The state machine now takes care of setting the legacy state,

so it is no longer necessary in to do this by hand in various
places of the code interfacing with the legacy stack.

ok jsing

diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index f71bac4..cd9ec99 100644 (file)
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: tls13_legacy.c,v 1.24 2021/04/19 16:51:56 jsing Exp $ */
+/*     $OpenBSD: tls13_legacy.c,v 1.25 2021/06/28 15:36:51 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -361,8 +361,6 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
        s->internal->handshake_func = s->method->internal->ssl_connect;
        s->client_version = s->version = s->method->internal->max_tls_version;
 
-       ctx->hs->state = SSL3_ST_CR_SRVR_HELLO_A;
-
        return 1;
 }
 
@@ -378,8 +376,6 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
        s->client_version = s->version = s->method->internal->max_tls_version;
        s->server = 1;
 
-       ctx->hs->state = SSL3_ST_SR_CLNT_HELLO_A;
-
        return 1;
 }
 
@@ -406,13 +402,10 @@ tls13_legacy_accept(SSL *ssl)
        }
 
        ERR_clear_error();
-       ctx->hs->state = SSL_ST_ACCEPT;
 
        ret = tls13_server_accept(ctx);
        if (ret == TLS13_IO_USE_LEGACY)
                return ssl->method->internal->ssl_accept(ssl);
-       if (ret == TLS13_IO_SUCCESS)
-               ctx->hs->state = SSL_ST_OK;
 
        return tls13_legacy_return_code(ssl, ret);
 }
@@ -448,13 +441,10 @@ tls13_legacy_connect(SSL *ssl)
        }
 
        ERR_clear_error();
-       ctx->hs->state = SSL_ST_CONNECT;
 
        ret = tls13_client_connect(ctx);
        if (ret == TLS13_IO_USE_LEGACY)
                return ssl->method->internal->ssl_connect(ssl);
-       if (ret == TLS13_IO_SUCCESS)
-               ctx->hs->state = SSL_ST_OK;
 
        return tls13_legacy_return_code(ssl, ret);
 }