]>
Commit | Line | Data |
---|---|---|
50023e9b MC |
1 | /* |
2 | * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/evp.h> | |
11 | #include "../../ssl_local.h" | |
12 | #include "../record_local.h" | |
13 | #include "recmethod_local.h" | |
14 | ||
23c57f00 MC |
15 | #define MIN_SSL2_RECORD_LEN 9 |
16 | ||
50023e9b MC |
17 | static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level, |
18 | unsigned char *key, size_t keylen, | |
19 | unsigned char *iv, size_t ivlen, | |
20 | unsigned char *mackey, size_t mackeylen, | |
21 | const EVP_CIPHER *ciph, | |
22 | size_t taglen, | |
50023e9b MC |
23 | int mactype, |
24 | const EVP_MD *md, | |
1e76110b | 25 | COMP_METHOD *comp) |
50023e9b MC |
26 | { |
27 | if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) { | |
7c293999 MC |
28 | ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); |
29 | return OSSL_RECORD_RETURN_FATAL; | |
50023e9b MC |
30 | } |
31 | ||
32 | /* No crypto protection at the "NONE" level so nothing to be done */ | |
33 | ||
7c293999 | 34 | return OSSL_RECORD_RETURN_SUCCESS; |
50023e9b MC |
35 | } |
36 | ||
22094d11 | 37 | static int tls_any_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs, |
50023e9b | 38 | size_t n_recs, int sending, SSL_MAC_BUF *macs, |
8124ab56 | 39 | size_t macsize) |
50023e9b MC |
40 | { |
41 | return 1; | |
42 | } | |
43 | ||
22094d11 | 44 | static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec) |
1853d20a MC |
45 | { |
46 | if (rec->rec_version == SSL2_VERSION) { | |
47 | /* SSLv2 format ClientHello */ | |
48 | if (!ossl_assert(rl->version == TLS_ANY_VERSION)) { | |
49 | RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
50 | return 0; | |
51 | } | |
52 | if (rec->length < MIN_SSL2_RECORD_LEN) { | |
53 | RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT); | |
54 | return 0; | |
55 | } | |
56 | } else { | |
57 | if (rl->version == TLS_ANY_VERSION) { | |
58 | if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) { | |
59 | if (rl->is_first_record) { | |
60 | unsigned char *p; | |
61 | ||
62 | /* | |
63 | * Go back to start of packet, look at the five bytes that | |
64 | * we have. | |
65 | */ | |
66 | p = rl->packet; | |
67 | if (HAS_PREFIX((char *)p, "GET ") || | |
68 | HAS_PREFIX((char *)p, "POST ") || | |
69 | HAS_PREFIX((char *)p, "HEAD ") || | |
70 | HAS_PREFIX((char *)p, "PUT ")) { | |
71 | RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST); | |
72 | return 0; | |
73 | } else if (HAS_PREFIX((char *)p, "CONNE")) { | |
74 | RLAYERfatal(rl, SSL_AD_NO_ALERT, | |
75 | SSL_R_HTTPS_PROXY_REQUEST); | |
76 | return 0; | |
77 | } | |
78 | ||
79 | /* Doesn't look like TLS - don't send an alert */ | |
80 | RLAYERfatal(rl, SSL_AD_NO_ALERT, | |
81 | SSL_R_WRONG_VERSION_NUMBER); | |
82 | return 0; | |
83 | } else { | |
84 | RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION, | |
85 | SSL_R_WRONG_VERSION_NUMBER); | |
86 | return 0; | |
87 | } | |
88 | } | |
89 | } else if (rl->version == TLS1_3_VERSION) { | |
90 | /* | |
91 | * In this case we know we are going to negotiate TLSv1.3, but we've | |
20934288 MC |
92 | * had an HRR, so we haven't actually done so yet. In TLSv1.3 we |
93 | * must ignore the legacy record version in plaintext records. | |
1853d20a | 94 | */ |
1853d20a MC |
95 | } else if (rec->rec_version != rl->version) { |
96 | if ((rl->version & 0xFF00) == (rec->rec_version & 0xFF00)) { | |
97 | if (rec->type == SSL3_RT_ALERT) { | |
98 | /* | |
99 | * The record is using an incorrect version number, | |
100 | * but what we've got appears to be an alert. We | |
101 | * haven't read the body yet to check whether its a | |
102 | * fatal or not - but chances are it is. We probably | |
103 | * shouldn't send a fatal alert back. We'll just | |
104 | * end. | |
105 | */ | |
106 | RLAYERfatal(rl, SSL_AD_NO_ALERT, | |
107 | SSL_R_WRONG_VERSION_NUMBER); | |
108 | return 0; | |
109 | } | |
110 | /* Send back error using their minor version number */ | |
111 | rl->version = (unsigned short)rec->rec_version; | |
112 | } | |
113 | RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION, | |
114 | SSL_R_WRONG_VERSION_NUMBER); | |
115 | return 0; | |
116 | } | |
117 | } | |
118 | if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) { | |
119 | /* | |
120 | * We use SSL_R_DATA_LENGTH_TOO_LONG instead of | |
121 | * SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method | |
122 | * and we know that we are dealing with plaintext data | |
123 | */ | |
124 | RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); | |
125 | return 0; | |
126 | } | |
127 | return 1; | |
128 | } | |
129 | ||
130 | static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers) | |
131 | { | |
132 | if (rl->version != TLS_ANY_VERSION && rl->version != vers) | |
133 | return 0; | |
134 | rl->version = vers; | |
135 | ||
136 | return 1; | |
137 | } | |
138 | ||
757ef3ba MC |
139 | static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl, |
140 | size_t mac_size, | |
141 | WPACKET *thispkt, | |
22094d11 | 142 | TLS_RL_RECORD *thiswr) |
757ef3ba MC |
143 | { |
144 | /* No encryption, so nothing to do */ | |
145 | return 1; | |
146 | } | |
147 | ||
50023e9b MC |
148 | struct record_functions_st tls_any_funcs = { |
149 | tls_any_set_crypto_state, | |
150 | tls_any_cipher, | |
1853d20a MC |
151 | NULL, |
152 | tls_any_set_protocol_version, | |
bafe524b MC |
153 | tls_default_read_n, |
154 | tls_get_more_records, | |
1853d20a | 155 | tls_validate_record_header, |
bafe524b MC |
156 | tls_default_post_process_record, |
157 | tls_get_max_records_default, | |
91fe8ff0 MC |
158 | tls_write_records_default, |
159 | tls_allocate_write_buffers_default, | |
7ca61d63 | 160 | tls_initialise_write_packets_default, |
aca70ca8 | 161 | NULL, |
2582de25 | 162 | tls_prepare_record_header_default, |
757ef3ba | 163 | NULL, |
2a354d54 | 164 | tls_any_prepare_for_encryption, |
ace38195 MC |
165 | tls_post_encryption_processing_default, |
166 | NULL | |
50023e9b | 167 | }; |
222cf410 MC |
168 | |
169 | static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers) | |
170 | { | |
171 | if (rl->version != DTLS_ANY_VERSION && rl->version != vers) | |
172 | return 0; | |
173 | rl->version = vers; | |
174 | ||
175 | return 1; | |
176 | } | |
177 | ||
178 | struct record_functions_st dtls_any_funcs = { | |
179 | tls_any_set_crypto_state, | |
222cf410 MC |
180 | tls_any_cipher, |
181 | NULL, | |
182 | dtls_any_set_protocol_version, | |
bafe524b MC |
183 | tls_default_read_n, |
184 | dtls_get_more_records, | |
185 | NULL, | |
186 | NULL, | |
222cf410 | 187 | NULL, |
43dfa5a9 | 188 | tls_write_records_default, |
bf04cbfa | 189 | tls_allocate_write_buffers_default, |
248a9bf2 | 190 | tls_initialise_write_packets_default, |
aca70ca8 | 191 | NULL, |
b9e37f8f | 192 | dtls_prepare_record_header, |
2582de25 | 193 | NULL, |
b9e37f8f | 194 | tls_prepare_for_encryption_default, |
421386e3 | 195 | dtls_post_encryption_processing, |
222cf410 MC |
196 | NULL |
197 | }; |