2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/evp.h>
11 #include "../../ssl_local.h"
12 #include "../record_local.h"
13 #include "recmethod_local.h"
15 static int tls_any_set_crypto_state(OSSL_RECORD_LAYER
*rl
, int level
,
16 unsigned char *key
, size_t keylen
,
17 unsigned char *iv
, size_t ivlen
,
18 unsigned char *mackey
, size_t mackeylen
,
19 const EVP_CIPHER
*ciph
,
21 /* TODO(RECLAYER): This probably should not be an int */
26 if (level
!= OSSL_RECORD_PROTECTION_LEVEL_NONE
) {
27 ERR_raise(ERR_LIB_SSL
, ERR_R_INTERNAL_ERROR
);
28 return OSSL_RECORD_RETURN_FATAL
;
31 /* No crypto protection at the "NONE" level so nothing to be done */
33 return OSSL_RECORD_RETURN_SUCCESS
;
36 static int tls_any_cipher(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*recs
,
37 size_t n_recs
, int sending
, SSL_MAC_BUF
*macs
,
43 static int tls_validate_record_header(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
)
45 if (rec
->rec_version
== SSL2_VERSION
) {
46 /* SSLv2 format ClientHello */
47 if (!ossl_assert(rl
->version
== TLS_ANY_VERSION
)) {
48 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
51 if (rec
->length
< MIN_SSL2_RECORD_LEN
) {
52 RLAYERfatal(rl
, SSL_AD_DECODE_ERROR
, SSL_R_LENGTH_TOO_SHORT
);
56 if (rl
->version
== TLS_ANY_VERSION
) {
57 if ((rec
->rec_version
>> 8) != SSL3_VERSION_MAJOR
) {
58 if (rl
->is_first_record
) {
62 * Go back to start of packet, look at the five bytes that
66 if (HAS_PREFIX((char *)p
, "GET ") ||
67 HAS_PREFIX((char *)p
, "POST ") ||
68 HAS_PREFIX((char *)p
, "HEAD ") ||
69 HAS_PREFIX((char *)p
, "PUT ")) {
70 RLAYERfatal(rl
, SSL_AD_NO_ALERT
, SSL_R_HTTP_REQUEST
);
72 } else if (HAS_PREFIX((char *)p
, "CONNE")) {
73 RLAYERfatal(rl
, SSL_AD_NO_ALERT
,
74 SSL_R_HTTPS_PROXY_REQUEST
);
78 /* Doesn't look like TLS - don't send an alert */
79 RLAYERfatal(rl
, SSL_AD_NO_ALERT
,
80 SSL_R_WRONG_VERSION_NUMBER
);
83 RLAYERfatal(rl
, SSL_AD_PROTOCOL_VERSION
,
84 SSL_R_WRONG_VERSION_NUMBER
);
88 } else if (rl
->version
== TLS1_3_VERSION
) {
90 * In this case we know we are going to negotiate TLSv1.3, but we've
91 * had an HRR, so we haven't actually done so yet. Nonetheless we
92 * still expect the record version to be TLSv1.2 as per a normal
95 if (rec
->rec_version
!= TLS1_2_VERSION
) {
96 RLAYERfatal(rl
, SSL_AD_PROTOCOL_VERSION
,
97 SSL_R_WRONG_VERSION_NUMBER
);
100 } else if (rec
->rec_version
!= rl
->version
) {
101 if ((rl
->version
& 0xFF00) == (rec
->rec_version
& 0xFF00)) {
102 if (rec
->type
== SSL3_RT_ALERT
) {
104 * The record is using an incorrect version number,
105 * but what we've got appears to be an alert. We
106 * haven't read the body yet to check whether its a
107 * fatal or not - but chances are it is. We probably
108 * shouldn't send a fatal alert back. We'll just
111 RLAYERfatal(rl
, SSL_AD_NO_ALERT
,
112 SSL_R_WRONG_VERSION_NUMBER
);
115 /* Send back error using their minor version number */
116 rl
->version
= (unsigned short)rec
->rec_version
;
118 RLAYERfatal(rl
, SSL_AD_PROTOCOL_VERSION
,
119 SSL_R_WRONG_VERSION_NUMBER
);
123 if (rec
->length
> SSL3_RT_MAX_PLAIN_LENGTH
) {
125 * We use SSL_R_DATA_LENGTH_TOO_LONG instead of
126 * SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method
127 * and we know that we are dealing with plaintext data
129 RLAYERfatal(rl
, SSL_AD_RECORD_OVERFLOW
, SSL_R_DATA_LENGTH_TOO_LONG
);
135 static int tls_any_set_protocol_version(OSSL_RECORD_LAYER
*rl
, int vers
)
137 if (rl
->version
!= TLS_ANY_VERSION
&& rl
->version
!= vers
)
144 struct record_functions_st tls_any_funcs
= {
145 tls_any_set_crypto_state
,
149 tls_any_set_protocol_version
,
150 tls_validate_record_header
,
151 tls_default_post_process_record