->internal->state = SSL3_ST_CW_CERT_C;
2565	}	2565	}
2566		2566
2567	/* We need to get a client cert */	2567	/* We need to get a client cert */
2568	if (s->state == SSL3_ST_CW_CERT_B) {	2568	if (s->internal->state == SSL3_ST_CW_CERT_B) {
2569	/*	2569	/*
2570	* If we get an error, we need to	2570	* If we get an error, we need to
2571	* ssl->rwstate=SSL_X509_LOOKUP; return(-1);	2571	* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
@@ -2578,7 +2578,7 @@ ssl3_send_client_certificate(SSL *s)
2578	}	2578	}
2579	s->internal->rwstate = SSL_NOTHING;	2579	s->internal->rwstate = SSL_NOTHING;
2580	if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {	2580	if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
2581	s->state = SSL3_ST_CW_CERT_B;	2581	s->internal->state = SSL3_ST_CW_CERT_B;
2582	if (!SSL_use_certificate(s, x509) \|\|	2582	if (!SSL_use_certificate(s, x509) \|\|
2583	!SSL_use_PrivateKey(s, pkey))	2583	!SSL_use_PrivateKey(s, pkey))
2584	i = 0;	2584	i = 0;
@@ -2594,10 +2594,10 @@ ssl3_send_client_certificate(SSL *s)
2594	S3I(s)->tmp.cert_req = 2;	2594	S3I(s)->tmp.cert_req = 2;
2595		2595
2596	/* Ok, we have a cert */	2596	/* Ok, we have a cert */
2597	s->state = SSL3_ST_CW_CERT_C;	2597	s->internal->state = SSL3_ST_CW_CERT_C;
2598	}	2598	}
2599		2599
2600	if (s->state == SSL3_ST_CW_CERT_C) {	2600	if (s->internal->state == SSL3_ST_CW_CERT_C) {
2601	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,	2601	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,
2602	SSL3_MT_CERTIFICATE))	2602	SSL3_MT_CERTIFICATE))
2603	goto err;	2603	goto err;
@@ -2607,7 +2607,7 @@ ssl3_send_client_certificate(SSL *s)
2607	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	2607	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2608	goto err;	2608	goto err;
2609		2609
2610	s->state = SSL3_ST_CW_CERT_D;	2610	s->internal->state = SSL3_ST_CW_CERT_D;
2611	}	2611	}
2612		2612
2613	/* SSL3_ST_CW_CERT_D */	2613	/* SSL3_ST_CW_CERT_D */
@@ -2700,7 +2700,7 @@ ssl3_send_next_proto(SSL *s)
2700	unsigned int len, padding_len;	2700	unsigned int len, padding_len;
2701	unsigned char d, p;	2701	unsigned char d, p;
2702		2702
2703	if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {	2703	if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) {
2704	d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);	2704	d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
2705		2705
2706	len = s->internal->next_proto_negotiated_len;	2706	len = s->internal->next_proto_negotiated_len;
@@ -2714,7 +2714,7 @@ ssl3_send_next_proto(SSL *s)
2714		2714
2715	ssl3_handshake_msg_finish(s, p - d);	2715	ssl3_handshake_msg_finish(s, p - d);
2716		2716
2717	s->state = SSL3_ST_CW_NEXT_PROTO_B;	2717	s->internal->state = SSL3_ST_CW_NEXT_PROTO_B;
2718	}	2718	}
2719		2719
2720	return (ssl3_handshake_write(s));	2720	return (ssl3_handshake_write(s));