ssl/record/methods/tlsany_meth.c

   1 /*
   2  * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <openssl/evp.h>
  11 #include "../../ssl_local.h"
  12 #include "../record_local.h"
  13 #include "recmethod_local.h"
  14
  15 #define MIN_SSL2_RECORD_LEN     9
  16
  17 static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
  18                                     unsigned char *key, size_t keylen,
  19                                     unsigned char *iv, size_t ivlen,
  20                                     unsigned char *mackey, size_t mackeylen,
  21                                     const EVP_CIPHER *ciph,
  22                                     size_t taglen,
  23                                     int mactype,
  24                                     const EVP_MD *md,
  25                                     COMP_METHOD *comp)
  26 {
  27     if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
  28         ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
  29         return OSSL_RECORD_RETURN_FATAL;
  30     }
  31
  32     /* No crypto protection at the "NONE" level so nothing to be done */
  33
  34     return OSSL_RECORD_RETURN_SUCCESS;
  35 }
  36
  37 static int tls_any_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
  38                           size_t n_recs, int sending, SSL_MAC_BUF *macs,
  39                           size_t macsize)
  40 {
  41     return 1;
  42 }
  43
  44 static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
  45 {
  46     if (rec->rec_version == SSL2_VERSION) {
  47         /* SSLv2 format ClientHello */
  48         if (!ossl_assert(rl->version == TLS_ANY_VERSION)) {
  49             RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  50             return 0;
  51         }
  52         if (rec->length < MIN_SSL2_RECORD_LEN) {
  53             RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT);
  54             return 0;
  55         }
  56     } else {
  57         if (rl->version == TLS_ANY_VERSION) {
  58             if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) {
  59                 if (rl->is_first_record) {
  60                     unsigned char *p;
  61
  62                     /*
  63                      * Go back to start of packet, look at the five bytes that
  64                      * we have.
  65                      */
  66                     p = rl->packet;
  67                     if (HAS_PREFIX((char *)p, "GET ") ||
  68                         HAS_PREFIX((char *)p, "POST ") ||
  69                         HAS_PREFIX((char *)p, "HEAD ") ||
  70                         HAS_PREFIX((char *)p, "PUT ")) {
  71                         RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
  72                         return 0;
  73                     } else if (HAS_PREFIX((char *)p, "CONNE")) {
  74                         RLAYERfatal(rl, SSL_AD_NO_ALERT,
  75                                     SSL_R_HTTPS_PROXY_REQUEST);
  76                         return 0;
  77                     }
  78
  79                     /* Doesn't look like TLS - don't send an alert */
  80                     RLAYERfatal(rl, SSL_AD_NO_ALERT,
  81                                 SSL_R_WRONG_VERSION_NUMBER);
  82                     return 0;
  83                 } else {
  84                     RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
  85                                 SSL_R_WRONG_VERSION_NUMBER);
  86                     return 0;
  87                 }
  88             }
  89         } else if (rl->version == TLS1_3_VERSION) {
  90             /*
  91              * In this case we know we are going to negotiate TLSv1.3, but we've
  92              * had an HRR, so we haven't actually done so yet. In TLSv1.3 we
  93              * must ignore the legacy record version in plaintext records.
  94              */
  95         } else if (rec->rec_version != rl->version) {
  96             if ((rl->version & 0xFF00) == (rec->rec_version & 0xFF00)) {
  97                 if (rec->type == SSL3_RT_ALERT) {
  98                     /*
  99                      * The record is using an incorrect version number,
 100                      * but what we've got appears to be an alert. We
 101                      * haven't read the body yet to check whether its a
 102                      * fatal or not - but chances are it is. We probably
 103                      * shouldn't send a fatal alert back. We'll just
 104                      * end.
 105                      */
 106                     RLAYERfatal(rl, SSL_AD_NO_ALERT,
 107                                 SSL_R_WRONG_VERSION_NUMBER);
 108                     return 0;
 109                 }
 110                 /* Send back error using their minor version number */
 111                 rl->version = (unsigned short)rec->rec_version;
 112             }
 113             RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
 114                         SSL_R_WRONG_VERSION_NUMBER);
 115             return 0;
 116         }
 117     }
 118     if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) {
 119         /*
 120          * We use SSL_R_DATA_LENGTH_TOO_LONG instead of
 121          * SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method
 122          * and we know that we are dealing with plaintext data
 123          */
 124         RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
 125         return 0;
 126     }
 127     return 1;
 128 }
 129
 130 static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
 131 {
 132     if (rl->version != TLS_ANY_VERSION && rl->version != vers)
 133         return 0;
 134     rl->version = vers;
 135
 136     return 1;
 137 }
 138
 139 static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
 140                                           size_t mac_size,
 141                                           WPACKET *thispkt,
 142                                           TLS_RL_RECORD *thiswr)
 143 {
 144     /* No encryption, so nothing to do */
 145     return 1;
 146 }
 147
 148 const struct record_functions_st tls_any_funcs = {
 149     tls_any_set_crypto_state,
 150     tls_any_cipher,
 151     NULL,
 152     tls_any_set_protocol_version,
 153     tls_default_read_n,
 154     tls_get_more_records,
 155     tls_validate_record_header,
 156     tls_default_post_process_record,
 157     tls_get_max_records_default,
 158     tls_write_records_default,
 159     tls_allocate_write_buffers_default,
 160     tls_initialise_write_packets_default,
 161     NULL,
 162     tls_prepare_record_header_default,
 163     NULL,
 164     tls_any_prepare_for_encryption,
 165     tls_post_encryption_processing_default,
 166     NULL
 167 };
 168
 169 static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
 170 {
 171     if (rl->version != DTLS_ANY_VERSION && rl->version != vers)
 172         return 0;
 173     rl->version = vers;
 174
 175     return 1;
 176 }
 177
 178 const struct record_functions_st dtls_any_funcs = {
 179     tls_any_set_crypto_state,
 180     tls_any_cipher,
 181     NULL,
 182     dtls_any_set_protocol_version,
 183     tls_default_read_n,
 184     dtls_get_more_records,
 185     NULL,
 186     NULL,
 187     NULL,
 188     tls_write_records_default,
 189     tls_allocate_write_buffers_default,
 190     tls_initialise_write_packets_default,
 191     NULL,
 192     dtls_prepare_record_header,
 193     NULL,
 194     tls_prepare_for_encryption_default,
 195     dtls_post_encryption_processing,
 196     NULL
 197 };