1 /* 2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/evp.h> 11 #include "../../ssl_local.h" 12 #include "../record_local.h" 13 #include "recmethod_local.h" 14 15 #define MIN_SSL2_RECORD_LEN 9 16 17 static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level, 18 unsigned char *key, size_t keylen, 19 unsigned char *iv, size_t ivlen, 20 unsigned char *mackey, size_t mackeylen, 21 const EVP_CIPHER *ciph, 22 size_t taglen, 23 int mactype, 24 const EVP_MD *md, 25 COMP_METHOD *comp) 26 { 27 if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) { 28 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); 29 return OSSL_RECORD_RETURN_FATAL; 30 } 31 32 /* No crypto protection at the "NONE" level so nothing to be done */ 33 34 return OSSL_RECORD_RETURN_SUCCESS; 35 } 36 37 static int tls_any_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs, 38 size_t n_recs, int sending, SSL_MAC_BUF *macs, 39 size_t macsize) 40 { 41 return 1; 42 } 43 44 static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec) 45 { 46 if (rec->rec_version == SSL2_VERSION) { 47 /* SSLv2 format ClientHello */ 48 if (!ossl_assert(rl->version == TLS_ANY_VERSION)) { 49 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 50 return 0; 51 } 52 if (rec->length < MIN_SSL2_RECORD_LEN) { 53 RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT); 54 return 0; 55 } 56 } else { 57 if (rl->version == TLS_ANY_VERSION) { 58 if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) { 59 if (rl->is_first_record) { 60 unsigned char *p; 61 62 /* 63 * Go back to start of packet, look at the five bytes that 64 * we have. 65 */ 66 p = rl->packet; 67 if (HAS_PREFIX((char *)p, "GET ") || HAS_PREFIX((char *)p, "POST ") || HAS_PREFIX((char *)p, "HEAD ") || HAS_PREFIX((char *)p, "PATCH") || HAS_PREFIX((char *)p, "OPTIO") || HAS_PREFIX((char *)p, "DELET") || HAS_PREFIX((char *)p, "TRACE") || HAS_PREFIX((char *)p, "PUT ")) { 68 RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST); 69 return 0; 70 } else if (HAS_PREFIX((char *)p, "CONNE")) { 71 RLAYERfatal(rl, SSL_AD_NO_ALERT, 72 SSL_R_HTTPS_PROXY_REQUEST); 73 return 0; 74 } 75 76 /* Doesn't look like TLS - don't send an alert */ 77 RLAYERfatal(rl, SSL_AD_NO_ALERT, 78 SSL_R_WRONG_VERSION_NUMBER); 79 return 0; 80 } else { 81 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION, 82 SSL_R_WRONG_VERSION_NUMBER); 83 return 0; 84 } 85 } 86 } else if (rl->version == TLS1_3_VERSION) { 87 /* 88 * In this case we know we are going to negotiate TLSv1.3, but we've 89 * had an HRR, so we haven't actually done so yet. In TLSv1.3 we 90 * must ignore the legacy record version in plaintext records. 91 */ 92 } else if (rec->rec_version != rl->version) { 93 if ((rl->version & 0xFF00) == (rec->rec_version & 0xFF00)) { 94 if (rec->type == SSL3_RT_ALERT) { 95 /* 96 * The record is using an incorrect version number, 97 * but what we've got appears to be an alert. We 98 * haven't read the body yet to check whether its a 99 * fatal or not - but chances are it is. We probably 100 * shouldn't send a fatal alert back. We'll just 101 * end. 102 */ 103 RLAYERfatal(rl, SSL_AD_NO_ALERT, 104 SSL_R_WRONG_VERSION_NUMBER); 105 return 0; 106 } 107 /* Send back error using their minor version number */ 108 rl->version = (unsigned short)rec->rec_version; 109 } 110 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION, 111 SSL_R_WRONG_VERSION_NUMBER); 112 return 0; 113 } 114 } 115 if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) { 116 /* 117 * We use SSL_R_DATA_LENGTH_TOO_LONG instead of 118 * SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method 119 * and we know that we are dealing with plaintext data 120 */ 121 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); 122 return 0; 123 } 124 return 1; 125 } 126 127 static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers) 128 { 129 if (rl->version != TLS_ANY_VERSION && rl->version != vers) 130 return 0; 131 rl->version = vers; 132 133 return 1; 134 } 135 136 static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl, 137 size_t mac_size, 138 WPACKET *thispkt, 139 TLS_RL_RECORD *thiswr) 140 { 141 /* No encryption, so nothing to do */ 142 return 1; 143 } 144 145 const struct record_functions_st tls_any_funcs = { 146 tls_any_set_crypto_state, 147 tls_any_cipher, 148 NULL, 149 tls_any_set_protocol_version, 150 tls_default_read_n, 151 tls_get_more_records, 152 tls_validate_record_header, 153 tls_default_post_process_record, 154 tls_get_max_records_default, 155 tls_write_records_default, 156 tls_allocate_write_buffers_default, 157 tls_initialise_write_packets_default, 158 NULL, 159 tls_prepare_record_header_default, 160 NULL, 161 tls_any_prepare_for_encryption, 162 tls_post_encryption_processing_default, 163 NULL 164 }; 165 166 static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers) 167 { 168 if (rl->version != DTLS_ANY_VERSION && rl->version != vers) 169 return 0; 170 rl->version = vers; 171 172 return 1; 173 } 174 175 const struct record_functions_st dtls_any_funcs = { 176 tls_any_set_crypto_state, 177 tls_any_cipher, 178 NULL, 179 dtls_any_set_protocol_version, 180 tls_default_read_n, 181 dtls_get_more_records, 182 NULL, 183 NULL, 184 NULL, 185 tls_write_records_default, 186 tls_allocate_write_buffers_default, 187 tls_initialise_write_packets_default, 188 NULL, 189 dtls_prepare_record_header, 190 NULL, 191 tls_prepare_for_encryption_default, 192 dtls_post_encryption_processing, 193 NULL 194 }; 195