[thirdparty/openssl.git] / ssl / record / methods / tlsany_meth.c

/*
 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/evp.h>
#include "../../ssl_local.h"
#include "../record_local.h"
#include "recmethod_local.h"

#define MIN_SSL2_RECORD_LEN     9

static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
                                    unsigned char *key, size_t keylen,
                                    unsigned char *iv, size_t ivlen,
                                    unsigned char *mackey, size_t mackeylen,
                                    const EVP_CIPHER *ciph,
                                    size_t taglen,
                                    int mactype,
                                    const EVP_MD *md,
                                    COMP_METHOD *comp)
{
    if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
        ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
        return OSSL_RECORD_RETURN_FATAL;
    }

    /* No crypto protection at the "NONE" level so nothing to be done */

    return OSSL_RECORD_RETURN_SUCCESS;
}

static int tls_any_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
                          size_t n_recs, int sending, SSL_MAC_BUF *macs,
                          size_t macsize)
{
    return 1;
}

static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
{
    if (rec->rec_version == SSL2_VERSION) {
        /* SSLv2 format ClientHello */
        if (!ossl_assert(rl->version == TLS_ANY_VERSION)) {
            RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
            return 0;
        }
        if (rec->length < MIN_SSL2_RECORD_LEN) {
            RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT);
            return 0;
        }
    } else {
        if (rl->version == TLS_ANY_VERSION) {
            if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) {
                if (rl->is_first_record) {
                    unsigned char *p;

                    /*
                     * Go back to start of packet, look at the five bytes that
                     * we have.
                     */
                    p = rl->packet;
                    if (HAS_PREFIX((char *)p, "GET ") ||
                        HAS_PREFIX((char *)p, "POST ") ||
                        HAS_PREFIX((char *)p, "HEAD ") ||
                        HAS_PREFIX((char *)p, "PUT ")) {
                        RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
                        return 0;
                    } else if (HAS_PREFIX((char *)p, "CONNE")) {
                        RLAYERfatal(rl, SSL_AD_NO_ALERT,
                                    SSL_R_HTTPS_PROXY_REQUEST);
                        return 0;
                    }

                    /* Doesn't look like TLS - don't send an alert */
                    RLAYERfatal(rl, SSL_AD_NO_ALERT,
                                SSL_R_WRONG_VERSION_NUMBER);
                    return 0;
                } else {
                    RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
                                SSL_R_WRONG_VERSION_NUMBER);
                    return 0;
                }
            }
        } else if (rl->version == TLS1_3_VERSION) {
            /*
             * In this case we know we are going to negotiate TLSv1.3, but we've
             * had an HRR, so we haven't actually done so yet. In TLSv1.3 we
             * must ignore the legacy record version in plaintext records.
             */
        } else if (rec->rec_version != rl->version) {
            if ((rl->version & 0xFF00) == (rec->rec_version & 0xFF00)) {
                if (rec->type == SSL3_RT_ALERT) {
                    /*
                     * The record is using an incorrect version number,
                     * but what we've got appears to be an alert. We
                     * haven't read the body yet to check whether its a
                     * fatal or not - but chances are it is. We probably
                     * shouldn't send a fatal alert back. We'll just
                     * end.
                     */
                    RLAYERfatal(rl, SSL_AD_NO_ALERT,
                                SSL_R_WRONG_VERSION_NUMBER);
                    return 0;
                }
                /* Send back error using their minor version number */
                rl->version = (unsigned short)rec->rec_version;
            }
            RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
                        SSL_R_WRONG_VERSION_NUMBER);
            return 0;
        }
    }
    if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) {
        /*
         * We use SSL_R_DATA_LENGTH_TOO_LONG instead of
         * SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method
         * and we know that we are dealing with plaintext data
         */
        RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
        return 0;
    }
    return 1;
}

static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
{
    if (rl->version != TLS_ANY_VERSION && rl->version != vers)
        return 0;
    rl->version = vers;

    return 1;
}

static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
                                          size_t mac_size,
                                          WPACKET *thispkt,
                                          TLS_RL_RECORD *thiswr)
{
    /* No encryption, so nothing to do */
    return 1;
}

struct record_functions_st tls_any_funcs = {
    tls_any_set_crypto_state,
    tls_any_cipher,
    NULL,
    tls_any_set_protocol_version,
    tls_default_read_n,
    tls_get_more_records,
    tls_validate_record_header,
    tls_default_post_process_record,
    tls_get_max_records_default,
    tls_write_records_default,
    tls_allocate_write_buffers_default,
    tls_initialise_write_packets_default,
    NULL,
    tls_prepare_record_header_default,
    NULL,
    tls_any_prepare_for_encryption,
    tls_post_encryption_processing_default,
    NULL
};

static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
{
    if (rl->version != DTLS_ANY_VERSION && rl->version != vers)
        return 0;
    rl->version = vers;

    return 1;
}

struct record_functions_st dtls_any_funcs = {
    tls_any_set_crypto_state,
    tls_any_cipher,
    NULL,
    dtls_any_set_protocol_version,
    tls_default_read_n,
    dtls_get_more_records,
    NULL,
    NULL,
    NULL,
    tls_write_records_default,
    tls_allocate_write_buffers_default,
    tls_initialise_write_packets_default,
    NULL,
    dtls_prepare_record_header,
    NULL,
    tls_prepare_for_encryption_default,
    dtls_post_encryption_processing,
    NULL
};
Commit	Line	Data
50023e9b MC	1	/*
	2	* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/evp.h>
	11	#include "../../ssl_local.h"
	12	#include "../record_local.h"
	13	#include "recmethod_local.h"
	14
23c57f00 MC	15	#define MIN_SSL2_RECORD_LEN 9
23c57f00 MC	16
50023e9b MC	17	static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
	18	unsigned char *key, size_t keylen,
	19	unsigned char *iv, size_t ivlen,
	20	unsigned char *mackey, size_t mackeylen,
	21	const EVP_CIPHER *ciph,
	22	size_t taglen,
50023e9b MC	23	int mactype,
50023e9b MC	24	const EVP_MD *md,
1e76110b	25	COMP_METHOD *comp)
50023e9b MC	26	{
50023e9b MC	27	if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
7c293999 MC	28	ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
7c293999 MC	29	return OSSL_RECORD_RETURN_FATAL;
50023e9b MC	30	}
	31
	32	/* No crypto protection at the "NONE" level so nothing to be done */
	33
7c293999	34	return OSSL_RECORD_RETURN_SUCCESS;
50023e9b MC	35	}
50023e9b MC	36
22094d11	37	static int tls_any_cipher(OSSL_RECORD_LAYER rl, TLS_RL_RECORD recs,
50023e9b	38	size_t n_recs, int sending, SSL_MAC_BUF *macs,
8124ab56	39	size_t macsize)
50023e9b MC	40	{
	41	return 1;
	42	}
	43
22094d11	44	static int tls_validate_record_header(OSSL_RECORD_LAYER rl, TLS_RL_RECORD rec)
1853d20a MC	45	{
	46	if (rec->rec_version == SSL2_VERSION) {
	47	/* SSLv2 format ClientHello */
	48	if (!ossl_assert(rl->version == TLS_ANY_VERSION)) {
	49	RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
	50	return 0;
	51	}
	52	if (rec->length < MIN_SSL2_RECORD_LEN) {
	53	RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT);
	54	return 0;
	55	}
	56	} else {
	57	if (rl->version == TLS_ANY_VERSION) {
	58	if ((rec->rec_version >> 8) != SSL3_VERSION_MAJOR) {
	59	if (rl->is_first_record) {
	60	unsigned char *p;
	61
	62	/*
	63	* Go back to start of packet, look at the five bytes that
	64	* we have.
	65	*/
	66	p = rl->packet;
	67	if (HAS_PREFIX((char *)p, "GET ") \|\|
	68	HAS_PREFIX((char *)p, "POST ") \|\|
	69	HAS_PREFIX((char *)p, "HEAD ") \|\|
	70	HAS_PREFIX((char *)p, "PUT ")) {
	71	RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
	72	return 0;
	73	} else if (HAS_PREFIX((char *)p, "CONNE")) {
	74	RLAYERfatal(rl, SSL_AD_NO_ALERT,
	75	SSL_R_HTTPS_PROXY_REQUEST);
	76	return 0;
	77	}
	78
	79	/* Doesn't look like TLS - don't send an alert */
	80	RLAYERfatal(rl, SSL_AD_NO_ALERT,
	81	SSL_R_WRONG_VERSION_NUMBER);
	82	return 0;
	83	} else {
	84	RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
	85	SSL_R_WRONG_VERSION_NUMBER);
	86	return 0;
	87	}
	88	}
	89	} else if (rl->version == TLS1_3_VERSION) {
	90	/*
	91	* In this case we know we are going to negotiate TLSv1.3, but we've
20934288 MC	92	* had an HRR, so we haven't actually done so yet. In TLSv1.3 we
20934288 MC	93	* must ignore the legacy record version in plaintext records.
1853d20a	94	*/
1853d20a MC	95	} else if (rec->rec_version != rl->version) {
	96	if ((rl->version & 0xFF00) == (rec->rec_version & 0xFF00)) {
	97	if (rec->type == SSL3_RT_ALERT) {
	98	/*
	99	* The record is using an incorrect version number,
	100	* but what we've got appears to be an alert. We
	101	* haven't read the body yet to check whether its a
	102	* fatal or not - but chances are it is. We probably
	103	* shouldn't send a fatal alert back. We'll just
	104	* end.
	105	*/
	106	RLAYERfatal(rl, SSL_AD_NO_ALERT,
	107	SSL_R_WRONG_VERSION_NUMBER);
	108	return 0;
	109	}
	110	/* Send back error using their minor version number */
	111	rl->version = (unsigned short)rec->rec_version;
	112	}
	113	RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
	114	SSL_R_WRONG_VERSION_NUMBER);
	115	return 0;
	116	}
	117	}
	118	if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) {
	119	/*
	120	* We use SSL_R_DATA_LENGTH_TOO_LONG instead of
	121	* SSL_R_ENCRYPTED_LENGTH_TOO_LONG here because we are the "any" method
	122	* and we know that we are dealing with plaintext data
	123	*/
	124	RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
	125	return 0;
	126	}
	127	return 1;
	128	}
	129
	130	static int tls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
	131	{
	132	if (rl->version != TLS_ANY_VERSION && rl->version != vers)
	133	return 0;
	134	rl->version = vers;
	135
	136	return 1;
	137	}
	138
757ef3ba MC	139	static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
	140	size_t mac_size,
	141	WPACKET *thispkt,
22094d11	142	TLS_RL_RECORD *thiswr)
757ef3ba MC	143	{
	144	/* No encryption, so nothing to do */
	145	return 1;
	146	}
	147
50023e9b MC	148	struct record_functions_st tls_any_funcs = {
	149	tls_any_set_crypto_state,
	150	tls_any_cipher,
1853d20a MC	151	NULL,
1853d20a MC	152	tls_any_set_protocol_version,
bafe524b MC	153	tls_default_read_n,
bafe524b MC	154	tls_get_more_records,
1853d20a	155	tls_validate_record_header,
bafe524b MC	156	tls_default_post_process_record,
bafe524b MC	157	tls_get_max_records_default,
91fe8ff0 MC	158	tls_write_records_default,
91fe8ff0 MC	159	tls_allocate_write_buffers_default,
7ca61d63	160	tls_initialise_write_packets_default,
aca70ca8	161	NULL,
2582de25	162	tls_prepare_record_header_default,
757ef3ba	163	NULL,
2a354d54	164	tls_any_prepare_for_encryption,
ace38195 MC	165	tls_post_encryption_processing_default,
ace38195 MC	166	NULL
50023e9b	167	};
222cf410 MC	168
	169	static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
	170	{
	171	if (rl->version != DTLS_ANY_VERSION && rl->version != vers)
	172	return 0;
	173	rl->version = vers;
	174
	175	return 1;
	176	}
	177
	178	struct record_functions_st dtls_any_funcs = {
	179	tls_any_set_crypto_state,
222cf410 MC	180	tls_any_cipher,
	181	NULL,
	182	dtls_any_set_protocol_version,
bafe524b MC	183	tls_default_read_n,
	184	dtls_get_more_records,
	185	NULL,
	186	NULL,
222cf410	187	NULL,
43dfa5a9	188	tls_write_records_default,
bf04cbfa	189	tls_allocate_write_buffers_default,
248a9bf2	190	tls_initialise_write_packets_default,
aca70ca8	191	NULL,
b9e37f8f	192	dtls_prepare_record_header,
2582de25	193	NULL,
b9e37f8f	194	tls_prepare_for_encryption_default,
421386e3	195	dtls_post_encryption_processing,
222cf410 MC	196	NULL
222cf410 MC	197	};