1 /*
2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/evp.h>
11 #include "../../ssl_local.h"
12 #include "../record_local.h"
13 #include "recmethod_local.h"
14
15 #define MIN_SSL2_RECORD_LEN 9
16
tls_any_set_crypto_state(OSSL_RECORD_LAYER * rl,int level,unsigned char * key,size_t keylen,unsigned char * iv,size_t ivlen,unsigned char * mackey,size_t mackeylen,const EVP_CIPHER * ciph,size_t taglen,int mactype,const EVP_MD * md,COMP_METHOD * comp)17 static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
18 unsigned char *key, size_t keylen,
19 unsigned char *iv, size_t ivlen,
20 unsigned char *mackey, size_t mackeylen,
21 const EVP_CIPHER *ciph,
22 size_t taglen,
23 int mactype,
24 const EVP_MD *md,
25 COMP_METHOD *comp)
26 {
27 if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
28 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
29 return OSSL_RECORD_RETURN_FATAL;
30 }
31
32 /* No crypto protection at the "NONE" level so nothing to be done */
33
34 return OSSL_RECORD_RETURN_SUCCESS;
35 }
36
tls_any_cipher(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * recs,size_t n_recs,int sending,SSL_MAC_BUF * macs,size_t macsize)37 static int tls_any_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
38 size_t n_recs, int sending, SSL_MAC_BUF *macs,
39 size_t macsize)
40 {
41 return 1;
42 }
43
tls_validate_record_header(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * rec)44 static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
45 {
46 if (rec->rec_version == SSL2_VERSION) {
47 /* SSLv2 format ClientHello */
48 if (!ossl_assert(rl->version == TLS_ANY_VERSION)) {
49 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
50 return 0;
51 }
52 if (rec->length < MIN_SSL2_RECORD_LEN) {
53 RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT);
54 return 0;
55 }
56 } else {
57 if (rl->version == TLS_ANY_VERSION) {
58 if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) {
59 if (rl->is_first_record) {
60 unsigned char *p;
61
62 /*
63 * Go back to start of packet, look at the five bytes that
64 * we have.
65 */
66 p = rl->packet;
67 if (HAS_PREFIX((char *)p, "GET ") ||
68 HAS_PREFIX((char *)p, "POST ") ||
69 HAS_PREFIX((char *)p, "HEAD ") ||
70 HAS_PREFIX((char *)p, "PATCH") ||
71 HAS_PREFIX((char *)p, "OPTIO") ||
72 HAS_PREFIX((char *)p, "DELET") ||
73 HAS_PREFIX((char *)p, "TRACE") ||
74 HAS_PREFIX((char *)p, "PUT ")) {
75 RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
76 return 0;
77 } else if (HAS_PREFIX((char *)p, "CONNE")) {
78 RLAYERfatal(rl, SSL_AD_NO_ALERT,
79 SSL_R_HTTPS_PROXY_REQUEST);
80 return 0;
81 }
82
83 /* Doesn't look like TLS - don't send an alert */
84 RLAYERfatal(rl, SSL_AD_NO_ALERT,
85 SSL_R_WRONG_VERSION_NUMBER);
86 return 0;
87 } else {
88 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
89 SSL_R_WRONG_VERSION_NUMBER);
90 return 0;
91 }
92 }
93 } else if (rl->version == TLS1_3_VERSION) {
94 /*
95 * In this case we know we are going to negotiate TLSv1.3, but we've
96 * had an HRR, so we haven't actually done so yet. In TLSv1.3 we
97 * must ignore the legacy record version in plaintext records.
98 */
99 } else if (rec->rec_version != rl->version) {
100 if ((rl->version & 0xFF00) == (rec->rec_version & 0xFF00)) {
101 if (rec->type == SSL3_RT_ALERT) {
102 /*
103 * The record is using an incorrect version number,
104 * but what we've got appears to be an alert. We
105 * haven't read the body yet to check whether its a
106 * fatal or not - but chances are it is. We probably
107 * shouldn't send a fatal alert back. We'll just
108 * end.
109 */
110 RLAYERfatal(rl, SSL_AD_NO_ALERT,
111 SSL_R_WRONG_VERSION_NUMBER);
112 return 0;
113 }
114 /* Send back error using their minor version number */
115 rl->version = (unsigned short)rec->rec_version;
116 }
117 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
118 SSL_R_WRONG_VERSION_NUMBER);
119 return 0;
120 }
121 }
122 if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) {
123 /*
124 * We use SSL_R_DATA_LENGTH_TOO_LONG instead of
125 * SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method
126 * and we know that we are dealing with plaintext data
127 */
128 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
129 return 0;
130 }
131 return 1;
132 }
133
tls_any_set_protocol_version(OSSL_RECORD_LAYER * rl,int vers)134 static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
135 {
136 if (rl->version != TLS_ANY_VERSION && rl->version != vers)
137 return 0;
138 rl->version = vers;
139
140 return 1;
141 }
142
tls_any_prepare_for_encryption(OSSL_RECORD_LAYER * rl,size_t mac_size,WPACKET * thispkt,TLS_RL_RECORD * thiswr)143 static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
144 size_t mac_size,
145 WPACKET *thispkt,
146 TLS_RL_RECORD *thiswr)
147 {
148 /* No encryption, so nothing to do */
149 return 1;
150 }
151
152 const struct record_functions_st tls_any_funcs = {
153 tls_any_set_crypto_state,
154 tls_any_cipher,
155 NULL,
156 tls_any_set_protocol_version,
157 tls_default_read_n,
158 tls_get_more_records,
159 tls_validate_record_header,
160 tls_default_post_process_record,
161 tls_get_max_records_default,
162 tls_write_records_default,
163 tls_allocate_write_buffers_default,
164 tls_initialise_write_packets_default,
165 NULL,
166 tls_prepare_record_header_default,
167 NULL,
168 tls_any_prepare_for_encryption,
169 tls_post_encryption_processing_default,
170 NULL
171 };
172
dtls_any_set_protocol_version(OSSL_RECORD_LAYER * rl,int vers)173 static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
174 {
175 if (rl->version != DTLS_ANY_VERSION && rl->version != vers)
176 return 0;
177 rl->version = vers;
178
179 return 1;
180 }
181
182 const struct record_functions_st dtls_any_funcs = {
183 tls_any_set_crypto_state,
184 tls_any_cipher,
185 NULL,
186 dtls_any_set_protocol_version,
187 tls_default_read_n,
188 dtls_get_more_records,
189 NULL,
190 NULL,
191 NULL,
192 tls_write_records_default,
193 tls_allocate_write_buffers_default,
194 tls_initialise_write_packets_default,
195 NULL,
196 dtls_prepare_record_header,
197 NULL,
198 tls_prepare_for_encryption_default,
199 dtls_post_encryption_processing,
200 NULL
201 };
202