Move state and next_state to SSL_HANDSHAKE.

state is now initialized to SSL_ST_INIT in SSL_HANDSHAKE. If there is no
handshake present, we report SSL_ST_OK. This saves 8 bytes of
per-connection post-handshake memory.

Change-Id: Idb3f7031045caed005bd7712bc8c4b42c81a1d04
Reviewed-on: https://boringssl-review.googlesource.com/12697
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 2b73409..336689a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -390,8 +390,6 @@
   ssl->min_version = ctx->min_version;
   ssl->max_version = ctx->max_version;
 
-  ssl->state = SSL_ST_INIT;
-
   /* RFC 6347 states that implementations SHOULD use an initial timer value of
    * 1 second. */
   ssl->initial_timeout_duration_ms = 1000;
@@ -722,7 +720,6 @@
   }
 
   ssl->s3->total_renegotiations++;
-  ssl->state = SSL_ST_INIT;
   return 1;
 
 no_renegotiation:
@@ -2297,7 +2294,14 @@
   return ssl->info_callback;
 }
 
-int SSL_state(const SSL *ssl) { return ssl->state; }
+int SSL_state(const SSL *ssl) {
+  if (ssl->s3->hs == NULL) {
+    assert(ssl->s3->initial_handshake_complete);
+    return SSL_ST_OK;
+  }
+
+  return ssl->s3->hs->state;
+}
 
 void SSL_set_state(SSL *ssl, int state) { }
 
@@ -2613,11 +2617,11 @@
 }
 
 int SSL_is_init_finished(const SSL *ssl) {
-  return ssl->state == SSL_ST_OK;
+  return SSL_state(ssl) == SSL_ST_OK;
 }
 
 int SSL_in_init(const SSL *ssl) {
-  return (ssl->state & SSL_ST_INIT) != 0;
+  return (SSL_state(ssl) & SSL_ST_INIT) != 0;
 }
 
 int SSL_in_false_start(const SSL *ssl) {
@@ -2886,7 +2890,6 @@
    * naturally reset at the right points between |SSL_new|, |SSL_clear|, and
    * |ssl3_new|. */
 
-  ssl->state = SSL_ST_INIT;
   ssl->rwstate = SSL_NOTHING;
 
   BUF_MEM_free(ssl->init_buf);