From: Matt Caswell <matt@openssl.org>
Date: Fri, 11 Sep 2015 09:48:59 +0000 (+0100)
Subject: Reorganise state machine files
X-Git-Tag: OpenSSL_1_1_0-pre1~361
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=8ba708e5166b02ab61f2762d36b3e7b7455e9c06

Reorganise state machine files

Pull out the state machine into a separate sub directory. Also moved some
functions which were nothing to do with the state machine but were in state
machine files. Pulled all the SSL_METHOD definitions into one place...most
of those files had very little left in them any more.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/crypto/ct/Makefile b/crypto/ct/Makefile
index 2f55a2d560..dfb0839c1e 100644
--- a/crypto/ct/Makefile
+++ b/crypto/ct/Makefile
@@ -90,4 +90,5 @@ ct_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ct_lib.o: ../../include/openssl/tls1.h ../../include/openssl/x509.h
 ct_lib.o: ../../include/openssl/x509_vfy.h ../../ssl/packet_locl.h
 ct_lib.o: ../../ssl/record/record.h ../../ssl/ssl_locl.h
-ct_lib.o: ../include/internal/cryptlib.h ../include/internal/ct_int.h ct_lib.c
+ct_lib.o: ../../ssl/statem/statem.h ../include/internal/cryptlib.h
+ct_lib.o: ../include/internal/ct_int.h ct_lib.c
diff --git a/ssl/Makefile b/ssl/Makefile
index 536ddcc200..9f1fe8d8c2 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -17,33 +17,33 @@ GENERAL=Makefile README ssl-lib.com install.com
 LIB=$(TOP)/libssl.a
 SHARED_LIB= libssl$(SHLIB_EXT)
 LIBSRC=	\
-	s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c record/rec_layer_s3.c \
-	s3_both.c s3_cbc.c s3_msg.c \
-	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c t1_ext.c \
-	d1_meth.c   d1_srvr.c d1_clnt.c  d1_lib.c  record/rec_layer_d1.c d1_msg.c \
-	d1_both.c d1_srtp.c \
+	statem/statem_srvr.c statem/statem_clnt.c  s3_lib.c  s3_enc.c record/rec_layer_s3.c \
+	statem/statem_lib.c s3_cbc.c s3_msg.c \
+	methods.c   t1_lib.c  t1_enc.c t1_ext.c \
+	d1_lib.c  record/rec_layer_d1.c d1_msg.c \
+	statem/statem_dtls.c d1_srtp.c \
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
 	bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \
 	record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \
-	statem.c
+	statem/statem.c
 LIBOBJ= \
-	s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o record/rec_layer_s3.o \
-	s3_both.o s3_cbc.o s3_msg.o \
-	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o t1_ext.o \
-	d1_meth.o   d1_srvr.o d1_clnt.o  d1_lib.o  record/rec_layer_d1.o d1_msg.o \
-	d1_both.o d1_srtp.o\
+	statem/statem_srvr.o  statem/statem_clnt.o  s3_lib.o  s3_enc.o record/rec_layer_s3.o \
+	statem/statem_lib.o s3_cbc.o s3_msg.o \
+	methods.o   t1_lib.o  t1_enc.o t1_ext.o \
+	d1_lib.o  record/rec_layer_d1.o d1_msg.o \
+	statem/statem_dtls.o d1_srtp.o\
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
 	bio_ssl.o ssl_err.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \
 	record/ssl3_buffer.o record/ssl3_record.o record/dtls1_bitmap.o \
-	statem.o
+	statem/statem.o
 
 SRC= $(LIBSRC)
 
-HEADER=	ssl_locl.h record/record_locl.h record/record.h
+HEADER=	ssl_locl.h record/record_locl.h record/record.h statem/statem.h
 
 ALL=	$(GENERAL) $(SRC) $(HEADER)
 
@@ -93,7 +93,9 @@ clean:
 	rm -f $(LIBOBJ) *.obj lib tags core .pure .nfs* *.old *.bak fluff
 	rm -f record/*.obj record/lib record/retags record/core \
 	record/.pure record/.nfs* record/*.old record/*.bak record/fluff
-
+	rm -f statem/*.obj statem/lib statem/retags statem/core \
+	statem/.pure statem/.nfs* statem/*.old statem/*.bak statem/fluff
+	
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 bio_ssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
@@ -115,48 +117,7 @@ bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c packet_locl.h
-bio_ssl.o: record/record.h ssl_locl.h
-d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h
-d1_both.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c
-d1_both.o: packet_locl.h record/record.h ssl_locl.h
-d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-d1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c
-d1_clnt.o: packet_locl.h record/record.h ssl_locl.h
+bio_ssl.o: record/record.h ssl_locl.h statem/statem.h
 d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 d1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -169,34 +130,14 @@ d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c packet_locl.h record/record.h
-d1_lib.o: ssl_locl.h
-d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
-d1_meth.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c packet_locl.h
-d1_meth.o: record/record.h ssl_locl.h
+d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+d1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c
+d1_lib.o: packet_locl.h record/record.h ssl_locl.h statem/statem.h
 d1_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_msg.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 d1_msg.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -216,7 +157,7 @@ d1_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 d1_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 d1_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 d1_msg.o: ../include/openssl/x509_vfy.h d1_msg.c packet_locl.h record/record.h
-d1_msg.o: ssl_locl.h
+d1_msg.o: ssl_locl.h statem/statem.h
 d1_srtp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_srtp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 d1_srtp.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -236,28 +177,27 @@ d1_srtp.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 d1_srtp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 d1_srtp.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 d1_srtp.o: ../include/openssl/x509_vfy.h d1_srtp.c packet_locl.h
-d1_srtp.o: record/record.h ssl_locl.h
-d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-d1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c
-d1_srvr.o: packet_locl.h record/record.h ssl_locl.h
+d1_srtp.o: record/record.h ssl_locl.h statem/statem.h
+methods.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+methods.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+methods.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+methods.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+methods.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+methods.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+methods.o: ../include/openssl/err.h ../include/openssl/evp.h
+methods.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+methods.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+methods.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+methods.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+methods.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+methods.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+methods.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+methods.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+methods.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+methods.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+methods.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+methods.o: ../include/openssl/x509_vfy.h methods.c packet_locl.h
+methods.o: record/record.h ssl_locl.h statem/statem.h
 record/dtls1_bitmap.o: ../e_os.h ../include/openssl/asn1.h
 record/dtls1_bitmap.o: ../include/openssl/bio.h ../include/openssl/bn.h
 record/dtls1_bitmap.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -280,7 +220,8 @@ record/dtls1_bitmap.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 record/dtls1_bitmap.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 record/dtls1_bitmap.o: ../include/openssl/x509_vfy.h record/../packet_locl.h
 record/dtls1_bitmap.o: record/../record/record.h record/../ssl_locl.h
-record/dtls1_bitmap.o: record/dtls1_bitmap.c record/record_locl.h
+record/dtls1_bitmap.o: record/../statem/statem.h record/dtls1_bitmap.c
+record/dtls1_bitmap.o: record/record_locl.h
 record/rec_layer_d1.o: ../e_os.h ../include/openssl/asn1.h
 record/rec_layer_d1.o: ../include/openssl/bio.h ../include/openssl/bn.h
 record/rec_layer_d1.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -303,8 +244,8 @@ record/rec_layer_d1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 record/rec_layer_d1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 record/rec_layer_d1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 record/rec_layer_d1.o: record/../packet_locl.h record/../record/record.h
-record/rec_layer_d1.o: record/../ssl_locl.h record/rec_layer_d1.c
-record/rec_layer_d1.o: record/record_locl.h
+record/rec_layer_d1.o: record/../ssl_locl.h record/../statem/statem.h
+record/rec_layer_d1.o: record/rec_layer_d1.c record/record_locl.h
 record/rec_layer_s3.o: ../e_os.h ../include/openssl/asn1.h
 record/rec_layer_s3.o: ../include/openssl/bio.h ../include/openssl/bn.h
 record/rec_layer_s3.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -327,8 +268,8 @@ record/rec_layer_s3.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 record/rec_layer_s3.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 record/rec_layer_s3.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 record/rec_layer_s3.o: record/../packet_locl.h record/../record/record.h
-record/rec_layer_s3.o: record/../ssl_locl.h record/rec_layer_s3.c
-record/rec_layer_s3.o: record/record_locl.h
+record/rec_layer_s3.o: record/../ssl_locl.h record/../statem/statem.h
+record/rec_layer_s3.o: record/rec_layer_s3.c record/record_locl.h
 record/ssl3_buffer.o: ../e_os.h ../include/openssl/asn1.h
 record/ssl3_buffer.o: ../include/openssl/bio.h ../include/openssl/bn.h
 record/ssl3_buffer.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -351,7 +292,8 @@ record/ssl3_buffer.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 record/ssl3_buffer.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 record/ssl3_buffer.o: ../include/openssl/x509_vfy.h record/../packet_locl.h
 record/ssl3_buffer.o: record/../record/record.h record/../ssl_locl.h
-record/ssl3_buffer.o: record/record_locl.h record/ssl3_buffer.c
+record/ssl3_buffer.o: record/../statem/statem.h record/record_locl.h
+record/ssl3_buffer.o: record/ssl3_buffer.c
 record/ssl3_record.o: ../e_os.h ../include/internal/constant_time_locl.h
 record/ssl3_record.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 record/ssl3_record.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -374,28 +316,8 @@ record/ssl3_record.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 record/ssl3_record.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 record/ssl3_record.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 record/ssl3_record.o: record/../packet_locl.h record/../record/record.h
-record/ssl3_record.o: record/../ssl_locl.h record/record_locl.h
-record/ssl3_record.o: record/ssl3_record.c
-s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_both.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-s3_both.o: packet_locl.h record/record.h s3_both.c ssl_locl.h
+record/ssl3_record.o: record/../ssl_locl.h record/../statem/statem.h
+record/ssl3_record.o: record/record_locl.h record/ssl3_record.c
 s3_cbc.o: ../e_os.h ../include/internal/constant_time_locl.h
 s3_cbc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -416,29 +338,7 @@ s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h
-s3_cbc.o: record/record.h s3_cbc.c ssl_locl.h
-s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-s3_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_clnt.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-s3_clnt.o: s3_clnt.c ssl_locl.h
+s3_cbc.o: record/record.h s3_cbc.c ssl_locl.h statem/statem.h
 s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -458,7 +358,7 @@ s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h
-s3_enc.o: record/record.h s3_enc.c ssl_locl.h
+s3_enc.o: record/record.h s3_enc.c ssl_locl.h statem/statem.h
 s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -479,7 +379,7 @@ s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h
-s3_lib.o: record/record.h s3_lib.c ssl_locl.h
+s3_lib.o: record/record.h s3_lib.c ssl_locl.h statem/statem.h
 s3_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_msg.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s3_msg.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -499,29 +399,7 @@ s3_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 s3_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s3_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 s3_msg.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h s3_msg.c
-s3_msg.o: ssl_locl.h
-s3_srvr.o: ../e_os.h ../include/internal/constant_time_locl.h
-s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-s3_srvr.o: packet_locl.h record/record.h s3_srvr.c ssl_locl.h
+s3_msg.o: ssl_locl.h statem/statem.h
 ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -541,7 +419,7 @@ ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_algs.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-ssl_algs.o: ssl_algs.c ssl_locl.h
+ssl_algs.o: ssl_algs.c ssl_locl.h statem/statem.h
 ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
 ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h
 ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -561,7 +439,7 @@ ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_asn1.o: packet_locl.h record/record.h ssl_asn1.c ssl_locl.h
+ssl_asn1.o: packet_locl.h record/record.h ssl_asn1.c ssl_locl.h statem/statem.h
 ssl_cert.o: ../e_os.h ../include/internal/o_dir.h ../include/openssl/asn1.h
 ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h
 ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -583,7 +461,7 @@ ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ssl_cert.o: ../include/openssl/x509v3.h packet_locl.h record/record.h
-ssl_cert.o: ssl_cert.c ssl_locl.h
+ssl_cert.o: ssl_cert.c ssl_locl.h statem/statem.h
 ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -603,7 +481,7 @@ ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_ciph.o: packet_locl.h record/record.h ssl_ciph.c ssl_locl.h
+ssl_ciph.o: packet_locl.h record/record.h ssl_ciph.c ssl_locl.h statem/statem.h
 ssl_conf.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_conf.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssl_conf.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -624,7 +502,7 @@ ssl_conf.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 ssl_conf.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_conf.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_conf.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-ssl_conf.o: ssl_conf.c ssl_locl.h
+ssl_conf.o: ssl_conf.c ssl_locl.h statem/statem.h
 ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
@@ -681,7 +559,7 @@ ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ssl_lib.o: ../include/openssl/x509v3.h packet_locl.h record/record.h ssl_lib.c
-ssl_lib.o: ssl_locl.h
+ssl_lib.o: ssl_locl.h statem/statem.h
 ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -701,7 +579,7 @@ ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_rsa.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-ssl_rsa.o: ssl_locl.h ssl_rsa.c
+ssl_rsa.o: ssl_locl.h ssl_rsa.c statem/statem.h
 ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -722,7 +600,7 @@ ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_sess.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-ssl_sess.o: ssl_locl.h ssl_sess.c
+ssl_sess.o: ssl_locl.h ssl_sess.c statem/statem.h
 ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -742,7 +620,7 @@ ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_stat.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-ssl_stat.o: ssl_locl.h ssl_stat.c
+ssl_stat.o: ssl_locl.h ssl_stat.c statem/statem.h
 ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -762,7 +640,7 @@ ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_txt.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-ssl_txt.o: ssl_locl.h ssl_txt.c
+ssl_txt.o: ssl_locl.h ssl_txt.c statem/statem.h
 ssl_utst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_utst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssl_utst.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -782,47 +660,126 @@ ssl_utst.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 ssl_utst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_utst.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_utst.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-ssl_utst.o: ssl_locl.h ssl_utst.c
-statem.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-statem.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-statem.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-statem.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-statem.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-statem.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-statem.o: ../include/openssl/err.h ../include/openssl/evp.h
-statem.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-statem.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-statem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-statem.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-statem.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-statem.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-statem.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-statem.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-statem.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-statem.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-statem.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-statem.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h
-statem.o: record/record.h ssl_locl.h statem.c
-t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_clnt.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-t1_clnt.o: packet_locl.h record/record.h ssl_locl.h t1_clnt.c
+ssl_utst.o: ssl_locl.h ssl_utst.c statem/statem.h
+statem/statem.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+statem/statem.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+statem/statem.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+statem/statem.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+statem/statem.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+statem/statem.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+statem/statem.o: ../include/openssl/err.h ../include/openssl/evp.h
+statem/statem.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+statem/statem.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+statem/statem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+statem/statem.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+statem/statem.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+statem/statem.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+statem/statem.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+statem/statem.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+statem/statem.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+statem/statem.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+statem/statem.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+statem/statem.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+statem/statem.o: statem/../packet_locl.h statem/../record/record.h
+statem/statem.o: statem/../ssl_locl.h statem/../statem/statem.h statem/statem.c
+statem/statem_clnt.o: ../e_os.h ../include/openssl/asn1.h
+statem/statem_clnt.o: ../include/openssl/bio.h ../include/openssl/bn.h
+statem/statem_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+statem/statem_clnt.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+statem/statem_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+statem/statem_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+statem/statem_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+statem/statem_clnt.o: ../include/openssl/engine.h ../include/openssl/err.h
+statem/statem_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+statem/statem_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+statem/statem_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+statem/statem_clnt.o: ../include/openssl/opensslconf.h
+statem/statem_clnt.o: ../include/openssl/opensslv.h
+statem/statem_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+statem/statem_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+statem/statem_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+statem/statem_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+statem/statem_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+statem/statem_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+statem/statem_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+statem/statem_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+statem/statem_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+statem/statem_clnt.o: statem/../packet_locl.h statem/../record/record.h
+statem/statem_clnt.o: statem/../ssl_locl.h statem/../statem/statem.h
+statem/statem_clnt.o: statem/statem_clnt.c
+statem/statem_dtls.o: ../e_os.h ../include/openssl/asn1.h
+statem/statem_dtls.o: ../include/openssl/bio.h ../include/openssl/bn.h
+statem/statem_dtls.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+statem/statem_dtls.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+statem/statem_dtls.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+statem/statem_dtls.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+statem/statem_dtls.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+statem/statem_dtls.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+statem/statem_dtls.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+statem/statem_dtls.o: ../include/openssl/objects.h
+statem/statem_dtls.o: ../include/openssl/opensslconf.h
+statem/statem_dtls.o: ../include/openssl/opensslv.h
+statem/statem_dtls.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+statem/statem_dtls.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+statem/statem_dtls.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+statem/statem_dtls.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+statem/statem_dtls.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+statem/statem_dtls.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+statem/statem_dtls.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+statem/statem_dtls.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+statem/statem_dtls.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+statem/statem_dtls.o: statem/../packet_locl.h statem/../record/record.h
+statem/statem_dtls.o: statem/../ssl_locl.h statem/../statem/statem.h
+statem/statem_dtls.o: statem/statem_dtls.c
+statem/statem_lib.o: ../e_os.h ../include/openssl/asn1.h
+statem/statem_lib.o: ../include/openssl/bio.h ../include/openssl/bn.h
+statem/statem_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+statem/statem_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+statem/statem_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+statem/statem_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+statem/statem_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+statem/statem_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+statem/statem_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+statem/statem_lib.o: ../include/openssl/objects.h
+statem/statem_lib.o: ../include/openssl/opensslconf.h
+statem/statem_lib.o: ../include/openssl/opensslv.h
+statem/statem_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+statem/statem_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+statem/statem_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+statem/statem_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+statem/statem_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+statem/statem_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+statem/statem_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+statem/statem_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+statem/statem_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+statem/statem_lib.o: statem/../packet_locl.h statem/../record/record.h
+statem/statem_lib.o: statem/../ssl_locl.h statem/../statem/statem.h
+statem/statem_lib.o: statem/statem_lib.c
+statem/statem_srvr.o: ../e_os.h ../include/internal/constant_time_locl.h
+statem/statem_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+statem/statem_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+statem/statem_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+statem/statem_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+statem/statem_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+statem/statem_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+statem/statem_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+statem/statem_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+statem/statem_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+statem/statem_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+statem/statem_srvr.o: ../include/openssl/opensslconf.h
+statem/statem_srvr.o: ../include/openssl/opensslv.h
+statem/statem_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+statem/statem_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+statem/statem_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+statem/statem_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+statem/statem_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+statem/statem_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+statem/statem_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+statem/statem_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+statem/statem_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+statem/statem_srvr.o: statem/../packet_locl.h statem/../record/record.h
+statem/statem_srvr.o: statem/../ssl_locl.h statem/../statem/statem.h
+statem/statem_srvr.o: statem/statem_srvr.c
 t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -843,7 +800,7 @@ t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 t1_enc.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-t1_enc.o: ssl_locl.h t1_enc.c
+t1_enc.o: ssl_locl.h statem/statem.h t1_enc.c
 t1_ext.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_ext.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 t1_ext.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -863,7 +820,7 @@ t1_ext.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 t1_ext.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 t1_ext.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 t1_ext.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-t1_ext.o: ssl_locl.h t1_ext.c
+t1_ext.o: ssl_locl.h statem/statem.h t1_ext.c
 t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 t1_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -885,27 +842,7 @@ t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-t1_lib.o: packet_locl.h record/record.h ssl_locl.h t1_lib.c
-t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_meth.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_meth.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-t1_meth.o: ssl_locl.h t1_meth.c
+t1_lib.o: packet_locl.h record/record.h ssl_locl.h statem/statem.h t1_lib.c
 t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_reneg.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 t1_reneg.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -925,27 +862,7 @@ t1_reneg.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 t1_reneg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 t1_reneg.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 t1_reneg.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-t1_reneg.o: ssl_locl.h t1_reneg.c
-t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_srvr.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-t1_srvr.o: packet_locl.h record/record.h ssl_locl.h t1_srvr.c
+t1_reneg.o: ssl_locl.h statem/statem.h t1_reneg.c
 t1_trce.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_trce.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 t1_trce.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -965,7 +882,7 @@ t1_trce.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 t1_trce.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 t1_trce.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 t1_trce.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-t1_trce.o: ssl_locl.h t1_trce.c
+t1_trce.o: ssl_locl.h statem/statem.h t1_trce.c
 tls_srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 tls_srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 tls_srp.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -986,4 +903,4 @@ tls_srp.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
 tls_srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 tls_srp.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 tls_srp.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
-tls_srp.o: ssl_locl.h tls_srp.c
+tls_srp.o: ssl_locl.h statem/statem.h tls_srp.c
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
deleted file mode 100644
index d26e39cab5..0000000000
--- a/ssl/d1_clnt.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/* ssl/d1_clnt.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-static const SSL_METHOD *dtls1_get_client_method(int ver);
-
-static const SSL_METHOD *dtls1_get_client_method(int ver)
-{
-    if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
-        return (DTLSv1_client_method());
-    else if (ver == DTLS1_2_VERSION)
-        return (DTLSv1_2_client_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
-                          DTLSv1_client_method,
-                          ssl_undefined_function,
-                          dtls1_connect,
-                          dtls1_get_client_method, DTLSv1_enc_data)
-
-    IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
-                          DTLSv1_2_client_method,
-                          ssl_undefined_function,
-                          dtls1_connect,
-                          dtls1_get_client_method, DTLSv1_2_enc_data)
-
-    IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
-                          DTLS_client_method,
-                          ssl_undefined_function,
-                          dtls1_connect,
-                          dtls1_get_client_method, DTLSv1_2_enc_data)
-
-
-enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
-{
-    int al;
-    unsigned int cookie_len;
-    PACKET cookiepkt;
-
-    if (!PACKET_forward(pkt, 2)
-            || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-
-    cookie_len = PACKET_remaining(&cookiepkt);
-    if (cookie_len > sizeof(s->d1->cookie)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_TOO_LONG);
-        goto f_err;
-    }
-
-    if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    s->d1->cookie_len = cookie_len;
-
-    return MSG_PROCESS_FINISHED_READING;
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    statem_set_error(s);
-    return MSG_PROCESS_ERROR;
-}
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 3bc9fe7362..2f9609affb 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -60,6 +60,7 @@
 #include <stdio.h>
 #define USE_SOCKETS
 #include <openssl/objects.h>
+#include <openssl/rand.h>
 #include "ssl_locl.h"
 
 #if defined(OPENSSL_SYS_VMS)
@@ -77,6 +78,9 @@ static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
 static int dtls1_handshake_write(SSL *s);
 int dtls1_listen(SSL *s, struct sockaddr *client);
 
+/* XDTLS:  figure out the right values */
+static const unsigned int g_probable_mtu[] = { 1500, 512, 256 };
+
 const SSL3_ENC_METHOD DTLSv1_enc_data = {
     tls1_enc,
     tls1_mac,
@@ -762,8 +766,8 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
             }
 
             p = &buf[DTLS1_RT_HEADER_LENGTH];
-            msglen = dtls1_raw_hello_verify_request(p + DTLS1_HM_HEADER_LENGTH,
-                                                    cookie, cookielen);
+            msglen = dtls_raw_hello_verify_request(p + DTLS1_HM_HEADER_LENGTH,
+                                                   cookie, cookielen);
 
             *p++ = DTLS1_MT_HELLO_VERIFY_REQUEST;
 
@@ -905,3 +909,236 @@ static int dtls1_handshake_write(SSL *s)
 {
     return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
 }
+
+#ifndef OPENSSL_NO_HEARTBEATS
+int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
+{
+    unsigned char *pl;
+    unsigned short hbtype;
+    unsigned int payload;
+    unsigned int padding = 16;  /* Use minimum padding */
+
+    if (s->msg_callback)
+        s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+                        p, length, s, s->msg_callback_arg);
+
+    /* Read type and payload length first */
+    if (1 + 2 + 16 > length)
+        return 0;               /* silently discard */
+    if (length > SSL3_RT_MAX_PLAIN_LENGTH)
+        return 0;               /* silently discard per RFC 6520 sec. 4 */
+
+    hbtype = *p++;
+    n2s(p, payload);
+    if (1 + 2 + payload + 16 > length)
+        return 0;               /* silently discard per RFC 6520 sec. 4 */
+    pl = p;
+
+    if (hbtype == TLS1_HB_REQUEST) {
+        unsigned char *buffer, *bp;
+        unsigned int write_length = 1 /* heartbeat type */  +
+            2 /* heartbeat length */  +
+            payload + padding;
+        int r;
+
+        if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+
+        /*
+         * Allocate memory for the response, size is 1 byte message type,
+         * plus 2 bytes payload length, plus payload, plus padding
+         */
+        buffer = OPENSSL_malloc(write_length);
+        if (buffer == NULL)
+            return -1;
+        bp = buffer;
+
+        /* Enter response type, length and copy payload */
+        *bp++ = TLS1_HB_RESPONSE;
+        s2n(payload, bp);
+        memcpy(bp, pl, payload);
+        bp += payload;
+        /* Random padding */
+        if (RAND_bytes(bp, padding) <= 0) {
+            OPENSSL_free(buffer);
+            return -1;
+        }
+
+        r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+
+        if (r >= 0 && s->msg_callback)
+            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                            buffer, write_length, s, s->msg_callback_arg);
+
+        OPENSSL_free(buffer);
+
+        if (r < 0)
+            return r;
+    } else if (hbtype == TLS1_HB_RESPONSE) {
+        unsigned int seq;
+
+        /*
+         * We only send sequence numbers (2 bytes unsigned int), and 16
+         * random bytes, so we just try to read the sequence number
+         */
+        n2s(pl, seq);
+
+        if (payload == 18 && seq == s->tlsext_hb_seq) {
+            dtls1_stop_timer(s);
+            s->tlsext_hb_seq++;
+            s->tlsext_hb_pending = 0;
+        }
+    }
+
+    return 0;
+}
+
+int dtls1_heartbeat(SSL *s)
+{
+    unsigned char *buf, *p;
+    int ret = -1;
+    unsigned int payload = 18;  /* Sequence number + random bytes */
+    unsigned int padding = 16;  /* Use minimum padding */
+
+    /* Only send if peer supports and accepts HB requests... */
+    if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
+        s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
+        return -1;
+    }
+
+    /* ...and there is none in flight yet... */
+    if (s->tlsext_hb_pending) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
+        return -1;
+    }
+
+    /* ...and no handshake in progress. */
+    if (SSL_in_init(s) || s->in_handshake) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
+        return -1;
+    }
+
+    /*
+     * Check if padding is too long, payload and padding must not exceed 2^14
+     * - 3 = 16381 bytes in total.
+     */
+    OPENSSL_assert(payload + padding <= 16381);
+
+    /*-
+     * Create HeartBeat message, we just use a sequence number
+     * as payload to distuingish different messages and add
+     * some random stuff.
+     *  - Message Type, 1 byte
+     *  - Payload Length, 2 bytes (unsigned int)
+     *  - Payload, the sequence number (2 bytes uint)
+     *  - Payload, random bytes (16 bytes uint)
+     *  - Padding
+     */
+    buf = OPENSSL_malloc(1 + 2 + payload + padding);
+    if (buf == NULL) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    p = buf;
+    /* Message Type */
+    *p++ = TLS1_HB_REQUEST;
+    /* Payload length (18 bytes here) */
+    s2n(payload, p);
+    /* Sequence number */
+    s2n(s->tlsext_hb_seq, p);
+    /* 16 random bytes */
+    if (RAND_bytes(p, 16) <= 0) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    p += 16;
+    /* Random padding */
+    if (RAND_bytes(p, padding) <= 0) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
+    if (ret >= 0) {
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                            buf, 3 + payload + padding,
+                            s, s->msg_callback_arg);
+
+        dtls1_start_timer(s);
+        s->tlsext_hb_pending = 1;
+    }
+
+ err:
+    OPENSSL_free(buf);
+
+    return ret;
+}
+#endif
+
+int dtls1_shutdown(SSL *s)
+{
+    int ret;
+#ifndef OPENSSL_NO_SCTP
+    BIO *wbio;
+
+    wbio = SSL_get_wbio(s);
+    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        ret = BIO_dgram_sctp_wait_for_dry(wbio);
+        if (ret < 0)
+            return -1;
+
+        if (ret == 0)
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,
+                     NULL);
+    }
+#endif
+    ret = ssl3_shutdown(s);
+#ifndef OPENSSL_NO_SCTP
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
+#endif
+    return ret;
+}
+
+int dtls1_query_mtu(SSL *s)
+{
+    if (s->d1->link_mtu) {
+        s->d1->mtu =
+            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+        s->d1->link_mtu = 0;
+    }
+
+    /* AHA!  Figure out the MTU, and stick to the right size */
+    if (s->d1->mtu < dtls1_min_mtu(s)) {
+        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+            s->d1->mtu =
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+            /*
+             * I've seen the kernel return bogus numbers when it doesn't know
+             * (initial write), so just make sure we have a reasonable number
+             */
+            if (s->d1->mtu < dtls1_min_mtu(s)) {
+                /* Set to min mtu */
+                s->d1->mtu = dtls1_min_mtu(s);
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+                         s->d1->mtu, NULL);
+            }
+        } else
+            return 0;
+    }
+    return 1;
+}
+
+unsigned int dtls1_link_min_mtu(void)
+{
+    return (g_probable_mtu[(sizeof(g_probable_mtu) /
+                            sizeof(g_probable_mtu[0])) - 1]);
+}
+
+unsigned int dtls1_min_mtu(SSL *s)
+{
+    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+}
diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c
deleted file mode 100644
index 734077493f..0000000000
--- a/ssl/d1_meth.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* ssl/d1_meth.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static const SSL_METHOD *dtls1_get_method(int ver);
-static const SSL_METHOD *dtls1_get_method(int ver)
-{
-    if (ver == DTLS1_VERSION)
-        return (DTLSv1_method());
-    else if (ver == DTLS1_2_VERSION)
-        return (DTLSv1_2_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
-                          DTLSv1_method,
-                          dtls1_accept,
-                          dtls1_connect, dtls1_get_method, DTLSv1_enc_data)
-
-    IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
-                          DTLSv1_2_method,
-                          dtls1_accept,
-                          dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data)
-
-    IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
-                          DTLS_method,
-                          dtls1_accept,
-                          dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data)
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
deleted file mode 100644
index 47c6203799..0000000000
--- a/ssl/d1_srvr.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/* ssl/d1_srvr.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-static const SSL_METHOD *dtls1_get_server_method(int ver);
-
-static const SSL_METHOD *dtls1_get_server_method(int ver)
-{
-    if (ver == DTLS1_VERSION)
-        return (DTLSv1_server_method());
-    else if (ver == DTLS1_2_VERSION)
-        return (DTLSv1_2_server_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
-                          DTLSv1_server_method,
-                          dtls1_accept,
-                          ssl_undefined_function,
-                          dtls1_get_server_method, DTLSv1_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
-                          DTLSv1_2_server_method,
-                          dtls1_accept,
-                          ssl_undefined_function,
-                          dtls1_get_server_method, DTLSv1_2_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
-                          DTLS_server_method,
-                          dtls1_accept,
-                          ssl_undefined_function,
-                          dtls1_get_server_method, DTLSv1_2_enc_data)
-
-
-unsigned int dtls1_raw_hello_verify_request(unsigned char *buf,
-                                            unsigned char *cookie,
-                                            unsigned char cookie_len)
-{
-    unsigned int msg_len;
-    unsigned char *p;
-
-    p = buf;
-    /* Always use DTLS 1.0 version: see RFC 6347 */
-    *(p++) = DTLS1_VERSION >> 8;
-    *(p++) = DTLS1_VERSION & 0xFF;
-
-    *(p++) = (unsigned char)cookie_len;
-    memcpy(p, cookie, cookie_len);
-    p += cookie_len;
-    msg_len = p - buf;
-
-    return msg_len;
-}
-
-
-int dtls_construct_hello_verify_request(SSL *s)
-{
-    unsigned int len;
-    unsigned char *buf;
-
-    buf = (unsigned char *)s->init_buf->data;
-
-    if (s->ctx->app_gen_cookie_cb == NULL ||
-        s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
-                                  &(s->d1->cookie_len)) == 0 ||
-        s->d1->cookie_len > 255) {
-        SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
-               SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
-        statem_set_error(s);
-        return 0;
-    }
-
-    len = dtls1_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH],
-                                         s->d1->cookie, s->d1->cookie_len);
-
-    dtls1_set_message_header(s, buf, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0,
-                             len);
-    len += DTLS1_HM_HEADER_LENGTH;
-
-    /* number of bytes to write */
-    s->init_num = len;
-    s->init_off = 0;
-
-    return 1;
-}
diff --git a/ssl/methods.c b/ssl/methods.c
new file mode 100644
index 0000000000..4e7093ed3c
--- /dev/null
+++ b/ssl/methods.c
@@ -0,0 +1,347 @@
+/* ssl/t1_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2015 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+ 
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+/*
+ * TLS/SSLv3 methods
+ */
+
+static const SSL_METHOD *tls1_get_method(int ver)
+{
+    if (ver == TLS_ANY_VERSION)
+        return TLS_method();
+    if (ver == TLS1_2_VERSION)
+        return TLSv1_2_method();
+    if (ver == TLS1_1_VERSION)
+        return TLSv1_1_method();
+    if (ver == TLS1_VERSION)
+        return TLSv1_method();
+#ifndef OPENSSL_NO_SSL3
+    if (ver == SSL3_VERSION)
+        return (SSLv3_method());
+    else
+#endif
+    return NULL;
+}
+
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_method,
+                        statem_accept,
+                        statem_connect, tls1_get_method, TLSv1_2_enc_data)
+
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method,
+                        statem_accept,
+                        statem_connect, tls1_get_method, TLSv1_2_enc_data)
+
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method,
+                        statem_accept,
+                        statem_connect, tls1_get_method, TLSv1_1_enc_data)
+
+IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method,
+                        statem_accept,
+                        statem_connect, tls1_get_method, TLSv1_enc_data)
+
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(SSLv3_method,
+                         statem_accept, statem_connect, tls1_get_method)
+#endif
+
+
+/*
+ * TLS/SSLv3 server methods
+ */
+
+static const SSL_METHOD *tls1_get_server_method(int ver)
+{
+    if (ver == TLS_ANY_VERSION)
+        return TLS_server_method();
+    if (ver == TLS1_2_VERSION)
+        return TLSv1_2_server_method();
+    if (ver == TLS1_1_VERSION)
+        return TLSv1_1_server_method();
+    if (ver == TLS1_VERSION)
+        return TLSv1_server_method();
+#ifndef OPENSSL_NO_SSL3
+    if (ver == SSL3_VERSION)
+        return (SSLv3_server_method());
+#endif
+    return NULL;
+}
+
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_server_method,
+                        statem_accept,
+                        ssl_undefined_function,
+                        tls1_get_server_method, TLSv1_2_enc_data)
+
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method,
+                        statem_accept,
+                        ssl_undefined_function,
+                        tls1_get_server_method, TLSv1_2_enc_data)
+
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method,
+                        statem_accept,
+                        ssl_undefined_function,
+                        tls1_get_server_method, TLSv1_1_enc_data)
+
+IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method,
+                        statem_accept,
+                        ssl_undefined_function,
+                        tls1_get_server_method, TLSv1_enc_data)
+
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+                         statem_accept,
+                         ssl_undefined_function, tls1_get_server_method)
+#endif
+
+
+/*
+ * TLS/SSLv3 client methods
+ */
+
+static const SSL_METHOD *tls1_get_client_method(int ver)
+{
+    if (ver == TLS_ANY_VERSION)
+        return TLS_client_method();
+    if (ver == TLS1_2_VERSION)
+        return TLSv1_2_client_method();
+    if (ver == TLS1_1_VERSION)
+        return TLSv1_1_client_method();
+    if (ver == TLS1_VERSION)
+        return TLSv1_client_method();
+#ifndef OPENSSL_NO_SSL3
+    if (ver == SSL3_VERSION)
+        return (SSLv3_client_method());
+#endif
+    return NULL;
+}
+
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_client_method,
+                        ssl_undefined_function,
+                        statem_connect,
+                        tls1_get_client_method, TLSv1_2_enc_data)
+
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method,
+                        ssl_undefined_function,
+                        statem_connect,
+                        tls1_get_client_method, TLSv1_2_enc_data)
+
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method,
+                        ssl_undefined_function,
+                        statem_connect,
+                        tls1_get_client_method, TLSv1_1_enc_data)
+
+IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method,
+                        ssl_undefined_function,
+                        statem_connect, tls1_get_client_method, TLSv1_enc_data)
+
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
+                         ssl_undefined_function,
+                         statem_connect, tls1_get_client_method)
+#endif
+
+
+/*
+ * DTLS methods
+ */
+static const SSL_METHOD *dtls1_get_method(int ver)
+{
+    if (ver == DTLS1_VERSION)
+        return (DTLSv1_method());
+    else if (ver == DTLS1_2_VERSION)
+        return (DTLSv1_2_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
+                          DTLSv1_method,
+                          statem_accept,
+                          statem_connect, dtls1_get_method, DTLSv1_enc_data)
+
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
+                          DTLSv1_2_method,
+                          statem_accept,
+                          statem_connect, dtls1_get_method, DTLSv1_2_enc_data)
+
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
+                          DTLS_method,
+                          statem_accept,
+                          statem_connect, dtls1_get_method, DTLSv1_2_enc_data)
+
+
+/*
+ * DTLS server methods
+ */
+
+static const SSL_METHOD *dtls1_get_server_method(int ver)
+{
+    if (ver == DTLS1_VERSION)
+        return (DTLSv1_server_method());
+    else if (ver == DTLS1_2_VERSION)
+        return (DTLSv1_2_server_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
+                          DTLSv1_server_method,
+                          statem_accept,
+                          ssl_undefined_function,
+                          dtls1_get_server_method, DTLSv1_enc_data)
+
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
+                          DTLSv1_2_server_method,
+                          statem_accept,
+                          ssl_undefined_function,
+                          dtls1_get_server_method, DTLSv1_2_enc_data)
+
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
+                          DTLS_server_method,
+                          statem_accept,
+                          ssl_undefined_function,
+                          dtls1_get_server_method, DTLSv1_2_enc_data)
+
+
+/*
+ * DTLS client methods
+ */
+
+static const SSL_METHOD *dtls1_get_client_method(int ver)
+{
+    if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
+        return (DTLSv1_client_method());
+    else if (ver == DTLS1_2_VERSION)
+        return (DTLSv1_2_client_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
+                          DTLSv1_client_method,
+                          ssl_undefined_function,
+                          statem_connect,
+                          dtls1_get_client_method, DTLSv1_enc_data)
+
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
+                          DTLSv1_2_client_method,
+                          ssl_undefined_function,
+                          statem_connect,
+                          dtls1_get_client_method, DTLSv1_2_enc_data)
+
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
+                          DTLS_client_method,
+                          ssl_undefined_function,
+                          statem_connect,
+                          dtls1_get_client_method, DTLSv1_2_enc_data)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index ab095c8267..25afff8c9b 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -166,6 +166,7 @@
 # include <openssl/symhacks.h>
 
 #include "record/record.h"
+#include "statem/statem.h"
 #include "packet_locl.h"
 
 # ifdef OPENSSL_BUILD_SHLIBSSL
@@ -715,88 +716,6 @@ struct ssl_comp_st {
 DECLARE_STACK_OF(SSL_COMP)
 DECLARE_LHASH_OF(SSL_SESSION);
 
-/*
- * Valid return codes used for functions performing work prior to or after
- * sending or receiving a message
- */
-enum WORK_STATE {
-    /* Something went wrong */
-    WORK_ERROR,
-    /* We're done working and there shouldn't be anything else to do after */
-    WORK_FINISHED_STOP,
-    /* We're done working move onto the next thing */
-    WORK_FINISHED_CONTINUE,
-    /* We're working on phase A */
-    WORK_MORE_A,
-    /* We're working on phase B */
-    WORK_MORE_B
-};
-
-/* Write transition return codes */
-enum WRITE_TRAN {
-    /* Something went wrong */
-    WRITE_TRAN_ERROR,
-    /* A transition was successfully completed and we should continue */
-    WRITE_TRAN_CONTINUE,
-    /* There is no more write work to be done */
-    WRITE_TRAN_FINISHED
-};
-
-/* Message processing return codes */
-enum MSG_PROCESS_RETURN {
-    MSG_PROCESS_ERROR,
-    MSG_PROCESS_FINISHED_READING,
-    MSG_PROCESS_CONTINUE_PROCESSING,
-    MSG_PROCESS_CONTINUE_READING
-};
-
-/* Message flow states */
-enum MSG_FLOW_STATE {
-    /* No handshake in progress */
-    MSG_FLOW_UNINITED,
-    /* A permanent error with this connection */
-    MSG_FLOW_ERROR,
-    /* We are about to renegotiate */
-    MSG_FLOW_RENEGOTIATE,
-    /* We are reading messages */
-    MSG_FLOW_READING,
-    /* We are writing messages */
-    MSG_FLOW_WRITING,
-    /* Handshake has finished */
-    MSG_FLOW_FINISHED
-};
-
-/* Read states */
-enum READ_STATE {
-    READ_STATE_HEADER,
-    READ_STATE_BODY,
-    READ_STATE_POST_PROCESS
-};
-
-/* Write states */
-enum WRITE_STATE {
-    WRITE_STATE_TRANSITION,
-    WRITE_STATE_PRE_WORK,
-    WRITE_STATE_SEND,
-    WRITE_STATE_POST_WORK
-};
-
-struct statem_st {
-    enum MSG_FLOW_STATE state;
-    enum WRITE_STATE write_state;
-    enum WORK_STATE write_state_work;
-    enum READ_STATE read_state;
-    enum WORK_STATE read_state_work;
-    enum HANDSHAKE_STATE hand_state;
-    int in_init;
-    int read_state_first_init;
-    int use_timer;
-#ifndef OPENSSL_NO_SCTP
-    int in_sctp_read_sock;
-#endif
-};
-typedef struct statem_st STATEM;
-
 
 struct ssl_ctx_st {
     const SSL_METHOD *method;
@@ -2033,18 +1952,6 @@ __owur SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
 __owur int ssl3_digest_cached_records(SSL *s, int keep);
 __owur int ssl3_new(SSL *s);
 void ssl3_free(SSL *s);
-__owur int ssl3_accept(SSL *s);
-__owur int ssl3_connect(SSL *s);
-void statem_clear(SSL *s);
-void statem_set_renegotiate(SSL *s);
-void statem_set_error(SSL *s);
-int statem_in_error(const SSL *s);
-void statem_set_in_init(SSL *s, int init);
-__owur int statem_app_data_allowed(SSL *s);
-#ifndef OPENSSL_NO_SCTP
-void statem_set_sctp_read_sock(SSL *s, int read_sock);
-__owur int statem_in_sctp_read_sock(SSL *s);
-#endif
 __owur int ssl3_read(SSL *s, void *buf, int len);
 __owur int ssl3_peek(SSL *s, void *buf, int len);
 __owur int ssl3_write(SSL *s, const void *buf, int len);
@@ -2091,13 +1998,14 @@ void dtls1_start_timer(SSL *s);
 void dtls1_stop_timer(SSL *s);
 __owur int dtls1_is_timer_expired(SSL *s);
 void dtls1_double_timeout(SSL *s);
-__owur unsigned int dtls1_raw_hello_verify_request(unsigned char *buf,
-                                                   unsigned char *cookie,
-                                                   unsigned char cookie_len);
+__owur unsigned int dtls_raw_hello_verify_request(unsigned char *buf,
+                                                  unsigned char *cookie,
+                                                  unsigned char cookie_len);
 __owur int dtls1_send_newsession_ticket(SSL *s);
 __owur unsigned int dtls1_min_mtu(SSL *s);
 __owur unsigned int dtls1_link_min_mtu(void);
 void dtls1_hm_fragment_free(hm_fragment *frag);
+__owur int dtls1_query_mtu(SSL *s);
 
 /* some client-only functions */
 __owur int tls_construct_client_hello(SSL *s);
@@ -2154,8 +2062,6 @@ long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
 long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
 
 __owur int dtls1_new(SSL *s);
-__owur int dtls1_accept(SSL *s);
-__owur int dtls1_connect(SSL *s);
 void dtls1_free(SSL *s);
 void dtls1_clear(SSL *s);
 long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
diff --git a/ssl/statem.c b/ssl/statem/statem.c
similarity index 99%
rename from ssl/statem.c
rename to ssl/statem/statem.c
index 81af75c4d5..7e4f524ddc 100644
--- a/ssl/statem.c
+++ b/ssl/statem/statem.c
@@ -1,4 +1,4 @@
-/* ssl/statem.c */
+/* ssl/statem/statem.c */
 /*
  * Written by Matt Caswell for the OpenSSL project.
  */
@@ -57,7 +57,7 @@
  */
 
 #include <openssl/rand.h>
-#include "ssl_locl.h"
+#include "../ssl_locl.h"
 
 /*
  * This file implements the SSL/TLS/DTLS state machines.
@@ -215,21 +215,11 @@ void statem_set_in_init(SSL *s, int init)
     s->statem.in_init = init;
 }
 
-int ssl3_connect(SSL *s) {
+int statem_connect(SSL *s) {
     return state_machine(s, 0);
 }
 
-int dtls1_connect(SSL *s)
-{
-    return state_machine(s, 0);
-}
-
-int ssl3_accept(SSL *s)
-{
-    return state_machine(s, 1);
-}
-
-int dtls1_accept(SSL *s)
+int statem_accept(SSL *s)
 {
     return state_machine(s, 1);
 }
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
new file mode 100644
index 0000000000..b6256f9788
--- /dev/null
+++ b/ssl/statem/statem.h
@@ -0,0 +1,174 @@
+/* ssl/statem/statem.h */
+/* ====================================================================
+ * Copyright (c) 1998-2015 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * These emums should be considered PRIVATE to the state machine. No         *
+ * non-state machine code should need to use these                           *
+ *                                                                           *
+ *****************************************************************************/
+/*
+ * Valid return codes used for functions performing work prior to or after
+ * sending or receiving a message
+ */
+enum WORK_STATE {
+    /* Something went wrong */
+    WORK_ERROR,
+    /* We're done working and there shouldn't be anything else to do after */
+    WORK_FINISHED_STOP,
+    /* We're done working move onto the next thing */
+    WORK_FINISHED_CONTINUE,
+    /* We're working on phase A */
+    WORK_MORE_A,
+    /* We're working on phase B */
+    WORK_MORE_B
+};
+
+/* Write transition return codes */
+enum WRITE_TRAN {
+    /* Something went wrong */
+    WRITE_TRAN_ERROR,
+    /* A transition was successfully completed and we should continue */
+    WRITE_TRAN_CONTINUE,
+    /* There is no more write work to be done */
+    WRITE_TRAN_FINISHED
+};
+
+/* Message processing return codes */
+enum MSG_PROCESS_RETURN {
+    MSG_PROCESS_ERROR,
+    MSG_PROCESS_FINISHED_READING,
+    MSG_PROCESS_CONTINUE_PROCESSING,
+    MSG_PROCESS_CONTINUE_READING
+};
+
+/* Message flow states */
+enum MSG_FLOW_STATE {
+    /* No handshake in progress */
+    MSG_FLOW_UNINITED,
+    /* A permanent error with this connection */
+    MSG_FLOW_ERROR,
+    /* We are about to renegotiate */
+    MSG_FLOW_RENEGOTIATE,
+    /* We are reading messages */
+    MSG_FLOW_READING,
+    /* We are writing messages */
+    MSG_FLOW_WRITING,
+    /* Handshake has finished */
+    MSG_FLOW_FINISHED
+};
+
+/* Read states */
+enum READ_STATE {
+    READ_STATE_HEADER,
+    READ_STATE_BODY,
+    READ_STATE_POST_PROCESS
+};
+
+/* Write states */
+enum WRITE_STATE {
+    WRITE_STATE_TRANSITION,
+    WRITE_STATE_PRE_WORK,
+    WRITE_STATE_SEND,
+    WRITE_STATE_POST_WORK
+};
+
+
+/*****************************************************************************
+ *                                                                           *
+ * This structure should be considered "opaque" to anything outside of the   *
+ * state machine. No non-state machine code should be accessing the members  *
+ * of this structure.                                                        *
+ *                                                                           *
+ *****************************************************************************/
+
+struct statem_st {
+    enum MSG_FLOW_STATE state;
+    enum WRITE_STATE write_state;
+    enum WORK_STATE write_state_work;
+    enum READ_STATE read_state;
+    enum WORK_STATE read_state_work;
+    enum HANDSHAKE_STATE hand_state;
+    int in_init;
+    int read_state_first_init;
+    int use_timer;
+#ifndef OPENSSL_NO_SCTP
+    int in_sctp_read_sock;
+#endif
+};
+typedef struct statem_st STATEM;
+
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions represent the libssl internal API to the   *
+ * state machine. Any libssl code may call these functions/macros            *
+ *                                                                           *
+ *****************************************************************************/
+
+__owur int statem_accept(SSL *s);
+__owur int statem_connect(SSL *s);
+void statem_clear(SSL *s);
+void statem_set_renegotiate(SSL *s);
+void statem_set_error(SSL *s);
+int statem_in_error(const SSL *s);
+void statem_set_in_init(SSL *s, int init);
+__owur int statem_app_data_allowed(SSL *s);
+#ifndef OPENSSL_NO_SCTP
+void statem_set_sctp_read_sock(SSL *s, int read_sock);
+__owur int statem_in_sctp_read_sock(SSL *s);
+#endif
+
+
diff --git a/ssl/s3_clnt.c b/ssl/statem/statem_clnt.c
similarity index 98%
rename from ssl/s3_clnt.c
rename to ssl/statem/statem_clnt.c
index 49a9f60259..3ff427650b 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1,4 +1,4 @@
-/* ssl/s3_clnt.c */
+/* ssl/statem/statem_clnt.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -149,7 +149,7 @@
  */
 
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "../ssl_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -448,6 +448,40 @@ int tls_construct_client_hello(SSL *s)
     return 0;
 }
 
+enum MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
+{
+    int al;
+    unsigned int cookie_len;
+    PACKET cookiepkt;
+
+    if (!PACKET_forward(pkt, 2)
+            || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    cookie_len = PACKET_remaining(&cookiepkt);
+    if (cookie_len > sizeof(s->d1->cookie)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_TOO_LONG);
+        goto f_err;
+    }
+
+    if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    s->d1->cookie_len = cookie_len;
+
+    return MSG_PROCESS_FINISHED_READING;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    statem_set_error(s);
+    return MSG_PROCESS_ERROR;
+}
+
 enum MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
 {
     STACK_OF(SSL_CIPHER) *sk;
diff --git a/ssl/d1_both.c b/ssl/statem/statem_dtls.c
similarity index 86%
rename from ssl/d1_both.c
rename to ssl/statem/statem_dtls.c
index e20278b1ce..e13ed8d247 100644
--- a/ssl/d1_both.c
+++ b/ssl/statem/statem_dtls.c
@@ -1,4 +1,4 @@
-/* ssl/d1_both.c */
+/* ssl/statem/statem_dtls.c */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -116,7 +116,7 @@
 #include <limits.h>
 #include <string.h>
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "../ssl_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -149,9 +149,6 @@ static unsigned char bitmask_start_values[] =
 static unsigned char bitmask_end_values[] =
     { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
 
-/* XDTLS:  figure out the right values */
-static const unsigned int g_probable_mtu[] = { 1500, 512, 256 };
-
 static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
                                      unsigned long frag_len);
 static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
@@ -214,36 +211,6 @@ void dtls1_hm_fragment_free(hm_fragment *frag)
     OPENSSL_free(frag);
 }
 
-static int dtls1_query_mtu(SSL *s)
-{
-    if (s->d1->link_mtu) {
-        s->d1->mtu =
-            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
-        s->d1->link_mtu = 0;
-    }
-
-    /* AHA!  Figure out the MTU, and stick to the right size */
-    if (s->d1->mtu < dtls1_min_mtu(s)) {
-        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
-            s->d1->mtu =
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
-            /*
-             * I've seen the kernel return bogus numbers when it doesn't know
-             * (initial write), so just make sure we have a reasonable number
-             */
-            if (s->d1->mtu < dtls1_min_mtu(s)) {
-                /* Set to min mtu */
-                s->d1->mtu = dtls1_min_mtu(s);
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
-                         s->d1->mtu, NULL);
-            }
-        } else
-            return 0;
-    }
-    return 1;
-}
-
 /*
  * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
  * SSL3_RT_CHANGE_CIPHER_SPEC)
@@ -1301,17 +1268,6 @@ static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
     return p;
 }
 
-unsigned int dtls1_link_min_mtu(void)
-{
-    return (g_probable_mtu[(sizeof(g_probable_mtu) /
-                            sizeof(g_probable_mtu[0])) - 1]);
-}
-
-unsigned int dtls1_min_mtu(SSL *s)
-{
-    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
-}
-
 void
 dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
 {
@@ -1324,194 +1280,4 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
     n2l3(data, msg_hdr->frag_len);
 }
 
-int dtls1_shutdown(SSL *s)
-{
-    int ret;
-#ifndef OPENSSL_NO_SCTP
-    BIO *wbio;
-
-    wbio = SSL_get_wbio(s);
-    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
-        !(s->shutdown & SSL_SENT_SHUTDOWN)) {
-        ret = BIO_dgram_sctp_wait_for_dry(wbio);
-        if (ret < 0)
-            return -1;
-
-        if (ret == 0)
-            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,
-                     NULL);
-    }
-#endif
-    ret = ssl3_shutdown(s);
-#ifndef OPENSSL_NO_SCTP
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
-#endif
-    return ret;
-}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
-{
-    unsigned char *pl;
-    unsigned short hbtype;
-    unsigned int payload;
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    if (s->msg_callback)
-        s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-                        p, length, s, s->msg_callback_arg);
-
-    /* Read type and payload length first */
-    if (1 + 2 + 16 > length)
-        return 0;               /* silently discard */
-    if (length > SSL3_RT_MAX_PLAIN_LENGTH)
-        return 0;               /* silently discard per RFC 6520 sec. 4 */
-
-    hbtype = *p++;
-    n2s(p, payload);
-    if (1 + 2 + payload + 16 > length)
-        return 0;               /* silently discard per RFC 6520 sec. 4 */
-    pl = p;
-
-    if (hbtype == TLS1_HB_REQUEST) {
-        unsigned char *buffer, *bp;
-        unsigned int write_length = 1 /* heartbeat type */  +
-            2 /* heartbeat length */  +
-            payload + padding;
-        int r;
-
-        if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
-            return 0;
-
-        /*
-         * Allocate memory for the response, size is 1 byte message type,
-         * plus 2 bytes payload length, plus payload, plus padding
-         */
-        buffer = OPENSSL_malloc(write_length);
-        if (buffer == NULL)
-            return -1;
-        bp = buffer;
-
-        /* Enter response type, length and copy payload */
-        *bp++ = TLS1_HB_RESPONSE;
-        s2n(payload, bp);
-        memcpy(bp, pl, payload);
-        bp += payload;
-        /* Random padding */
-        if (RAND_bytes(bp, padding) <= 0) {
-            OPENSSL_free(buffer);
-            return -1;
-        }
-
-        r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
-
-        if (r >= 0 && s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buffer, write_length, s, s->msg_callback_arg);
-
-        OPENSSL_free(buffer);
-
-        if (r < 0)
-            return r;
-    } else if (hbtype == TLS1_HB_RESPONSE) {
-        unsigned int seq;
-
-        /*
-         * We only send sequence numbers (2 bytes unsigned int), and 16
-         * random bytes, so we just try to read the sequence number
-         */
-        n2s(pl, seq);
-
-        if (payload == 18 && seq == s->tlsext_hb_seq) {
-            dtls1_stop_timer(s);
-            s->tlsext_hb_seq++;
-            s->tlsext_hb_pending = 0;
-        }
-    }
-
-    return 0;
-}
-
-int dtls1_heartbeat(SSL *s)
-{
-    unsigned char *buf, *p;
-    int ret = -1;
-    unsigned int payload = 18;  /* Sequence number + random bytes */
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    /* Only send if peer supports and accepts HB requests... */
-    if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
-        s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
-        return -1;
-    }
 
-    /* ...and there is none in flight yet... */
-    if (s->tlsext_hb_pending) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
-        return -1;
-    }
-
-    /* ...and no handshake in progress. */
-    if (SSL_in_init(s) || s->in_handshake) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
-        return -1;
-    }
-
-    /*
-     * Check if padding is too long, payload and padding must not exceed 2^14
-     * - 3 = 16381 bytes in total.
-     */
-    OPENSSL_assert(payload + padding <= 16381);
-
-    /*-
-     * Create HeartBeat message, we just use a sequence number
-     * as payload to distuingish different messages and add
-     * some random stuff.
-     *  - Message Type, 1 byte
-     *  - Payload Length, 2 bytes (unsigned int)
-     *  - Payload, the sequence number (2 bytes uint)
-     *  - Payload, random bytes (16 bytes uint)
-     *  - Padding
-     */
-    buf = OPENSSL_malloc(1 + 2 + payload + padding);
-    if (buf == NULL) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE);
-        return -1;
-    }
-    p = buf;
-    /* Message Type */
-    *p++ = TLS1_HB_REQUEST;
-    /* Payload length (18 bytes here) */
-    s2n(payload, p);
-    /* Sequence number */
-    s2n(s->tlsext_hb_seq, p);
-    /* 16 random bytes */
-    if (RAND_bytes(p, 16) <= 0) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    p += 16;
-    /* Random padding */
-    if (RAND_bytes(p, padding) <= 0) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
-    ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
-    if (ret >= 0) {
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buf, 3 + payload + padding,
-                            s, s->msg_callback_arg);
-
-        dtls1_start_timer(s);
-        s->tlsext_hb_pending = 1;
-    }
-
- err:
-    OPENSSL_free(buf);
-
-    return ret;
-}
-#endif
diff --git a/ssl/s3_both.c b/ssl/statem/statem_lib.c
similarity index 99%
rename from ssl/s3_both.c
rename to ssl/statem/statem_lib.c
index 47f02dbf3a..75d151e5e0 100644
--- a/ssl/s3_both.c
+++ b/ssl/statem/statem_lib.c
@@ -1,4 +1,4 @@
-/* ssl/s3_both.c */
+/* ssl/statem/statem_lib.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -117,7 +117,7 @@
 #include <limits.h>
 #include <string.h>
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "../ssl_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -410,13 +410,13 @@ enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst)
             ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
 
             s->ctx->stats.sess_accept_good++;
-            s->handshake_func = ssl3_accept;
+            s->handshake_func = statem_accept;
         } else {
             ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
             if (s->hit)
                 s->ctx->stats.sess_hit++;
 
-            s->handshake_func = ssl3_connect;
+            s->handshake_func = statem_connect;
             s->ctx->stats.sess_connect_good++;
         }
 
diff --git a/ssl/s3_srvr.c b/ssl/statem/statem_srvr.c
similarity index 98%
rename from ssl/s3_srvr.c
rename to ssl/statem/statem_srvr.c
index 4442223282..5f85a8c500 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1,4 +1,4 @@
-/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ssl/statem/statem_srvr.c -*- mode:C; c-file-style: "eay" -*- */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -150,7 +150,7 @@
 
 
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "../ssl_locl.h"
 #include "internal/constant_time_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
@@ -204,6 +204,57 @@ int tls_construct_hello_request(SSL *s)
     return 1;
 }
 
+unsigned int dtls_raw_hello_verify_request(unsigned char *buf,
+                                            unsigned char *cookie,
+                                            unsigned char cookie_len)
+{
+    unsigned int msg_len;
+    unsigned char *p;
+
+    p = buf;
+    /* Always use DTLS 1.0 version: see RFC 6347 */
+    *(p++) = DTLS1_VERSION >> 8;
+    *(p++) = DTLS1_VERSION & 0xFF;
+
+    *(p++) = (unsigned char)cookie_len;
+    memcpy(p, cookie, cookie_len);
+    p += cookie_len;
+    msg_len = p - buf;
+
+    return msg_len;
+}
+
+int dtls_construct_hello_verify_request(SSL *s)
+{
+    unsigned int len;
+    unsigned char *buf;
+
+    buf = (unsigned char *)s->init_buf->data;
+
+    if (s->ctx->app_gen_cookie_cb == NULL ||
+        s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+                                  &(s->d1->cookie_len)) == 0 ||
+        s->d1->cookie_len > 255) {
+        SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
+               SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+        statem_set_error(s);
+        return 0;
+    }
+
+    len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH],
+                                         s->d1->cookie, s->d1->cookie_len);
+
+    dtls1_set_message_header(s, buf, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0,
+                             len);
+    len += DTLS1_HM_HEADER_LENGTH;
+
+    /* number of bytes to write */
+    s->init_num = len;
+    s->init_off = 0;
+
+    return 1;
+}
+
 enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
 {
     int i, al = SSL_AD_INTERNAL_ERROR;
diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c
deleted file mode 100644
index 9e117e9a69..0000000000
--- a/ssl/t1_clnt.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* ssl/t1_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static const SSL_METHOD *tls1_get_client_method(int ver);
-static const SSL_METHOD *tls1_get_client_method(int ver)
-{
-    if (ver == TLS_ANY_VERSION)
-        return TLS_client_method();
-    if (ver == TLS1_2_VERSION)
-        return TLSv1_2_client_method();
-    if (ver == TLS1_1_VERSION)
-        return TLSv1_1_client_method();
-    if (ver == TLS1_VERSION)
-        return TLSv1_client_method();
-#ifndef OPENSSL_NO_SSL3
-    if (ver == SSL3_VERSION)
-        return (SSLv3_client_method());
-#endif
-    return NULL;
-}
-
-IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_client_method,
-                        ssl_undefined_function,
-                        ssl3_connect,
-                        tls1_get_client_method, TLSv1_2_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method,
-                        ssl_undefined_function,
-                        ssl3_connect,
-                        tls1_get_client_method, TLSv1_2_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method,
-                        ssl_undefined_function,
-                        ssl3_connect,
-                        tls1_get_client_method, TLSv1_1_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method,
-                        ssl_undefined_function,
-                        ssl3_connect, tls1_get_client_method, TLSv1_enc_data)
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
-                         ssl_undefined_function,
-                         ssl3_connect, tls1_get_client_method)
-#endif
diff --git a/ssl/t1_meth.c b/ssl/t1_meth.c
deleted file mode 100644
index aa16d3f2a8..0000000000
--- a/ssl/t1_meth.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* ssl/t1_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static const SSL_METHOD *tls1_get_method(int ver)
-{
-    if (ver == TLS_ANY_VERSION)
-        return TLS_method();
-    if (ver == TLS1_2_VERSION)
-        return TLSv1_2_method();
-    if (ver == TLS1_1_VERSION)
-        return TLSv1_1_method();
-    if (ver == TLS1_VERSION)
-        return TLSv1_method();
-#ifndef OPENSSL_NO_SSL3
-    if (ver == SSL3_VERSION)
-        return (SSLv3_method());
-    else
-#endif
-    return NULL;
-}
-
-IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_method,
-                        ssl3_accept,
-                        ssl3_connect, tls1_get_method, TLSv1_2_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method,
-                        ssl3_accept,
-                        ssl3_connect, tls1_get_method, TLSv1_2_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method,
-                        ssl3_accept,
-                        ssl3_connect, tls1_get_method, TLSv1_1_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method,
-                        ssl3_accept,
-                        ssl3_connect, tls1_get_method, TLSv1_enc_data)
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-IMPLEMENT_ssl3_meth_func(SSLv3_method,
-                         ssl3_accept, ssl3_connect, tls1_get_method)
-#endif
diff --git a/ssl/t1_srvr.c b/ssl/t1_srvr.c
deleted file mode 100644
index 6e54b5169c..0000000000
--- a/ssl/t1_srvr.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/* ssl/t1_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-static const SSL_METHOD *tls1_get_server_method(int ver);
-static const SSL_METHOD *tls1_get_server_method(int ver)
-{
-    if (ver == TLS_ANY_VERSION)
-        return TLS_server_method();
-    if (ver == TLS1_2_VERSION)
-        return TLSv1_2_server_method();
-    if (ver == TLS1_1_VERSION)
-        return TLSv1_1_server_method();
-    if (ver == TLS1_VERSION)
-        return TLSv1_server_method();
-#ifndef OPENSSL_NO_SSL3
-    if (ver == SSL3_VERSION)
-        return (SSLv3_server_method());
-#endif
-    return NULL;
-}
-
-IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_server_method,
-                        ssl3_accept,
-                        ssl_undefined_function,
-                        tls1_get_server_method, TLSv1_2_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method,
-                        ssl3_accept,
-                        ssl_undefined_function,
-                        tls1_get_server_method, TLSv1_2_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method,
-                        ssl3_accept,
-                        ssl_undefined_function,
-                        tls1_get_server_method, TLSv1_1_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method,
-                        ssl3_accept,
-                        ssl_undefined_function,
-                        tls1_get_server_method, TLSv1_enc_data)
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
-                         ssl3_accept,
-                         ssl_undefined_function, tls1_get_server_method)
-#endif
diff --git a/test/Makefile b/test/Makefile
index 6f32758074..ffeba40fb6 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -559,7 +559,7 @@ heartbeat_test.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 heartbeat_test.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 heartbeat_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 heartbeat_test.o: ../ssl/packet_locl.h ../ssl/record/record.h ../ssl/ssl_locl.h
-heartbeat_test.o: heartbeat_test.c testutil.h
+heartbeat_test.o: ../ssl/statem/statem.h heartbeat_test.c testutil.h
 hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
@@ -681,7 +681,8 @@ ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ssltest.o: ../include/openssl/x509v3.h ../ssl/packet_locl.h
-ssltest.o: ../ssl/record/record.h ../ssl/ssl_locl.h ssltest.c
+ssltest.o: ../ssl/record/record.h ../ssl/ssl_locl.h ../ssl/statem/statem.h
+ssltest.o: ssltest.c
 testutil.o: ../e_os.h ../include/openssl/e_os2.h
 testutil.o: ../include/openssl/opensslconf.h testutil.c testutil.h
 v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h