suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 
30 #include "app-layer.h"
31 #include "app-layer-detect-proto.h"
32 #include "app-layer-protos.h"
33 #include "app-layer-parser.h"
34 #include "app-layer-frames.h"
35 #include "app-layer-ssl.h"
36 
37 #include "conf.h"
38 
39 #include "feature.h"
40 
41 #include "util-debug.h"
42 #include "util-ja3.h"
43 #include "util-enum.h"
44 #include "util-validate.h"
45 
46 static SCEnumCharMap tls_state_client_table[] = {
47  {
48  "client_in_progress",
50  },
51  {
52  "client_hello_done",
54  },
55  {
56  "client_cert_done",
58  },
59  {
60  "client_handshake_done",
62  },
63  {
64  "client_finished",
66  },
67  { NULL, -1 },
68 };
69 
70 static SCEnumCharMap tls_state_server_table[] = {
71  {
72  "server_in_progress",
74  },
75  {
76  "server_hello",
78  },
79  {
80  "server_cert_done",
82  },
83  {
84  "server_hello_done",
86  },
87  {
88  "server_handshake_done",
90  },
91  {
92  "server_finished",
94  },
95  { NULL, -1 },
96 };
97 
99  {
100  "pdu",
102  },
103  {
104  "hdr",
106  },
107  {
108  "data",
110  },
111  {
112  "alert",
114  },
115  {
116  "heartbeat",
118  },
119  {
120  "ssl2.hdr",
122  },
123  {
124  "ssl2.pdu",
126  },
127  { NULL, -1 },
128 };
129 
131  /* TLS protocol messages */
132  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
133  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
134  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
135  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
136  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
137  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
138  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
139  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
140  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
141  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
142  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
143  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
144  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
145  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
146  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
147  { "INVALID_ALERT_MESSAGE", TLS_DECODER_EVENT_INVALID_ALERT },
148  /* certificate decoding messages */
149  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
150  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
151  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
152  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
153  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
155  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
156  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
157  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
158  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
159  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
160  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
161  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
162  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
163  /* used as a generic error event */
164  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
165  { NULL, -1 },
166 };
167 
168 enum {
169  /* X.509 error codes, returned by decoder
170  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
180 
181  /* error getting data */
185 };
186 
187 /* JA3 and JA4 fingerprints are disabled by default */
188 #define SSL_CONFIG_DEFAULT_JA3 0
189 #ifdef HAVE_JA4
190 #define SSL_CONFIG_DEFAULT_JA4 0
191 #endif
192 
194  SSL_CNF_ENC_HANDLE_TRACK_ONLY = 0, /**< disable raw content, continue tracking */
195  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
196  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
197 };
198 
199 typedef struct SslConfig_ {
201  /** dynamic setting for ja3 and ja4: can be enabled on demand if not
202  * explicitly disabled. */
203  SC_ATOMIC_DECLARE(int, enable_ja3);
204  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
205  SC_ATOMIC_DECLARE(int, enable_ja4);
206  bool disable_ja4; /**< ja4 explicitly disabled. Don't enable on demand. */
208 
210 
211 /* SSLv3 record types */
212 #define SSLV3_CHANGE_CIPHER_SPEC 20
213 #define SSLV3_ALERT_PROTOCOL 21
214 #define SSLV3_HANDSHAKE_PROTOCOL 22
215 #define SSLV3_APPLICATION_PROTOCOL 23
216 #define SSLV3_HEARTBEAT_PROTOCOL 24
217 
218 /* SSLv3 handshake protocol types */
219 #define SSLV3_HS_HELLO_REQUEST 0
220 #define SSLV3_HS_CLIENT_HELLO 1
221 #define SSLV3_HS_SERVER_HELLO 2
222 #define SSLV3_HS_NEW_SESSION_TICKET 4
223 #define SSLV3_HS_CERTIFICATE 11
224 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
225 #define SSLV3_HS_CERTIFICATE_REQUEST 13
226 #define SSLV3_HS_SERVER_HELLO_DONE 14
227 #define SSLV3_HS_CERTIFICATE_VERIFY 15
228 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
229 #define SSLV3_HS_FINISHED 20
230 #define SSLV3_HS_CERTIFICATE_URL 21
231 #define SSLV3_HS_CERTIFICATE_STATUS 22
232 
233 /* SSLv2 protocol message types */
234 #define SSLV2_MT_ERROR 0
235 #define SSLV2_MT_CLIENT_HELLO 1
236 #define SSLV2_MT_CLIENT_MASTER_KEY 2
237 #define SSLV2_MT_CLIENT_FINISHED 3
238 #define SSLV2_MT_SERVER_HELLO 4
239 #define SSLV2_MT_SERVER_VERIFY 5
240 #define SSLV2_MT_SERVER_FINISHED 6
241 #define SSLV2_MT_REQUEST_CERTIFICATE 7
242 #define SSLV2_MT_CLIENT_CERTIFICATE 8
243 
244 #define SSLV3_RECORD_HDR_LEN 5
245 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
246 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
247 
248 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
249 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
250 
251 /* TLS heartbeat protocol types */
252 #define TLS_HB_REQUEST 1
253 #define TLS_HB_RESPONSE 2
254 
255 #define SSL_RECORD_MINIMUM_LENGTH 6
256 
257 #define SHA1_STRING_LENGTH 60
258 
259 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
260 
262  int retval; // nr bytes consumed from input, or < 0 on error
263  uint32_t needed; // more bytes needed
264 };
265 #define SSL_DECODER_ERROR(e) \
266  (struct SSLDecoderResult) \
267  { \
268  (e), 0 \
269  }
270 #define SSL_DECODER_OK(c) \
271  (struct SSLDecoderResult) \
272  { \
273  (uint32_t)(c), 0 \
274  }
275 #define SSL_DECODER_INCOMPLETE(c, n) \
276  (struct SSLDecoderResult) \
277  { \
278  (uint32_t)(c), (n) \
279  }
280 
281 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
282  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
283 
284 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
285  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
286 {
287  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
288  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
289  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
290  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
291 
292  if (dst_offset < dst_size && src_offset < src_size &&
293  src_tocopy <= (src_size - src_offset) &&
294  src_tocopy <= (dst_size - dst_offset)) {
295  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
296  return 0;
297  }
298  return -1;
299 }
300 
301 #ifdef DEBUG_VALIDATION
302 #define ValidateRecordState(connp) \
303  do { \
304  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
305  (connp)->bytes_processed); \
306  } while(0);
307 #else
308 #define ValidateRecordState(...)
309 #endif
310 
311 #define SSLParserHSReset(connp) \
312  do { \
313  (connp)->handshake_type = 0; \
314  (connp)->message_length = 0; \
315  } while (0)
316 
317 #define SSLParserReset(state) \
318  do { \
319  SCLogDebug("resetting state"); \
320  (state)->curr_connp->bytes_processed = 0; \
321  SSLParserHSReset((state)->curr_connp); \
322  } while(0)
323 
324 #define SSLSetEvent(ssl_state, event) \
325  do { \
326  SCLogDebug("setting event %u", (event)); \
327  if ((ssl_state) == NULL) { \
328  SCLogDebug("could not set decoder event %u", event); \
329  } else { \
330  AppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
331  (ssl_state)->events++; \
332  } \
333  } while (0)
334 
335 static void SSLStateCertSANFree(SSLStateConnp *connp);
336 
337 static void *SSLGetTx(void *state, uint64_t tx_id)
338 {
339  SSLState *ssl_state = (SSLState *)state;
340  return ssl_state;
341 }
342 
343 static uint64_t SSLGetTxCnt(void *state)
344 {
345  /* single tx */
346  return 1;
347 }
348 
349 static void UpdateClientState(SSLState *ssl_state, enum TlsStateClient s)
350 {
351 #ifdef DEBUG
352  enum TlsStateClient old = ssl_state->client_state;
353 #endif
354  ssl_state->client_state = s;
355 #ifdef DEBUG
356  SCLogDebug("toserver: state updated to %u from %u", s, old);
357 #endif
358 }
359 
360 static void UpdateServerState(SSLState *ssl_state, enum TlsStateServer s)
361 {
362 #ifdef DEBUG
363  enum TlsStateServer old = ssl_state->server_state;
364 #endif
365  ssl_state->server_state = s;
366 #ifdef DEBUG
367  SCLogDebug("toclient: state updated to %u from %u", s, old);
368 #endif
369 }
370 
371 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
372 {
373  SSLState *ssl_state = (SSLState *)tx;
374  if (direction & STREAM_TOCLIENT) {
375  return ssl_state->server_state;
376  } else {
377  return ssl_state->client_state;
378  }
379 }
380 
381 static AppLayerTxData *SSLGetTxData(void *vtx)
382 {
383  SSLState *ssl_state = (SSLState *)vtx;
384  return &ssl_state->tx_data;
385 }
386 
387 static AppLayerStateData *SSLGetStateData(void *vstate)
388 {
389  SSLState *ssl_state = (SSLState *)vstate;
390  return &ssl_state->state_data;
391 }
392 
393 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
394 {
395  switch(err) {
398  break;
399  case ERR_EXTRACT_ISSUER:
401  break;
402  case ERR_EXTRACT_SUBJECT:
404  break;
405  case ERR_INVALID_DER:
407  break;
410  break;
411  case ERR_INVALID_DATE:
413  break;
416  break;
419  break;
420  case ERR_INVALID_SERIAL:
422  break;
423  case ERR_INVALID_VERSION:
425  break;
426  case ERR_INVALID_LENGTH:
428  break;
430  default:
432  break;
433  }
434 }
435 
436 static inline int TlsDecodeHSCertificateFingerprint(
437  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
438 {
439  if (unlikely(connp->cert0_fingerprint != NULL))
440  return 0;
441 
443  if (connp->cert0_fingerprint == NULL)
444  return -1;
445 
446  uint8_t hash[SC_SHA1_LEN];
447  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
448  SCToHex_sep(
449  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
450  }
451  return 0;
452 }
453 
454 static inline int TlsDecodeHSCertificateAddCertToChain(
455  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
456 {
457  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
458  if (cert == NULL)
459  return -1;
460 
461  cert->cert_data = (uint8_t *)input;
462  cert->cert_len = cert_len;
463  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
464 
465  return 0;
466 }
467 
468 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
469  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
470 {
471  const uint8_t *input = (uint8_t *)initial_input;
472  uint32_t err_code = 0;
473  X509 *x509 = NULL;
474  int rc = 0;
475 
476  if (!(HAS_SPACE(3)))
477  goto invalid_cert;
478 
479  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
480  input += 3;
481 
482  if (!(HAS_SPACE(cert_len)))
483  goto invalid_cert;
484 
485  /* only store fields from the first certificate in the chain */
486  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
487  connp->cert0_serial == NULL) {
488  x509 = SCX509Decode(input, cert_len, &err_code);
489  if (x509 == NULL) {
490  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
491  goto next;
492  }
493 
494  char *str = SCX509GetSubject(x509);
495  if (str == NULL) {
496  err_code = ERR_EXTRACT_SUBJECT;
497  goto error;
498  }
499  connp->cert0_subject = str;
500 
501  str = SCX509GetIssuer(x509);
502  if (str == NULL) {
503  err_code = ERR_EXTRACT_ISSUER;
504  goto error;
505  }
506  connp->cert0_issuerdn = str;
507 
508  connp->cert0_sans_len = SCX509GetSubjectAltNameLen(x509);
509  char **sans = SCCalloc(connp->cert0_sans_len, sizeof(char *));
510  if (sans == NULL) {
511  goto error;
512  }
513  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
514  sans[i] = SCX509GetSubjectAltNameAt(x509, i);
515  }
516  connp->cert0_sans = sans;
517  str = SCX509GetSerial(x509);
518  if (str == NULL) {
519  err_code = ERR_INVALID_SERIAL;
520  goto error;
521  }
522  connp->cert0_serial = str;
523 
524  rc = SCX509GetValidity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
525  if (rc != 0) {
526  err_code = ERR_EXTRACT_VALIDITY;
527  goto error;
528  }
529 
530  SCX509Free(x509);
531  x509 = NULL;
532 
533  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
534  if (rc != 0) {
535  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
536  goto error;
537  }
538  }
539 
540  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
541  if (rc != 0) {
542  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
543  goto error;
544  }
545 
546 next:
547  input += cert_len;
548  return (int)(input - initial_input);
549 
550 error:
551  if (err_code != 0)
552  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
553  if (x509 != NULL)
554  SCX509Free(x509);
555 
556  SSLStateCertSANFree(connp);
557  return -1;
558 
559 invalid_cert:
560  SCLogDebug("TLS invalid certificate");
562  return -1;
563 }
564 
565 /** \internal
566  * \brief parse cert data in a certificate handshake message
567  * will be called with all data.
568  * \retval consumed bytes consumed or -1 on error
569  */
570 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
571  const uint8_t *const initial_input, const uint32_t input_len)
572 {
573  const uint8_t *input = (uint8_t *)initial_input;
574 
575  if (!(HAS_SPACE(3)))
576  return -1;
577 
578  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
579  input += 3;
580 
581  if (!(HAS_SPACE(cert_chain_len)))
582  return -1;
583 
584  if (connp->certs_buffer != NULL) {
585  // TODO should we set an event here?
586  return -1;
587  }
588 
589  connp->certs_buffer = SCCalloc(1, cert_chain_len);
590  if (connp->certs_buffer == NULL) {
591  return -1;
592  }
593  connp->certs_buffer_size = cert_chain_len;
594  memcpy(connp->certs_buffer, input, cert_chain_len);
595 
596  int cert_cnt = 0;
597  uint32_t processed_len = 0;
598  /* coverity[tainted_data] */
599  while (processed_len < cert_chain_len) {
600  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
601  connp->certs_buffer_size - processed_len, cert_cnt);
602  if (rc <= 0) { // 0 should be impossible, but lets be defensive
603  return -1;
604  }
605  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
606  if (processed_len + (uint32_t)rc > cert_chain_len) {
607  return -1;
608  }
609 
610  processed_len += (uint32_t)rc;
611  }
612 
613  return processed_len + 3;
614 }
615 
616 /**
617  * \inline
618  * \brief Check if value is GREASE.
619  *
620  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
621  *
622  * \param value Value to check.
623  *
624  * \retval 1 if is GREASE.
625  * \retval 0 if not is GREASE.
626  */
627 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
628 {
629  switch (value)
630  {
631  case 0x0a0a:
632  case 0x1a1a:
633  case 0x2a2a:
634  case 0x3a3a:
635  case 0x4a4a:
636  case 0x5a5a:
637  case 0x6a6a:
638  case 0x7a7a:
639  case 0x8a8a:
640  case 0x9a9a:
641  case 0xaaaa:
642  case 0xbaba:
643  case 0xcaca:
644  case 0xdada:
645  case 0xeaea:
646  case 0xfafa:
647  return 1;
648  default:
649  return 0;
650  }
651 }
652 
653 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
654  const uint8_t * const initial_input,
655  const uint32_t input_len)
656 {
657  uint8_t *input = (uint8_t *)initial_input;
658 
660  SCLogDebug("TLS handshake invalid length");
661  SSLSetEvent(ssl_state,
663  return -1;
664  }
665 
666  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
667  ssl_state->curr_connp->version = version;
668 
669  if (ssl_state->current_flags &
671  SCTLSHandshakeSetTLSVersion(ssl_state->curr_connp->hs, version);
672  }
673 
674  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
675  versions, instead of using the supported versions extension. */
676  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
677  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
678  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
679  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
680  }
681 
682  /* Catch some early TLSv1.3 draft implementations that does not conform
683  to the draft version. */
684  if ((ssl_state->curr_connp->version >= 0x7f01) &&
685  (ssl_state->curr_connp->version < 0x7f10)) {
686  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
687  }
688 
689  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
690  version number, which makes it hard to accurately pinpoint the
691  exact draft version. */
692  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
693  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
694  }
695 
696  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
697  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
698  if (ssl_state->curr_connp->ja3_str == NULL)
699  return -1;
700 
701  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
702  if (rc != 0)
703  return -1;
704  }
705 
707 
708  return (int)(input - initial_input);
709 }
710 
711 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
712  const uint8_t * const initial_input,
713  const uint32_t input_len)
714 {
715  uint8_t *input = (uint8_t *)initial_input;
716 
718  SCLogDebug("TLS handshake invalid length");
719  SSLSetEvent(ssl_state,
721  return -1;
722  }
723 
725  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
726  ssl_state->flags |= TLS_TS_RANDOM_SET;
727  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
728  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
729  ssl_state->flags |= TLS_TC_RANDOM_SET;
730  }
731 
732  /* Skip random */
734 
735  return (int)(input - initial_input);
736 }
737 
738 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
739  const uint8_t * const initial_input,
740  const uint32_t input_len)
741 {
742  uint8_t *input = (uint8_t *)initial_input;
743 
744  if (!(HAS_SPACE(1)))
745  goto invalid_length;
746 
747  uint8_t session_id_length = *input;
748  input += 1;
749 
750  if (!(HAS_SPACE(session_id_length)))
751  goto invalid_length;
752 
753  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
754  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
755 
756  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
757  return -1;
758  }
759 
760  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
761  input, 0, input_len, session_id_length) != 0) {
762  return -1;
763  }
764  ssl_state->curr_connp->session_id_length = session_id_length;
765 
766  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
767  ssl_state->client_connp.session_id != NULL &&
768  ssl_state->server_connp.session_id != NULL) {
769  if ((ssl_state->client_connp.session_id_length ==
770  ssl_state->server_connp.session_id_length) &&
771  (memcmp(ssl_state->server_connp.session_id,
772  ssl_state->client_connp.session_id, session_id_length) == 0)) {
773  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
774  }
775  }
776  }
777 
778  input += session_id_length;
779 
780  return (int)(input - initial_input);
781 
782 invalid_length:
783  SCLogDebug("TLS handshake invalid length");
784  SSLSetEvent(ssl_state,
786  return -1;
787 }
788 
789 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
790  const uint8_t * const initial_input,
791  const uint32_t input_len)
792 {
793  const uint8_t *input = initial_input;
794 
795  if (!(HAS_SPACE(2)))
796  goto invalid_length;
797 
798  uint16_t cipher_suites_length;
799 
801  cipher_suites_length = 2;
802  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
803  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
804  input += 2;
805  } else {
806  return -1;
807  }
808 
809  if (!(HAS_SPACE(cipher_suites_length)))
810  goto invalid_length;
811 
812  /* Cipher suites length should always be divisible by 2 */
813  if ((cipher_suites_length % 2) != 0) {
814  goto invalid_length;
815  }
816 
817  const bool enable_ja3 =
818  SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL;
819 
820  JA3Buffer *ja3_cipher_suites = NULL;
821 
822  if (enable_ja3) {
823  ja3_cipher_suites = Ja3BufferInit();
824  if (ja3_cipher_suites == NULL)
825  return -1;
826  }
827 
828  uint16_t processed_len = 0;
829  /* coverity[tainted_data] */
830  while (processed_len < cipher_suites_length) {
831  if (!(HAS_SPACE(2))) {
832  if (enable_ja3) {
833  Ja3BufferFree(&ja3_cipher_suites);
834  }
835  goto invalid_length;
836  }
837 
838  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
839  input += 2;
840 
841  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
842  if (ssl_state->current_flags &
844  SCTLSHandshakeAddCipher(ssl_state->curr_connp->hs, cipher_suite);
845  }
846  if (enable_ja3) {
847  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
848  if (rc != 0) {
849  return -1;
850  }
851  }
852  }
853  processed_len += 2;
854  }
855 
856  if (enable_ja3) {
857  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str, &ja3_cipher_suites);
858  if (rc == -1) {
859  return -1;
860  }
861  }
862 
863  return (int)(input - initial_input);
864 
865 invalid_length:
866  SCLogDebug("TLS handshake invalid length");
867  SSLSetEvent(ssl_state,
869  return -1;
870 }
871 
872 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
873  const uint8_t * const initial_input,
874  const uint32_t input_len)
875 {
876  const uint8_t *input = initial_input;
877 
878  if (!(HAS_SPACE(1)))
879  goto invalid_length;
880 
881  /* Skip compression methods */
883  input += 1;
884  } else {
885  uint8_t compression_methods_length = *input;
886  input += 1;
887 
888  if (!(HAS_SPACE(compression_methods_length)))
889  goto invalid_length;
890 
891  input += compression_methods_length;
892  }
893 
894  return (int)(input - initial_input);
895 
896 invalid_length:
897  SCLogDebug("TLS handshake invalid_length");
898  SSLSetEvent(ssl_state,
900  return -1;
901 }
902 
903 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
904  const uint8_t * const initial_input,
905  const uint32_t input_len)
906 {
907  uint8_t *input = (uint8_t *)initial_input;
908 
909  /* Empty extension */
910  if (input_len == 0)
911  return 0;
912 
913  if (!(HAS_SPACE(2)))
914  goto invalid_length;
915 
916  /* Skip sni_list_length */
917  input += 2;
918 
919  if (!(HAS_SPACE(1)))
920  goto invalid_length;
921 
922  uint8_t sni_type = *input;
923  input += 1;
924 
925  /* Currently the only type allowed is host_name
926  (RFC6066 section 3). */
927  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
928  SCLogDebug("Unknown SNI type");
929  SSLSetEvent(ssl_state,
931  return -1;
932  }
933 
934  if (!(HAS_SPACE(2)))
935  goto invalid_length;
936 
937  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
938  input += 2;
939 
940  /* host_name contains the fully qualified domain name,
941  and should therefore be limited by the maximum domain
942  name length. */
943  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
944  SSLSetEvent(ssl_state,
946  return -1;
947  }
948 
949  /* There must not be more than one extension of the same
950  type (RFC5246 section 7.4.1.4). */
951  if (ssl_state->curr_connp->sni) {
952  SCLogDebug("Multiple SNI extensions");
953  SSLSetEvent(ssl_state,
955  input += sni_len;
956  return (int)(input - initial_input);
957  }
958 
959  const size_t sni_strlen = sni_len + 1;
960  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
961  if (unlikely(ssl_state->curr_connp->sni == NULL))
962  return -1;
963 
964  const size_t consumed = input - initial_input;
965  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
966  initial_input, consumed, input_len, sni_len) != 0) {
967  SCFree(ssl_state->curr_connp->sni);
968  ssl_state->curr_connp->sni = NULL;
969  return -1;
970  }
971  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
972 
973  input += sni_len;
974 
975  return (int)(input - initial_input);
976 
977 invalid_length:
978  SCLogDebug("TLS handshake invalid length");
979  SSLSetEvent(ssl_state,
981 
982 
983  return -1;
984 }
985 
986 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
987  const uint8_t * const initial_input,
988  const uint32_t input_len)
989 {
990  const uint8_t *input = initial_input;
991 
992  /* Empty extension */
993  if (input_len == 0)
994  return 0;
995 
997  if (!(HAS_SPACE(1)))
998  goto invalid_length;
999 
1000  uint8_t supported_ver_len = *input;
1001  input += 1;
1002 
1003  if (supported_ver_len < 2)
1004  goto invalid_length;
1005 
1006  if (!(HAS_SPACE(supported_ver_len)))
1007  goto invalid_length;
1008 
1009  /* Use the first (and preferred) valid version as client version,
1010  * skip over GREASE and other possible noise. */
1011  uint16_t i = 0;
1012  while (i + 1 < (uint16_t)supported_ver_len) {
1013  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1014  if (TLSVersionValid(ver)) {
1015  ssl_state->curr_connp->version = ver;
1016  SCTLSHandshakeSetTLSVersion(ssl_state->curr_connp->hs, ver);
1017  break;
1018  }
1019  i += 2;
1020  }
1021 
1022  /* Set a flag to indicate that we have seen this extension */
1024 
1025  input += supported_ver_len;
1026  }
1027  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1028  if (!(HAS_SPACE(2)))
1029  goto invalid_length;
1030 
1031  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1032 
1033  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1034  (ver > TLS_VERSION_12)) {
1035  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1036  }
1037 
1038  ssl_state->curr_connp->version = ver;
1039  input += 2;
1040  }
1041 
1042  return (int)(input - initial_input);
1043 
1044 invalid_length:
1045  SCLogDebug("TLS handshake invalid length");
1046  SSLSetEvent(ssl_state,
1048 
1049  return -1;
1050 }
1051 
1052 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1053  const uint8_t * const initial_input,
1054  const uint32_t input_len,
1055  JA3Buffer *ja3_elliptic_curves)
1056 {
1057  const uint8_t *input = initial_input;
1058 
1059  /* Empty extension */
1060  if (input_len == 0)
1061  return 0;
1062 
1063  if (!(HAS_SPACE(2)))
1064  goto invalid_length;
1065 
1066  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1067  input += 2;
1068 
1069  if (!(HAS_SPACE(elliptic_curves_len)))
1070  goto invalid_length;
1071 
1072  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves) {
1073  uint16_t ec_processed_len = 0;
1074  /* coverity[tainted_data] */
1075  while (ec_processed_len < elliptic_curves_len)
1076  {
1077  if (!(HAS_SPACE(2)))
1078  goto invalid_length;
1079 
1080  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1081  input += 2;
1082 
1083  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1084  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1085  elliptic_curve);
1086  if (rc != 0)
1087  return -1;
1088  }
1089 
1090  ec_processed_len += 2;
1091  }
1092 
1093  } else {
1094  /* Skip elliptic curves */
1095  input += elliptic_curves_len;
1096  }
1097 
1098  return (int)(input - initial_input);
1099 
1100 invalid_length:
1101  SCLogDebug("TLS handshake invalid length");
1102  SSLSetEvent(ssl_state,
1104 
1105  return -1;
1106 }
1107 
1108 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1109  const uint8_t * const initial_input,
1110  const uint32_t input_len,
1111  JA3Buffer *ja3_elliptic_curves_pf)
1112 {
1113  const uint8_t *input = initial_input;
1114 
1115  /* Empty extension */
1116  if (input_len == 0)
1117  return 0;
1118 
1119  if (!(HAS_SPACE(1)))
1120  goto invalid_length;
1121 
1122  uint8_t ec_pf_len = *input;
1123  input += 1;
1124 
1125  if (!(HAS_SPACE(ec_pf_len)))
1126  goto invalid_length;
1127 
1128  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves_pf) {
1129  uint8_t ec_pf_processed_len = 0;
1130  /* coverity[tainted_data] */
1131  while (ec_pf_processed_len < ec_pf_len)
1132  {
1133  uint8_t elliptic_curve_pf = *input;
1134  input += 1;
1135 
1136  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1137  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1138  elliptic_curve_pf);
1139  if (rc != 0)
1140  return -1;
1141  }
1142 
1143  ec_pf_processed_len += 1;
1144  }
1145 
1146  } else {
1147  /* Skip elliptic curve point formats */
1148  input += ec_pf_len;
1149  }
1150 
1151  return (int)(input - initial_input);
1152 
1153 invalid_length:
1154  SCLogDebug("TLS handshake invalid length");
1155  SSLSetEvent(ssl_state,
1157 
1158  return -1;
1159 }
1160 
1161 static inline int TLSDecodeHSHelloExtensionSigAlgorithms(
1162  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1163 {
1164  const uint8_t *input = initial_input;
1165 
1166  /* Empty extension */
1167  if (input_len == 0)
1168  return 0;
1169 
1170  if (!(HAS_SPACE(2)))
1171  goto invalid_length;
1172 
1173  uint16_t sigalgo_len = (uint16_t)(*input << 8) | *(input + 1);
1174  input += 2;
1175 
1176  /* Signature algorithms length should always be divisible by 2 */
1177  if ((sigalgo_len % 2) != 0) {
1178  goto invalid_length;
1179  }
1180 
1181  if (!(HAS_SPACE(sigalgo_len)))
1182  goto invalid_length;
1183 
1184  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1185  uint16_t sigalgo_processed_len = 0;
1186  while (sigalgo_processed_len < sigalgo_len) {
1187  uint16_t sigalgo = (uint16_t)(*input << 8) | *(input + 1);
1188  input += 2;
1189  sigalgo_processed_len += 2;
1190 
1191  SCTLSHandshakeAddSigAlgo(ssl_state->curr_connp->hs, sigalgo);
1192  }
1193  } else {
1194  /* Skip signature algorithms */
1195  input += sigalgo_len;
1196  }
1197 
1198  return (int)(input - initial_input);
1199 
1200 invalid_length:
1201  SCLogDebug("Signature algorithm list invalid length");
1203 
1204  return -1;
1205 }
1206 
1207 static inline int TLSDecodeHSHelloExtensionALPN(
1208  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1209 {
1210  const uint8_t *input = initial_input;
1211 
1212  /* Empty extension */
1213  if (input_len == 0)
1214  return 0;
1215 
1216  if (!(HAS_SPACE(2)))
1217  goto invalid_length;
1218 
1219  uint16_t alpn_len = (uint16_t)(*input << 8) | *(input + 1);
1220  input += 2;
1221 
1222  if (!(HAS_SPACE(alpn_len)))
1223  goto invalid_length;
1224 
1225  /* We use 32 bits here to avoid potentially overflowing a value that
1226  needs to be compared to an unsigned 16-bit value. */
1227  uint32_t alpn_processed_len = 0;
1228  while (alpn_processed_len < alpn_len) {
1229  uint8_t protolen = *input;
1230  input += 1;
1231  alpn_processed_len += 1;
1232 
1233  if (!(HAS_SPACE(protolen)))
1234  goto invalid_length;
1235 
1236  /* Check if reading another protolen bytes would exceed the
1237  overall ALPN length; if so, skip and continue */
1238  if (alpn_processed_len + protolen > ((uint32_t)alpn_len)) {
1239  input += alpn_len - alpn_processed_len;
1240  break;
1241  }
1242  SCTLSHandshakeAddALPN(ssl_state->curr_connp->hs, (const char *)input, protolen);
1243 
1244  alpn_processed_len += protolen;
1245  input += protolen;
1246  }
1247 
1248  return (int)(input - initial_input);
1249 
1250 invalid_length:
1251  SCLogDebug("ALPN list invalid length");
1253 
1254  return -1;
1255 }
1256 
1257 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1258  const uint8_t * const initial_input,
1259  const uint32_t input_len)
1260 {
1261  const uint8_t *input = initial_input;
1262 
1263  int ret;
1264  int rc;
1265  // if ja3_hash is already computed, do not use new hello to augment ja3_str
1266  const bool ja3 =
1267  (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1) && ssl_state->curr_connp->ja3_hash == NULL;
1268 
1269  JA3Buffer *ja3_extensions = NULL;
1270  JA3Buffer *ja3_elliptic_curves = NULL;
1271  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1272 
1273  if (ja3) {
1274  ja3_extensions = Ja3BufferInit();
1275  if (ja3_extensions == NULL)
1276  goto error;
1277 
1278  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1279  ja3_elliptic_curves = Ja3BufferInit();
1280  if (ja3_elliptic_curves == NULL)
1281  goto error;
1282 
1283  ja3_elliptic_curves_pf = Ja3BufferInit();
1284  if (ja3_elliptic_curves_pf == NULL)
1285  goto error;
1286  }
1287  }
1288 
1289  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1290  if (!(HAS_SPACE(2)))
1291  goto end;
1292 
1293  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1294  input += 2;
1295 
1296  if (!(HAS_SPACE(extensions_len)))
1297  goto invalid_length;
1298 
1299  uint16_t processed_len = 0;
1300  /* coverity[tainted_data] */
1301  while (processed_len < extensions_len)
1302  {
1303  if (!(HAS_SPACE(2)))
1304  goto invalid_length;
1305 
1306  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1307  input += 2;
1308 
1309  if (!(HAS_SPACE(2)))
1310  goto invalid_length;
1311 
1312  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1313  input += 2;
1314 
1315  if (!(HAS_SPACE(ext_len)))
1316  goto invalid_length;
1317 
1318  switch (ext_type) {
1319  case SSL_EXTENSION_SNI:
1320  {
1321  /* coverity[tainted_data] */
1322  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1323  ext_len);
1324  if (ret < 0)
1325  goto end;
1326 
1327  input += ret;
1328 
1329  break;
1330  }
1331 
1333  {
1334  /* coverity[tainted_data] */
1335  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1336  ext_len,
1337  ja3_elliptic_curves);
1338  if (ret < 0)
1339  goto end;
1340 
1341  input += ret;
1342 
1343  break;
1344  }
1345 
1347  {
1348  /* coverity[tainted_data] */
1349  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1350  ext_len,
1351  ja3_elliptic_curves_pf);
1352  if (ret < 0)
1353  goto end;
1354 
1355  input += ret;
1356 
1357  break;
1358  }
1359 
1361  /* coverity[tainted_data] */
1362  ret = TLSDecodeHSHelloExtensionSigAlgorithms(ssl_state, input, ext_len);
1363  if (ret < 0)
1364  goto end;
1365 
1366  input += ret;
1367 
1368  break;
1369  }
1370 
1371  case SSL_EXTENSION_ALPN: {
1372  /* coverity[tainted_data] */
1373  ret = TLSDecodeHSHelloExtensionALPN(ssl_state, input, ext_len);
1374  if (ret < 0)
1375  goto end;
1376 
1377  input += ext_len;
1378 
1379  break;
1380  }
1381 
1383  {
1384  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1385  /* Used by 0-RTT to indicate that encrypted data will
1386  be sent right after the ClientHello record. */
1387  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1388  }
1389 
1390  input += ext_len;
1391 
1392  break;
1393  }
1394 
1396  {
1397  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1398  ext_len);
1399  if (ret < 0)
1400  goto end;
1401 
1402  input += ret;
1403 
1404  break;
1405  }
1406 
1408  {
1409  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1410  /* This has to be verified later on by checking if a
1411  certificate record has been sent by the server. */
1412  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1413  }
1414 
1415  input += ext_len;
1416 
1417  break;
1418  }
1419 
1420  default:
1421  {
1422  input += ext_len;
1423  break;
1424  }
1425  }
1426 
1427  if (ja3) {
1428  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1429  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1430  if (rc != 0)
1431  goto error;
1432  }
1433  }
1434 
1435  if (ssl_state->current_flags &
1437  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1438  SCTLSHandshakeAddExtension(ssl_state->curr_connp->hs, ext_type);
1439  }
1440  }
1441 
1442  processed_len += ext_len + 4;
1443  }
1444 
1445 end:
1446  if (ja3) {
1447  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1448  &ja3_extensions);
1449  if (rc == -1)
1450  goto error;
1451 
1452  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1453  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1454  &ja3_elliptic_curves);
1455  if (rc == -1)
1456  goto error;
1457 
1458  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1459  &ja3_elliptic_curves_pf);
1460  if (rc == -1)
1461  goto error;
1462  }
1463  }
1464 
1465  return (int)(input - initial_input);
1466 
1467 invalid_length:
1468  SCLogDebug("TLS handshake invalid length");
1469  SSLSetEvent(ssl_state,
1471 
1472 error:
1473  if (ja3_extensions != NULL)
1474  Ja3BufferFree(&ja3_extensions);
1475  if (ja3_elliptic_curves != NULL)
1476  Ja3BufferFree(&ja3_elliptic_curves);
1477  if (ja3_elliptic_curves_pf != NULL)
1478  Ja3BufferFree(&ja3_elliptic_curves_pf);
1479 
1480  return -1;
1481 }
1482 
1483 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1484  const uint8_t * const input,
1485  const uint32_t input_len)
1486 {
1487  int ret;
1488  uint32_t parsed = 0;
1489 
1490  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1491  if (ret < 0)
1492  goto end;
1493 
1494  parsed += ret;
1495 
1496  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1497  if (ret < 0)
1498  goto end;
1499 
1500  parsed += ret;
1501 
1502  /* The session id field in the server hello record was removed in
1503  TLSv1.3 draft1, but was readded in draft22. */
1504  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1506  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1507  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1508  input_len - parsed);
1509  if (ret < 0)
1510  goto end;
1511 
1512  parsed += ret;
1513  }
1514 
1515  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1516  input_len - parsed);
1517  if (ret < 0)
1518  goto end;
1519 
1520  parsed += ret;
1521 
1522  /* The compression methods field in the server hello record was
1523  removed in TLSv1.3 draft1, but was readded in draft22. */
1524  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1526  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1527  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1528  input_len - parsed);
1529  if (ret < 0)
1530  goto end;
1531 
1532  parsed += ret;
1533  }
1534 
1535  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1536  input_len - parsed);
1537  if (ret < 0)
1538  goto end;
1539 
1540  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1541  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1542  }
1543 
1544  if (ssl_state->curr_connp == &ssl_state->client_connp) {
1545  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
1546  } else {
1547  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
1548  }
1549 end:
1550  return 0;
1551 }
1552 
1553 #ifdef DEBUG_VALIDATION
1554 static inline bool
1555 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1556 {
1557  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1558  curr_connp->bytes_processed);
1559 }
1560 #endif
1561 
1562 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1563  const uint8_t *const initial_input, const uint32_t input_len)
1564 {
1565  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1566  SCLogDebug("rc %d", rc);
1567  if (rc > 0) {
1568  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1569  SSLParserHSReset(connp);
1570  } else if (rc < 0) {
1571  SCLogDebug("error parsing cert, reset state");
1572  SSLParserHSReset(connp);
1573  /* fall through to still consume the cert bytes */
1574  }
1575  if (connp == &ssl_state->client_connp) {
1576  UpdateClientState(ssl_state, TLS_STATE_CLIENT_CERT_DONE);
1577  } else {
1578  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
1579  }
1580  return input_len;
1581 }
1582 
1583 static int SupportedHandshakeType(const uint8_t type)
1584 {
1585  switch (type) {
1586  case SSLV3_HS_CLIENT_HELLO:
1587  case SSLV3_HS_SERVER_HELLO:
1590  case SSLV3_HS_CERTIFICATE:
1594  case SSLV3_HS_FINISHED:
1599  return true;
1600  break;
1601 
1602  default:
1603  return false;
1604  break;
1605  }
1606 }
1607 
1608 /**
1609  * \param input_len length of bytes after record header. Can be 0 (e.g. for server hello done).
1610  * \retval parsed number of consumed bytes
1611  * \retval < 0 error
1612  */
1613 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1614  uint32_t input_len, uint8_t direction)
1615 {
1616  const uint8_t *initial_input = input;
1617  int rc;
1618 
1619  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1620 
1621  switch (ssl_state->curr_connp->handshake_type) {
1622  case SSLV3_HS_CLIENT_HELLO:
1624 
1625  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1626  if (rc < 0)
1627  return rc;
1628  break;
1629 
1630  case SSLV3_HS_SERVER_HELLO:
1632 
1633  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1634  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1635  if (rc < 0)
1636  return rc;
1637  break;
1638 
1641  break;
1642 
1645  break;
1646 
1647  case SSLV3_HS_CERTIFICATE:
1648  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1649  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1650  input_len);
1651  if (rc < 0)
1652  return rc;
1653  break;
1654 
1656  break;
1658  if (direction) {
1660  }
1661  break;
1663  case SSLV3_HS_FINISHED:
1666  break;
1668  SCLogDebug("new session ticket");
1669  break;
1671  if (direction) {
1672  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO_DONE);
1673  }
1674  break;
1675  default:
1677  return -1;
1678  }
1679 
1680  ssl_state->flags |= ssl_state->current_flags;
1681 
1682  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1683  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1684 
1685  return input_len;
1686 }
1687 
1688 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1689  uint32_t input_len, uint8_t direction)
1690 {
1691  const uint8_t *initial_input = input;
1692 
1693  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1694  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1695  SCReturnInt(0);
1696  }
1697 
1698  while (input_len) {
1699  SCLogDebug("input_len %u", input_len);
1700 
1701  if (ssl_state->curr_connp->hs_buffer != NULL) {
1702  SCLogDebug("partial handshake record in place");
1703  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1704  ssl_state->curr_connp->hs_buffer_offset;
1705  const uint32_t add = MIN(need, input_len);
1706 
1707  /* grow buffer to next multiple of 4k that fits all data we have */
1708  if (ssl_state->curr_connp->hs_buffer_offset + add >
1709  ssl_state->curr_connp->hs_buffer_size) {
1710  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1711  const uint32_t new_size = avail + (4096 - (avail % 4096));
1712  SCLogDebug("new_size %u, avail %u", new_size, avail);
1713  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1714  if (ptr == NULL)
1715  return -1;
1716  ssl_state->curr_connp->hs_buffer = ptr;
1717  ssl_state->curr_connp->hs_buffer_size = new_size;
1718  }
1719 
1720  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1721  "ssl_state->curr_connp->hs_buffer_size %u",
1722  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1723  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1724 
1725  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1726  ssl_state->curr_connp->hs_buffer_offset,
1727  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1728  SCLogDebug("copy failed");
1729  return -1;
1730  }
1731  ssl_state->curr_connp->hs_buffer_offset += add;
1732 
1733  if (ssl_state->curr_connp->hs_buffer_message_size <=
1734  ssl_state->curr_connp->hs_buffer_offset) {
1736  ssl_state->curr_connp->hs_buffer_offset);
1737 
1738  ssl_state->curr_connp->handshake_type =
1739  ssl_state->curr_connp->hs_buffer_message_type;
1740  ssl_state->curr_connp->message_length =
1741  ssl_state->curr_connp->hs_buffer_message_size;
1742 
1743  SCLogDebug("got all data now: handshake_type %u message_length %u",
1744  ssl_state->curr_connp->handshake_type,
1745  ssl_state->curr_connp->message_length);
1746 
1747  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1748  ssl_state->curr_connp->hs_buffer_offset, direction);
1749  if (retval < 0) {
1750  SSLParserHSReset(ssl_state->curr_connp);
1751  return (retval);
1752  }
1753  SCLogDebug("retval %d", retval);
1754 
1755  /* data processed, reset buffer */
1756  SCFree(ssl_state->curr_connp->hs_buffer);
1757  ssl_state->curr_connp->hs_buffer = NULL;
1758  ssl_state->curr_connp->hs_buffer_size = 0;
1759  ssl_state->curr_connp->hs_buffer_message_size = 0;
1760  ssl_state->curr_connp->hs_buffer_message_type = 0;
1761  ssl_state->curr_connp->hs_buffer_offset = 0;
1762  } else {
1763  SCLogDebug("partial data");
1764  }
1765 
1766  input += add;
1767  input_len -= add;
1768  SCLogDebug("input_len %u", input_len);
1769  SSLParserHSReset(ssl_state->curr_connp);
1770  continue;
1771  }
1772 
1773  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1774  SCLogDebug("input %p input_len %u", input, input_len);
1775 
1776  if (input_len < 4) {
1778  SCReturnInt(-1);
1779  }
1780 
1781  ssl_state->curr_connp->handshake_type = input[0];
1782  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1783  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1784  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1785  input_len);
1786  input += 4;
1787  input_len -= 4;
1788 
1789  const uint32_t record_len = ssl_state->curr_connp->message_length;
1790  /* see if we support this type. We check here to not use the fragment
1791  * handling on things we don't support. */
1792  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1793  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1794  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1795  if (!supported_type) {
1796  uint32_t avail_record_len = MIN(input_len, record_len);
1797  input += avail_record_len;
1798  input_len -= avail_record_len;
1799 
1800  SSLParserHSReset(ssl_state->curr_connp);
1801 
1802  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1803  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1804  // after Change Cipher Spec we get Encrypted Handshake Messages
1805  } else {
1807  }
1808  continue;
1809  }
1810 
1811  /* if the message length exceeds our input_len, we have a tls fragment. */
1812  if (record_len > input_len) {
1813  const uint32_t avail = input_len;
1814  const uint32_t size = avail + (4096 - (avail % 4096));
1815  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1816  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1817  if (ssl_state->curr_connp->hs_buffer == NULL) {
1818  return -1;
1819  }
1820  ssl_state->curr_connp->hs_buffer_size = size;
1821  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1822  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1823 
1824  if (input_len > 0) {
1825  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1826  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1827  input_len) != 0) {
1828  return -1;
1829  }
1830  ssl_state->curr_connp->hs_buffer_offset = input_len;
1831  }
1832  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1833  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1834  ssl_state->curr_connp->hs_buffer_offset,
1835  ssl_state->curr_connp->hs_buffer_message_type,
1836  ssl_state->curr_connp->hs_buffer_message_size);
1837  input += input_len;
1838  SSLParserHSReset(ssl_state->curr_connp);
1839  return (int)(input - initial_input);
1840 
1841  } else {
1842  /* full record, parse it now */
1843  int retval = SSLv3ParseHandshakeType(
1844  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1845  if (retval < 0 || retval > (int)input_len) {
1846  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1847  return (retval);
1848  }
1849  SCLogDebug("retval %d input_len %u", retval, input_len);
1850  input += retval;
1851  input_len -= retval;
1852 
1853  SSLParserHSReset(ssl_state->curr_connp);
1854  }
1855  SCLogDebug("input_len left %u", input_len);
1856  }
1857  return (int)(input - initial_input);
1858 }
1859 
1860 /**
1861  * \internal
1862  * \brief TLS Alert parser
1863  *
1864  * \param sslstate Pointer to the SSL state.
1865  * \param input Pointer to the received input data.
1866  * \param input_len Length in bytes of the received data.
1867  * \param direction 1 toclient, 0 toserver
1868  *
1869  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1870  */
1871 static int SSLv3ParseAlertProtocol(
1872  SSLState *ssl_state, const uint8_t *input, uint32_t input_len, uint8_t direction)
1873 {
1874  if (input_len < 2) {
1876  return -1;
1877  }
1878 
1879  /* assume a record > 2 to be an encrypted alert record */
1880  if (input_len == 2) {
1881  uint8_t level = input[0];
1882  // uint8_t desc = input[1];
1883 
1884  /* if level Fatal, we consider the tx finished */
1885  if (level == 2) {
1886  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
1887  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
1888  }
1889  }
1890  return 0;
1891 }
1892 
1893 /**
1894  * \internal
1895  * \brief TLS Heartbeat parser (see RFC 6520)
1896  *
1897  * \param sslstate Pointer to the SSL state.
1898  * \param input Pointer to the received input data.
1899  * \param input_len Length in bytes of the received data.
1900  * \param direction 1 toclient, 0 toserver
1901  *
1902  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1903  */
1904 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1905  uint32_t input_len, uint8_t direction)
1906 {
1907  uint8_t hb_type;
1908  uint16_t payload_len;
1909  uint32_t padding_len;
1910 
1911  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1912  if (input_len < 3) {
1913  return 0;
1914  }
1915 
1916  hb_type = *input++;
1917 
1918  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1919  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1921  return -1;
1922  }
1923  }
1924 
1925  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1926  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1927 
1928  if (direction) {
1929  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1930  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1931  } else {
1932  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1933  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1934  }
1935 
1936  /* if we reach this point, then we can assume that the HB request
1937  is encrypted. If so, let's set the HB record length */
1938  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1939  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1940  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1941  ssl_state->hb_record_len);
1942  return (ssl_state->curr_connp->record_length - 3);
1943  }
1944 
1945  payload_len = (uint16_t)(*input << 8) | *(input + 1);
1946 
1947  /* check that the requested payload length is really present in
1948  the record (CVE-2014-0160) */
1949  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
1950  SCLogDebug("We have a short record in HeartBeat Request");
1952  return -1;
1953  }
1954 
1955  /* check the padding length. It must be at least 16 bytes
1956  (RFC 6520, section 4) */
1957  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
1958  if (padding_len < 16) {
1959  SCLogDebug("We have a short record in HeartBeat Request");
1961  return -1;
1962  }
1963 
1964  /* we don't have the payload */
1965  if (input_len < payload_len + padding_len) {
1966  return 0;
1967  }
1968 
1969  /* OpenSSL still seems to discard multiple in-flight
1970  heartbeats although some tools send multiple at once */
1971  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1972  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
1973  SCLogDebug("Multiple in-flight server initiated HeartBeats");
1975  return -1;
1976 
1977  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1978  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
1979  SCLogDebug("Multiple in-flight client initiated HeartBeats");
1981  return -1;
1982 
1983  } else {
1984  /* we have a HB record in the opposite direction of the request,
1985  let's reset our flags */
1986  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
1987  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
1988  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
1989 
1990  /* if we reach this point, then we can assume that the HB request
1991  is encrypted. If so, let's set the HB record length */
1992  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1993  /* check to see if the encrypted response is longer than the
1994  encrypted request */
1995  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
1996  ssl_state->curr_connp->record_length) {
1997  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
1998  ssl_state->hb_record_len);
1999  SSLSetEvent(ssl_state,
2001  ssl_state->hb_record_len = 0;
2002  return -1;
2003  }
2004  }
2005 
2006  /* reset the HB record length in case we have a legit HB followed
2007  by a bad one */
2008  ssl_state->hb_record_len = 0;
2009  }
2010 
2011  /* skip the HeartBeat, 3 bytes were already parsed,
2012  e.g |18 03 02| for TLS 1.2 */
2013  return (ssl_state->curr_connp->record_length - 3);
2014 }
2015 
2016 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
2017  const uint8_t *input, uint32_t input_len)
2018 {
2019  const uint8_t *initial_input = input;
2020 
2021  if (input_len == 0) {
2022  return 0;
2023  }
2024 
2025  uint8_t skip_version = 0;
2026 
2027  /* Only set SSL/TLS version here if it has not already been set in
2028  client/server hello. */
2029  if (direction == 0) {
2030  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2031  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
2032  skip_version = 1;
2033  }
2034  } else {
2035  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
2036  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
2037  skip_version = 1;
2038  }
2039  }
2040 
2041  switch (ssl_state->curr_connp->bytes_processed) {
2042  case 0:
2043  if (input_len >= 5) {
2044  ssl_state->curr_connp->content_type = input[0];
2045  if (!skip_version) {
2046  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
2047  }
2048  ssl_state->curr_connp->record_length = input[3] << 8;
2049  ssl_state->curr_connp->record_length |= input[4];
2051  return SSLV3_RECORD_HDR_LEN;
2052  } else {
2053  ssl_state->curr_connp->content_type = *(input++);
2054  if (--input_len == 0)
2055  break;
2056  }
2057 
2058  /* fall through */
2059  case 1:
2060  if (!skip_version) {
2061  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
2062  } else {
2063  input++;
2064  }
2065  if (--input_len == 0)
2066  break;
2067 
2068  /* fall through */
2069  case 2:
2070  if (!skip_version) {
2071  ssl_state->curr_connp->version |= *(input++);
2072  } else {
2073  input++;
2074  }
2075  if (--input_len == 0)
2076  break;
2077 
2078  /* fall through */
2079  case 3:
2080  ssl_state->curr_connp->record_length = *(input++) << 8;
2081  if (--input_len == 0)
2082  break;
2083 
2084  /* fall through */
2085  case 4:
2086  ssl_state->curr_connp->record_length |= *(input++);
2087  if (--input_len == 0)
2088  break;
2089 
2090  /* fall through */
2091  }
2092 
2093  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2094 
2095  return (int)(input - initial_input);
2096 }
2097 
2098 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
2099  const uint8_t *input, uint32_t input_len)
2100 {
2101  const uint8_t *initial_input = input;
2102 
2103  if (input_len == 0) {
2104  return 0;
2105  }
2106 
2107  if (ssl_state->curr_connp->record_lengths_length == 2) {
2108  switch (ssl_state->curr_connp->bytes_processed) {
2109  case 0:
2110  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2111  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
2112  ssl_state->curr_connp->content_type = input[2];
2113  ssl_state->curr_connp->version = SSL_VERSION_2;
2114  ssl_state->curr_connp->bytes_processed += 3;
2115  return 3;
2116  } else {
2117  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
2118  if (--input_len == 0)
2119  break;
2120  }
2121 
2122  /* fall through */
2123  case 1:
2124  ssl_state->curr_connp->record_length |= *(input++);
2125  if (--input_len == 0)
2126  break;
2127 
2128  /* fall through */
2129  case 2:
2130  ssl_state->curr_connp->content_type = *(input++);
2131  ssl_state->curr_connp->version = SSL_VERSION_2;
2132  if (--input_len == 0)
2133  break;
2134 
2135  /* fall through */
2136  }
2137 
2138  } else {
2139  switch (ssl_state->curr_connp->bytes_processed) {
2140  case 0:
2141  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2142  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
2143  ssl_state->curr_connp->content_type = input[3];
2144  ssl_state->curr_connp->version = SSL_VERSION_2;
2145  ssl_state->curr_connp->bytes_processed += 4;
2146  return 4;
2147  } else {
2148  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
2149  if (--input_len == 0)
2150  break;
2151  }
2152 
2153  /* fall through */
2154  case 1:
2155  ssl_state->curr_connp->record_length |= *(input++);
2156  if (--input_len == 0)
2157  break;
2158 
2159  /* fall through */
2160  case 2:
2161  /* padding */
2162  input++;
2163  if (--input_len == 0)
2164  break;
2165 
2166  /* fall through */
2167  case 3:
2168  ssl_state->curr_connp->content_type = *(input++);
2169  ssl_state->curr_connp->version = SSL_VERSION_2;
2170  if (--input_len == 0)
2171  break;
2172 
2173  /* fall through */
2174  }
2175  }
2176 
2177  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2178 
2179  return (int)(input - initial_input);
2180 }
2181 
2182 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2183  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2184  const StreamSlice stream_slice)
2185 {
2186  const uint8_t *initial_input = input;
2187 
2188  if (ssl_state->curr_connp->bytes_processed == 0) {
2189  if (input[0] & 0x80) {
2190  ssl_state->curr_connp->record_lengths_length = 2;
2191  } else {
2192  ssl_state->curr_connp->record_lengths_length = 3;
2193  }
2194 
2195  SCLogDebug("record start: ssl2.hdr frame");
2196  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2197  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2198  }
2199 
2200  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2201  "ssl_state->curr_connp->bytes_processed %u",
2202  direction, ssl_state->curr_connp->record_lengths_length + 1,
2203  ssl_state->curr_connp->bytes_processed);
2204  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2205  to read the msg_type */
2206  if (ssl_state->curr_connp->bytes_processed <
2207  (ssl_state->curr_connp->record_lengths_length + 1)) {
2208  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2209  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2210  ssl_state->curr_connp->record_length);
2211  if (retval < 0 || retval > (int)input_len) {
2212  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2214  return SSL_DECODER_ERROR(-1);
2215  }
2216 
2217  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2218  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2219  direction, TLS_FRAME_SSLV2_PDU);
2220  SCLogDebug("record start: ssl2.pdu frame");
2221 
2222  input += retval;
2223  input_len -= retval;
2224  }
2225 
2226  /* if we don't have the full record, we return incomplete */
2227  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2228  input_len + ssl_state->curr_connp->bytes_processed) {
2229  uint32_t needed = ssl_state->curr_connp->record_length;
2230  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2231  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2232  needed);
2233  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2234  }
2235 
2236  if (input_len == 0) {
2237  return SSL_DECODER_OK((input - initial_input));
2238  }
2239 
2240  /* record_length should never be zero */
2241  if (ssl_state->curr_connp->record_length == 0) {
2242  SCLogDebug("SSLv2 record length is zero");
2244  return SSL_DECODER_ERROR(-1);
2245  }
2246 
2247  /* record_lengths_length should never be zero */
2248  if (ssl_state->curr_connp->record_lengths_length == 0) {
2249  SCLogDebug("SSLv2 record lengths length is zero");
2251  return SSL_DECODER_ERROR(-1);
2252  }
2253 
2254  switch (ssl_state->curr_connp->content_type) {
2255  case SSLV2_MT_ERROR:
2256  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2257  "in establishing the sslv2 session, may be version");
2259 
2260  break;
2261 
2262  case SSLV2_MT_CLIENT_HELLO:
2263  if (input_len < 6) {
2265  return SSL_DECODER_ERROR(-1);
2266  }
2267 
2268  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2269  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2270  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
2271 
2272  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2273  SCLogDebug("SSLv2: version %04x", version);
2274  ssl_state->curr_connp->version = version;
2275  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2276  input += 6;
2277  input_len -= 6;
2278  ssl_state->curr_connp->bytes_processed += 6;
2279  if (session_id_length == 0) {
2280  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2281  }
2282  break;
2283 
2285  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2286  SCLogDebug("Client hello is not seen before master key "
2287  "message!");
2288  }
2289  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2290 
2291  break;
2292 
2294  if (direction == 1) {
2295  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2296  "direction!");
2297  } else {
2298  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2299  }
2300  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
2301 
2302  /* fall through */
2305  if (direction == 0 &&
2306  !(ssl_state->curr_connp->content_type &
2308  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2309  "direction!");
2310  }
2311 
2312  /* fall through */
2315  /* both client hello and server hello must be seen */
2316  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2317  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2318 
2319  if (direction == 0) {
2320  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2321  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2322  SCLogDebug("SSLv2 client side has started the encryption");
2323  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2324  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2325  SCLogDebug("SSLv2 client side has started the encryption");
2326  }
2327  } else {
2328  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2329  SCLogDebug("SSLv2 Server side has started the encryption");
2330  }
2331 
2332  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2333  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2334  {
2338  }
2339 
2343  }
2344  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2345  }
2346  }
2347 
2348  break;
2349 
2350  case SSLV2_MT_SERVER_HELLO:
2351  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2352  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2353  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
2354 
2355  break;
2356  }
2357 
2358  ssl_state->flags |= ssl_state->current_flags;
2359 
2360  if (input_len + ssl_state->curr_connp->bytes_processed >=
2361  (ssl_state->curr_connp->record_length +
2362  ssl_state->curr_connp->record_lengths_length)) {
2363 
2364  /* looks like we have another record after this */
2365  uint32_t diff = ssl_state->curr_connp->record_length +
2366  ssl_state->curr_connp->record_lengths_length + -
2367  ssl_state->curr_connp->bytes_processed;
2368  input += diff;
2369  SSLParserReset(ssl_state);
2370 
2371  /* we still don't have the entire record for the one we are
2372  currently parsing */
2373  } else {
2374  input += input_len;
2375  ssl_state->curr_connp->bytes_processed += input_len;
2376  }
2377  return SSL_DECODER_OK((input - initial_input));
2378 }
2379 
2380 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2381  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2382  const StreamSlice stream_slice)
2383 {
2384  uint32_t parsed = 0;
2385  uint32_t record_len; /* slice of input_len for the current record */
2386  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2387 
2388  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2389  const uint16_t prev_version = ssl_state->curr_connp->version;
2390 
2391  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2392  if (retval < 0 || retval > (int)input_len) {
2393  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2394  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2396  return SSL_DECODER_ERROR(-1);
2397  }
2398  parsed = retval;
2399 
2400  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2401  input, ssl_state->curr_connp->record_length);
2402 
2403  /* first the hdr frame at our first chance */
2404  if (first_call) {
2405  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2406  direction, TLS_FRAME_HDR);
2407  }
2408 
2409  /* parser is streaming for the initial header, then switches to incomplete
2410  * API: so if we don't have the hdr yet, return consumed bytes and wait
2411  * until we are called again with new data. */
2412  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2413  SCLogDebug(
2414  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2415  return SSL_DECODER_OK(parsed);
2416  }
2417 
2418  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2419  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2420  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2421  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2422  SCLogDebug(
2423  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2424  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2425 
2426  bool unknown_record = false;
2427  switch (ssl_state->curr_connp->content_type) {
2429  case SSLV3_ALERT_PROTOCOL:
2433  break;
2434  default:
2435  unknown_record = true;
2436  break;
2437  }
2438 
2439  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2440  * on Wireshark logic. */
2441  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2442  if (unknown_record) {
2443  SCLogDebug("unknown record, ignore it");
2445 
2446  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2447  ssl_state->curr_connp->content_type = 0;
2448  ssl_state->curr_connp->record_length = 0;
2449  // restore last good version
2450  ssl_state->curr_connp->version = prev_version;
2451  return SSL_DECODER_OK(input_len); // consume everything
2452  }
2453  } else {
2454  if (unknown_record) {
2455  SCLogDebug("unknown record, fatal");
2457  return SSL_DECODER_ERROR(-1);
2458  }
2459  }
2460 
2461  /* record_length should never be zero */
2462  if (ssl_state->curr_connp->record_length == 0) {
2463  SCLogDebug("SSLv3 Record length is 0");
2465  return SSL_DECODER_ERROR(-1);
2466  }
2467 
2468  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2469  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2471  return SSL_DECODER_ERROR(-1);
2472  }
2473 
2474  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2475  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2477  return SSL_DECODER_ERROR(-1);
2478  }
2479  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2480  } else {
2481  ValidateRecordState(ssl_state->curr_connp);
2482 
2483  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2484  record_len = MIN(input_len, record_len);
2485  }
2486  SCLogDebug("record length %u processed %u got %u",
2487  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2488 
2489  /* if we don't have the full record, we return incomplete */
2490  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2491  /* no need to use incomplete api buffering for application
2492  * records that we'll not use anyway. */
2493  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2494  SCLogDebug("application record");
2495  } else {
2496  uint32_t needed = ssl_state->curr_connp->record_length;
2497  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2498  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2500  return SSL_DECODER_INCOMPLETE(parsed, needed);
2501  }
2502  }
2503 
2504  if (record_len == 0) {
2505  return SSL_DECODER_OK(parsed);
2506  }
2507 
2508  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2509  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2510 
2511  switch (ssl_state->curr_connp->content_type) {
2512  /* we don't need any data from these types */
2514  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2515 
2516  if (direction) {
2517  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2518  } else {
2519  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2520 
2521  // TODO TLS 1.3
2522  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2523  }
2524  break;
2525 
2526  case SSLV3_ALERT_PROTOCOL: {
2527  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2528  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2529 
2530  int retval = SSLv3ParseAlertProtocol(ssl_state, input + parsed, record_len, direction);
2531  if (retval < 0) {
2532  SCLogDebug("SSLv3ParseAlertProtocol returned %d", retval);
2533  return SSL_DECODER_ERROR(-1);
2534  }
2535  break;
2536  }
2538  /* In TLSv1.3 early data (0-RTT) could be sent before the
2539  handshake is complete (rfc8446, section 2.3). We should
2540  therefore not mark the handshake as done before we have
2541  seen the ServerHello record. */
2542  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2543  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2544  break;
2545 
2546  /* if we see (encrypted) application data, then this means the
2547  handshake must be done */
2548  if (ssl_state->curr_connp == &ssl_state->client_connp) {
2549  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2550  } else {
2551  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2552  }
2553 
2555  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2558  }
2559 
2560  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2561  * heartbeat lke inspection to be able to be able to bypass the flow */
2563  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2570  }
2571  break;
2572 
2573  case SSLV3_HANDSHAKE_PROTOCOL: {
2574  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2575  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2576  compatibility (rfc8446, appendix D.4). */
2577  // Client hello flags is needed to have a valid version
2578  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2579  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2580  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2581  /* do nothing */
2582  } else {
2583  // if we started parsing this, we must stop
2584  break;
2585  }
2586  }
2587 
2588  if (ssl_state->curr_connp->record_length < 4) {
2589  SSLParserReset(ssl_state);
2591  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2592  return SSL_DECODER_ERROR(-1);
2593  }
2594 
2595  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2596  record_len, direction);
2597  SCLogDebug("retval %d", retval);
2598  if (retval < 0 || retval > (int)record_len) {
2599  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2601  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2602  return SSL_DECODER_ERROR(-1);
2603  }
2604  ValidateRecordState(ssl_state->curr_connp);
2605  break;
2606  }
2607  case SSLV3_HEARTBEAT_PROTOCOL: {
2608  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2609  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2610  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2611  record_len, direction);
2612  if (retval < 0) {
2613  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2614  return SSL_DECODER_ERROR(-1);
2615  }
2616  break;
2617  }
2618  default:
2619  // should be unreachable now that we check after header parsing
2621  SCLogDebug("unsupported record type");
2622  return SSL_DECODER_ERROR(-1);
2623  }
2624 
2625  parsed += record_len;
2626  ssl_state->curr_connp->bytes_processed += record_len;
2627 
2628  if (ssl_state->curr_connp->bytes_processed >=
2629  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2630  SCLogDebug("record complete, trigger RAW");
2632  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2633  SSLParserReset(ssl_state);
2634  ValidateRecordState(ssl_state->curr_connp);
2635  return SSL_DECODER_OK(parsed);
2636 
2637  } else {
2638  /* we still don't have the entire record for the one we are
2639  currently parsing */
2640  ValidateRecordState(ssl_state->curr_connp);
2641  return SSL_DECODER_OK(parsed);
2642  }
2643 }
2644 
2645 /**
2646  * \internal
2647  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2648  *
2649  * On parsing error, this should be the only function that should reset
2650  * the parser state, to avoid multiple functions in the chain resetting
2651  * the parser state.
2652  *
2653  * \param direction 0 for toserver, 1 for toclient.
2654  * \param alstate Pointer to the state.
2655  * \param pstate Application layer parser state for this session.
2656  * \param output Pointer to the list of parsed output elements.
2657  *
2658  * \todo On reaching an inconsistent state, check if the input has
2659  * another new record, instead of just returning after the reset
2660  *
2661  * \retval >=0 On success.
2662  */
2663 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2664  AppLayerParserState *pstate, StreamSlice stream_slice)
2665 {
2666  SSLState *ssl_state = (SSLState *)alstate;
2667  ssl_state->tx_data.updated_tc = true;
2668  ssl_state->tx_data.updated_ts = true;
2669  uint32_t counter = 0;
2670  ssl_state->f = f;
2671  const uint8_t *input = StreamSliceGetData(&stream_slice);
2672  const uint8_t *init_input = input;
2673  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2674 
2675  if ((input == NULL || input_len == 0) &&
2676  ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2677  (direction == 1 &&
2679  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2680  if (direction == 0)
2681  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2682  else
2683  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2685  } else if (input == NULL || input_len == 0) {
2687  }
2688 
2689  if (direction == 0)
2690  ssl_state->curr_connp = &ssl_state->client_connp;
2691  else
2692  ssl_state->curr_connp = &ssl_state->server_connp;
2693 
2694  /* If entering on a new record, reset the current flags. */
2695  if (ssl_state->curr_connp->bytes_processed == 0) {
2696  ssl_state->current_flags = 0;
2697  }
2698 
2699  /* if we have more than one record */
2700  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2701  while (input_len > 0) {
2702  if (counter > max_records) {
2703  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2704  "and get out of here");
2705  SSLParserReset(ssl_state);
2706  SSLSetEvent(ssl_state,
2708  return APP_LAYER_ERROR;
2709  }
2710 
2711  /* ssl_state->bytes_processed is zero for a fresh record or
2712  positive to indicate a record currently being parsed */
2713 
2714  if (ssl_state->curr_connp->bytes_processed == 0) {
2715  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2716  /* only SSLv2, has one of the top 2 bits set */
2717  ssl_state->curr_connp->version = SSL_VERSION_2;
2718  SCLogDebug("SSLv2 detected");
2719  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2720  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2721  SCLogDebug("SSL/TLS version reset");
2722  }
2723  }
2724  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2725  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2726 
2727  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2728  if (ssl_state->curr_connp->bytes_processed == 0) {
2729  SCLogDebug("New SSLv2 record parsing");
2730  } else {
2731  SCLogDebug("Continuing parsing SSLv2 record");
2732  }
2733  struct SSLDecoderResult r =
2734  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2735  if (r.retval < 0 || r.retval > input_len) {
2736  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2737  SCLogDebug("Error parsing SSLv2. Resetting parser "
2738  "state. Let's get outta here");
2739  SSLParserReset(ssl_state);
2740  SSLSetEvent(ssl_state,
2742  return APP_LAYER_ERROR;
2743  } else if (r.needed) {
2744  input += r.retval;
2745  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2746  (uintmax_t)(input - init_input), r.needed);
2747  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2748  }
2749  input_len -= r.retval;
2750  input += r.retval;
2751  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2752  } else {
2753  if (ssl_state->curr_connp->bytes_processed == 0) {
2754  SCLogDebug("New TLS record: record_length %u",
2755  ssl_state->curr_connp->record_length);
2756  } else {
2757  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2758  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2759  }
2760  struct SSLDecoderResult r =
2761  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2762  if (r.retval < 0 || r.retval > input_len) {
2763  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2764  SCLogDebug("Error parsing TLS. Resetting parser "
2765  "state. Let's get outta here");
2766  SSLParserReset(ssl_state);
2767  return APP_LAYER_ERROR;
2768  } else if (r.needed) {
2769  input += r.retval;
2770  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2771  (uintmax_t)(input - init_input), r.needed);
2772  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2773  }
2774  input_len -= r.retval;
2775  input += r.retval;
2776  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2777 
2779  && ssl_state->curr_connp->record_length == 0) {
2780  SCLogDebug("TLS empty record");
2781  /* empty record */
2782  SSLParserReset(ssl_state);
2783  }
2784  }
2785  counter++;
2786  } /* while (input_len) */
2787 
2788  /* mark handshake as done if we have subject and issuer */
2789  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2790  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2791  /* update both sides to keep existing behavior */
2792  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2793  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2794  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2795  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2796  /* update both sides to keep existing behavior */
2797  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2798  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2799  }
2800 
2801  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2804  /* update both sides to keep existing behavior */
2805  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2806  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2807  }
2808 
2809  return APP_LAYER_OK;
2810 }
2811 
2812 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2813  StreamSlice stream_slice, void *local_data)
2814 {
2815  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2816 }
2817 
2818 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2819  StreamSlice stream_slice, void *local_data)
2820 {
2821  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2822 }
2823 
2824 /**
2825  * \internal
2826  * \brief Function to allocate the SSL state memory.
2827  */
2828 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2829 {
2830  SSLState *ssl_state = SCCalloc(1, sizeof(SSLState));
2831  if (unlikely(ssl_state == NULL))
2832  return NULL;
2833  ssl_state->client_connp.cert_log_flag = 0;
2834  ssl_state->server_connp.cert_log_flag = 0;
2835  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2836  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2837  ssl_state->client_connp.hs = SCTLSHandshakeNew();
2838  ssl_state->server_connp.hs = SCTLSHandshakeNew();
2839  TAILQ_INIT(&ssl_state->server_connp.certs);
2840  TAILQ_INIT(&ssl_state->client_connp.certs);
2841 
2842  return (void *)ssl_state;
2843 }
2844 
2845 static void SSLStateCertSANFree(SSLStateConnp *connp)
2846 {
2847  if (connp->cert0_sans) {
2848  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
2849  SCRustCStringFree(connp->cert0_sans[i]);
2850  }
2851  SCFree(connp->cert0_sans);
2852  }
2853 }
2854 
2855 /**
2856  * \internal
2857  * \brief Function to free the SSL state memory.
2858  */
2859 static void SSLStateFree(void *p)
2860 {
2861  SSLState *ssl_state = (SSLState *)p;
2862  SSLCertsChain *item;
2863 
2864  if (ssl_state->client_connp.cert0_subject)
2865  SCRustCStringFree(ssl_state->client_connp.cert0_subject);
2866  if (ssl_state->client_connp.cert0_issuerdn)
2867  SCRustCStringFree(ssl_state->client_connp.cert0_issuerdn);
2868  if (ssl_state->client_connp.cert0_serial)
2869  SCRustCStringFree(ssl_state->client_connp.cert0_serial);
2870  if (ssl_state->client_connp.cert0_fingerprint)
2872  if (ssl_state->client_connp.sni)
2873  SCFree(ssl_state->client_connp.sni);
2874  if (ssl_state->client_connp.session_id)
2875  SCFree(ssl_state->client_connp.session_id);
2876  if (ssl_state->client_connp.hs_buffer)
2877  SCFree(ssl_state->client_connp.hs_buffer);
2878 
2879  if (ssl_state->server_connp.cert0_subject)
2880  SCRustCStringFree(ssl_state->server_connp.cert0_subject);
2881  if (ssl_state->server_connp.cert0_issuerdn)
2882  SCRustCStringFree(ssl_state->server_connp.cert0_issuerdn);
2883  if (ssl_state->server_connp.cert0_serial)
2884  SCRustCStringFree(ssl_state->server_connp.cert0_serial);
2885  if (ssl_state->server_connp.cert0_fingerprint)
2887  if (ssl_state->server_connp.sni)
2888  SCFree(ssl_state->server_connp.sni);
2889  if (ssl_state->server_connp.session_id)
2890  SCFree(ssl_state->server_connp.session_id);
2891 
2892  if (ssl_state->client_connp.hs)
2893  SCTLSHandshakeFree(ssl_state->client_connp.hs);
2894  if (ssl_state->client_connp.ja3_str)
2895  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2896  if (ssl_state->client_connp.ja3_hash)
2897  SCFree(ssl_state->client_connp.ja3_hash);
2898  if (ssl_state->server_connp.hs)
2899  SCTLSHandshakeFree(ssl_state->server_connp.hs);
2900  if (ssl_state->server_connp.ja3_str)
2901  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2902  if (ssl_state->server_connp.ja3_hash)
2903  SCFree(ssl_state->server_connp.ja3_hash);
2904  if (ssl_state->server_connp.hs_buffer)
2905  SCFree(ssl_state->server_connp.hs_buffer);
2906 
2907  SSLStateCertSANFree(&ssl_state->server_connp);
2908  SSLStateCertSANFree(&ssl_state->client_connp);
2909 
2910  SCAppLayerTxDataCleanup(&ssl_state->tx_data);
2911 
2912  /* Free certificate chain */
2913  if (ssl_state->server_connp.certs_buffer)
2914  SCFree(ssl_state->server_connp.certs_buffer);
2915  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2916  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2917  SCFree(item);
2918  }
2919  TAILQ_INIT(&ssl_state->server_connp.certs);
2920  /* Free certificate chain */
2921  if (ssl_state->client_connp.certs_buffer)
2922  SCFree(ssl_state->client_connp.certs_buffer);
2923  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2924  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2925  SCFree(item);
2926  }
2927  TAILQ_INIT(&ssl_state->client_connp.certs);
2928 
2929  SCFree(ssl_state);
2930 }
2931 
2932 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2933 {
2934  /* do nothing */
2935 }
2936 
2937 static AppProto SSLProbingParser(Flow *f, uint8_t direction,
2938  const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2939 {
2940  /* probably a rst/fin sending an eof */
2941  if (ilen < 3)
2942  return ALPROTO_UNKNOWN;
2943 
2944  /* for now just the 3 byte header ones */
2945  /* \todo Detect the 2 byte ones */
2946  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2947  return ALPROTO_TLS;
2948  }
2949 
2950  return ALPROTO_FAILED;
2951 }
2952 
2953 static int SSLStateGetStateIdByName(const char *name, const uint8_t direction)
2954 {
2955  SCEnumCharMap *map =
2956  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
2957 
2958  int id = SCMapEnumNameToValue(name, map);
2959  if (id < 0) {
2960  return -1;
2961  }
2962  return id;
2963 }
2964 
2965 static const char *SSLStateGetStateNameById(const int id, const uint8_t direction)
2966 {
2967  SCEnumCharMap *map =
2968  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
2969  const char *name = SCMapEnumValueToName(id, map);
2970  return name;
2971 }
2972 
2973 static int SSLStateGetFrameIdByName(const char *frame_name)
2974 {
2975  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
2976  if (id < 0) {
2977  return -1;
2978  }
2979  return id;
2980 }
2981 
2982 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
2983 {
2984  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
2985  return name;
2986 }
2987 
2988 static int SSLStateGetEventInfo(
2989  const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
2990 {
2991  if (SCAppLayerGetEventIdByName(event_name, tls_decoder_event_table, event_id) == 0) {
2992  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2993  return 0;
2994  }
2995  return -1;
2996 }
2997 
2998 static int SSLStateGetEventInfoById(
2999  uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
3000 {
3001  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
3002  if (*event_name == NULL) {
3003  SCLogError("event \"%d\" not present in "
3004  "ssl's enum map table.",
3005  event_id);
3006  /* yes this is fatal */
3007  return -1;
3008  }
3009 
3010  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3011 
3012  return 0;
3013 }
3014 
3015 static int SSLRegisterPatternsForProtocolDetection(void)
3016 {
3017  if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
3018  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
3019  return -1;
3020  }
3021 
3022  /** SSLv3 */
3024  "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3025  {
3026  return -1;
3027  }
3029  "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3030  {
3031  return -1;
3032  }
3033 
3034  /** TLSv1 */
3036  "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3037  {
3038  return -1;
3039  }
3041  "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3042  {
3043  return -1;
3044  }
3045 
3046  /** TLSv1.1 */
3048  "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3049  {
3050  return -1;
3051  }
3053  "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3054  {
3055  return -1;
3056  }
3057 
3058  /** TLSv1.2 */
3060  "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3061  {
3062  return -1;
3063  }
3065  "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3066  {
3067  return -1;
3068  }
3069 
3070  /***** toclient direction *****/
3071 
3073  "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3074  {
3075  return -1;
3076  }
3078  "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3079  {
3080  return -1;
3081  }
3083  "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3084  {
3085  return -1;
3086  }
3087 
3088  /** TLSv1 */
3090  "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3091  {
3092  return -1;
3093  }
3095  "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3096  {
3097  return -1;
3098  }
3100  "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3101  {
3102  return -1;
3103  }
3104 
3105  /** TLSv1.1 */
3107  "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3108  {
3109  return -1;
3110  }
3112  "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3113  {
3114  return -1;
3115  }
3117  "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3118  {
3119  return -1;
3120  }
3121 
3122  /** TLSv1.2 */
3124  "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3125  {
3126  return -1;
3127  }
3129  "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3130  {
3131  return -1;
3132  }
3134  "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3135  {
3136  return -1;
3137  }
3138 
3139  /* Subsection - SSLv2 style record by client, but informing the server
3140  * the max version it supports.
3141  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
3142  * it after some tests */
3143 #if 0
3145  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
3146  {
3147  return -1;
3148  }
3150  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
3151  {
3152  return -1;
3153  }
3154 #endif
3155 
3156  return 0;
3157 }
3158 
3159 #ifdef HAVE_JA3
3160 static void CheckJA3Enabled(void)
3161 {
3162  const char *strval = NULL;
3163  /* Check if we should generate JA3 fingerprints */
3164  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3165  if (SCConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3166  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3167  } else if (strcmp(strval, "auto") == 0) {
3168  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3169  } else if (SCConfValIsFalse(strval)) {
3170  enable_ja3 = 0;
3171  ssl_config.disable_ja3 = true;
3172  } else if (SCConfValIsTrue(strval)) {
3173  enable_ja3 = true;
3174  }
3175  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3177  /* The feature is available, i.e. _could_ be activated by a rule or
3178  even is enabled in the configuration. */
3180  }
3181 }
3182 #endif /* HAVE_JA3 */
3183 
3184 #ifdef HAVE_JA4
3185 static void CheckJA4Enabled(void)
3186 {
3187  const char *strval = NULL;
3188  /* Check if we should generate JA4 fingerprints */
3189  int enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3190  if (SCConfGet("app-layer.protocols.tls.ja4-fingerprints", &strval) != 1) {
3191  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3192  } else if (strcmp(strval, "auto") == 0) {
3193  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3194  } else if (SCConfValIsFalse(strval)) {
3195  enable_ja4 = 0;
3196  ssl_config.disable_ja4 = true;
3197  } else if (SCConfValIsTrue(strval)) {
3198  enable_ja4 = true;
3199  }
3200  SC_ATOMIC_SET(ssl_config.enable_ja4, enable_ja4);
3202  /* The feature is available, i.e. _could_ be activated by a rule or
3203  even is enabled in the configuration. */
3205  }
3206 }
3207 #endif /* HAVE_JA4 */
3208 
3209 /**
3210  * \brief Function to register the SSL protocol parser and other functions
3211  */
3213 {
3214  const char *proto_name = "tls";
3215 
3216  SC_ATOMIC_INIT(ssl_config.enable_ja3);
3217 
3218  /** SSLv2 and SSLv23*/
3219  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
3221 
3222  if (SSLRegisterPatternsForProtocolDetection() < 0)
3223  return;
3224 
3225  if (RunmodeIsUnittests()) {
3226  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3227  "443",
3228  ALPROTO_TLS,
3229  0, 3,
3230  STREAM_TOSERVER,
3231  SSLProbingParser, NULL);
3232  } else {
3233  if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
3234  proto_name, ALPROTO_TLS,
3235  0, 3,
3236  SSLProbingParser, NULL) == 0) {
3237  SCLogConfig("no TLS config found, "
3238  "enabling TLS detection on port 443.");
3239  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3240  "443",
3241  ALPROTO_TLS,
3242  0, 3,
3243  STREAM_TOSERVER,
3244  SSLProbingParser, NULL);
3245  }
3246  }
3247  } else {
3248  SCLogConfig("Protocol detection and parser disabled for %s protocol",
3249  proto_name);
3250  return;
3251  }
3252 
3253  if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
3254  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
3255  SSLParseClientRecord);
3256 
3257  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3258  SSLParseServerRecord);
3260  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetStateIdByName, SSLStateGetStateNameById);
3262  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3263  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3264  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3265 
3266  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3267 
3269 
3270  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3271 
3272  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3273  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3274  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3275 
3276  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3277 
3278  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3279 
3282 
3283  SCConfNode *enc_handle = SCConfGetNode("app-layer.protocols.tls.encryption-handling");
3284  if (enc_handle != NULL && enc_handle->val != NULL) {
3285  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3286  if (strcmp(enc_handle->val, "full") == 0) {
3288  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3290  } else if (strcmp(enc_handle->val, "track-only") == 0) {
3292  } else if (strcmp(enc_handle->val, "default") == 0) {
3293  SCLogWarning("app-layer.protocols.tls.encryption-handling = default is deprecated "
3294  "and will be removed in Suricata 9, use \"track-only\" instead, "
3295  "(see ticket #7642)");
3297  } else {
3299  }
3300  } else {
3301  /* Get the value of no reassembly option from the config file */
3302  if (SCConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3303  int value = 0;
3304  if (SCConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3306  } else {
3307  int value = 0;
3308  if (SCConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 &&
3309  value == 1)
3311  }
3312  }
3313  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3314 
3315 #ifdef HAVE_JA3
3316  CheckJA3Enabled();
3317 #endif /* HAVE_JA3 */
3318 #ifdef HAVE_JA4
3319  CheckJA4Enabled();
3320 #endif /* HAVE_JA4 */
3321 
3322  if (g_disable_hashing) {
3323  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3324  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3325  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3326  }
3327  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3328  SCLogWarning("Hashing has been disabled, disabling JA4");
3329  SC_ATOMIC_SET(ssl_config.enable_ja4, 0);
3330  }
3331  } else {
3332  if (RunmodeIsUnittests()) {
3333 #ifdef HAVE_JA3
3334  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3335 #endif /* HAVE_JA3 */
3336 #ifdef HAVE_JA4
3337  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3338 #endif /* HAVE_JA4 */
3339  }
3340  }
3341  } else {
3342  SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.", proto_name);
3343  }
3344 }
3345 
3346 /**
3347  * \brief if not explicitly disabled in config, enable ja3 support
3348  *
3349  * Implemented using atomic to allow rule reloads to do this at
3350  * runtime.
3351  */
3352 void SSLEnableJA3(void)
3353 {
3355  return;
3356  }
3357  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3358  return;
3359  }
3360  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3361 }
3362 
3363 /**
3364  * \brief if not explicitly disabled in config, enable ja4 support
3365  *
3366  * Implemented using atomic to allow rule reloads to do this at
3367  * runtime.
3368  */
3369 void SSLEnableJA4(void)
3370 {
3371  // only caller has #ifdef HAVE_JA4
3373  return;
3374  }
3375  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3376  return;
3377  }
3378  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3379 }
3380 
3381 /**
3382  * \brief return whether ja3 is effectively enabled
3383  *
3384  * This means that it either has been enabled explicitly or has been
3385  * enabled by having loaded a rule while not being explicitly disabled.
3386  *
3387  * \retval true if enabled, false otherwise
3388  */
3390 {
3391  return SC_ATOMIC_GET(ssl_config.enable_ja3);
3392 }
3393 
3394 /**
3395  * \brief return whether ja4 is effectively enabled
3396  *
3397  * This means that it either has been enabled explicitly or has been
3398  * enabled by having loaded a rule while not being explicitly disabled.
3399  *
3400  * \retval true if enabled, false otherwise
3401  */
3403 {
3404  return SC_ATOMIC_GET(ssl_config.enable_ja4);
3405 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:212
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:174
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:98
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:71
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:187
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:499
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:227
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:204
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:148
AppLayerProtoDetectPPParseConfPorts
int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1567
SCConfValIsTrue
int SCConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:551
JA3Buffer_
Definition: util-ja3.h:31
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:163
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:253
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:257
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:73
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:182
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:229
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:237
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:147
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:174
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:248
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:39
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3369
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:270
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:132
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:182
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:38
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:240
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:249
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:190
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:121
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:86
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:308
SSLStateConnp_
Definition: app-layer-ssl.h:167
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:343
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:209
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:188
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:184
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:130
Flow_
Flow data structure.
Definition: flow.h:356
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:153
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:228
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:110
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: util-file.h:40
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:221
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:547
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:413
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:350
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:231
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:311
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:223
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:176
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:509
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:216
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:238
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:243
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Definition: util-ja3.c:314
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:230
TLS_STATE_SERVER_HELLO_DONE
@ TLS_STATE_SERVER_HELLO_DONE
Definition: app-layer-ssl.h:89
MIN
#define MIN(x, y)
Definition: suricata-common.h:408
SCConfGetBool
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:497
AppLayerParserRegisterGetStateFuncs
void AppLayerParserRegisterGetStateFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetStateIdByNameFn GetIdByNameFunc, AppLayerParserGetStateNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:574
util-ja3.h
SCConfValIsFalse
int SCConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:576
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:175
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:112
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:230
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:197
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:227
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
SSL_CNF_ENC_HANDLE_TRACK_ONLY
@ SSL_CNF_ENC_HANDLE_TRACK_ONLY
Definition: app-layer-ssl.c:194
MAX
#define MAX(x, y)
Definition: suricata-common.h:412
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:216
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:39
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:74
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:171
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:98
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:188
AppLayerParserTriggerRawStreamInspection
void AppLayerParserTriggerRawStreamInspection(Flow *f, int direction)
Definition: app-layer-parser.c:1556
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:177
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:218
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:69
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:62
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:103
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:104
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:191
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:172
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:241
AppLayerProtoDetectPPRegister
void AppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1527
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:118
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:72
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:239
app-layer-detect-proto.h
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:263
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:75
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
feature.h
decode.h
util-debug.h
TLS_STATE_CLIENT_HANDSHAKE_DONE
@ TLS_STATE_CLIENT_HANDSHAKE_DONE
Definition: app-layer-ssl.h:81
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
AppLayerParserState_
Definition: app-layer-parser.c:133
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:252
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3389
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:138
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:171
SSLState_::client_state
enum TlsStateClient client_state
Definition: app-layer-ssl.h:245
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Definition: util-ja3.c:309
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:179
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:241
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:262
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:219
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:203
TLS_STATE_CLIENT_HELLO_DONE
@ TLS_STATE_CLIENT_HELLO_DONE
Definition: app-layer-ssl.h:79
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
TlsStateServer
TlsStateServer
Definition: app-layer-ssl.h:85
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:67
SSLCertsChain_
Definition: app-layer-ssl.h:161
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:584
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:64
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:317
TlsStateClient
TlsStateClient
Definition: app-layer-ssl.h:77
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:70
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:135
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:434
AppLayerProtoDetectPMRegisterPatternCSwPP
int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1654
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:36
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:109
TLS_STATE_SERVER_FINISHED
@ TLS_STATE_SERVER_FINISHED
Definition: app-layer-ssl.h:91
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:250
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:159
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
TLS_STATE_CLIENT_IN_PROGRESS
@ TLS_STATE_CLIENT_IN_PROGRESS
Definition: app-layer-ssl.h:78
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:594
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:193
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:117
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:111
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:244
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:236
SSL_EXTENSION_ALPN
#define SSL_EXTENSION_ALPN
Definition: app-layer-ssl.h:150
type
uint16_t type
Definition: decode-vlan.c:106
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:40
conf.h
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:183
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:124
SSLState_::server_state
enum TlsStateServer server_state
Definition: app-layer-ssl.h:246
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3352
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:169
SslConfig_
Definition: app-layer-ssl.c:199
name
const char * name
Definition: tm-threads.c:2123
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:235
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1763
TLS_STATE_SERVER_CERT_DONE
@ TLS_STATE_SERVER_CERT_DONE
Definition: app-layer-ssl.h:88
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:215
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:213
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:242
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:162
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:257
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:204
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:35
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:401
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:140
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:228
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:95
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:259
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:529
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1821
SSLDecoderResult
Definition: app-layer-ssl.c:261
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:63
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1485
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:63
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:186
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:246
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:265
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:101
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:292
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:184
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:61
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3212
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:248
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:270
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:151
SSL_EXTENSION_SIGNATURE_ALGORITHMS
#define SSL_EXTENSION_SIGNATURE_ALGORITHMS
Definition: app-layer-ssl.h:149
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Definition: util-ja3.c:319
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:152
SCEnumCharMap_
Definition: util-enum.h:27
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:177
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:324
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:615
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:217
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:65
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:275
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:605
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:457
FEATURE_JA4
#define FEATURE_JA4
Definition: feature.h:30
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:200
TLS_STATE_CLIENT_CERT_DONE
@ TLS_STATE_CLIENT_CERT_DONE
Definition: app-layer-ssl.h:80
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:219
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:97
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:225
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:156
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:237
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:209
str
#define str(s)
Definition: suricata-common.h:308
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:262
SCFree
#define SCFree(p)
Definition: util-mem.h:61
TLS_STATE_SERVER_IN_PROGRESS
@ TLS_STATE_SERVER_IN_PROGRESS
Definition: app-layer-ssl.h:86
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:66
src
uint16_t src
Definition: app-layer-dnp3.h:5
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:234
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:105
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:214
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3402
WARN_UNUSED
#define WARN_UNUSED
Definition: bindgen.h:32
SSLStateConnp_::cert0_sans_len
uint16_t cert0_sans_len
Definition: app-layer-ssl.h:195
SslConfig_::disable_ja4
bool disable_ja4
Definition: app-layer-ssl.c:206
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:33
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:220
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:206
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:68
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:249
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:111
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja4)
app-layer-protos.h
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:179
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:519
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:195
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:67
SslConfig
struct SslConfig_ SslConfig
SSLStateConnp_::hs
HandshakeParams * hs
Definition: app-layer-ssl.h:211
FEATURE_JA3
#define FEATURE_JA3
Definition: feature.h:29
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:562
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:106
id
uint32_t id
Definition: detect-flowbits.c:933
TLS_STATE_SERVER_HELLO
@ TLS_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:87
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1641
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:37
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:199
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
TLS_DECODER_EVENT_INVALID_ALERT
@ TLS_DECODER_EVENT_INVALID_ALERT
Definition: app-layer-ssl.h:59
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:146
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:192
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:255
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:208
TLS_STATE_SERVER_HANDSHAKE_DONE
@ TLS_STATE_SERVER_HANDSHAKE_DONE
Definition: app-layer-ssl.h:90
AppLayerParserStateIssetFlag
uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1829
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:178
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:226
util-enum.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:276
SCConfNode_
Definition: conf.h:37
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:215
SCConfNode_::val
char * val
Definition: conf.h:39
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1964
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:173
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:189
TLS_STATE_CLIENT_FINISHED
@ TLS_STATE_CLIENT_FINISHED
Definition: app-layer-ssl.h:82
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:222
SCAppLayerGetEventIdByName
int SCAppLayerGetEventIdByName(const char *event_name, SCEnumCharMap *table, uint8_t *event_id)
Definition: app-layer-events.c:28
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:128
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:231
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:116
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:102
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:196
SSLStateConnp_::cert0_sans
char ** cert0_sans
Definition: app-layer-ssl.h:194
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:234
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:176
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:224
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:213