1 files changed, 59 insertions, 59 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 31860eb049..fa958d96f8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.147 2017/01/23 06:45:30 beck Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.148 2017/01/23 08:48:44 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -195,12 +195,12 @@ ssl3_accept(SSL *s)
        }
        for (;;) {
-                state = s->state;
+                state = s->internal->state;
-                switch (s->state) {
+                switch (s->internal->state) {
                case SSL_ST_RENEGOTIATE:
                        s->internal->renegotiate = 1;
-                        /* s->state=SSL_ST_ACCEPT; */
+                        /* s->internal->state=SSL_ST_ACCEPT; */
                case SSL_ST_BEFORE:
                case SSL_ST_ACCEPT:
@@ -229,7 +229,7 @@ ssl3_accept(SSL *s)
                        s->internal->init_num = 0;
-                        if (s->state != SSL_ST_RENEGOTIATE) {
+                        if (s->internal->state != SSL_ST_RENEGOTIATE) {
                                /*
                                 * Ok, we now need to push on a buffering BIO
                                 * so that the output is sent in a way that
@@ -245,7 +245,7 @@ ssl3_accept(SSL *s)
                                        goto end;
                                }
-                                s->state = SSL3_ST_SR_CLNT_HELLO_A;
+                                s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
                                s->ctx->internal->stats.sess_accept++;
                        } else if (!S3I(s)->send_connection_binding) {
                                /*
@@ -261,11 +261,11 @@ ssl3_accept(SSL *s)
                                goto end;
                        } else {
                                /*
-                                 * s->state == SSL_ST_RENEGOTIATE,
+                                 * s->internal->state == SSL_ST_RENEGOTIATE,
                                 * we will just send a HelloRequest
                                 */
                                s->ctx->internal->stats.sess_accept_renegotiate++;
-                                s->state = SSL3_ST_SW_HELLO_REQ_A;
+                                s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
                        }
                        break;
@@ -277,7 +277,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
-                        s->state = SSL3_ST_SW_FLUSH;
+                        s->internal->state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
                        if (!tls1_init_finished_mac(s)) {
@@ -287,7 +287,7 @@ ssl3_accept(SSL *s)
                        break;
                case SSL3_ST_SW_HELLO_REQ_C:
-                        s->state = SSL_ST_OK;
+                        s->internal->state = SSL_ST_OK;
                        break;
                case SSL3_ST_SR_CLNT_HELLO_A:
@@ -302,7 +302,7 @@ ssl3_accept(SSL *s)
                        }
                        s->internal->renegotiate = 2;
-                        s->state = SSL3_ST_SW_SRVR_HELLO_A;
+                        s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;
                        s->internal->init_num = 0;
                        break;
@@ -313,12 +313,12 @@ ssl3_accept(SSL *s)
                                goto end;
                        if (s->internal->hit) {
                                if (s->internal->tlsext_ticket_expected)
-                                        s->state = SSL3_ST_SW_SESSION_TICKET_A;
+                                        s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
                                else
-                                        s->state = SSL3_ST_SW_CHANGE_A;
+                                        s->internal->state = SSL3_ST_SW_CHANGE_A;
                        }
                        else
-                                s->state = SSL3_ST_SW_CERT_A;
+                                s->internal->state = SSL3_ST_SW_CERT_A;
                        s->internal->init_num = 0;
                        break;
@@ -331,12 +331,12 @@ ssl3_accept(SSL *s)
                                if (ret <= 0)
                                        goto end;
                                if (s->internal->tlsext_status_expected)
-                                        s->state = SSL3_ST_SW_CERT_STATUS_A;
+                                        s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
                                else
-                                        s->state = SSL3_ST_SW_KEY_EXCH_A;
+                                        s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
                        } else {
                                skip = 1;
-                                s->state = SSL3_ST_SW_KEY_EXCH_A;
+                                s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
                        }
                        s->internal->init_num = 0;
                        break;
@@ -360,7 +360,7 @@ ssl3_accept(SSL *s)
                        } else
                                skip = 1;
-                        s->state = SSL3_ST_SW_CERT_REQ_A;
+                        s->internal->state = SSL3_ST_SW_CERT_REQ_A;
                        s->internal->init_num = 0;
                        break;
@@ -392,7 +392,7 @@ ssl3_accept(SSL *s)
                                /* No cert request */
                                skip = 1;
                                S3I(s)->tmp.cert_request = 0;
-                                s->state = SSL3_ST_SW_SRVR_DONE_A;
+                                s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
                                if (S3I(s)->handshake_buffer) {
                                        if (!tls1_digest_cached_records(s)) {
                                                ret = -1;
@@ -404,7 +404,7 @@ ssl3_accept(SSL *s)
                                ret = ssl3_send_certificate_request(s);
                                if (ret <= 0)
                                        goto end;
-                                s->state = SSL3_ST_SW_SRVR_DONE_A;
+                                s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
                                s->internal->init_num = 0;
                        }
                        break;
@@ -415,7 +415,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
-                        s->state = SSL3_ST_SW_FLUSH;
+                        s->internal->state = SSL3_ST_SW_FLUSH;
                        s->internal->init_num = 0;
                        break;
@@ -439,7 +439,7 @@ ssl3_accept(SSL *s)
                        }
                        s->internal->rwstate = SSL_NOTHING;
-                        s->state = S3I(s)->tmp.next_state;
+                        s->internal->state = S3I(s)->tmp.next_state;
                        break;
                case SSL3_ST_SR_CERT_A:
@@ -450,7 +450,7 @@ ssl3_accept(SSL *s)
                                        goto end;
                        }
                        s->internal->init_num = 0;
-                        s->state = SSL3_ST_SR_KEY_EXCH_A;
+                        s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
                        break;
                case SSL3_ST_SR_KEY_EXCH_A:
@@ -470,12 +470,12 @@ ssl3_accept(SSL *s)
                                 * for key exchange.
                                 */
                                if (S3I(s)->next_proto_neg_seen)
-                                        s->state = SSL3_ST_SR_NEXT_PROTO_A;
+                                        s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
                                else
-                                        s->state = SSL3_ST_SR_FINISHED_A;
+                                        s->internal->state = SSL3_ST_SR_FINISHED_A;
                                s->internal->init_num = 0;
                        } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
-                                s->state = SSL3_ST_SR_CERT_VRFY_A;
+                                s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
                                if (!s->session->peer)
                                        break;
@@ -498,7 +498,7 @@ ssl3_accept(SSL *s)
                                int offset = 0;
                                int dgst_num;
-                                s->state = SSL3_ST_SR_CERT_VRFY_A;
+                                s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
                                /*
@@ -544,9 +544,9 @@ ssl3_accept(SSL *s)
                                goto end;
                        if (S3I(s)->next_proto_neg_seen)
-                                s->state = SSL3_ST_SR_NEXT_PROTO_A;
+                                s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
                        else
-                                s->state = SSL3_ST_SR_FINISHED_A;
+                                s->internal->state = SSL3_ST_SR_FINISHED_A;
                        s->internal->init_num = 0;
                        break;
@@ -556,7 +556,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->internal->init_num = 0;
-                        s->state = SSL3_ST_SR_FINISHED_A;
+                        s->internal->state = SSL3_ST_SR_FINISHED_A;
                        break;
                case SSL3_ST_SR_FINISHED_A:
@@ -567,11 +567,11 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        if (s->internal->hit)
-                                s->state = SSL_ST_OK;
+                                s->internal->state = SSL_ST_OK;
                        else if (s->internal->tlsext_ticket_expected)
-                                s->state = SSL3_ST_SW_SESSION_TICKET_A;
+                                s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
                        else
-                                s->state = SSL3_ST_SW_CHANGE_A;
+                                s->internal->state = SSL3_ST_SW_CHANGE_A;
                        s->internal->init_num = 0;
                        break;
@@ -580,7 +580,7 @@ ssl3_accept(SSL *s)
                        ret = ssl3_send_newsession_ticket(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_SW_CHANGE_A;
+                        s->internal->state = SSL3_ST_SW_CHANGE_A;
                        s->internal->init_num = 0;
                        break;
@@ -589,7 +589,7 @@ ssl3_accept(SSL *s)
                        ret = ssl3_send_cert_status(s);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_SW_KEY_EXCH_A;
+                        s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
                        s->internal->init_num = 0;
                        break;
@@ -608,7 +608,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_SW_FINISHED_A;
+                        s->internal->state = SSL3_ST_SW_FINISHED_A;
                        s->internal->init_num = 0;
                        if (!s->method->ssl3_enc->change_cipher_state(
@@ -627,7 +627,7 @@ ssl3_accept(SSL *s)
                        s->method->ssl3_enc->server_finished_label_len);
                        if (ret <= 0)
                                goto end;
-                        s->state = SSL3_ST_SW_FLUSH;
+                        s->internal->state = SSL3_ST_SW_FLUSH;
                        if (s->internal->hit) {
                                if (S3I(s)->next_proto_neg_seen) {
                                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -687,11 +687,11 @@ ssl3_accept(SSL *s)
                        }
-                        if ((cb != NULL) && (s->state != state)) {
+                        if ((cb != NULL) && (s->internal->state != state)) {
-                                new_state = s->state;
+                                new_state = s->internal->state;
-                                s->state = state;
+                                s->internal->state = state;
                                cb(s, SSL_CB_ACCEPT_LOOP, 1);
-                                s->state = new_state;
+                                s->internal->state = new_state;
                        }
                }
                skip = 0;
@@ -708,11 +708,11 @@ end:
 int
 ssl3_send_hello_request(SSL *s)
 {
-        if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
+        if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {
                ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
                ssl3_handshake_msg_finish(s, 0);
-                s->state = SSL3_ST_SW_HELLO_REQ_B;
+                s->internal->state = SSL3_ST_SW_HELLO_REQ_B;
        }
        /* SSL3_ST_SW_HELLO_REQ_B */
@@ -738,8 +738,8 @@ ssl3_get_client_hello(SSL *s)
         * If we are SSLv3, we will respond with SSLv3, even if prompted with
         * TLSv1.
         */
-        if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
+        if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) {
-                s->state = SSL3_ST_SR_CLNT_HELLO_B;
+                s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
        }
        s->internal->first_packet = 1;
        n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
@@ -1099,7 +1099,7 @@ ssl3_send_server_hello(SSL *s)
        bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
-        if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
+        if (s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
                d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
                if (!CBB_init_fixed(&cbb, p, bufend - p))
@@ -1179,11 +1179,11 @@ ssl3_send_server_hello(SSL *s)
 int
 ssl3_send_server_done(SSL *s)
 {
-        if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
+        if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {
                ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
                ssl3_handshake_msg_finish(s, 0);
-                s->state = SSL3_ST_SW_SRVR_DONE_B;
+                s->internal->state = SSL3_ST_SW_SRVR_DONE_B;
        }
        /* SSL3_ST_SW_SRVR_DONE_B */
@@ -1487,7 +1487,7 @@ ssl3_send_server_key_exchange(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
        EVP_MD_CTX_init(&md_ctx);
-        if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
+        if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {
                type = S3I(s)->tmp.new_cipher->algorithm_mkey;
                cert = s->cert;
@@ -1621,7 +1621,7 @@ ssl3_send_server_key_exchange(SSL *s)
                ssl3_handshake_msg_finish(s, n);
        }
-        s->state = SSL3_ST_SW_KEY_EXCH_B;
+        s->internal->state = SSL3_ST_SW_KEY_EXCH_B;
        EVP_MD_CTX_cleanup(&md_ctx);
@@ -1646,7 +1646,7 @@ ssl3_send_certificate_request(SSL *s)
        X509_NAME *name;
        BUF_MEM *buf;
-        if (s->state == SSL3_ST_SW_CERT_REQ_A) {
+        if (s->internal->state == SSL3_ST_SW_CERT_REQ_A) {
                buf = s->internal->init_buf;
                d = p = ssl3_handshake_msg_start(s,
@@ -1699,7 +1699,7 @@ ssl3_send_certificate_request(SSL *s)
                ssl3_handshake_msg_finish(s, n);
-                s->state = SSL3_ST_SW_CERT_REQ_B;
+                s->internal->state = SSL3_ST_SW_CERT_REQ_B;
        }
        /* SSL3_ST_SW_CERT_REQ_B */
@@ -2640,7 +2640,7 @@ ssl3_send_server_certificate(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->state == SSL3_ST_SW_CERT_A) {
+        if (s->internal->state == SSL3_ST_SW_CERT_A) {
                if ((x = ssl_get_server_send_cert(s)) == NULL) {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
                            ERR_R_INTERNAL_ERROR);
@@ -2655,7 +2655,7 @@ ssl3_send_server_certificate(SSL *s)
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->state = SSL3_ST_SW_CERT_B;
+                s->internal->state = SSL3_ST_SW_CERT_B;
        }
        /* SSL3_ST_SW_CERT_B */
@@ -2683,7 +2683,7 @@ ssl3_send_newsession_ticket(SSL *s)
        unsigned char iv[EVP_MAX_IV_LENGTH];
        unsigned char key_name[16];
-        if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
+        if (s->internal->state == SSL3_ST_SW_SESSION_TICKET_A) {
                /* get session encoding length */
                slen_full = i2d_SSL_SESSION(s->session, NULL);
                /*
@@ -2796,7 +2796,7 @@ ssl3_send_newsession_ticket(SSL *s)
                ssl3_handshake_msg_finish(s, len);
-                s->state = SSL3_ST_SW_SESSION_TICKET_B;
+                s->internal->state = SSL3_ST_SW_SESSION_TICKET_B;
                explicit_bzero(senc, slen_full);
                free(senc);
@@ -2818,7 +2818,7 @@ ssl3_send_cert_status(SSL *s)
 {
        unsigned char *p;
-        if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
+        if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {
                /*
                 * Grow buffer if need be: the length calculation is as
                 * follows 1 (message type) + 3 (message length) +
@@ -2837,7 +2837,7 @@ ssl3_send_cert_status(SSL *s)
                ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4);
-                s->state = SSL3_ST_SW_CERT_STATUS_B;
+                s->internal->state = SSL3_ST_SW_CERT_STATUS_B;
        }
        /* SSL3_ST_SW_CERT_STATUS_B */
@@ -2873,7 +2873,7 @@ ssl3_get_next_proto(SSL *s)
                return ((int)n);
        /*
-         * s->state doesn't reflect whether ChangeCipherSpec has been received
+         * s->internal->state doesn't reflect whether ChangeCipherSpec has been received
         * in this handshake, but S3I(s)->change_cipher_spec does (will be reset
         * by ssl3_get_finished).
         */

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 31860eb049..fa958d96f8 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.147 2017/01/23 06:45:30 beck Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.148 2017/01/23 08:48:44 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -195,12 +195,12 @@ ssl3_accept(SSL *s)
195	}	195	}
196		196
197	for (;;) {	197	for (;;) {
198	state = s->state;	198	state = s->internal->state;
199		199
200	switch (s->state) {	200	switch (s->internal->state) {
201	case SSL_ST_RENEGOTIATE:	201	case SSL_ST_RENEGOTIATE:
202	s->internal->renegotiate = 1;	202	s->internal->renegotiate = 1;
203	/* s->state=SSL_ST_ACCEPT; */	203	/* s->internal->state=SSL_ST_ACCEPT; */
204		204
205	case SSL_ST_BEFORE:	205	case SSL_ST_BEFORE:
206	case SSL_ST_ACCEPT:	206	case SSL_ST_ACCEPT:
@@ -229,7 +229,7 @@ ssl3_accept(SSL *s)
229		229
230	s->internal->init_num = 0;	230	s->internal->init_num = 0;
231		231
232	if (s->state != SSL_ST_RENEGOTIATE) {	232	if (s->internal->state != SSL_ST_RENEGOTIATE) {
233	/*	233	/*
234	* Ok, we now need to push on a buffering BIO	234	* Ok, we now need to push on a buffering BIO
235	* so that the output is sent in a way that	235	* so that the output is sent in a way that
@@ -245,7 +245,7 @@ ssl3_accept(SSL *s)
245	goto end;	245	goto end;
246	}	246	}
247		247
248	s->state = SSL3_ST_SR_CLNT_HELLO_A;	248	s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
249	s->ctx->internal->stats.sess_accept++;	249	s->ctx->internal->stats.sess_accept++;
250	} else if (!S3I(s)->send_connection_binding) {	250	} else if (!S3I(s)->send_connection_binding) {
251	/*	251	/*
@@ -261,11 +261,11 @@ ssl3_accept(SSL *s)
261	goto end;	261	goto end;
262	} else {	262	} else {
263	/*	263	/*
264	* s->state == SSL_ST_RENEGOTIATE,	264	* s->internal->state == SSL_ST_RENEGOTIATE,
265	* we will just send a HelloRequest	265	* we will just send a HelloRequest
266	*/	266	*/
267	s->ctx->internal->stats.sess_accept_renegotiate++;	267	s->ctx->internal->stats.sess_accept_renegotiate++;
268	s->state = SSL3_ST_SW_HELLO_REQ_A;	268	s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
269	}	269	}
270	break;	270	break;
271		271
@@ -277,7 +277,7 @@ ssl3_accept(SSL *s)
277	if (ret <= 0)	277	if (ret <= 0)
278	goto end;	278	goto end;
279	S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;	279	S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
280	s->state = SSL3_ST_SW_FLUSH;	280	s->internal->state = SSL3_ST_SW_FLUSH;
281	s->internal->init_num = 0;	281	s->internal->init_num = 0;
282		282
283	if (!tls1_init_finished_mac(s)) {	283	if (!tls1_init_finished_mac(s)) {
@@ -287,7 +287,7 @@ ssl3_accept(SSL *s)
287	break;	287	break;
288		288
289	case SSL3_ST_SW_HELLO_REQ_C:	289	case SSL3_ST_SW_HELLO_REQ_C:
290	s->state = SSL_ST_OK;	290	s->internal->state = SSL_ST_OK;
291	break;	291	break;
292		292
293	case SSL3_ST_SR_CLNT_HELLO_A:	293	case SSL3_ST_SR_CLNT_HELLO_A:
@@ -302,7 +302,7 @@ ssl3_accept(SSL *s)
302	}	302	}
303		303
304	s->internal->renegotiate = 2;	304	s->internal->renegotiate = 2;
305	s->state = SSL3_ST_SW_SRVR_HELLO_A;	305	s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;
306	s->internal->init_num = 0;	306	s->internal->init_num = 0;
307	break;	307	break;
308		308
@@ -313,12 +313,12 @@ ssl3_accept(SSL *s)
313	goto end;	313	goto end;
314	if (s->internal->hit) {	314	if (s->internal->hit) {
315	if (s->internal->tlsext_ticket_expected)	315	if (s->internal->tlsext_ticket_expected)
316	s->state = SSL3_ST_SW_SESSION_TICKET_A;	316	s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
317	else	317	else
318	s->state = SSL3_ST_SW_CHANGE_A;	318	s->internal->state = SSL3_ST_SW_CHANGE_A;
319	}	319	}
320	else	320	else
321	s->state = SSL3_ST_SW_CERT_A;	321	s->internal->state = SSL3_ST_SW_CERT_A;
322	s->internal->init_num = 0;	322	s->internal->init_num = 0;
323	break;	323	break;
324		324
@@ -331,12 +331,12 @@ ssl3_accept(SSL *s)
331	if (ret <= 0)	331	if (ret <= 0)
332	goto end;	332	goto end;
333	if (s->internal->tlsext_status_expected)	333	if (s->internal->tlsext_status_expected)
334	s->state = SSL3_ST_SW_CERT_STATUS_A;	334	s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
335	else	335	else
336	s->state = SSL3_ST_SW_KEY_EXCH_A;	336	s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
337	} else {	337	} else {
338	skip = 1;	338	skip = 1;
339	s->state = SSL3_ST_SW_KEY_EXCH_A;	339	s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
340	}	340	}
341	s->internal->init_num = 0;	341	s->internal->init_num = 0;
342	break;	342	break;
@@ -360,7 +360,7 @@ ssl3_accept(SSL *s)
360	} else	360	} else
361	skip = 1;	361	skip = 1;
362		362
363	s->state = SSL3_ST_SW_CERT_REQ_A;	363	s->internal->state = SSL3_ST_SW_CERT_REQ_A;
364	s->internal->init_num = 0;	364	s->internal->init_num = 0;
365	break;	365	break;
366		366
@@ -392,7 +392,7 @@ ssl3_accept(SSL *s)
392	/* No cert request */	392	/* No cert request */
393	skip = 1;	393	skip = 1;
394	S3I(s)->tmp.cert_request = 0;	394	S3I(s)->tmp.cert_request = 0;
395	s->state = SSL3_ST_SW_SRVR_DONE_A;	395	s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
396	if (S3I(s)->handshake_buffer) {	396	if (S3I(s)->handshake_buffer) {
397	if (!tls1_digest_cached_records(s)) {	397	if (!tls1_digest_cached_records(s)) {
398	ret = -1;	398	ret = -1;
@@ -404,7 +404,7 @@ ssl3_accept(SSL *s)
404	ret = ssl3_send_certificate_request(s);	404	ret = ssl3_send_certificate_request(s);
405	if (ret <= 0)	405	if (ret <= 0)
406	goto end;	406	goto end;
407	s->state = SSL3_ST_SW_SRVR_DONE_A;	407	s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
408	s->internal->init_num = 0;	408	s->internal->init_num = 0;
409	}	409	}
410	break;	410	break;
@@ -415,7 +415,7 @@ ssl3_accept(SSL *s)
415	if (ret <= 0)	415	if (ret <= 0)
416	goto end;	416	goto end;
417	S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;	417	S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
418	s->state = SSL3_ST_SW_FLUSH;	418	s->internal->state = SSL3_ST_SW_FLUSH;
419	s->internal->init_num = 0;	419	s->internal->init_num = 0;
420	break;	420	break;
421		421
@@ -439,7 +439,7 @@ ssl3_accept(SSL *s)
439	}	439	}
440	s->internal->rwstate = SSL_NOTHING;	440	s->internal->rwstate = SSL_NOTHING;
441		441
442	s->state = S3I(s)->tmp.next_state;	442	s->internal->state = S3I(s)->tmp.next_state;
443	break;	443	break;
444		444
445	case SSL3_ST_SR_CERT_A:	445	case SSL3_ST_SR_CERT_A:
@@ -450,7 +450,7 @@ ssl3_accept(SSL *s)
450	goto end;	450	goto end;
451	}	451	}
452	s->internal->init_num = 0;	452	s->internal->init_num = 0;
453	s->state = SSL3_ST_SR_KEY_EXCH_A;	453	s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
454	break;	454	break;
455		455
456	case SSL3_ST_SR_KEY_EXCH_A:	456	case SSL3_ST_SR_KEY_EXCH_A:
@@ -470,12 +470,12 @@ ssl3_accept(SSL *s)
470	* for key exchange.	470	* for key exchange.
471	*/	471	*/
472	if (S3I(s)->next_proto_neg_seen)	472	if (S3I(s)->next_proto_neg_seen)
473	s->state = SSL3_ST_SR_NEXT_PROTO_A;	473	s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
474	else	474	else
475	s->state = SSL3_ST_SR_FINISHED_A;	475	s->internal->state = SSL3_ST_SR_FINISHED_A;
476	s->internal->init_num = 0;	476	s->internal->init_num = 0;
477	} else if (SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) {	477	} else if (SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) {
478	s->state = SSL3_ST_SR_CERT_VRFY_A;	478	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
479	s->internal->init_num = 0;	479	s->internal->init_num = 0;
480	if (!s->session->peer)	480	if (!s->session->peer)
481	break;	481	break;
@@ -498,7 +498,7 @@ ssl3_accept(SSL *s)
498	int offset = 0;	498	int offset = 0;
499	int dgst_num;	499	int dgst_num;
500		500
501	s->state = SSL3_ST_SR_CERT_VRFY_A;	501	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
502	s->internal->init_num = 0;	502	s->internal->init_num = 0;
503		503
504	/*	504	/*
@@ -544,9 +544,9 @@ ssl3_accept(SSL *s)
544	goto end;	544	goto end;
545		545
546	if (S3I(s)->next_proto_neg_seen)	546	if (S3I(s)->next_proto_neg_seen)
547	s->state = SSL3_ST_SR_NEXT_PROTO_A;	547	s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
548	else	548	else
549	s->state = SSL3_ST_SR_FINISHED_A;	549	s->internal->state = SSL3_ST_SR_FINISHED_A;
550	s->internal->init_num = 0;	550	s->internal->init_num = 0;
551	break;	551	break;
552		552
@@ -556,7 +556,7 @@ ssl3_accept(SSL *s)
556	if (ret <= 0)	556	if (ret <= 0)
557	goto end;	557	goto end;
558	s->internal->init_num = 0;	558	s->internal->init_num = 0;
559	s->state = SSL3_ST_SR_FINISHED_A;	559	s->internal->state = SSL3_ST_SR_FINISHED_A;
560	break;	560	break;
561		561
562	case SSL3_ST_SR_FINISHED_A:	562	case SSL3_ST_SR_FINISHED_A:
@@ -567,11 +567,11 @@ ssl3_accept(SSL *s)
567	if (ret <= 0)	567	if (ret <= 0)
568	goto end;	568	goto end;
569	if (s->internal->hit)	569	if (s->internal->hit)
570	s->state = SSL_ST_OK;	570	s->internal->state = SSL_ST_OK;
571	else if (s->internal->tlsext_ticket_expected)	571	else if (s->internal->tlsext_ticket_expected)
572	s->state = SSL3_ST_SW_SESSION_TICKET_A;	572	s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
573	else	573	else
574	s->state = SSL3_ST_SW_CHANGE_A;	574	s->internal->state = SSL3_ST_SW_CHANGE_A;
575	s->internal->init_num = 0;	575	s->internal->init_num = 0;
576	break;	576	break;
577		577
@@ -580,7 +580,7 @@ ssl3_accept(SSL *s)
580	ret = ssl3_send_newsession_ticket(s);	580	ret = ssl3_send_newsession_ticket(s);
581	if (ret <= 0)	581	if (ret <= 0)
582	goto end;	582	goto end;
583	s->state = SSL3_ST_SW_CHANGE_A;	583	s->internal->state = SSL3_ST_SW_CHANGE_A;
584	s->internal->init_num = 0;	584	s->internal->init_num = 0;
585	break;	585	break;
586		586
@@ -589,7 +589,7 @@ ssl3_accept(SSL *s)
589	ret = ssl3_send_cert_status(s);	589	ret = ssl3_send_cert_status(s);
590	if (ret <= 0)	590	if (ret <= 0)
591	goto end;	591	goto end;
592	s->state = SSL3_ST_SW_KEY_EXCH_A;	592	s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
593	s->internal->init_num = 0;	593	s->internal->init_num = 0;
594	break;	594	break;
595		595
@@ -608,7 +608,7 @@ ssl3_accept(SSL *s)
608		608
609	if (ret <= 0)	609	if (ret <= 0)
610	goto end;	610	goto end;
611	s->state = SSL3_ST_SW_FINISHED_A;	611	s->internal->state = SSL3_ST_SW_FINISHED_A;
612	s->internal->init_num = 0;	612	s->internal->init_num = 0;
613		613
614	if (!s->method->ssl3_enc->change_cipher_state(	614	if (!s->method->ssl3_enc->change_cipher_state(
@@ -627,7 +627,7 @@ ssl3_accept(SSL *s)
627	s->method->ssl3_enc->server_finished_label_len);	627	s->method->ssl3_enc->server_finished_label_len);
628	if (ret <= 0)	628	if (ret <= 0)
629	goto end;	629	goto end;
630	s->state = SSL3_ST_SW_FLUSH;	630	s->internal->state = SSL3_ST_SW_FLUSH;
631	if (s->internal->hit) {	631	if (s->internal->hit) {
632	if (S3I(s)->next_proto_neg_seen) {	632	if (S3I(s)->next_proto_neg_seen) {
633	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	633	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
@@ -687,11 +687,11 @@ ssl3_accept(SSL *s)
687	}	687	}
688		688
689		689
690	if ((cb != NULL) && (s->state != state)) {	690	if ((cb != NULL) && (s->internal->state != state)) {
691	new_state = s->state;	691	new_state = s->internal->state;
692	s->state = state;	692	s->internal->state = state;
693	cb(s, SSL_CB_ACCEPT_LOOP, 1);	693	cb(s, SSL_CB_ACCEPT_LOOP, 1);
694	s->state = new_state;	694	s->internal->state = new_state;
695	}	695	}
696	}	696	}
697	skip = 0;	697	skip = 0;
@@ -708,11 +708,11 @@ end:
708	int	708	int
709	ssl3_send_hello_request(SSL *s)	709	ssl3_send_hello_request(SSL *s)
710	{	710	{
711	if (s->state == SSL3_ST_SW_HELLO_REQ_A) {	711	if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {
712	ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);	712	ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
713	ssl3_handshake_msg_finish(s, 0);	713	ssl3_handshake_msg_finish(s, 0);
714		714
715	s->state = SSL3_ST_SW_HELLO_REQ_B;	715	s->internal->state = SSL3_ST_SW_HELLO_REQ_B;
716	}	716	}
717		717
718	/* SSL3_ST_SW_HELLO_REQ_B */	718	/* SSL3_ST_SW_HELLO_REQ_B */
@@ -738,8 +738,8 @@ ssl3_get_client_hello(SSL *s)
738	* If we are SSLv3, we will respond with SSLv3, even if prompted with	738	* If we are SSLv3, we will respond with SSLv3, even if prompted with
739	* TLSv1.	739	* TLSv1.
740	*/	740	*/
741	if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {	741	if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) {
742	s->state = SSL3_ST_SR_CLNT_HELLO_B;	742	s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
743	}	743	}
744	s->internal->first_packet = 1;	744	s->internal->first_packet = 1;
745	n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,	745	n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
@@ -1099,7 +1099,7 @@ ssl3_send_server_hello(SSL *s)
1099		1099
1100	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;	1100	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
1101		1101
1102	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {	1102	if (s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
1103	d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);	1103	d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
1104		1104
1105	if (!CBB_init_fixed(&cbb, p, bufend - p))	1105	if (!CBB_init_fixed(&cbb, p, bufend - p))
@@ -1179,11 +1179,11 @@ ssl3_send_server_hello(SSL *s)
1179	int	1179	int
1180	ssl3_send_server_done(SSL *s)	1180	ssl3_send_server_done(SSL *s)
1181	{	1181	{
1182	if (s->state == SSL3_ST_SW_SRVR_DONE_A) {	1182	if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {
1183	ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);	1183	ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
1184	ssl3_handshake_msg_finish(s, 0);	1184	ssl3_handshake_msg_finish(s, 0);
1185		1185
1186	s->state = SSL3_ST_SW_SRVR_DONE_B;	1186	s->internal->state = SSL3_ST_SW_SRVR_DONE_B;
1187	}	1187	}
1188		1188
1189	/* SSL3_ST_SW_SRVR_DONE_B */	1189	/* SSL3_ST_SW_SRVR_DONE_B */
@@ -1487,7 +1487,7 @@ ssl3_send_server_key_exchange(SSL *s)
1487	memset(&cbb, 0, sizeof(cbb));	1487	memset(&cbb, 0, sizeof(cbb));
1488		1488
1489	EVP_MD_CTX_init(&md_ctx);	1489	EVP_MD_CTX_init(&md_ctx);
1490	if (s->state == SSL3_ST_SW_KEY_EXCH_A) {	1490	if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {
1491	type = S3I(s)->tmp.new_cipher->algorithm_mkey;	1491	type = S3I(s)->tmp.new_cipher->algorithm_mkey;
1492	cert = s->cert;	1492	cert = s->cert;
1493		1493
@@ -1621,7 +1621,7 @@ ssl3_send_server_key_exchange(SSL *s)
1621	ssl3_handshake_msg_finish(s, n);	1621	ssl3_handshake_msg_finish(s, n);
1622	}	1622	}
1623		1623
1624	s->state = SSL3_ST_SW_KEY_EXCH_B;	1624	s->internal->state = SSL3_ST_SW_KEY_EXCH_B;
1625		1625
1626	EVP_MD_CTX_cleanup(&md_ctx);	1626	EVP_MD_CTX_cleanup(&md_ctx);
1627		1627
@@ -1646,7 +1646,7 @@ ssl3_send_certificate_request(SSL *s)
1646	X509_NAME *name;	1646	X509_NAME *name;
1647	BUF_MEM *buf;	1647	BUF_MEM *buf;
1648		1648
1649	if (s->state == SSL3_ST_SW_CERT_REQ_A) {	1649	if (s->internal->state == SSL3_ST_SW_CERT_REQ_A) {
1650	buf = s->internal->init_buf;	1650	buf = s->internal->init_buf;
1651		1651
1652	d = p = ssl3_handshake_msg_start(s,	1652	d = p = ssl3_handshake_msg_start(s,
@@ -1699,7 +1699,7 @@ ssl3_send_certificate_request(SSL *s)
1699		1699
1700	ssl3_handshake_msg_finish(s, n);	1700	ssl3_handshake_msg_finish(s, n);
1701		1701
1702	s->state = SSL3_ST_SW_CERT_REQ_B;	1702	s->internal->state = SSL3_ST_SW_CERT_REQ_B;
1703	}	1703	}
1704		1704
1705	/* SSL3_ST_SW_CERT_REQ_B */	1705	/* SSL3_ST_SW_CERT_REQ_B */
@@ -2640,7 +2640,7 @@ ssl3_send_server_certificate(SSL *s)
2640		2640
2641	memset(&cbb, 0, sizeof(cbb));	2641	memset(&cbb, 0, sizeof(cbb));
2642		2642
2643	if (s->state == SSL3_ST_SW_CERT_A) {	2643	if (s->internal->state == SSL3_ST_SW_CERT_A) {
2644	if ((x = ssl_get_server_send_cert(s)) == NULL) {	2644	if ((x = ssl_get_server_send_cert(s)) == NULL) {
2645	SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,	2645	SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
2646	ERR_R_INTERNAL_ERROR);	2646	ERR_R_INTERNAL_ERROR);
@@ -2655,7 +2655,7 @@ ssl3_send_server_certificate(SSL *s)
2655	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	2655	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2656	goto err;	2656	goto err;
2657		2657
2658	s->state = SSL3_ST_SW_CERT_B;	2658	s->internal->state = SSL3_ST_SW_CERT_B;
2659	}	2659	}
2660		2660
2661	/* SSL3_ST_SW_CERT_B */	2661	/* SSL3_ST_SW_CERT_B */
@@ -2683,7 +2683,7 @@ ssl3_send_newsession_ticket(SSL *s)
2683	unsigned char iv[EVP_MAX_IV_LENGTH];	2683	unsigned char iv[EVP_MAX_IV_LENGTH];
2684	unsigned char key_name[16];	2684	unsigned char key_name[16];
2685		2685
2686	if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {	2686	if (s->internal->state == SSL3_ST_SW_SESSION_TICKET_A) {
2687	/* get session encoding length */	2687	/* get session encoding length */
2688	slen_full = i2d_SSL_SESSION(s->session, NULL);	2688	slen_full = i2d_SSL_SESSION(s->session, NULL);
2689	/*	2689	/*
@@ -2796,7 +2796,7 @@ ssl3_send_newsession_ticket(SSL *s)
2796		2796
2797	ssl3_handshake_msg_finish(s, len);	2797	ssl3_handshake_msg_finish(s, len);
2798		2798
2799	s->state = SSL3_ST_SW_SESSION_TICKET_B;	2799	s->internal->state = SSL3_ST_SW_SESSION_TICKET_B;
2800		2800
2801	explicit_bzero(senc, slen_full);	2801	explicit_bzero(senc, slen_full);
2802	free(senc);	2802	free(senc);
@@ -2818,7 +2818,7 @@ ssl3_send_cert_status(SSL *s)
2818	{	2818	{
2819	unsigned char *p;	2819	unsigned char *p;
2820		2820
2821	if (s->state == SSL3_ST_SW_CERT_STATUS_A) {	2821	if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {
2822	/*	2822	/*
2823	* Grow buffer if need be: the length calculation is as	2823	* Grow buffer if need be: the length calculation is as
2824	* follows 1 (message type) + 3 (message length) +	2824	* follows 1 (message type) + 3 (message length) +
@@ -2837,7 +2837,7 @@ ssl3_send_cert_status(SSL *s)
2837		2837
2838	ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4);	2838	ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4);
2839		2839
2840	s->state = SSL3_ST_SW_CERT_STATUS_B;	2840	s->internal->state = SSL3_ST_SW_CERT_STATUS_B;
2841	}	2841	}
2842		2842
2843	/* SSL3_ST_SW_CERT_STATUS_B */	2843	/* SSL3_ST_SW_CERT_STATUS_B */
@@ -2873,7 +2873,7 @@ ssl3_get_next_proto(SSL *s)
2873	return ((int)n);	2873	return ((int)n);
2874		2874
2875	/*	2875	/*
2876	* s->state doesn't reflect whether ChangeCipherSpec has been received	2876	* s->internal->state doesn't reflect whether ChangeCipherSpec has been received
2877	* in this handshake, but S3I(s)->change_cipher_spec does (will be reset	2877	* in this handshake, but S3I(s)->change_cipher_spec does (will be reset
2878	* by ssl3_get_finished).	2878	* by ssl3_get_finished).
2879	*/	2879	*/