Added used_hello_retry_request function

boring/src/ssl/mod.rs

@@ -2937,6 +2937,11 @@ impl SslRef {
         }
     }
 
+    /// Returns whether the TLS 1.3 HelloRetryRequest was used
+    pub fn used_hello_retry_request(&self) -> bool {
+        unsafe { ffi::SSL_used_hello_retry_request(self.as_ptr()) == 1 }
+    }
+
     /// Returns an `ErrorCode` value for the most recent operation on this `SslRef`.
     #[corresponds(SSL_get_error)]
     #[must_use]

boring/src/ssl/test/mod.rs

@@ -1025,6 +1025,51 @@ fn get_curve() {
     assert!(curve_name.is_some());
 }
 
+#[test]
+fn used_hello_retry_request_true() {
+    let mut server_builder = Server::builder();
+    // Configures the server to prefer it's options over the client
+    server_builder
+        .ctx()
+        .set_options(SslOptions::CIPHER_SERVER_PREFERENCE);
+    server_builder
+        .ctx()
+        .set_curves_list("P-256:X25519")
+        .unwrap();
+    let server = server_builder.build();
+    let mut client_builder = server.client_with_root_ca();
+    // configures the client to send this supported groups
+    client_builder
+        .ctx()
+        .set_curves_list("X25519:P-256")
+        .unwrap();
+
+    let client_stream = client_builder.connect();
+    let ssl = client_stream.ssl();
+    assert!(ssl.used_hello_retry_request());
+}
+
+#[test]
+fn used_hello_retry_request_false() {
+    let mut server_builder = Server::builder();
+    // Server doesn't configure CIPHER_SERVER_PREFERENCE, so it will use the preference of the client
+    server_builder
+        .ctx()
+        .set_curves_list("P-256:X25519")
+        .unwrap();
+    let server = server_builder.build();
+    let mut client_builder = server.client_with_root_ca();
+    // configures the client to send this supported groups
+    client_builder
+        .ctx()
+        .set_curves_list("X25519:P-256")
+        .unwrap();
+
+    let client_stream = client_builder.connect();
+    let ssl = client_stream.ssl();
+    assert!(!ssl.used_hello_retry_request());
+}
+
 #[test]
 fn test_get_ciphers() {
     let ctx_builder = SslContext::builder(SslMethod::tls()).unwrap();