Apply bugs to second, TLS 1.3 ClientHello.

Based on elements of the Bugs structure, runner will tweak a ClientHello
message after parsing. However, unless the same tweaks are made to a
second ClientHello in a TLS 1.3 connection, it might appear that they
don't match.

Change-Id: I4467c8ece12dc75c7c7b0fad9e622e6783c55f21
Reviewed-on: https://boringssl-review.googlesource.com/14224
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/test/runner/handshake_server.go

@@ -342,19 +342,23 @@ func (hs *serverHandshakeState) readClientHello() error {
 		}
 	}
 
-	if config.Bugs.IgnorePeerSignatureAlgorithmPreferences {
+	applyBugsToClientHello(hs.clientHello, config)
-		hs.clientHello.signatureAlgorithms = config.signSignatureAlgorithms()
-	}
-	if config.Bugs.IgnorePeerCurvePreferences {
-		hs.clientHello.supportedCurves = config.curvePreferences()
-	}
-	if config.Bugs.IgnorePeerCipherPreferences {
-		hs.clientHello.cipherSuites = config.cipherSuites()
-	}
 
 	return nil
 }
 
+func applyBugsToClientHello(clientHello *clientHelloMsg, config *Config) {
+	if config.Bugs.IgnorePeerSignatureAlgorithmPreferences {
+		clientHello.signatureAlgorithms = config.signSignatureAlgorithms()
+	}
+	if config.Bugs.IgnorePeerCurvePreferences {
+		clientHello.supportedCurves = config.curvePreferences()
+	}
+	if config.Bugs.IgnorePeerCipherPreferences {
+		clientHello.cipherSuites = config.cipherSuites()
+	}
+}
+
 func (hs *serverHandshakeState) doTLS13Handshake() error {
 	c := hs.c
 	config := c.config
@@ -587,6 +591,8 @@ ResendHelloRetryRequest:
 		}
 		hs.writeClientHash(newClientHello.marshal())
 
+		applyBugsToClientHello(newClientHello, config)
+
 		// Check that the new ClientHello matches the old ClientHello,
 		// except for relevant modifications.
 		//