suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 
30 #include "app-layer.h"
31 #include "app-layer-detect-proto.h"
32 #include "app-layer-protos.h"
33 #include "app-layer-parser.h"
34 #include "app-layer-frames.h"
35 #include "app-layer-events.h"
36 #include "app-layer-ssl.h"
37 
38 #include "conf.h"
39 
40 #include "feature.h"
41 
42 #include "util-debug.h"
43 #include "util-ja3.h"
44 #include "util-enum.h"
45 #include "util-validate.h"
46 
47 static SCEnumCharMap tls_state_client_table[] = {
48  {
49  "client_in_progress",
50  TLS_STATE_CLIENT_IN_PROGRESS,
51  },
52  {
53  "client_hello_done",
54  TLS_STATE_CLIENT_HELLO_DONE,
55  },
56  {
57  "client_cert_done",
58  TLS_STATE_CLIENT_CERT_DONE,
59  },
60  {
61  "client_handshake_done",
62  TLS_STATE_CLIENT_HANDSHAKE_DONE,
63  },
64  {
65  "client_finished",
66  TLS_STATE_CLIENT_FINISHED,
67  },
68  { NULL, -1 },
69 };
70 
71 static SCEnumCharMap tls_state_server_table[] = {
72  {
73  "server_in_progress",
74  TLS_STATE_SERVER_IN_PROGRESS,
75  },
76  {
77  "server_hello",
78  TLS_STATE_SERVER_HELLO,
79  },
80  {
81  "server_cert_done",
82  TLS_STATE_SERVER_CERT_DONE,
83  },
84  {
85  "server_hello_done",
86  TLS_STATE_SERVER_HELLO_DONE,
87  },
88  {
89  "server_handshake_done",
90  TLS_STATE_SERVER_HANDSHAKE_DONE,
91  },
92  {
93  "server_finished",
94  TLS_STATE_SERVER_FINISHED,
95  },
96  { NULL, -1 },
97 };
98 
99 SCEnumCharMap tls_frame_table[] = {
100  {
101  "pdu",
102  TLS_FRAME_PDU,
103  },
104  {
105  "hdr",
106  TLS_FRAME_HDR,
107  },
108  {
109  "data",
110  TLS_FRAME_DATA,
111  },
112  {
113  "alert",
114  TLS_FRAME_ALERT_DATA,
115  },
116  {
117  "heartbeat",
118  TLS_FRAME_HB_DATA,
119  },
120  {
121  "ssl2.hdr",
122  TLS_FRAME_SSLV2_HDR,
123  },
124  {
125  "ssl2.pdu",
126  TLS_FRAME_SSLV2_PDU,
127  },
128  { NULL, -1 },
129 };
130 
131 SCEnumCharMap tls_decoder_event_table[] = {
132  /* TLS protocol messages */
133  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
134  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
135  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
136  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
137  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
138  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
139  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
140  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
141  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
142  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
143  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
144  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
145  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
146  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
147  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
148  { "INVALID_ALERT_MESSAGE", TLS_DECODER_EVENT_INVALID_ALERT },
149  /* certificate decoding messages */
150  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
151  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
152  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
153  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
154  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
155  TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
156  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
157  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
158  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
159  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
160  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
161  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
162  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
163  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
164  /* used as a generic error event */
165  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
166  { NULL, -1 },
167 };
168 
169 enum {
170  /* X.509 error codes, returned by decoder
171  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
172  ERR_INVALID_CERTIFICATE=1,
173  ERR_INVALID_LENGTH,
174  ERR_INVALID_VERSION,
175  ERR_INVALID_SERIAL,
176  ERR_INVALID_ALGORITHMIDENTIFIER,
177  ERR_INVALID_X509NAME,
178  ERR_INVALID_DATE,
179  ERR_INVALID_EXTENSIONS,
180  ERR_INVALID_DER,
181 
182  /* error getting data */
183  ERR_EXTRACT_SUBJECT,
184  ERR_EXTRACT_ISSUER,
185  ERR_EXTRACT_VALIDITY,
186 };
187 
188 /* JA3 and JA4 fingerprints are disabled by default */
189 #define SSL_CONFIG_DEFAULT_JA3 0
190 #ifdef HAVE_JA4
191 #define SSL_CONFIG_DEFAULT_JA4 0
192 #endif
193 
194 enum SslConfigEncryptHandling {
195  SSL_CNF_ENC_HANDLE_TRACK_ONLY = 0, /**< disable raw content, continue tracking */
196  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
197  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
198 };
199 
200 typedef struct SslConfig_ {
201  enum SslConfigEncryptHandling encrypt_mode;
202  /** dynamic setting for ja3 and ja4: can be enabled on demand if not
203  * explicitly disabled. */
204  SC_ATOMIC_DECLARE(int, enable_ja3);
205  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
206  SC_ATOMIC_DECLARE(int, enable_ja4);
207  bool disable_ja4; /**< ja4 explicitly disabled. Don't enable on demand. */
208 } SslConfig;
209 
210 SslConfig ssl_config;
211 
212 /* SSLv3 record types */
213 #define SSLV3_CHANGE_CIPHER_SPEC 20
214 #define SSLV3_ALERT_PROTOCOL 21
215 #define SSLV3_HANDSHAKE_PROTOCOL 22
216 #define SSLV3_APPLICATION_PROTOCOL 23
217 #define SSLV3_HEARTBEAT_PROTOCOL 24
218 
219 /* SSLv3 handshake protocol types */
220 #define SSLV3_HS_HELLO_REQUEST 0
221 #define SSLV3_HS_CLIENT_HELLO 1
222 #define SSLV3_HS_SERVER_HELLO 2
223 #define SSLV3_HS_NEW_SESSION_TICKET 4
224 #define SSLV3_HS_CERTIFICATE 11
225 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
226 #define SSLV3_HS_CERTIFICATE_REQUEST 13
227 #define SSLV3_HS_SERVER_HELLO_DONE 14
228 #define SSLV3_HS_CERTIFICATE_VERIFY 15
229 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
230 #define SSLV3_HS_FINISHED 20
231 #define SSLV3_HS_CERTIFICATE_URL 21
232 #define SSLV3_HS_CERTIFICATE_STATUS 22
233 
234 /* SSLv2 protocol message types */
235 #define SSLV2_MT_ERROR 0
236 #define SSLV2_MT_CLIENT_HELLO 1
237 #define SSLV2_MT_CLIENT_MASTER_KEY 2
238 #define SSLV2_MT_CLIENT_FINISHED 3
239 #define SSLV2_MT_SERVER_HELLO 4
240 #define SSLV2_MT_SERVER_VERIFY 5
241 #define SSLV2_MT_SERVER_FINISHED 6
242 #define SSLV2_MT_REQUEST_CERTIFICATE 7
243 #define SSLV2_MT_CLIENT_CERTIFICATE 8
244 
245 #define SSLV3_RECORD_HDR_LEN 5
246 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
247 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
248 
249 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
250 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
251 
252 /* TLS heartbeat protocol types */
253 #define TLS_HB_REQUEST 1
254 #define TLS_HB_RESPONSE 2
255 
256 #define SSL_RECORD_MINIMUM_LENGTH 6
257 
258 #define SHA1_STRING_LENGTH 60
259 
260 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
261 
262 struct SSLDecoderResult {
263  int retval; // nr bytes consumed from input, or < 0 on error
264  uint32_t needed; // more bytes needed
265 };
266 #define SSL_DECODER_ERROR(e) \
267  (struct SSLDecoderResult) \
268  { \
269  (e), 0 \
270  }
271 #define SSL_DECODER_OK(c) \
272  (struct SSLDecoderResult) \
273  { \
274  (uint32_t)(c), 0 \
275  }
276 #define SSL_DECODER_INCOMPLETE(c, n) \
277  (struct SSLDecoderResult) \
278  { \
279  (uint32_t)(c), (n) \
280  }
281 
282 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
283  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
284 
285 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
286  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
287 {
288  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
289  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
290  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
291  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
292 
293  if (dst_offset < dst_size && src_offset < src_size &&
294  src_tocopy <= (src_size - src_offset) &&
295  src_tocopy <= (dst_size - dst_offset)) {
296  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
297  return 0;
298  }
299  return -1;
300 }
301 
302 #ifdef DEBUG_VALIDATION
303 #define ValidateRecordState(connp) \
304  do { \
305  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
306  (connp)->bytes_processed); \
307  } while(0);
308 #else
309 #define ValidateRecordState(...)
310 #endif
311 
312 #define SSLParserHSReset(connp) \
313  do { \
314  (connp)->handshake_type = 0; \
315  (connp)->message_length = 0; \
316  } while (0)
317 
318 #define SSLParserReset(state) \
319  do { \
320  SCLogDebug("resetting state"); \
321  (state)->curr_connp->bytes_processed = 0; \
322  SSLParserHSReset((state)->curr_connp); \
323  } while(0)
324 
325 #define SSLSetEvent(ssl_state, event) \
326  do { \
327  SCLogDebug("setting event %u", (event)); \
328  if ((ssl_state) == NULL) { \
329  SCLogDebug("could not set decoder event %u", event); \
330  } else { \
331  SCAppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
332  (ssl_state)->events++; \
333  } \
334  } while (0)
335 
336 static void *SSLGetTx(void *state, uint64_t tx_id)
337 {
338  SSLState *ssl_state = (SSLState *)state;
339  return ssl_state;
340 }
341 
342 static uint64_t SSLGetTxCnt(void *state)
343 {
344  /* single tx */
345  return 1;
346 }
347 
348 static void UpdateClientState(SSLState *ssl_state, enum TlsStateClient s)
349 {
350 #ifdef DEBUG
351  enum TlsStateClient old = ssl_state->client_state;
352 #endif
353  ssl_state->client_state = s;
354 #ifdef DEBUG
355  SCLogDebug("toserver: state updated to %u from %u", s, old);
356 #endif
357 }
358 
359 static void UpdateServerState(SSLState *ssl_state, enum TlsStateServer s)
360 {
361 #ifdef DEBUG
362  enum TlsStateServer old = ssl_state->server_state;
363 #endif
364  ssl_state->server_state = s;
365 #ifdef DEBUG
366  SCLogDebug("toclient: state updated to %u from %u", s, old);
367 #endif
368 }
369 
370 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
371 {
372  SSLState *ssl_state = (SSLState *)tx;
373  if (direction & STREAM_TOCLIENT) {
374  return ssl_state->server_state;
375  } else {
376  return ssl_state->client_state;
377  }
378 }
379 
380 static AppLayerTxData *SSLGetTxData(void *vtx)
381 {
382  SSLState *ssl_state = (SSLState *)vtx;
383  return &ssl_state->tx_data;
384 }
385 
386 static AppLayerStateData *SSLGetStateData(void *vstate)
387 {
388  SSLState *ssl_state = (SSLState *)vstate;
389  return &ssl_state->state_data;
390 }
391 
392 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
393 {
394  switch(err) {
395  case ERR_EXTRACT_VALIDITY:
396  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY);
397  break;
398  case ERR_EXTRACT_ISSUER:
399  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER);
400  break;
401  case ERR_EXTRACT_SUBJECT:
402  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT);
403  break;
404  case ERR_INVALID_DER:
405  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER);
406  break;
407  case ERR_INVALID_EXTENSIONS:
408  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS);
409  break;
410  case ERR_INVALID_DATE:
411  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE);
412  break;
413  case ERR_INVALID_X509NAME:
414  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME);
415  break;
416  case ERR_INVALID_ALGORITHMIDENTIFIER:
417  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER);
418  break;
419  case ERR_INVALID_SERIAL:
420  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL);
421  break;
422  case ERR_INVALID_VERSION:
423  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION);
424  break;
425  case ERR_INVALID_LENGTH:
426  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH);
427  break;
428  case ERR_INVALID_CERTIFICATE:
429  default:
430  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
431  break;
432  }
433 }
434 
435 static inline int TlsDecodeHSCertificateFingerprint(
436  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
437 {
438  if (unlikely(connp->cert0_fingerprint != NULL))
439  return 0;
440 
441  connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH);
442  if (connp->cert0_fingerprint == NULL)
443  return -1;
444 
445  uint8_t hash[SC_SHA1_LEN];
446  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
447  SCToHex_sep(
448  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
449  }
450  return 0;
451 }
452 
453 static inline int TlsDecodeHSCertificateAddCertToChain(
454  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
455 {
456  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
457  if (cert == NULL)
458  return -1;
459 
460  cert->cert_data = (uint8_t *)input;
461  cert->cert_len = cert_len;
462  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
463 
464  return 0;
465 }
466 
467 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
468  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
469 {
470  const uint8_t *input = (uint8_t *)initial_input;
471  uint32_t err_code = 0;
472  X509 *x509 = NULL;
473  int rc = 0;
474 
475  if (!(HAS_SPACE(3)))
476  goto invalid_cert;
477 
478  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
479  input += 3;
480 
481  if (!(HAS_SPACE(cert_len)))
482  goto invalid_cert;
483 
484  /* only store fields from the first certificate in the chain */
485  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
486  connp->cert0_serial == NULL) {
487  x509 = SCX509Decode(input, cert_len, &err_code);
488  if (x509 == NULL) {
489  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
490  goto next;
491  }
492 
493  char *str = SCX509GetSubject(x509);
494  if (str == NULL) {
495  err_code = ERR_EXTRACT_SUBJECT;
496  goto error;
497  }
498  connp->cert0_subject = str;
499 
500  str = SCX509GetIssuer(x509);
501  if (str == NULL) {
502  err_code = ERR_EXTRACT_ISSUER;
503  goto error;
504  }
505  connp->cert0_issuerdn = str;
506 
507  connp->cert0_sans_len = SCX509GetSubjectAltNameLen(x509);
508  char **sans = SCCalloc(connp->cert0_sans_len, sizeof(char *));
509  if (sans == NULL) {
510  goto error;
511  }
512  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
513  sans[i] = SCX509GetSubjectAltNameAt(x509, i);
514  }
515  connp->cert0_sans = sans;
516  str = SCX509GetSerial(x509);
517  if (str == NULL) {
518  err_code = ERR_INVALID_SERIAL;
519  goto error;
520  }
521  connp->cert0_serial = str;
522 
523  rc = SCX509GetValidity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
524  if (rc != 0) {
525  err_code = ERR_EXTRACT_VALIDITY;
526  goto error;
527  }
528 
529  SCX509Free(x509);
530  x509 = NULL;
531 
532  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
533  if (rc != 0) {
534  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
535  goto error;
536  }
537  }
538 
539  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
540  if (rc != 0) {
541  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
542  goto error;
543  }
544 
545 next:
546  input += cert_len;
547  return (int)(input - initial_input);
548 
549 error:
550  if (err_code != 0)
551  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
552  if (x509 != NULL)
553  SCX509Free(x509);
554 
555  return -1;
556 
557 invalid_cert:
558  SCLogDebug("TLS invalid certificate");
559  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
560  return -1;
561 }
562 
563 /** \internal
564  * \brief parse cert data in a certificate handshake message
565  * will be called with all data.
566  * \retval consumed bytes consumed or -1 on error
567  */
568 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
569  const uint8_t *const initial_input, const uint32_t input_len)
570 {
571  const uint8_t *input = (uint8_t *)initial_input;
572 
573  if (!(HAS_SPACE(3)))
574  return -1;
575 
576  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
577  input += 3;
578 
579  if (!(HAS_SPACE(cert_chain_len)))
580  return -1;
581 
582  if (connp->certs_buffer != NULL) {
583  // TODO should we set an event here?
584  return -1;
585  }
586 
587  connp->certs_buffer = SCCalloc(1, cert_chain_len);
588  if (connp->certs_buffer == NULL) {
589  return -1;
590  }
591  connp->certs_buffer_size = cert_chain_len;
592  memcpy(connp->certs_buffer, input, cert_chain_len);
593 
594  int cert_cnt = 0;
595  uint32_t processed_len = 0;
596  /* coverity[tainted_data] */
597  while (processed_len < cert_chain_len) {
598  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
599  connp->certs_buffer_size - processed_len, cert_cnt);
600  if (rc <= 0) { // 0 should be impossible, but lets be defensive
601  return -1;
602  }
603  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
604  if (processed_len + (uint32_t)rc > cert_chain_len) {
605  return -1;
606  }
607 
608  processed_len += (uint32_t)rc;
609  }
610 
611  return processed_len + 3;
612 }
613 
614 /**
615  * \inline
616  * \brief Check if value is GREASE.
617  *
618  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
619  *
620  * \param value Value to check.
621  *
622  * \retval 1 if is GREASE.
623  * \retval 0 if not is GREASE.
624  */
625 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
626 {
627  switch (value)
628  {
629  case 0x0a0a:
630  case 0x1a1a:
631  case 0x2a2a:
632  case 0x3a3a:
633  case 0x4a4a:
634  case 0x5a5a:
635  case 0x6a6a:
636  case 0x7a7a:
637  case 0x8a8a:
638  case 0x9a9a:
639  case 0xaaaa:
640  case 0xbaba:
641  case 0xcaca:
642  case 0xdada:
643  case 0xeaea:
644  case 0xfafa:
645  return 1;
646  default:
647  return 0;
648  }
649 }
650 
651 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
652  const uint8_t * const initial_input,
653  const uint32_t input_len)
654 {
655  uint8_t *input = (uint8_t *)initial_input;
656 
657  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_VERSION_LEN))) {
658  SCLogDebug("TLS handshake invalid length");
659  SSLSetEvent(ssl_state,
660  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
661  return -1;
662  }
663 
664  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
665  ssl_state->curr_connp->version = version;
666 
667  if (ssl_state->current_flags &
668  (SSL_AL_FLAG_STATE_CLIENT_HELLO | SSL_AL_FLAG_STATE_SERVER_HELLO)) {
669  SCTLSHandshakeSetTLSVersion(ssl_state->curr_connp->hs, version);
670  }
671 
672  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
673  versions, instead of using the supported versions extension. */
674  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
675  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
676  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
677  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
678  }
679 
680  /* Catch some early TLSv1.3 draft implementations that does not conform
681  to the draft version. */
682  if ((ssl_state->curr_connp->version >= 0x7f01) &&
683  (ssl_state->curr_connp->version < 0x7f10)) {
684  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
685  }
686 
687  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
688  version number, which makes it hard to accurately pinpoint the
689  exact draft version. */
690  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
691  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
692  }
693 
694  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
695  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
696  if (ssl_state->curr_connp->ja3_str == NULL)
697  return -1;
698 
699  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
700  if (rc != 0)
701  return -1;
702  }
703 
704  input += SSLV3_CLIENT_HELLO_VERSION_LEN;
705 
706  return (int)(input - initial_input);
707 }
708 
709 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
710  const uint8_t * const initial_input,
711  const uint32_t input_len)
712 {
713  uint8_t *input = (uint8_t *)initial_input;
714 
715  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_RANDOM_LEN))) {
716  SCLogDebug("TLS handshake invalid length");
717  SSLSetEvent(ssl_state,
718  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
719  return -1;
720  }
721 
722  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
723  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
724  ssl_state->flags |= TLS_TS_RANDOM_SET;
725  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
726  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
727  ssl_state->flags |= TLS_TC_RANDOM_SET;
728  }
729 
730  /* Skip random */
731  input += SSLV3_CLIENT_HELLO_RANDOM_LEN;
732 
733  return (int)(input - initial_input);
734 }
735 
736 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
737  const uint8_t * const initial_input,
738  const uint32_t input_len)
739 {
740  uint8_t *input = (uint8_t *)initial_input;
741 
742  if (!(HAS_SPACE(1)))
743  goto invalid_length;
744 
745  uint8_t session_id_length = *input;
746  input += 1;
747 
748  if (!(HAS_SPACE(session_id_length)))
749  goto invalid_length;
750 
751  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
752  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
753 
754  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
755  return -1;
756  }
757 
758  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
759  input, 0, input_len, session_id_length) != 0) {
760  return -1;
761  }
762  ssl_state->curr_connp->session_id_length = session_id_length;
763 
764  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
765  ssl_state->client_connp.session_id != NULL &&
766  ssl_state->server_connp.session_id != NULL) {
767  if ((ssl_state->client_connp.session_id_length ==
768  ssl_state->server_connp.session_id_length) &&
769  (memcmp(ssl_state->server_connp.session_id,
770  ssl_state->client_connp.session_id, session_id_length) == 0)) {
771  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
772  }
773  }
774  }
775 
776  input += session_id_length;
777 
778  return (int)(input - initial_input);
779 
780 invalid_length:
781  SCLogDebug("TLS handshake invalid length");
782  SSLSetEvent(ssl_state,
783  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
784  return -1;
785 }
786 
787 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
788  const uint8_t * const initial_input,
789  const uint32_t input_len)
790 {
791  const uint8_t *input = initial_input;
792 
793  if (!(HAS_SPACE(2)))
794  goto invalid_length;
795 
796  uint16_t cipher_suites_length;
797 
798  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
799  cipher_suites_length = 2;
800  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
801  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
802  input += 2;
803  } else {
804  return -1;
805  }
806 
807  if (!(HAS_SPACE(cipher_suites_length)))
808  goto invalid_length;
809 
810  /* Cipher suites length should always be divisible by 2 */
811  if ((cipher_suites_length % 2) != 0) {
812  goto invalid_length;
813  }
814 
815  const bool enable_ja3 =
816  SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL;
817 
818  JA3Buffer *ja3_cipher_suites = NULL;
819 
820  if (enable_ja3) {
821  ja3_cipher_suites = Ja3BufferInit();
822  if (ja3_cipher_suites == NULL)
823  return -1;
824  }
825 
826  uint16_t processed_len = 0;
827  /* coverity[tainted_data] */
828  while (processed_len < cipher_suites_length) {
829  if (!(HAS_SPACE(2))) {
830  if (enable_ja3) {
831  Ja3BufferFree(&ja3_cipher_suites);
832  }
833  goto invalid_length;
834  }
835 
836  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
837  input += 2;
838 
839  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
840  if (ssl_state->current_flags &
841  (SSL_AL_FLAG_STATE_CLIENT_HELLO | SSL_AL_FLAG_STATE_SERVER_HELLO)) {
842  SCTLSHandshakeAddCipher(ssl_state->curr_connp->hs, cipher_suite);
843  }
844  if (enable_ja3) {
845  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
846  if (rc != 0) {
847  return -1;
848  }
849  }
850  }
851  processed_len += 2;
852  }
853 
854  if (enable_ja3) {
855  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str, &ja3_cipher_suites);
856  if (rc == -1) {
857  return -1;
858  }
859  }
860 
861  return (int)(input - initial_input);
862 
863 invalid_length:
864  SCLogDebug("TLS handshake invalid length");
865  SSLSetEvent(ssl_state,
866  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
867  return -1;
868 }
869 
870 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
871  const uint8_t * const initial_input,
872  const uint32_t input_len)
873 {
874  const uint8_t *input = initial_input;
875 
876  if (!(HAS_SPACE(1)))
877  goto invalid_length;
878 
879  /* Skip compression methods */
880  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
881  input += 1;
882  } else {
883  uint8_t compression_methods_length = *input;
884  input += 1;
885 
886  if (!(HAS_SPACE(compression_methods_length)))
887  goto invalid_length;
888 
889  input += compression_methods_length;
890  }
891 
892  return (int)(input - initial_input);
893 
894 invalid_length:
895  SCLogDebug("TLS handshake invalid_length");
896  SSLSetEvent(ssl_state,
897  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
898  return -1;
899 }
900 
901 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
902  const uint8_t * const initial_input,
903  const uint32_t input_len)
904 {
905  uint8_t *input = (uint8_t *)initial_input;
906 
907  /* Empty extension */
908  if (input_len == 0)
909  return 0;
910 
911  if (!(HAS_SPACE(2)))
912  goto invalid_length;
913 
914  /* Skip sni_list_length */
915  input += 2;
916 
917  if (!(HAS_SPACE(1)))
918  goto invalid_length;
919 
920  uint8_t sni_type = *input;
921  input += 1;
922 
923  /* Currently the only type allowed is host_name
924  (RFC6066 section 3). */
925  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
926  SCLogDebug("Unknown SNI type");
927  SSLSetEvent(ssl_state,
928  TLS_DECODER_EVENT_INVALID_SNI_TYPE);
929  return -1;
930  }
931 
932  if (!(HAS_SPACE(2)))
933  goto invalid_length;
934 
935  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
936  input += 2;
937 
938  /* host_name contains the fully qualified domain name,
939  and should therefore be limited by the maximum domain
940  name length. */
941  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
942  SSLSetEvent(ssl_state,
943  TLS_DECODER_EVENT_INVALID_SNI_LENGTH);
944  return -1;
945  }
946 
947  /* There must not be more than one extension of the same
948  type (RFC5246 section 7.4.1.4). */
949  if (ssl_state->curr_connp->sni) {
950  SCLogDebug("Multiple SNI extensions");
951  SSLSetEvent(ssl_state,
952  TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS);
953  input += sni_len;
954  return (int)(input - initial_input);
955  }
956 
957  const size_t sni_strlen = sni_len + 1;
958  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
959  if (unlikely(ssl_state->curr_connp->sni == NULL))
960  return -1;
961 
962  const size_t consumed = input - initial_input;
963  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
964  initial_input, consumed, input_len, sni_len) != 0) {
965  SCFree(ssl_state->curr_connp->sni);
966  ssl_state->curr_connp->sni = NULL;
967  return -1;
968  }
969  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
970 
971  input += sni_len;
972 
973  return (int)(input - initial_input);
974 
975 invalid_length:
976  SCLogDebug("TLS handshake invalid length");
977  SSLSetEvent(ssl_state,
978  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
979 
980 
981  return -1;
982 }
983 
984 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
985  const uint8_t * const initial_input,
986  const uint32_t input_len)
987 {
988  const uint8_t *input = initial_input;
989 
990  /* Empty extension */
991  if (input_len == 0)
992  return 0;
993 
994  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
995  if (!(HAS_SPACE(1)))
996  goto invalid_length;
997 
998  uint8_t supported_ver_len = *input;
999  input += 1;
1000 
1001  if (supported_ver_len < 2)
1002  goto invalid_length;
1003 
1004  if (!(HAS_SPACE(supported_ver_len)))
1005  goto invalid_length;
1006 
1007  /* Use the first (and preferred) valid version as client version,
1008  * skip over GREASE and other possible noise. */
1009  uint16_t i = 0;
1010  while (i + 1 < (uint16_t)supported_ver_len) {
1011  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1012  if (TLSVersionValid(ver)) {
1013  ssl_state->curr_connp->version = ver;
1014  SCTLSHandshakeSetTLSVersion(ssl_state->curr_connp->hs, ver);
1015  break;
1016  }
1017  i += 2;
1018  }
1019 
1020  /* Set a flag to indicate that we have seen this extension */
1021  ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;
1022 
1023  input += supported_ver_len;
1024  }
1025  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1026  if (!(HAS_SPACE(2)))
1027  goto invalid_length;
1028 
1029  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1030 
1031  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1032  (ver > TLS_VERSION_12)) {
1033  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1034  }
1035 
1036  ssl_state->curr_connp->version = ver;
1037  input += 2;
1038  }
1039 
1040  return (int)(input - initial_input);
1041 
1042 invalid_length:
1043  SCLogDebug("TLS handshake invalid length");
1044  SSLSetEvent(ssl_state,
1045  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1046 
1047  return -1;
1048 }
1049 
1050 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1051  const uint8_t * const initial_input,
1052  const uint32_t input_len,
1053  JA3Buffer *ja3_elliptic_curves)
1054 {
1055  const uint8_t *input = initial_input;
1056 
1057  /* Empty extension */
1058  if (input_len == 0)
1059  return 0;
1060 
1061  if (!(HAS_SPACE(2)))
1062  goto invalid_length;
1063 
1064  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1065  input += 2;
1066 
1067  if (!(HAS_SPACE(elliptic_curves_len)))
1068  goto invalid_length;
1069 
1070  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves) {
1071  uint16_t ec_processed_len = 0;
1072  /* coverity[tainted_data] */
1073  while (ec_processed_len < elliptic_curves_len)
1074  {
1075  if (!(HAS_SPACE(2)))
1076  goto invalid_length;
1077 
1078  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1079  input += 2;
1080 
1081  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1082  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1083  elliptic_curve);
1084  if (rc != 0)
1085  return -1;
1086  }
1087 
1088  ec_processed_len += 2;
1089  }
1090 
1091  } else {
1092  /* Skip elliptic curves */
1093  input += elliptic_curves_len;
1094  }
1095 
1096  return (int)(input - initial_input);
1097 
1098 invalid_length:
1099  SCLogDebug("TLS handshake invalid length");
1100  SSLSetEvent(ssl_state,
1101  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1102 
1103  return -1;
1104 }
1105 
1106 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1107  const uint8_t * const initial_input,
1108  const uint32_t input_len,
1109  JA3Buffer *ja3_elliptic_curves_pf)
1110 {
1111  const uint8_t *input = initial_input;
1112 
1113  /* Empty extension */
1114  if (input_len == 0)
1115  return 0;
1116 
1117  if (!(HAS_SPACE(1)))
1118  goto invalid_length;
1119 
1120  uint8_t ec_pf_len = *input;
1121  input += 1;
1122 
1123  if (!(HAS_SPACE(ec_pf_len)))
1124  goto invalid_length;
1125 
1126  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves_pf) {
1127  uint8_t ec_pf_processed_len = 0;
1128  /* coverity[tainted_data] */
1129  while (ec_pf_processed_len < ec_pf_len)
1130  {
1131  uint8_t elliptic_curve_pf = *input;
1132  input += 1;
1133 
1134  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1135  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1136  elliptic_curve_pf);
1137  if (rc != 0)
1138  return -1;
1139  }
1140 
1141  ec_pf_processed_len += 1;
1142  }
1143 
1144  } else {
1145  /* Skip elliptic curve point formats */
1146  input += ec_pf_len;
1147  }
1148 
1149  return (int)(input - initial_input);
1150 
1151 invalid_length:
1152  SCLogDebug("TLS handshake invalid length");
1153  SSLSetEvent(ssl_state,
1154  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1155 
1156  return -1;
1157 }
1158 
1159 static inline int TLSDecodeHSHelloExtensionSigAlgorithms(
1160  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1161 {
1162  const uint8_t *input = initial_input;
1163 
1164  /* Empty extension */
1165  if (input_len == 0)
1166  return 0;
1167 
1168  if (!(HAS_SPACE(2)))
1169  goto invalid_length;
1170 
1171  uint16_t sigalgo_len = (uint16_t)(*input << 8) | *(input + 1);
1172  input += 2;
1173 
1174  /* Signature algorithms length should always be divisible by 2 */
1175  if ((sigalgo_len % 2) != 0) {
1176  goto invalid_length;
1177  }
1178 
1179  if (!(HAS_SPACE(sigalgo_len)))
1180  goto invalid_length;
1181 
1182  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1183  uint16_t sigalgo_processed_len = 0;
1184  while (sigalgo_processed_len < sigalgo_len) {
1185  uint16_t sigalgo = (uint16_t)(*input << 8) | *(input + 1);
1186  input += 2;
1187  sigalgo_processed_len += 2;
1188 
1189  SCTLSHandshakeAddSigAlgo(ssl_state->curr_connp->hs, sigalgo);
1190  }
1191  } else {
1192  /* Skip signature algorithms */
1193  input += sigalgo_len;
1194  }
1195 
1196  return (int)(input - initial_input);
1197 
1198 invalid_length:
1199  SCLogDebug("Signature algorithm list invalid length");
1200  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1201 
1202  return -1;
1203 }
1204 
1205 static inline int TLSDecodeHSHelloExtensionALPN(
1206  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1207 {
1208  const uint8_t *input = initial_input;
1209 
1210  /* Empty extension */
1211  if (input_len == 0)
1212  return 0;
1213 
1214  if (!(HAS_SPACE(2)))
1215  goto invalid_length;
1216 
1217  uint16_t alpn_len = (uint16_t)(*input << 8) | *(input + 1);
1218  input += 2;
1219 
1220  if (!(HAS_SPACE(alpn_len)))
1221  goto invalid_length;
1222 
1223  /* We use 32 bits here to avoid potentially overflowing a value that
1224  needs to be compared to an unsigned 16-bit value. */
1225  uint32_t alpn_processed_len = 0;
1226  while (alpn_processed_len < alpn_len) {
1227  uint8_t protolen = *input;
1228  input += 1;
1229  alpn_processed_len += 1;
1230 
1231  if (!(HAS_SPACE(protolen)))
1232  goto invalid_length;
1233 
1234  /* Check if reading another protolen bytes would exceed the
1235  overall ALPN length; if so, skip and continue */
1236  if (alpn_processed_len + protolen > ((uint32_t)alpn_len)) {
1237  input += alpn_len - alpn_processed_len;
1238  break;
1239  }
1240  SCTLSHandshakeAddALPN(ssl_state->curr_connp->hs, (const char *)input, protolen);
1241 
1242  alpn_processed_len += protolen;
1243  input += protolen;
1244  }
1245 
1246  return (int)(input - initial_input);
1247 
1248 invalid_length:
1249  SCLogDebug("ALPN list invalid length");
1250  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1251 
1252  return -1;
1253 }
1254 
1255 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1256  const uint8_t * const initial_input,
1257  const uint32_t input_len)
1258 {
1259  const uint8_t *input = initial_input;
1260 
1261  int ret;
1262  int rc;
1263  // if ja3_hash is already computed, do not use new hello to augment ja3_str
1264  const bool ja3 =
1265  (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1) && ssl_state->curr_connp->ja3_hash == NULL;
1266 
1267  JA3Buffer *ja3_extensions = NULL;
1268  JA3Buffer *ja3_elliptic_curves = NULL;
1269  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1270 
1271  if (ja3) {
1272  ja3_extensions = Ja3BufferInit();
1273  if (ja3_extensions == NULL)
1274  goto error;
1275 
1276  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1277  ja3_elliptic_curves = Ja3BufferInit();
1278  if (ja3_elliptic_curves == NULL)
1279  goto error;
1280 
1281  ja3_elliptic_curves_pf = Ja3BufferInit();
1282  if (ja3_elliptic_curves_pf == NULL)
1283  goto error;
1284  }
1285  }
1286 
1287  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1288  if (!(HAS_SPACE(2)))
1289  goto end;
1290 
1291  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1292  input += 2;
1293 
1294  if (!(HAS_SPACE(extensions_len)))
1295  goto invalid_length;
1296 
1297  uint16_t processed_len = 0;
1298  /* coverity[tainted_data] */
1299  while (processed_len < extensions_len)
1300  {
1301  if (!(HAS_SPACE(2)))
1302  goto invalid_length;
1303 
1304  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1305  input += 2;
1306 
1307  if (!(HAS_SPACE(2)))
1308  goto invalid_length;
1309 
1310  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1311  input += 2;
1312 
1313  if (!(HAS_SPACE(ext_len)))
1314  goto invalid_length;
1315 
1316  switch (ext_type) {
1317  case SSL_EXTENSION_SNI:
1318  {
1319  /* coverity[tainted_data] */
1320  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1321  ext_len);
1322  if (ret < 0)
1323  goto end;
1324 
1325  input += ret;
1326 
1327  break;
1328  }
1329 
1330  case SSL_EXTENSION_ELLIPTIC_CURVES:
1331  {
1332  /* coverity[tainted_data] */
1333  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1334  ext_len,
1335  ja3_elliptic_curves);
1336  if (ret < 0)
1337  goto end;
1338 
1339  input += ret;
1340 
1341  break;
1342  }
1343 
1344  case SSL_EXTENSION_EC_POINT_FORMATS:
1345  {
1346  /* coverity[tainted_data] */
1347  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1348  ext_len,
1349  ja3_elliptic_curves_pf);
1350  if (ret < 0)
1351  goto end;
1352 
1353  input += ret;
1354 
1355  break;
1356  }
1357 
1358  case SSL_EXTENSION_SIGNATURE_ALGORITHMS: {
1359  /* coverity[tainted_data] */
1360  ret = TLSDecodeHSHelloExtensionSigAlgorithms(ssl_state, input, ext_len);
1361  if (ret < 0)
1362  goto end;
1363 
1364  input += ret;
1365 
1366  break;
1367  }
1368 
1369  case SSL_EXTENSION_ALPN: {
1370  /* coverity[tainted_data] */
1371  ret = TLSDecodeHSHelloExtensionALPN(ssl_state, input, ext_len);
1372  if (ret < 0)
1373  goto end;
1374 
1375  input += ext_len;
1376 
1377  break;
1378  }
1379 
1380  case SSL_EXTENSION_EARLY_DATA:
1381  {
1382  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1383  /* Used by 0-RTT to indicate that encrypted data will
1384  be sent right after the ClientHello record. */
1385  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1386  }
1387 
1388  input += ext_len;
1389 
1390  break;
1391  }
1392 
1393  case SSL_EXTENSION_SUPPORTED_VERSIONS:
1394  {
1395  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1396  ext_len);
1397  if (ret < 0)
1398  goto end;
1399 
1400  input += ret;
1401 
1402  break;
1403  }
1404 
1405  case SSL_EXTENSION_SESSION_TICKET:
1406  {
1407  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1408  /* This has to be verified later on by checking if a
1409  certificate record has been sent by the server. */
1410  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1411  }
1412 
1413  input += ext_len;
1414 
1415  break;
1416  }
1417 
1418  default:
1419  {
1420  input += ext_len;
1421  break;
1422  }
1423  }
1424 
1425  if (ja3) {
1426  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1427  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1428  if (rc != 0)
1429  goto error;
1430  }
1431  }
1432 
1433  if (ssl_state->current_flags &
1434  (SSL_AL_FLAG_STATE_CLIENT_HELLO | SSL_AL_FLAG_STATE_SERVER_HELLO)) {
1435  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1436  SCTLSHandshakeAddExtension(ssl_state->curr_connp->hs, ext_type);
1437  }
1438  }
1439 
1440  processed_len += ext_len + 4;
1441  }
1442 
1443 end:
1444  if (ja3) {
1445  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1446  &ja3_extensions);
1447  if (rc == -1)
1448  goto error;
1449 
1450  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1451  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1452  &ja3_elliptic_curves);
1453  if (rc == -1)
1454  goto error;
1455 
1456  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1457  &ja3_elliptic_curves_pf);
1458  if (rc == -1)
1459  goto error;
1460  }
1461  }
1462 
1463  return (int)(input - initial_input);
1464 
1465 invalid_length:
1466  SCLogDebug("TLS handshake invalid length");
1467  SSLSetEvent(ssl_state,
1468  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1469 
1470 error:
1471  if (ja3_extensions != NULL)
1472  Ja3BufferFree(&ja3_extensions);
1473  if (ja3_elliptic_curves != NULL)
1474  Ja3BufferFree(&ja3_elliptic_curves);
1475  if (ja3_elliptic_curves_pf != NULL)
1476  Ja3BufferFree(&ja3_elliptic_curves_pf);
1477 
1478  return -1;
1479 }
1480 
1481 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1482  const uint8_t * const input,
1483  const uint32_t input_len)
1484 {
1485  int ret;
1486  uint32_t parsed = 0;
1487 
1488  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1489  if (ret < 0)
1490  goto end;
1491 
1492  parsed += ret;
1493 
1494  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1495  if (ret < 0)
1496  goto end;
1497 
1498  parsed += ret;
1499 
1500  /* The session id field in the server hello record was removed in
1501  TLSv1.3 draft1, but was readded in draft22. */
1502  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1503  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1504  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1505  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1506  input_len - parsed);
1507  if (ret < 0)
1508  goto end;
1509 
1510  parsed += ret;
1511  }
1512 
1513  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1514  input_len - parsed);
1515  if (ret < 0)
1516  goto end;
1517 
1518  parsed += ret;
1519 
1520  /* The compression methods field in the server hello record was
1521  removed in TLSv1.3 draft1, but was readded in draft22. */
1522  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1523  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1524  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1525  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1526  input_len - parsed);
1527  if (ret < 0)
1528  goto end;
1529 
1530  parsed += ret;
1531  }
1532 
1533  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1534  input_len - parsed);
1535  if (ret < 0)
1536  goto end;
1537 
1538  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1539  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1540  }
1541 
1542  if (ssl_state->curr_connp == &ssl_state->client_connp) {
1543  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
1544  } else {
1545  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
1546  }
1547 end:
1548  return 0;
1549 }
1550 
1551 #ifdef DEBUG_VALIDATION
1552 static inline bool
1553 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1554 {
1555  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1556  curr_connp->bytes_processed);
1557 }
1558 #endif
1559 
1560 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1561  const uint8_t *const initial_input, const uint32_t input_len)
1562 {
1563  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1564  SCLogDebug("rc %d", rc);
1565  if (rc > 0) {
1566  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1567  SSLParserHSReset(connp);
1568  } else if (rc < 0) {
1569  SCLogDebug("error parsing cert, reset state");
1570  SSLParserHSReset(connp);
1571  /* fall through to still consume the cert bytes */
1572  }
1573  if (connp == &ssl_state->client_connp) {
1574  UpdateClientState(ssl_state, TLS_STATE_CLIENT_CERT_DONE);
1575  } else {
1576  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
1577  }
1578  return input_len;
1579 }
1580 
1581 static int SupportedHandshakeType(const uint8_t type)
1582 {
1583  switch (type) {
1584  case SSLV3_HS_CLIENT_HELLO:
1585  case SSLV3_HS_SERVER_HELLO:
1586  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1587  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1588  case SSLV3_HS_CERTIFICATE:
1589  case SSLV3_HS_HELLO_REQUEST:
1590  case SSLV3_HS_CERTIFICATE_REQUEST:
1591  case SSLV3_HS_CERTIFICATE_VERIFY:
1592  case SSLV3_HS_FINISHED:
1593  case SSLV3_HS_CERTIFICATE_URL:
1594  case SSLV3_HS_CERTIFICATE_STATUS:
1595  case SSLV3_HS_NEW_SESSION_TICKET:
1596  case SSLV3_HS_SERVER_HELLO_DONE:
1597  return true;
1598  break;
1599 
1600  default:
1601  return false;
1602  break;
1603  }
1604 }
1605 
1606 /**
1607  * \param input_len length of bytes after record header. Can be 0 (e.g. for server hello done).
1608  * \retval parsed number of consumed bytes
1609  * \retval < 0 error
1610  */
1611 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1612  uint32_t input_len, uint8_t direction)
1613 {
1614  const uint8_t *initial_input = input;
1615  int rc;
1616 
1617  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1618 
1619  switch (ssl_state->curr_connp->handshake_type) {
1620  case SSLV3_HS_CLIENT_HELLO:
1621  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
1622 
1623  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1624  if (rc < 0)
1625  return rc;
1626  break;
1627 
1628  case SSLV3_HS_SERVER_HELLO:
1629  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
1630 
1631  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1632  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1633  if (rc < 0)
1634  return rc;
1635  break;
1636 
1637  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1638  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_KEYX;
1639  break;
1640 
1641  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1642  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
1643  break;
1644 
1645  case SSLV3_HS_CERTIFICATE:
1646  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1647  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1648  input_len);
1649  if (rc < 0)
1650  return rc;
1651  break;
1652 
1653  case SSLV3_HS_HELLO_REQUEST:
1654  break;
1655  case SSLV3_HS_CERTIFICATE_REQUEST:
1656  if (direction) {
1657  ssl_state->current_flags = SSL_AL_FLAG_NEED_CLIENT_CERT;
1658  }
1659  break;
1660  case SSLV3_HS_CERTIFICATE_VERIFY:
1661  case SSLV3_HS_FINISHED:
1662  case SSLV3_HS_CERTIFICATE_URL:
1663  case SSLV3_HS_CERTIFICATE_STATUS:
1664  break;
1665  case SSLV3_HS_NEW_SESSION_TICKET:
1666  SCLogDebug("new session ticket");
1667  break;
1668  case SSLV3_HS_SERVER_HELLO_DONE:
1669  if (direction) {
1670  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO_DONE);
1671  }
1672  break;
1673  default:
1674  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1675  return -1;
1676  }
1677 
1678  ssl_state->flags |= ssl_state->current_flags;
1679 
1680  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1681  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1682 
1683  return input_len;
1684 }
1685 
1686 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1687  uint32_t input_len, uint8_t direction)
1688 {
1689  const uint8_t *initial_input = input;
1690 
1691  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1692  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1693  SCReturnInt(0);
1694  }
1695 
1696  while (input_len) {
1697  SCLogDebug("input_len %u", input_len);
1698 
1699  if (ssl_state->curr_connp->hs_buffer != NULL) {
1700  SCLogDebug("partial handshake record in place");
1701  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1702  ssl_state->curr_connp->hs_buffer_offset;
1703  const uint32_t add = MIN(need, input_len);
1704 
1705  /* grow buffer to next multiple of 4k that fits all data we have */
1706  if (ssl_state->curr_connp->hs_buffer_offset + add >
1707  ssl_state->curr_connp->hs_buffer_size) {
1708  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1709  const uint32_t new_size = avail + (4096 - (avail % 4096));
1710  SCLogDebug("new_size %u, avail %u", new_size, avail);
1711  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1712  if (ptr == NULL)
1713  return -1;
1714  ssl_state->curr_connp->hs_buffer = ptr;
1715  ssl_state->curr_connp->hs_buffer_size = new_size;
1716  }
1717 
1718  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1719  "ssl_state->curr_connp->hs_buffer_size %u",
1720  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1721  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1722 
1723  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1724  ssl_state->curr_connp->hs_buffer_offset,
1725  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1726  SCLogDebug("copy failed");
1727  return -1;
1728  }
1729  ssl_state->curr_connp->hs_buffer_offset += add;
1730 
1731  if (ssl_state->curr_connp->hs_buffer_message_size <=
1732  ssl_state->curr_connp->hs_buffer_offset) {
1733  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->hs_buffer_message_size !=
1734  ssl_state->curr_connp->hs_buffer_offset);
1735 
1736  ssl_state->curr_connp->handshake_type =
1737  ssl_state->curr_connp->hs_buffer_message_type;
1738  ssl_state->curr_connp->message_length =
1739  ssl_state->curr_connp->hs_buffer_message_size;
1740 
1741  SCLogDebug("got all data now: handshake_type %u message_length %u",
1742  ssl_state->curr_connp->handshake_type,
1743  ssl_state->curr_connp->message_length);
1744 
1745  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1746  ssl_state->curr_connp->hs_buffer_offset, direction);
1747  if (retval < 0) {
1748  SSLParserHSReset(ssl_state->curr_connp);
1749  return (retval);
1750  }
1751  SCLogDebug("retval %d", retval);
1752 
1753  /* data processed, reset buffer */
1754  SCFree(ssl_state->curr_connp->hs_buffer);
1755  ssl_state->curr_connp->hs_buffer = NULL;
1756  ssl_state->curr_connp->hs_buffer_size = 0;
1757  ssl_state->curr_connp->hs_buffer_message_size = 0;
1758  ssl_state->curr_connp->hs_buffer_message_type = 0;
1759  ssl_state->curr_connp->hs_buffer_offset = 0;
1760  } else {
1761  SCLogDebug("partial data");
1762  }
1763 
1764  input += add;
1765  input_len -= add;
1766  SCLogDebug("input_len %u", input_len);
1767  SSLParserHSReset(ssl_state->curr_connp);
1768  continue;
1769  }
1770 
1771  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1772  SCLogDebug("input %p input_len %u", input, input_len);
1773 
1774  if (input_len < 4) {
1775  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1776  SCReturnInt(-1);
1777  }
1778 
1779  ssl_state->curr_connp->handshake_type = input[0];
1780  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1781  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1782  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1783  input_len);
1784  input += 4;
1785  input_len -= 4;
1786 
1787  const uint32_t record_len = ssl_state->curr_connp->message_length;
1788  /* see if we support this type. We check here to not use the fragment
1789  * handling on things we don't support. */
1790  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1791  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1792  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1793  if (!supported_type) {
1794  uint32_t avail_record_len = MIN(input_len, record_len);
1795  input += avail_record_len;
1796  input_len -= avail_record_len;
1797 
1798  SSLParserHSReset(ssl_state->curr_connp);
1799 
1800  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1801  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1802  // after Change Cipher Spec we get Encrypted Handshake Messages
1803  } else {
1804  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
1805  }
1806  continue;
1807  }
1808 
1809  /* if the message length exceeds our input_len, we have a tls fragment. */
1810  if (record_len > input_len) {
1811  const uint32_t avail = input_len;
1812  const uint32_t size = avail + (4096 - (avail % 4096));
1813  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1814  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1815  if (ssl_state->curr_connp->hs_buffer == NULL) {
1816  return -1;
1817  }
1818  ssl_state->curr_connp->hs_buffer_size = size;
1819  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1820  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1821 
1822  if (input_len > 0) {
1823  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1824  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1825  input_len) != 0) {
1826  return -1;
1827  }
1828  ssl_state->curr_connp->hs_buffer_offset = input_len;
1829  }
1830  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1831  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1832  ssl_state->curr_connp->hs_buffer_offset,
1833  ssl_state->curr_connp->hs_buffer_message_type,
1834  ssl_state->curr_connp->hs_buffer_message_size);
1835  input += input_len;
1836  SSLParserHSReset(ssl_state->curr_connp);
1837  return (int)(input - initial_input);
1838 
1839  } else {
1840  /* full record, parse it now */
1841  int retval = SSLv3ParseHandshakeType(
1842  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1843  if (retval < 0 || retval > (int)input_len) {
1844  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1845  return (retval);
1846  }
1847  SCLogDebug("retval %d input_len %u", retval, input_len);
1848  input += retval;
1849  input_len -= retval;
1850 
1851  SSLParserHSReset(ssl_state->curr_connp);
1852  }
1853  SCLogDebug("input_len left %u", input_len);
1854  }
1855  return (int)(input - initial_input);
1856 }
1857 
1858 /**
1859  * \internal
1860  * \brief TLS Alert parser
1861  *
1862  * \param sslstate Pointer to the SSL state.
1863  * \param input Pointer to the received input data.
1864  * \param input_len Length in bytes of the received data.
1865  * \param direction 1 toclient, 0 toserver
1866  *
1867  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1868  */
1869 static int SSLv3ParseAlertProtocol(
1870  SSLState *ssl_state, const uint8_t *input, uint32_t input_len, uint8_t direction)
1871 {
1872  if (input_len < 2) {
1873  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_ALERT);
1874  return -1;
1875  }
1876 
1877  /* assume a record > 2 to be an encrypted alert record */
1878  if (input_len == 2) {
1879  uint8_t level = input[0];
1880  // uint8_t desc = input[1];
1881 
1882  /* if level Fatal, we consider the tx finished */
1883  if (level == 2) {
1884  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
1885  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
1886  }
1887  }
1888  return 0;
1889 }
1890 
1891 /**
1892  * \internal
1893  * \brief TLS Heartbeat parser (see RFC 6520)
1894  *
1895  * \param sslstate Pointer to the SSL state.
1896  * \param input Pointer to the received input data.
1897  * \param input_len Length in bytes of the received data.
1898  * \param direction 1 toclient, 0 toserver
1899  *
1900  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1901  */
1902 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1903  uint32_t input_len, uint8_t direction)
1904 {
1905  uint8_t hb_type;
1906  uint16_t payload_len;
1907  uint32_t padding_len;
1908 
1909  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1910  if (input_len < 3) {
1911  return 0;
1912  }
1913 
1914  hb_type = *input++;
1915 
1916  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1917  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1918  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1919  return -1;
1920  }
1921  }
1922 
1923  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1924  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1925 
1926  if (direction) {
1927  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1928  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1929  } else {
1930  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1931  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1932  }
1933 
1934  /* if we reach this point, then we can assume that the HB request
1935  is encrypted. If so, let's set the HB record length */
1936  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1937  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1938  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1939  ssl_state->hb_record_len);
1940  return (ssl_state->curr_connp->record_length - 3);
1941  }
1942 
1943  payload_len = (uint16_t)(*input << 8) | *(input + 1);
1944 
1945  /* check that the requested payload length is really present in
1946  the record (CVE-2014-0160) */
1947  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
1948  SCLogDebug("We have a short record in HeartBeat Request");
1949  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT);
1950  return -1;
1951  }
1952 
1953  /* check the padding length. It must be at least 16 bytes
1954  (RFC 6520, section 4) */
1955  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
1956  if (padding_len < 16) {
1957  SCLogDebug("We have a short record in HeartBeat Request");
1958  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1959  return -1;
1960  }
1961 
1962  /* we don't have the payload */
1963  if (input_len < payload_len + padding_len) {
1964  return 0;
1965  }
1966 
1967  /* OpenSSL still seems to discard multiple in-flight
1968  heartbeats although some tools send multiple at once */
1969  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1970  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
1971  SCLogDebug("Multiple in-flight server initiated HeartBeats");
1972  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1973  return -1;
1974 
1975  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1976  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
1977  SCLogDebug("Multiple in-flight client initiated HeartBeats");
1978  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1979  return -1;
1980 
1981  } else {
1982  /* we have a HB record in the opposite direction of the request,
1983  let's reset our flags */
1984  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
1985  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
1986  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
1987 
1988  /* if we reach this point, then we can assume that the HB request
1989  is encrypted. If so, let's set the HB record length */
1990  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1991  /* check to see if the encrypted response is longer than the
1992  encrypted request */
1993  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
1994  ssl_state->curr_connp->record_length) {
1995  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
1996  ssl_state->hb_record_len);
1997  SSLSetEvent(ssl_state,
1998  TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH);
1999  ssl_state->hb_record_len = 0;
2000  return -1;
2001  }
2002  }
2003 
2004  /* reset the HB record length in case we have a legit HB followed
2005  by a bad one */
2006  ssl_state->hb_record_len = 0;
2007  }
2008 
2009  /* skip the HeartBeat, 3 bytes were already parsed,
2010  e.g |18 03 02| for TLS 1.2 */
2011  return (ssl_state->curr_connp->record_length - 3);
2012 }
2013 
2014 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
2015  const uint8_t *input, uint32_t input_len)
2016 {
2017  const uint8_t *initial_input = input;
2018 
2019  if (input_len == 0) {
2020  return 0;
2021  }
2022 
2023  uint8_t skip_version = 0;
2024 
2025  /* Only set SSL/TLS version here if it has not already been set in
2026  client/server hello. */
2027  if (direction == 0) {
2028  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2029  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
2030  skip_version = 1;
2031  }
2032  } else {
2033  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
2034  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
2035  skip_version = 1;
2036  }
2037  }
2038 
2039  switch (ssl_state->curr_connp->bytes_processed) {
2040  case 0:
2041  if (input_len >= 5) {
2042  ssl_state->curr_connp->content_type = input[0];
2043  if (!skip_version) {
2044  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
2045  }
2046  ssl_state->curr_connp->record_length = input[3] << 8;
2047  ssl_state->curr_connp->record_length |= input[4];
2048  ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_HDR_LEN;
2049  return SSLV3_RECORD_HDR_LEN;
2050  } else {
2051  ssl_state->curr_connp->content_type = *(input++);
2052  if (--input_len == 0)
2053  break;
2054  }
2055 
2056  /* fall through */
2057  case 1:
2058  if (!skip_version) {
2059  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
2060  } else {
2061  input++;
2062  }
2063  if (--input_len == 0)
2064  break;
2065 
2066  /* fall through */
2067  case 2:
2068  if (!skip_version) {
2069  ssl_state->curr_connp->version |= *(input++);
2070  } else {
2071  input++;
2072  }
2073  if (--input_len == 0)
2074  break;
2075 
2076  /* fall through */
2077  case 3:
2078  ssl_state->curr_connp->record_length = *(input++) << 8;
2079  if (--input_len == 0)
2080  break;
2081 
2082  /* fall through */
2083  case 4:
2084  ssl_state->curr_connp->record_length |= *(input++);
2085  if (--input_len == 0)
2086  break;
2087 
2088  /* fall through */
2089  }
2090 
2091  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2092 
2093  return (int)(input - initial_input);
2094 }
2095 
2096 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
2097  const uint8_t *input, uint32_t input_len)
2098 {
2099  const uint8_t *initial_input = input;
2100 
2101  if (input_len == 0) {
2102  return 0;
2103  }
2104 
2105  if (ssl_state->curr_connp->record_lengths_length == 2) {
2106  switch (ssl_state->curr_connp->bytes_processed) {
2107  case 0:
2108  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2109  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
2110  ssl_state->curr_connp->content_type = input[2];
2111  ssl_state->curr_connp->version = SSL_VERSION_2;
2112  ssl_state->curr_connp->bytes_processed += 3;
2113  return 3;
2114  } else {
2115  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
2116  if (--input_len == 0)
2117  break;
2118  }
2119 
2120  /* fall through */
2121  case 1:
2122  ssl_state->curr_connp->record_length |= *(input++);
2123  if (--input_len == 0)
2124  break;
2125 
2126  /* fall through */
2127  case 2:
2128  ssl_state->curr_connp->content_type = *(input++);
2129  ssl_state->curr_connp->version = SSL_VERSION_2;
2130  if (--input_len == 0)
2131  break;
2132 
2133  /* fall through */
2134  }
2135 
2136  } else {
2137  switch (ssl_state->curr_connp->bytes_processed) {
2138  case 0:
2139  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2140  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
2141  ssl_state->curr_connp->content_type = input[3];
2142  ssl_state->curr_connp->version = SSL_VERSION_2;
2143  ssl_state->curr_connp->bytes_processed += 4;
2144  return 4;
2145  } else {
2146  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
2147  if (--input_len == 0)
2148  break;
2149  }
2150 
2151  /* fall through */
2152  case 1:
2153  ssl_state->curr_connp->record_length |= *(input++);
2154  if (--input_len == 0)
2155  break;
2156 
2157  /* fall through */
2158  case 2:
2159  /* padding */
2160  input++;
2161  if (--input_len == 0)
2162  break;
2163 
2164  /* fall through */
2165  case 3:
2166  ssl_state->curr_connp->content_type = *(input++);
2167  ssl_state->curr_connp->version = SSL_VERSION_2;
2168  if (--input_len == 0)
2169  break;
2170 
2171  /* fall through */
2172  }
2173  }
2174 
2175  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2176 
2177  return (int)(input - initial_input);
2178 }
2179 
2180 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2181  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2182  const StreamSlice stream_slice)
2183 {
2184  const uint8_t *initial_input = input;
2185 
2186  if (ssl_state->curr_connp->bytes_processed == 0) {
2187  if (input[0] & 0x80) {
2188  ssl_state->curr_connp->record_lengths_length = 2;
2189  } else {
2190  ssl_state->curr_connp->record_lengths_length = 3;
2191  }
2192 
2193  SCLogDebug("record start: ssl2.hdr frame");
2194  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2195  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2196  }
2197 
2198  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2199  "ssl_state->curr_connp->bytes_processed %u",
2200  direction, ssl_state->curr_connp->record_lengths_length + 1,
2201  ssl_state->curr_connp->bytes_processed);
2202  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2203  to read the msg_type */
2204  if (ssl_state->curr_connp->bytes_processed <
2205  (ssl_state->curr_connp->record_lengths_length + 1)) {
2206  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2207  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2208  ssl_state->curr_connp->record_length);
2209  if (retval < 0 || retval > (int)input_len) {
2210  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2211  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2212  return SSL_DECODER_ERROR(-1);
2213  }
2214 
2215  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2216  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2217  direction, TLS_FRAME_SSLV2_PDU);
2218  SCLogDebug("record start: ssl2.pdu frame");
2219 
2220  input += retval;
2221  input_len -= retval;
2222  }
2223 
2224  /* if we don't have the full record, we return incomplete */
2225  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2226  input_len + ssl_state->curr_connp->bytes_processed) {
2227  uint32_t needed = ssl_state->curr_connp->record_length;
2228  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2229  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2230  needed);
2231  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2232  }
2233 
2234  if (input_len == 0) {
2235  return SSL_DECODER_OK((input - initial_input));
2236  }
2237 
2238  /* record_length should never be zero */
2239  if (ssl_state->curr_connp->record_length == 0) {
2240  SCLogDebug("SSLv2 record length is zero");
2241  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2242  return SSL_DECODER_ERROR(-1);
2243  }
2244 
2245  /* record_lengths_length should never be zero */
2246  if (ssl_state->curr_connp->record_lengths_length == 0) {
2247  SCLogDebug("SSLv2 record lengths length is zero");
2248  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2249  return SSL_DECODER_ERROR(-1);
2250  }
2251 
2252  switch (ssl_state->curr_connp->content_type) {
2253  case SSLV2_MT_ERROR:
2254  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2255  "in establishing the sslv2 session, may be version");
2256  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED);
2257 
2258  break;
2259 
2260  case SSLV2_MT_CLIENT_HELLO:
2261  if (input_len < 6) {
2262  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2263  return SSL_DECODER_ERROR(-1);
2264  }
2265 
2266  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2267  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2268  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
2269 
2270  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2271  SCLogDebug("SSLv2: version %04x", version);
2272  ssl_state->curr_connp->version = version;
2273  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2274  input += 6;
2275  input_len -= 6;
2276  ssl_state->curr_connp->bytes_processed += 6;
2277  if (session_id_length == 0) {
2278  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2279  }
2280  break;
2281 
2282  case SSLV2_MT_CLIENT_MASTER_KEY:
2283  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2284  SCLogDebug("Client hello is not seen before master key "
2285  "message!");
2286  }
2287  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2288 
2289  break;
2290 
2291  case SSLV2_MT_CLIENT_CERTIFICATE:
2292  if (direction == 1) {
2293  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2294  "direction!");
2295  } else {
2296  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2297  }
2298  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
2299 
2300  /* fall through */
2301  case SSLV2_MT_SERVER_VERIFY:
2302  case SSLV2_MT_SERVER_FINISHED:
2303  if (direction == 0 &&
2304  !(ssl_state->curr_connp->content_type &
2305  SSLV2_MT_CLIENT_CERTIFICATE)) {
2306  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2307  "direction!");
2308  }
2309 
2310  /* fall through */
2311  case SSLV2_MT_CLIENT_FINISHED:
2312  case SSLV2_MT_REQUEST_CERTIFICATE:
2313  /* both client hello and server hello must be seen */
2314  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2315  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2316 
2317  if (direction == 0) {
2318  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2319  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2320  SCLogDebug("SSLv2 client side has started the encryption");
2321  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2322  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2323  SCLogDebug("SSLv2 client side has started the encryption");
2324  }
2325  } else {
2326  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2327  SCLogDebug("SSLv2 Server side has started the encryption");
2328  }
2329 
2330  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2331  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2332  {
2333  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2334  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION);
2335  }
2336 
2337  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2338  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2339  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2340  }
2341  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2342  }
2343  }
2344 
2345  break;
2346 
2347  case SSLV2_MT_SERVER_HELLO:
2348  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2349  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2350  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
2351 
2352  break;
2353  }
2354 
2355  ssl_state->flags |= ssl_state->current_flags;
2356 
2357  if (input_len + ssl_state->curr_connp->bytes_processed >=
2358  (ssl_state->curr_connp->record_length +
2359  ssl_state->curr_connp->record_lengths_length)) {
2360 
2361  /* looks like we have another record after this */
2362  uint32_t diff = ssl_state->curr_connp->record_length +
2363  ssl_state->curr_connp->record_lengths_length + -
2364  ssl_state->curr_connp->bytes_processed;
2365  input += diff;
2366  SSLParserReset(ssl_state);
2367 
2368  /* we still don't have the entire record for the one we are
2369  currently parsing */
2370  } else {
2371  input += input_len;
2372  ssl_state->curr_connp->bytes_processed += input_len;
2373  }
2374  return SSL_DECODER_OK((input - initial_input));
2375 }
2376 
2377 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2378  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2379  const StreamSlice stream_slice)
2380 {
2381  uint32_t parsed = 0;
2382  uint32_t record_len; /* slice of input_len for the current record */
2383  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2384 
2385  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2386  const uint16_t prev_version = ssl_state->curr_connp->version;
2387 
2388  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2389  if (retval < 0 || retval > (int)input_len) {
2390  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2391  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2392  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
2393  return SSL_DECODER_ERROR(-1);
2394  }
2395  parsed = retval;
2396 
2397  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2398  input, ssl_state->curr_connp->record_length);
2399 
2400  /* first the hdr frame at our first chance */
2401  if (first_call) {
2402  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2403  direction, TLS_FRAME_HDR);
2404  }
2405 
2406  /* parser is streaming for the initial header, then switches to incomplete
2407  * API: so if we don't have the hdr yet, return consumed bytes and wait
2408  * until we are called again with new data. */
2409  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2410  SCLogDebug(
2411  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2412  return SSL_DECODER_OK(parsed);
2413  }
2414 
2415  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2416  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2417  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2418  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2419  SCLogDebug(
2420  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2421  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2422 
2423  bool unknown_record = false;
2424  switch (ssl_state->curr_connp->content_type) {
2425  case SSLV3_CHANGE_CIPHER_SPEC:
2426  case SSLV3_ALERT_PROTOCOL:
2427  case SSLV3_HANDSHAKE_PROTOCOL:
2428  case SSLV3_APPLICATION_PROTOCOL:
2429  case SSLV3_HEARTBEAT_PROTOCOL:
2430  break;
2431  default:
2432  unknown_record = true;
2433  break;
2434  }
2435 
2436  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2437  * on Wireshark logic. */
2438  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2439  if (unknown_record) {
2440  SCLogDebug("unknown record, ignore it");
2441  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2442 
2443  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2444  ssl_state->curr_connp->content_type = 0;
2445  ssl_state->curr_connp->record_length = 0;
2446  // restore last good version
2447  ssl_state->curr_connp->version = prev_version;
2448  return SSL_DECODER_OK(input_len); // consume everything
2449  }
2450  } else {
2451  if (unknown_record) {
2452  SCLogDebug("unknown record, fatal");
2453  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2454  return SSL_DECODER_ERROR(-1);
2455  }
2456  }
2457 
2458  /* record_length should never be zero */
2459  if (ssl_state->curr_connp->record_length == 0) {
2460  SCLogDebug("SSLv3 Record length is 0");
2461  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2462  return SSL_DECODER_ERROR(-1);
2463  }
2464 
2465  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2466  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2467  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_VERSION);
2468  return SSL_DECODER_ERROR(-1);
2469  }
2470 
2471  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2472  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2473  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2474  return SSL_DECODER_ERROR(-1);
2475  }
2476  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2477  } else {
2478  ValidateRecordState(ssl_state->curr_connp);
2479 
2480  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2481  record_len = MIN(input_len, record_len);
2482  }
2483  SCLogDebug("record length %u processed %u got %u",
2484  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2485 
2486  /* if we don't have the full record, we return incomplete */
2487  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2488  /* no need to use incomplete api buffering for application
2489  * records that we'll not use anyway. */
2490  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2491  SCLogDebug("application record");
2492  } else {
2493  uint32_t needed = ssl_state->curr_connp->record_length;
2494  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2495  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2496  DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
2497  return SSL_DECODER_INCOMPLETE(parsed, needed);
2498  }
2499  }
2500 
2501  if (record_len == 0) {
2502  return SSL_DECODER_OK(parsed);
2503  }
2504 
2505  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2506  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2507 
2508  switch (ssl_state->curr_connp->content_type) {
2509  /* we don't need any data from these types */
2510  case SSLV3_CHANGE_CIPHER_SPEC:
2511  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2512 
2513  if (direction) {
2514  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2515  } else {
2516  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2517 
2518  // TODO TLS 1.3
2519  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2520  }
2521  break;
2522 
2523  case SSLV3_ALERT_PROTOCOL: {
2524  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2525  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2526 
2527  int retval = SSLv3ParseAlertProtocol(ssl_state, input + parsed, record_len, direction);
2528  if (retval < 0) {
2529  SCLogDebug("SSLv3ParseAlertProtocol returned %d", retval);
2530  return SSL_DECODER_ERROR(-1);
2531  }
2532  break;
2533  }
2534  case SSLV3_APPLICATION_PROTOCOL:
2535  /* In TLSv1.3 early data (0-RTT) could be sent before the
2536  handshake is complete (rfc8446, section 2.3). We should
2537  therefore not mark the handshake as done before we have
2538  seen the ServerHello record. */
2539  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2540  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2541  break;
2542 
2543  /* if we see (encrypted) application data, then this means the
2544  handshake must be done */
2545  if (ssl_state->curr_connp == &ssl_state->client_connp) {
2546  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2547  } else {
2548  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2549  }
2550 
2551  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2552  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2553  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD);
2554  }
2555 
2556  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2557  * heartbeat lke inspection to be able to be able to bypass the flow */
2558  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2559  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2560  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2561  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION);
2562  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2563  }
2564  break;
2565 
2566  case SSLV3_HANDSHAKE_PROTOCOL: {
2567  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2568  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2569  compatibility (rfc8446, appendix D.4). */
2570  // Client hello flags is needed to have a valid version
2571  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2572  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2573  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2574  /* do nothing */
2575  } else {
2576  // if we started parsing this, we must stop
2577  break;
2578  }
2579  }
2580 
2581  if (ssl_state->curr_connp->record_length < 4) {
2582  SSLParserReset(ssl_state);
2583  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2584  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2585  return SSL_DECODER_ERROR(-1);
2586  }
2587 
2588  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2589  record_len, direction);
2590  SCLogDebug("retval %d", retval);
2591  if (retval < 0 || retval > (int)record_len) {
2592  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2593  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
2594  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2595  return SSL_DECODER_ERROR(-1);
2596  }
2597  ValidateRecordState(ssl_state->curr_connp);
2598  break;
2599  }
2600  case SSLV3_HEARTBEAT_PROTOCOL: {
2601  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2602  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2603  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2604  record_len, direction);
2605  if (retval < 0) {
2606  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2607  return SSL_DECODER_ERROR(-1);
2608  }
2609  break;
2610  }
2611  default:
2612  // should be unreachable now that we check after header parsing
2613  DEBUG_VALIDATE_BUG_ON(1);
2614  SCLogDebug("unsupported record type");
2615  return SSL_DECODER_ERROR(-1);
2616  }
2617 
2618  parsed += record_len;
2619  ssl_state->curr_connp->bytes_processed += record_len;
2620 
2621  if (ssl_state->curr_connp->bytes_processed >=
2622  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2623  SCLogDebug("record complete, trigger RAW");
2624  SCAppLayerParserTriggerRawStreamInspection(
2625  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2626  SSLParserReset(ssl_state);
2627  ValidateRecordState(ssl_state->curr_connp);
2628  return SSL_DECODER_OK(parsed);
2629 
2630  } else {
2631  /* we still don't have the entire record for the one we are
2632  currently parsing */
2633  ValidateRecordState(ssl_state->curr_connp);
2634  return SSL_DECODER_OK(parsed);
2635  }
2636 }
2637 
2638 /**
2639  * \internal
2640  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2641  *
2642  * On parsing error, this should be the only function that should reset
2643  * the parser state, to avoid multiple functions in the chain resetting
2644  * the parser state.
2645  *
2646  * \param direction 0 for toserver, 1 for toclient.
2647  * \param alstate Pointer to the state.
2648  * \param pstate Application layer parser state for this session.
2649  * \param output Pointer to the list of parsed output elements.
2650  *
2651  * \todo On reaching an inconsistent state, check if the input has
2652  * another new record, instead of just returning after the reset
2653  *
2654  * \retval >=0 On success.
2655  */
2656 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2657  AppLayerParserState *pstate, StreamSlice stream_slice)
2658 {
2659  SSLState *ssl_state = (SSLState *)alstate;
2660  ssl_state->tx_data.updated_tc = true;
2661  ssl_state->tx_data.updated_ts = true;
2662  uint32_t counter = 0;
2663  ssl_state->f = f;
2664  const uint8_t *input = StreamSliceGetData(&stream_slice);
2665  const uint8_t *init_input = input;
2666  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2667 
2668  if ((input == NULL || input_len == 0) &&
2669  ((direction == 0 && SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2670  (direction == 1 &&
2671  SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
2672  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2673  if (direction == 0)
2674  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2675  else
2676  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2677  SCReturnStruct(APP_LAYER_OK);
2678  } else if (input == NULL || input_len == 0) {
2679  SCReturnStruct(APP_LAYER_ERROR);
2680  }
2681 
2682  if (direction == 0)
2683  ssl_state->curr_connp = &ssl_state->client_connp;
2684  else
2685  ssl_state->curr_connp = &ssl_state->server_connp;
2686 
2687  /* If entering on a new record, reset the current flags. */
2688  if (ssl_state->curr_connp->bytes_processed == 0) {
2689  ssl_state->current_flags = 0;
2690  }
2691 
2692  /* if we have more than one record */
2693  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2694  while (input_len > 0) {
2695  if (counter > max_records) {
2696  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2697  "and get out of here");
2698  SSLParserReset(ssl_state);
2699  SSLSetEvent(ssl_state,
2700  TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET);
2701  return APP_LAYER_ERROR;
2702  }
2703 
2704  /* ssl_state->bytes_processed is zero for a fresh record or
2705  positive to indicate a record currently being parsed */
2706 
2707  if (ssl_state->curr_connp->bytes_processed == 0) {
2708  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2709  /* only SSLv2, has one of the top 2 bits set */
2710  ssl_state->curr_connp->version = SSL_VERSION_2;
2711  SCLogDebug("SSLv2 detected");
2712  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2713  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2714  SCLogDebug("SSL/TLS version reset");
2715  }
2716  }
2717  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2718  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2719 
2720  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2721  if (ssl_state->curr_connp->bytes_processed == 0) {
2722  SCLogDebug("New SSLv2 record parsing");
2723  } else {
2724  SCLogDebug("Continuing parsing SSLv2 record");
2725  }
2726  struct SSLDecoderResult r =
2727  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2728  if (r.retval < 0 || r.retval > input_len) {
2729  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2730  SCLogDebug("Error parsing SSLv2. Resetting parser "
2731  "state. Let's get outta here");
2732  SSLParserReset(ssl_state);
2733  SSLSetEvent(ssl_state,
2734  TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2735  return APP_LAYER_ERROR;
2736  } else if (r.needed) {
2737  input += r.retval;
2738  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2739  (uintmax_t)(input - init_input), r.needed);
2740  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2741  }
2742  input_len -= r.retval;
2743  input += r.retval;
2744  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2745  } else {
2746  if (ssl_state->curr_connp->bytes_processed == 0) {
2747  SCLogDebug("New TLS record: record_length %u",
2748  ssl_state->curr_connp->record_length);
2749  } else {
2750  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2751  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2752  }
2753  struct SSLDecoderResult r =
2754  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2755  if (r.retval < 0 || r.retval > input_len) {
2756  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2757  SCLogDebug("Error parsing TLS. Resetting parser "
2758  "state. Let's get outta here");
2759  SSLParserReset(ssl_state);
2760  return APP_LAYER_ERROR;
2761  } else if (r.needed) {
2762  input += r.retval;
2763  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2764  (uintmax_t)(input - init_input), r.needed);
2765  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2766  }
2767  input_len -= r.retval;
2768  input += r.retval;
2769  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2770 
2771  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
2772  && ssl_state->curr_connp->record_length == 0) {
2773  SCLogDebug("TLS empty record");
2774  /* empty record */
2775  SSLParserReset(ssl_state);
2776  }
2777  }
2778  counter++;
2779  } /* while (input_len) */
2780 
2781  /* mark handshake as done if we have subject and issuer */
2782  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2783  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2784  /* update both sides to keep existing behavior */
2785  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2786  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2787  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2788  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2789  /* update both sides to keep existing behavior */
2790  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2791  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2792  }
2793 
2794  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2795  if (SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
2796  SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
2797  /* update both sides to keep existing behavior */
2798  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2799  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2800  }
2801 
2802  return APP_LAYER_OK;
2803 }
2804 
2805 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2806  StreamSlice stream_slice, void *local_data)
2807 {
2808  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2809 }
2810 
2811 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2812  StreamSlice stream_slice, void *local_data)
2813 {
2814  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2815 }
2816 
2817 /**
2818  * \internal
2819  * \brief Function to allocate the SSL state memory.
2820  */
2821 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2822 {
2823  SSLState *ssl_state = SCCalloc(1, sizeof(SSLState));
2824  if (unlikely(ssl_state == NULL))
2825  return NULL;
2826  ssl_state->client_connp.cert_log_flag = 0;
2827  ssl_state->server_connp.cert_log_flag = 0;
2828  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2829  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2830  ssl_state->client_connp.hs = SCTLSHandshakeNew();
2831  ssl_state->server_connp.hs = SCTLSHandshakeNew();
2832  TAILQ_INIT(&ssl_state->server_connp.certs);
2833  TAILQ_INIT(&ssl_state->client_connp.certs);
2834 
2835  return (void *)ssl_state;
2836 }
2837 
2838 static void SSLStateCertSANFree(SSLStateConnp *connp)
2839 {
2840  if (connp->cert0_sans) {
2841  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
2842  SCRustCStringFree(connp->cert0_sans[i]);
2843  }
2844  SCFree(connp->cert0_sans);
2845  }
2846 }
2847 
2848 /**
2849  * \internal
2850  * \brief Function to free the SSL state memory.
2851  */
2852 static void SSLStateFree(void *p)
2853 {
2854  SSLState *ssl_state = (SSLState *)p;
2855  SSLCertsChain *item;
2856 
2857  if (ssl_state->client_connp.cert0_subject)
2858  SCRustCStringFree(ssl_state->client_connp.cert0_subject);
2859  if (ssl_state->client_connp.cert0_issuerdn)
2860  SCRustCStringFree(ssl_state->client_connp.cert0_issuerdn);
2861  if (ssl_state->client_connp.cert0_serial)
2862  SCRustCStringFree(ssl_state->client_connp.cert0_serial);
2863  if (ssl_state->client_connp.cert0_fingerprint)
2864  SCFree(ssl_state->client_connp.cert0_fingerprint);
2865  if (ssl_state->client_connp.sni)
2866  SCFree(ssl_state->client_connp.sni);
2867  if (ssl_state->client_connp.session_id)
2868  SCFree(ssl_state->client_connp.session_id);
2869  if (ssl_state->client_connp.hs_buffer)
2870  SCFree(ssl_state->client_connp.hs_buffer);
2871 
2872  if (ssl_state->server_connp.cert0_subject)
2873  SCRustCStringFree(ssl_state->server_connp.cert0_subject);
2874  if (ssl_state->server_connp.cert0_issuerdn)
2875  SCRustCStringFree(ssl_state->server_connp.cert0_issuerdn);
2876  if (ssl_state->server_connp.cert0_serial)
2877  SCRustCStringFree(ssl_state->server_connp.cert0_serial);
2878  if (ssl_state->server_connp.cert0_fingerprint)
2879  SCFree(ssl_state->server_connp.cert0_fingerprint);
2880  if (ssl_state->server_connp.sni)
2881  SCFree(ssl_state->server_connp.sni);
2882  if (ssl_state->server_connp.session_id)
2883  SCFree(ssl_state->server_connp.session_id);
2884 
2885  if (ssl_state->client_connp.hs)
2886  SCTLSHandshakeFree(ssl_state->client_connp.hs);
2887  if (ssl_state->client_connp.ja3_str)
2888  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2889  if (ssl_state->client_connp.ja3_hash)
2890  SCFree(ssl_state->client_connp.ja3_hash);
2891  if (ssl_state->server_connp.hs)
2892  SCTLSHandshakeFree(ssl_state->server_connp.hs);
2893  if (ssl_state->server_connp.ja3_str)
2894  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2895  if (ssl_state->server_connp.ja3_hash)
2896  SCFree(ssl_state->server_connp.ja3_hash);
2897  if (ssl_state->server_connp.hs_buffer)
2898  SCFree(ssl_state->server_connp.hs_buffer);
2899 
2900  SSLStateCertSANFree(&ssl_state->server_connp);
2901  SSLStateCertSANFree(&ssl_state->client_connp);
2902 
2903  SCAppLayerTxDataCleanup(&ssl_state->tx_data);
2904 
2905  /* Free certificate chain */
2906  if (ssl_state->server_connp.certs_buffer)
2907  SCFree(ssl_state->server_connp.certs_buffer);
2908  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2909  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2910  SCFree(item);
2911  }
2912  TAILQ_INIT(&ssl_state->server_connp.certs);
2913  /* Free certificate chain */
2914  if (ssl_state->client_connp.certs_buffer)
2915  SCFree(ssl_state->client_connp.certs_buffer);
2916  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2917  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2918  SCFree(item);
2919  }
2920  TAILQ_INIT(&ssl_state->client_connp.certs);
2921 
2922  SCFree(ssl_state);
2923 }
2924 
2925 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2926 {
2927  /* do nothing */
2928 }
2929 
2930 static AppProto SSLProbingParser(
2931  const Flow *f, uint8_t direction, const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2932 {
2933  /* probably a rst/fin sending an eof */
2934  if (ilen < 3)
2935  return ALPROTO_UNKNOWN;
2936 
2937  /* for now just the 3 byte header ones */
2938  /* \todo Detect the 2 byte ones */
2939  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2940  return ALPROTO_TLS;
2941  }
2942 
2943  return ALPROTO_FAILED;
2944 }
2945 
2946 static int SSLStateGetStateIdByName(const char *name, const uint8_t direction)
2947 {
2948  SCEnumCharMap *map =
2949  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
2950 
2951  int id = SCMapEnumNameToValue(name, map);
2952  if (id < 0) {
2953  return -1;
2954  }
2955  return id;
2956 }
2957 
2958 static const char *SSLStateGetStateNameById(const int id, const uint8_t direction)
2959 {
2960  SCEnumCharMap *map =
2961  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
2962  const char *name = SCMapEnumValueToName(id, map);
2963  return name;
2964 }
2965 
2966 static int SSLStateGetFrameIdByName(const char *frame_name)
2967 {
2968  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
2969  if (id < 0) {
2970  return -1;
2971  }
2972  return id;
2973 }
2974 
2975 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
2976 {
2977  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
2978  return name;
2979 }
2980 
2981 static int SSLStateGetEventInfo(
2982  const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
2983 {
2984  if (SCAppLayerGetEventIdByName(event_name, tls_decoder_event_table, event_id) == 0) {
2985  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2986  return 0;
2987  }
2988  return -1;
2989 }
2990 
2991 static int SSLStateGetEventInfoById(
2992  uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
2993 {
2994  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
2995  if (*event_name == NULL) {
2996  SCLogError("event \"%d\" not present in "
2997  "ssl's enum map table.",
2998  event_id);
2999  /* yes this is fatal */
3000  return -1;
3001  }
3002 
3003  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3004 
3005  return 0;
3006 }
3007 
3008 static int SSLRegisterPatternsForProtocolDetection(void)
3009 {
3010  if (SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
3011  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
3012  return -1;
3013  }
3014 
3015  /** SSLv3 */
3016  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3017  IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0) {
3018  return -1;
3019  }
3020  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3021  IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0) {
3022  return -1;
3023  }
3024 
3025  /** TLSv1 */
3026  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3027  IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0) {
3028  return -1;
3029  }
3030  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3031  IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0) {
3032  return -1;
3033  }
3034 
3035  /** TLSv1.1 */
3036  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3037  IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0) {
3038  return -1;
3039  }
3040  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3041  IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0) {
3042  return -1;
3043  }
3044 
3045  /** TLSv1.2 */
3046  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3047  IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0) {
3048  return -1;
3049  }
3050  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3051  IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0) {
3052  return -1;
3053  }
3054 
3055  /***** toclient direction *****/
3056 
3057  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3058  IPPROTO_TCP, ALPROTO_TLS, "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
3059  return -1;
3060  }
3061  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3062  IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
3063  return -1;
3064  }
3065  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3066  IPPROTO_TCP, ALPROTO_TLS, "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
3067  return -1;
3068  }
3069 
3070  /** TLSv1 */
3071  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3072  IPPROTO_TCP, ALPROTO_TLS, "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
3073  return -1;
3074  }
3075  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3076  IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
3077  return -1;
3078  }
3079  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3080  IPPROTO_TCP, ALPROTO_TLS, "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
3081  return -1;
3082  }
3083 
3084  /** TLSv1.1 */
3085  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3086  IPPROTO_TCP, ALPROTO_TLS, "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
3087  return -1;
3088  }
3089  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3090  IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
3091  return -1;
3092  }
3093  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3094  IPPROTO_TCP, ALPROTO_TLS, "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
3095  return -1;
3096  }
3097 
3098  /** TLSv1.2 */
3099  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3100  IPPROTO_TCP, ALPROTO_TLS, "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
3101  return -1;
3102  }
3103  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3104  IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
3105  return -1;
3106  }
3107  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3108  IPPROTO_TCP, ALPROTO_TLS, "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
3109  return -1;
3110  }
3111 
3112  /* Subsection - SSLv2 style record by client, but informing the server
3113  * the max version it supports.
3114  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
3115  * it after some tests */
3116 #if 0
3117  if (SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3118  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
3119  {
3120  return -1;
3121  }
3122  if (SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3123  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
3124  {
3125  return -1;
3126  }
3127 #endif
3128 
3129  return 0;
3130 }
3131 
3132 #ifdef HAVE_JA3
3133 static void CheckJA3Enabled(void)
3134 {
3135  const char *strval = NULL;
3136  /* Check if we should generate JA3 fingerprints */
3137  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3138  if (SCConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3139  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3140  } else if (strcmp(strval, "auto") == 0) {
3141  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3142  } else if (SCConfValIsFalse(strval)) {
3143  enable_ja3 = 0;
3144  ssl_config.disable_ja3 = true;
3145  } else if (SCConfValIsTrue(strval)) {
3146  enable_ja3 = true;
3147  }
3148  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3149  if (!ssl_config.disable_ja3 && !g_disable_hashing) {
3150  /* The feature is available, i.e. _could_ be activated by a rule or
3151  even is enabled in the configuration. */
3152  ProvidesFeature(FEATURE_JA3);
3153  }
3154 }
3155 #endif /* HAVE_JA3 */
3156 
3157 #ifdef HAVE_JA4
3158 static void CheckJA4Enabled(void)
3159 {
3160  const char *strval = NULL;
3161  /* Check if we should generate JA4 fingerprints */
3162  int enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3163  if (SCConfGet("app-layer.protocols.tls.ja4-fingerprints", &strval) != 1) {
3164  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3165  } else if (strcmp(strval, "auto") == 0) {
3166  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3167  } else if (SCConfValIsFalse(strval)) {
3168  enable_ja4 = 0;
3169  ssl_config.disable_ja4 = true;
3170  } else if (SCConfValIsTrue(strval)) {
3171  enable_ja4 = true;
3172  }
3173  SC_ATOMIC_SET(ssl_config.enable_ja4, enable_ja4);
3174  if (!ssl_config.disable_ja4 && !g_disable_hashing) {
3175  /* The feature is available, i.e. _could_ be activated by a rule or
3176  even is enabled in the configuration. */
3177  ProvidesFeature(FEATURE_JA4);
3178  }
3179 }
3180 #endif /* HAVE_JA4 */
3181 
3182 /**
3183  * \brief Function to register the SSL protocol parser and other functions
3184  */
3185 void RegisterSSLParsers(void)
3186 {
3187  const char *proto_name = "tls";
3188 
3189  SC_ATOMIC_INIT(ssl_config.enable_ja3);
3190 
3191  /** SSLv2 and SSLv23*/
3192  if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
3193  AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
3194 
3195  if (SSLRegisterPatternsForProtocolDetection() < 0)
3196  return;
3197 
3198  if (RunmodeIsUnittests()) {
3199  SCAppLayerProtoDetectPPRegister(
3200  IPPROTO_TCP, "443", ALPROTO_TLS, 0, 3, STREAM_TOSERVER, SSLProbingParser, NULL);
3201  } else {
3202  if (SCAppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP, proto_name, ALPROTO_TLS,
3203  0, 3, SSLProbingParser, NULL) == 0) {
3204  SCLogConfig("no TLS config found, "
3205  "enabling TLS detection on port 443.");
3206  SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "443", ALPROTO_TLS, 0, 3,
3207  STREAM_TOSERVER, SSLProbingParser, NULL);
3208  }
3209  }
3210  } else {
3211  SCLogConfig("Protocol detection and parser disabled for %s protocol",
3212  proto_name);
3213  return;
3214  }
3215 
3216  if (SCAppLayerParserConfParserEnabled("tcp", proto_name)) {
3217  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
3218  SSLParseClientRecord);
3219 
3220  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3221  SSLParseServerRecord);
3222  AppLayerParserRegisterGetStateFuncs(
3223  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetStateIdByName, SSLStateGetStateNameById);
3224  AppLayerParserRegisterGetFrameFuncs(
3225  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3226  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3227  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3228 
3229  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3230 
3231  SCAppLayerParserRegisterParserAcceptableDataDirection(
3232  IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER);
3233 
3234  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3235 
3236  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3237  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3238  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3239 
3240  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3241 
3242  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3243 
3244  AppLayerParserRegisterStateProgressCompletionStatus(
3245  ALPROTO_TLS, TLS_STATE_CLIENT_FINISHED, TLS_STATE_SERVER_FINISHED);
3246 
3247  SCConfNode *enc_handle = SCConfGetNode("app-layer.protocols.tls.encryption-handling");
3248  if (enc_handle != NULL && enc_handle->val != NULL) {
3249  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3250  if (strcmp(enc_handle->val, "full") == 0) {
3251  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_FULL;
3252  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3253  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3254  } else if (strcmp(enc_handle->val, "track-only") == 0) {
3255  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3256  } else if (strcmp(enc_handle->val, "default") == 0) {
3257  SCLogWarning("app-layer.protocols.tls.encryption-handling = default is deprecated "
3258  "and will be removed in Suricata 9, use \"track-only\" instead, "
3259  "(see ticket #7642)");
3260  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3261  } else {
3262  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3263  }
3264  } else {
3265  /* Get the value of no reassembly option from the config file */
3266  if (SCConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3267  int value = 0;
3268  if (SCConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3269  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3270  } else {
3271  int value = 0;
3272  if (SCConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 &&
3273  value == 1)
3274  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3275  }
3276  }
3277  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3278 
3279 #ifdef HAVE_JA3
3280  CheckJA3Enabled();
3281 #endif /* HAVE_JA3 */
3282 #ifdef HAVE_JA4
3283  CheckJA4Enabled();
3284 #endif /* HAVE_JA4 */
3285 
3286  if (g_disable_hashing) {
3287  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3288  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3289  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3290  }
3291  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3292  SCLogWarning("Hashing has been disabled, disabling JA4");
3293  SC_ATOMIC_SET(ssl_config.enable_ja4, 0);
3294  }
3295  } else {
3296  if (RunmodeIsUnittests()) {
3297 #ifdef HAVE_JA3
3298  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3299 #endif /* HAVE_JA3 */
3300 #ifdef HAVE_JA4
3301  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3302 #endif /* HAVE_JA4 */
3303  }
3304  }
3305  } else {
3306  SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.", proto_name);
3307  }
3308 }
3309 
3310 /**
3311  * \brief if not explicitly disabled in config, enable ja3 support
3312  *
3313  * Implemented using atomic to allow rule reloads to do this at
3314  * runtime.
3315  */
3316 void SSLEnableJA3(void)
3317 {
3318  if (g_disable_hashing || ssl_config.disable_ja3) {
3319  return;
3320  }
3321  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3322  return;
3323  }
3324  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3325 }
3326 
3327 /**
3328  * \brief if not explicitly disabled in config, enable ja4 support
3329  *
3330  * Implemented using atomic to allow rule reloads to do this at
3331  * runtime.
3332  */
3333 void SSLEnableJA4(void)
3334 {
3335  // only caller has #ifdef HAVE_JA4
3336  if (g_disable_hashing || ssl_config.disable_ja4) {
3337  return;
3338  }
3339  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3340  return;
3341  }
3342  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3343 }
3344 
3345 /**
3346  * \brief return whether ja3 is effectively enabled
3347  *
3348  * This means that it either has been enabled explicitly or has been
3349  * enabled by having loaded a rule while not being explicitly disabled.
3350  *
3351  * \retval true if enabled, false otherwise
3352  */
3353 bool SSLJA3IsEnabled(void)
3354 {
3355  return SC_ATOMIC_GET(ssl_config.enable_ja3);
3356 }
3357 
3358 /**
3359  * \brief return whether ja4 is effectively enabled
3360  *
3361  * This means that it either has been enabled explicitly or has been
3362  * enabled by having loaded a rule while not being explicitly disabled.
3363  *
3364  * \retval true if enabled, false otherwise
3365  */
3366 bool SSLJA4IsEnabled(void)
3367 {
3368  return SC_ATOMIC_GET(ssl_config.enable_ja4);
3369 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:213
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:175
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:99
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:71
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:187
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:500
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:227
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:205
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:148
SCConfValIsTrue
int SCConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:551
SCAppLayerParserStateIssetFlag
uint16_t SCAppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1829
JA3Buffer_
Definition: util-ja3.h:31
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:163
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:254
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:258
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:73
StreamSlice
struct StreamSlice StreamSlice
Definition: app-layer-parser.h:38
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:183
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:230
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:237
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:147
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:174
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:248
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:39
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3333
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:279
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:132
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:182
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:52
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:241
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:249
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:190
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:121
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:86
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:309
SSLStateConnp_
Definition: app-layer-ssl.h:167
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:209
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:189
SCAppLayerParserStateSetFlag
void SCAppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1821
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:184
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:131
Flow_
Flow data structure.
Definition: flow.h:348
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:153
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:228
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:110
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: util-file.h:68
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:222
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:548
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:350
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:231
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:312
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:224
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:177
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:510
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:217
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:239
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:243
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Definition: util-ja3.c:314
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:231
TLS_STATE_SERVER_HELLO_DONE
@ TLS_STATE_SERVER_HELLO_DONE
Definition: app-layer-ssl.h:89
MIN
#define MIN(x, y)
Definition: suricata-common.h:408
SCConfGetBool
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:497
AppLayerParserRegisterGetStateFuncs
void AppLayerParserRegisterGetStateFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetStateIdByNameFn GetIdByNameFunc, AppLayerParserGetStateNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:575
util-ja3.h
SCConfValIsFalse
int SCConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:576
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:176
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: app-layer-parser.h:42
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:112
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:230
AppLayerEventType
enum AppLayerEventType AppLayerEventType
Definition: app-layer-parser.h:43
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:197
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:228
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
SSL_CNF_ENC_HANDLE_TRACK_ONLY
@ SSL_CNF_ENC_HANDLE_TRACK_ONLY
Definition: app-layer-ssl.c:195
MAX
#define MAX(x, y)
Definition: suricata-common.h:412
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:216
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:53
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:74
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:171
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:98
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:188
SCAppLayerProtoDetectPMRegisterPatternCSwPP
int SCAppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1636
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:178
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:218
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:69
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:62
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:103
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:104
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:191
SCAppLayerProtoDetectConfProtoDetectionEnabled
int SCAppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1941
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:173
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:241
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:118
SCAppLayerParserTriggerRawStreamInspection
void SCAppLayerParserTriggerRawStreamInspection(Flow *f, int direction)
Definition: app-layer-parser.c:1557
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:72
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:240
app-layer-detect-proto.h
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:264
AppLayerResult
struct AppLayerResult AppLayerResult
Definition: app-layer-parser.h:39
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:89
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
feature.h
decode.h
util-debug.h
TLS_STATE_CLIENT_HANDSHAKE_DONE
@ TLS_STATE_CLIENT_HANDSHAKE_DONE
Definition: app-layer-ssl.h:81
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
AppLayerParserState_
Definition: app-layer-parser.c:135
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:253
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3353
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:138
SCAppLayerParserConfParserEnabled
int SCAppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:345
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:172
SSLState_::client_state
enum TlsStateClient client_state
Definition: app-layer-ssl.h:245
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Definition: util-ja3.c:309
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:179
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:242
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:263
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:219
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:203
TLS_STATE_CLIENT_HELLO_DONE
@ TLS_STATE_CLIENT_HELLO_DONE
Definition: app-layer-ssl.h:79
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
TlsStateServer
TlsStateServer
Definition: app-layer-ssl.h:85
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:67
SSLCertsChain_
Definition: app-layer-ssl.h:161
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:585
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:64
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:318
TlsStateClient
TlsStateClient
Definition: app-layer-ssl.h:77
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:70
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:135
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:435
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:50
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:109
TLS_STATE_SERVER_FINISHED
@ TLS_STATE_SERVER_FINISHED
Definition: app-layer-ssl.h:91
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:259
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:159
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
TLS_STATE_CLIENT_IN_PROGRESS
@ TLS_STATE_CLIENT_IN_PROGRESS
Definition: app-layer-ssl.h:78
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:595
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:194
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:117
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:111
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:245
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:237
SSL_EXTENSION_ALPN
#define SSL_EXTENSION_ALPN
Definition: app-layer-ssl.h:150
type
uint16_t type
Definition: decode-vlan.c:106
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:54
conf.h
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:184
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:124
SSLState_::server_state
enum TlsStateServer server_state
Definition: app-layer-ssl.h:246
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3316
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:169
SslConfig_
Definition: app-layer-ssl.c:200
name
const char * name
Definition: tm-threads.c:2163
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:236
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1741
TLS_STATE_SERVER_CERT_DONE
@ TLS_STATE_SERVER_CERT_DONE
Definition: app-layer-ssl.h:88
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:216
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:214
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:243
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:162
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:270
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:204
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:49
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:402
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:140
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:229
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:95
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:260
SCAppLayerProtoDetectPPRegister
void SCAppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1526
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:530
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
SSLDecoderResult
Definition: app-layer-ssl.c:262
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:77
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:63
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:186
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:247
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:266
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:101
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:301
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:185
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:61
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3185
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:249
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:271
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:151
SSL_EXTENSION_SIGNATURE_ALGORITHMS
#define SSL_EXTENSION_SIGNATURE_ALGORITHMS
Definition: app-layer-ssl.h:149
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Definition: util-ja3.c:319
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:152
SCEnumCharMap_
Definition: util-enum.h:27
SCAppLayerParserRegisterParserAcceptableDataDirection
void SCAppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:414
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:177
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:325
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:616
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:217
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:65
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:276
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:606
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:463
FEATURE_JA4
#define FEATURE_JA4
Definition: feature.h:30
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:201
TLS_STATE_CLIENT_CERT_DONE
@ TLS_STATE_CLIENT_CERT_DONE
Definition: app-layer-ssl.h:80
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:220
AppLayerStateData
struct AppLayerStateData AppLayerStateData
Definition: app-layer-parser.h:44
app-layer-events.h
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:97
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:226
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:156
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:238
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:210
str
#define str(s)
Definition: suricata-common.h:308
SCAppLayerProtoDetectPMRegisterPatternCS
int SCAppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1625
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:271
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCAppLayerProtoDetectPPParseConfPorts
int SCAppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1562
TLS_STATE_SERVER_IN_PROGRESS
@ TLS_STATE_SERVER_IN_PROGRESS
Definition: app-layer-ssl.h:86
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:66
src
uint16_t src
Definition: app-layer-dnp3.h:5
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:235
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:105
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:215
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3366
WARN_UNUSED
#define WARN_UNUSED
Definition: bindgen.h:33
SSLStateConnp_::cert0_sans_len
uint16_t cert0_sans_len
Definition: app-layer-ssl.h:195
SslConfig_::disable_ja4
bool disable_ja4
Definition: app-layer-ssl.c:207
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:33
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:221
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:206
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:68
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:250
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:111
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja4)
app-layer-protos.h
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:180
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:520
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:196
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:81
SslConfig
struct SslConfig_ SslConfig
SSLStateConnp_::hs
HandshakeParams * hs
Definition: app-layer-ssl.h:211
FEATURE_JA3
#define FEATURE_JA3
Definition: feature.h:29
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:563
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:106
id
uint32_t id
Definition: detect-flowbits.c:938
TLS_STATE_SERVER_HELLO
@ TLS_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:87
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:51
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:199
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
TLS_DECODER_EVENT_INVALID_ALERT
@ TLS_DECODER_EVENT_INVALID_ALERT
Definition: app-layer-ssl.h:59
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:146
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:192
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:256
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:208
TLS_STATE_SERVER_HANDSHAKE_DONE
@ TLS_STATE_SERVER_HANDSHAKE_DONE
Definition: app-layer-ssl.h:90
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:179
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:227
util-enum.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:285
SCConfNode_
Definition: conf.h:37
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:215
SCConfNode_::val
char * val
Definition: conf.h:39
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:174
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:189
TLS_STATE_CLIENT_FINISHED
@ TLS_STATE_CLIENT_FINISHED
Definition: app-layer-ssl.h:82
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:223
SCAppLayerGetEventIdByName
int SCAppLayerGetEventIdByName(const char *event_name, SCEnumCharMap *table, uint8_t *event_id)
Definition: app-layer-events.c:30
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:128
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:232
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:116
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:102
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:197
SSLStateConnp_::cert0_sans
char ** cert0_sans
Definition: app-layer-ssl.h:194
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:234
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:176
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:225
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:214