[TLS 1.3] FIX: Record Layer must handle multiple records in compatibility mode

[reneme]

RFC 8446 5.1
   legacy_record_version:  MUST be set to 0x0303 for all records
      generated by a TLS 1.3 implementation other than an initial
      ClientHello [...] where it MAY also be 0x0301 for compatibility
      purposes.

If said Client Hello spans multiple records the above rule applies to all of them. Hence, Record_Layer cannot handle this state internally but must depend on its upstream user.

This introduces m_first_message_sent and m_first_message_received at the TLS 1.3 channel level and disables the compatibility mode in the Record_Layer accordingly.

Furthermore, another "compatibility mode" issue is fixed. Clients must not send a dummy Change Cipher Spec message prior to their second flight if this record is an unprotected Alert. The BoGo test that would have revealed that was disabled by accident.

I found these issues when starting to run BoGo server tests against the upcoming TLS 1.3 server implementation.

[codecov-commenter]

Codecov Report

Base: 92.59% // Head: 92.56% // Decreases project coverage by -0.03% ⚠️

Coverage data is based on head (4090574) compared to base (76089a3).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3064      +/-   ##
==========================================
- Coverage   92.59%   92.56%   -0.04%     
==========================================
  Files         602      602              
  Lines       70623    70650      +27     
  Branches     6666     6662       -4     
==========================================
+ Hits        65396    65398       +2     
- Misses       5197     5222      +25     
  Partials       30       30              

Impacted Files	Coverage Δ
src/lib/tls/tls13/tls_channel_impl_13.cpp	94.79% <100.00%> (+0.21%)	⬆️
src/lib/tls/tls13/tls_record_layer_13.cpp	100.00% <100.00%> (ø)
src/tests/test_tls_record_layer_13.cpp	99.08% <100.00%> (+0.03%)	⬆️
src/lib/entropy/rdseed/rdseed.cpp	21.73% <0.00%> (-78.27%)	⬇️
src/lib/utils/cpuid/cpuid_x86.cpp	74.02% <0.00%> (-14.29%)	⬇️
src/cli/cli_rng.cpp	75.00% <0.00%> (-5.77%)	⬇️
src/lib/asn1/der_enc.cpp	83.85% <0.00%> (-2.49%)	⬇️
src/lib/misc/cryptobox/cryptobox.cpp	94.52% <0.00%> (-1.37%)	⬇️
src/lib/tls/msg_server_hello.cpp	93.36% <0.00%> (+0.41%)	⬆️
src/lib/tls/tls13/tls_client_impl_13.cpp	95.72% <0.00%> (+0.42%)	⬆️
... and 5 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.