1 files changed, 26 insertions, 26 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 3b848f4b40..ac3669550c 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.88 2020/10/14 16:57:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -186,7 +186,7 @@ ssl3_accept(SSL *s)
        else if (s->ctx->internal->info_callback != NULL)
                cb = s->ctx->internal->info_callback;
-        if (SSL_IS_DTLS(s))
+        if (SSL_is_dtls(s))
                listen = D1I(s)->listen;
        /* init things to blank */
@@ -194,7 +194,7 @@ ssl3_accept(SSL *s)
        if (!SSL_in_init(s) || SSL_in_before(s))
                SSL_clear(s);
-        if (SSL_IS_DTLS(s))
+        if (SSL_is_dtls(s))
                D1I(s)->listen = listen;
        for (;;) {
@@ -213,7 +213,7 @@ ssl3_accept(SSL *s)
                        if (cb != NULL)
                                cb(s, SSL_CB_HANDSHAKE_START, 1);
-                        if (SSL_IS_DTLS(s)) {
+                        if (SSL_is_dtls(s)) {
                                if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                                        ret = -1;
@@ -257,7 +257,7 @@ ssl3_accept(SSL *s)
                                S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
                                s->ctx->internal->stats.sess_accept++;
-                        } else if (!SSL_IS_DTLS(s) && !S3I(s)->send_connection_binding) {
+                        } else if (!SSL_is_dtls(s) && !S3I(s)->send_connection_binding) {
                                /*
                                 * Server attempting to renegotiate with
                                 * client that doesn't support secure
@@ -281,14 +281,14 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_HELLO_REQ_A:
                case SSL3_ST_SW_HELLO_REQ_B:
                        s->internal->shutdown = 0;
-                        if (SSL_IS_DTLS(s)) {
+                        if (SSL_is_dtls(s)) {
                                dtls1_clear_record_buffer(s);
                                dtls1_start_timer(s);
                        }
                        ret = ssl3_send_hello_request(s);
                        if (ret <= 0)
                                goto end;
-                        if (SSL_IS_DTLS(s))
+                        if (SSL_is_dtls(s))
                                S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
                        else
                                S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
@@ -309,7 +309,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SR_CLNT_HELLO_B:
                case SSL3_ST_SR_CLNT_HELLO_C:
                        s->internal->shutdown = 0;
-                        if (SSL_IS_DTLS(s)) {
+                        if (SSL_is_dtls(s)) {
                                ret = ssl3_get_client_hello(s);
                                if (ret <= 0)
                                        goto end;
@@ -373,7 +373,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_SRVR_HELLO_A:
                case SSL3_ST_SW_SRVR_HELLO_B:
-                        if (SSL_IS_DTLS(s)) {
+                        if (SSL_is_dtls(s)) {
                                s->internal->renegotiate = 2;
                                dtls1_start_timer(s);
                        }
@@ -396,7 +396,7 @@ ssl3_accept(SSL *s)
                        /* Check if it is anon DH or anon ECDH. */
                        if (!(S3I(s)->hs.new_cipher->algorithm_auth &
                            SSL_aNULL)) {
-                                if (SSL_IS_DTLS(s))
+                                if (SSL_is_dtls(s))
                                        dtls1_start_timer(s);
                                ret = ssl3_send_server_certificate(s);
                                if (ret <= 0)
@@ -425,7 +425,7 @@ ssl3_accept(SSL *s)
                         * public key for key exchange.
                         */
                        if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
-                                if (SSL_IS_DTLS(s))
+                                if (SSL_is_dtls(s))
                                        dtls1_start_timer(s);
                                ret = ssl3_send_server_key_exchange(s);
                                if (ret <= 0)
@@ -467,11 +467,11 @@ ssl3_accept(SSL *s)
                                S3I(s)->tmp.cert_request = 0;
                                S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
-                                if (!SSL_IS_DTLS(s))
+                                if (!SSL_is_dtls(s))
                                        tls1_transcript_free(s);
                        } else {
                                S3I(s)->tmp.cert_request = 1;
-                                if (SSL_IS_DTLS(s))
+                                if (SSL_is_dtls(s))
                                        dtls1_start_timer(s);
                                ret = ssl3_send_certificate_request(s);
                                if (ret <= 0)
@@ -483,7 +483,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_SRVR_DONE_A:
                case SSL3_ST_SW_SRVR_DONE_B:
-                        if (SSL_IS_DTLS(s))
+                        if (SSL_is_dtls(s))
                                dtls1_start_timer(s);
                        ret = ssl3_send_server_done(s);
                        if (ret <= 0)
@@ -506,7 +506,7 @@ ssl3_accept(SSL *s)
                         */
                        s->internal->rwstate = SSL_WRITING;
                        if (BIO_flush(s->wbio) <= 0) {
-                                if (SSL_IS_DTLS(s)) {
+                                if (SSL_is_dtls(s)) {
                                        /* If the write error was fatal, stop trying. */
                                        if (!BIO_should_retry(s->wbio)) {
                                                s->internal->rwstate = SSL_NOTHING;
@@ -537,7 +537,7 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
-                        if (SSL_IS_DTLS(s)) {
+                        if (SSL_is_dtls(s)) {
                                S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
                        }
@@ -587,7 +587,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SR_CERT_VRFY_A:
                case SSL3_ST_SR_CERT_VRFY_B:
-                        if (SSL_IS_DTLS(s))
+                        if (SSL_is_dtls(s))
                                D1I(s)->change_cipher_spec_ok = 1;
                        else
                                s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -602,7 +602,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SR_FINISHED_A:
                case SSL3_ST_SR_FINISHED_B:
-                        if (SSL_IS_DTLS(s))
+                        if (SSL_is_dtls(s))
                                D1I(s)->change_cipher_spec_ok = 1;
                        else
                                s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -610,7 +610,7 @@ ssl3_accept(SSL *s)
                            SSL3_ST_SR_FINISHED_B);
                        if (ret <= 0)
                                goto end;
-                        if (SSL_IS_DTLS(s))
+                        if (SSL_is_dtls(s))
                                dtls1_stop_timer(s);
                        if (s->internal->hit)
                                S3I(s)->hs.state = SSL_ST_OK;
@@ -660,7 +660,7 @@ ssl3_accept(SSL *s)
                                goto end;
                        }
-                        if (SSL_IS_DTLS(s))
+                        if (SSL_is_dtls(s))
                                dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
                        break;
@@ -691,7 +691,7 @@ ssl3_accept(SSL *s)
                                goto end;
                        }
-                        if (!SSL_IS_DTLS(s))
+                        if (!SSL_is_dtls(s))
                                ssl3_release_init_buffer(s);
                        /* remove buffering on output */
@@ -716,7 +716,7 @@ ssl3_accept(SSL *s)
                        ret = 1;
-                        if (SSL_IS_DTLS(s)) {
+                        if (SSL_is_dtls(s)) {
                                /* Done handshaking, next message is client hello. */
                                D1I(s)->handshake_read_seq = 0;
                                /* Next message is server hello. */
@@ -837,7 +837,7 @@ ssl3_get_client_hello(SSL *s)
                SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
                goto f_err;
        }
-        if (SSL_IS_DTLS(s)) {
+        if (SSL_is_dtls(s)) {
                if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
                        goto truncated;
        }
@@ -879,7 +879,7 @@ ssl3_get_client_hello(SSL *s)
         * one, just return since we do not want to allocate any memory yet.
         * So check cookie length...
         */
-        if (SSL_IS_DTLS(s)) {
+        if (SSL_is_dtls(s)) {
                if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
                        if (CBS_len(&cookie) == 0)
                                return (1);
@@ -928,7 +928,7 @@ ssl3_get_client_hello(SSL *s)
                }
        }
-        if (SSL_IS_DTLS(s)) {
+        if (SSL_is_dtls(s)) {
                /*
                 * The ClientHello may contain a cookie even if the HelloVerify
                 * message has not been sent - make sure that it does not cause
@@ -1045,7 +1045,7 @@ ssl3_get_client_hello(SSL *s)
         */
        arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
-        if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION &&
+        if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION &&
            s->version < max_version) {
                /*
                 * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 3b848f4b40..ac3669550c 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.88 2020/10/14 16:57:33 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -186,7 +186,7 @@ ssl3_accept(SSL *s)
186	else if (s->ctx->internal->info_callback != NULL)	186	else if (s->ctx->internal->info_callback != NULL)
187	cb = s->ctx->internal->info_callback;	187	cb = s->ctx->internal->info_callback;
188		188
189	if (SSL_IS_DTLS(s))	189	if (SSL_is_dtls(s))
190	listen = D1I(s)->listen;	190	listen = D1I(s)->listen;
191		191
192	/* init things to blank */	192	/* init things to blank */
@@ -194,7 +194,7 @@ ssl3_accept(SSL *s)
194	if (!SSL_in_init(s) \|\| SSL_in_before(s))	194	if (!SSL_in_init(s) \|\| SSL_in_before(s))
195	SSL_clear(s);	195	SSL_clear(s);
196		196
197	if (SSL_IS_DTLS(s))	197	if (SSL_is_dtls(s))
198	D1I(s)->listen = listen;	198	D1I(s)->listen = listen;
199		199
200	for (;;) {	200	for (;;) {
@@ -213,7 +213,7 @@ ssl3_accept(SSL *s)
213	if (cb != NULL)	213	if (cb != NULL)
214	cb(s, SSL_CB_HANDSHAKE_START, 1);	214	cb(s, SSL_CB_HANDSHAKE_START, 1);
215		215
216	if (SSL_IS_DTLS(s)) {	216	if (SSL_is_dtls(s)) {
217	if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {	217	if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
218	SSLerror(s, ERR_R_INTERNAL_ERROR);	218	SSLerror(s, ERR_R_INTERNAL_ERROR);
219	ret = -1;	219	ret = -1;
@@ -257,7 +257,7 @@ ssl3_accept(SSL *s)
257		257
258	S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;	258	S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
259	s->ctx->internal->stats.sess_accept++;	259	s->ctx->internal->stats.sess_accept++;
260	} else if (!SSL_IS_DTLS(s) && !S3I(s)->send_connection_binding) {	260	} else if (!SSL_is_dtls(s) && !S3I(s)->send_connection_binding) {
261	/*	261	/*
262	* Server attempting to renegotiate with	262	* Server attempting to renegotiate with
263	* client that doesn't support secure	263	* client that doesn't support secure
@@ -281,14 +281,14 @@ ssl3_accept(SSL *s)
281	case SSL3_ST_SW_HELLO_REQ_A:	281	case SSL3_ST_SW_HELLO_REQ_A:
282	case SSL3_ST_SW_HELLO_REQ_B:	282	case SSL3_ST_SW_HELLO_REQ_B:
283	s->internal->shutdown = 0;	283	s->internal->shutdown = 0;
284	if (SSL_IS_DTLS(s)) {	284	if (SSL_is_dtls(s)) {
285	dtls1_clear_record_buffer(s);	285	dtls1_clear_record_buffer(s);
286	dtls1_start_timer(s);	286	dtls1_start_timer(s);
287	}	287	}
288	ret = ssl3_send_hello_request(s);	288	ret = ssl3_send_hello_request(s);
289	if (ret <= 0)	289	if (ret <= 0)
290	goto end;	290	goto end;
291	if (SSL_IS_DTLS(s))	291	if (SSL_is_dtls(s))
292	S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;	292	S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
293	else	293	else
294	S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;	294	S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
@@ -309,7 +309,7 @@ ssl3_accept(SSL *s)
309	case SSL3_ST_SR_CLNT_HELLO_B:	309	case SSL3_ST_SR_CLNT_HELLO_B:
310	case SSL3_ST_SR_CLNT_HELLO_C:	310	case SSL3_ST_SR_CLNT_HELLO_C:
311	s->internal->shutdown = 0;	311	s->internal->shutdown = 0;
312	if (SSL_IS_DTLS(s)) {	312	if (SSL_is_dtls(s)) {
313	ret = ssl3_get_client_hello(s);	313	ret = ssl3_get_client_hello(s);
314	if (ret <= 0)	314	if (ret <= 0)
315	goto end;	315	goto end;
@@ -373,7 +373,7 @@ ssl3_accept(SSL *s)
373		373
374	case SSL3_ST_SW_SRVR_HELLO_A:	374	case SSL3_ST_SW_SRVR_HELLO_A:
375	case SSL3_ST_SW_SRVR_HELLO_B:	375	case SSL3_ST_SW_SRVR_HELLO_B:
376	if (SSL_IS_DTLS(s)) {	376	if (SSL_is_dtls(s)) {
377	s->internal->renegotiate = 2;	377	s->internal->renegotiate = 2;
378	dtls1_start_timer(s);	378	dtls1_start_timer(s);
379	}	379	}
@@ -396,7 +396,7 @@ ssl3_accept(SSL *s)
396	/* Check if it is anon DH or anon ECDH. */	396	/* Check if it is anon DH or anon ECDH. */
397	if (!(S3I(s)->hs.new_cipher->algorithm_auth &	397	if (!(S3I(s)->hs.new_cipher->algorithm_auth &
398	SSL_aNULL)) {	398	SSL_aNULL)) {
399	if (SSL_IS_DTLS(s))	399	if (SSL_is_dtls(s))
400	dtls1_start_timer(s);	400	dtls1_start_timer(s);
401	ret = ssl3_send_server_certificate(s);	401	ret = ssl3_send_server_certificate(s);
402	if (ret <= 0)	402	if (ret <= 0)
@@ -425,7 +425,7 @@ ssl3_accept(SSL *s)
425	* public key for key exchange.	425	* public key for key exchange.
426	*/	426	*/
427	if (alg_k & (SSL_kDHE\|SSL_kECDHE)) {	427	if (alg_k & (SSL_kDHE\|SSL_kECDHE)) {
428	if (SSL_IS_DTLS(s))	428	if (SSL_is_dtls(s))
429	dtls1_start_timer(s);	429	dtls1_start_timer(s);
430	ret = ssl3_send_server_key_exchange(s);	430	ret = ssl3_send_server_key_exchange(s);
431	if (ret <= 0)	431	if (ret <= 0)
@@ -467,11 +467,11 @@ ssl3_accept(SSL *s)
467	S3I(s)->tmp.cert_request = 0;	467	S3I(s)->tmp.cert_request = 0;
468	S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;	468	S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
469		469
470	if (!SSL_IS_DTLS(s))	470	if (!SSL_is_dtls(s))
471	tls1_transcript_free(s);	471	tls1_transcript_free(s);
472	} else {	472	} else {
473	S3I(s)->tmp.cert_request = 1;	473	S3I(s)->tmp.cert_request = 1;
474	if (SSL_IS_DTLS(s))	474	if (SSL_is_dtls(s))
475	dtls1_start_timer(s);	475	dtls1_start_timer(s);
476	ret = ssl3_send_certificate_request(s);	476	ret = ssl3_send_certificate_request(s);
477	if (ret <= 0)	477	if (ret <= 0)
@@ -483,7 +483,7 @@ ssl3_accept(SSL *s)
483		483
484	case SSL3_ST_SW_SRVR_DONE_A:	484	case SSL3_ST_SW_SRVR_DONE_A:
485	case SSL3_ST_SW_SRVR_DONE_B:	485	case SSL3_ST_SW_SRVR_DONE_B:
486	if (SSL_IS_DTLS(s))	486	if (SSL_is_dtls(s))
487	dtls1_start_timer(s);	487	dtls1_start_timer(s);
488	ret = ssl3_send_server_done(s);	488	ret = ssl3_send_server_done(s);
489	if (ret <= 0)	489	if (ret <= 0)
@@ -506,7 +506,7 @@ ssl3_accept(SSL *s)
506	*/	506	*/
507	s->internal->rwstate = SSL_WRITING;	507	s->internal->rwstate = SSL_WRITING;
508	if (BIO_flush(s->wbio) <= 0) {	508	if (BIO_flush(s->wbio) <= 0) {
509	if (SSL_IS_DTLS(s)) {	509	if (SSL_is_dtls(s)) {
510	/* If the write error was fatal, stop trying. */	510	/* If the write error was fatal, stop trying. */
511	if (!BIO_should_retry(s->wbio)) {	511	if (!BIO_should_retry(s->wbio)) {
512	s->internal->rwstate = SSL_NOTHING;	512	s->internal->rwstate = SSL_NOTHING;
@@ -537,7 +537,7 @@ ssl3_accept(SSL *s)
537	if (ret <= 0)	537	if (ret <= 0)
538	goto end;	538	goto end;
539		539
540	if (SSL_IS_DTLS(s)) {	540	if (SSL_is_dtls(s)) {
541	S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;	541	S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
542	s->internal->init_num = 0;	542	s->internal->init_num = 0;
543	}	543	}
@@ -587,7 +587,7 @@ ssl3_accept(SSL *s)
587		587
588	case SSL3_ST_SR_CERT_VRFY_A:	588	case SSL3_ST_SR_CERT_VRFY_A:
589	case SSL3_ST_SR_CERT_VRFY_B:	589	case SSL3_ST_SR_CERT_VRFY_B:
590	if (SSL_IS_DTLS(s))	590	if (SSL_is_dtls(s))
591	D1I(s)->change_cipher_spec_ok = 1;	591	D1I(s)->change_cipher_spec_ok = 1;
592	else	592	else
593	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	593	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
@@ -602,7 +602,7 @@ ssl3_accept(SSL *s)
602		602
603	case SSL3_ST_SR_FINISHED_A:	603	case SSL3_ST_SR_FINISHED_A:
604	case SSL3_ST_SR_FINISHED_B:	604	case SSL3_ST_SR_FINISHED_B:
605	if (SSL_IS_DTLS(s))	605	if (SSL_is_dtls(s))
606	D1I(s)->change_cipher_spec_ok = 1;	606	D1I(s)->change_cipher_spec_ok = 1;
607	else	607	else
608	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	608	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
@@ -610,7 +610,7 @@ ssl3_accept(SSL *s)
610	SSL3_ST_SR_FINISHED_B);	610	SSL3_ST_SR_FINISHED_B);
611	if (ret <= 0)	611	if (ret <= 0)
612	goto end;	612	goto end;
613	if (SSL_IS_DTLS(s))	613	if (SSL_is_dtls(s))
614	dtls1_stop_timer(s);	614	dtls1_stop_timer(s);
615	if (s->internal->hit)	615	if (s->internal->hit)
616	S3I(s)->hs.state = SSL_ST_OK;	616	S3I(s)->hs.state = SSL_ST_OK;
@@ -660,7 +660,7 @@ ssl3_accept(SSL *s)
660	goto end;	660	goto end;
661	}	661	}
662		662
663	if (SSL_IS_DTLS(s))	663	if (SSL_is_dtls(s))
664	dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);	664	dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
665	break;	665	break;
666		666
@@ -691,7 +691,7 @@ ssl3_accept(SSL *s)
691	goto end;	691	goto end;
692	}	692	}
693		693
694	if (!SSL_IS_DTLS(s))	694	if (!SSL_is_dtls(s))
695	ssl3_release_init_buffer(s);	695	ssl3_release_init_buffer(s);
696		696
697	/* remove buffering on output */	697	/* remove buffering on output */
@@ -716,7 +716,7 @@ ssl3_accept(SSL *s)
716		716
717	ret = 1;	717	ret = 1;
718		718
719	if (SSL_IS_DTLS(s)) {	719	if (SSL_is_dtls(s)) {
720	/* Done handshaking, next message is client hello. */	720	/* Done handshaking, next message is client hello. */
721	D1I(s)->handshake_read_seq = 0;	721	D1I(s)->handshake_read_seq = 0;
722	/* Next message is server hello. */	722	/* Next message is server hello. */
@@ -837,7 +837,7 @@ ssl3_get_client_hello(SSL *s)
837	SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);	837	SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
838	goto f_err;	838	goto f_err;
839	}	839	}
840	if (SSL_IS_DTLS(s)) {	840	if (SSL_is_dtls(s)) {
841	if (!CBS_get_u8_length_prefixed(&cbs, &cookie))	841	if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
842	goto truncated;	842	goto truncated;
843	}	843	}
@@ -879,7 +879,7 @@ ssl3_get_client_hello(SSL *s)
879	* one, just return since we do not want to allocate any memory yet.	879	* one, just return since we do not want to allocate any memory yet.
880	* So check cookie length...	880	* So check cookie length...
881	*/	881	*/
882	if (SSL_IS_DTLS(s)) {	882	if (SSL_is_dtls(s)) {
883	if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {	883	if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
884	if (CBS_len(&cookie) == 0)	884	if (CBS_len(&cookie) == 0)
885	return (1);	885	return (1);
@@ -928,7 +928,7 @@ ssl3_get_client_hello(SSL *s)
928	}	928	}
929	}	929	}
930		930
931	if (SSL_IS_DTLS(s)) {	931	if (SSL_is_dtls(s)) {
932	/*	932	/*
933	* The ClientHello may contain a cookie even if the HelloVerify	933	* The ClientHello may contain a cookie even if the HelloVerify
934	* message has not been sent - make sure that it does not cause	934	* message has not been sent - make sure that it does not cause
@@ -1045,7 +1045,7 @@ ssl3_get_client_hello(SSL *s)
1045	*/	1045	*/
1046	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);	1046	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
1047		1047
1048	if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION &&	1048	if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION &&
1049	s->version < max_version) {	1049	s->version < max_version) {
1050	/*	1050	/*
1051	* RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3	1051	* RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3