189 	if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&  in ssl_check_srp_ext_ClientHello()
298 			s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;  in IMPLEMENT_ssl3_meth_func()
311 			else if (!s->s3->send_connection_binding &&  in IMPLEMENT_ssl3_meth_func()
338 			s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;  in IMPLEMENT_ssl3_meth_func()
411 			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)  in IMPLEMENT_ssl3_meth_func()
412 				&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)  in IMPLEMENT_ssl3_meth_func()
413 				&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))  in IMPLEMENT_ssl3_meth_func()
440 			alg_k = s->s3->tmp.new_cipher->algorithm_mkey;  in IMPLEMENT_ssl3_meth_func()
453 				s->s3->tmp.use_rsa_tmp=1;  in IMPLEMENT_ssl3_meth_func()
455 				s->s3->tmp.use_rsa_tmp=0;  in IMPLEMENT_ssl3_meth_func()
469 			if (s->s3->tmp.use_rsa_tmp  in IMPLEMENT_ssl3_meth_func()
483 				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)  in IMPLEMENT_ssl3_meth_func()
484 …ize(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)  in IMPLEMENT_ssl3_meth_func()
511 				((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&  in IMPLEMENT_ssl3_meth_func()
516 				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)  in IMPLEMENT_ssl3_meth_func()
519 				|| (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))  in IMPLEMENT_ssl3_meth_func()
523 				s->s3->tmp.cert_request=0;  in IMPLEMENT_ssl3_meth_func()
525 				if (s->s3->handshake_buffer)  in IMPLEMENT_ssl3_meth_func()
531 				s->s3->tmp.cert_request=1;  in IMPLEMENT_ssl3_meth_func()
538 				s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;  in IMPLEMENT_ssl3_meth_func()
548 			s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;  in IMPLEMENT_ssl3_meth_func()
573 			s->state=s->s3->tmp.next_state;  in IMPLEMENT_ssl3_meth_func()
585 				if (s->s3->tmp.cert_request)  in IMPLEMENT_ssl3_meth_func()
613 				if (s->s3->next_proto_neg_seen)  in IMPLEMENT_ssl3_meth_func()
629 				if (!s->s3->handshake_buffer)  in IMPLEMENT_ssl3_meth_func()
634 				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;  in IMPLEMENT_ssl3_meth_func()
651 				if (s->s3->handshake_buffer)  in IMPLEMENT_ssl3_meth_func()
655 					if (s->s3->handshake_dgst[dgst_num])   in IMPLEMENT_ssl3_meth_func()
659 …s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->t…  in IMPLEMENT_ssl3_meth_func()
660 						dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);  in IMPLEMENT_ssl3_meth_func()
681 			if (s->s3->next_proto_neg_seen)  in IMPLEMENT_ssl3_meth_func()
737 			s->session->cipher=s->s3->tmp.new_cipher;  in IMPLEMENT_ssl3_meth_func()
768 				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;  in IMPLEMENT_ssl3_meth_func()
770 				if (s->s3->next_proto_neg_seen)  in IMPLEMENT_ssl3_meth_func()
771 					s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;  in IMPLEMENT_ssl3_meth_func()
773 					s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;  in IMPLEMENT_ssl3_meth_func()
777 				s->s3->tmp.next_state=SSL_ST_OK;  in IMPLEMENT_ssl3_meth_func()
818 		if (!s->s3->tmp.reuse_message && !skip)  in IMPLEMENT_ssl3_meth_func()
882 	s->s3->tmp.reuse_message = 1;  in ssl3_check_client_hello()
883 	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)  in ssl3_check_client_hello()
887 		if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)  in ssl3_check_client_hello()
895 		if (s->s3->tmp.dh != NULL)  in ssl3_check_client_hello()
897 			DH_free(s->s3->tmp.dh);  in ssl3_check_client_hello()
898 			s->s3->tmp.dh = NULL;  in ssl3_check_client_hello()
902 		if (s->s3->tmp.ecdh != NULL)  in ssl3_check_client_hello()
904 			EC_KEY_free(s->s3->tmp.ecdh);  in ssl3_check_client_hello()
905 			s->s3->tmp.ecdh = NULL;  in ssl3_check_client_hello()
908 		s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;  in ssl3_check_client_hello()
984 	memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);  in ssl3_get_client_hello()
1209 		pos=s->s3->server_random;  in ssl3_get_client_hello()
1258 	s->s3->tmp.new_compression=NULL;  in ssl3_get_client_hello()
1278 				s->s3->tmp.new_compression=comp;  in ssl3_get_client_hello()
1282 		if (s->s3->tmp.new_compression == NULL)  in ssl3_get_client_hello()
1323 			s->s3->tmp.new_compression=comp;  in ssl3_get_client_hello()
1368 		s->s3->tmp.new_cipher=c;  in ssl3_get_client_hello()
1390 				s->s3->tmp.new_cipher=nc;  in ssl3_get_client_hello()
1392 				s->s3->tmp.new_cipher=ec;  in ssl3_get_client_hello()
1394 				s->s3->tmp.new_cipher=s->session->cipher;  in ssl3_get_client_hello()
1398 		s->s3->tmp.new_cipher=s->session->cipher;  in ssl3_get_client_hello()
1443 		p=s->s3->server_random;  in ssl3_send_server_hello()
1457 		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);  in ssl3_send_server_hello()
1490 		i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);  in ssl3_send_server_hello()
1497 		if (s->s3->tmp.new_compression == NULL)  in ssl3_send_server_hello()
1500 			*(p++)=s->s3->tmp.new_compression->id;  in ssl3_send_server_hello()
1588 		type=s->s3->tmp.new_cipher->algorithm_mkey;  in ssl3_send_server_key_exchange()
1602 				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),  in ssl3_send_server_key_exchange()
1603 				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));  in ssl3_send_server_key_exchange()
1621 			s->s3->tmp.use_rsa_tmp=1;  in ssl3_send_server_key_exchange()
1631 				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),  in ssl3_send_server_key_exchange()
1632 				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));  in ssl3_send_server_key_exchange()
1640 			if (s->s3->tmp.dh != NULL)  in ssl3_send_server_key_exchange()
1652 			s->s3->tmp.dh=dh;  in ssl3_send_server_key_exchange()
1690 				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),  in ssl3_send_server_key_exchange()
1691 				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));  in ssl3_send_server_key_exchange()
1700 			if (s->s3->tmp.ecdh != NULL)  in ssl3_send_server_key_exchange()
1718 			s->s3->tmp.ecdh=ecdh;  in ssl3_send_server_key_exchange()
1738 			if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&  in ssl3_send_server_key_exchange()
1849 		if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)  in ssl3_send_server_key_exchange()
1850 			&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))  in ssl3_send_server_key_exchange()
1852 			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))  in ssl3_send_server_key_exchange()
1942 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);  in ssl3_send_server_key_exchange()
1943 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);  in ssl3_send_server_key_exchange()
1981 				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);  in ssl3_send_server_key_exchange()
1982 				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);  in ssl3_send_server_key_exchange()
2159 	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;  in ssl3_get_client_key_exchange()
2165 		if (s->s3->tmp.use_rsa_tmp)  in ssl3_get_client_key_exchange()
2293 			if (s->s3->tmp.dh == NULL)  in ssl3_get_client_key_exchange()
2300 				dh_srvr=s->s3->tmp.dh;  in ssl3_get_client_key_exchange()
2319 		DH_free(s->s3->tmp.dh);  in ssl3_get_client_key_exchange()
2320 		s->s3->tmp.dh=NULL;  in ssl3_get_client_key_exchange()
2552 			tkey = s->s3->tmp.ecdh;  in ssl3_get_client_key_exchange()
2668 		EC_KEY_free(s->s3->tmp.ecdh);  in ssl3_get_client_key_exchange()
2669 		s->s3->tmp.ecdh = NULL;   in ssl3_get_client_key_exchange()
2823 			alg_a = s->s3->tmp.new_cipher->algorithm_auth;  in ssl3_get_client_key_exchange()
2942 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)  in ssl3_get_cert_verify()
2944 		s->s3->tmp.reuse_message=1;  in ssl3_get_cert_verify()
2969 	if (s->s3->change_cipher_spec)  in ssl3_get_cert_verify()
3039 		hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);  in ssl3_get_cert_verify()
3069 		i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,  in ssl3_get_cert_verify()
3091 			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),  in ssl3_get_cert_verify()
3107 			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),  in ssl3_get_cert_verify()
3131 			j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);  in ssl3_get_cert_verify()
3156 	if (s->s3->handshake_buffer)  in ssl3_get_cert_verify()
3158 		BIO_free(s->s3->handshake_buffer);  in ssl3_get_cert_verify()
3159 		s->s3->handshake_buffer = NULL;  in ssl3_get_cert_verify()
3160 		s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;  in ssl3_get_cert_verify()
3185 	if	(s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)  in ssl3_get_client_certificate()
3195 		if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)  in ssl3_get_client_certificate()
3201 		s->s3->tmp.reuse_message=1;  in ssl3_get_client_certificate()
3205 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)  in ssl3_get_client_certificate()
3276 		if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s))  in ssl3_get_client_certificate()
3340 			if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||  in ssl3_send_server_certificate()
3341 			    (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))  in ssl3_send_server_certificate()
3543 	if (!s->s3->next_proto_neg_seen)  in ssl3_get_next_proto()
3562 	if (!s->s3->change_cipher_spec)  in ssl3_get_next_proto()