summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c8
-rw-r--r--src/lib/libssl/d1_clnt.c72
-rw-r--r--src/lib/libssl/d1_pkt.c36
-rw-r--r--src/lib/libssl/d1_srvr.c92
-rw-r--r--src/lib/libssl/s23_clnt.c26
-rw-r--r--src/lib/libssl/s23_srvr.c28
-rw-r--r--src/lib/libssl/s3_both.c16
-rw-r--r--src/lib/libssl/s3_clnt.c106
-rw-r--r--src/lib/libssl/s3_lib.c8
-rw-r--r--src/lib/libssl/s3_pkt.c38
-rw-r--r--src/lib/libssl/s3_srvr.c118
-rw-r--r--src/lib/libssl/ssl.h5
-rw-r--r--src/lib/libssl/ssl_lib.c18
-rw-r--r--src/lib/libssl/ssl_locl.h6
-rw-r--r--src/lib/libssl/ssl_stat.c10
-rw-r--r--src/lib/libssl/t1_lib.c4
16 files changed, 296 insertions, 295 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index f440a8baf2..e709caa604 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.44 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.45 2017/01/23 08:48:44 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -856,7 +856,7 @@ again:
856 goto f_err; 856 goto f_err;
857 857
858 /* XDTLS: ressurect this when restart is in place */ 858 /* XDTLS: ressurect this when restart is in place */
859 s->state = stn; 859 s->internal->state = stn;
860 860
861 if (frag_len > 0) { 861 if (frag_len > 0) {
862 unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 862 unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
@@ -915,7 +915,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
915{ 915{
916 unsigned char *p; 916 unsigned char *p;
917 917
918 if (s->state == a) { 918 if (s->internal->state == a) {
919 p = (unsigned char *)s->internal->init_buf->data; 919 p = (unsigned char *)s->internal->init_buf->data;
920 *p++=SSL3_MT_CCS; 920 *p++=SSL3_MT_CCS;
921 D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; 921 D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
@@ -929,7 +929,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
929 /* buffer the message to handle re-xmits */ 929 /* buffer the message to handle re-xmits */
930 dtls1_buffer_message(s, 1); 930 dtls1_buffer_message(s, 1);
931 931
932 s->state = b; 932 s->internal->state = b;
933 } 933 }
934 934
935 /* SSL3_ST_CW_CHANGE_B */ 935 /* SSL3_ST_CW_CHANGE_B */
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 5a972f3292..9319794a66 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.66 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.67 2017/01/23 08:48:44 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -199,12 +199,12 @@ dtls1_connect(SSL *s)
199 199
200 200
201 for (;;) { 201 for (;;) {
202 state = s->state; 202 state = s->internal->state;
203 203
204 switch (s->state) { 204 switch (s->internal->state) {
205 case SSL_ST_RENEGOTIATE: 205 case SSL_ST_RENEGOTIATE:
206 s->internal->renegotiate = 1; 206 s->internal->renegotiate = 1;
207 s->state = SSL_ST_CONNECT; 207 s->internal->state = SSL_ST_CONNECT;
208 s->ctx->internal->stats.sess_connect_renegotiate++; 208 s->ctx->internal->stats.sess_connect_renegotiate++;
209 /* break */ 209 /* break */
210 case SSL_ST_BEFORE: 210 case SSL_ST_BEFORE:
@@ -241,7 +241,7 @@ dtls1_connect(SSL *s)
241 241
242 /* don't push the buffering BIO quite yet */ 242 /* don't push the buffering BIO quite yet */
243 243
244 s->state = SSL3_ST_CW_CLNT_HELLO_A; 244 s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
245 s->ctx->internal->stats.sess_connect++; 245 s->ctx->internal->stats.sess_connect++;
246 s->internal->init_num = 0; 246 s->internal->init_num = 0;
247 /* mark client_random uninitialized */ 247 /* mark client_random uninitialized */
@@ -269,10 +269,10 @@ dtls1_connect(SSL *s)
269 goto end; 269 goto end;
270 270
271 if (D1I(s)->send_cookie) { 271 if (D1I(s)->send_cookie) {
272 s->state = SSL3_ST_CW_FLUSH; 272 s->internal->state = SSL3_ST_CW_FLUSH;
273 S3I(s)->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; 273 S3I(s)->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
274 } else 274 } else
275 s->state = SSL3_ST_CR_SRVR_HELLO_A; 275 s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
276 276
277 s->internal->init_num = 0; 277 s->internal->init_num = 0;
278 278
@@ -290,9 +290,9 @@ dtls1_connect(SSL *s)
290 else { 290 else {
291 if (s->internal->hit) { 291 if (s->internal->hit) {
292 292
293 s->state = SSL3_ST_CR_FINISHED_A; 293 s->internal->state = SSL3_ST_CR_FINISHED_A;
294 } else 294 } else
295 s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; 295 s->internal->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
296 } 296 }
297 s->internal->init_num = 0; 297 s->internal->init_num = 0;
298 break; 298 break;
@@ -305,9 +305,9 @@ dtls1_connect(SSL *s)
305 goto end; 305 goto end;
306 dtls1_stop_timer(s); 306 dtls1_stop_timer(s);
307 if ( D1I(s)->send_cookie) /* start again, with a cookie */ 307 if ( D1I(s)->send_cookie) /* start again, with a cookie */
308 s->state = SSL3_ST_CW_CLNT_HELLO_A; 308 s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
309 else 309 else
310 s->state = SSL3_ST_CR_CERT_A; 310 s->internal->state = SSL3_ST_CR_CERT_A;
311 s->internal->init_num = 0; 311 s->internal->init_num = 0;
312 break; 312 break;
313 313
@@ -319,9 +319,9 @@ dtls1_connect(SSL *s)
319 if (ret == 2) { 319 if (ret == 2) {
320 s->internal->hit = 1; 320 s->internal->hit = 1;
321 if (s->internal->tlsext_ticket_expected) 321 if (s->internal->tlsext_ticket_expected)
322 s->state = SSL3_ST_CR_SESSION_TICKET_A; 322 s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
323 else 323 else
324 s->state = SSL3_ST_CR_FINISHED_A; 324 s->internal->state = SSL3_ST_CR_FINISHED_A;
325 s->internal->init_num = 0; 325 s->internal->init_num = 0;
326 break; 326 break;
327 } 327 }
@@ -332,12 +332,12 @@ dtls1_connect(SSL *s)
332 if (ret <= 0) 332 if (ret <= 0)
333 goto end; 333 goto end;
334 if (s->internal->tlsext_status_expected) 334 if (s->internal->tlsext_status_expected)
335 s->state = SSL3_ST_CR_CERT_STATUS_A; 335 s->internal->state = SSL3_ST_CR_CERT_STATUS_A;
336 else 336 else
337 s->state = SSL3_ST_CR_KEY_EXCH_A; 337 s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
338 } else { 338 } else {
339 skip = 1; 339 skip = 1;
340 s->state = SSL3_ST_CR_KEY_EXCH_A; 340 s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
341 } 341 }
342 s->internal->init_num = 0; 342 s->internal->init_num = 0;
343 break; 343 break;
@@ -347,7 +347,7 @@ dtls1_connect(SSL *s)
347 ret = ssl3_get_server_key_exchange(s); 347 ret = ssl3_get_server_key_exchange(s);
348 if (ret <= 0) 348 if (ret <= 0)
349 goto end; 349 goto end;
350 s->state = SSL3_ST_CR_CERT_REQ_A; 350 s->internal->state = SSL3_ST_CR_CERT_REQ_A;
351 s->internal->init_num = 0; 351 s->internal->init_num = 0;
352 352
353 /* at this point we check that we have the 353 /* at this point we check that we have the
@@ -363,7 +363,7 @@ dtls1_connect(SSL *s)
363 ret = ssl3_get_certificate_request(s); 363 ret = ssl3_get_certificate_request(s);
364 if (ret <= 0) 364 if (ret <= 0)
365 goto end; 365 goto end;
366 s->state = SSL3_ST_CR_SRVR_DONE_A; 366 s->internal->state = SSL3_ST_CR_SRVR_DONE_A;
367 s->internal->init_num = 0; 367 s->internal->init_num = 0;
368 break; 368 break;
369 369
@@ -378,7 +378,7 @@ dtls1_connect(SSL *s)
378 else 378 else
379 S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; 379 S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
380 s->internal->init_num = 0; 380 s->internal->init_num = 0;
381 s->state = S3I(s)->tmp.next_state; 381 s->internal->state = S3I(s)->tmp.next_state;
382 break; 382 break;
383 383
384 case SSL3_ST_CW_CERT_A: 384 case SSL3_ST_CW_CERT_A:
@@ -389,7 +389,7 @@ dtls1_connect(SSL *s)
389 ret = ssl3_send_client_certificate(s); 389 ret = ssl3_send_client_certificate(s);
390 if (ret <= 0) 390 if (ret <= 0)
391 goto end; 391 goto end;
392 s->state = SSL3_ST_CW_KEY_EXCH_A; 392 s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
393 s->internal->init_num = 0; 393 s->internal->init_num = 0;
394 break; 394 break;
395 395
@@ -405,9 +405,9 @@ dtls1_connect(SSL *s)
405 /* For TLS, cert_req is set to 2, so a cert chain 405 /* For TLS, cert_req is set to 2, so a cert chain
406 * of nothing is sent, but no verify packet is sent */ 406 * of nothing is sent, but no verify packet is sent */
407 if (S3I(s)->tmp.cert_req == 1) { 407 if (S3I(s)->tmp.cert_req == 1) {
408 s->state = SSL3_ST_CW_CERT_VRFY_A; 408 s->internal->state = SSL3_ST_CW_CERT_VRFY_A;
409 } else { 409 } else {
410 s->state = SSL3_ST_CW_CHANGE_A; 410 s->internal->state = SSL3_ST_CW_CHANGE_A;
411 S3I(s)->change_cipher_spec = 0; 411 S3I(s)->change_cipher_spec = 0;
412 } 412 }
413 413
@@ -420,7 +420,7 @@ dtls1_connect(SSL *s)
420 ret = ssl3_send_client_verify(s); 420 ret = ssl3_send_client_verify(s);
421 if (ret <= 0) 421 if (ret <= 0)
422 goto end; 422 goto end;
423 s->state = SSL3_ST_CW_CHANGE_A; 423 s->internal->state = SSL3_ST_CW_CHANGE_A;
424 s->internal->init_num = 0; 424 s->internal->init_num = 0;
425 S3I(s)->change_cipher_spec = 0; 425 S3I(s)->change_cipher_spec = 0;
426 break; 426 break;
@@ -434,7 +434,7 @@ dtls1_connect(SSL *s)
434 if (ret <= 0) 434 if (ret <= 0)
435 goto end; 435 goto end;
436 436
437 s->state = SSL3_ST_CW_FINISHED_A; 437 s->internal->state = SSL3_ST_CW_FINISHED_A;
438 s->internal->init_num = 0; 438 s->internal->init_num = 0;
439 439
440 s->session->cipher = S3I(s)->tmp.new_cipher; 440 s->session->cipher = S3I(s)->tmp.new_cipher;
@@ -463,14 +463,14 @@ dtls1_connect(SSL *s)
463 s->method->ssl3_enc->client_finished_label_len); 463 s->method->ssl3_enc->client_finished_label_len);
464 if (ret <= 0) 464 if (ret <= 0)
465 goto end; 465 goto end;
466 s->state = SSL3_ST_CW_FLUSH; 466 s->internal->state = SSL3_ST_CW_FLUSH;
467 467
468 /* clear flags */ 468 /* clear flags */
469 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 469 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
470 if (s->internal->hit) { 470 if (s->internal->hit) {
471 S3I(s)->tmp.next_state = SSL_ST_OK; 471 S3I(s)->tmp.next_state = SSL_ST_OK;
472 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 472 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
473 s->state = SSL_ST_OK; 473 s->internal->state = SSL_ST_OK;
474 s->s3->flags |= SSL3_FLAGS_POP_BUFFER; 474 s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
475 S3I(s)->delay_buf_pop_ret = 0; 475 S3I(s)->delay_buf_pop_ret = 0;
476 } 476 }
@@ -492,7 +492,7 @@ dtls1_connect(SSL *s)
492 ret = ssl3_get_new_session_ticket(s); 492 ret = ssl3_get_new_session_ticket(s);
493 if (ret <= 0) 493 if (ret <= 0)
494 goto end; 494 goto end;
495 s->state = SSL3_ST_CR_FINISHED_A; 495 s->internal->state = SSL3_ST_CR_FINISHED_A;
496 s->internal->init_num = 0; 496 s->internal->init_num = 0;
497 break; 497 break;
498 498
@@ -501,7 +501,7 @@ dtls1_connect(SSL *s)
501 ret = ssl3_get_cert_status(s); 501 ret = ssl3_get_cert_status(s);
502 if (ret <= 0) 502 if (ret <= 0)
503 goto end; 503 goto end;
504 s->state = SSL3_ST_CR_KEY_EXCH_A; 504 s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
505 s->internal->init_num = 0; 505 s->internal->init_num = 0;
506 break; 506 break;
507 507
@@ -515,9 +515,9 @@ dtls1_connect(SSL *s)
515 dtls1_stop_timer(s); 515 dtls1_stop_timer(s);
516 516
517 if (s->internal->hit) 517 if (s->internal->hit)
518 s->state = SSL3_ST_CW_CHANGE_A; 518 s->internal->state = SSL3_ST_CW_CHANGE_A;
519 else 519 else
520 s->state = SSL_ST_OK; 520 s->internal->state = SSL_ST_OK;
521 521
522 522
523 s->internal->init_num = 0; 523 s->internal->init_num = 0;
@@ -529,14 +529,14 @@ dtls1_connect(SSL *s)
529 /* If the write error was fatal, stop trying */ 529 /* If the write error was fatal, stop trying */
530 if (!BIO_should_retry(s->wbio)) { 530 if (!BIO_should_retry(s->wbio)) {
531 s->internal->rwstate = SSL_NOTHING; 531 s->internal->rwstate = SSL_NOTHING;
532 s->state = S3I(s)->tmp.next_state; 532 s->internal->state = S3I(s)->tmp.next_state;
533 } 533 }
534 534
535 ret = -1; 535 ret = -1;
536 goto end; 536 goto end;
537 } 537 }
538 s->internal->rwstate = SSL_NOTHING; 538 s->internal->rwstate = SSL_NOTHING;
539 s->state = S3I(s)->tmp.next_state; 539 s->internal->state = S3I(s)->tmp.next_state;
540 break; 540 break;
541 541
542 case SSL_ST_OK: 542 case SSL_ST_OK:
@@ -585,11 +585,11 @@ dtls1_connect(SSL *s)
585 goto end; 585 goto end;
586 } 586 }
587 587
588 if ((cb != NULL) && (s->state != state)) { 588 if ((cb != NULL) && (s->internal->state != state)) {
589 new_state = s->state; 589 new_state = s->internal->state;
590 s->state = state; 590 s->internal->state = state;
591 cb(s, SSL_CB_CONNECT_LOOP, 1); 591 cb(s, SSL_CB_CONNECT_LOOP, 1);
592 s->state = new_state; 592 s->internal->state = new_state;
593 } 593 }
594 } 594 }
595 skip = 0; 595 skip = 0;
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 2768d7ed9c..1dba3d0c4d 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.55 2017/01/23 08:08:06 beck Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.56 2017/01/23 08:48:44 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -495,7 +495,7 @@ again:
495 } 495 }
496 496
497 /* check if we have the header */ 497 /* check if we have the header */
498 if ((s->rstate != SSL_ST_READ_BODY) || 498 if ((s->internal->rstate != SSL_ST_READ_BODY) ||
499 (s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) { 499 (s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) {
500 CBS header, seq_no; 500 CBS header, seq_no;
501 uint16_t epoch, len, ssl_version; 501 uint16_t epoch, len, ssl_version;
@@ -510,7 +510,7 @@ again:
510 if (s->internal->packet_length != DTLS1_RT_HEADER_LENGTH) 510 if (s->internal->packet_length != DTLS1_RT_HEADER_LENGTH)
511 goto again; 511 goto again;
512 512
513 s->rstate = SSL_ST_READ_BODY; 513 s->internal->rstate = SSL_ST_READ_BODY;
514 514
515 CBS_init(&header, s->internal->packet, s->internal->packet_length); 515 CBS_init(&header, s->internal->packet, s->internal->packet_length);
516 516
@@ -547,11 +547,11 @@ again:
547 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 547 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
548 goto again; 548 goto again;
549 549
550 /* now s->rstate == SSL_ST_READ_BODY */ 550 /* now s->internal->rstate == SSL_ST_READ_BODY */
551 p = (unsigned char *)CBS_data(&header); 551 p = (unsigned char *)CBS_data(&header);
552 } 552 }
553 553
554 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 554 /* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */
555 555
556 if (rr->length > s->internal->packet_length - DTLS1_RT_HEADER_LENGTH) { 556 if (rr->length > s->internal->packet_length - DTLS1_RT_HEADER_LENGTH) {
557 /* now s->internal->packet_length == DTLS1_RT_HEADER_LENGTH */ 557 /* now s->internal->packet_length == DTLS1_RT_HEADER_LENGTH */
@@ -567,7 +567,7 @@ again:
567 /* now n == rr->length, 567 /* now n == rr->length,
568 * and s->internal->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ 568 * and s->internal->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
569 } 569 }
570 s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ 570 s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
571 571
572 /* match epochs. NULL means the packet is dropped on the floor */ 572 /* match epochs. NULL means the packet is dropped on the floor */
573 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); 573 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
@@ -692,7 +692,7 @@ start:
692 * so process data buffered during the last handshake 692 * so process data buffered during the last handshake
693 * in advance, if any. 693 * in advance, if any.
694 */ 694 */
695 if (s->state == SSL_ST_OK && rr->length == 0) { 695 if (s->internal->state == SSL_ST_OK && rr->length == 0) {
696 pitem *item; 696 pitem *item;
697 item = pqueue_pop(D1I(s)->buffered_app_data.q); 697 item = pqueue_pop(D1I(s)->buffered_app_data.q);
698 if (item) { 698 if (item) {
@@ -709,7 +709,7 @@ start:
709 goto start; 709 goto start;
710 710
711 /* get new packet if necessary */ 711 /* get new packet if necessary */
712 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { 712 if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) {
713 ret = dtls1_get_record(s); 713 ret = dtls1_get_record(s);
714 if (ret <= 0) { 714 if (ret <= 0) {
715 ret = dtls1_read_failed(s, ret); 715 ret = dtls1_read_failed(s, ret);
@@ -778,7 +778,7 @@ start:
778 rr->length -= n; 778 rr->length -= n;
779 rr->off += n; 779 rr->off += n;
780 if (rr->length == 0) { 780 if (rr->length == 0) {
781 s->rstate = SSL_ST_READ_HEADER; 781 s->internal->rstate = SSL_ST_READ_HEADER;
782 rr->off = 0; 782 rr->off = 0;
783 } 783 }
784 } 784 }
@@ -840,7 +840,7 @@ start:
840 */ 840 */
841 FIX ME 841 FIX ME
842#endif 842#endif
843 s->rstate = SSL_ST_READ_HEADER; 843 s->internal->rstate = SSL_ST_READ_HEADER;
844 rr->length = 0; 844 rr->length = 0;
845 goto start; 845 goto start;
846 } 846 }
@@ -1035,9 +1035,9 @@ start:
1035 goto start; 1035 goto start;
1036 } 1036 }
1037 1037
1038 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1038 if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) &&
1039 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { 1039 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1040 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1040 s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1041 s->internal->renegotiate = 1; 1041 s->internal->renegotiate = 1;
1042 s->internal->new_session = 1; 1042 s->internal->new_session = 1;
1043 } 1043 }
@@ -1096,12 +1096,12 @@ start:
1096 */ 1096 */
1097 if (S3I(s)->in_read_app_data && 1097 if (S3I(s)->in_read_app_data &&
1098 (S3I(s)->total_renegotiations != 0) && 1098 (S3I(s)->total_renegotiations != 0) &&
1099 (((s->state & SSL_ST_CONNECT) && 1099 (((s->internal->state & SSL_ST_CONNECT) &&
1100 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1100 (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1101 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( 1101 (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
1102 (s->state & SSL_ST_ACCEPT) && 1102 (s->internal->state & SSL_ST_ACCEPT) &&
1103 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1103 (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1104 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { 1104 (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1105 S3I(s)->in_read_app_data = 2; 1105 S3I(s)->in_read_app_data = 2;
1106 return (-1); 1106 return (-1);
1107 } else { 1107 } else {
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 78816cda46..81a05eb30e 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.76 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.77 2017/01/23 08:48:44 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -209,12 +209,12 @@ dtls1_accept(SSL *s)
209 } 209 }
210 210
211 for (;;) { 211 for (;;) {
212 state = s->state; 212 state = s->internal->state;
213 213
214 switch (s->state) { 214 switch (s->internal->state) {
215 case SSL_ST_RENEGOTIATE: 215 case SSL_ST_RENEGOTIATE:
216 s->internal->renegotiate = 1; 216 s->internal->renegotiate = 1;
217 /* s->state=SSL_ST_ACCEPT; */ 217 /* s->internal->state=SSL_ST_ACCEPT; */
218 218
219 case SSL_ST_BEFORE: 219 case SSL_ST_BEFORE:
220 case SSL_ST_ACCEPT: 220 case SSL_ST_ACCEPT:
@@ -243,7 +243,7 @@ dtls1_accept(SSL *s)
243 243
244 s->internal->init_num = 0; 244 s->internal->init_num = 0;
245 245
246 if (s->state != SSL_ST_RENEGOTIATE) { 246 if (s->internal->state != SSL_ST_RENEGOTIATE) {
247 /* Ok, we now need to push on a buffering BIO so that 247 /* Ok, we now need to push on a buffering BIO so that
248 * the output is sent in a way that TCP likes :-) 248 * the output is sent in a way that TCP likes :-)
249 * ...but not with SCTP :-) 249 * ...but not with SCTP :-)
@@ -258,13 +258,13 @@ dtls1_accept(SSL *s)
258 goto end; 258 goto end;
259 } 259 }
260 260
261 s->state = SSL3_ST_SR_CLNT_HELLO_A; 261 s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
262 s->ctx->internal->stats.sess_accept++; 262 s->ctx->internal->stats.sess_accept++;
263 } else { 263 } else {
264 /* s->state == SSL_ST_RENEGOTIATE, 264 /* s->internal->state == SSL_ST_RENEGOTIATE,
265 * we will just send a HelloRequest */ 265 * we will just send a HelloRequest */
266 s->ctx->internal->stats.sess_accept_renegotiate++; 266 s->ctx->internal->stats.sess_accept_renegotiate++;
267 s->state = SSL3_ST_SW_HELLO_REQ_A; 267 s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
268 } 268 }
269 269
270 break; 270 break;
@@ -279,7 +279,7 @@ dtls1_accept(SSL *s)
279 if (ret <= 0) 279 if (ret <= 0)
280 goto end; 280 goto end;
281 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; 281 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
282 s->state = SSL3_ST_SW_FLUSH; 282 s->internal->state = SSL3_ST_SW_FLUSH;
283 s->internal->init_num = 0; 283 s->internal->init_num = 0;
284 284
285 if (!tls1_init_finished_mac(s)) { 285 if (!tls1_init_finished_mac(s)) {
@@ -289,7 +289,7 @@ dtls1_accept(SSL *s)
289 break; 289 break;
290 290
291 case SSL3_ST_SW_HELLO_REQ_C: 291 case SSL3_ST_SW_HELLO_REQ_C:
292 s->state = SSL_ST_OK; 292 s->internal->state = SSL_ST_OK;
293 break; 293 break;
294 294
295 case SSL3_ST_SR_CLNT_HELLO_A: 295 case SSL3_ST_SR_CLNT_HELLO_A:
@@ -303,9 +303,9 @@ dtls1_accept(SSL *s)
303 dtls1_stop_timer(s); 303 dtls1_stop_timer(s);
304 304
305 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) 305 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
306 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; 306 s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
307 else 307 else
308 s->state = SSL3_ST_SW_SRVR_HELLO_A; 308 s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;
309 309
310 s->internal->init_num = 0; 310 s->internal->init_num = 0;
311 311
@@ -315,7 +315,7 @@ dtls1_accept(SSL *s)
315 } 315 }
316 316
317 /* If we're just listening, stop here */ 317 /* If we're just listening, stop here */
318 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { 318 if (listen && s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
319 ret = 2; 319 ret = 2;
320 D1I(s)->listen = 0; 320 D1I(s)->listen = 0;
321 /* Set expected sequence numbers 321 /* Set expected sequence numbers
@@ -335,7 +335,7 @@ dtls1_accept(SSL *s)
335 ret = dtls1_send_hello_verify_request(s); 335 ret = dtls1_send_hello_verify_request(s);
336 if (ret <= 0) 336 if (ret <= 0)
337 goto end; 337 goto end;
338 s->state = SSL3_ST_SW_FLUSH; 338 s->internal->state = SSL3_ST_SW_FLUSH;
339 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; 339 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
340 340
341 /* HelloVerifyRequest resets Finished MAC */ 341 /* HelloVerifyRequest resets Finished MAC */
@@ -356,11 +356,11 @@ dtls1_accept(SSL *s)
356 356
357 if (s->internal->hit) { 357 if (s->internal->hit) {
358 if (s->internal->tlsext_ticket_expected) 358 if (s->internal->tlsext_ticket_expected)
359 s->state = SSL3_ST_SW_SESSION_TICKET_A; 359 s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
360 else 360 else
361 s->state = SSL3_ST_SW_CHANGE_A; 361 s->internal->state = SSL3_ST_SW_CHANGE_A;
362 } else 362 } else
363 s->state = SSL3_ST_SW_CERT_A; 363 s->internal->state = SSL3_ST_SW_CERT_A;
364 s->internal->init_num = 0; 364 s->internal->init_num = 0;
365 break; 365 break;
366 366
@@ -374,12 +374,12 @@ dtls1_accept(SSL *s)
374 if (ret <= 0) 374 if (ret <= 0)
375 goto end; 375 goto end;
376 if (s->internal->tlsext_status_expected) 376 if (s->internal->tlsext_status_expected)
377 s->state = SSL3_ST_SW_CERT_STATUS_A; 377 s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
378 else 378 else
379 s->state = SSL3_ST_SW_KEY_EXCH_A; 379 s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
380 } else { 380 } else {
381 skip = 1; 381 skip = 1;
382 s->state = SSL3_ST_SW_KEY_EXCH_A; 382 s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
383 } 383 }
384 s->internal->init_num = 0; 384 s->internal->init_num = 0;
385 break; 385 break;
@@ -397,7 +397,7 @@ dtls1_accept(SSL *s)
397 } else 397 } else
398 skip = 1; 398 skip = 1;
399 399
400 s->state = SSL3_ST_SW_CERT_REQ_A; 400 s->internal->state = SSL3_ST_SW_CERT_REQ_A;
401 s->internal->init_num = 0; 401 s->internal->init_num = 0;
402 break; 402 break;
403 403
@@ -429,14 +429,14 @@ dtls1_accept(SSL *s)
429 /* no cert request */ 429 /* no cert request */
430 skip = 1; 430 skip = 1;
431 S3I(s)->tmp.cert_request = 0; 431 S3I(s)->tmp.cert_request = 0;
432 s->state = SSL3_ST_SW_SRVR_DONE_A; 432 s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
433 } else { 433 } else {
434 S3I(s)->tmp.cert_request = 1; 434 S3I(s)->tmp.cert_request = 1;
435 dtls1_start_timer(s); 435 dtls1_start_timer(s);
436 ret = ssl3_send_certificate_request(s); 436 ret = ssl3_send_certificate_request(s);
437 if (ret <= 0) 437 if (ret <= 0)
438 goto end; 438 goto end;
439 s->state = SSL3_ST_SW_SRVR_DONE_A; 439 s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
440 s->internal->init_num = 0; 440 s->internal->init_num = 0;
441 } 441 }
442 break; 442 break;
@@ -448,7 +448,7 @@ dtls1_accept(SSL *s)
448 if (ret <= 0) 448 if (ret <= 0)
449 goto end; 449 goto end;
450 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; 450 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
451 s->state = SSL3_ST_SW_FLUSH; 451 s->internal->state = SSL3_ST_SW_FLUSH;
452 s->internal->init_num = 0; 452 s->internal->init_num = 0;
453 break; 453 break;
454 454
@@ -458,14 +458,14 @@ dtls1_accept(SSL *s)
458 /* If the write error was fatal, stop trying */ 458 /* If the write error was fatal, stop trying */
459 if (!BIO_should_retry(s->wbio)) { 459 if (!BIO_should_retry(s->wbio)) {
460 s->internal->rwstate = SSL_NOTHING; 460 s->internal->rwstate = SSL_NOTHING;
461 s->state = S3I(s)->tmp.next_state; 461 s->internal->state = S3I(s)->tmp.next_state;
462 } 462 }
463 463
464 ret = -1; 464 ret = -1;
465 goto end; 465 goto end;
466 } 466 }
467 s->internal->rwstate = SSL_NOTHING; 467 s->internal->rwstate = SSL_NOTHING;
468 s->state = S3I(s)->tmp.next_state; 468 s->internal->state = S3I(s)->tmp.next_state;
469 break; 469 break;
470 470
471 case SSL3_ST_SR_CERT_A: 471 case SSL3_ST_SR_CERT_A:
@@ -476,7 +476,7 @@ dtls1_accept(SSL *s)
476 goto end; 476 goto end;
477 } 477 }
478 s->internal->init_num = 0; 478 s->internal->init_num = 0;
479 s->state = SSL3_ST_SR_KEY_EXCH_A; 479 s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
480 break; 480 break;
481 481
482 case SSL3_ST_SR_KEY_EXCH_A: 482 case SSL3_ST_SR_KEY_EXCH_A:
@@ -485,7 +485,7 @@ dtls1_accept(SSL *s)
485 if (ret <= 0) 485 if (ret <= 0)
486 goto end; 486 goto end;
487 487
488 s->state = SSL3_ST_SR_CERT_VRFY_A; 488 s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
489 s->internal->init_num = 0; 489 s->internal->init_num = 0;
490 490
491 if (ret == 2) { 491 if (ret == 2) {
@@ -494,10 +494,10 @@ dtls1_accept(SSL *s)
494 * a certificate, the CertificateVerify 494 * a certificate, the CertificateVerify
495 * message is not sent. 495 * message is not sent.
496 */ 496 */
497 s->state = SSL3_ST_SR_FINISHED_A; 497 s->internal->state = SSL3_ST_SR_FINISHED_A;
498 s->internal->init_num = 0; 498 s->internal->init_num = 0;
499 } else if (SSL_USE_SIGALGS(s)) { 499 } else if (SSL_USE_SIGALGS(s)) {
500 s->state = SSL3_ST_SR_CERT_VRFY_A; 500 s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
501 s->internal->init_num = 0; 501 s->internal->init_num = 0;
502 if (!s->session->peer) 502 if (!s->session->peer)
503 break; 503 break;
@@ -518,7 +518,7 @@ dtls1_accept(SSL *s)
518 goto end; 518 goto end;
519 } 519 }
520 } else { 520 } else {
521 s->state = SSL3_ST_SR_CERT_VRFY_A; 521 s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
522 s->internal->init_num = 0; 522 s->internal->init_num = 0;
523 523
524 /* We need to get hashes here so if there is 524 /* We need to get hashes here so if there is
@@ -539,7 +539,7 @@ dtls1_accept(SSL *s)
539 ret = ssl3_get_cert_verify(s); 539 ret = ssl3_get_cert_verify(s);
540 if (ret <= 0) 540 if (ret <= 0)
541 goto end; 541 goto end;
542 s->state = SSL3_ST_SR_FINISHED_A; 542 s->internal->state = SSL3_ST_SR_FINISHED_A;
543 s->internal->init_num = 0; 543 s->internal->init_num = 0;
544 break; 544 break;
545 545
@@ -552,11 +552,11 @@ dtls1_accept(SSL *s)
552 goto end; 552 goto end;
553 dtls1_stop_timer(s); 553 dtls1_stop_timer(s);
554 if (s->internal->hit) 554 if (s->internal->hit)
555 s->state = SSL_ST_OK; 555 s->internal->state = SSL_ST_OK;
556 else if (s->internal->tlsext_ticket_expected) 556 else if (s->internal->tlsext_ticket_expected)
557 s->state = SSL3_ST_SW_SESSION_TICKET_A; 557 s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
558 else 558 else
559 s->state = SSL3_ST_SW_CHANGE_A; 559 s->internal->state = SSL3_ST_SW_CHANGE_A;
560 s->internal->init_num = 0; 560 s->internal->init_num = 0;
561 break; 561 break;
562 562
@@ -565,7 +565,7 @@ dtls1_accept(SSL *s)
565 ret = ssl3_send_newsession_ticket(s); 565 ret = ssl3_send_newsession_ticket(s);
566 if (ret <= 0) 566 if (ret <= 0)
567 goto end; 567 goto end;
568 s->state = SSL3_ST_SW_CHANGE_A; 568 s->internal->state = SSL3_ST_SW_CHANGE_A;
569 s->internal->init_num = 0; 569 s->internal->init_num = 0;
570 break; 570 break;
571 571
@@ -574,7 +574,7 @@ dtls1_accept(SSL *s)
574 ret = ssl3_send_cert_status(s); 574 ret = ssl3_send_cert_status(s);
575 if (ret <= 0) 575 if (ret <= 0)
576 goto end; 576 goto end;
577 s->state = SSL3_ST_SW_KEY_EXCH_A; 577 s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
578 s->internal->init_num = 0; 578 s->internal->init_num = 0;
579 break; 579 break;
580 580
@@ -595,7 +595,7 @@ dtls1_accept(SSL *s)
595 goto end; 595 goto end;
596 596
597 597
598 s->state = SSL3_ST_SW_FINISHED_A; 598 s->internal->state = SSL3_ST_SW_FINISHED_A;
599 s->internal->init_num = 0; 599 s->internal->init_num = 0;
600 600
601 if (!s->method->ssl3_enc->change_cipher_state(s, 601 if (!s->method->ssl3_enc->change_cipher_state(s,
@@ -615,7 +615,7 @@ dtls1_accept(SSL *s)
615 s->method->ssl3_enc->server_finished_label_len); 615 s->method->ssl3_enc->server_finished_label_len);
616 if (ret <= 0) 616 if (ret <= 0)
617 goto end; 617 goto end;
618 s->state = SSL3_ST_SW_FLUSH; 618 s->internal->state = SSL3_ST_SW_FLUSH;
619 if (s->internal->hit) { 619 if (s->internal->hit) {
620 S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A; 620 S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A;
621 621
@@ -672,11 +672,11 @@ dtls1_accept(SSL *s)
672 goto end; 672 goto end;
673 } 673 }
674 674
675 if ((cb != NULL) && (s->state != state)) { 675 if ((cb != NULL) && (s->internal->state != state)) {
676 new_state = s->state; 676 new_state = s->internal->state;
677 s->state = state; 677 s->internal->state = state;
678 cb(s, SSL_CB_ACCEPT_LOOP, 1); 678 cb(s, SSL_CB_ACCEPT_LOOP, 1);
679 s->state = new_state; 679 s->internal->state = new_state;
680 } 680 }
681 } 681 }
682 skip = 0; 682 skip = 0;
@@ -697,7 +697,7 @@ dtls1_send_hello_verify_request(SSL *s)
697{ 697{
698 unsigned char *d, *p; 698 unsigned char *d, *p;
699 699
700 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { 700 if (s->internal->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
701 d = p = ssl3_handshake_msg_start(s, 701 d = p = ssl3_handshake_msg_start(s,
702 DTLS1_MT_HELLO_VERIFY_REQUEST); 702 DTLS1_MT_HELLO_VERIFY_REQUEST);
703 703
@@ -718,9 +718,9 @@ dtls1_send_hello_verify_request(SSL *s)
718 718
719 ssl3_handshake_msg_finish(s, p - d); 719 ssl3_handshake_msg_finish(s, p - d);
720 720
721 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; 721 s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
722 } 722 }
723 723
724 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ 724 /* s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
725 return (ssl3_handshake_write(s)); 725 return (ssl3_handshake_write(s));
726} 726}
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index e95006bcca..ccaee02564 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_clnt.c,v 1.53 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: s23_clnt.c,v 1.54 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -140,9 +140,9 @@ ssl23_connect(SSL *s)
140 SSL_clear(s); 140 SSL_clear(s);
141 141
142 for (;;) { 142 for (;;) {
143 state = s->state; 143 state = s->internal->state;
144 144
145 switch (s->state) { 145 switch (s->internal->state) {
146 case SSL_ST_BEFORE: 146 case SSL_ST_BEFORE:
147 case SSL_ST_CONNECT: 147 case SSL_ST_CONNECT:
148 case SSL_ST_BEFORE|SSL_ST_CONNECT: 148 case SSL_ST_BEFORE|SSL_ST_CONNECT:
@@ -173,7 +173,7 @@ ssl23_connect(SSL *s)
173 goto end; 173 goto end;
174 } 174 }
175 175
176 s->state = SSL23_ST_CW_CLNT_HELLO_A; 176 s->internal->state = SSL23_ST_CW_CLNT_HELLO_A;
177 s->ctx->internal->stats.sess_connect++; 177 s->ctx->internal->stats.sess_connect++;
178 s->internal->init_num = 0; 178 s->internal->init_num = 0;
179 break; 179 break;
@@ -185,7 +185,7 @@ ssl23_connect(SSL *s)
185 ret = ssl23_client_hello(s); 185 ret = ssl23_client_hello(s);
186 if (ret <= 0) 186 if (ret <= 0)
187 goto end; 187 goto end;
188 s->state = SSL23_ST_CR_SRVR_HELLO_A; 188 s->internal->state = SSL23_ST_CR_SRVR_HELLO_A;
189 s->internal->init_num = 0; 189 s->internal->init_num = 0;
190 190
191 break; 191 break;
@@ -209,11 +209,11 @@ ssl23_connect(SSL *s)
209 (void)BIO_flush(s->wbio); 209 (void)BIO_flush(s->wbio);
210 } 210 }
211 211
212 if ((cb != NULL) && (s->state != state)) { 212 if ((cb != NULL) && (s->internal->state != state)) {
213 new_state = s->state; 213 new_state = s->internal->state;
214 s->state = state; 214 s->internal->state = state;
215 cb(s, SSL_CB_CONNECT_LOOP, 1); 215 cb(s, SSL_CB_CONNECT_LOOP, 1);
216 s->state = new_state; 216 s->internal->state = new_state;
217 } 217 }
218 } 218 }
219 219
@@ -236,7 +236,7 @@ ssl23_client_hello(SSL *s)
236 int ret; 236 int ret;
237 237
238 buf = (unsigned char *)s->internal->init_buf->data; 238 buf = (unsigned char *)s->internal->init_buf->data;
239 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { 239 if (s->internal->state == SSL23_ST_CW_CLNT_HELLO_A) {
240 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); 240 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
241 241
242 if (ssl_enabled_version_range(s, NULL, &version) != 1) { 242 if (ssl_enabled_version_range(s, NULL, &version) != 1) {
@@ -325,7 +325,7 @@ ssl23_client_hello(SSL *s)
325 tls1_finish_mac(s, &(buf[SSL3_RT_HEADER_LENGTH]), 325 tls1_finish_mac(s, &(buf[SSL3_RT_HEADER_LENGTH]),
326 s->internal->init_num - SSL3_RT_HEADER_LENGTH); 326 s->internal->init_num - SSL3_RT_HEADER_LENGTH);
327 327
328 s->state = SSL23_ST_CW_CLNT_HELLO_B; 328 s->internal->state = SSL23_ST_CW_CLNT_HELLO_B;
329 s->internal->init_off = 0; 329 s->internal->init_off = 0;
330 } 330 }
331 331
@@ -419,11 +419,11 @@ ssl23_get_server_hello(SSL *s)
419 goto err; 419 goto err;
420 420
421 /* we are in this state */ 421 /* we are in this state */
422 s->state = SSL3_ST_CR_SRVR_HELLO_A; 422 s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
423 423
424 /* put the 7 bytes we have read into the input buffer 424 /* put the 7 bytes we have read into the input buffer
425 * for SSLv3 */ 425 * for SSLv3 */
426 s->rstate = SSL_ST_READ_HEADER; 426 s->internal->rstate = SSL_ST_READ_HEADER;
427 s->internal->packet_length = n; 427 s->internal->packet_length = n;
428 if (s->s3->rbuf.buf == NULL) 428 if (s->s3->rbuf.buf == NULL)
429 if (!ssl3_setup_read_buffer(s)) 429 if (!ssl3_setup_read_buffer(s))
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 6b5ac0cc63..4dd94eb7b8 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.55 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -139,9 +139,9 @@ ssl23_accept(SSL *s)
139 SSL_clear(s); 139 SSL_clear(s);
140 140
141 for (;;) { 141 for (;;) {
142 state = s->state; 142 state = s->internal->state;
143 143
144 switch (s->state) { 144 switch (s->internal->state) {
145 case SSL_ST_BEFORE: 145 case SSL_ST_BEFORE:
146 case SSL_ST_ACCEPT: 146 case SSL_ST_ACCEPT:
147 case SSL_ST_BEFORE|SSL_ST_ACCEPT: 147 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
@@ -163,7 +163,7 @@ ssl23_accept(SSL *s)
163 goto end; 163 goto end;
164 } 164 }
165 165
166 s->state = SSL23_ST_SR_CLNT_HELLO_A; 166 s->internal->state = SSL23_ST_SR_CLNT_HELLO_A;
167 s->ctx->internal->stats.sess_accept++; 167 s->ctx->internal->stats.sess_accept++;
168 s->internal->init_num = 0; 168 s->internal->init_num = 0;
169 break; 169 break;
@@ -185,11 +185,11 @@ ssl23_accept(SSL *s)
185 /* break; */ 185 /* break; */
186 } 186 }
187 187
188 if ((cb != NULL) && (s->state != state)) { 188 if ((cb != NULL) && (s->internal->state != state)) {
189 new_state = s->state; 189 new_state = s->internal->state;
190 s->state = state; 190 s->internal->state = state;
191 cb(s, SSL_CB_ACCEPT_LOOP, 1); 191 cb(s, SSL_CB_ACCEPT_LOOP, 1);
192 s->state = new_state; 192 s->internal->state = new_state;
193 } 193 }
194 } 194 }
195 195
@@ -228,7 +228,7 @@ ssl23_get_client_hello(SSL *s)
228 int n = 0, j; 228 int n = 0, j;
229 int type = 0; 229 int type = 0;
230 230
231 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { 231 if (s->internal->state == SSL23_ST_SR_CLNT_HELLO_A) {
232 /* read the initial header */ 232 /* read the initial header */
233 if (!ssl3_setup_buffers(s)) 233 if (!ssl3_setup_buffers(s))
234 return -1; 234 return -1;
@@ -252,7 +252,7 @@ ssl23_get_client_hello(SSL *s)
252 goto unsupported; 252 goto unsupported;
253 253
254 s->version = shared_version; 254 s->version = shared_version;
255 s->state = SSL23_ST_SR_CLNT_HELLO_B; 255 s->internal->state = SSL23_ST_SR_CLNT_HELLO_B;
256 } else if ((p[0] == SSL3_RT_HANDSHAKE) && 256 } else if ((p[0] == SSL3_RT_HANDSHAKE) &&
257 (p[1] == SSL3_VERSION_MAJOR) && 257 (p[1] == SSL3_VERSION_MAJOR) &&
258 (p[5] == SSL3_MT_CLIENT_HELLO) && 258 (p[5] == SSL3_MT_CLIENT_HELLO) &&
@@ -301,7 +301,7 @@ ssl23_get_client_hello(SSL *s)
301 } 301 }
302 } 302 }
303 303
304 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { 304 if (s->internal->state == SSL23_ST_SR_CLNT_HELLO_B) {
305 /* we have SSLv3/TLSv1 in an SSLv2 header 305 /* we have SSLv3/TLSv1 in an SSLv2 header
306 * (other cases skip this state) */ 306 * (other cases skip this state) */
307 307
@@ -413,7 +413,7 @@ ssl23_get_client_hello(SSL *s)
413 } 413 }
414 414
415 /* imaginary new state (for program structure): */ 415 /* imaginary new state (for program structure): */
416 /* s->state = SSL23_SR_CLNT_HELLO_C */ 416 /* s->internal->state = SSL23_SR_CLNT_HELLO_C */
417 417
418 if (type == 2 || type == 3) { 418 if (type == 2 || type == 3) {
419 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ 419 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
@@ -422,12 +422,12 @@ ssl23_get_client_hello(SSL *s)
422 return -1; 422 return -1;
423 423
424 /* we are in this state */ 424 /* we are in this state */
425 s->state = SSL3_ST_SR_CLNT_HELLO_A; 425 s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
426 426
427 if (type == 3) { 427 if (type == 3) {
428 /* put the 'n' bytes we have read into the input buffer 428 /* put the 'n' bytes we have read into the input buffer
429 * for SSLv3 */ 429 * for SSLv3 */
430 s->rstate = SSL_ST_READ_HEADER; 430 s->internal->rstate = SSL_ST_READ_HEADER;
431 s->internal->packet_length = n; 431 s->internal->packet_length = n;
432 if (s->s3->rbuf.buf == NULL) 432 if (s->s3->rbuf.buf == NULL)
433 if (!ssl3_setup_read_buffer(s)) 433 if (!ssl3_setup_read_buffer(s))
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 12559ab710..23fdcd2065 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.53 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.54 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -169,7 +169,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
169 unsigned char *p; 169 unsigned char *p;
170 int md_len; 170 int md_len;
171 171
172 if (s->state == a) { 172 if (s->internal->state == a) {
173 md_len = s->method->ssl3_enc->finish_mac_length; 173 md_len = s->method->ssl3_enc->finish_mac_length;
174 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); 174 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
175 175
@@ -193,7 +193,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
193 memcpy(p, S3I(s)->tmp.finish_md, md_len); 193 memcpy(p, S3I(s)->tmp.finish_md, md_len);
194 ssl3_handshake_msg_finish(s, md_len); 194 ssl3_handshake_msg_finish(s, md_len);
195 195
196 s->state = b; 196 s->internal->state = b;
197 } 197 }
198 198
199 return (ssl3_handshake_write(s)); 199 return (ssl3_handshake_write(s));
@@ -216,7 +216,7 @@ ssl3_take_mac(SSL *s)
216 if (S3I(s)->tmp.new_cipher == NULL) 216 if (S3I(s)->tmp.new_cipher == NULL)
217 return; 217 return;
218 218
219 if (s->state & SSL_ST_CONNECT) { 219 if (s->internal->state & SSL_ST_CONNECT) {
220 sender = s->method->ssl3_enc->server_finished_label; 220 sender = s->method->ssl3_enc->server_finished_label;
221 slen = s->method->ssl3_enc->server_finished_label_len; 221 slen = s->method->ssl3_enc->server_finished_label_len;
222 } else { 222 } else {
@@ -302,13 +302,13 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b)
302{ 302{
303 unsigned char *p; 303 unsigned char *p;
304 304
305 if (s->state == a) { 305 if (s->internal->state == a) {
306 p = (unsigned char *)s->internal->init_buf->data; 306 p = (unsigned char *)s->internal->init_buf->data;
307 *p = SSL3_MT_CCS; 307 *p = SSL3_MT_CCS;
308 s->internal->init_num = 1; 308 s->internal->init_num = 1;
309 s->internal->init_off = 0; 309 s->internal->init_off = 0;
310 310
311 s->state = b; 311 s->internal->state = b;
312 } 312 }
313 313
314 /* SSL3_ST_CW_CHANGE_B */ 314 /* SSL3_ST_CW_CHANGE_B */
@@ -433,7 +433,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
433 p = (unsigned char *)s->internal->init_buf->data; 433 p = (unsigned char *)s->internal->init_buf->data;
434 434
435 /* s->internal->init_num < 4 */ 435 /* s->internal->init_num < 4 */
436 if (s->state == st1) { 436 if (s->internal->state == st1) {
437 int skip_message; 437 int skip_message;
438 438
439 do { 439 do {
@@ -497,7 +497,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
497 goto err; 497 goto err;
498 } 498 }
499 S3I(s)->tmp.message_size = l; 499 S3I(s)->tmp.message_size = l;
500 s->state = stn; 500 s->internal->state = stn;
501 501
502 s->internal->init_msg = s->internal->init_buf->data + 4; 502 s->internal->init_msg = s->internal->init_buf->data + 4;
503 s->internal->init_num = 0; 503 s->internal->init_num = 0;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 0893682e75..a6feb68e91 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.168 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.169 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -193,12 +193,12 @@ ssl3_connect(SSL *s)
193 SSL_clear(s); 193 SSL_clear(s);
194 194
195 for (;;) { 195 for (;;) {
196 state = s->state; 196 state = s->internal->state;
197 197
198 switch (s->state) { 198 switch (s->internal->state) {
199 case SSL_ST_RENEGOTIATE: 199 case SSL_ST_RENEGOTIATE:
200 s->internal->renegotiate = 1; 200 s->internal->renegotiate = 1;
201 s->state = SSL_ST_CONNECT; 201 s->internal->state = SSL_ST_CONNECT;
202 s->ctx->internal->stats.sess_connect_renegotiate++; 202 s->ctx->internal->stats.sess_connect_renegotiate++;
203 /* break */ 203 /* break */
204 case SSL_ST_BEFORE: 204 case SSL_ST_BEFORE:
@@ -240,7 +240,7 @@ ssl3_connect(SSL *s)
240 goto end; 240 goto end;
241 } 241 }
242 242
243 s->state = SSL3_ST_CW_CLNT_HELLO_A; 243 s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
244 s->ctx->internal->stats.sess_connect++; 244 s->ctx->internal->stats.sess_connect++;
245 s->internal->init_num = 0; 245 s->internal->init_num = 0;
246 break; 246 break;
@@ -252,7 +252,7 @@ ssl3_connect(SSL *s)
252 ret = ssl3_client_hello(s); 252 ret = ssl3_client_hello(s);
253 if (ret <= 0) 253 if (ret <= 0)
254 goto end; 254 goto end;
255 s->state = SSL3_ST_CR_SRVR_HELLO_A; 255 s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
256 s->internal->init_num = 0; 256 s->internal->init_num = 0;
257 257
258 /* turn on buffering for the next lot of output */ 258 /* turn on buffering for the next lot of output */
@@ -268,13 +268,13 @@ ssl3_connect(SSL *s)
268 goto end; 268 goto end;
269 269
270 if (s->internal->hit) { 270 if (s->internal->hit) {
271 s->state = SSL3_ST_CR_FINISHED_A; 271 s->internal->state = SSL3_ST_CR_FINISHED_A;
272 if (s->internal->tlsext_ticket_expected) { 272 if (s->internal->tlsext_ticket_expected) {
273 /* receive renewed session ticket */ 273 /* receive renewed session ticket */
274 s->state = SSL3_ST_CR_SESSION_TICKET_A; 274 s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
275 } 275 }
276 } else 276 } else
277 s->state = SSL3_ST_CR_CERT_A; 277 s->internal->state = SSL3_ST_CR_CERT_A;
278 s->internal->init_num = 0; 278 s->internal->init_num = 0;
279 break; 279 break;
280 280
@@ -286,9 +286,9 @@ ssl3_connect(SSL *s)
286 if (ret == 2) { 286 if (ret == 2) {
287 s->internal->hit = 1; 287 s->internal->hit = 1;
288 if (s->internal->tlsext_ticket_expected) 288 if (s->internal->tlsext_ticket_expected)
289 s->state = SSL3_ST_CR_SESSION_TICKET_A; 289 s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
290 else 290 else
291 s->state = SSL3_ST_CR_FINISHED_A; 291 s->internal->state = SSL3_ST_CR_FINISHED_A;
292 s->internal->init_num = 0; 292 s->internal->init_num = 0;
293 break; 293 break;
294 } 294 }
@@ -299,12 +299,12 @@ ssl3_connect(SSL *s)
299 if (ret <= 0) 299 if (ret <= 0)
300 goto end; 300 goto end;
301 if (s->internal->tlsext_status_expected) 301 if (s->internal->tlsext_status_expected)
302 s->state = SSL3_ST_CR_CERT_STATUS_A; 302 s->internal->state = SSL3_ST_CR_CERT_STATUS_A;
303 else 303 else
304 s->state = SSL3_ST_CR_KEY_EXCH_A; 304 s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
305 } else { 305 } else {
306 skip = 1; 306 skip = 1;
307 s->state = SSL3_ST_CR_KEY_EXCH_A; 307 s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
308 } 308 }
309 s->internal->init_num = 0; 309 s->internal->init_num = 0;
310 break; 310 break;
@@ -314,7 +314,7 @@ ssl3_connect(SSL *s)
314 ret = ssl3_get_server_key_exchange(s); 314 ret = ssl3_get_server_key_exchange(s);
315 if (ret <= 0) 315 if (ret <= 0)
316 goto end; 316 goto end;
317 s->state = SSL3_ST_CR_CERT_REQ_A; 317 s->internal->state = SSL3_ST_CR_CERT_REQ_A;
318 s->internal->init_num = 0; 318 s->internal->init_num = 0;
319 319
320 /* 320 /*
@@ -332,7 +332,7 @@ ssl3_connect(SSL *s)
332 ret = ssl3_get_certificate_request(s); 332 ret = ssl3_get_certificate_request(s);
333 if (ret <= 0) 333 if (ret <= 0)
334 goto end; 334 goto end;
335 s->state = SSL3_ST_CR_SRVR_DONE_A; 335 s->internal->state = SSL3_ST_CR_SRVR_DONE_A;
336 s->internal->init_num = 0; 336 s->internal->init_num = 0;
337 break; 337 break;
338 338
@@ -342,9 +342,9 @@ ssl3_connect(SSL *s)
342 if (ret <= 0) 342 if (ret <= 0)
343 goto end; 343 goto end;
344 if (S3I(s)->tmp.cert_req) 344 if (S3I(s)->tmp.cert_req)
345 s->state = SSL3_ST_CW_CERT_A; 345 s->internal->state = SSL3_ST_CW_CERT_A;
346 else 346 else
347 s->state = SSL3_ST_CW_KEY_EXCH_A; 347 s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
348 s->internal->init_num = 0; 348 s->internal->init_num = 0;
349 349
350 break; 350 break;
@@ -356,7 +356,7 @@ ssl3_connect(SSL *s)
356 ret = ssl3_send_client_certificate(s); 356 ret = ssl3_send_client_certificate(s);
357 if (ret <= 0) 357 if (ret <= 0)
358 goto end; 358 goto end;
359 s->state = SSL3_ST_CW_KEY_EXCH_A; 359 s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
360 s->internal->init_num = 0; 360 s->internal->init_num = 0;
361 break; 361 break;
362 362
@@ -382,13 +382,13 @@ ssl3_connect(SSL *s)
382 * inside the client certificate. 382 * inside the client certificate.
383 */ 383 */
384 if (S3I(s)->tmp.cert_req == 1) { 384 if (S3I(s)->tmp.cert_req == 1) {
385 s->state = SSL3_ST_CW_CERT_VRFY_A; 385 s->internal->state = SSL3_ST_CW_CERT_VRFY_A;
386 } else { 386 } else {
387 s->state = SSL3_ST_CW_CHANGE_A; 387 s->internal->state = SSL3_ST_CW_CHANGE_A;
388 S3I(s)->change_cipher_spec = 0; 388 S3I(s)->change_cipher_spec = 0;
389 } 389 }
390 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { 390 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
391 s->state = SSL3_ST_CW_CHANGE_A; 391 s->internal->state = SSL3_ST_CW_CHANGE_A;
392 S3I(s)->change_cipher_spec = 0; 392 S3I(s)->change_cipher_spec = 0;
393 } 393 }
394 394
@@ -400,7 +400,7 @@ ssl3_connect(SSL *s)
400 ret = ssl3_send_client_verify(s); 400 ret = ssl3_send_client_verify(s);
401 if (ret <= 0) 401 if (ret <= 0)
402 goto end; 402 goto end;
403 s->state = SSL3_ST_CW_CHANGE_A; 403 s->internal->state = SSL3_ST_CW_CHANGE_A;
404 s->internal->init_num = 0; 404 s->internal->init_num = 0;
405 S3I(s)->change_cipher_spec = 0; 405 S3I(s)->change_cipher_spec = 0;
406 break; 406 break;
@@ -413,9 +413,9 @@ ssl3_connect(SSL *s)
413 goto end; 413 goto end;
414 414
415 if (S3I(s)->next_proto_neg_seen) 415 if (S3I(s)->next_proto_neg_seen)
416 s->state = SSL3_ST_CW_NEXT_PROTO_A; 416 s->internal->state = SSL3_ST_CW_NEXT_PROTO_A;
417 else 417 else
418 s->state = SSL3_ST_CW_FINISHED_A; 418 s->internal->state = SSL3_ST_CW_FINISHED_A;
419 s->internal->init_num = 0; 419 s->internal->init_num = 0;
420 420
421 s->session->cipher = S3I(s)->tmp.new_cipher; 421 s->session->cipher = S3I(s)->tmp.new_cipher;
@@ -437,7 +437,7 @@ ssl3_connect(SSL *s)
437 ret = ssl3_send_next_proto(s); 437 ret = ssl3_send_next_proto(s);
438 if (ret <= 0) 438 if (ret <= 0)
439 goto end; 439 goto end;
440 s->state = SSL3_ST_CW_FINISHED_A; 440 s->internal->state = SSL3_ST_CW_FINISHED_A;
441 break; 441 break;
442 442
443 case SSL3_ST_CW_FINISHED_A: 443 case SSL3_ST_CW_FINISHED_A:
@@ -449,7 +449,7 @@ ssl3_connect(SSL *s)
449 if (ret <= 0) 449 if (ret <= 0)
450 goto end; 450 goto end;
451 s->s3->flags |= SSL3_FLAGS_CCS_OK; 451 s->s3->flags |= SSL3_FLAGS_CCS_OK;
452 s->state = SSL3_ST_CW_FLUSH; 452 s->internal->state = SSL3_ST_CW_FLUSH;
453 453
454 /* clear flags */ 454 /* clear flags */
455 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; 455 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
@@ -457,7 +457,7 @@ ssl3_connect(SSL *s)
457 S3I(s)->tmp.next_state = SSL_ST_OK; 457 S3I(s)->tmp.next_state = SSL_ST_OK;
458 if (s->s3->flags & 458 if (s->s3->flags &
459 SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 459 SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
460 s->state = SSL_ST_OK; 460 s->internal->state = SSL_ST_OK;
461 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 461 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
462 S3I(s)->delay_buf_pop_ret = 0; 462 S3I(s)->delay_buf_pop_ret = 0;
463 } 463 }
@@ -478,7 +478,7 @@ ssl3_connect(SSL *s)
478 ret = ssl3_get_new_session_ticket(s); 478 ret = ssl3_get_new_session_ticket(s);
479 if (ret <= 0) 479 if (ret <= 0)
480 goto end; 480 goto end;
481 s->state = SSL3_ST_CR_FINISHED_A; 481 s->internal->state = SSL3_ST_CR_FINISHED_A;
482 s->internal->init_num = 0; 482 s->internal->init_num = 0;
483 break; 483 break;
484 484
@@ -487,7 +487,7 @@ ssl3_connect(SSL *s)
487 ret = ssl3_get_cert_status(s); 487 ret = ssl3_get_cert_status(s);
488 if (ret <= 0) 488 if (ret <= 0)
489 goto end; 489 goto end;
490 s->state = SSL3_ST_CR_KEY_EXCH_A; 490 s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
491 s->internal->init_num = 0; 491 s->internal->init_num = 0;
492 break; 492 break;
493 493
@@ -500,9 +500,9 @@ ssl3_connect(SSL *s)
500 goto end; 500 goto end;
501 501
502 if (s->internal->hit) 502 if (s->internal->hit)
503 s->state = SSL3_ST_CW_CHANGE_A; 503 s->internal->state = SSL3_ST_CW_CHANGE_A;
504 else 504 else
505 s->state = SSL_ST_OK; 505 s->internal->state = SSL_ST_OK;
506 s->internal->init_num = 0; 506 s->internal->init_num = 0;
507 break; 507 break;
508 508
@@ -513,7 +513,7 @@ ssl3_connect(SSL *s)
513 goto end; 513 goto end;
514 } 514 }
515 s->internal->rwstate = SSL_NOTHING; 515 s->internal->rwstate = SSL_NOTHING;
516 s->state = S3I(s)->tmp.next_state; 516 s->internal->state = S3I(s)->tmp.next_state;
517 break; 517 break;
518 518
519 case SSL_ST_OK: 519 case SSL_ST_OK:
@@ -567,11 +567,11 @@ ssl3_connect(SSL *s)
567 goto end; 567 goto end;
568 } 568 }
569 569
570 if ((cb != NULL) && (s->state != state)) { 570 if ((cb != NULL) && (s->internal->state != state)) {
571 new_state = s->state; 571 new_state = s->internal->state;
572 s->state = state; 572 s->internal->state = state;
573 cb(s, SSL_CB_CONNECT_LOOP, 1); 573 cb(s, SSL_CB_CONNECT_LOOP, 1);
574 s->state = new_state; 574 s->internal->state = new_state;
575 } 575 }
576 } 576 }
577 skip = 0; 577 skip = 0;
@@ -594,7 +594,7 @@ ssl3_client_hello(SSL *s)
594 594
595 bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; 595 bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
596 596
597 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { 597 if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) {
598 SSL_SESSION *sess = s->session; 598 SSL_SESSION *sess = s->session;
599 599
600 if ((sess == NULL) || 600 if ((sess == NULL) ||
@@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s)
706 706
707 ssl3_handshake_msg_finish(s, p - d); 707 ssl3_handshake_msg_finish(s, p - d);
708 708
709 s->state = SSL3_ST_CW_CLNT_HELLO_B; 709 s->internal->state = SSL3_ST_CW_CLNT_HELLO_B;
710 } 710 }
711 711
712 /* SSL3_ST_CW_CLNT_HELLO_B */ 712 /* SSL3_ST_CW_CLNT_HELLO_B */
@@ -2339,7 +2339,7 @@ ssl3_send_client_key_exchange(SSL *s)
2339 2339
2340 memset(&cbb, 0, sizeof(cbb)); 2340 memset(&cbb, 0, sizeof(cbb));
2341 2341
2342 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 2342 if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) {
2343 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 2343 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2344 2344
2345 if ((sess_cert = SSI(s)->sess_cert) == NULL) { 2345 if ((sess_cert = SSI(s)->sess_cert) == NULL) {
@@ -2377,7 +2377,7 @@ ssl3_send_client_key_exchange(SSL *s)
2377 if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) 2377 if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2378 goto err; 2378 goto err;
2379 2379
2380 s->state = SSL3_ST_CW_KEY_EXCH_B; 2380 s->internal->state = SSL3_ST_CW_KEY_EXCH_B;
2381 } 2381 }
2382 2382
2383 /* SSL3_ST_CW_KEY_EXCH_B */ 2383 /* SSL3_ST_CW_KEY_EXCH_B */
@@ -2403,7 +2403,7 @@ ssl3_send_client_verify(SSL *s)
2403 2403
2404 EVP_MD_CTX_init(&mctx); 2404 EVP_MD_CTX_init(&mctx);
2405 2405
2406 if (s->state == SSL3_ST_CW_CERT_VRFY_A) { 2406 if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) {
2407 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY); 2407 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
2408 2408
2409 /* 2409 /*
@@ -2530,7 +2530,7 @@ ssl3_send_client_verify(SSL *s)
2530 goto err; 2530 goto err;
2531 } 2531 }
2532 2532
2533 s->state = SSL3_ST_CW_CERT_VRFY_B; 2533 s->internal->state = SSL3_ST_CW_CERT_VRFY_B;
2534 2534
2535 ssl3_handshake_msg_finish(s, n); 2535 ssl3_handshake_msg_finish(s, n);
2536 } 2536 }
@@ -2556,16 +2556,16 @@ ssl3_send_client_certificate(SSL *s)
2556 2556
2557 memset(&cbb, 0, sizeof(cbb)); 2557 memset(&cbb, 0, sizeof(cbb));
2558 2558
2559 if (s->state == SSL3_ST_CW_CERT_A) { 2559 if (s->internal->state == SSL3_ST_CW_CERT_A) {
2560 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || 2560 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
2561 (s->cert->key->privatekey == NULL)) 2561 (s->cert->key->privatekey == NULL))
2562 s->state = SSL3_ST_CW_CERT_B; 2562 s->internal->state = SSL3_ST_CW_CERT_B;
2563 else 2563 else
2564 s->state = SSL3_ST_CW_CERT_C; 2564 s->internal->state = SSL3_ST_CW_CERT_C;
2565 } 2565 }
2566 2566
2567 /* We need to get a client cert */ 2567 /* We need to get a client cert */
2568 if (s->state == SSL3_ST_CW_CERT_B) { 2568 if (s->internal->state == SSL3_ST_CW_CERT_B) {
2569 /* 2569 /*
2570 * If we get an error, we need to 2570 * If we get an error, we need to
2571 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 2571 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
@@ -2578,7 +2578,7 @@ ssl3_send_client_certificate(SSL *s)
2578 } 2578 }
2579 s->internal->rwstate = SSL_NOTHING; 2579 s->internal->rwstate = SSL_NOTHING;
2580 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { 2580 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
2581 s->state = SSL3_ST_CW_CERT_B; 2581 s->internal->state = SSL3_ST_CW_CERT_B;
2582 if (!SSL_use_certificate(s, x509) || 2582 if (!SSL_use_certificate(s, x509) ||
2583 !SSL_use_PrivateKey(s, pkey)) 2583 !SSL_use_PrivateKey(s, pkey))
2584 i = 0; 2584 i = 0;
@@ -2594,10 +2594,10 @@ ssl3_send_client_certificate(SSL *s)
2594 S3I(s)->tmp.cert_req = 2; 2594 S3I(s)->tmp.cert_req = 2;
2595 2595
2596 /* Ok, we have a cert */ 2596 /* Ok, we have a cert */
2597 s->state = SSL3_ST_CW_CERT_C; 2597 s->internal->state = SSL3_ST_CW_CERT_C;
2598 } 2598 }
2599 2599
2600 if (s->state == SSL3_ST_CW_CERT_C) { 2600 if (s->internal->state == SSL3_ST_CW_CERT_C) {
2601 if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert, 2601 if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,
2602 SSL3_MT_CERTIFICATE)) 2602 SSL3_MT_CERTIFICATE))
2603 goto err; 2603 goto err;
@@ -2607,7 +2607,7 @@ ssl3_send_client_certificate(SSL *s)
2607 if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) 2607 if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2608 goto err; 2608 goto err;
2609 2609
2610 s->state = SSL3_ST_CW_CERT_D; 2610 s->internal->state = SSL3_ST_CW_CERT_D;
2611 } 2611 }
2612 2612
2613 /* SSL3_ST_CW_CERT_D */ 2613 /* SSL3_ST_CW_CERT_D */
@@ -2700,7 +2700,7 @@ ssl3_send_next_proto(SSL *s)
2700 unsigned int len, padding_len; 2700 unsigned int len, padding_len;
2701 unsigned char *d, *p; 2701 unsigned char *d, *p;
2702 2702
2703 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) { 2703 if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) {
2704 d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO); 2704 d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
2705 2705
2706 len = s->internal->next_proto_negotiated_len; 2706 len = s->internal->next_proto_negotiated_len;
@@ -2714,7 +2714,7 @@ ssl3_send_next_proto(SSL *s)
2714 2714
2715 ssl3_handshake_msg_finish(s, p - d); 2715 ssl3_handshake_msg_finish(s, p - d);
2716 2716
2717 s->state = SSL3_ST_CW_NEXT_PROTO_B; 2717 s->internal->state = SSL3_ST_CW_NEXT_PROTO_B;
2718 } 2718 }
2719 2719
2720 return (ssl3_handshake_write(s)); 2720 return (ssl3_handshake_write(s));
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 6774557756..09af18ea95 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.125 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.126 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1678,7 +1678,7 @@ ssl3_cipher_get_value(const SSL_CIPHER *c)
1678int 1678int
1679ssl3_pending(const SSL *s) 1679ssl3_pending(const SSL *s)
1680{ 1680{
1681 if (s->rstate == SSL_ST_READ_BODY) 1681 if (s->internal->rstate == SSL_ST_READ_BODY)
1682 return 0; 1682 return 0;
1683 1683
1684 return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? 1684 return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ?
@@ -2505,7 +2505,7 @@ ssl3_shutdown(SSL *s)
2505 * Don't do anything much if we have not done the handshake or 2505 * Don't do anything much if we have not done the handshake or
2506 * we don't want to send messages :-) 2506 * we don't want to send messages :-)
2507 */ 2507 */
2508 if ((s->internal->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 2508 if ((s->internal->quiet_shutdown) || (s->internal->state == SSL_ST_BEFORE)) {
2509 s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2509 s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2510 return (1); 2510 return (1);
2511 } 2511 }
@@ -2669,7 +2669,7 @@ ssl3_renegotiate_check(SSL *s)
2669 * to SSL_ST_ACCEPT. 2669 * to SSL_ST_ACCEPT.
2670 */ 2670 */
2671 /* SSL_ST_ACCEPT */ 2671 /* SSL_ST_ACCEPT */
2672 s->state = SSL_ST_RENEGOTIATE; 2672 s->internal->state = SSL_ST_RENEGOTIATE;
2673 S3I(s)->renegotiate = 0; 2673 S3I(s)->renegotiate = 0;
2674 S3I(s)->num_renegotiations++; 2674 S3I(s)->num_renegotiations++;
2675 S3I(s)->total_renegotiations++; 2675 S3I(s)->total_renegotiations++;
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 3fb5168d16..228c5f536c 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_pkt.c,v 1.65 2017/01/23 08:08:06 beck Exp $ */ 1/* $OpenBSD: s3_pkt.c,v 1.66 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -290,7 +290,7 @@ ssl3_get_record(SSL *s)
290 290
291again: 291again:
292 /* check if we have the header */ 292 /* check if we have the header */
293 if ((s->rstate != SSL_ST_READ_BODY) || 293 if ((s->internal->rstate != SSL_ST_READ_BODY) ||
294 (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) { 294 (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) {
295 CBS header; 295 CBS header;
296 uint16_t len, ssl_version; 296 uint16_t len, ssl_version;
@@ -299,7 +299,7 @@ again:
299 n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); 299 n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
300 if (n <= 0) 300 if (n <= 0)
301 return(n); /* error or non-blocking */ 301 return(n); /* error or non-blocking */
302 s->rstate = SSL_ST_READ_BODY; 302 s->internal->rstate = SSL_ST_READ_BODY;
303 303
304 CBS_init(&header, s->internal->packet, n); 304 CBS_init(&header, s->internal->packet, n);
305 305
@@ -340,10 +340,10 @@ again:
340 goto f_err; 340 goto f_err;
341 } 341 }
342 342
343 /* now s->rstate == SSL_ST_READ_BODY */ 343 /* now s->internal->rstate == SSL_ST_READ_BODY */
344 } 344 }
345 345
346 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 346 /* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */
347 347
348 if (rr->length > s->internal->packet_length - SSL3_RT_HEADER_LENGTH) { 348 if (rr->length > s->internal->packet_length - SSL3_RT_HEADER_LENGTH) {
349 /* now s->internal->packet_length == SSL3_RT_HEADER_LENGTH */ 349 /* now s->internal->packet_length == SSL3_RT_HEADER_LENGTH */
@@ -355,7 +355,7 @@ again:
355 * and s->internal->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ 355 * and s->internal->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
356 } 356 }
357 357
358 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ 358 s->internal->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
359 359
360 /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 360 /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
361 * and we have that many bytes in s->internal->packet 361 * and we have that many bytes in s->internal->packet
@@ -666,7 +666,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
666 /* Some servers hang if iniatial client hello is larger than 256 666 /* Some servers hang if iniatial client hello is larger than 256
667 * bytes and record version number > TLS 1.0 667 * bytes and record version number > TLS 1.0
668 */ 668 */
669 if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && 669 if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
670 TLS1_get_version(s) > TLS1_VERSION) 670 TLS1_get_version(s) > TLS1_VERSION)
671 *(p++) = 0x1; 671 *(p++) = 0x1;
672 else 672 else
@@ -929,7 +929,7 @@ start:
929 rr = &(S3I(s)->rrec); 929 rr = &(S3I(s)->rrec);
930 930
931 /* get new packet if necessary */ 931 /* get new packet if necessary */
932 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { 932 if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) {
933 ret = ssl3_get_record(s); 933 ret = ssl3_get_record(s);
934 if (ret <= 0) 934 if (ret <= 0)
935 return (ret); 935 return (ret);
@@ -981,7 +981,7 @@ start:
981 rr->length -= n; 981 rr->length -= n;
982 rr->off += n; 982 rr->off += n;
983 if (rr->length == 0) { 983 if (rr->length == 0) {
984 s->rstate = SSL_ST_READ_HEADER; 984 s->internal->rstate = SSL_ST_READ_HEADER;
985 rr->off = 0; 985 rr->off = 0;
986 if (s->mode & SSL_MODE_RELEASE_BUFFERS && 986 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
987 s->s3->rbuf.left == 0) 987 s->s3->rbuf.left == 0)
@@ -1215,9 +1215,9 @@ start:
1215 1215
1216 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1216 /* Unexpected handshake message (Client Hello, or protocol violation) */
1217 if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) { 1217 if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) {
1218 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1218 if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) &&
1219 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { 1219 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1220 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1220 s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1221 s->internal->renegotiate = 1; 1221 s->internal->renegotiate = 1;
1222 s->internal->new_session = 1; 1222 s->internal->new_session = 1;
1223 } 1223 }
@@ -1280,12 +1280,12 @@ start:
1280 */ 1280 */
1281 if (S3I(s)->in_read_app_data && 1281 if (S3I(s)->in_read_app_data &&
1282 (S3I(s)->total_renegotiations != 0) && 1282 (S3I(s)->total_renegotiations != 0) &&
1283 (((s->state & SSL_ST_CONNECT) && 1283 (((s->internal->state & SSL_ST_CONNECT) &&
1284 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1284 (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1285 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || 1285 (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
1286 ((s->state & SSL_ST_ACCEPT) && 1286 ((s->internal->state & SSL_ST_ACCEPT) &&
1287 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1287 (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1288 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { 1288 (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1289 S3I(s)->in_read_app_data = 2; 1289 S3I(s)->in_read_app_data = 2;
1290 return (-1); 1290 return (-1);
1291 } else { 1291 } else {
@@ -1309,7 +1309,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1309 const char *sender; 1309 const char *sender;
1310 int slen; 1310 int slen;
1311 1311
1312 if (s->state & SSL_ST_ACCEPT) 1312 if (s->internal->state & SSL_ST_ACCEPT)
1313 i = SSL3_CHANGE_CIPHER_SERVER_READ; 1313 i = SSL3_CHANGE_CIPHER_SERVER_READ;
1314 else 1314 else
1315 i = SSL3_CHANGE_CIPHER_CLIENT_READ; 1315 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
@@ -1333,7 +1333,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1333 /* we have to record the message digest at 1333 /* we have to record the message digest at
1334 * this point so we can get it before we read 1334 * this point so we can get it before we read
1335 * the finished message */ 1335 * the finished message */
1336 if (s->state & SSL_ST_CONNECT) { 1336 if (s->internal->state & SSL_ST_CONNECT) {
1337 sender = s->method->ssl3_enc->server_finished_label; 1337 sender = s->method->ssl3_enc->server_finished_label;
1338 slen = s->method->ssl3_enc->server_finished_label_len; 1338 slen = s->method->ssl3_enc->server_finished_label_len;
1339 } else { 1339 } else {
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 31860eb049..fa958d96f8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.147 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.148 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -195,12 +195,12 @@ ssl3_accept(SSL *s)
195 } 195 }
196 196
197 for (;;) { 197 for (;;) {
198 state = s->state; 198 state = s->internal->state;
199 199
200 switch (s->state) { 200 switch (s->internal->state) {
201 case SSL_ST_RENEGOTIATE: 201 case SSL_ST_RENEGOTIATE:
202 s->internal->renegotiate = 1; 202 s->internal->renegotiate = 1;
203 /* s->state=SSL_ST_ACCEPT; */ 203 /* s->internal->state=SSL_ST_ACCEPT; */
204 204
205 case SSL_ST_BEFORE: 205 case SSL_ST_BEFORE:
206 case SSL_ST_ACCEPT: 206 case SSL_ST_ACCEPT:
@@ -229,7 +229,7 @@ ssl3_accept(SSL *s)
229 229
230 s->internal->init_num = 0; 230 s->internal->init_num = 0;
231 231
232 if (s->state != SSL_ST_RENEGOTIATE) { 232 if (s->internal->state != SSL_ST_RENEGOTIATE) {
233 /* 233 /*
234 * Ok, we now need to push on a buffering BIO 234 * Ok, we now need to push on a buffering BIO
235 * so that the output is sent in a way that 235 * so that the output is sent in a way that
@@ -245,7 +245,7 @@ ssl3_accept(SSL *s)
245 goto end; 245 goto end;
246 } 246 }
247 247
248 s->state = SSL3_ST_SR_CLNT_HELLO_A; 248 s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
249 s->ctx->internal->stats.sess_accept++; 249 s->ctx->internal->stats.sess_accept++;
250 } else if (!S3I(s)->send_connection_binding) { 250 } else if (!S3I(s)->send_connection_binding) {
251 /* 251 /*
@@ -261,11 +261,11 @@ ssl3_accept(SSL *s)
261 goto end; 261 goto end;
262 } else { 262 } else {
263 /* 263 /*
264 * s->state == SSL_ST_RENEGOTIATE, 264 * s->internal->state == SSL_ST_RENEGOTIATE,
265 * we will just send a HelloRequest 265 * we will just send a HelloRequest
266 */ 266 */
267 s->ctx->internal->stats.sess_accept_renegotiate++; 267 s->ctx->internal->stats.sess_accept_renegotiate++;
268 s->state = SSL3_ST_SW_HELLO_REQ_A; 268 s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
269 } 269 }
270 break; 270 break;
271 271
@@ -277,7 +277,7 @@ ssl3_accept(SSL *s)
277 if (ret <= 0) 277 if (ret <= 0)
278 goto end; 278 goto end;
279 S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; 279 S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
280 s->state = SSL3_ST_SW_FLUSH; 280 s->internal->state = SSL3_ST_SW_FLUSH;
281 s->internal->init_num = 0; 281 s->internal->init_num = 0;
282 282
283 if (!tls1_init_finished_mac(s)) { 283 if (!tls1_init_finished_mac(s)) {
@@ -287,7 +287,7 @@ ssl3_accept(SSL *s)
287 break; 287 break;
288 288
289 case SSL3_ST_SW_HELLO_REQ_C: 289 case SSL3_ST_SW_HELLO_REQ_C:
290 s->state = SSL_ST_OK; 290 s->internal->state = SSL_ST_OK;
291 break; 291 break;
292 292
293 case SSL3_ST_SR_CLNT_HELLO_A: 293 case SSL3_ST_SR_CLNT_HELLO_A:
@@ -302,7 +302,7 @@ ssl3_accept(SSL *s)
302 } 302 }
303 303
304 s->internal->renegotiate = 2; 304 s->internal->renegotiate = 2;
305 s->state = SSL3_ST_SW_SRVR_HELLO_A; 305 s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;
306 s->internal->init_num = 0; 306 s->internal->init_num = 0;
307 break; 307 break;
308 308
@@ -313,12 +313,12 @@ ssl3_accept(SSL *s)
313 goto end; 313 goto end;
314 if (s->internal->hit) { 314 if (s->internal->hit) {
315 if (s->internal->tlsext_ticket_expected) 315 if (s->internal->tlsext_ticket_expected)
316 s->state = SSL3_ST_SW_SESSION_TICKET_A; 316 s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
317 else 317 else
318 s->state = SSL3_ST_SW_CHANGE_A; 318 s->internal->state = SSL3_ST_SW_CHANGE_A;
319 } 319 }
320 else 320 else
321 s->state = SSL3_ST_SW_CERT_A; 321 s->internal->state = SSL3_ST_SW_CERT_A;
322 s->internal->init_num = 0; 322 s->internal->init_num = 0;
323 break; 323 break;
324 324
@@ -331,12 +331,12 @@ ssl3_accept(SSL *s)
331 if (ret <= 0) 331 if (ret <= 0)
332 goto end; 332 goto end;
333 if (s->internal->tlsext_status_expected) 333 if (s->internal->tlsext_status_expected)
334 s->state = SSL3_ST_SW_CERT_STATUS_A; 334 s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
335 else 335 else
336 s->state = SSL3_ST_SW_KEY_EXCH_A; 336 s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
337 } else { 337 } else {
338 skip = 1; 338 skip = 1;
339 s->state = SSL3_ST_SW_KEY_EXCH_A; 339 s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
340 } 340 }
341 s->internal->init_num = 0; 341 s->internal->init_num = 0;
342 break; 342 break;
@@ -360,7 +360,7 @@ ssl3_accept(SSL *s)
360 } else 360 } else
361 skip = 1; 361 skip = 1;
362 362
363 s->state = SSL3_ST_SW_CERT_REQ_A; 363 s->internal->state = SSL3_ST_SW_CERT_REQ_A;
364 s->internal->init_num = 0; 364 s->internal->init_num = 0;
365 break; 365 break;
366 366
@@ -392,7 +392,7 @@ ssl3_accept(SSL *s)
392 /* No cert request */ 392 /* No cert request */
393 skip = 1; 393 skip = 1;
394 S3I(s)->tmp.cert_request = 0; 394 S3I(s)->tmp.cert_request = 0;
395 s->state = SSL3_ST_SW_SRVR_DONE_A; 395 s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
396 if (S3I(s)->handshake_buffer) { 396 if (S3I(s)->handshake_buffer) {
397 if (!tls1_digest_cached_records(s)) { 397 if (!tls1_digest_cached_records(s)) {
398 ret = -1; 398 ret = -1;
@@ -404,7 +404,7 @@ ssl3_accept(SSL *s)
404 ret = ssl3_send_certificate_request(s); 404 ret = ssl3_send_certificate_request(s);
405 if (ret <= 0) 405 if (ret <= 0)
406 goto end; 406 goto end;
407 s->state = SSL3_ST_SW_SRVR_DONE_A; 407 s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
408 s->internal->init_num = 0; 408 s->internal->init_num = 0;
409 } 409 }
410 break; 410 break;
@@ -415,7 +415,7 @@ ssl3_accept(SSL *s)
415 if (ret <= 0) 415 if (ret <= 0)
416 goto end; 416 goto end;
417 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; 417 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
418 s->state = SSL3_ST_SW_FLUSH; 418 s->internal->state = SSL3_ST_SW_FLUSH;
419 s->internal->init_num = 0; 419 s->internal->init_num = 0;
420 break; 420 break;
421 421
@@ -439,7 +439,7 @@ ssl3_accept(SSL *s)
439 } 439 }
440 s->internal->rwstate = SSL_NOTHING; 440 s->internal->rwstate = SSL_NOTHING;
441 441
442 s->state = S3I(s)->tmp.next_state; 442 s->internal->state = S3I(s)->tmp.next_state;
443 break; 443 break;
444 444
445 case SSL3_ST_SR_CERT_A: 445 case SSL3_ST_SR_CERT_A:
@@ -450,7 +450,7 @@ ssl3_accept(SSL *s)
450 goto end; 450 goto end;
451 } 451 }
452 s->internal->init_num = 0; 452 s->internal->init_num = 0;
453 s->state = SSL3_ST_SR_KEY_EXCH_A; 453 s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
454 break; 454 break;
455 455
456 case SSL3_ST_SR_KEY_EXCH_A: 456 case SSL3_ST_SR_KEY_EXCH_A:
@@ -470,12 +470,12 @@ ssl3_accept(SSL *s)
470 * for key exchange. 470 * for key exchange.
471 */ 471 */
472 if (S3I(s)->next_proto_neg_seen) 472 if (S3I(s)->next_proto_neg_seen)
473 s->state = SSL3_ST_SR_NEXT_PROTO_A; 473 s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
474 else 474 else
475 s->state = SSL3_ST_SR_FINISHED_A; 475 s->internal->state = SSL3_ST_SR_FINISHED_A;
476 s->internal->init_num = 0; 476 s->internal->init_num = 0;
477 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { 477 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
478 s->state = SSL3_ST_SR_CERT_VRFY_A; 478 s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
479 s->internal->init_num = 0; 479 s->internal->init_num = 0;
480 if (!s->session->peer) 480 if (!s->session->peer)
481 break; 481 break;
@@ -498,7 +498,7 @@ ssl3_accept(SSL *s)
498 int offset = 0; 498 int offset = 0;
499 int dgst_num; 499 int dgst_num;
500 500
501 s->state = SSL3_ST_SR_CERT_VRFY_A; 501 s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
502 s->internal->init_num = 0; 502 s->internal->init_num = 0;
503 503
504 /* 504 /*
@@ -544,9 +544,9 @@ ssl3_accept(SSL *s)
544 goto end; 544 goto end;
545 545
546 if (S3I(s)->next_proto_neg_seen) 546 if (S3I(s)->next_proto_neg_seen)
547 s->state = SSL3_ST_SR_NEXT_PROTO_A; 547 s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
548 else 548 else
549 s->state = SSL3_ST_SR_FINISHED_A; 549 s->internal->state = SSL3_ST_SR_FINISHED_A;
550 s->internal->init_num = 0; 550 s->internal->init_num = 0;
551 break; 551 break;
552 552
@@ -556,7 +556,7 @@ ssl3_accept(SSL *s)
556 if (ret <= 0) 556 if (ret <= 0)
557 goto end; 557 goto end;
558 s->internal->init_num = 0; 558 s->internal->init_num = 0;
559 s->state = SSL3_ST_SR_FINISHED_A; 559 s->internal->state = SSL3_ST_SR_FINISHED_A;
560 break; 560 break;
561 561
562 case SSL3_ST_SR_FINISHED_A: 562 case SSL3_ST_SR_FINISHED_A:
@@ -567,11 +567,11 @@ ssl3_accept(SSL *s)
567 if (ret <= 0) 567 if (ret <= 0)
568 goto end; 568 goto end;
569 if (s->internal->hit) 569 if (s->internal->hit)
570 s->state = SSL_ST_OK; 570 s->internal->state = SSL_ST_OK;
571 else if (s->internal->tlsext_ticket_expected) 571 else if (s->internal->tlsext_ticket_expected)
572 s->state = SSL3_ST_SW_SESSION_TICKET_A; 572 s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
573 else 573 else
574 s->state = SSL3_ST_SW_CHANGE_A; 574 s->internal->state = SSL3_ST_SW_CHANGE_A;
575 s->internal->init_num = 0; 575 s->internal->init_num = 0;
576 break; 576 break;
577 577
@@ -580,7 +580,7 @@ ssl3_accept(SSL *s)
580 ret = ssl3_send_newsession_ticket(s); 580 ret = ssl3_send_newsession_ticket(s);
581 if (ret <= 0) 581 if (ret <= 0)
582 goto end; 582 goto end;
583 s->state = SSL3_ST_SW_CHANGE_A; 583 s->internal->state = SSL3_ST_SW_CHANGE_A;
584 s->internal->init_num = 0; 584 s->internal->init_num = 0;
585 break; 585 break;
586 586
@@ -589,7 +589,7 @@ ssl3_accept(SSL *s)
589 ret = ssl3_send_cert_status(s); 589 ret = ssl3_send_cert_status(s);
590 if (ret <= 0) 590 if (ret <= 0)
591 goto end; 591 goto end;
592 s->state = SSL3_ST_SW_KEY_EXCH_A; 592 s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
593 s->internal->init_num = 0; 593 s->internal->init_num = 0;
594 break; 594 break;
595 595
@@ -608,7 +608,7 @@ ssl3_accept(SSL *s)
608 608
609 if (ret <= 0) 609 if (ret <= 0)
610 goto end; 610 goto end;
611 s->state = SSL3_ST_SW_FINISHED_A; 611 s->internal->state = SSL3_ST_SW_FINISHED_A;
612 s->internal->init_num = 0; 612 s->internal->init_num = 0;
613 613
614 if (!s->method->ssl3_enc->change_cipher_state( 614 if (!s->method->ssl3_enc->change_cipher_state(
@@ -627,7 +627,7 @@ ssl3_accept(SSL *s)
627 s->method->ssl3_enc->server_finished_label_len); 627 s->method->ssl3_enc->server_finished_label_len);
628 if (ret <= 0) 628 if (ret <= 0)
629 goto end; 629 goto end;
630 s->state = SSL3_ST_SW_FLUSH; 630 s->internal->state = SSL3_ST_SW_FLUSH;
631 if (s->internal->hit) { 631 if (s->internal->hit) {
632 if (S3I(s)->next_proto_neg_seen) { 632 if (S3I(s)->next_proto_neg_seen) {
633 s->s3->flags |= SSL3_FLAGS_CCS_OK; 633 s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -687,11 +687,11 @@ ssl3_accept(SSL *s)
687 } 687 }
688 688
689 689
690 if ((cb != NULL) && (s->state != state)) { 690 if ((cb != NULL) && (s->internal->state != state)) {
691 new_state = s->state; 691 new_state = s->internal->state;
692 s->state = state; 692 s->internal->state = state;
693 cb(s, SSL_CB_ACCEPT_LOOP, 1); 693 cb(s, SSL_CB_ACCEPT_LOOP, 1);
694 s->state = new_state; 694 s->internal->state = new_state;
695 } 695 }
696 } 696 }
697 skip = 0; 697 skip = 0;
@@ -708,11 +708,11 @@ end:
708int 708int
709ssl3_send_hello_request(SSL *s) 709ssl3_send_hello_request(SSL *s)
710{ 710{
711 if (s->state == SSL3_ST_SW_HELLO_REQ_A) { 711 if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {
712 ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); 712 ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
713 ssl3_handshake_msg_finish(s, 0); 713 ssl3_handshake_msg_finish(s, 0);
714 714
715 s->state = SSL3_ST_SW_HELLO_REQ_B; 715 s->internal->state = SSL3_ST_SW_HELLO_REQ_B;
716 } 716 }
717 717
718 /* SSL3_ST_SW_HELLO_REQ_B */ 718 /* SSL3_ST_SW_HELLO_REQ_B */
@@ -738,8 +738,8 @@ ssl3_get_client_hello(SSL *s)
738 * If we are SSLv3, we will respond with SSLv3, even if prompted with 738 * If we are SSLv3, we will respond with SSLv3, even if prompted with
739 * TLSv1. 739 * TLSv1.
740 */ 740 */
741 if (s->state == SSL3_ST_SR_CLNT_HELLO_A) { 741 if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) {
742 s->state = SSL3_ST_SR_CLNT_HELLO_B; 742 s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
743 } 743 }
744 s->internal->first_packet = 1; 744 s->internal->first_packet = 1;
745 n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, 745 n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
@@ -1099,7 +1099,7 @@ ssl3_send_server_hello(SSL *s)
1099 1099
1100 bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; 1100 bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
1101 1101
1102 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { 1102 if (s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
1103 d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); 1103 d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
1104 1104
1105 if (!CBB_init_fixed(&cbb, p, bufend - p)) 1105 if (!CBB_init_fixed(&cbb, p, bufend - p))
@@ -1179,11 +1179,11 @@ ssl3_send_server_hello(SSL *s)
1179int 1179int
1180ssl3_send_server_done(SSL *s) 1180ssl3_send_server_done(SSL *s)
1181{ 1181{
1182 if (s->state == SSL3_ST_SW_SRVR_DONE_A) { 1182 if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {
1183 ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); 1183 ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
1184 ssl3_handshake_msg_finish(s, 0); 1184 ssl3_handshake_msg_finish(s, 0);
1185 1185
1186 s->state = SSL3_ST_SW_SRVR_DONE_B; 1186 s->internal->state = SSL3_ST_SW_SRVR_DONE_B;
1187 } 1187 }
1188 1188
1189 /* SSL3_ST_SW_SRVR_DONE_B */ 1189 /* SSL3_ST_SW_SRVR_DONE_B */
@@ -1487,7 +1487,7 @@ ssl3_send_server_key_exchange(SSL *s)
1487 memset(&cbb, 0, sizeof(cbb)); 1487 memset(&cbb, 0, sizeof(cbb));
1488 1488
1489 EVP_MD_CTX_init(&md_ctx); 1489 EVP_MD_CTX_init(&md_ctx);
1490 if (s->state == SSL3_ST_SW_KEY_EXCH_A) { 1490 if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {
1491 type = S3I(s)->tmp.new_cipher->algorithm_mkey; 1491 type = S3I(s)->tmp.new_cipher->algorithm_mkey;
1492 cert = s->cert; 1492 cert = s->cert;
1493 1493
@@ -1621,7 +1621,7 @@ ssl3_send_server_key_exchange(SSL *s)
1621 ssl3_handshake_msg_finish(s, n); 1621 ssl3_handshake_msg_finish(s, n);
1622 } 1622 }
1623 1623
1624 s->state = SSL3_ST_SW_KEY_EXCH_B; 1624 s->internal->state = SSL3_ST_SW_KEY_EXCH_B;
1625 1625
1626 EVP_MD_CTX_cleanup(&md_ctx); 1626 EVP_MD_CTX_cleanup(&md_ctx);
1627 1627
@@ -1646,7 +1646,7 @@ ssl3_send_certificate_request(SSL *s)
1646 X509_NAME *name; 1646 X509_NAME *name;
1647 BUF_MEM *buf; 1647 BUF_MEM *buf;
1648 1648
1649 if (s->state == SSL3_ST_SW_CERT_REQ_A) { 1649 if (s->internal->state == SSL3_ST_SW_CERT_REQ_A) {
1650 buf = s->internal->init_buf; 1650 buf = s->internal->init_buf;
1651 1651
1652 d = p = ssl3_handshake_msg_start(s, 1652 d = p = ssl3_handshake_msg_start(s,
@@ -1699,7 +1699,7 @@ ssl3_send_certificate_request(SSL *s)
1699 1699
1700 ssl3_handshake_msg_finish(s, n); 1700 ssl3_handshake_msg_finish(s, n);
1701 1701
1702 s->state = SSL3_ST_SW_CERT_REQ_B; 1702 s->internal->state = SSL3_ST_SW_CERT_REQ_B;
1703 } 1703 }
1704 1704
1705 /* SSL3_ST_SW_CERT_REQ_B */ 1705 /* SSL3_ST_SW_CERT_REQ_B */
@@ -2640,7 +2640,7 @@ ssl3_send_server_certificate(SSL *s)
2640 2640
2641 memset(&cbb, 0, sizeof(cbb)); 2641 memset(&cbb, 0, sizeof(cbb));
2642 2642
2643 if (s->state == SSL3_ST_SW_CERT_A) { 2643 if (s->internal->state == SSL3_ST_SW_CERT_A) {
2644 if ((x = ssl_get_server_send_cert(s)) == NULL) { 2644 if ((x = ssl_get_server_send_cert(s)) == NULL) {
2645 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, 2645 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
2646 ERR_R_INTERNAL_ERROR); 2646 ERR_R_INTERNAL_ERROR);
@@ -2655,7 +2655,7 @@ ssl3_send_server_certificate(SSL *s)
2655 if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) 2655 if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2656 goto err; 2656 goto err;
2657 2657
2658 s->state = SSL3_ST_SW_CERT_B; 2658 s->internal->state = SSL3_ST_SW_CERT_B;
2659 } 2659 }
2660 2660
2661 /* SSL3_ST_SW_CERT_B */ 2661 /* SSL3_ST_SW_CERT_B */
@@ -2683,7 +2683,7 @@ ssl3_send_newsession_ticket(SSL *s)
2683 unsigned char iv[EVP_MAX_IV_LENGTH]; 2683 unsigned char iv[EVP_MAX_IV_LENGTH];
2684 unsigned char key_name[16]; 2684 unsigned char key_name[16];
2685 2685
2686 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { 2686 if (s->internal->state == SSL3_ST_SW_SESSION_TICKET_A) {
2687 /* get session encoding length */ 2687 /* get session encoding length */
2688 slen_full = i2d_SSL_SESSION(s->session, NULL); 2688 slen_full = i2d_SSL_SESSION(s->session, NULL);
2689 /* 2689 /*
@@ -2796,7 +2796,7 @@ ssl3_send_newsession_ticket(SSL *s)
2796 2796
2797 ssl3_handshake_msg_finish(s, len); 2797 ssl3_handshake_msg_finish(s, len);
2798 2798
2799 s->state = SSL3_ST_SW_SESSION_TICKET_B; 2799 s->internal->state = SSL3_ST_SW_SESSION_TICKET_B;
2800 2800
2801 explicit_bzero(senc, slen_full); 2801 explicit_bzero(senc, slen_full);
2802 free(senc); 2802 free(senc);
@@ -2818,7 +2818,7 @@ ssl3_send_cert_status(SSL *s)
2818{ 2818{
2819 unsigned char *p; 2819 unsigned char *p;
2820 2820
2821 if (s->state == SSL3_ST_SW_CERT_STATUS_A) { 2821 if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {
2822 /* 2822 /*
2823 * Grow buffer if need be: the length calculation is as 2823 * Grow buffer if need be: the length calculation is as
2824 * follows 1 (message type) + 3 (message length) + 2824 * follows 1 (message type) + 3 (message length) +
@@ -2837,7 +2837,7 @@ ssl3_send_cert_status(SSL *s)
2837 2837
2838 ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4); 2838 ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4);
2839 2839
2840 s->state = SSL3_ST_SW_CERT_STATUS_B; 2840 s->internal->state = SSL3_ST_SW_CERT_STATUS_B;
2841 } 2841 }
2842 2842
2843 /* SSL3_ST_SW_CERT_STATUS_B */ 2843 /* SSL3_ST_SW_CERT_STATUS_B */
@@ -2873,7 +2873,7 @@ ssl3_get_next_proto(SSL *s)
2873 return ((int)n); 2873 return ((int)n);
2874 2874
2875 /* 2875 /*
2876 * s->state doesn't reflect whether ChangeCipherSpec has been received 2876 * s->internal->state doesn't reflect whether ChangeCipherSpec has been received
2877 * in this handshake, but S3I(s)->change_cipher_spec does (will be reset 2877 * in this handshake, but S3I(s)->change_cipher_spec does (will be reset
2878 * by ssl3_get_finished). 2878 * by ssl3_get_finished).
2879 */ 2879 */
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 678246b23e..f29626dc03 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.115 2017/01/23 08:08:06 beck Exp $ */ 1/* $OpenBSD: ssl.h,v 1.116 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -846,9 +846,6 @@ struct ssl_st {
846#endif 846#endif
847 int server; /* are we the server side? - mostly used by SSL_clear*/ 847 int server; /* are we the server side? - mostly used by SSL_clear*/
848 848
849 int state; /* where we are */
850 int rstate; /* where we are when reading */
851
852 struct ssl3_state_st *s3; /* SSLv3 variables */ 849 struct ssl3_state_st *s3; /* SSLv3 variables */
853 struct dtls1_state_st *d1; /* DTLSv1 variables */ 850 struct dtls1_state_st *d1; /* DTLSv1 variables */
854 851
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 5839bd8048..571ecee509 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.136 2017/01/23 08:08:06 beck Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.137 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -210,12 +210,12 @@ SSL_clear(SSL *s)
210 210
211 s->internal->type = 0; 211 s->internal->type = 0;
212 212
213 s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); 213 s->internal->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
214 214
215 s->version = s->method->version; 215 s->version = s->method->version;
216 s->client_version = s->version; 216 s->client_version = s->version;
217 s->internal->rwstate = SSL_NOTHING; 217 s->internal->rwstate = SSL_NOTHING;
218 s->rstate = SSL_ST_READ_HEADER; 218 s->internal->rstate = SSL_ST_READ_HEADER;
219 219
220 BUF_MEM_free(s->internal->init_buf); 220 BUF_MEM_free(s->internal->init_buf);
221 s->internal->init_buf = NULL; 221 s->internal->init_buf = NULL;
@@ -2430,7 +2430,7 @@ SSL_set_accept_state(SSL *s)
2430{ 2430{
2431 s->server = 1; 2431 s->server = 1;
2432 s->internal->shutdown = 0; 2432 s->internal->shutdown = 0;
2433 s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; 2433 s->internal->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2434 s->internal->handshake_func = s->method->ssl_accept; 2434 s->internal->handshake_func = s->method->ssl_accept;
2435 /* clear the current cipher */ 2435 /* clear the current cipher */
2436 ssl_clear_cipher_ctx(s); 2436 ssl_clear_cipher_ctx(s);
@@ -2443,7 +2443,7 @@ SSL_set_connect_state(SSL *s)
2443{ 2443{
2444 s->server = 0; 2444 s->server = 0;
2445 s->internal->shutdown = 0; 2445 s->internal->shutdown = 0;
2446 s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; 2446 s->internal->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2447 s->internal->handshake_func = s->method->ssl_connect; 2447 s->internal->handshake_func = s->method->ssl_connect;
2448 /* clear the current cipher */ 2448 /* clear the current cipher */
2449 ssl_clear_cipher_ctx(s); 2449 ssl_clear_cipher_ctx(s);
@@ -2681,8 +2681,8 @@ SSL_dup(SSL *s)
2681 ret->internal->quiet_shutdown = s->internal->quiet_shutdown; 2681 ret->internal->quiet_shutdown = s->internal->quiet_shutdown;
2682 ret->internal->shutdown = s->internal->shutdown; 2682 ret->internal->shutdown = s->internal->shutdown;
2683 /* SSL_dup does not really work at any state, though */ 2683 /* SSL_dup does not really work at any state, though */
2684 ret->state=s->state; 2684 ret->internal->state = s->internal->state;
2685 ret->rstate = s->rstate; 2685 ret->internal->rstate = s->internal->rstate;
2686 2686
2687 /* 2687 /*
2688 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, 2688 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
@@ -2941,13 +2941,13 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
2941int 2941int
2942SSL_state(const SSL *ssl) 2942SSL_state(const SSL *ssl)
2943{ 2943{
2944 return (ssl->state); 2944 return (ssl->internal->state);
2945} 2945}
2946 2946
2947void 2947void
2948SSL_set_state(SSL *ssl, int state) 2948SSL_set_state(SSL *ssl, int state)
2949{ 2949{
2950 ssl->state = state; 2950 ssl->internal->state = state;
2951} 2951}
2952 2952
2953void 2953void
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6da2ce3fab..1aac55f101 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.159 2017/01/23 08:08:06 beck Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.160 2017/01/23 08:48:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -723,6 +723,10 @@ typedef struct ssl_internal_st {
723 int renegotiate;/* 1 if we are renegotiating. 723 int renegotiate;/* 1 if we are renegotiating.
724 * 2 if we are a server and are inside a handshake 724 * 2 if we are a server and are inside a handshake
725 * (i.e. not just sending a HelloRequest) */ 725 * (i.e. not just sending a HelloRequest) */
726
727 int state; /* where we are */
728 int rstate; /* where we are when reading */
729
726} SSL_INTERNAL; 730} SSL_INTERNAL;
727 731
728typedef struct ssl3_state_internal_st { 732typedef struct ssl3_state_internal_st {
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
index 6d67d19c25..4f93781f72 100644
--- a/src/lib/libssl/ssl_stat.c
+++ b/src/lib/libssl/ssl_stat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_stat.c,v 1.12 2014/11/16 14:12:47 jsing Exp $ */ 1/* $OpenBSD: ssl_stat.c,v 1.13 2017/01/23 08:48:45 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -91,7 +91,7 @@ SSL_state_string_long(const SSL *s)
91{ 91{
92 const char *str; 92 const char *str;
93 93
94 switch (s->state) { 94 switch (s->internal->state) {
95 case SSL_ST_BEFORE: 95 case SSL_ST_BEFORE:
96 str = "before SSL initialization"; 96 str = "before SSL initialization";
97 break; 97 break;
@@ -325,7 +325,7 @@ SSL_rstate_string_long(const SSL *s)
325{ 325{
326 const char *str; 326 const char *str;
327 327
328 switch (s->rstate) { 328 switch (s->internal->rstate) {
329 case SSL_ST_READ_HEADER: 329 case SSL_ST_READ_HEADER:
330 str = "read header"; 330 str = "read header";
331 break; 331 break;
@@ -347,7 +347,7 @@ SSL_state_string(const SSL *s)
347{ 347{
348 const char *str; 348 const char *str;
349 349
350 switch (s->state) { 350 switch (s->internal->state) {
351 case SSL_ST_BEFORE: 351 case SSL_ST_BEFORE:
352 str = "PINIT "; 352 str = "PINIT ";
353 break; 353 break;
@@ -783,7 +783,7 @@ SSL_rstate_string(const SSL *s)
783{ 783{
784 const char *str; 784 const char *str;
785 785
786 switch (s->rstate) { 786 switch (s->internal->rstate) {
787 case SSL_ST_READ_HEADER: 787 case SSL_ST_READ_HEADER:
788 str = "RH"; 788 str = "RH";
789 break; 789 break;
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index f0a9ed5dc1..fb01bfcfac 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.103 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.104 2017/01/23 08:48:45 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -924,7 +924,7 @@ skip_ext:
924 * includes the 5-byte record header in the buffer, while the 924 * includes the 5-byte record header in the buffer, while the
925 * code in s3_clnt.c does not. 925 * code in s3_clnt.c does not.
926 */ 926 */
927 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 927 if (s->internal->state == SSL23_ST_CW_CLNT_HELLO_A)
928 hlen -= 5; 928 hlen -= 5;
929 if (hlen > 0xff && hlen < 0x200) { 929 if (hlen > 0xff && hlen < 0x200) {
930 hlen = 0x200 - hlen; 930 hlen = 0x200 - hlen;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-23 15:02:58 +0000