ssl/record/methods/tlsany_meth.c

   1 /*
   2  * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <openssl/evp.h>
  11 #include "../../ssl_local.h"
  12 #include "../record_local.h"
  13 #include "recmethod_local.h"
  14
  15 static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
  16                                     unsigned char *key, size_t keylen,
  17                                     unsigned char *iv, size_t ivlen,
  18                                     unsigned char *mackey, size_t mackeylen,
  19                                     const EVP_CIPHER *ciph,
  20                                     size_t taglen,
  21                                     int mactype,
  22                                     const EVP_MD *md,
  23                                     COMP_METHOD *comp)
  24 {
  25     if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
  26         ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  27         return OSSL_RECORD_RETURN_FATAL;
  28     }
  29
  30     /* No crypto protection at the "NONE" level so nothing to be done */
  31
  32     return OSSL_RECORD_RETURN_SUCCESS;
  33 }
  34
  35 static int tls_any_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs,
  36                           size_t n_recs, int sending, SSL_MAC_BUF *macs,
  37                           size_t macsize)
  38 {
  39     return 1;
  40 }
  41
  42 static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
  43 {
  44     if (rec->rec_version == SSL2_VERSION) {
  45         /* SSLv2 format ClientHello */
  46         if (!ossl_assert(rl->version == TLS_ANY_VERSION)) {
  47             RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  48             return 0;
  49         }
  50         if (rec->length < MIN_SSL2_RECORD_LEN) {
  51             RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT);
  52             return 0;
  53         }
  54     } else {
  55         if (rl->version == TLS_ANY_VERSION) {
  56             if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) {
  57                 if (rl->is_first_record) {
  58                     unsigned char *p;
  59
  60                     /*
  61                      * Go back to start of packet, look at the five bytes that
  62                      * we have.
  63                      */
  64                     p = rl->packet;
  65                     if (HAS_PREFIX((char *)p, "GET ") ||
  66                         HAS_PREFIX((char *)p, "POST ") ||
  67                         HAS_PREFIX((char *)p, "HEAD ") ||
  68                         HAS_PREFIX((char *)p, "PUT ")) {
  69                         RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
  70                         return 0;
  71                     } else if (HAS_PREFIX((char *)p, "CONNE")) {
  72                         RLAYERfatal(rl, SSL_AD_NO_ALERT,
  73                                     SSL_R_HTTPS_PROXY_REQUEST);
  74                         return 0;
  75                     }
  76
  77                     /* Doesn't look like TLS - don't send an alert */
  78                     RLAYERfatal(rl, SSL_AD_NO_ALERT,
  79                                 SSL_R_WRONG_VERSION_NUMBER);
  80                     return 0;
  81                 } else {
  82                     RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
  83                                 SSL_R_WRONG_VERSION_NUMBER);
  84                     return 0;
  85                 }
  86             }
  87         } else if (rl->version == TLS1_3_VERSION) {
  88             /*
  89              * In this case we know we are going to negotiate TLSv1.3, but we've
  90              * had an HRR, so we haven't actually done so yet. In TLSv1.3 we
  91              * must ignore the legacy record version in plaintext records.
  92              */
  93         } else if (rec->rec_version != rl->version) {
  94             if ((rl->version & 0xFF00) == (rec->rec_version & 0xFF00)) {
  95                 if (rec->type == SSL3_RT_ALERT) {
  96                     /*
  97                      * The record is using an incorrect version number,
  98                      * but what we've got appears to be an alert. We
  99                      * haven't read the body yet to check whether its a
 100                      * fatal or not - but chances are it is. We probably
 101                      * shouldn't send a fatal alert back. We'll just
 102                      * end.
 103                      */
 104                     RLAYERfatal(rl, SSL_AD_NO_ALERT,
 105                                 SSL_R_WRONG_VERSION_NUMBER);
 106                     return 0;
 107                 }
 108                 /* Send back error using their minor version number */
 109                 rl->version = (unsigned short)rec->rec_version;
 110             }
 111             RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
 112                         SSL_R_WRONG_VERSION_NUMBER);
 113             return 0;
 114         }
 115     }
 116     if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) {
 117         /*
 118          * We use SSL_R_DATA_LENGTH_TOO_LONG instead of
 119          * SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method
 120          * and we know that we are dealing with plaintext data
 121          */
 122         RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
 123         return 0;
 124     }
 125     return 1;
 126 }
 127
 128 static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
 129 {
 130     if (rl->version != TLS_ANY_VERSION && rl->version != vers)
 131         return 0;
 132     rl->version = vers;
 133
 134     return 1;
 135 }
 136
 137 static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
 138                                           size_t mac_size,
 139                                           WPACKET *thispkt,
 140                                           SSL3_RECORD *thiswr)
 141 {
 142     /* No encryption, so nothing to do */
 143     return 1;
 144 }
 145
 146 struct record_functions_st tls_any_funcs = {
 147     tls_any_set_crypto_state,
 148     tls_any_cipher,
 149     NULL,
 150     tls_any_set_protocol_version,
 151     tls_default_read_n,
 152     tls_get_more_records,
 153     tls_validate_record_header,
 154     tls_default_post_process_record,
 155     tls_get_max_records_default,
 156     tls_write_records_default,
 157     tls_allocate_write_buffers_default,
 158     tls_initialise_write_packets_default,
 159     NULL,
 160     tls_prepare_record_header_default,
 161     NULL,
 162     tls_any_prepare_for_encryption,
 163     tls_post_encryption_processing_default,
 164     NULL
 165 };
 166
 167 static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
 168 {
 169     if (rl->version != DTLS_ANY_VERSION && rl->version != vers)
 170         return 0;
 171     rl->version = vers;
 172
 173     return 1;
 174 }
 175
 176 struct record_functions_st dtls_any_funcs = {
 177     tls_any_set_crypto_state,
 178     tls_any_cipher,
 179     NULL,
 180     dtls_any_set_protocol_version,
 181     tls_default_read_n,
 182     dtls_get_more_records,
 183     NULL,
 184     NULL,
 185     NULL,
 186     dtls_write_records,
 187     tls_allocate_write_buffers_default,
 188     tls_initialise_write_packets_default,
 189     NULL,
 190     dtls_prepare_record_header,
 191     NULL,
 192     tls_prepare_for_encryption_default,
 193     tls_post_encryption_processing_default,
 194     NULL
 195 };