Fix DTLS_ANY_VERSION and add tests.

This fixes bugs that kept the tests from working:

- Resolve DTLS version and cookie before the session.

- In DTLS_ANY_VERSION, ServerHello should be read with first_packet = 1. This
  is a regression from f2fedefdcaf62f10b566f55858c25f35112072ea. We'll want to
  do the same for TLS, but first let's change this to a boolean has_version in a
  follow-up.

Things not yet fixed:

- DTLS code is not EVP_AEAD-aware. Those ciphers are disabled for now.

- On the client, DTLS_ANY_VERSION creates SSL_SESSIONs with the wrong
  ssl_version. The tests pass because we no longer enforce the match as of
  e37216f56009fbf48c3a1e733b7a546ca6dfc2af. (In fact, we've gone from the server
  ignoring ssl_version and client enforcing to the client mostly ignoring
  ssl_version and the server enforcing.)

- ssl3_send_client_hello's ssl_version check checks for equality against
  s->version rather than >.

Change-Id: I5a0dde221b2009413df9b9443882b9bf3b29519c
Reviewed-on: https://boringssl-review.googlesource.com/2403
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 66f32d5..6f47e95 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -805,6 +805,11 @@
 	uint8_t compression_method;
 	unsigned long mask_ssl;
 
+	/* DTLS_ANY_VERSION does not sniff the version ahead of time,
+	 * so disable the version check. */
+	if (SSL_IS_DTLS(s))
+		s->first_packet = 1;
+
 	n=s->method->ssl_get_message(s,
 		SSL3_ST_CR_SRVR_HELLO_A,
 		SSL3_ST_CR_SRVR_HELLO_B,
@@ -813,6 +818,9 @@
 		SSL_GET_MESSAGE_HASH_MESSAGE,
 		&ok);
 
+	if (SSL_IS_DTLS(s))
+		s->first_packet = 0;
+
 	if (!ok) return((int)n);
 
 	CBS_init(&server_hello, s->init_msg, n);