Replace some DTLS version checks with SSL_IS_DTLS.

They weren't updated to account for DTLS 1.2.

Change-Id: I81b3bfcb84a46d7b233bb567976a7de37bc46b92
Reviewed-on: https://boringssl-review.googlesource.com/1503
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_both.c

@@ -590,7 +590,7 @@ int ssl3_setup_read_buffer(SSL *s)
 	unsigned char *p;
 	size_t len,align=0,headerlen;
 	
-	if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+	if (SSL_IS_DTLS(s))
 		headerlen = DTLS1_RT_HEADER_LENGTH;
 	else
 		headerlen = SSL3_RT_HEADER_LENGTH;

ssl/s3_pkt.c

@@ -886,8 +886,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
 			return(s->s3->wpend_ret);
 			}
 		else if (i <= 0) {
-			if (s->version == DTLS1_VERSION ||
+			if (SSL_IS_DTLS(s)) {
-			    s->version == DTLS1_BAD_VER) {
 				/* For DTLS, just drop it. That's kind of the whole
 				   point in using a datagram service */
 				wb->left = 0;

ssl/t1_enc.c

@@ -495,8 +495,9 @@ int tls1_change_cipher_state(SSL *s, int which)
 	unsigned key_len, iv_len, mac_secret_len;
 	const unsigned char *key_data;
 
-	/* Reset sequence number to zero. */
+	/* Reset sequence number to zero.
-	if (s->version != DTLS1_VERSION)
+	 * TODO(davidben): Is this redundant with dtls1_reset_seq_numbers? */
+	if (SSL_IS_DTLS(s))
 		memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8);
 
 	/* key_arg is used for SSLv2. We don't need it for TLS. */
@@ -735,7 +736,7 @@ int tls1_enc(SSL *s, int send)
 
 		seq = send ? s->s3->write_sequence : s->s3->read_sequence;
 
-		if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
+		if (SSL_IS_DTLS(s))
 			{
 			unsigned char dtlsseq[9], *p = dtlsseq;
 

ssl/t1_lib.c

@@ -320,7 +320,7 @@ char ssl_early_callback_init(struct ssl_early_callback_ctx *ctx)
 	ctx->session_id_len = CBS_len(&session_id);
 
 	/* Skip past DTLS cookie */
-	if (ctx->ssl->version == DTLS1_VERSION || ctx->ssl->version == DTLS1_BAD_VER)
+	if (SSL_IS_DTLS(ctx->ssl))
 		{
 		CBS cookie;