Add record version checks.

When legacy version is below TLSv1.2 ensure that the record version is SSL3/TLS, however when the legacy version is set to TLSv1.2 require this specifically. ok beck@ tb@
author: jsing <> 2020-05-11 18:03:51 +0000
committer: jsing <> 2020-05-11 18:03:51 +0000
commit: 825d508a4b688821e99561b72a842c81c93b84a5 (patch)
tree: 8db77e997c933fb8987ec9250fff46520b8c6487 /src/lib/libssl/tls13_internal.h
parent: 28b584ddd2d0a41bceacbb1c350d790e3a39cd75 (diff)
download: openbsd-825d508a4b688821e99561b72a842c81c93b84a5.tar.gz
openbsd-825d508a4b688821e99561b72a842c81c93b84a5.tar.bz2
openbsd-825d508a4b688821e99561b72a842c81c93b84a5.zip
1 files changed, 13 insertions, 12 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index d597ef5a96..d35610e179 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.77 2020/05/11 17:46:46 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.78 2020/05/11 18:03:51 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -27,17 +27,18 @@
 __BEGIN_HIDDEN_DECLS
-#define TLS13_HS_CLIENT         1
+#define TLS13_HS_CLIENT                 1
-#define TLS13_HS_SERVER         2
+#define TLS13_HS_SERVER                 2
-#define TLS13_IO_SUCCESS         1
+#define TLS13_IO_SUCCESS                 1
-#define TLS13_IO_EOF             0
+#define TLS13_IO_EOF                     0
-#define TLS13_IO_FAILURE        -1
+#define TLS13_IO_FAILURE                -1
-#define TLS13_IO_ALERT          -2
+#define TLS13_IO_ALERT                  -2
-#define TLS13_IO_WANT_POLLIN    -3
+#define TLS13_IO_WANT_POLLIN            -3
-#define TLS13_IO_WANT_POLLOUT   -4
+#define TLS13_IO_WANT_POLLOUT           -4
-#define TLS13_IO_WANT_RETRY     -5 /* Retry the previous call immediately. */
+#define TLS13_IO_WANT_RETRY             -5 /* Retry the previous call immediately. */
-#define TLS13_IO_USE_LEGACY     -6
+#define TLS13_IO_USE_LEGACY             -6
+#define TLS13_IO_RECORD_VERSION         -7
 #define TLS13_ERR_VERIFY_FAILED         16
 #define TLS13_ERR_HRR_FAILED            17
author	jsing <>	2020-05-11 18:03:51 +0000
committer	jsing <>	2020-05-11 18:03:51 +0000
commit	825d508a4b688821e99561b72a842c81c93b84a5 (patch)
tree	8db77e997c933fb8987ec9250fff46520b8c6487 /src/lib/libssl/tls13_internal.h
parent	28b584ddd2d0a41bceacbb1c350d790e3a39cd75 (diff)
download	openbsd-825d508a4b688821e99561b72a842c81c93b84a5.tar.gz openbsd-825d508a4b688821e99561b72a842c81c93b84a5.tar.bz2 openbsd-825d508a4b688821e99561b72a842c81c93b84a5.zip

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index d597ef5a96..d35610e179 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_internal.h,v 1.77 2020/05/11 17:46:46 jsing Exp $ */	1	/* $OpenBSD: tls13_internal.h,v 1.78 2020/05/11 18:03:51 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -27,17 +27,18 @@
27		27
28	__BEGIN_HIDDEN_DECLS	28	__BEGIN_HIDDEN_DECLS
29		29
30	#define TLS13_HS_CLIENT 1	30	#define TLS13_HS_CLIENT 1
31	#define TLS13_HS_SERVER 2	31	#define TLS13_HS_SERVER 2
32		32
33	#define TLS13_IO_SUCCESS 1	33	#define TLS13_IO_SUCCESS 1
34	#define TLS13_IO_EOF 0	34	#define TLS13_IO_EOF 0
35	#define TLS13_IO_FAILURE -1	35	#define TLS13_IO_FAILURE -1
36	#define TLS13_IO_ALERT -2	36	#define TLS13_IO_ALERT -2
37	#define TLS13_IO_WANT_POLLIN -3	37	#define TLS13_IO_WANT_POLLIN -3
38	#define TLS13_IO_WANT_POLLOUT -4	38	#define TLS13_IO_WANT_POLLOUT -4
39	#define TLS13_IO_WANT_RETRY -5 /* Retry the previous call immediately. */	39	#define TLS13_IO_WANT_RETRY -5 /* Retry the previous call immediately. */
40	#define TLS13_IO_USE_LEGACY -6	40	#define TLS13_IO_USE_LEGACY -6
		41	#define TLS13_IO_RECORD_VERSION -7
41		42
42	#define TLS13_ERR_VERIFY_FAILED 16	43	#define TLS13_ERR_VERIFY_FAILED 16
43	#define TLS13_ERR_HRR_FAILED 17	44	#define TLS13_ERR_HRR_FAILED 17