Replace some DTLS version checks with SSL_IS_DTLS.
They weren't updated to account for DTLS 1.2.
Change-Id: I81b3bfcb84a46d7b233bb567976a7de37bc46b92
Reviewed-on: https://boringssl-review.googlesource.com/1503
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index de2a9f7..f45ca62 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -590,7 +590,7 @@
unsigned char *p;
size_t len,align=0,headerlen;
- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH;
else
headerlen = SSL3_RT_HEADER_LENGTH;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 2b5021f..393d883 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -886,8 +886,7 @@
return(s->s3->wpend_ret);
}
else if (i <= 0) {
- if (s->version == DTLS1_VERSION ||
- s->version == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
/* For DTLS, just drop it. That's kind of the whole
point in using a datagram service */
wb->left = 0;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 59f70e8..42e3410 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -495,8 +495,9 @@
unsigned key_len, iv_len, mac_secret_len;
const unsigned char *key_data;
- /* Reset sequence number to zero. */
- if (s->version != DTLS1_VERSION)
+ /* Reset sequence number to zero.
+ * TODO(davidben): Is this redundant with dtls1_reset_seq_numbers? */
+ if (SSL_IS_DTLS(s))
memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8);
/* key_arg is used for SSLv2. We don't need it for TLS. */
@@ -735,7 +736,7 @@
seq = send ? s->s3->write_sequence : s->s3->read_sequence;
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(s))
{
unsigned char dtlsseq[9], *p = dtlsseq;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index df7b3fb..a8004a7 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -320,7 +320,7 @@
ctx->session_id_len = CBS_len(&session_id);
/* Skip past DTLS cookie */
- if (ctx->ssl->version == DTLS1_VERSION || ctx->ssl->version == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(ctx->ssl))
{
CBS cookie;
