1 files changed, 58 insertions, 58 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 8c1a87f38e..0893682e75 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.167 2017/01/23 05:13:02 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.168 2017/01/23 06:45:30 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -197,7 +197,7 @@ ssl3_connect(SSL *s)
                switch (s->state) {
                case SSL_ST_RENEGOTIATE:
-                        s->renegotiate = 1;
+                        s->internal->renegotiate = 1;
                        s->state = SSL_ST_CONNECT;
                        s->ctx->internal->stats.sess_connect_renegotiate++;
                        /* break */
@@ -218,7 +218,7 @@ ssl3_connect(SSL *s)
                        }
                        /* s->version=SSL3_VERSION; */
-                        s->type = SSL_ST_CONNECT;
+                        s->internal->type = SSL_ST_CONNECT;
                        if (!ssl3_setup_init_buffer(s)) {
                                ret = -1;
@@ -242,18 +242,18 @@ ssl3_connect(SSL *s)
                        s->state = SSL3_ST_CW_CLNT_HELLO_A;
                        s->ctx->internal->stats.sess_connect++;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CW_CLNT_HELLO_A:
                case SSL3_ST_CW_CLNT_HELLO_B:
-                        s->shutdown = 0;
+                        s->internal->shutdown = 0;
                        ret = ssl3_client_hello(s);
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CR_SRVR_HELLO_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        /* turn on buffering for the next lot of output */
                        if (s->bbio != s->wbio)
@@ -267,15 +267,15 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
-                        if (s->hit) {
+                        if (s->internal->hit) {
                                s->state = SSL3_ST_CR_FINISHED_A;
-                                if (s->tlsext_ticket_expected) {
+                                if (s->internal->tlsext_ticket_expected) {
                                        /* receive renewed session ticket */
                                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
                                }
                        } else
                                s->state = SSL3_ST_CR_CERT_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_CERT_A:
@@ -284,12 +284,12 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        if (ret == 2) {
-                                s->hit = 1;
+                                s->internal->hit = 1;
-                                if (s->tlsext_ticket_expected)
+                                if (s->internal->tlsext_ticket_expected)
                                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
                                else
                                        s->state = SSL3_ST_CR_FINISHED_A;
-                                s->init_num = 0;
+                                s->internal->init_num = 0;
                                break;
                        }
                        /* Check if it is anon DH/ECDH. */
@@ -298,7 +298,7 @@ ssl3_connect(SSL *s)
                                ret = ssl3_get_server_certificate(s);
                                if (ret <= 0)
                                        goto end;
-                                if (s->tlsext_status_expected)
+                                if (s->internal->tlsext_status_expected)
                                        s->state = SSL3_ST_CR_CERT_STATUS_A;
                                else
                                        s->state = SSL3_ST_CR_KEY_EXCH_A;
@@ -306,7 +306,7 @@ ssl3_connect(SSL *s)
                                skip = 1;
                                s->state = SSL3_ST_CR_KEY_EXCH_A;
                        }
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_KEY_EXCH_A:
@@ -315,7 +315,7 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CR_CERT_REQ_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        /*
                         * At this point we check that we have the
@@ -333,7 +333,7 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CR_SRVR_DONE_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_SRVR_DONE_A:
@@ -345,7 +345,7 @@ ssl3_connect(SSL *s)
                                s->state = SSL3_ST_CW_CERT_A;
                        else
                                s->state = SSL3_ST_CW_KEY_EXCH_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
@@ -357,7 +357,7 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CW_KEY_EXCH_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CW_KEY_EXCH_A:
@@ -392,7 +392,7 @@ ssl3_connect(SSL *s)
                                S3I(s)->change_cipher_spec = 0;
                        }
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CW_CERT_VRFY_A:
@@ -401,7 +401,7 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CW_CHANGE_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        S3I(s)->change_cipher_spec = 0;
                        break;
@@ -416,7 +416,7 @@ ssl3_connect(SSL *s)
                                s->state = SSL3_ST_CW_NEXT_PROTO_A;
                        else
                                s->state = SSL3_ST_CW_FINISHED_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        s->session->cipher = S3I(s)->tmp.new_cipher;
                        if (!s->method->ssl3_enc->setup_key_block(s)) {
@@ -453,7 +453,7 @@ ssl3_connect(SSL *s)
                        /* clear flags */
                        s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
-                        if (s->hit) {
+                        if (s->internal->hit) {
                                S3I(s)->tmp.next_state = SSL_ST_OK;
                                if (s->s3->flags &
                                    SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
@@ -463,14 +463,14 @@ ssl3_connect(SSL *s)
                                }
                        } else {
                                /* Allow NewSessionTicket if ticket expected */
-                                if (s->tlsext_ticket_expected)
+                                if (s->internal->tlsext_ticket_expected)
                                        S3I(s)->tmp.next_state =
                                            SSL3_ST_CR_SESSION_TICKET_A;
                                else
                                S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A;
                        }
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_SESSION_TICKET_A:
@@ -479,7 +479,7 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CR_FINISHED_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_CERT_STATUS_A:
@@ -488,7 +488,7 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CR_KEY_EXCH_A;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CR_FINISHED_A:
@@ -499,20 +499,20 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
-                        if (s->hit)
+                        if (s->internal->hit)
                                s->state = SSL3_ST_CW_CHANGE_A;
                        else
                                s->state = SSL_ST_OK;
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_CW_FLUSH:
-                        s->rwstate = SSL_WRITING;
+                        s->internal->rwstate = SSL_WRITING;
                        if (BIO_flush(s->wbio) <= 0) {
                                ret = -1;
                                goto end;
                        }
-                        s->rwstate = SSL_NOTHING;
+                        s->internal->rwstate = SSL_NOTHING;
                        s->state = S3I(s)->tmp.next_state;
                        break;
@@ -520,9 +520,9 @@ ssl3_connect(SSL *s)
                        /* clean a few things up */
                        tls1_cleanup_key_block(s);
-                        if (s->init_buf != NULL) {
+                        if (s->internal->init_buf != NULL) {
-                                BUF_MEM_free(s->init_buf);
+                                BUF_MEM_free(s->internal->init_buf);
-                                s->init_buf = NULL;
+                                s->internal->init_buf = NULL;
                        }
                        /*
@@ -533,12 +533,12 @@ ssl3_connect(SSL *s)
                                ssl_free_wbio_buffer(s);
                        /* else do it later in ssl3_write */
-                        s->init_num = 0;
+                        s->internal->init_num = 0;
-                        s->renegotiate = 0;
+                        s->internal->renegotiate = 0;
-                        s->new_session = 0;
+                        s->internal->new_session = 0;
                        ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
-                        if (s->hit)
+                        if (s->internal->hit)
                                s->ctx->internal->stats.sess_hit++;
                        ret = 1;
@@ -562,7 +562,7 @@ ssl3_connect(SSL *s)
                /* did we do anything */
                if (!S3I(s)->tmp.reuse_message && !skip) {
-                        if (s->debug) {
+                        if (s->internal->debug) {
                                if ((ret = BIO_flush(s->wbio)) <= 0)
                                        goto end;
                        }
@@ -592,7 +592,7 @@ ssl3_client_hello(SSL *s)
        size_t           outlen;
        int              i;
-        bufend = (unsigned char *)s->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
+        bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
@@ -654,7 +654,7 @@ ssl3_client_hello(SSL *s)
                p += SSL3_RANDOM_SIZE;
                /* Session ID */
-                if (s->new_session)
+                if (s->internal->new_session)
                        i = 0;
                else
                        i = s->session->session_id_length;
@@ -739,7 +739,7 @@ ssl3_get_server_hello(SSL *s)
        if (n < 0)
                goto truncated;
-        CBS_init(&cbs, s->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, n);
        if (SSL_IS_DTLS(s)) {
                if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
@@ -825,13 +825,13 @@ ssl3_get_server_hello(SSL *s)
                        goto f_err;
                }
                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-                s->hit = 1;
+                s->internal->hit = 1;
        } else {
                /* a miss or crap from the other end */
                /* If we were trying for session-id reuse, make a new
                 * SSL_SESSION so we don't stuff up other people */
-                s->hit = 0;
+                s->internal->hit = 0;
                if (s->session->session_id_length > 0) {
                        if (!ssl_get_new_session(s, 0)) {
                                al = SSL_AD_INTERNAL_ERROR;
@@ -881,7 +881,7 @@ ssl3_get_server_hello(SSL *s)
         */
        if (s->session->cipher)
                s->session->cipher_id = s->session->cipher->id;
-        if (s->hit && (s->session->cipher_id != cipher->id)) {
+        if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
                al = SSL_AD_ILLEGAL_PARAMETER;
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
                    SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
@@ -951,7 +951,7 @@ ssl3_get_server_certificate(SSL *s)
        EVP_PKEY                *pkey = NULL;
        n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
-            SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
+            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
        if (!ok)
                return ((int)n);
@@ -978,7 +978,7 @@ ssl3_get_server_certificate(SSL *s)
        if (n < 0)
                goto truncated;
-        CBS_init(&cbs, s->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, n);
        if (CBS_len(&cbs) < 3)
                goto truncated;
@@ -1374,7 +1374,7 @@ ssl3_get_server_key_exchange(SSL *s)
         * as ServerKeyExchange message may be skipped.
         */
        n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
-            SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok);
+            SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok);
        if (!ok)
                return ((int)n);
@@ -1412,7 +1412,7 @@ ssl3_get_server_key_exchange(SSL *s)
                        goto err;
        }
-        param = p = (unsigned char *)s->init_msg;
+        param = p = (unsigned char *)s->internal->init_msg;
        param_len = n;
        if (alg_k & SSL_kDHE) {
@@ -1580,7 +1580,7 @@ ssl3_get_certificate_request(SSL *s)
        STACK_OF(X509_NAME)     *ca_sk = NULL;
        n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
-            SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok);
+            SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);
        if (!ok)
                return ((int)n);
@@ -1617,7 +1617,7 @@ ssl3_get_certificate_request(SSL *s)
        if (n < 0)
                goto truncated;
-        CBS_init(&cert_request, s->init_msg, n);
+        CBS_init(&cert_request, s->internal->init_msg, n);
        if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
@@ -1779,7 +1779,7 @@ ssl3_get_new_session_ticket(SSL *s)
                goto f_err;
        }
-        CBS_init(&cbs, s->init_msg, n);
+        CBS_init(&cbs, s->internal->init_msg, n);
        if (!CBS_get_u32(&cbs, &lifetime_hint) ||
 #if UINT32_MAX > LONG_MAX
            lifetime_hint > LONG_MAX ||
@@ -1851,7 +1851,7 @@ ssl3_get_cert_status(SSL *s)
                goto f_err;
        }
-        CBS_init(&cert_status, s->init_msg, n);
+        CBS_init(&cert_status, s->internal->init_msg, n);
        if (!CBS_get_u8(&cert_status, &status_type) ||
            CBS_len(&cert_status) < 3) {
                /* need at least status type + length */
@@ -1876,15 +1876,15 @@ ssl3_get_cert_status(SSL *s)
                goto f_err;
        }
-        if (!CBS_stow(&response, &s->tlsext_ocsp_resp,
+        if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
            &stow_len) || stow_len > INT_MAX) {
-                s->tlsext_ocsp_resplen = 0;
+                s->internal->tlsext_ocsp_resplen = 0;
                al = SSL_AD_INTERNAL_ERROR;
                SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
                    ERR_R_MALLOC_FAILURE);
                goto f_err;
        }
-        s->tlsext_ocsp_resplen = (int)stow_len;
+        s->internal->tlsext_ocsp_resplen = (int)stow_len;
        if (s->ctx->internal->tlsext_status_cb) {
                int ret;
@@ -2573,10 +2573,10 @@ ssl3_send_client_certificate(SSL *s)
                 */
                i = ssl_do_client_cert_cb(s, &x509, &pkey);
                if (i < 0) {
-                        s->rwstate = SSL_X509_LOOKUP;
+                        s->internal->rwstate = SSL_X509_LOOKUP;
                        return (-1);
                }
-                s->rwstate = SSL_NOTHING;
+                s->internal->rwstate = SSL_NOTHING;
                if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
                        s->state = SSL3_ST_CW_CERT_B;
                        if (!SSL_use_certificate(s, x509) ||
@@ -2738,7 +2738,7 @@ ssl3_check_finished(SSL *s)
        /* this function is called when we really expect a Certificate
         * message, so permit appropriate message length */
        n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
-            SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
+            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
        if (!ok)
                return ((int)n);
        S3I(s)->tmp.reuse_message = 1;

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 8c1a87f38e..0893682e75 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.167 2017/01/23 05:13:02 jsing Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.168 2017/01/23 06:45:30 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -197,7 +197,7 @@ ssl3_connect(SSL *s)
197		197
198	switch (s->state) {	198	switch (s->state) {
199	case SSL_ST_RENEGOTIATE:	199	case SSL_ST_RENEGOTIATE:
200	s->renegotiate = 1;	200	s->internal->renegotiate = 1;
201	s->state = SSL_ST_CONNECT;	201	s->state = SSL_ST_CONNECT;
202	s->ctx->internal->stats.sess_connect_renegotiate++;	202	s->ctx->internal->stats.sess_connect_renegotiate++;
203	/* break */	203	/* break */
@@ -218,7 +218,7 @@ ssl3_connect(SSL *s)
218	}	218	}
219		219
220	/* s->version=SSL3_VERSION; */	220	/* s->version=SSL3_VERSION; */
221	s->type = SSL_ST_CONNECT;	221	s->internal->type = SSL_ST_CONNECT;
222		222
223	if (!ssl3_setup_init_buffer(s)) {	223	if (!ssl3_setup_init_buffer(s)) {
224	ret = -1;	224	ret = -1;
@@ -242,18 +242,18 @@ ssl3_connect(SSL *s)
242		242
243	s->state = SSL3_ST_CW_CLNT_HELLO_A;	243	s->state = SSL3_ST_CW_CLNT_HELLO_A;
244	s->ctx->internal->stats.sess_connect++;	244	s->ctx->internal->stats.sess_connect++;
245	s->init_num = 0;	245	s->internal->init_num = 0;
246	break;	246	break;
247		247
248	case SSL3_ST_CW_CLNT_HELLO_A:	248	case SSL3_ST_CW_CLNT_HELLO_A:
249	case SSL3_ST_CW_CLNT_HELLO_B:	249	case SSL3_ST_CW_CLNT_HELLO_B:
250		250
251	s->shutdown = 0;	251	s->internal->shutdown = 0;
252	ret = ssl3_client_hello(s);	252	ret = ssl3_client_hello(s);
253	if (ret <= 0)	253	if (ret <= 0)
254	goto end;	254	goto end;
255	s->state = SSL3_ST_CR_SRVR_HELLO_A;	255	s->state = SSL3_ST_CR_SRVR_HELLO_A;
256	s->init_num = 0;	256	s->internal->init_num = 0;
257		257
258	/* turn on buffering for the next lot of output */	258	/* turn on buffering for the next lot of output */
259	if (s->bbio != s->wbio)	259	if (s->bbio != s->wbio)
@@ -267,15 +267,15 @@ ssl3_connect(SSL *s)
267	if (ret <= 0)	267	if (ret <= 0)
268	goto end;	268	goto end;
269		269
270	if (s->hit) {	270	if (s->internal->hit) {
271	s->state = SSL3_ST_CR_FINISHED_A;	271	s->state = SSL3_ST_CR_FINISHED_A;
272	if (s->tlsext_ticket_expected) {	272	if (s->internal->tlsext_ticket_expected) {
273	/* receive renewed session ticket */	273	/* receive renewed session ticket */
274	s->state = SSL3_ST_CR_SESSION_TICKET_A;	274	s->state = SSL3_ST_CR_SESSION_TICKET_A;
275	}	275	}
276	} else	276	} else
277	s->state = SSL3_ST_CR_CERT_A;	277	s->state = SSL3_ST_CR_CERT_A;
278	s->init_num = 0;	278	s->internal->init_num = 0;
279	break;	279	break;
280		280
281	case SSL3_ST_CR_CERT_A:	281	case SSL3_ST_CR_CERT_A:
@@ -284,12 +284,12 @@ ssl3_connect(SSL *s)
284	if (ret <= 0)	284	if (ret <= 0)
285	goto end;	285	goto end;
286	if (ret == 2) {	286	if (ret == 2) {
287	s->hit = 1;	287	s->internal->hit = 1;
288	if (s->tlsext_ticket_expected)	288	if (s->internal->tlsext_ticket_expected)
289	s->state = SSL3_ST_CR_SESSION_TICKET_A;	289	s->state = SSL3_ST_CR_SESSION_TICKET_A;
290	else	290	else
291	s->state = SSL3_ST_CR_FINISHED_A;	291	s->state = SSL3_ST_CR_FINISHED_A;
292	s->init_num = 0;	292	s->internal->init_num = 0;
293	break;	293	break;
294	}	294	}
295	/* Check if it is anon DH/ECDH. */	295	/* Check if it is anon DH/ECDH. */
@@ -298,7 +298,7 @@ ssl3_connect(SSL *s)
298	ret = ssl3_get_server_certificate(s);	298	ret = ssl3_get_server_certificate(s);
299	if (ret <= 0)	299	if (ret <= 0)
300	goto end;	300	goto end;
301	if (s->tlsext_status_expected)	301	if (s->internal->tlsext_status_expected)
302	s->state = SSL3_ST_CR_CERT_STATUS_A;	302	s->state = SSL3_ST_CR_CERT_STATUS_A;
303	else	303	else
304	s->state = SSL3_ST_CR_KEY_EXCH_A;	304	s->state = SSL3_ST_CR_KEY_EXCH_A;
@@ -306,7 +306,7 @@ ssl3_connect(SSL *s)
306	skip = 1;	306	skip = 1;
307	s->state = SSL3_ST_CR_KEY_EXCH_A;	307	s->state = SSL3_ST_CR_KEY_EXCH_A;
308	}	308	}
309	s->init_num = 0;	309	s->internal->init_num = 0;
310	break;	310	break;
311		311
312	case SSL3_ST_CR_KEY_EXCH_A:	312	case SSL3_ST_CR_KEY_EXCH_A:
@@ -315,7 +315,7 @@ ssl3_connect(SSL *s)
315	if (ret <= 0)	315	if (ret <= 0)
316	goto end;	316	goto end;
317	s->state = SSL3_ST_CR_CERT_REQ_A;	317	s->state = SSL3_ST_CR_CERT_REQ_A;
318	s->init_num = 0;	318	s->internal->init_num = 0;
319		319
320	/*	320	/*
321	* At this point we check that we have the	321	* At this point we check that we have the
@@ -333,7 +333,7 @@ ssl3_connect(SSL *s)
333	if (ret <= 0)	333	if (ret <= 0)
334	goto end;	334	goto end;
335	s->state = SSL3_ST_CR_SRVR_DONE_A;	335	s->state = SSL3_ST_CR_SRVR_DONE_A;
336	s->init_num = 0;	336	s->internal->init_num = 0;
337	break;	337	break;
338		338
339	case SSL3_ST_CR_SRVR_DONE_A:	339	case SSL3_ST_CR_SRVR_DONE_A:
@@ -345,7 +345,7 @@ ssl3_connect(SSL *s)
345	s->state = SSL3_ST_CW_CERT_A;	345	s->state = SSL3_ST_CW_CERT_A;
346	else	346	else
347	s->state = SSL3_ST_CW_KEY_EXCH_A;	347	s->state = SSL3_ST_CW_KEY_EXCH_A;
348	s->init_num = 0;	348	s->internal->init_num = 0;
349		349
350	break;	350	break;
351		351
@@ -357,7 +357,7 @@ ssl3_connect(SSL *s)
357	if (ret <= 0)	357	if (ret <= 0)
358	goto end;	358	goto end;
359	s->state = SSL3_ST_CW_KEY_EXCH_A;	359	s->state = SSL3_ST_CW_KEY_EXCH_A;
360	s->init_num = 0;	360	s->internal->init_num = 0;
361	break;	361	break;
362		362
363	case SSL3_ST_CW_KEY_EXCH_A:	363	case SSL3_ST_CW_KEY_EXCH_A:
@@ -392,7 +392,7 @@ ssl3_connect(SSL *s)
392	S3I(s)->change_cipher_spec = 0;	392	S3I(s)->change_cipher_spec = 0;
393	}	393	}
394		394
395	s->init_num = 0;	395	s->internal->init_num = 0;
396	break;	396	break;
397		397
398	case SSL3_ST_CW_CERT_VRFY_A:	398	case SSL3_ST_CW_CERT_VRFY_A:
@@ -401,7 +401,7 @@ ssl3_connect(SSL *s)
401	if (ret <= 0)	401	if (ret <= 0)
402	goto end;	402	goto end;
403	s->state = SSL3_ST_CW_CHANGE_A;	403	s->state = SSL3_ST_CW_CHANGE_A;
404	s->init_num = 0;	404	s->internal->init_num = 0;
405	S3I(s)->change_cipher_spec = 0;	405	S3I(s)->change_cipher_spec = 0;
406	break;	406	break;
407		407
@@ -416,7 +416,7 @@ ssl3_connect(SSL *s)
416	s->state = SSL3_ST_CW_NEXT_PROTO_A;	416	s->state = SSL3_ST_CW_NEXT_PROTO_A;
417	else	417	else
418	s->state = SSL3_ST_CW_FINISHED_A;	418	s->state = SSL3_ST_CW_FINISHED_A;
419	s->init_num = 0;	419	s->internal->init_num = 0;
420		420
421	s->session->cipher = S3I(s)->tmp.new_cipher;	421	s->session->cipher = S3I(s)->tmp.new_cipher;
422	if (!s->method->ssl3_enc->setup_key_block(s)) {	422	if (!s->method->ssl3_enc->setup_key_block(s)) {
@@ -453,7 +453,7 @@ ssl3_connect(SSL *s)
453		453
454	/* clear flags */	454	/* clear flags */
455	s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;	455	s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
456	if (s->hit) {	456	if (s->internal->hit) {
457	S3I(s)->tmp.next_state = SSL_ST_OK;	457	S3I(s)->tmp.next_state = SSL_ST_OK;
458	if (s->s3->flags &	458	if (s->s3->flags &
459	SSL3_FLAGS_DELAY_CLIENT_FINISHED) {	459	SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
@@ -463,14 +463,14 @@ ssl3_connect(SSL *s)
463	}	463	}
464	} else {	464	} else {
465	/* Allow NewSessionTicket if ticket expected */	465	/* Allow NewSessionTicket if ticket expected */
466	if (s->tlsext_ticket_expected)	466	if (s->internal->tlsext_ticket_expected)
467	S3I(s)->tmp.next_state =	467	S3I(s)->tmp.next_state =
468	SSL3_ST_CR_SESSION_TICKET_A;	468	SSL3_ST_CR_SESSION_TICKET_A;
469	else	469	else
470		470
471	S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A;	471	S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A;
472	}	472	}
473	s->init_num = 0;	473	s->internal->init_num = 0;
474	break;	474	break;
475		475
476	case SSL3_ST_CR_SESSION_TICKET_A:	476	case SSL3_ST_CR_SESSION_TICKET_A:
@@ -479,7 +479,7 @@ ssl3_connect(SSL *s)
479	if (ret <= 0)	479	if (ret <= 0)
480	goto end;	480	goto end;
481	s->state = SSL3_ST_CR_FINISHED_A;	481	s->state = SSL3_ST_CR_FINISHED_A;
482	s->init_num = 0;	482	s->internal->init_num = 0;
483	break;	483	break;
484		484
485	case SSL3_ST_CR_CERT_STATUS_A:	485	case SSL3_ST_CR_CERT_STATUS_A:
@@ -488,7 +488,7 @@ ssl3_connect(SSL *s)
488	if (ret <= 0)	488	if (ret <= 0)
489	goto end;	489	goto end;
490	s->state = SSL3_ST_CR_KEY_EXCH_A;	490	s->state = SSL3_ST_CR_KEY_EXCH_A;
491	s->init_num = 0;	491	s->internal->init_num = 0;
492	break;	492	break;
493		493
494	case SSL3_ST_CR_FINISHED_A:	494	case SSL3_ST_CR_FINISHED_A:
@@ -499,20 +499,20 @@ ssl3_connect(SSL *s)
499	if (ret <= 0)	499	if (ret <= 0)
500	goto end;	500	goto end;
501		501
502	if (s->hit)	502	if (s->internal->hit)
503	s->state = SSL3_ST_CW_CHANGE_A;	503	s->state = SSL3_ST_CW_CHANGE_A;
504	else	504	else
505	s->state = SSL_ST_OK;	505	s->state = SSL_ST_OK;
506	s->init_num = 0;	506	s->internal->init_num = 0;
507	break;	507	break;
508		508
509	case SSL3_ST_CW_FLUSH:	509	case SSL3_ST_CW_FLUSH:
510	s->rwstate = SSL_WRITING;	510	s->internal->rwstate = SSL_WRITING;
511	if (BIO_flush(s->wbio) <= 0) {	511	if (BIO_flush(s->wbio) <= 0) {
512	ret = -1;	512	ret = -1;
513	goto end;	513	goto end;
514	}	514	}
515	s->rwstate = SSL_NOTHING;	515	s->internal->rwstate = SSL_NOTHING;
516	s->state = S3I(s)->tmp.next_state;	516	s->state = S3I(s)->tmp.next_state;
517	break;	517	break;
518		518
@@ -520,9 +520,9 @@ ssl3_connect(SSL *s)
520	/* clean a few things up */	520	/* clean a few things up */
521	tls1_cleanup_key_block(s);	521	tls1_cleanup_key_block(s);
522		522
523	if (s->init_buf != NULL) {	523	if (s->internal->init_buf != NULL) {
524	BUF_MEM_free(s->init_buf);	524	BUF_MEM_free(s->internal->init_buf);
525	s->init_buf = NULL;	525	s->internal->init_buf = NULL;
526	}	526	}
527		527
528	/*	528	/*
@@ -533,12 +533,12 @@ ssl3_connect(SSL *s)
533	ssl_free_wbio_buffer(s);	533	ssl_free_wbio_buffer(s);
534	/* else do it later in ssl3_write */	534	/* else do it later in ssl3_write */
535		535
536	s->init_num = 0;	536	s->internal->init_num = 0;
537	s->renegotiate = 0;	537	s->internal->renegotiate = 0;
538	s->new_session = 0;	538	s->internal->new_session = 0;
539		539
540	ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);	540	ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
541	if (s->hit)	541	if (s->internal->hit)
542	s->ctx->internal->stats.sess_hit++;	542	s->ctx->internal->stats.sess_hit++;
543		543
544	ret = 1;	544	ret = 1;
@@ -562,7 +562,7 @@ ssl3_connect(SSL *s)
562		562
563	/* did we do anything */	563	/* did we do anything */
564	if (!S3I(s)->tmp.reuse_message && !skip) {	564	if (!S3I(s)->tmp.reuse_message && !skip) {
565	if (s->debug) {	565	if (s->internal->debug) {
566	if ((ret = BIO_flush(s->wbio)) <= 0)	566	if ((ret = BIO_flush(s->wbio)) <= 0)
567	goto end;	567	goto end;
568	}	568	}
@@ -592,7 +592,7 @@ ssl3_client_hello(SSL *s)
592	size_t outlen;	592	size_t outlen;
593	int i;	593	int i;
594		594
595	bufend = (unsigned char *)s->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;	595	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
596		596
597	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {	597	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
598	SSL_SESSION *sess = s->session;	598	SSL_SESSION *sess = s->session;
@@ -654,7 +654,7 @@ ssl3_client_hello(SSL *s)
654	p += SSL3_RANDOM_SIZE;	654	p += SSL3_RANDOM_SIZE;
655		655
656	/* Session ID */	656	/* Session ID */
657	if (s->new_session)	657	if (s->internal->new_session)
658	i = 0;	658	i = 0;
659	else	659	else
660	i = s->session->session_id_length;	660	i = s->session->session_id_length;
@@ -739,7 +739,7 @@ ssl3_get_server_hello(SSL *s)
739	if (n < 0)	739	if (n < 0)
740	goto truncated;	740	goto truncated;
741		741
742	CBS_init(&cbs, s->init_msg, n);	742	CBS_init(&cbs, s->internal->init_msg, n);
743		743
744	if (SSL_IS_DTLS(s)) {	744	if (SSL_IS_DTLS(s)) {
745	if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {	745	if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
@@ -825,13 +825,13 @@ ssl3_get_server_hello(SSL *s)
825	goto f_err;	825	goto f_err;
826	}	826	}
827	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	827	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
828	s->hit = 1;	828	s->internal->hit = 1;
829	} else {	829	} else {
830	/* a miss or crap from the other end */	830	/* a miss or crap from the other end */
831		831
832	/* If we were trying for session-id reuse, make a new	832	/* If we were trying for session-id reuse, make a new
833	* SSL_SESSION so we don't stuff up other people */	833	* SSL_SESSION so we don't stuff up other people */
834	s->hit = 0;	834	s->internal->hit = 0;
835	if (s->session->session_id_length > 0) {	835	if (s->session->session_id_length > 0) {
836	if (!ssl_get_new_session(s, 0)) {	836	if (!ssl_get_new_session(s, 0)) {
837	al = SSL_AD_INTERNAL_ERROR;	837	al = SSL_AD_INTERNAL_ERROR;
@@ -881,7 +881,7 @@ ssl3_get_server_hello(SSL *s)
881	*/	881	*/
882	if (s->session->cipher)	882	if (s->session->cipher)
883	s->session->cipher_id = s->session->cipher->id;	883	s->session->cipher_id = s->session->cipher->id;
884	if (s->hit && (s->session->cipher_id != cipher->id)) {	884	if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
885	al = SSL_AD_ILLEGAL_PARAMETER;	885	al = SSL_AD_ILLEGAL_PARAMETER;
886	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,	886	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
887	SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);	887	SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
@@ -951,7 +951,7 @@ ssl3_get_server_certificate(SSL *s)
951	EVP_PKEY *pkey = NULL;	951	EVP_PKEY *pkey = NULL;
952		952
953	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,	953	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
954	SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);	954	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
955		955
956	if (!ok)	956	if (!ok)
957	return ((int)n);	957	return ((int)n);
@@ -978,7 +978,7 @@ ssl3_get_server_certificate(SSL *s)
978	if (n < 0)	978	if (n < 0)
979	goto truncated;	979	goto truncated;
980		980
981	CBS_init(&cbs, s->init_msg, n);	981	CBS_init(&cbs, s->internal->init_msg, n);
982	if (CBS_len(&cbs) < 3)	982	if (CBS_len(&cbs) < 3)
983	goto truncated;	983	goto truncated;
984		984
@@ -1374,7 +1374,7 @@ ssl3_get_server_key_exchange(SSL *s)
1374	* as ServerKeyExchange message may be skipped.	1374	* as ServerKeyExchange message may be skipped.
1375	*/	1375	*/
1376	n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,	1376	n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1377	SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok);	1377	SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok);
1378	if (!ok)	1378	if (!ok)
1379	return ((int)n);	1379	return ((int)n);
1380		1380
@@ -1412,7 +1412,7 @@ ssl3_get_server_key_exchange(SSL *s)
1412	goto err;	1412	goto err;
1413	}	1413	}
1414		1414
1415	param = p = (unsigned char *)s->init_msg;	1415	param = p = (unsigned char *)s->internal->init_msg;
1416	param_len = n;	1416	param_len = n;
1417		1417
1418	if (alg_k & SSL_kDHE) {	1418	if (alg_k & SSL_kDHE) {
@@ -1580,7 +1580,7 @@ ssl3_get_certificate_request(SSL *s)
1580	STACK_OF(X509_NAME) *ca_sk = NULL;	1580	STACK_OF(X509_NAME) *ca_sk = NULL;
1581		1581
1582	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,	1582	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
1583	SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok);	1583	SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);
1584		1584
1585	if (!ok)	1585	if (!ok)
1586	return ((int)n);	1586	return ((int)n);
@@ -1617,7 +1617,7 @@ ssl3_get_certificate_request(SSL *s)
1617		1617
1618	if (n < 0)	1618	if (n < 0)
1619	goto truncated;	1619	goto truncated;
1620	CBS_init(&cert_request, s->init_msg, n);	1620	CBS_init(&cert_request, s->internal->init_msg, n);
1621		1621
1622	if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {	1622	if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1623	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,	1623	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
@@ -1779,7 +1779,7 @@ ssl3_get_new_session_ticket(SSL *s)
1779	goto f_err;	1779	goto f_err;
1780	}	1780	}
1781		1781
1782	CBS_init(&cbs, s->init_msg, n);	1782	CBS_init(&cbs, s->internal->init_msg, n);
1783	if (!CBS_get_u32(&cbs, &lifetime_hint) \|\|	1783	if (!CBS_get_u32(&cbs, &lifetime_hint) \|\|
1784	#if UINT32_MAX > LONG_MAX	1784	#if UINT32_MAX > LONG_MAX
1785	lifetime_hint > LONG_MAX \|\|	1785	lifetime_hint > LONG_MAX \|\|
@@ -1851,7 +1851,7 @@ ssl3_get_cert_status(SSL *s)
1851	goto f_err;	1851	goto f_err;
1852	}	1852	}
1853		1853
1854	CBS_init(&cert_status, s->init_msg, n);	1854	CBS_init(&cert_status, s->internal->init_msg, n);
1855	if (!CBS_get_u8(&cert_status, &status_type) \|\|	1855	if (!CBS_get_u8(&cert_status, &status_type) \|\|
1856	CBS_len(&cert_status) < 3) {	1856	CBS_len(&cert_status) < 3) {
1857	/* need at least status type + length */	1857	/* need at least status type + length */
@@ -1876,15 +1876,15 @@ ssl3_get_cert_status(SSL *s)
1876	goto f_err;	1876	goto f_err;
1877	}	1877	}
1878		1878
1879	if (!CBS_stow(&response, &s->tlsext_ocsp_resp,	1879	if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
1880	&stow_len) \|\| stow_len > INT_MAX) {	1880	&stow_len) \|\| stow_len > INT_MAX) {
1881	s->tlsext_ocsp_resplen = 0;	1881	s->internal->tlsext_ocsp_resplen = 0;
1882	al = SSL_AD_INTERNAL_ERROR;	1882	al = SSL_AD_INTERNAL_ERROR;
1883	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,	1883	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1884	ERR_R_MALLOC_FAILURE);	1884	ERR_R_MALLOC_FAILURE);
1885	goto f_err;	1885	goto f_err;
1886	}	1886	}
1887	s->tlsext_ocsp_resplen = (int)stow_len;	1887	s->internal->tlsext_ocsp_resplen = (int)stow_len;
1888		1888
1889	if (s->ctx->internal->tlsext_status_cb) {	1889	if (s->ctx->internal->tlsext_status_cb) {
1890	int ret;	1890	int ret;
@@ -2573,10 +2573,10 @@ ssl3_send_client_certificate(SSL *s)
2573	*/	2573	*/
2574	i = ssl_do_client_cert_cb(s, &x509, &pkey);	2574	i = ssl_do_client_cert_cb(s, &x509, &pkey);
2575	if (i < 0) {	2575	if (i < 0) {
2576	s->rwstate = SSL_X509_LOOKUP;	2576	s->internal->rwstate = SSL_X509_LOOKUP;
2577	return (-1);	2577	return (-1);
2578	}	2578	}
2579	s->rwstate = SSL_NOTHING;	2579	s->internal->rwstate = SSL_NOTHING;
2580	if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {	2580	if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
2581	s->state = SSL3_ST_CW_CERT_B;	2581	s->state = SSL3_ST_CW_CERT_B;
2582	if (!SSL_use_certificate(s, x509) \|\|	2582	if (!SSL_use_certificate(s, x509) \|\|
@@ -2738,7 +2738,7 @@ ssl3_check_finished(SSL *s)
2738	/* this function is called when we really expect a Certificate	2738	/* this function is called when we really expect a Certificate
2739	* message, so permit appropriate message length */	2739	* message, so permit appropriate message length */
2740	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,	2740	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
2741	SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);	2741	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
2742	if (!ok)	2742	if (!ok)
2743	return ((int)n);	2743	return ((int)n);
2744	S3I(s)->tmp.reuse_message = 1;	2744	S3I(s)->tmp.reuse_message = 1;