Refactor the server hello processing code in the TLSv1.3 client.

Use flags to signal the need to switch to the legacy client and to identify
a hello retry request. This allows the caller to take appropriate action,
rather than trying to do this in the parsing/processing code.

Split the key deriviation and record protection engagement code into a
separate function, both for readability and reuse.

Change handshake states outside of the processing code.

ok tb@

1 files changed, 4 insertions, 1 deletions

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index fc2528db16..7f3e8a63a8 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.261 2020/02/05 16:47:34 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.262 2020/02/05 17:30:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -457,6 +457,9 @@ typedef struct ssl_handshake_tls13_st {
         uint16_t max_version;
         uint16_t version;
 
+        int use_legacy;
+        int hrr;
+
         /* Version proposed by peer server. */
         uint16_t server_version;