1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/evp.h>
11 #include "../../ssl_local.h"
12 #include "../record_local.h"
13 #include "recmethod_local.h"
14
tls_any_set_crypto_state(OSSL_RECORD_LAYER * rl,int level,unsigned char * key,size_t keylen,unsigned char * iv,size_t ivlen,unsigned char * mackey,size_t mackeylen,const EVP_CIPHER * ciph,size_t taglen,int mactype,const EVP_MD * md,const SSL_COMP * comp)15 static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
16 unsigned char *key, size_t keylen,
17 unsigned char *iv, size_t ivlen,
18 unsigned char *mackey, size_t mackeylen,
19 const EVP_CIPHER *ciph,
20 size_t taglen,
21 int mactype,
22 const EVP_MD *md,
23 const SSL_COMP *comp)
24 {
25 if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
26 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
27 return OSSL_RECORD_RETURN_FATAL;
28 }
29
30 /* No crypto protection at the "NONE" level so nothing to be done */
31
32 return OSSL_RECORD_RETURN_SUCCESS;
33 }
34
tls_any_cipher(OSSL_RECORD_LAYER * rl,SSL3_RECORD * recs,size_t n_recs,int sending,SSL_MAC_BUF * macs,size_t macsize)35 static int tls_any_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs,
36 size_t n_recs, int sending, SSL_MAC_BUF *macs,
37 size_t macsize)
38 {
39 return 1;
40 }
41
tls_validate_record_header(OSSL_RECORD_LAYER * rl,SSL3_RECORD * rec)42 static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
43 {
44 if (rec->rec_version == SSL2_VERSION) {
45 /* SSLv2 format ClientHello */
46 if (!ossl_assert(rl->version == TLS_ANY_VERSION)) {
47 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
48 return 0;
49 }
50 if (rec->length < MIN_SSL2_RECORD_LEN) {
51 RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT);
52 return 0;
53 }
54 } else {
55 if (rl->version == TLS_ANY_VERSION) {
56 if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) {
57 if (rl->is_first_record) {
58 unsigned char *p;
59
60 /*
61 * Go back to start of packet, look at the five bytes that
62 * we have.
63 */
64 p = rl->packet;
65 if (HAS_PREFIX((char *)p, "GET ") ||
66 HAS_PREFIX((char *)p, "POST ") ||
67 HAS_PREFIX((char *)p, "HEAD ") ||
68 HAS_PREFIX((char *)p, "PUT ")) {
69 RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
70 return 0;
71 } else if (HAS_PREFIX((char *)p, "CONNE")) {
72 RLAYERfatal(rl, SSL_AD_NO_ALERT,
73 SSL_R_HTTPS_PROXY_REQUEST);
74 return 0;
75 }
76
77 /* Doesn't look like TLS - don't send an alert */
78 RLAYERfatal(rl, SSL_AD_NO_ALERT,
79 SSL_R_WRONG_VERSION_NUMBER);
80 return 0;
81 } else {
82 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
83 SSL_R_WRONG_VERSION_NUMBER);
84 return 0;
85 }
86 }
87 } else if (rl->version == TLS1_3_VERSION) {
88 /*
89 * In this case we know we are going to negotiate TLSv1.3, but we've
90 * had an HRR, so we haven't actually done so yet. In TLSv1.3 we
91 * must ignore the legacy record version in plaintext records.
92 */
93 } else if (rec->rec_version != rl->version) {
94 if ((rl->version & 0xFF00) == (rec->rec_version & 0xFF00)) {
95 if (rec->type == SSL3_RT_ALERT) {
96 /*
97 * The record is using an incorrect version number,
98 * but what we've got appears to be an alert. We
99 * haven't read the body yet to check whether its a
100 * fatal or not - but chances are it is. We probably
101 * shouldn't send a fatal alert back. We'll just
102 * end.
103 */
104 RLAYERfatal(rl, SSL_AD_NO_ALERT,
105 SSL_R_WRONG_VERSION_NUMBER);
106 return 0;
107 }
108 /* Send back error using their minor version number */
109 rl->version = (unsigned short)rec->rec_version;
110 }
111 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
112 SSL_R_WRONG_VERSION_NUMBER);
113 return 0;
114 }
115 }
116 if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) {
117 /*
118 * We use SSL_R_DATA_LENGTH_TOO_LONG instead of
119 * SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method
120 * and we know that we are dealing with plaintext data
121 */
122 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
123 return 0;
124 }
125 return 1;
126 }
127
tls_any_set_protocol_version(OSSL_RECORD_LAYER * rl,int vers)128 static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
129 {
130 if (rl->version != TLS_ANY_VERSION && rl->version != vers)
131 return 0;
132 rl->version = vers;
133
134 return 1;
135 }
136
137 struct record_functions_st tls_any_funcs = {
138 tls_any_set_crypto_state,
139 tls_default_read_n,
140 tls_get_more_records,
141 tls_any_cipher,
142 NULL,
143 tls_any_set_protocol_version,
144 tls_validate_record_header,
145 tls_default_post_process_record
146 };
147
dtls_any_set_protocol_version(OSSL_RECORD_LAYER * rl,int vers)148 static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
149 {
150 if (rl->version != DTLS_ANY_VERSION && rl->version != vers)
151 return 0;
152 rl->version = vers;
153
154 return 1;
155 }
156
157 struct record_functions_st dtls_any_funcs = {
158 tls_any_set_crypto_state,
159 tls_default_read_n,
160 dtls_get_more_records,
161 tls_any_cipher,
162 NULL,
163 dtls_any_set_protocol_version,
164 NULL,
165 NULL
166 };
167
