xref: /src/crypto/openssl/ssl/record/methods/tlsany_meth.c (revision f25b8c9fb4f58cf61adb47d7570abe7caa6d385d) 
1 /*
2  * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <openssl/evp.h>
11 #include "../../ssl_local.h"
12 #include "../record_local.h"
13 #include "recmethod_local.h"
14 
15 #define MIN_SSL2_RECORD_LEN 9
16 
tls_any_set_crypto_state(OSSL_RECORD_LAYER * rl,int level,unsigned char * key,size_t keylen,unsigned char * iv,size_t ivlen,unsigned char * mackey,size_t mackeylen,const EVP_CIPHER * ciph,size_t taglen,int mactype,const EVP_MD * md,COMP_METHOD * comp)17 static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
18     unsigned char *key, size_t keylen,
19     unsigned char *iv, size_t ivlen,
20     unsigned char *mackey, size_t mackeylen,
21     const EVP_CIPHER *ciph,
22     size_t taglen,
23     int mactype,
24     const EVP_MD *md,
25     COMP_METHOD *comp)
26 {
27     if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
28         ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
29         return OSSL_RECORD_RETURN_FATAL;
30     }
31 
32     /* No crypto protection at the "NONE" level so nothing to be done */
33 
34     return OSSL_RECORD_RETURN_SUCCESS;
35 }
36 
tls_any_cipher(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * recs,size_t n_recs,int sending,SSL_MAC_BUF * macs,size_t macsize)37 static int tls_any_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
38     size_t n_recs, int sending, SSL_MAC_BUF *macs,
39     size_t macsize)
40 {
41     return 1;
42 }
43 
tls_validate_record_header(OSSL_RECORD_LAYER * rl,TLS_RL_RECORD * rec)44 static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
45 {
46     if (rec->rec_version == SSL2_VERSION) {
47         /* SSLv2 format ClientHello */
48         if (!ossl_assert(rl->version == TLS_ANY_VERSION)) {
49             RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
50             return 0;
51         }
52         if (rec->length < MIN_SSL2_RECORD_LEN) {
53             RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT);
54             return 0;
55         }
56     } else {
57         if (rl->version == TLS_ANY_VERSION) {
58             if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) {
59                 if (rl->is_first_record) {
60                     unsigned char *p;
61 
62                     /*
63                      * Go back to start of packet, look at the five bytes that
64                      * we have.
65                      */
66                     p = rl->packet;
67                     if (HAS_PREFIX((char *)p, "GET ") || HAS_PREFIX((char *)p, "POST ") || HAS_PREFIX((char *)p, "HEAD ") || HAS_PREFIX((char *)p, "PATCH") || HAS_PREFIX((char *)p, "OPTIO") || HAS_PREFIX((char *)p, "DELET") || HAS_PREFIX((char *)p, "TRACE") || HAS_PREFIX((char *)p, "PUT ")) {
68                         RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
69                         return 0;
70                     } else if (HAS_PREFIX((char *)p, "CONNE")) {
71                         RLAYERfatal(rl, SSL_AD_NO_ALERT,
72                             SSL_R_HTTPS_PROXY_REQUEST);
73                         return 0;
74                     }
75 
76                     /* Doesn't look like TLS - don't send an alert */
77                     RLAYERfatal(rl, SSL_AD_NO_ALERT,
78                         SSL_R_WRONG_VERSION_NUMBER);
79                     return 0;
80                 } else {
81                     RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
82                         SSL_R_WRONG_VERSION_NUMBER);
83                     return 0;
84                 }
85             }
86         } else if (rl->version == TLS1_3_VERSION) {
87             /*
88              * In this case we know we are going to negotiate TLSv1.3, but we've
89              * had an HRR, so we haven't actually done so yet. In TLSv1.3 we
90              * must ignore the legacy record version in plaintext records.
91              */
92         } else if (rec->rec_version != rl->version) {
93             if ((rl->version & 0xFF00) == (rec->rec_version & 0xFF00)) {
94                 if (rec->type == SSL3_RT_ALERT) {
95                     /*
96                      * The record is using an incorrect version number,
97                      * but what we've got appears to be an alert. We
98                      * haven't read the body yet to check whether its a
99                      * fatal or not - but chances are it is. We probably
100                      * shouldn't send a fatal alert back. We'll just
101                      * end.
102                      */
103                     RLAYERfatal(rl, SSL_AD_NO_ALERT,
104                         SSL_R_WRONG_VERSION_NUMBER);
105                     return 0;
106                 }
107                 /* Send back error using their minor version number */
108                 rl->version = (unsigned short)rec->rec_version;
109             }
110             RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
111                 SSL_R_WRONG_VERSION_NUMBER);
112             return 0;
113         }
114     }
115     if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) {
116         /*
117          * We use SSL_R_DATA_LENGTH_TOO_LONG instead of
118          * SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method
119          * and we know that we are dealing with plaintext data
120          */
121         RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
122         return 0;
123     }
124     return 1;
125 }
126 
tls_any_set_protocol_version(OSSL_RECORD_LAYER * rl,int vers)127 static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
128 {
129     if (rl->version != TLS_ANY_VERSION && rl->version != vers)
130         return 0;
131     rl->version = vers;
132 
133     return 1;
134 }
135 
tls_any_prepare_for_encryption(OSSL_RECORD_LAYER * rl,size_t mac_size,WPACKET * thispkt,TLS_RL_RECORD * thiswr)136 static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
137     size_t mac_size,
138     WPACKET *thispkt,
139     TLS_RL_RECORD *thiswr)
140 {
141     /* No encryption, so nothing to do */
142     return 1;
143 }
144 
145 const struct record_functions_st tls_any_funcs = {
146     tls_any_set_crypto_state,
147     tls_any_cipher,
148     NULL,
149     tls_any_set_protocol_version,
150     tls_default_read_n,
151     tls_get_more_records,
152     tls_validate_record_header,
153     tls_default_post_process_record,
154     tls_get_max_records_default,
155     tls_write_records_default,
156     tls_allocate_write_buffers_default,
157     tls_initialise_write_packets_default,
158     NULL,
159     tls_prepare_record_header_default,
160     NULL,
161     tls_any_prepare_for_encryption,
162     tls_post_encryption_processing_default,
163     NULL
164 };
165 
dtls_any_set_protocol_version(OSSL_RECORD_LAYER * rl,int vers)166 static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
167 {
168     if (rl->version != DTLS_ANY_VERSION && rl->version != vers)
169         return 0;
170     rl->version = vers;
171 
172     return 1;
173 }
174 
175 const struct record_functions_st dtls_any_funcs = {
176     tls_any_set_crypto_state,
177     tls_any_cipher,
178     NULL,
179     dtls_any_set_protocol_version,
180     tls_default_read_n,
181     dtls_get_more_records,
182     NULL,
183     NULL,
184     NULL,
185     tls_write_records_default,
186     tls_allocate_write_buffers_default,
187     tls_initialise_write_packets_default,
188     NULL,
189     dtls_prepare_record_header,
190     NULL,
191     tls_prepare_for_encryption_default,
192     dtls_post_encryption_processing,
193     NULL
194 };
195