Split most of SSL_METHOD out into an internal variant, which is opaque.

Discussed with beck@

23 files changed, 378 insertions, 303 deletions

diff --git a/lib/libssl/bio_ssl.c b/lib/libssl/bio_ssl.c
index 42f637a78ff..81b42b1a4f3 100644
--- a/lib/libssl/bio_ssl.c
+++ b/lib/libssl/bio_ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_ssl.c,v 1.23 2017/01/23 04:55:26 beck Exp $ */
+/* $OpenBSD: bio_ssl.c,v 1.24 2017/01/23 13:36:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -293,9 +293,9 @@ ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
 	case BIO_CTRL_RESET:
 		SSL_shutdown(ssl);
 
-		if (ssl->internal->handshake_func == ssl->method->ssl_connect)
+		if (ssl->internal->handshake_func == ssl->method->internal->ssl_connect)
 			SSL_set_connect_state(ssl);
-		else if (ssl->internal->handshake_func == ssl->method->ssl_accept)
+		else if (ssl->internal->handshake_func == ssl->method->internal->ssl_accept)
 			SSL_set_accept_state(ssl);
 
 		SSL_clear(ssl);
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index e709caa6047..a9a4c1a13b7 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.45 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: d1_both.c,v 1.46 2017/01/23 13:36:12 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -634,7 +634,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 		unsigned char devnull [256];
 
 		while (frag_len) {
-			i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+			i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
 			    devnull, frag_len > sizeof(devnull) ?
 			    sizeof(devnull) : frag_len, 0);
 			if (i <= 0)
@@ -646,7 +646,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 	}
 
 	/* read the body of the fragment (header has already been read */
-	i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+	i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
 	    frag->fragment + msg_hdr->frag_off, frag_len, 0);
 	if (i <= 0 || (unsigned long)i != frag_len)
 		goto err;
@@ -724,7 +724,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 		unsigned char devnull [256];
 
 		while (frag_len) {
-			i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+			i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
 			    devnull, frag_len > sizeof(devnull) ?
 			    sizeof(devnull) : frag_len, 0);
 			if (i <= 0)
@@ -746,7 +746,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 
 		if (frag_len) {
 			/* read the body of the fragment (header has already been read */
-			i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+			i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
 			    frag->fragment, frag_len, 0);
 			if (i <= 0 || (unsigned long)i != frag_len)
 				goto err;
@@ -790,7 +790,7 @@ again:
 	}
 
 	/* read handshake message header */
-	i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
+	i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
 	    DTLS1_HM_HEADER_LENGTH, 0);
 	if (i <= 0) 	/* nbio, or an error */
 	{
@@ -861,7 +861,7 @@ again:
 	if (frag_len > 0) {
 		unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
 
-		i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+		i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
 		    &p[frag_off], frag_len, 0);
 		/* XDTLS:  fix this--message fragments cannot span multiple packets */
 		if (i <= 0) {
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index 503a1f7fc65..6b5510c1e37 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.68 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.69 2017/01/23 13:36:13 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -130,7 +130,7 @@
 static const SSL_METHOD *dtls1_get_client_method(int ver);
 static int dtls1_get_hello_verify(SSL *s);
 
-static const SSL_METHOD DTLSv1_client_method_data = {
+static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
 	.version = DTLS1_VERSION,
 	.min_version = DTLS1_VERSION,
 	.max_version = DTLS1_VERSION,
@@ -143,21 +143,25 @@ static const SSL_METHOD DTLSv1_client_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = dtls1_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = dtls1_get_client_method,
+	.get_timeout = dtls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = dtls1_get_message,
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
+	.ssl3_enc = &DTLSv1_enc_data,
+};
+
+static const SSL_METHOD DTLSv1_client_method_data = {
 	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = dtls1_get_cipher,
-	.get_ssl_method = dtls1_get_client_method,
-	.get_timeout = dtls1_default_timeout,
-	.ssl3_enc = &DTLSv1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &DTLSv1_client_method_internal_data,
 };
 
 const SSL_METHOD *
@@ -434,12 +438,12 @@ dtls1_connect(SSL *s)
 			s->internal->init_num = 0;
 
 			s->session->cipher = S3I(s)->tmp.new_cipher;
-			if (!s->method->ssl3_enc->setup_key_block(s)) {
+			if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
 				ret = -1;
 				goto end;
 			}
 
-			if (!s->method->ssl3_enc->change_cipher_state(s,
+			if (!s->method->internal->ssl3_enc->change_cipher_state(s,
 			    SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
 				ret = -1;
 				goto end;
@@ -455,8 +459,8 @@ dtls1_connect(SSL *s)
 				dtls1_start_timer(s);
 			ret = ssl3_send_finished(s,
 			    SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
-			    s->method->ssl3_enc->client_finished_label,
-			    s->method->ssl3_enc->client_finished_label_len);
+			    s->method->internal->ssl3_enc->client_finished_label,
+			    s->method->internal->ssl3_enc->client_finished_label_len);
 			if (ret <= 0)
 				goto end;
 			s->internal->state = SSL3_ST_CW_FLUSH;
@@ -608,7 +612,7 @@ dtls1_get_hello_verify(SSL *s)
 	uint16_t ssl_version;
 	CBS hello_verify_request, cookie;
 
-	n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
+	n = s->method->internal->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
 	    DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok);
 
 	if (!ok)
diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c
index 697cb434f7a..e8c3b107618 100644
--- a/lib/libssl/d1_lib.c
+++ b/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.36 2017/01/22 07:16:38 beck Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.37 2017/01/23 13:36:13 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -141,7 +141,7 @@ dtls1_new(SSL *s)
 	}
 
 	s->d1 = d1;
-	s->method->ssl_clear(s);
+	s->method->internal->ssl_clear(s);
 	return (1);
 }
 
diff --git a/lib/libssl/d1_meth.c b/lib/libssl/d1_meth.c
index 4493aa180b3..fcd8906c456 100644
--- a/lib/libssl/d1_meth.c
+++ b/lib/libssl/d1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_meth.c,v 1.12 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: d1_meth.c,v 1.13 2017/01/23 13:36:13 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -65,7 +65,7 @@
 
 static const SSL_METHOD *dtls1_get_method(int ver);
 
-static const SSL_METHOD DTLSv1_method_data = {
+static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
 	.version = DTLS1_VERSION,
 	.min_version = DTLS1_VERSION,
 	.max_version = DTLS1_VERSION,
@@ -78,21 +78,25 @@ static const SSL_METHOD DTLSv1_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = dtls1_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = dtls1_get_method,
+	.get_timeout = dtls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = dtls1_get_message,
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
+	.ssl3_enc = &DTLSv1_enc_data,
+};
+
+static const SSL_METHOD DTLSv1_method_data = {
 	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = dtls1_get_cipher,
-	.get_ssl_method = dtls1_get_method,
-	.get_timeout = dtls1_default_timeout,
-	.ssl3_enc = &DTLSv1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &DTLSv1_method_internal_data,
 };
 
 const SSL_METHOD *
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index 1dba3d0c4d8..c64aa8f1060 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.56 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.57 2017/01/23 13:36:13 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -361,7 +361,7 @@ dtls1_process_record(SSL *s)
 	/* decrypt in place in 'rr->input' */
 	rr->data = rr->input;
 
-	enc_err = s->method->ssl3_enc->enc(s, 0);
+	enc_err = s->method->internal->ssl3_enc->enc(s, 0);
 	/* enc_err is:
 	 *    0: (in non-constant time) if the record is publically invalid.
 	 *    1: if the padding is valid
@@ -417,7 +417,7 @@ dtls1_process_record(SSL *s)
 			mac = &rr->data[rr->length];
 		}
 
-		i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
+		i = s->method->internal->ssl3_enc->mac(s, md, 0 /* not send */);
 		if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
 			enc_err = -1;
 		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
@@ -1279,7 +1279,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 	 * wr->data still points in the wb->buf */
 
 	if (mac_size != 0) {
-		if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
+		if (s->method->internal->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
 			goto err;
 		wr->length += mac_size;
 	}
@@ -1298,7 +1298,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 		wr->length += bs;
 	}
 
-	s->method->ssl3_enc->enc(s, 1);
+	s->method->internal->ssl3_enc->enc(s, 1);
 
 	/* record length after mac and block padding */
 /*	if (type == SSL3_RT_APPLICATION_DATA ||
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index 2a68483169e..1787412bf52 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.78 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.79 2017/01/23 13:36:13 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -128,7 +128,7 @@
 static const SSL_METHOD *dtls1_get_server_method(int ver);
 static int dtls1_send_hello_verify_request(SSL *s);
 
-static const SSL_METHOD DTLSv1_server_method_data = {
+static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
 	.version = DTLS1_VERSION,
 	.min_version = DTLS1_VERSION,
 	.max_version = DTLS1_VERSION,
@@ -141,21 +141,25 @@ static const SSL_METHOD DTLSv1_server_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = dtls1_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = dtls1_get_server_method,
+	.get_timeout = dtls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = dtls1_get_message,
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
+	.ssl3_enc = &DTLSv1_enc_data,
+};
+
+static const SSL_METHOD DTLSv1_server_method_data = {
 	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = dtls1_get_cipher,
-	.get_ssl_method = dtls1_get_server_method,
-	.get_timeout = dtls1_default_timeout,
-	.ssl3_enc = &DTLSv1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &DTLSv1_server_method_internal_data,
 };
 
 const SSL_METHOD *
@@ -519,9 +523,9 @@ dtls1_accept(SSL *s)
 
 				/* We need to get hashes here so if there is
 				 * a client cert, it can be verified */
-				s->method->ssl3_enc->cert_verify_mac(s,
+				s->method->internal->ssl3_enc->cert_verify_mac(s,
 				    NID_md5, &(S3I(s)->tmp.cert_verify_md[0]));
-				s->method->ssl3_enc->cert_verify_mac(s,
+				s->method->internal->ssl3_enc->cert_verify_mac(s,
 				    NID_sha1,
 				    &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
 			}
@@ -579,7 +583,7 @@ dtls1_accept(SSL *s)
 		case SSL3_ST_SW_CHANGE_B:
 
 			s->session->cipher = S3I(s)->tmp.new_cipher;
-			if (!s->method->ssl3_enc->setup_key_block(s)) {
+			if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
 				ret = -1;
 				goto end;
 			}
@@ -594,7 +598,7 @@ dtls1_accept(SSL *s)
 			s->internal->state = SSL3_ST_SW_FINISHED_A;
 			s->internal->init_num = 0;
 
-			if (!s->method->ssl3_enc->change_cipher_state(s,
+			if (!s->method->internal->ssl3_enc->change_cipher_state(s,
 				SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
 				ret = -1;
 				goto end;
@@ -607,8 +611,8 @@ dtls1_accept(SSL *s)
 		case SSL3_ST_SW_FINISHED_B:
 			ret = ssl3_send_finished(s,
 			    SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
-			    s->method->ssl3_enc->server_finished_label,
-			    s->method->ssl3_enc->server_finished_label_len);
+			    s->method->internal->ssl3_enc->server_finished_label,
+			    s->method->internal->ssl3_enc->server_finished_label_len);
 			if (ret <= 0)
 				goto end;
 			s->internal->state = SSL3_ST_SW_FLUSH;
diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c
index ccaee02564f..282e0bd3c78 100644
--- a/lib/libssl/s23_clnt.c
+++ b/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.54 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.55 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -433,7 +433,7 @@ ssl23_get_server_hello(SSL *s)
 		s->s3->rbuf.left = n;
 		s->s3->rbuf.offset = 0;
 
-		s->internal->handshake_func = s->method->ssl_connect;
+		s->internal->handshake_func = s->method->internal->ssl_connect;
 	} else {
 		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL);
 		goto err;
diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c
index 4dd94eb7b86..f85b50994e7 100644
--- a/lib/libssl/s23_srvr.c
+++ b/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.55 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.56 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -450,7 +450,7 @@ ssl23_get_client_hello(SSL *s)
 			s->method = TLSv1_server_method();
 		else
 			goto unsupported;
-		s->internal->handshake_func = s->method->ssl_accept;
+		s->internal->handshake_func = s->method->internal->ssl_accept;
 	} else {
 		/* bad, very bad */
 		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c
index 23fdcd20651..7490a183fb5 100644
--- a/lib/libssl/s3_both.c
+++ b/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.54 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s3_both.c,v 1.55 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -170,10 +170,10 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 	int md_len;
 
 	if (s->internal->state == a) {
-		md_len = s->method->ssl3_enc->finish_mac_length;
+		md_len = s->method->internal->ssl3_enc->finish_mac_length;
 		OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
 
-		if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+		if (s->method->internal->ssl3_enc->final_finish_mac(s, sender, slen,
 		    S3I(s)->tmp.finish_md) != md_len)
 			return (0);
 		S3I(s)->tmp.finish_md_len = md_len;
@@ -217,15 +217,15 @@ ssl3_take_mac(SSL *s)
 		return;
 
 	if (s->internal->state & SSL_ST_CONNECT) {
-		sender = s->method->ssl3_enc->server_finished_label;
-		slen = s->method->ssl3_enc->server_finished_label_len;
+		sender = s->method->internal->ssl3_enc->server_finished_label;
+		slen = s->method->internal->ssl3_enc->server_finished_label_len;
 	} else {
-		sender = s->method->ssl3_enc->client_finished_label;
-		slen = s->method->ssl3_enc->client_finished_label_len;
+		sender = s->method->internal->ssl3_enc->client_finished_label;
+		slen = s->method->internal->ssl3_enc->client_finished_label_len;
 	}
 
 	S3I(s)->tmp.peer_finish_md_len =
-	    s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+	    s->method->internal->ssl3_enc->final_finish_mac(s, sender, slen,
 		S3I(s)->tmp.peer_finish_md);
 }
 
@@ -237,7 +237,7 @@ ssl3_get_finished(SSL *s, int a, int b)
 	CBS cbs;
 
 	/* should actually be 36+4 :-) */
-	n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
+	n = s->method->internal->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
 	if (!ok)
 		return ((int)n);
 
@@ -249,7 +249,7 @@ ssl3_get_finished(SSL *s, int a, int b)
 	}
 	S3I(s)->change_cipher_spec = 0;
 
-	md_len = s->method->ssl3_enc->finish_mac_length;
+	md_len = s->method->internal->ssl3_enc->finish_mac_length;
 
 	if (n < 0) {
 		al = SSL_AD_DECODE_ERROR;
@@ -438,7 +438,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 
 		do {
 			while (s->internal->init_num < 4) {
-				i = s->method->ssl_read_bytes(s,
+				i = s->method->internal->ssl_read_bytes(s,
 				    SSL3_RT_HANDSHAKE, &p[s->internal->init_num],
 				    4 - s->internal->init_num, 0);
 				if (i <= 0) {
@@ -507,7 +507,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 	p = s->internal->init_msg;
 	n = S3I(s)->tmp.message_size - s->internal->init_num;
 	while (n > 0) {
-		i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+		i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
 		    &p[s->internal->init_num], n, 0);
 		if (i <= 0) {
 			s->internal->rwstate = SSL_READING;
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index a6feb68e91c..055f8d1f3ab 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.169 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.170 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -419,12 +419,12 @@ ssl3_connect(SSL *s)
 			s->internal->init_num = 0;
 
 			s->session->cipher = S3I(s)->tmp.new_cipher;
-			if (!s->method->ssl3_enc->setup_key_block(s)) {
+			if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
 				ret = -1;
 				goto end;
 			}
 
-			if (!s->method->ssl3_enc->change_cipher_state(s,
+			if (!s->method->internal->ssl3_enc->change_cipher_state(s,
 			    SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
 				ret = -1;
 				goto end;
@@ -444,8 +444,8 @@ ssl3_connect(SSL *s)
 		case SSL3_ST_CW_FINISHED_B:
 			ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
 			    SSL3_ST_CW_FINISHED_B,
-			    s->method->ssl3_enc->client_finished_label,
-			    s->method->ssl3_enc->client_finished_label_len);
+			    s->method->internal->ssl3_enc->client_finished_label,
+			    s->method->internal->ssl3_enc->client_finished_label_len);
 			if (ret <= 0)
 				goto end;
 			s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -730,7 +730,7 @@ ssl3_get_server_hello(SSL *s)
 	int i, al, ok;
 	long n;
 
-	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
 	    SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
 
 	if (!ok)
@@ -950,7 +950,7 @@ ssl3_get_server_certificate(SSL *s)
 	SESS_CERT		*sc;
 	EVP_PKEY		*pkey = NULL;
 
-	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
 	    SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
 
 	if (!ok)
@@ -1373,7 +1373,7 @@ ssl3_get_server_key_exchange(SSL *s)
 	 * Use same message size as in ssl3_get_certificate_request()
 	 * as ServerKeyExchange message may be skipped.
 	 */
-	n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
 	    SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok);
 	if (!ok)
 		return ((int)n);
@@ -1579,7 +1579,7 @@ ssl3_get_certificate_request(SSL *s)
 	const unsigned char	*q;
 	STACK_OF(X509_NAME)	*ca_sk = NULL;
 
-	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
 	    SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);
 
 	if (!ok)
@@ -1756,7 +1756,7 @@ ssl3_get_new_session_ticket(SSL *s)
 	long			 n;
 	CBS			 cbs, session_ticket;
 
-	n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
 	    SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
 	if (!ok)
 		return ((int)n);
@@ -1836,7 +1836,7 @@ ssl3_get_cert_status(SSL *s)
 	long			 n;
 	uint8_t			 status_type;
 
-	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
 	    SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
 	    16384, &ok);
 
@@ -1915,7 +1915,7 @@ ssl3_get_server_done(SSL *s)
 	int	ok, ret = 0;
 	long	n;
 
-	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
 	    SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
 	    30, /* should be very small, like 0 :-) */ &ok);
 
@@ -1979,7 +1979,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
 		goto err;
 
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(s,
+	    s->method->internal->ssl3_enc->generate_master_secret(s,
 		s->session->master_key, pms, sizeof(pms));
 
 	ret = 1;
@@ -2034,7 +2034,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
 
 	/* Generate master key from the result. */
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(s,
+	    s->method->internal->ssl3_enc->generate_master_secret(s,
 		s->session->master_key, key, key_len);
 
 	if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc))
@@ -2109,7 +2109,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
 
 	/* Generate master key from the result. */
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(s,
+	    s->method->internal->ssl3_enc->generate_master_secret(s,
 		s->session->master_key, key, key_len);
 
 	encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
@@ -2178,7 +2178,7 @@ ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb)
 
 	/* Generate master key from the result. */
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(s,
+	    s->method->internal->ssl3_enc->generate_master_secret(s,
 		s->session->master_key, shared_key, X25519_KEY_LENGTH);
 
 	ret = 1;
@@ -2318,7 +2318,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
 	}
 	EVP_PKEY_CTX_free(pkey_ctx);
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(s,
+	    s->method->internal->ssl3_enc->generate_master_secret(s,
 		s->session->master_key, premaster_secret, 32);
 
 	ret = 1;
@@ -2415,7 +2415,7 @@ ssl3_send_client_verify(SSL *s)
 		EVP_PKEY_sign_init(pctx);
 		if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
 			if (!SSL_USE_SIGALGS(s))
-				s->method->ssl3_enc->cert_verify_mac(s,
+				s->method->internal->ssl3_enc->cert_verify_mac(s,
 				    NID_sha1, &(data[MD5_DIGEST_LENGTH]));
 		} else {
 			ERR_clear_error();
@@ -2449,7 +2449,7 @@ ssl3_send_client_verify(SSL *s)
 			if (!tls1_digest_cached_records(s))
 				goto err;
 		} else if (pkey->type == EVP_PKEY_RSA) {
-			s->method->ssl3_enc->cert_verify_mac(
+			s->method->internal->ssl3_enc->cert_verify_mac(
 			    s, NID_md5, &(data[0]));
 			if (RSA_sign(NID_md5_sha1, data,
 			    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
@@ -2737,7 +2737,7 @@ ssl3_check_finished(SSL *s)
 		return (1);
 	/* this function is called when we really expect a Certificate
 	 * message, so permit appropriate message length */
-	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
 	    SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
 	if (!ok)
 		return ((int)n);
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 09af18ea957..a42ac73335a 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.126 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.127 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1816,7 +1816,7 @@ ssl3_new(SSL *s)
 		return (0);
 	}
 
-	s->method->ssl_clear(s);
+	s->method->internal->ssl_clear(s);
 
 	return (1);
 }
@@ -2533,7 +2533,7 @@ ssl3_shutdown(SSL *s)
 		}
 	} else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
 		/* If we are waiting for a close from our peer, we are closed */
-		s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
+		s->method->internal->ssl_read_bytes(s, 0, NULL, 0, 0);
 		if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
 			return(-1);	/* return WANT_READ */
 		}
@@ -2592,8 +2592,8 @@ ssl3_write(SSL *s, const void *buf, int len)
 		ret = S3I(s)->delay_buf_pop_ret;
 		S3I(s)->delay_buf_pop_ret = 0;
 	} else {
-		ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
-		    buf, len);
+		ret = s->method->internal->ssl_write_bytes(s,
+		    SSL3_RT_APPLICATION_DATA, buf, len);
 		if (ret <= 0)
 			return (ret);
 	}
@@ -2610,7 +2610,7 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
 	if (S3I(s)->renegotiate)
 		ssl3_renegotiate_check(s);
 	S3I(s)->in_read_app_data = 1;
-	ret = s->method->ssl_read_bytes(s,
+	ret = s->method->internal->ssl_read_bytes(s,
 	    SSL3_RT_APPLICATION_DATA, buf, len, peek);
 	if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) {
 		/*
@@ -2621,7 +2621,7 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
 		 * handshake processing and try to read application data again.
 		 */
 		s->internal->in_handshake++;
-		ret = s->method->ssl_read_bytes(s,
+		ret = s->method->internal->ssl_read_bytes(s,
 		    SSL3_RT_APPLICATION_DATA, buf, len, peek);
 		s->internal->in_handshake--;
 	} else
@@ -2687,7 +2687,7 @@ ssl_get_algorithm2(SSL *s)
 {
 	long	alg2 = S3I(s)->tmp.new_cipher->algorithm2;
 
-	if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
+	if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
 	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
 	return alg2;
diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index 228c5f536c4..40ab55b6ee2 100644
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.66 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.67 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -382,7 +382,7 @@ again:
 	/* decrypt in place in 'rr->input' */
 	rr->data = rr->input;
 
-	enc_err = s->method->ssl3_enc->enc(s, 0);
+	enc_err = s->method->internal->ssl3_enc->enc(s, 0);
 	/* enc_err is:
 	 *    0: (in non-constant time) if the record is publically invalid.
 	 *    1: if the padding is valid
@@ -438,7 +438,7 @@ again:
 			mac = &rr->data[rr->length];
 		}
 
-		i = s->method->ssl3_enc->mac(s,md,0 /* not send */);
+		i = s->method->internal->ssl3_enc->mac(s,md,0 /* not send */);
 		if (i < 0 || mac == NULL ||
 		    timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
 			enc_err = -1;
@@ -710,7 +710,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	 * wr->data still points in the wb->buf */
 
 	if (mac_size != 0) {
-		if (s->method->ssl3_enc->mac(s,
+		if (s->method->internal->ssl3_enc->mac(s,
 		    &(p[wr->length + eivlen]), 1) < 0)
 			goto err;
 		wr->length += mac_size;
@@ -727,7 +727,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	}
 
 	/* ssl3_enc can only have an error on read */
-	s->method->ssl3_enc->enc(s, 1);
+	s->method->internal->ssl3_enc->enc(s, 1);
 
 	/* record length after mac and block padding */
 	s2n(wr->length, plen);
@@ -1323,25 +1323,25 @@ ssl3_do_change_cipher_spec(SSL *s)
 		}
 
 		s->session->cipher = S3I(s)->tmp.new_cipher;
-		if (!s->method->ssl3_enc->setup_key_block(s))
+		if (!s->method->internal->ssl3_enc->setup_key_block(s))
 			return (0);
 	}
 
-	if (!s->method->ssl3_enc->change_cipher_state(s, i))
+	if (!s->method->internal->ssl3_enc->change_cipher_state(s, i))
 		return (0);
 
 	/* we have to record the message digest at
 	 * this point so we can get it before we read
 	 * the finished message */
 	if (s->internal->state & SSL_ST_CONNECT) {
-		sender = s->method->ssl3_enc->server_finished_label;
-		slen = s->method->ssl3_enc->server_finished_label_len;
+		sender = s->method->internal->ssl3_enc->server_finished_label;
+		slen = s->method->internal->ssl3_enc->server_finished_label_len;
 	} else {
-		sender = s->method->ssl3_enc->client_finished_label;
-		slen = s->method->ssl3_enc->client_finished_label_len;
+		sender = s->method->internal->ssl3_enc->client_finished_label;
+		slen = s->method->internal->ssl3_enc->client_finished_label_len;
 	}
 
-	i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+	i = s->method->internal->ssl3_enc->final_finish_mac(s, sender, slen,
 	    S3I(s)->tmp.peer_finish_md);
 	if (i == 0) {
 		SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
@@ -1356,7 +1356,7 @@ int
 ssl3_send_alert(SSL *s, int level, int desc)
 {
 	/* Map tls/ssl alert value to correct one */
-	desc = s->method->ssl3_enc->alert_value(desc);
+	desc = s->method->internal->ssl3_enc->alert_value(desc);
 	if (desc < 0)
 		return -1;
 	/* If a fatal one, remove from cache */
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index fa958d96f83..59320ea0f65 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.148 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.149 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -519,7 +519,7 @@ ssl3_accept(SSL *s)
 					if (S3I(s)->handshake_dgst[dgst_num]) {
 					int dgst_size;
 
-					s->method->ssl3_enc->cert_verify_mac(s,
+					s->method->internal->ssl3_enc->cert_verify_mac(s,
 					    EVP_MD_CTX_type(
 					    S3I(s)->handshake_dgst[dgst_num]),
 					    &(S3I(s)->tmp.cert_verify_md[offset]));
@@ -598,7 +598,7 @@ ssl3_accept(SSL *s)
 		case SSL3_ST_SW_CHANGE_B:
 
 			s->session->cipher = S3I(s)->tmp.new_cipher;
-			if (!s->method->ssl3_enc->setup_key_block(s)) {
+			if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
 				ret = -1;
 				goto end;
 			}
@@ -611,7 +611,7 @@ ssl3_accept(SSL *s)
 			s->internal->state = SSL3_ST_SW_FINISHED_A;
 			s->internal->init_num = 0;
 
-			if (!s->method->ssl3_enc->change_cipher_state(
+			if (!s->method->internal->ssl3_enc->change_cipher_state(
 			    s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
 				ret = -1;
 				goto end;
@@ -623,8 +623,8 @@ ssl3_accept(SSL *s)
 		case SSL3_ST_SW_FINISHED_B:
 			ret = ssl3_send_finished(s,
 			SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
-			s->method->ssl3_enc->server_finished_label,
-			s->method->ssl3_enc->server_finished_label_len);
+			s->method->internal->ssl3_enc->server_finished_label,
+			s->method->internal->ssl3_enc->server_finished_label_len);
 			if (ret <= 0)
 				goto end;
 			s->internal->state = SSL3_ST_SW_FLUSH;
@@ -742,7 +742,7 @@ ssl3_get_client_hello(SSL *s)
 		s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
 	}
 	s->internal->first_packet = 1;
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
 	    SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
 	    SSL3_RT_MAX_PLAIN_LENGTH, &ok);
 
@@ -1803,7 +1803,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
 	}
 
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(s,
+	    s->method->internal->ssl3_enc->generate_master_secret(s,
 	        s->session->master_key, p, i);
 
 	explicit_bzero(p, i);
@@ -1859,7 +1859,7 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
 	}
 
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(
+	    s->method->internal->ssl3_enc->generate_master_secret(
 	        s, s->session->master_key, p, key_size);
 
 	explicit_bzero(p, key_size);
@@ -2013,7 +2013,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 
 	/* Compute the master secret */
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(
+	    s->method->internal->ssl3_enc->generate_master_secret(
 		s, s->session->master_key, p, i);
 
 	explicit_bzero(p, i);
@@ -2055,7 +2055,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n)
 	S3I(s)->tmp.x25519 = NULL;
 
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(
+	    s->method->internal->ssl3_enc->generate_master_secret(
 		s, s->session->master_key, shared_key, X25519_KEY_LENGTH);
 
 	ret = 1;
@@ -2131,7 +2131,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
 	}
 	/* Generate master secret */
 	s->session->master_key_length =
-	    s->method->ssl3_enc->generate_master_secret(
+	    s->method->internal->ssl3_enc->generate_master_secret(
 		s, s->session->master_key, premaster_secret, 32);
 	/* Check if pubkey from client certificate was used */
 	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
@@ -2164,7 +2164,7 @@ ssl3_get_client_key_exchange(SSL *s)
 	long n;
 
 	/* 2048 maxlen is a guess.  How long a key does that permit? */
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
 	    SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
 	if (!ok)
 		return ((int)n);
@@ -2213,7 +2213,7 @@ ssl3_get_cert_verify(SSL *s)
 	EVP_MD_CTX mctx;
 	EVP_MD_CTX_init(&mctx);
 
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
 	    SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
 	if (!ok)
 		return ((int)n);
@@ -2476,7 +2476,7 @@ ssl3_get_client_certificate(SSL *s)
 	const unsigned char *q;
 	STACK_OF(X509) *sk = NULL;
 
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
 	    -1, s->internal->max_cert_list, &ok);
 
 	if (!ok)
@@ -2867,7 +2867,7 @@ ssl3_get_next_proto(SSL *s)
 	}
 
 	/* 514 maxlen is enough for the payload format below */
-	n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
+	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
 	    SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
 	if (!ok)
 		return ((int)n);
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 87237fcc9b8..037f46c400b 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.117 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.118 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -396,36 +396,16 @@ struct ssl_cipher_st {
 
 
 /* Used to hold functions for SSLv3/TLSv1 functions */
+struct ssl_method_internal_st;
+
 struct ssl_method_st {
-	int version;
-	uint16_t min_version;
-	uint16_t max_version;
-	int (*ssl_new)(SSL *s);
-	void (*ssl_clear)(SSL *s);
-	void (*ssl_free)(SSL *s);
-	int (*ssl_accept)(SSL *s);
-	int (*ssl_connect)(SSL *s);
-	int (*ssl_read)(SSL *s, void *buf, int len);
-	int (*ssl_peek)(SSL *s, void *buf, int len);
-	int (*ssl_write)(SSL *s, const void *buf, int len);
-	int (*ssl_shutdown)(SSL *s);
-	int (*ssl_renegotiate)(SSL *s);
-	int (*ssl_renegotiate_check)(SSL *s);
-	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
-	    long max, int *ok);
-	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
-	    int len, int peek);
-	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
 	int (*ssl_dispatch_alert)(SSL *s);
-	const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-	int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
-	int (*ssl_pending)(const SSL *s);
 	int (*num_ciphers)(void);
 	const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
-	const struct ssl_method_st *(*get_ssl_method)(int version);
-	long (*get_timeout)(void);
-	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
-	int (*ssl_version)(void);
+	const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+	int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
+
+	const struct ssl_method_internal_st *internal;
 };
 
 /* Lets make this into an ASN.1 type structure as follows
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 7592249dcbf..edcbe9d20a2 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.138 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.139 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -212,7 +212,7 @@ SSL_clear(SSL *s)
 
 	s->internal->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
 
-	s->version = s->method->version;
+	s->version = s->method->internal->version;
 	s->client_version = s->version;
 	s->internal->rwstate = SSL_NOTHING;
 	s->internal->rstate = SSL_ST_READ_HEADER;
@@ -232,12 +232,12 @@ SSL_clear(SSL *s)
 	 */
 	if (!s->internal->in_handshake && (s->session == NULL) &&
 	    (s->method != s->ctx->method)) {
-		s->method->ssl_free(s);
+		s->method->internal->ssl_free(s);
 		s->method = s->ctx->method;
-		if (!s->method->ssl_new(s))
+		if (!s->method->internal->ssl_new(s))
 			return (0);
 	} else
-		s->method->ssl_clear(s);
+		s->method->internal->ssl_clear(s);
 
 	return (1);
 }
@@ -354,11 +354,11 @@ SSL_new(SSL_CTX *ctx)
 
 	s->method = ctx->method;
 
-	if (!s->method->ssl_new(s))
+	if (!s->method->internal->ssl_new(s))
 		goto err;
 
 	s->references = 1;
-	s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
+	s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1;
 
 	SSL_clear(s);
 
@@ -550,7 +550,7 @@ SSL_free(SSL *s)
 		sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
 
 	if (s->method != NULL)
-		s->method->ssl_free(s);
+		s->method->internal->ssl_free(s);
 
 	SSL_CTX_free(s->ctx);
 
@@ -799,7 +799,7 @@ SSL_pending(const SSL *s)
 	 * (Note that SSL_pending() is often used as a boolean value,
 	 * so we'd better not return -1.)
 	 */
-	return (s->method->ssl_pending(s));
+	return (s->method->internal->ssl_pending(s));
 }
 
 X509 *
@@ -856,9 +856,9 @@ SSL_copy_session_id(SSL *t, const SSL *f)
 	 * vice-versa.
 	 */
 	if (t->method != f->method) {
-		t->method->ssl_free(t);	/* cleanup current */
-		t->method=f->method;	/* change method */
-		t->method->ssl_new(t);	/* setup new */
+		t->method->internal->ssl_free(t);	/* cleanup current */
+		t->method = f->method;	/* change method */
+		t->method->internal->ssl_new(t);	/* setup new */
 	}
 
 	tmp = t->cert;
@@ -925,7 +925,7 @@ SSL_accept(SSL *s)
 	if (s->internal->handshake_func == NULL)
 		SSL_set_accept_state(s); /* Not properly initialized yet */
 
-	return (s->method->ssl_accept(s));
+	return (s->method->internal->ssl_accept(s));
 }
 
 int
@@ -934,13 +934,13 @@ SSL_connect(SSL *s)
 	if (s->internal->handshake_func == NULL)
 		SSL_set_connect_state(s); /* Not properly initialized yet */
 
-	return (s->method->ssl_connect(s));
+	return (s->method->internal->ssl_connect(s));
 }
 
 long
 SSL_get_default_timeout(const SSL *s)
 {
-	return (s->method->get_timeout());
+	return (s->method->internal->get_timeout());
 }
 
 int
@@ -955,7 +955,7 @@ SSL_read(SSL *s, void *buf, int num)
 		s->internal->rwstate = SSL_NOTHING;
 		return (0);
 	}
-	return (s->method->ssl_read(s, buf, num));
+	return (s->method->internal->ssl_read(s, buf, num));
 }
 
 int
@@ -969,7 +969,7 @@ SSL_peek(SSL *s, void *buf, int num)
 	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
 		return (0);
 	}
-	return (s->method->ssl_peek(s, buf, num));
+	return (s->method->internal->ssl_peek(s, buf, num));
 }
 
 int
@@ -985,7 +985,7 @@ SSL_write(SSL *s, const void *buf, int num)
 		SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
 		return (-1);
 	}
-	return (s->method->ssl_write(s, buf, num));
+	return (s->method->internal->ssl_write(s, buf, num));
 }
 
 int
@@ -1004,7 +1004,7 @@ SSL_shutdown(SSL *s)
 	}
 
 	if ((s != NULL) && !SSL_in_init(s))
-		return (s->method->ssl_shutdown(s));
+		return (s->method->internal->ssl_shutdown(s));
 	else
 		return (1);
 }
@@ -1017,7 +1017,7 @@ SSL_renegotiate(SSL *s)
 
 	s->internal->new_session = 1;
 
-	return (s->method->ssl_renegotiate(s));
+	return (s->method->internal->ssl_renegotiate(s));
 }
 
 int
@@ -1028,7 +1028,7 @@ SSL_renegotiate_abbreviated(SSL *s)
 
 	s->internal->new_session = 0;
 
-	return (s->method->ssl_renegotiate(s));
+	return (s->method->internal->ssl_renegotiate(s));
 }
 
 int
@@ -1737,7 +1737,7 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
     const char *label, size_t llen, const unsigned char *p, size_t plen,
     int use_context)
 {
-	return (s->method->ssl3_enc->export_keying_material(s, out, olen,
+	return (s->method->internal->ssl3_enc->export_keying_material(s, out, olen,
 	    label, llen, p, plen, use_context));
 }
 
@@ -1831,7 +1831,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
 	ret->internal->session_cache_tail = NULL;
 
 	/* We take the system default */
-	ret->session_timeout = meth->get_timeout();
+	ret->session_timeout = meth->internal->get_timeout();
 
 	ret->internal->new_session_cb = 0;
 	ret->internal->remove_session_cb = 0;
@@ -2309,20 +2309,20 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
 
 	if (s->method != meth) {
 		if (s->internal->handshake_func != NULL)
-			conn = (s->internal->handshake_func == s->method->ssl_connect);
+			conn = (s->internal->handshake_func == s->method->internal->ssl_connect);
 
-		if (s->method->version == meth->version)
+		if (s->method->internal->version == meth->internal->version)
 			s->method = meth;
 		else {
-			s->method->ssl_free(s);
+			s->method->internal->ssl_free(s);
 			s->method = meth;
-			ret = s->method->ssl_new(s);
+			ret = s->method->internal->ssl_new(s);
 		}
 
 		if (conn == 1)
-			s->internal->handshake_func = meth->ssl_connect;
+			s->internal->handshake_func = meth->internal->ssl_connect;
 		else if (conn == 0)
-			s->internal->handshake_func = meth->ssl_accept;
+			s->internal->handshake_func = meth->internal->ssl_accept;
 	}
 	return (ret);
 }
@@ -2415,7 +2415,7 @@ SSL_do_handshake(SSL *s)
 		return (-1);
 	}
 
-	s->method->ssl_renegotiate_check(s);
+	s->method->internal->ssl_renegotiate_check(s);
 
 	if (SSL_in_init(s) || SSL_in_before(s)) {
 		ret = s->internal->handshake_func(s);
@@ -2433,7 +2433,7 @@ SSL_set_accept_state(SSL *s)
 	s->server = 1;
 	s->internal->shutdown = 0;
 	s->internal->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
-	s->internal->handshake_func = s->method->ssl_accept;
+	s->internal->handshake_func = s->method->internal->ssl_accept;
 	/* clear the current cipher */
 	ssl_clear_cipher_ctx(s);
 	ssl_clear_hash_ctx(&s->read_hash);
@@ -2446,7 +2446,7 @@ SSL_set_connect_state(SSL *s)
 	s->server = 0;
 	s->internal->shutdown = 0;
 	s->internal->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
-	s->internal->handshake_func = s->method->ssl_connect;
+	s->internal->handshake_func = s->method->internal->ssl_connect;
 	/* clear the current cipher */
 	ssl_clear_cipher_ctx(s);
 	ssl_clear_hash_ctx(&s->read_hash);
@@ -2581,7 +2581,7 @@ ssl_max_server_version(SSL *s)
 	 * The SSL method will be changed during version negotiation, as such
 	 * we want to use the SSL method from the context.
 	 */
-	max_version = s->ctx->method->version;
+	max_version = s->ctx->method->internal->version;
 
 	if (SSL_IS_DTLS(s))
 		return (DTLS1_VERSION);
@@ -2625,9 +2625,9 @@ SSL_dup(SSL *s)
 		 * and thus we can't use SSL_copy_session_id.
 		 */
 
-		ret->method->ssl_free(ret);
+		ret->method->internal->ssl_free(ret);
 		ret->method = s->method;
-		ret->method->ssl_new(ret);
+		ret->method->internal->ssl_new(ret);
 
 		if (s->cert != NULL) {
 			if (ret->cert != NULL) {
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 1aac55f101e..df1e12bf398 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.160 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.161 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -327,19 +327,20 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_C_PKEYLENGTH(c)	1024
 
 /* Check if an SSL structure is using DTLS. */
-#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+#define SSL_IS_DTLS(s) \
+	(s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
 
 /* See if we need explicit IV. */
 #define SSL_USE_EXPLICIT_IV(s) \
-	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
+	(s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
 
 /* See if we use signature algorithms extension. */
 #define SSL_USE_SIGALGS(s) \
-	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
+	(s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
 
 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
 #define SSL_USE_TLS1_2_CIPHERS(s) \
-	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+	(s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
 
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC	0
@@ -372,6 +373,41 @@ __BEGIN_HIDDEN_DECLS
 #define EXPLICIT_CHAR2_CURVE_TYPE  2
 #define NAMED_CURVE_TYPE           3
 
+typedef struct ssl_method_internal_st {
+	int version;
+
+	uint16_t min_version;
+	uint16_t max_version;
+
+	int (*ssl_new)(SSL *s);
+	void (*ssl_clear)(SSL *s);
+	void (*ssl_free)(SSL *s);
+
+	int (*ssl_accept)(SSL *s);
+	int (*ssl_connect)(SSL *s);
+	int (*ssl_read)(SSL *s, void *buf, int len);
+	int (*ssl_peek)(SSL *s, void *buf, int len);
+	int (*ssl_write)(SSL *s, const void *buf, int len);
+	int (*ssl_shutdown)(SSL *s);
+
+	int (*ssl_renegotiate)(SSL *s);
+	int (*ssl_renegotiate_check)(SSL *s);
+
+	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
+	    long max, int *ok);
+	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
+	    int len, int peek);
+	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
+
+	int (*ssl_pending)(const SSL *s);
+	const struct ssl_method_st *(*get_ssl_method)(int version);
+
+	long (*get_timeout)(void);
+	int (*ssl_version)(void);
+
+	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+} SSL_METHOD_INTERNAL;
+
 typedef struct ssl_session_internal_st {
 	CRYPTO_EX_DATA ex_data; /* application specific data */
 
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 52a04d3094d..f44fdcc4194 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.62 2017/01/23 06:45:30 beck Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.63 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -725,9 +725,9 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
 	const SSL_METHOD *meth;
 
 	if (session != NULL) {
-		meth = s->ctx->method->get_ssl_method(session->ssl_version);
+		meth = s->ctx->method->internal->get_ssl_method(session->ssl_version);
 		if (meth == NULL)
-			meth = s->method->get_ssl_method(session->ssl_version);
+			meth = s->method->internal->get_ssl_method(session->ssl_version);
 		if (meth == NULL) {
 			SSLerr(SSL_F_SSL_SET_SESSION,
 			    SSL_R_UNABLE_TO_FIND_SSL_METHOD);
@@ -739,7 +739,6 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
 				return (0);
 		}
 
-
 		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
 		CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
 		if (s->session != NULL)
diff --git a/lib/libssl/t1_clnt.c b/lib/libssl/t1_clnt.c
index d07e54d9f7e..5b8f7cd4128 100644
--- a/lib/libssl/t1_clnt.c
+++ b/lib/libssl/t1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_clnt.c,v 1.21 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: t1_clnt.c,v 1.22 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -66,7 +66,7 @@
 
 static const SSL_METHOD *tls1_get_client_method(int ver);
 
-static const SSL_METHOD TLS_client_method_data = {
+static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
 	.version = TLS1_2_VERSION,
 	.min_version = TLS1_VERSION,
 	.max_version = TLS1_2_VERSION,
@@ -79,24 +79,28 @@ static const SSL_METHOD TLS_client_method_data = {
 	.ssl_peek = ssl23_peek,
 	.ssl_write = ssl23_write,
 	.ssl_shutdown = ssl_undefined_function,
+	.ssl_pending = ssl_undefined_const_function,
+	.get_ssl_method = tls1_get_client_method,
+	.get_timeout = ssl23_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl_undefined_function,
 	.ssl_renegotiate_check = ssl_ok,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &ssl3_undef_enc_method,
+};
+
+static const SSL_METHOD TLS_client_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl_undefined_const_function,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_client_method,
-	.get_timeout = ssl23_default_timeout,
-	.ssl3_enc = &ssl3_undef_enc_method,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLS_client_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_client_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
 	.version = TLS1_VERSION,
 	.min_version = TLS1_VERSION,
 	.max_version = TLS1_VERSION,
@@ -109,24 +113,28 @@ static const SSL_METHOD TLSv1_client_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_client_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_client_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_client_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_client_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_1_client_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
 	.version = TLS1_1_VERSION,
 	.min_version = TLS1_1_VERSION,
 	.max_version = TLS1_1_VERSION,
@@ -139,24 +147,28 @@ static const SSL_METHOD TLSv1_1_client_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_client_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_1_client_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_client_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_1_client_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_2_client_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
 	.version = TLS1_2_VERSION,
 	.min_version = TLS1_2_VERSION,
 	.max_version = TLS1_2_VERSION,
@@ -169,21 +181,25 @@ static const SSL_METHOD TLSv1_2_client_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_client_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLSv1_2_client_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_client_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_2_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_2_client_method_internal_data,
 };
 
 static const SSL_METHOD *
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 2100faac225..c0abe762e6c 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.91 2017/01/23 08:08:06 beck Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.92 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -784,7 +784,7 @@ tls1_setup_key_block(SSL *s)
 		goto err;
 
 	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
-	    s->method->version <= TLS1_VERSION) {
+	    s->method->internal->version <= TLS1_VERSION) {
 		/*
 		 * Enable vulnerability countermeasure for CBC ciphers with
 		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index fb01bfcfac2..8e7b1b51677 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.104 2017/01/23 08:48:45 beck Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.105 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -191,7 +191,7 @@ tls1_new(SSL *s)
 {
 	if (!ssl3_new(s))
 		return (0);
-	s->method->ssl_clear(s);
+	s->method->internal->ssl_clear(s);
 	return (1);
 }
 
@@ -209,7 +209,7 @@ void
 tls1_clear(SSL *s)
 {
 	ssl3_clear(s);
-	s->version = s->method->version;
+	s->version = s->method->internal->version;
 }
 
 
diff --git a/lib/libssl/t1_meth.c b/lib/libssl/t1_meth.c
index 521839184c1..51c129b2c9c 100644
--- a/lib/libssl/t1_meth.c
+++ b/lib/libssl/t1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_meth.c,v 1.20 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: t1_meth.c,v 1.21 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -64,7 +64,7 @@
 
 static const SSL_METHOD *tls1_get_method(int ver);
 
-static const SSL_METHOD TLS_method_data = {
+static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
 	.version = TLS1_2_VERSION,
 	.min_version = TLS1_VERSION,
 	.max_version = TLS1_2_VERSION,
@@ -77,24 +77,28 @@ static const SSL_METHOD TLS_method_data = {
 	.ssl_peek = ssl23_peek,
 	.ssl_write = ssl23_write,
 	.ssl_shutdown = ssl_undefined_function,
+	.ssl_pending = ssl_undefined_const_function,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = ssl23_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl_undefined_function,
 	.ssl_renegotiate_check = ssl_ok,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &ssl3_undef_enc_method,
+};
+
+static const SSL_METHOD TLS_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl_undefined_const_function,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = ssl23_default_timeout,
-	.ssl3_enc = &ssl3_undef_enc_method,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLS_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
 	.version = TLS1_VERSION,
 	.min_version = TLS1_VERSION,
 	.max_version = TLS1_VERSION,
@@ -107,24 +111,28 @@ static const SSL_METHOD TLSv1_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_1_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = {
 	.version = TLS1_1_VERSION,
 	.min_version = TLS1_1_VERSION,
 	.max_version = TLS1_1_VERSION,
@@ -137,24 +145,28 @@ static const SSL_METHOD TLSv1_1_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_1_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_1_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_2_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = {
 	.version = TLS1_2_VERSION,
 	.min_version = TLS1_2_VERSION,
 	.max_version = TLS1_2_VERSION,
@@ -167,21 +179,25 @@ static const SSL_METHOD TLSv1_2_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLSv1_2_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_2_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_2_method_internal_data,
 };
 
 static const SSL_METHOD *
diff --git a/lib/libssl/t1_srvr.c b/lib/libssl/t1_srvr.c
index e0b247441ac..3083ed65a45 100644
--- a/lib/libssl/t1_srvr.c
+++ b/lib/libssl/t1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_srvr.c,v 1.22 2017/01/23 10:22:06 jsing Exp $ */
+/* $OpenBSD: t1_srvr.c,v 1.23 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -67,7 +67,7 @@
 
 static const SSL_METHOD *tls1_get_server_method(int ver);
 
-static const SSL_METHOD TLS_server_method_data = {
+static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
 	.version = TLS1_2_VERSION,
 	.min_version = TLS1_VERSION,
 	.max_version = TLS1_2_VERSION,
@@ -80,24 +80,28 @@ static const SSL_METHOD TLS_server_method_data = {
 	.ssl_peek = ssl23_peek,
 	.ssl_write = ssl23_write,
 	.ssl_shutdown = ssl_undefined_function,
+	.ssl_pending = ssl_undefined_const_function,
+	.get_ssl_method = tls1_get_server_method,
+	.get_timeout = ssl23_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl_undefined_function,
 	.ssl_renegotiate_check = ssl_ok,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &ssl3_undef_enc_method,
+};
+
+static const SSL_METHOD TLS_server_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl_undefined_const_function,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_server_method,
-	.get_timeout = ssl23_default_timeout,
-	.ssl3_enc = &ssl3_undef_enc_method,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLS_server_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_server_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
 	.version = TLS1_VERSION,
 	.min_version = TLS1_VERSION,
 	.max_version = TLS1_VERSION,
@@ -110,24 +114,28 @@ static const SSL_METHOD TLSv1_server_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_server_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_server_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_server_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_server_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_1_server_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
 	.version = TLS1_1_VERSION,
 	.min_version = TLS1_1_VERSION,
 	.max_version = TLS1_1_VERSION,
@@ -140,24 +148,28 @@ static const SSL_METHOD TLSv1_1_server_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_server_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_1_server_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_server_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_1_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_1_server_method_internal_data,
 };
 
-static const SSL_METHOD TLSv1_2_server_method_data = {
+static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
 	.version = TLS1_2_VERSION,
 	.min_version = TLS1_2_VERSION,
 	.max_version = TLS1_2_VERSION,
@@ -170,21 +182,25 @@ static const SSL_METHOD TLSv1_2_server_method_data = {
 	.ssl_peek = ssl3_peek,
 	.ssl_write = ssl3_write,
 	.ssl_shutdown = ssl3_shutdown,
+	.ssl_pending = ssl3_pending,
+	.get_ssl_method = tls1_get_server_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
 	.ssl_renegotiate = ssl3_renegotiate,
 	.ssl_renegotiate_check = ssl3_renegotiate_check,
 	.ssl_get_message = ssl3_get_message,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLSv1_2_server_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.ssl_pending = ssl3_pending,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_ssl_method = tls1_get_server_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl3_enc = &TLSv1_2_enc_data,
-	.ssl_version = ssl_undefined_void_function,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_2_server_method_internal_data,
 };
 
 static const SSL_METHOD *