From a71a4966a31b31df72db42c130544462fd6ad624 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 5 Oct 2015 10:44:41 +0100
Subject: [PATCH] Move |no_cert_verify| into state machine

The |no_cert_verify| should be in the state machine structure not in SSL

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 ssl/ssl_lib.c            |  1 -
 ssl/ssl_locl.h           |  3 ---
 ssl/statem/statem.c      |  1 +
 ssl/statem/statem.h      |  4 ++++
 ssl/statem/statem_srvr.c | 14 +++++++-------
 5 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ad590e5116..445907d617 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -225,7 +225,6 @@ int SSL_clear(SSL *s)
     s->init_buf = NULL;
     clear_ciphers(s);
     s->first_packet = 0;
-    s->no_cert_verify = 0;
 
     /*
      * Check to see if we were changed into a different method, if so, revert
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 2c22ee3ac4..24ce4f752a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1021,9 +1021,6 @@ struct ssl_st {
     struct ssl3_state_st *s3;   /* SSLv3 variables */
     struct dtls1_state_st *d1;  /* DTLSv1 variables */
 
-    /* Should we skip the CertificateVerify message? */
-    unsigned int no_cert_verify;
-
     /* callback that allows applications to peek at protocol messages */
     void (*msg_callback) (int write_p, int version, int content_type,
                           const void *buf, size_t len, SSL *ssl, void *arg);
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 6ff60eaccd..ac795ab052 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -155,6 +155,7 @@ void ossl_statem_clear(SSL *s)
     s->statem.state = MSG_FLOW_UNINITED;
     s->statem.hand_state = TLS_ST_BEFORE;
     s->statem.in_init = 1;
+    s->statem.no_cert_verify = 0;
 }
 
 /*
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index fcc6163863..f65e09f0c4 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -135,6 +135,10 @@ struct statem_st {
     OSSL_HANDSHAKE_STATE hand_state;
     int in_init;
     int read_state_first_init;
+
+    /* Should we skip the CertificateVerify message? */
+    unsigned int no_cert_verify;
+
     int use_timer;
 #ifndef OPENSSL_NO_SCTP
     int in_sctp_read_sock;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b940280e5b..103f3cc3a6 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -232,10 +232,10 @@ int server_read_transition(SSL *s, int mt)
          * received a Certificate from the client. If so then |s->session->peer|
          * will be non NULL. In some instances a CertificateVerify message is
          * not required even if the peer has sent a Certificate (e.g. such as in
-         * the case of static DH). In that case |s->no_cert_verify| should be
+         * the case of static DH). In that case |st->no_cert_verify| should be
          * set.
          */
-        if (s->session->peer == NULL || s->no_cert_verify) {
+        if (s->session->peer == NULL || st->no_cert_verify) {
             if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
                 /*
                  * For the ECDH ciphersuites when the client sends its ECDH
@@ -2619,7 +2619,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
             goto f_err;
         }
         if (dh_clnt) {
-            s->no_cert_verify = 1;
+            s->statem.no_cert_verify = 1;
             return MSG_PROCESS_CONTINUE_PROCESSING;
         }
     } else
@@ -2697,7 +2697,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
                 SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
                 goto err;
             }
-            s->no_cert_verify = 1;
+            s->statem.no_cert_verify = 1;
         } else {
             /*
              * Get client's public key from encoded point in the
@@ -2854,7 +2854,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
         /* Check if pubkey from client certificate was used */
         if (EVP_PKEY_CTX_ctrl
             (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
-            s->no_cert_verify = 1;
+            s->statem.no_cert_verify = 1;
 
         EVP_PKEY_free(client_pub_pkey);
         EVP_PKEY_CTX_free(pkey_ctx);
@@ -2924,7 +2924,7 @@ enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
             /* Are we renegotiating? */
             && s->renegotiate
             /* Are we going to skip the CertificateVerify? */
-            && (s->session->peer == NULL || s->no_cert_verify)
+            && (s->session->peer == NULL || s->statem.no_cert_verify)
             && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
         s->s3->in_read_app_data = 2;
         s->rwstate = SSL_READING;
@@ -2937,7 +2937,7 @@ enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
     }
 #endif
 
-    if (s->no_cert_verify) {
+    if (s->statem.no_cert_verify) {
         /* No certificate verify so we no longer need the handshake_buffer */
         BIO_free(s->s3->handshake_buffer);
         return WORK_FINISHED_CONTINUE;
-- 
2.25.1