From e2496982472bdf233be95c5ea72d1c4dc6c91db3 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Sun, 23 Apr 2023 13:43:47 +0000 Subject: This commit was manufactured by cvs2git to create tag 'tb_20230422'. --- src/lib/libssl/ssl_packet.c | 292 -------------------------------------------- 1 file changed, 292 deletions(-) delete mode 100644 src/lib/libssl/ssl_packet.c (limited to 'src/lib/libssl/ssl_packet.c') diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c deleted file mode 100644 index 70017b4664..0000000000 --- a/src/lib/libssl/ssl_packet.c +++ /dev/null @@ -1,292 +0,0 @@ -/* $OpenBSD: ssl_packet.c,v 1.15 2022/11/26 16:08:56 tb Exp $ */ -/* - * Copyright (c) 2016, 2017 Joel Sing - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "bytestring.h" -#include "ssl_local.h" - -static int -ssl_is_sslv2_client_hello(CBS *header) -{ - uint16_t record_length; - uint8_t message_type; - CBS cbs; - - CBS_dup(header, &cbs); - - if (!CBS_get_u16(&cbs, &record_length) || - !CBS_get_u8(&cbs, &message_type)) - return 0; - - /* - * The SSLv2 record length field uses variable length (2 or 3 byte) - * encoding. Given the size of a client hello, we expect/require the - * 2-byte form which is indicated by a one in the most significant bit. - */ - if ((record_length & 0x8000) == 0) - return 0; - if ((record_length & ~0x8000) < 3) - return 0; - if (message_type != SSL2_MT_CLIENT_HELLO) - return 0; - - return 1; -} - -static int -ssl_is_sslv3_handshake(CBS *header) -{ - uint16_t record_version; - uint8_t record_type; - CBS cbs; - - CBS_dup(header, &cbs); - - if (!CBS_get_u8(&cbs, &record_type) || - !CBS_get_u16(&cbs, &record_version)) - return 0; - - if (record_type != SSL3_RT_HANDSHAKE) - return 0; - if ((record_version >> 8) != SSL3_VERSION_MAJOR) - return 0; - - return 1; -} - -static int -ssl_convert_sslv2_client_hello(SSL *s) -{ - CBB cbb, handshake, client_hello, cipher_suites, compression, session_id; - CBS cbs, challenge, cipher_specs, session; - uint16_t record_length, client_version, cipher_specs_length; - uint16_t session_id_length, challenge_length; - unsigned char *client_random = NULL, *data = NULL; - size_t data_len, pad_len, len; - uint32_t cipher_spec; - uint8_t message_type; - unsigned char *pad; - int ret = -1; - int n; - - memset(&cbb, 0, sizeof(cbb)); - - CBS_init(&cbs, s->packet, SSL3_RT_HEADER_LENGTH); - - if (!CBS_get_u16(&cbs, &record_length) || - !CBS_get_u8(&cbs, &message_type) || - !CBS_get_u16(&cbs, &client_version)) - return -1; - - /* - * The SSLv2 record length field uses variable length (2 or 3 byte) - * encoding. Given the size of a client hello, we expect/require the - * 2-byte form which is indicated by a one in the most significant bit. - * Also note that the record length value does not include the bytes - * used for the record length field. - */ - if ((record_length & 0x8000) == 0) - return -1; - record_length &= ~0x8000; - if (record_length < SSL3_RT_HEADER_LENGTH - 2) - return -1; - if (message_type != SSL2_MT_CLIENT_HELLO) - return -1; - - if (record_length < 9) { - SSLerror(s, SSL_R_RECORD_LENGTH_MISMATCH); - return -1; - } - if (record_length > 4096) { - SSLerror(s, SSL_R_RECORD_TOO_LARGE); - return -1; - } - - n = ssl3_packet_extend(s, record_length + 2); - if (n != record_length + 2) - return n; - - tls1_transcript_record(s, s->packet + 2, - s->packet_length - 2); - s->mac_packet = 0; - - if (s->msg_callback) - s->msg_callback(0, SSL2_VERSION, 0, - s->packet + 2, s->packet_length - 2, s, - s->msg_callback_arg); - - /* Decode the SSLv2 record containing the client hello. */ - CBS_init(&cbs, s->packet, s->packet_length); - - if (!CBS_get_u16(&cbs, &record_length)) - return -1; - if (!CBS_get_u8(&cbs, &message_type)) - return -1; - if (!CBS_get_u16(&cbs, &client_version)) - return -1; - if (!CBS_get_u16(&cbs, &cipher_specs_length)) - return -1; - if (!CBS_get_u16(&cbs, &session_id_length)) - return -1; - if (!CBS_get_u16(&cbs, &challenge_length)) - return -1; - if (!CBS_get_bytes(&cbs, &cipher_specs, cipher_specs_length)) - return -1; - if (!CBS_get_bytes(&cbs, &session, session_id_length)) - return -1; - if (!CBS_get_bytes(&cbs, &challenge, challenge_length)) - return -1; - if (CBS_len(&cbs) != 0) { - SSLerror(s, SSL_R_RECORD_LENGTH_MISMATCH); - return -1; - } - - /* - * Convert SSLv2 challenge to SSLv3/TLS client random, by truncating or - * left-padding with zero bytes. - */ - if ((client_random = malloc(SSL3_RANDOM_SIZE)) == NULL) - goto err; - if (!CBB_init_fixed(&cbb, client_random, SSL3_RANDOM_SIZE)) - goto err; - if ((len = CBS_len(&challenge)) > SSL3_RANDOM_SIZE) - len = SSL3_RANDOM_SIZE; - pad_len = SSL3_RANDOM_SIZE - len; - if (!CBB_add_space(&cbb, &pad, pad_len)) - goto err; - memset(pad, 0, pad_len); - if (!CBB_add_bytes(&cbb, CBS_data(&challenge), len)) - goto err; - if (!CBB_finish(&cbb, NULL, NULL)) - goto err; - - /* Build SSLv3/TLS record with client hello. */ - if (!CBB_init(&cbb, SSL3_RT_MAX_PLAIN_LENGTH)) - goto err; - if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE)) - goto err; - if (!CBB_add_u16(&cbb, 0x0301)) - goto err; - if (!CBB_add_u16_length_prefixed(&cbb, &handshake)) - goto err; - if (!CBB_add_u8(&handshake, SSL3_MT_CLIENT_HELLO)) - goto err; - if (!CBB_add_u24_length_prefixed(&handshake, &client_hello)) - goto err; - if (!CBB_add_u16(&client_hello, client_version)) - goto err; - if (!CBB_add_bytes(&client_hello, client_random, SSL3_RANDOM_SIZE)) - goto err; - if (!CBB_add_u8_length_prefixed(&client_hello, &session_id)) - goto err; - if (!CBB_add_u16_length_prefixed(&client_hello, &cipher_suites)) - goto err; - while (CBS_len(&cipher_specs) > 0) { - if (!CBS_get_u24(&cipher_specs, &cipher_spec)) - goto err; - if ((cipher_spec & 0xff0000) != 0) - continue; - if (!CBB_add_u16(&cipher_suites, cipher_spec & 0xffff)) - goto err; - } - if (!CBB_add_u8_length_prefixed(&client_hello, &compression)) - goto err; - if (!CBB_add_u8(&compression, 0)) - goto err; - if (!CBB_finish(&cbb, &data, &data_len)) - goto err; - - if (data_len > s->s3->rbuf.len) - goto err; - - s->packet = s->s3->rbuf.buf; - s->packet_length = data_len; - memcpy(s->packet, data, data_len); - ret = 1; - - err: - CBB_cleanup(&cbb); - free(client_random); - free(data); - - return (ret); -} - -/* - * Potentially do legacy processing on the first packet received by a TLS - * server. We return 1 if we want SSLv3/TLS record processing to continue - * normally, otherwise we must set an SSLerr and return -1. - */ -int -ssl_server_legacy_first_packet(SSL *s) -{ - uint16_t min_version; - const char *data; - CBS header; - - if (SSL_is_dtls(s)) - return 1; - - CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH); - - if (ssl_is_sslv3_handshake(&header) == 1) - return 1; - - /* Only continue if this is not a version locked method. */ - if (s->method->min_tls_version == s->method->max_tls_version) - return 1; - - if (ssl_is_sslv2_client_hello(&header) == 1) { - /* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */ - if (ssl_enabled_tls_version_range(s, &min_version, NULL) != 1) { - SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); - return -1; - } - if (min_version > TLS1_VERSION) - return 1; - - if (ssl_convert_sslv2_client_hello(s) != 1) { - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - return -1; - } - - return 1; - } - - /* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */ - if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return -1; - } - data = (const char *)CBS_data(&header); - - /* Is this a cleartext protocol? */ - if (strncmp("GET ", data, 4) == 0 || - strncmp("POST ", data, 5) == 0 || - strncmp("HEAD ", data, 5) == 0 || - strncmp("PUT ", data, 4) == 0) { - SSLerror(s, SSL_R_HTTP_REQUEST); - return -1; - } - if (strncmp("CONNE", data, 5) == 0) { - SSLerror(s, SSL_R_HTTPS_PROXY_REQUEST); - return -1; - } - - SSLerror(s, SSL_R_UNKNOWN_PROTOCOL); - - return -1; -} -- cgit v1.2.3-55-g6feb