1 files changed, 53 insertions, 53 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index f6ca3e7f3c..a1745143f0 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.13 2017/05/06 22:24:57 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -193,12 +193,12 @@ ssl3_connect(SSL *s)
                SSL_clear(s);
        for (;;) {
-                state = s->internal->state;
+                state = S3I(s)->hs.state;
-                switch (s->internal->state) {
+                switch (S3I(s)->hs.state) {
                case SSL_ST_RENEGOTIATE:
                        s->internal->renegotiate = 1;
-                        s->internal->state = SSL_ST_CONNECT;
+                        S3I(s)->hs.state = SSL_ST_CONNECT;
                        s->ctx->internal->stats.sess_connect_renegotiate++;
                        /* break */
                case SSL_ST_BEFORE:
@@ -239,7 +239,7 @@ ssl3_connect(SSL *s)
                                goto end;
                        }
-                        s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
+                        S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
                        s->ctx->internal->stats.sess_connect++;
                        s->internal->init_num = 0;
                        break;
@@ -251,7 +251,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_client_hello(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
+                        S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
                        s->internal->init_num = 0;
                        /* turn on buffering for the next lot of output */
@@ -267,13 +267,13 @@ ssl3_connect(SSL *s)
                                goto end;
                        if (s->internal->hit) {
-                                s->internal->state = SSL3_ST_CR_FINISHED_A;
+                                S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
                                if (s->internal->tlsext_ticket_expected) {
                                        /* receive renewed session ticket */
-                                        s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
+                                        S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
                                }
                        } else
-                                s->internal->state = SSL3_ST_CR_CERT_A;
+                                S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
                        s->internal->init_num = 0;
                        break;
@@ -285,9 +285,9 @@ ssl3_connect(SSL *s)
                        if (ret == 2) {
                                s->internal->hit = 1;
                                if (s->internal->tlsext_ticket_expected)
-                                        s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
+                                        S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
                                else
-                                        s->internal->state = SSL3_ST_CR_FINISHED_A;
+                                        S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
                                s->internal->init_num = 0;
                                break;
                        }
@@ -298,12 +298,12 @@ ssl3_connect(SSL *s)
                                if (ret <= 0)
                                        goto end;
                                if (s->internal->tlsext_status_expected)
-                                        s->internal->state = SSL3_ST_CR_CERT_STATUS_A;
+                                        S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A;
                                else
-                                        s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
+                                        S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
                        } else {
                                skip = 1;
-                                s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
+                                S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
                        }
                        s->internal->init_num = 0;
                        break;
@@ -313,7 +313,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_server_key_exchange(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_CR_CERT_REQ_A;
+                        S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A;
                        s->internal->init_num = 0;
                        /*
@@ -331,7 +331,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_certificate_request(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_CR_SRVR_DONE_A;
+                        S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A;
                        s->internal->init_num = 0;
                        break;
@@ -341,9 +341,9 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        if (S3I(s)->tmp.cert_req)
-                                s->internal->state = SSL3_ST_CW_CERT_A;
+                                S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
                        else
-                                s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
+                                S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
                        s->internal->init_num = 0;
                        break;
@@ -355,7 +355,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_send_client_certificate(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
+                        S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
                        s->internal->init_num = 0;
                        break;
@@ -381,13 +381,13 @@ ssl3_connect(SSL *s)
                         * inside the client certificate.
                         */
                        if (S3I(s)->tmp.cert_req == 1) {
-                                s->internal->state = SSL3_ST_CW_CERT_VRFY_A;
+                                S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A;
                        } else {
-                                s->internal->state = SSL3_ST_CW_CHANGE_A;
+                                S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
                                S3I(s)->change_cipher_spec = 0;
                        }
                        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-                                s->internal->state = SSL3_ST_CW_CHANGE_A;
+                                S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
                                S3I(s)->change_cipher_spec = 0;
                        }
@@ -399,7 +399,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_send_client_verify(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_CW_CHANGE_A;
+                        S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
                        s->internal->init_num = 0;
                        S3I(s)->change_cipher_spec = 0;
                        break;
@@ -412,9 +412,9 @@ ssl3_connect(SSL *s)
                                goto end;
                        if (S3I(s)->next_proto_neg_seen)
-                                s->internal->state = SSL3_ST_CW_NEXT_PROTO_A;
+                                S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_A;
                        else
-                                s->internal->state = SSL3_ST_CW_FINISHED_A;
+                                S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
                        s->internal->init_num = 0;
                        s->session->cipher = S3I(s)->hs.new_cipher;
@@ -436,7 +436,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_send_next_proto(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_CW_FINISHED_A;
+                        S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
                        break;
                case SSL3_ST_CW_FINISHED_A:
@@ -448,7 +448,7 @@ ssl3_connect(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
-                        s->internal->state = SSL3_ST_CW_FLUSH;
+                        S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
                        /* clear flags */
                        s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
@@ -456,7 +456,7 @@ ssl3_connect(SSL *s)
                                S3I(s)->hs.next_state = SSL_ST_OK;
                                if (s->s3->flags &
                                    SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
-                                        s->internal->state = SSL_ST_OK;
+                                        S3I(s)->hs.state = SSL_ST_OK;
                                        s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
                                        S3I(s)->delay_buf_pop_ret = 0;
                                }
@@ -477,7 +477,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_new_session_ticket(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_CR_FINISHED_A;
+                        S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
                        s->internal->init_num = 0;
                        break;
@@ -486,7 +486,7 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_cert_status(s);
                        if (ret <= 0)
                                goto end;
-                        s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
+                        S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
                        s->internal->init_num = 0;
                        break;
@@ -499,9 +499,9 @@ ssl3_connect(SSL *s)
                                goto end;
                        if (s->internal->hit)
-                                s->internal->state = SSL3_ST_CW_CHANGE_A;
+                                S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
                        else
-                                s->internal->state = SSL_ST_OK;
+                                S3I(s)->hs.state = SSL_ST_OK;
                        s->internal->init_num = 0;
                        break;
@@ -512,7 +512,7 @@ ssl3_connect(SSL *s)
                                goto end;
                        }
                        s->internal->rwstate = SSL_NOTHING;
-                        s->internal->state = S3I(s)->hs.next_state;
+                        S3I(s)->hs.state = S3I(s)->hs.next_state;
                        break;
                case SSL_ST_OK:
@@ -563,11 +563,11 @@ ssl3_connect(SSL *s)
                                        goto end;
                        }
-                        if ((cb != NULL) && (s->internal->state != state)) {
+                        if ((cb != NULL) && (S3I(s)->hs.state != state)) {
-                                new_state = s->internal->state;
+                                new_state = S3I(s)->hs.state;
-                                s->internal->state = state;
+                                S3I(s)->hs.state = state;
                                cb(s, SSL_CB_CONNECT_LOOP, 1);
-                                s->internal->state = new_state;
+                                S3I(s)->hs.state = new_state;
                        }
                }
                skip = 0;
@@ -591,7 +591,7 @@ ssl3_client_hello(SSL *s)
        bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
-        if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) {
+        if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
                if (ssl_supported_version_range(s, NULL, &max_version) != 1) {
@@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s)
                ssl3_handshake_msg_finish(s, p - d);
-                s->internal->state = SSL3_ST_CW_CLNT_HELLO_B;
+                S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
        }
        /* SSL3_ST_CW_CLNT_HELLO_B */
@@ -2273,7 +2273,7 @@ ssl3_send_client_key_exchange(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) {
+        if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
                alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
                if ((sess_cert = SSI(s)->sess_cert) == NULL) {
@@ -2309,7 +2309,7 @@ ssl3_send_client_key_exchange(SSL *s)
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->internal->state = SSL3_ST_CW_KEY_EXCH_B;
+                S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B;
        }
        /* SSL3_ST_CW_KEY_EXCH_B */
@@ -2335,7 +2335,7 @@ ssl3_send_client_verify(SSL *s)
        EVP_MD_CTX_init(&mctx);
-        if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) {
+        if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
                p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
                /*
@@ -2459,7 +2459,7 @@ ssl3_send_client_verify(SSL *s)
                        goto err;
                }
-                s->internal->state = SSL3_ST_CW_CERT_VRFY_B;
+                S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B;
                ssl3_handshake_msg_finish(s, n);
        }
@@ -2485,16 +2485,16 @@ ssl3_send_client_certificate(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->internal->state == SSL3_ST_CW_CERT_A) {
+        if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) {
                if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
                    (s->cert->key->privatekey == NULL))
-                        s->internal->state = SSL3_ST_CW_CERT_B;
+                        S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
                else
-                        s->internal->state = SSL3_ST_CW_CERT_C;
+                        S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
        }
        /* We need to get a client cert */
-        if (s->internal->state == SSL3_ST_CW_CERT_B) {
+        if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) {
                /*
                 * If we get an error, we need to
                 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
@@ -2507,7 +2507,7 @@ ssl3_send_client_certificate(SSL *s)
                }
                s->internal->rwstate = SSL_NOTHING;
                if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-                        s->internal->state = SSL3_ST_CW_CERT_B;
+                        S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
                        if (!SSL_use_certificate(s, x509) ||
                            !SSL_use_PrivateKey(s, pkey))
                                i = 0;
@@ -2522,10 +2522,10 @@ ssl3_send_client_certificate(SSL *s)
                        S3I(s)->tmp.cert_req = 2;
                /* Ok, we have a cert */
-                s->internal->state = SSL3_ST_CW_CERT_C;
+                S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
        }
-        if (s->internal->state == SSL3_ST_CW_CERT_C) {
+        if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) {
                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,
                    SSL3_MT_CERTIFICATE))
                        goto err;
@@ -2535,7 +2535,7 @@ ssl3_send_client_certificate(SSL *s)
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->internal->state = SSL3_ST_CW_CERT_D;
+                S3I(s)->hs.state = SSL3_ST_CW_CERT_D;
        }
        /* SSL3_ST_CW_CERT_D */
@@ -2625,7 +2625,7 @@ ssl3_send_next_proto(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
-        if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) {
+        if (S3I(s)->hs.state == SSL3_ST_CW_NEXT_PROTO_A) {
                pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32);
                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto,
@@ -2644,7 +2644,7 @@ ssl3_send_next_proto(SSL *s)
                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
                        goto err;
-                s->internal->state = SSL3_ST_CW_NEXT_PROTO_B;
+                S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_B;
        }
        return (ssl3_handshake_write(s));

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index f6ca3e7f3c..a1745143f0 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.13 2017/05/06 22:24:57 beck Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -193,12 +193,12 @@ ssl3_connect(SSL *s)
193	SSL_clear(s);	193	SSL_clear(s);
194		194
195	for (;;) {	195	for (;;) {
196	state = s->internal->state;	196	state = S3I(s)->hs.state;
197		197
198	switch (s->internal->state) {	198	switch (S3I(s)->hs.state) {
199	case SSL_ST_RENEGOTIATE:	199	case SSL_ST_RENEGOTIATE:
200	s->internal->renegotiate = 1;	200	s->internal->renegotiate = 1;
201	s->internal->state = SSL_ST_CONNECT;	201	S3I(s)->hs.state = SSL_ST_CONNECT;
202	s->ctx->internal->stats.sess_connect_renegotiate++;	202	s->ctx->internal->stats.sess_connect_renegotiate++;
203	/* break */	203	/* break */
204	case SSL_ST_BEFORE:	204	case SSL_ST_BEFORE:
@@ -239,7 +239,7 @@ ssl3_connect(SSL *s)
239	goto end;	239	goto end;
240	}	240	}
241		241
242	s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;	242	S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
243	s->ctx->internal->stats.sess_connect++;	243	s->ctx->internal->stats.sess_connect++;
244	s->internal->init_num = 0;	244	s->internal->init_num = 0;
245	break;	245	break;
@@ -251,7 +251,7 @@ ssl3_connect(SSL *s)
251	ret = ssl3_client_hello(s);	251	ret = ssl3_client_hello(s);
252	if (ret <= 0)	252	if (ret <= 0)
253	goto end;	253	goto end;
254	s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;	254	S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
255	s->internal->init_num = 0;	255	s->internal->init_num = 0;
256		256
257	/* turn on buffering for the next lot of output */	257	/* turn on buffering for the next lot of output */
@@ -267,13 +267,13 @@ ssl3_connect(SSL *s)
267	goto end;	267	goto end;
268		268
269	if (s->internal->hit) {	269	if (s->internal->hit) {
270	s->internal->state = SSL3_ST_CR_FINISHED_A;	270	S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
271	if (s->internal->tlsext_ticket_expected) {	271	if (s->internal->tlsext_ticket_expected) {
272	/* receive renewed session ticket */	272	/* receive renewed session ticket */
273	s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;	273	S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
274	}	274	}
275	} else	275	} else
276	s->internal->state = SSL3_ST_CR_CERT_A;	276	S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
277	s->internal->init_num = 0;	277	s->internal->init_num = 0;
278	break;	278	break;
279		279
@@ -285,9 +285,9 @@ ssl3_connect(SSL *s)
285	if (ret == 2) {	285	if (ret == 2) {
286	s->internal->hit = 1;	286	s->internal->hit = 1;
287	if (s->internal->tlsext_ticket_expected)	287	if (s->internal->tlsext_ticket_expected)
288	s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;	288	S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
289	else	289	else
290	s->internal->state = SSL3_ST_CR_FINISHED_A;	290	S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
291	s->internal->init_num = 0;	291	s->internal->init_num = 0;
292	break;	292	break;
293	}	293	}
@@ -298,12 +298,12 @@ ssl3_connect(SSL *s)
298	if (ret <= 0)	298	if (ret <= 0)
299	goto end;	299	goto end;
300	if (s->internal->tlsext_status_expected)	300	if (s->internal->tlsext_status_expected)
301	s->internal->state = SSL3_ST_CR_CERT_STATUS_A;	301	S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A;
302	else	302	else
303	s->internal->state = SSL3_ST_CR_KEY_EXCH_A;	303	S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
304	} else {	304	} else {
305	skip = 1;	305	skip = 1;
306	s->internal->state = SSL3_ST_CR_KEY_EXCH_A;	306	S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
307	}	307	}
308	s->internal->init_num = 0;	308	s->internal->init_num = 0;
309	break;	309	break;
@@ -313,7 +313,7 @@ ssl3_connect(SSL *s)
313	ret = ssl3_get_server_key_exchange(s);	313	ret = ssl3_get_server_key_exchange(s);
314	if (ret <= 0)	314	if (ret <= 0)
315	goto end;	315	goto end;
316	s->internal->state = SSL3_ST_CR_CERT_REQ_A;	316	S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A;
317	s->internal->init_num = 0;	317	s->internal->init_num = 0;
318		318
319	/*	319	/*
@@ -331,7 +331,7 @@ ssl3_connect(SSL *s)
331	ret = ssl3_get_certificate_request(s);	331	ret = ssl3_get_certificate_request(s);
332	if (ret <= 0)	332	if (ret <= 0)
333	goto end;	333	goto end;
334	s->internal->state = SSL3_ST_CR_SRVR_DONE_A;	334	S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A;
335	s->internal->init_num = 0;	335	s->internal->init_num = 0;
336	break;	336	break;
337		337
@@ -341,9 +341,9 @@ ssl3_connect(SSL *s)
341	if (ret <= 0)	341	if (ret <= 0)
342	goto end;	342	goto end;
343	if (S3I(s)->tmp.cert_req)	343	if (S3I(s)->tmp.cert_req)
344	s->internal->state = SSL3_ST_CW_CERT_A;	344	S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
345	else	345	else
346	s->internal->state = SSL3_ST_CW_KEY_EXCH_A;	346	S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
347	s->internal->init_num = 0;	347	s->internal->init_num = 0;
348		348
349	break;	349	break;
@@ -355,7 +355,7 @@ ssl3_connect(SSL *s)
355	ret = ssl3_send_client_certificate(s);	355	ret = ssl3_send_client_certificate(s);
356	if (ret <= 0)	356	if (ret <= 0)
357	goto end;	357	goto end;
358	s->internal->state = SSL3_ST_CW_KEY_EXCH_A;	358	S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
359	s->internal->init_num = 0;	359	s->internal->init_num = 0;
360	break;	360	break;
361		361
@@ -381,13 +381,13 @@ ssl3_connect(SSL *s)
381	* inside the client certificate.	381	* inside the client certificate.
382	*/	382	*/
383	if (S3I(s)->tmp.cert_req == 1) {	383	if (S3I(s)->tmp.cert_req == 1) {
384	s->internal->state = SSL3_ST_CW_CERT_VRFY_A;	384	S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A;
385	} else {	385	} else {
386	s->internal->state = SSL3_ST_CW_CHANGE_A;	386	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
387	S3I(s)->change_cipher_spec = 0;	387	S3I(s)->change_cipher_spec = 0;
388	}	388	}
389	if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {	389	if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
390	s->internal->state = SSL3_ST_CW_CHANGE_A;	390	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
391	S3I(s)->change_cipher_spec = 0;	391	S3I(s)->change_cipher_spec = 0;
392	}	392	}
393		393
@@ -399,7 +399,7 @@ ssl3_connect(SSL *s)
399	ret = ssl3_send_client_verify(s);	399	ret = ssl3_send_client_verify(s);
400	if (ret <= 0)	400	if (ret <= 0)
401	goto end;	401	goto end;
402	s->internal->state = SSL3_ST_CW_CHANGE_A;	402	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
403	s->internal->init_num = 0;	403	s->internal->init_num = 0;
404	S3I(s)->change_cipher_spec = 0;	404	S3I(s)->change_cipher_spec = 0;
405	break;	405	break;
@@ -412,9 +412,9 @@ ssl3_connect(SSL *s)
412	goto end;	412	goto end;
413		413
414	if (S3I(s)->next_proto_neg_seen)	414	if (S3I(s)->next_proto_neg_seen)
415	s->internal->state = SSL3_ST_CW_NEXT_PROTO_A;	415	S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_A;
416	else	416	else
417	s->internal->state = SSL3_ST_CW_FINISHED_A;	417	S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
418	s->internal->init_num = 0;	418	s->internal->init_num = 0;
419		419
420	s->session->cipher = S3I(s)->hs.new_cipher;	420	s->session->cipher = S3I(s)->hs.new_cipher;
@@ -436,7 +436,7 @@ ssl3_connect(SSL *s)
436	ret = ssl3_send_next_proto(s);	436	ret = ssl3_send_next_proto(s);
437	if (ret <= 0)	437	if (ret <= 0)
438	goto end;	438	goto end;
439	s->internal->state = SSL3_ST_CW_FINISHED_A;	439	S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
440	break;	440	break;
441		441
442	case SSL3_ST_CW_FINISHED_A:	442	case SSL3_ST_CW_FINISHED_A:
@@ -448,7 +448,7 @@ ssl3_connect(SSL *s)
448	if (ret <= 0)	448	if (ret <= 0)
449	goto end;	449	goto end;
450	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	450	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
451	s->internal->state = SSL3_ST_CW_FLUSH;	451	S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
452		452
453	/* clear flags */	453	/* clear flags */
454	s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;	454	s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
@@ -456,7 +456,7 @@ ssl3_connect(SSL *s)
456	S3I(s)->hs.next_state = SSL_ST_OK;	456	S3I(s)->hs.next_state = SSL_ST_OK;
457	if (s->s3->flags &	457	if (s->s3->flags &
458	SSL3_FLAGS_DELAY_CLIENT_FINISHED) {	458	SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
459	s->internal->state = SSL_ST_OK;	459	S3I(s)->hs.state = SSL_ST_OK;
460	s->s3->flags\|=SSL3_FLAGS_POP_BUFFER;	460	s->s3->flags\|=SSL3_FLAGS_POP_BUFFER;
461	S3I(s)->delay_buf_pop_ret = 0;	461	S3I(s)->delay_buf_pop_ret = 0;
462	}	462	}
@@ -477,7 +477,7 @@ ssl3_connect(SSL *s)
477	ret = ssl3_get_new_session_ticket(s);	477	ret = ssl3_get_new_session_ticket(s);
478	if (ret <= 0)	478	if (ret <= 0)
479	goto end;	479	goto end;
480	s->internal->state = SSL3_ST_CR_FINISHED_A;	480	S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
481	s->internal->init_num = 0;	481	s->internal->init_num = 0;
482	break;	482	break;
483		483
@@ -486,7 +486,7 @@ ssl3_connect(SSL *s)
486	ret = ssl3_get_cert_status(s);	486	ret = ssl3_get_cert_status(s);
487	if (ret <= 0)	487	if (ret <= 0)
488	goto end;	488	goto end;
489	s->internal->state = SSL3_ST_CR_KEY_EXCH_A;	489	S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
490	s->internal->init_num = 0;	490	s->internal->init_num = 0;
491	break;	491	break;
492		492
@@ -499,9 +499,9 @@ ssl3_connect(SSL *s)
499	goto end;	499	goto end;
500		500
501	if (s->internal->hit)	501	if (s->internal->hit)
502	s->internal->state = SSL3_ST_CW_CHANGE_A;	502	S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
503	else	503	else
504	s->internal->state = SSL_ST_OK;	504	S3I(s)->hs.state = SSL_ST_OK;
505	s->internal->init_num = 0;	505	s->internal->init_num = 0;
506	break;	506	break;
507		507
@@ -512,7 +512,7 @@ ssl3_connect(SSL *s)
512	goto end;	512	goto end;
513	}	513	}
514	s->internal->rwstate = SSL_NOTHING;	514	s->internal->rwstate = SSL_NOTHING;
515	s->internal->state = S3I(s)->hs.next_state;	515	S3I(s)->hs.state = S3I(s)->hs.next_state;
516	break;	516	break;
517		517
518	case SSL_ST_OK:	518	case SSL_ST_OK:
@@ -563,11 +563,11 @@ ssl3_connect(SSL *s)
563	goto end;	563	goto end;
564	}	564	}
565		565
566	if ((cb != NULL) && (s->internal->state != state)) {	566	if ((cb != NULL) && (S3I(s)->hs.state != state)) {
567	new_state = s->internal->state;	567	new_state = S3I(s)->hs.state;
568	s->internal->state = state;	568	S3I(s)->hs.state = state;
569	cb(s, SSL_CB_CONNECT_LOOP, 1);	569	cb(s, SSL_CB_CONNECT_LOOP, 1);
570	s->internal->state = new_state;	570	S3I(s)->hs.state = new_state;
571	}	571	}
572	}	572	}
573	skip = 0;	573	skip = 0;
@@ -591,7 +591,7 @@ ssl3_client_hello(SSL *s)
591		591
592	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;	592	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
593		593
594	if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) {	594	if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
595	SSL_SESSION *sess = s->session;	595	SSL_SESSION *sess = s->session;
596		596
597	if (ssl_supported_version_range(s, NULL, &max_version) != 1) {	597	if (ssl_supported_version_range(s, NULL, &max_version) != 1) {
@@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s)
706		706
707	ssl3_handshake_msg_finish(s, p - d);	707	ssl3_handshake_msg_finish(s, p - d);
708		708
709	s->internal->state = SSL3_ST_CW_CLNT_HELLO_B;	709	S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
710	}	710	}
711		711
712	/* SSL3_ST_CW_CLNT_HELLO_B */	712	/* SSL3_ST_CW_CLNT_HELLO_B */
@@ -2273,7 +2273,7 @@ ssl3_send_client_key_exchange(SSL *s)
2273		2273
2274	memset(&cbb, 0, sizeof(cbb));	2274	memset(&cbb, 0, sizeof(cbb));
2275		2275
2276	if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) {	2276	if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
2277	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	2277	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
2278		2278
2279	if ((sess_cert = SSI(s)->sess_cert) == NULL) {	2279	if ((sess_cert = SSI(s)->sess_cert) == NULL) {
@@ -2309,7 +2309,7 @@ ssl3_send_client_key_exchange(SSL *s)
2309	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	2309	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2310	goto err;	2310	goto err;
2311		2311
2312	s->internal->state = SSL3_ST_CW_KEY_EXCH_B;	2312	S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B;
2313	}	2313	}
2314		2314
2315	/* SSL3_ST_CW_KEY_EXCH_B */	2315	/* SSL3_ST_CW_KEY_EXCH_B */
@@ -2335,7 +2335,7 @@ ssl3_send_client_verify(SSL *s)
2335		2335
2336	EVP_MD_CTX_init(&mctx);	2336	EVP_MD_CTX_init(&mctx);
2337		2337
2338	if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) {	2338	if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
2339	p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);	2339	p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
2340		2340
2341	/*	2341	/*
@@ -2459,7 +2459,7 @@ ssl3_send_client_verify(SSL *s)
2459	goto err;	2459	goto err;
2460	}	2460	}
2461		2461
2462	s->internal->state = SSL3_ST_CW_CERT_VRFY_B;	2462	S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B;
2463		2463
2464	ssl3_handshake_msg_finish(s, n);	2464	ssl3_handshake_msg_finish(s, n);
2465	}	2465	}
@@ -2485,16 +2485,16 @@ ssl3_send_client_certificate(SSL *s)
2485		2485
2486	memset(&cbb, 0, sizeof(cbb));	2486	memset(&cbb, 0, sizeof(cbb));
2487		2487
2488	if (s->internal->state == SSL3_ST_CW_CERT_A) {	2488	if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) {
2489	if ((s->cert == NULL) \|\| (s->cert->key->x509 == NULL) \|\|	2489	if ((s->cert == NULL) \|\| (s->cert->key->x509 == NULL) \|\|
2490	(s->cert->key->privatekey == NULL))	2490	(s->cert->key->privatekey == NULL))
2491	s->internal->state = SSL3_ST_CW_CERT_B;	2491	S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
2492	else	2492	else
2493	s->internal->state = SSL3_ST_CW_CERT_C;	2493	S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
2494	}	2494	}
2495		2495
2496	/* We need to get a client cert */	2496	/* We need to get a client cert */
2497	if (s->internal->state == SSL3_ST_CW_CERT_B) {	2497	if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) {
2498	/*	2498	/*
2499	* If we get an error, we need to	2499	* If we get an error, we need to
2500	* ssl->rwstate=SSL_X509_LOOKUP; return(-1);	2500	* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
@@ -2507,7 +2507,7 @@ ssl3_send_client_certificate(SSL *s)
2507	}	2507	}
2508	s->internal->rwstate = SSL_NOTHING;	2508	s->internal->rwstate = SSL_NOTHING;
2509	if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {	2509	if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
2510	s->internal->state = SSL3_ST_CW_CERT_B;	2510	S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
2511	if (!SSL_use_certificate(s, x509) \|\|	2511	if (!SSL_use_certificate(s, x509) \|\|
2512	!SSL_use_PrivateKey(s, pkey))	2512	!SSL_use_PrivateKey(s, pkey))
2513	i = 0;	2513	i = 0;
@@ -2522,10 +2522,10 @@ ssl3_send_client_certificate(SSL *s)
2522	S3I(s)->tmp.cert_req = 2;	2522	S3I(s)->tmp.cert_req = 2;
2523		2523
2524	/* Ok, we have a cert */	2524	/* Ok, we have a cert */
2525	s->internal->state = SSL3_ST_CW_CERT_C;	2525	S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
2526	}	2526	}
2527		2527
2528	if (s->internal->state == SSL3_ST_CW_CERT_C) {	2528	if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) {
2529	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,	2529	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,
2530	SSL3_MT_CERTIFICATE))	2530	SSL3_MT_CERTIFICATE))
2531	goto err;	2531	goto err;
@@ -2535,7 +2535,7 @@ ssl3_send_client_certificate(SSL *s)
2535	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	2535	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2536	goto err;	2536	goto err;
2537		2537
2538	s->internal->state = SSL3_ST_CW_CERT_D;	2538	S3I(s)->hs.state = SSL3_ST_CW_CERT_D;
2539	}	2539	}
2540		2540
2541	/* SSL3_ST_CW_CERT_D */	2541	/* SSL3_ST_CW_CERT_D */
@@ -2625,7 +2625,7 @@ ssl3_send_next_proto(SSL *s)
2625		2625
2626	memset(&cbb, 0, sizeof(cbb));	2626	memset(&cbb, 0, sizeof(cbb));
2627		2627
2628	if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) {	2628	if (S3I(s)->hs.state == SSL3_ST_CW_NEXT_PROTO_A) {
2629	pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32);	2629	pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32);
2630		2630
2631	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto,	2631	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto,
@@ -2644,7 +2644,7 @@ ssl3_send_next_proto(SSL *s)
2644	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))	2644	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2645	goto err;	2645	goto err;
2646		2646
2647	s->internal->state = SSL3_ST_CW_NEXT_PROTO_B;	2647	S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_B;
2648	}	2648	}
2649		2649
2650	return (ssl3_handshake_write(s));	2650	return (ssl3_handshake_write(s));