Add record version checks.

When legacy version is below TLSv1.2 ensure that the record version is
SSL3/TLS, however when the legacy version is set to TLSv1.2 require this
specifically.

ok beck@ tb@

3 files changed, 28 insertions, 18 deletions

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index d597ef5a96..d35610e179 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.77 2020/05/11 17:46:46 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.78 2020/05/11 18:03:51 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -27,17 +27,18 @@
 
 __BEGIN_HIDDEN_DECLS
 
-#define TLS13_HS_CLIENT         1
-#define TLS13_HS_SERVER         2
-
-#define TLS13_IO_SUCCESS         1
-#define TLS13_IO_EOF             0
-#define TLS13_IO_FAILURE        -1
-#define TLS13_IO_ALERT          -2
-#define TLS13_IO_WANT_POLLIN    -3
-#define TLS13_IO_WANT_POLLOUT   -4
-#define TLS13_IO_WANT_RETRY     -5 /* Retry the previous call immediately. */
-#define TLS13_IO_USE_LEGACY     -6
+#define TLS13_HS_CLIENT                 1
+#define TLS13_HS_SERVER                 2
+
+#define TLS13_IO_SUCCESS                 1
+#define TLS13_IO_EOF                     0
+#define TLS13_IO_FAILURE                -1
+#define TLS13_IO_ALERT                  -2
+#define TLS13_IO_WANT_POLLIN            -3
+#define TLS13_IO_WANT_POLLOUT           -4
+#define TLS13_IO_WANT_RETRY             -5 /* Retry the previous call immediately. */
+#define TLS13_IO_USE_LEGACY             -6
+#define TLS13_IO_RECORD_VERSION         -7
 
 #define TLS13_ERR_VERIFY_FAILED         16
 #define TLS13_ERR_HRR_FAILED            17
diff --git a/src/lib/libssl/tls13_record.c b/src/lib/libssl/tls13_record.c
index 9ab4cdba36..ca61a94ff1 100644
--- a/src/lib/libssl/tls13_record.c
+++ b/src/lib/libssl/tls13_record.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record.c,v 1.4 2020/02/15 14:36:58 jsing Exp $ */
+/* $OpenBSD: tls13_record.c,v 1.5 2020/05/11 18:03:51 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -146,6 +146,8 @@ tls13_record_recv(struct tls13_record *rec, tls13_read_cb wire_read,
                         return TLS13_IO_FAILURE;
 
                 /* XXX - record overflow alert. */
+                if ((rec_version >> 8) != SSL3_VERSION_MAJOR)
+                        return TLS13_IO_RECORD_VERSION;
                 if (rec_len > TLS13_RECORD_MAX_CIPHERTEXT_LEN)
                         return TLS13_IO_FAILURE;
 
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index e7650b1ecc..8ca52d0b7f 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.39 2020/05/11 17:46:46 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.40 2020/05/11 18:03:51 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -769,11 +769,18 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
                         goto err;
         }
 
-        if ((ret = tls13_record_recv(rl->rrec, rl->cb.wire_read, rl->cb_arg)) <= 0)
+        if ((ret = tls13_record_recv(rl->rrec, rl->cb.wire_read, rl->cb_arg)) <= 0) {
+                switch (ret) {
+                case TLS13_IO_RECORD_VERSION:
+                        return tls13_send_alert(rl, SSL_AD_PROTOCOL_VERSION);
+                }
                 return ret;
-
-        /* XXX - record version checks. */
-
+        }
+ 
+        if (rl->legacy_version == TLS1_2_VERSION &&
+            tls13_record_version(rl->rrec) != TLS1_2_VERSION)
+                return tls13_send_alert(rl, SSL_AD_PROTOCOL_VERSION);
+ 
         content_type = tls13_record_content_type(rl->rrec);
 
         /*