3414     EVP_PKEY_free(sc->s3.peer_tmp);  in ssl3_free()
3415     sc->s3.peer_tmp = NULL;  in ssl3_free()
3417     for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)  in ssl3_free()
3418         if (sc->s3.tmp.ks_pkey[i] != NULL) {  in ssl3_free()
3419             if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])  in ssl3_free()
3420                 sc->s3.tmp.pkey = NULL;  in ssl3_free()
3422             EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);  in ssl3_free()
3423             sc->s3.tmp.ks_pkey[i] = NULL;  in ssl3_free()
3425     sc->s3.tmp.num_ks_pkey = 0;  in ssl3_free()
3427     if (sc->s3.tmp.pkey != NULL) {  in ssl3_free()
3428         EVP_PKEY_free(sc->s3.tmp.pkey);  in ssl3_free()
3429         sc->s3.tmp.pkey = NULL;  in ssl3_free()
3432     ssl_evp_cipher_free(sc->s3.tmp.new_sym_enc);  in ssl3_free()
3433     ssl_evp_md_free(sc->s3.tmp.new_hash);  in ssl3_free()
3435     OPENSSL_free(sc->s3.tmp.ctype);  in ssl3_free()
3436     sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);  in ssl3_free()
3437     OPENSSL_free(sc->s3.tmp.ciphers_raw);  in ssl3_free()
3438     OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);  in ssl3_free()
3439     OPENSSL_free(sc->s3.tmp.peer_sigalgs);  in ssl3_free()
3440     OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);  in ssl3_free()
3441     OPENSSL_free(sc->s3.tmp.valid_flags);  in ssl3_free()
3443     OPENSSL_free(sc->s3.alpn_selected);  in ssl3_free()
3444     OPENSSL_free(sc->s3.alpn_proposed);  in ssl3_free()
3448     OPENSSL_free(sc->s3.tmp.psk);  in ssl3_free()
3454     memset(&sc->s3, 0, sizeof(sc->s3));  in ssl3_free()
3467     OPENSSL_free(sc->s3.tmp.ctype);  in ssl3_clear()
3468     sk_X509_NAME_pop_free(sc->s3.tmp.peer_ca_names, X509_NAME_free);  in ssl3_clear()
3469     OPENSSL_free(sc->s3.tmp.ciphers_raw);  in ssl3_clear()
3470     OPENSSL_clear_free(sc->s3.tmp.pms, sc->s3.tmp.pmslen);  in ssl3_clear()
3471     OPENSSL_free(sc->s3.tmp.peer_sigalgs);  in ssl3_clear()
3472     OPENSSL_free(sc->s3.tmp.peer_cert_sigalgs);  in ssl3_clear()
3473     OPENSSL_free(sc->s3.tmp.valid_flags);  in ssl3_clear()
3475     EVP_PKEY_free(sc->s3.peer_tmp);  in ssl3_clear()
3477     for (i = 0; i < sc->s3.tmp.num_ks_pkey; i++)  in ssl3_clear()
3478         if (sc->s3.tmp.ks_pkey[i] != NULL) {  in ssl3_clear()
3479             if (sc->s3.tmp.pkey == sc->s3.tmp.ks_pkey[i])  in ssl3_clear()
3480                 sc->s3.tmp.pkey = NULL;  in ssl3_clear()
3482             EVP_PKEY_free(sc->s3.tmp.ks_pkey[i]);  in ssl3_clear()
3483             sc->s3.tmp.ks_pkey[i] = NULL;  in ssl3_clear()
3485     sc->s3.tmp.num_ks_pkey = 0;  in ssl3_clear()
3487     if (sc->s3.tmp.pkey != NULL) {  in ssl3_clear()
3488         EVP_PKEY_free(sc->s3.tmp.pkey);  in ssl3_clear()
3489         sc->s3.tmp.pkey = NULL;  in ssl3_clear()
3494     OPENSSL_free(sc->s3.alpn_selected);  in ssl3_clear()
3495     OPENSSL_free(sc->s3.alpn_proposed);  in ssl3_clear()
3498      * NULL/zero-out everything in the s3 struct, but remember if we are doing  in ssl3_clear()
3501     flags = sc->s3.flags & (TLS1_FLAGS_QUIC | TLS1_FLAGS_QUIC_INTERNAL);  in ssl3_clear()
3502     memset(&sc->s3, 0, sizeof(sc->s3));  in ssl3_clear()
3503     sc->s3.flags |= flags;  in ssl3_clear()
3545         ret = sc->s3.num_renegotiations;  in ssl3_ctrl()
3548         ret = sc->s3.num_renegotiations;  in ssl3_ctrl()
3549         sc->s3.num_renegotiations = 0;  in ssl3_ctrl()
3552         ret = sc->s3.total_renegotiations;  in ssl3_ctrl()
3555         ret = (int)(sc->s3.flags);  in ssl3_ctrl()
3707             cipher = sc->s3.tmp.new_cipher;  in ssl3_ctrl()
3716             if (sc->s3.tmp.cert == NULL)  in ssl3_ctrl()
3718             sc->cert->key = sc->s3.tmp.cert;  in ssl3_ctrl()
3780             if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)  in ssl3_ctrl()
3781                 id = sc->s3.group_id;  in ssl3_ctrl()
3802             if (sc->server || !sc->s3.tmp.cert_req)  in ssl3_ctrl()
3805                 *pctype = sc->s3.tmp.ctype;  in ssl3_ctrl()
3806             return sc->s3.tmp.ctype_len;  in ssl3_ctrl()
3830         if (parg == NULL || sc->s3.tmp.peer_sigalg == NULL)  in ssl3_ctrl()
3832         *(const char **)parg = sc->s3.tmp.peer_sigalg->name;  in ssl3_ctrl()
3836         if (sc->s3.tmp.peer_sigalg == NULL)  in ssl3_ctrl()
3838         *(int *)parg = sc->s3.tmp.peer_sigalg->hash;  in ssl3_ctrl()
3842         if (parg == NULL || sc->s3.tmp.sigalg == NULL)  in ssl3_ctrl()
3844         *(const char **)parg = sc->s3.tmp.sigalg->name;  in ssl3_ctrl()
3848         if (sc->s3.tmp.sigalg == NULL)  in ssl3_ctrl()
3850         *(int *)parg = sc->s3.tmp.sigalg->hash;  in ssl3_ctrl()
3854         if (sc->session == NULL || sc->s3.peer_tmp == NULL) {  in ssl3_ctrl()
3857             if (!EVP_PKEY_up_ref(sc->s3.peer_tmp))  in ssl3_ctrl()
3860             *(EVP_PKEY **)parg = sc->s3.peer_tmp;  in ssl3_ctrl()
3865         if (sc->session == NULL || sc->s3.tmp.pkey == NULL) {  in ssl3_ctrl()
3868             if (!EVP_PKEY_up_ref(sc->s3.tmp.pkey))  in ssl3_ctrl()
3871             *(EVP_PKEY **)parg = sc->s3.tmp.pkey;  in ssl3_ctrl()
4444             mask_k = s->s3.tmp.mask_k;  in ssl3_choose_cipher()
4445             mask_a = s->s3.tmp.mask_a;  in ssl3_choose_cipher()
4485                 && s->s3.is_probably_safari) {  in ssl3_choose_cipher()
4525     alg_k = s->s3.tmp.new_cipher->algorithm_mkey;  in ssl3_get_req_cert_type()
4604          * written, s->s3.alert_dispatch will be > 0  in ssl3_shutdown()
4606         if (sc->s3.alert_dispatch > 0)  in ssl3_shutdown()
4608     } else if (sc->s3.alert_dispatch > 0) {  in ssl3_shutdown()
4631             && sc->s3.alert_dispatch == SSL_ALERT_DISPATCH_NONE)  in ssl3_shutdown()
4645     if (sc->s3.renegotiate)  in ssl3_write()
4662     if (sc->s3.renegotiate)  in ssl3_read_internal()
4664     sc->s3.in_read_app_data = 1;  in ssl3_read_internal()
4668     if ((ret == -1) && (sc->s3.in_read_app_data == 2)) {  in ssl3_read_internal()
4682         sc->s3.in_read_app_data = 0;  in ssl3_read_internal()
4707     sc->s3.renegotiate = 1;  in ssl3_renegotiate()
4727     if (sc->s3.renegotiate) {  in ssl3_renegotiate_check()
4737             sc->s3.renegotiate = 0;  in ssl3_renegotiate_check()
4738             sc->s3.num_renegotiations++;  in ssl3_renegotiate_check()
4739             sc->s3.total_renegotiations++;  in ssl3_renegotiate_check()
4757     if (s->s3.tmp.new_cipher == NULL)  in ssl_get_algorithm2()
4759     alg2 = s->s3.tmp.new_cipher->algorithm2;  in ssl_get_algorithm2()
4763     } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {  in ssl_get_algorithm2()
4814     unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;  in ssl_generate_master_secret()
4821         size_t psklen = s->s3.tmp.psklen;  in ssl_generate_master_secret()
4842         memcpy(t, s->s3.tmp.psk, psklen);  in ssl_generate_master_secret()
4844         OPENSSL_clear_free(s->s3.tmp.psk, psklen);  in ssl_generate_master_secret()
4845         s->s3.tmp.psk = NULL;  in ssl_generate_master_secret()
4846         s->s3.tmp.psklen = 0;  in ssl_generate_master_secret()
4877         s->s3.tmp.pms = NULL;  in ssl_generate_master_secret()
4878         s->s3.tmp.pmslen = 0;  in ssl_generate_master_secret()
5051         s->s3.tmp.pms = pms;  in ssl_derive()
5052         s->s3.tmp.pmslen = pmslen;  in ssl_derive()
5103         s->s3.tmp.pms = pms;  in ssl_decapsulate()
5104         s->s3.tmp.pmslen = pmslen;  in ssl_decapsulate()
5156         s->s3.tmp.pms = pms;  in ssl_encapsulate()
5157         s->s3.tmp.pmslen = pmslen;  in ssl_encapsulate()
5184     if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex)  in SSL_get0_group_name()
5185         id = sc->s3.group_id;  in SSL_get0_group_name()