crypto/tls: enforce 1.3 record version semantics

1.3 expects the record version is always 1.2 (0x0303), this previously
wasn't enforced.

Change-Id: I8bc88f588e76f9b862b57601336bb5c5ff08b30e
Reviewed-on: https://go-review.googlesource.com/c/go/+/485876
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>

diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index a5e19dcc52566b93baded000837771acc4c4dd35..847d3f8f063c6f8d9cc289d46fb6b2947eae593d 100644 (file)
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -639,10 +639,16 @@ func (c *Conn) readRecordOrCCS(expectChangeCipherSpec bool) error {
        }
 
        vers := uint16(hdr[1])<<8 | uint16(hdr[2])
+       expectedVers := c.vers
+       if expectedVers == VersionTLS13 {
+               // All TLS 1.3 records are expected to have 0x0303 (1.2) after
+               // the initial hello (RFC 8446 Section 5.1).
+               expectedVers = VersionTLS12
+       }
        n := int(hdr[3])<<8 | int(hdr[4])
-       if c.haveVers && c.vers != VersionTLS13 && vers != c.vers {
+       if c.haveVers && vers != expectedVers {
                c.sendAlert(alertProtocolVersion)
-               msg := fmt.Sprintf("received record with version %x when expecting version %x", vers, c.vers)
+               msg := fmt.Sprintf("received record with version %x when expecting version %x", vers, expectedVers)
                return c.in.setErrorLocked(c.newRecordHeaderError(nil, msg))
        }
        if !c.haveVers {

diff --git a/src/crypto/tls/conn_test.go b/src/crypto/tls/conn_test.go
index 78935b1234bc52c6308599a4dd94687ca1f3d612..5e090a017dc8e4176dc40e5537d407573d562a70 100644 (file)
--- a/src/crypto/tls/conn_test.go
+++ b/src/crypto/tls/conn_test.go
@@ -285,3 +285,35 @@ func TestHairpinInClose(t *testing.T) {
        // This call should not deadlock.
        tlsConn.Close()
 }
+
+func TestRecordBadVersionTLS13(t *testing.T) {
+       client, server := localPipe(t)
+       defer server.Close()
+       defer client.Close()
+
+       config := testConfig.Clone()
+       config.MinVersion, config.MaxVersion = VersionTLS13, VersionTLS13
+
+       go func() {
+               tlsConn := Client(client, config)
+               if err := tlsConn.Handshake(); err != nil {
+                       t.Errorf("Error from client handshake: %v", err)
+                       return
+               }
+               tlsConn.vers = 0x1111
+               tlsConn.Write([]byte{1})
+       }()
+
+       tlsConn := Server(server, config)
+       if err := tlsConn.Handshake(); err != nil {
+               t.Errorf("Error from client handshake: %v", err)
+               return
+       }
+
+       expectedErr := "tls: received record with version 1111 when expecting version 303"
+
+       _, err := tlsConn.Read(make([]byte, 10))
+       if err.Error() != expectedErr {
+               t.Fatalf("unexpected error: got %q, want %q", err, expectedErr)
+       }
+}