suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 
30 #include "app-layer.h"
31 #include "app-layer-detect-proto.h"
32 #include "app-layer-protos.h"
33 #include "app-layer-parser.h"
34 #include "app-layer-frames.h"
35 #include "app-layer-events.h"
36 #include "app-layer-ssl.h"
37 
38 #include "conf.h"
39 
40 #include "feature.h"
41 
42 #include "util-debug.h"
43 #include "util-ja3.h"
44 #include "util-enum.h"
45 #include "util-validate.h"
46 
47 static SCEnumCharMap tls_state_client_table[] = {
48  {
49  "client_in_progress",
50  TLS_STATE_CLIENT_IN_PROGRESS,
51  },
52  {
53  "client_hello_done",
54  TLS_STATE_CLIENT_HELLO_DONE,
55  },
56  {
57  "client_cert_done",
58  TLS_STATE_CLIENT_CERT_DONE,
59  },
60  {
61  "client_handshake_done",
62  TLS_STATE_CLIENT_HANDSHAKE_DONE,
63  },
64  {
65  "client_finished",
66  TLS_STATE_CLIENT_FINISHED,
67  },
68  { NULL, -1 },
69 };
70 
71 static SCEnumCharMap tls_state_server_table[] = {
72  {
73  "server_in_progress",
74  TLS_STATE_SERVER_IN_PROGRESS,
75  },
76  {
77  "server_hello",
78  TLS_STATE_SERVER_HELLO,
79  },
80  {
81  "server_cert_done",
82  TLS_STATE_SERVER_CERT_DONE,
83  },
84  {
85  "server_hello_done",
86  TLS_STATE_SERVER_HELLO_DONE,
87  },
88  {
89  "server_handshake_done",
90  TLS_STATE_SERVER_HANDSHAKE_DONE,
91  },
92  {
93  "server_finished",
94  TLS_STATE_SERVER_FINISHED,
95  },
96  { NULL, -1 },
97 };
98 
99 SCEnumCharMap tls_frame_table[] = {
100  {
101  "pdu",
102  TLS_FRAME_PDU,
103  },
104  {
105  "hdr",
106  TLS_FRAME_HDR,
107  },
108  {
109  "data",
110  TLS_FRAME_DATA,
111  },
112  {
113  "alert",
114  TLS_FRAME_ALERT_DATA,
115  },
116  {
117  "heartbeat",
118  TLS_FRAME_HB_DATA,
119  },
120  {
121  "ssl2.hdr",
122  TLS_FRAME_SSLV2_HDR,
123  },
124  {
125  "ssl2.pdu",
126  TLS_FRAME_SSLV2_PDU,
127  },
128  { NULL, -1 },
129 };
130 
131 SCEnumCharMap tls_decoder_event_table[] = {
132  /* TLS protocol messages */
133  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
134  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
135  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
136  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
137  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
138  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
139  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
140  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
141  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
142  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
143  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
144  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
145  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
146  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
147  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
148  { "INVALID_ALERT_MESSAGE", TLS_DECODER_EVENT_INVALID_ALERT },
149  /* certificate decoding messages */
150  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
151  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
152  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
153  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
154  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
155  TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
156  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
157  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
158  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
159  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
160  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
161  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
162  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
163  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
164  /* used as a generic error event */
165  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
166  { NULL, -1 },
167 };
168 
169 enum {
170  /* X.509 error codes, returned by decoder
171  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
172  ERR_INVALID_CERTIFICATE=1,
173  ERR_INVALID_LENGTH,
174  ERR_INVALID_VERSION,
175  ERR_INVALID_SERIAL,
176  ERR_INVALID_ALGORITHMIDENTIFIER,
177  ERR_INVALID_X509NAME,
178  ERR_INVALID_DATE,
179  ERR_INVALID_EXTENSIONS,
180  ERR_INVALID_DER,
181 
182  /* error getting data */
183  ERR_EXTRACT_SUBJECT,
184  ERR_EXTRACT_ISSUER,
185  ERR_EXTRACT_VALIDITY,
186 };
187 
188 /* JA3 and JA4 fingerprints are disabled by default */
189 #define SSL_CONFIG_DEFAULT_JA3 0
190 #ifdef HAVE_JA4
191 #define SSL_CONFIG_DEFAULT_JA4 0
192 #endif
193 
194 enum SslConfigEncryptHandling {
195  SSL_CNF_ENC_HANDLE_TRACK_ONLY = 0, /**< disable raw content, continue tracking */
196  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
197  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
198 };
199 
200 typedef struct SslConfig_ {
201  enum SslConfigEncryptHandling encrypt_mode;
202  /** dynamic setting for ja3 and ja4: can be enabled on demand if not
203  * explicitly disabled. */
204  SC_ATOMIC_DECLARE(int, enable_ja3);
205  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
206  SC_ATOMIC_DECLARE(int, enable_ja4);
207  bool disable_ja4; /**< ja4 explicitly disabled. Don't enable on demand. */
208 } SslConfig;
209 
210 SslConfig ssl_config;
211 
212 /* SSLv3 record types */
213 #define SSLV3_CHANGE_CIPHER_SPEC 20
214 #define SSLV3_ALERT_PROTOCOL 21
215 #define SSLV3_HANDSHAKE_PROTOCOL 22
216 #define SSLV3_APPLICATION_PROTOCOL 23
217 #define SSLV3_HEARTBEAT_PROTOCOL 24
218 
219 /* SSLv3 handshake protocol types */
220 #define SSLV3_HS_HELLO_REQUEST 0
221 #define SSLV3_HS_CLIENT_HELLO 1
222 #define SSLV3_HS_SERVER_HELLO 2
223 #define SSLV3_HS_NEW_SESSION_TICKET 4
224 #define SSLV3_HS_CERTIFICATE 11
225 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
226 #define SSLV3_HS_CERTIFICATE_REQUEST 13
227 #define SSLV3_HS_SERVER_HELLO_DONE 14
228 #define SSLV3_HS_CERTIFICATE_VERIFY 15
229 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
230 #define SSLV3_HS_FINISHED 20
231 #define SSLV3_HS_CERTIFICATE_URL 21
232 #define SSLV3_HS_CERTIFICATE_STATUS 22
233 
234 /* SSLv2 protocol message types */
235 #define SSLV2_MT_ERROR 0
236 #define SSLV2_MT_CLIENT_HELLO 1
237 #define SSLV2_MT_CLIENT_MASTER_KEY 2
238 #define SSLV2_MT_CLIENT_FINISHED 3
239 #define SSLV2_MT_SERVER_HELLO 4
240 #define SSLV2_MT_SERVER_VERIFY 5
241 #define SSLV2_MT_SERVER_FINISHED 6
242 #define SSLV2_MT_REQUEST_CERTIFICATE 7
243 #define SSLV2_MT_CLIENT_CERTIFICATE 8
244 
245 #define SSLV3_RECORD_HDR_LEN 5
246 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
247 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
248 
249 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
250 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
251 
252 /* TLS heartbeat protocol types */
253 #define TLS_HB_REQUEST 1
254 #define TLS_HB_RESPONSE 2
255 
256 #define SSL_RECORD_MINIMUM_LENGTH 6
257 
258 #define SHA1_STRING_LENGTH 60
259 
260 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
261 
262 struct SSLDecoderResult {
263  int retval; // nr bytes consumed from input, or < 0 on error
264  uint32_t needed; // more bytes needed
265 };
266 #define SSL_DECODER_ERROR(e) \
267  (struct SSLDecoderResult) \
268  { \
269  (e), 0 \
270  }
271 #define SSL_DECODER_OK(c) \
272  (struct SSLDecoderResult) \
273  { \
274  (uint32_t)(c), 0 \
275  }
276 #define SSL_DECODER_INCOMPLETE(c, n) \
277  (struct SSLDecoderResult) \
278  { \
279  (uint32_t)(c), (n) \
280  }
281 
282 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
283  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
284 
285 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
286  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
287 {
288  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
289  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
290  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
291  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
292 
293  if (dst_offset < dst_size && src_offset < src_size &&
294  src_tocopy <= (src_size - src_offset) &&
295  src_tocopy <= (dst_size - dst_offset)) {
296  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
297  return 0;
298  }
299  return -1;
300 }
301 
302 #ifdef DEBUG_VALIDATION
303 #define ValidateRecordState(connp) \
304  do { \
305  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
306  (connp)->bytes_processed); \
307  } while(0);
308 #else
309 #define ValidateRecordState(...)
310 #endif
311 
312 #define SSLParserHSReset(connp) \
313  do { \
314  (connp)->handshake_type = 0; \
315  (connp)->message_length = 0; \
316  } while (0)
317 
318 #define SSLParserReset(state) \
319  do { \
320  SCLogDebug("resetting state"); \
321  (state)->curr_connp->bytes_processed = 0; \
322  SSLParserHSReset((state)->curr_connp); \
323  } while(0)
324 
325 #define SSLSetEvent(ssl_state, event) \
326  do { \
327  SCLogDebug("setting event %u", (event)); \
328  if ((ssl_state) == NULL) { \
329  SCLogDebug("could not set decoder event %u", event); \
330  } else { \
331  SCAppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
332  (ssl_state)->events++; \
333  } \
334  } while (0)
335 
336 static void *SSLGetTx(void *state, uint64_t tx_id)
337 {
338  SSLState *ssl_state = (SSLState *)state;
339  return ssl_state;
340 }
341 
342 static uint64_t SSLGetTxCnt(void *state)
343 {
344  /* single tx */
345  return 1;
346 }
347 
348 static void UpdateClientState(SSLState *ssl_state, enum TlsStateClient s)
349 {
350 #ifdef DEBUG
351  enum TlsStateClient old = ssl_state->client_state;
352 #endif
353  ssl_state->client_state = s;
354 #ifdef DEBUG
355  SCLogDebug("toserver: state updated to %u from %u", s, old);
356 #endif
357 }
358 
359 static void UpdateServerState(SSLState *ssl_state, enum TlsStateServer s)
360 {
361 #ifdef DEBUG
362  enum TlsStateServer old = ssl_state->server_state;
363 #endif
364  ssl_state->server_state = s;
365 #ifdef DEBUG
366  SCLogDebug("toclient: state updated to %u from %u", s, old);
367 #endif
368 }
369 
370 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
371 {
372  SSLState *ssl_state = (SSLState *)tx;
373  if (direction & STREAM_TOCLIENT) {
374  return ssl_state->server_state;
375  } else {
376  return ssl_state->client_state;
377  }
378 }
379 
380 static AppLayerTxData *SSLGetTxData(void *vtx)
381 {
382  SSLState *ssl_state = (SSLState *)vtx;
383  return &ssl_state->tx_data;
384 }
385 
386 static AppLayerStateData *SSLGetStateData(void *vstate)
387 {
388  SSLState *ssl_state = (SSLState *)vstate;
389  return &ssl_state->state_data;
390 }
391 
392 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
393 {
394  switch(err) {
395  case ERR_EXTRACT_VALIDITY:
396  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY);
397  break;
398  case ERR_EXTRACT_ISSUER:
399  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER);
400  break;
401  case ERR_EXTRACT_SUBJECT:
402  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT);
403  break;
404  case ERR_INVALID_DER:
405  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER);
406  break;
407  case ERR_INVALID_EXTENSIONS:
408  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS);
409  break;
410  case ERR_INVALID_DATE:
411  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE);
412  break;
413  case ERR_INVALID_X509NAME:
414  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME);
415  break;
416  case ERR_INVALID_ALGORITHMIDENTIFIER:
417  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER);
418  break;
419  case ERR_INVALID_SERIAL:
420  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL);
421  break;
422  case ERR_INVALID_VERSION:
423  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION);
424  break;
425  case ERR_INVALID_LENGTH:
426  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH);
427  break;
428  case ERR_INVALID_CERTIFICATE:
429  default:
430  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
431  break;
432  }
433 }
434 
435 static inline int TlsDecodeHSCertificateFingerprint(
436  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
437 {
438  if (unlikely(connp->cert0_fingerprint != NULL))
439  return 0;
440 
441  connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH);
442  if (connp->cert0_fingerprint == NULL)
443  return -1;
444 
445  uint8_t hash[SC_SHA1_LEN];
446  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
447  SCToHex_sep(
448  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
449  }
450  return 0;
451 }
452 
453 static inline int TlsDecodeHSCertificateAddCertToChain(
454  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
455 {
456  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
457  if (cert == NULL)
458  return -1;
459 
460  cert->cert_data = (uint8_t *)input;
461  cert->cert_len = cert_len;
462  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
463 
464  return 0;
465 }
466 
467 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
468  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
469 {
470  const uint8_t *input = (uint8_t *)initial_input;
471  uint32_t err_code = 0;
472  X509 *x509 = NULL;
473  int rc = 0;
474 
475  if (!(HAS_SPACE(3)))
476  goto invalid_cert;
477 
478  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
479  input += 3;
480 
481  if (!(HAS_SPACE(cert_len)))
482  goto invalid_cert;
483 
484  /* only store fields from the first certificate in the chain */
485  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
486  connp->cert0_serial == NULL) {
487  x509 = SCX509Decode(input, cert_len, &err_code);
488  if (x509 == NULL) {
489  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
490  goto next;
491  }
492 
493  SCX509GetSubject(x509, &connp->cert0_subject, &connp->cert0_subject_len);
494  if (connp->cert0_subject == NULL) {
495  err_code = ERR_EXTRACT_SUBJECT;
496  goto error;
497  }
498 
499  SCX509GetIssuer(x509, &connp->cert0_issuerdn, &connp->cert0_issuerdn_len);
500  if (connp->cert0_issuerdn == NULL) {
501  err_code = ERR_EXTRACT_ISSUER;
502  goto error;
503  }
504 
505  connp->cert0_sans_num = SCX509GetSubjectAltNameLen(x509);
506  connp->cert0_sans = SCCalloc(connp->cert0_sans_num, sizeof(SSLSubjectAltName));
507  if (connp->cert0_sans == NULL) {
508  goto error;
509  }
510  for (uint16_t i = 0; i < connp->cert0_sans_num; i++) {
511  SCX509GetSubjectAltNameAt(
512  x509, i, &connp->cert0_sans[i].san, &connp->cert0_sans[i].san_len);
513  }
514 
515  SCX509GetSerial(x509, &connp->cert0_serial, &connp->cert0_serial_len);
516  if (connp->cert0_serial == NULL) {
517  err_code = ERR_INVALID_SERIAL;
518  goto error;
519  }
520 
521  rc = SCX509GetValidity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
522  if (rc != 0) {
523  err_code = ERR_EXTRACT_VALIDITY;
524  goto error;
525  }
526 
527  SCX509Free(x509);
528  x509 = NULL;
529 
530  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
531  if (rc != 0) {
532  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
533  goto error;
534  }
535  }
536 
537  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
538  if (rc != 0) {
539  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
540  goto error;
541  }
542 
543 next:
544  input += cert_len;
545  return (int)(input - initial_input);
546 
547 error:
548  if (err_code != 0)
549  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
550  if (x509 != NULL)
551  SCX509Free(x509);
552 
553  return -1;
554 
555 invalid_cert:
556  SCLogDebug("TLS invalid certificate");
557  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
558  return -1;
559 }
560 
561 /** \internal
562  * \brief parse cert data in a certificate handshake message
563  * will be called with all data.
564  * \retval consumed bytes consumed or -1 on error
565  */
566 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
567  const uint8_t *const initial_input, const uint32_t input_len)
568 {
569  const uint8_t *input = (uint8_t *)initial_input;
570 
571  if (!(HAS_SPACE(3)))
572  return -1;
573 
574  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
575  input += 3;
576 
577  if (!(HAS_SPACE(cert_chain_len)))
578  return -1;
579 
580  if (connp->certs_buffer != NULL) {
581  // TODO should we set an event here?
582  return -1;
583  }
584 
585  connp->certs_buffer = SCCalloc(1, cert_chain_len);
586  if (connp->certs_buffer == NULL) {
587  return -1;
588  }
589  connp->certs_buffer_size = cert_chain_len;
590  memcpy(connp->certs_buffer, input, cert_chain_len);
591 
592  int cert_cnt = 0;
593  uint32_t processed_len = 0;
594  /* coverity[tainted_data] */
595  while (processed_len < cert_chain_len) {
596  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
597  connp->certs_buffer_size - processed_len, cert_cnt);
598  if (rc <= 0) { // 0 should be impossible, but lets be defensive
599  return -1;
600  }
601  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
602  if (processed_len + (uint32_t)rc > cert_chain_len) {
603  return -1;
604  }
605 
606  processed_len += (uint32_t)rc;
607  }
608 
609  return processed_len + 3;
610 }
611 
612 /**
613  * \inline
614  * \brief Check if value is GREASE.
615  *
616  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
617  *
618  * \param value Value to check.
619  *
620  * \retval 1 if is GREASE.
621  * \retval 0 if not is GREASE.
622  */
623 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
624 {
625  switch (value)
626  {
627  case 0x0a0a:
628  case 0x1a1a:
629  case 0x2a2a:
630  case 0x3a3a:
631  case 0x4a4a:
632  case 0x5a5a:
633  case 0x6a6a:
634  case 0x7a7a:
635  case 0x8a8a:
636  case 0x9a9a:
637  case 0xaaaa:
638  case 0xbaba:
639  case 0xcaca:
640  case 0xdada:
641  case 0xeaea:
642  case 0xfafa:
643  return 1;
644  default:
645  return 0;
646  }
647 }
648 
649 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
650  const uint8_t * const initial_input,
651  const uint32_t input_len)
652 {
653  uint8_t *input = (uint8_t *)initial_input;
654 
655  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_VERSION_LEN))) {
656  SCLogDebug("TLS handshake invalid length");
657  SSLSetEvent(ssl_state,
658  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
659  return -1;
660  }
661 
662  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
663  ssl_state->curr_connp->version = version;
664 
665  if (ssl_state->current_flags &
666  (SSL_AL_FLAG_STATE_CLIENT_HELLO | SSL_AL_FLAG_STATE_SERVER_HELLO)) {
667  SCTLSHandshakeSetTLSVersion(ssl_state->curr_connp->hs, version);
668  }
669 
670  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
671  versions, instead of using the supported versions extension. */
672  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
673  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
674  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
675  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
676  }
677 
678  /* Catch some early TLSv1.3 draft implementations that does not conform
679  to the draft version. */
680  if ((ssl_state->curr_connp->version >= 0x7f01) &&
681  (ssl_state->curr_connp->version < 0x7f10)) {
682  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
683  }
684 
685  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
686  version number, which makes it hard to accurately pinpoint the
687  exact draft version. */
688  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
689  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
690  }
691 
692  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
693  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
694  if (ssl_state->curr_connp->ja3_str == NULL)
695  return -1;
696 
697  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
698  if (rc != 0)
699  return -1;
700  }
701 
702  input += SSLV3_CLIENT_HELLO_VERSION_LEN;
703 
704  return (int)(input - initial_input);
705 }
706 
707 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
708  const uint8_t * const initial_input,
709  const uint32_t input_len)
710 {
711  uint8_t *input = (uint8_t *)initial_input;
712 
713  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_RANDOM_LEN))) {
714  SCLogDebug("TLS handshake invalid length");
715  SSLSetEvent(ssl_state,
716  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
717  return -1;
718  }
719 
720  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
721  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
722  ssl_state->flags |= TLS_TS_RANDOM_SET;
723  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
724  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
725  ssl_state->flags |= TLS_TC_RANDOM_SET;
726  }
727 
728  /* Skip random */
729  input += SSLV3_CLIENT_HELLO_RANDOM_LEN;
730 
731  return (int)(input - initial_input);
732 }
733 
734 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
735  const uint8_t * const initial_input,
736  const uint32_t input_len)
737 {
738  uint8_t *input = (uint8_t *)initial_input;
739 
740  if (!(HAS_SPACE(1)))
741  goto invalid_length;
742 
743  uint8_t session_id_length = *input;
744  input += 1;
745 
746  if (!(HAS_SPACE(session_id_length)))
747  goto invalid_length;
748 
749  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
750  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
751 
752  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
753  return -1;
754  }
755 
756  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
757  input, 0, input_len, session_id_length) != 0) {
758  return -1;
759  }
760  ssl_state->curr_connp->session_id_length = session_id_length;
761 
762  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
763  ssl_state->client_connp.session_id != NULL &&
764  ssl_state->server_connp.session_id != NULL) {
765  if ((ssl_state->client_connp.session_id_length ==
766  ssl_state->server_connp.session_id_length) &&
767  (memcmp(ssl_state->server_connp.session_id,
768  ssl_state->client_connp.session_id, session_id_length) == 0)) {
769  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
770  }
771  }
772  }
773 
774  input += session_id_length;
775 
776  return (int)(input - initial_input);
777 
778 invalid_length:
779  SCLogDebug("TLS handshake invalid length");
780  SSLSetEvent(ssl_state,
781  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
782  return -1;
783 }
784 
785 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
786  const uint8_t * const initial_input,
787  const uint32_t input_len)
788 {
789  const uint8_t *input = initial_input;
790 
791  if (!(HAS_SPACE(2)))
792  goto invalid_length;
793 
794  uint16_t cipher_suites_length;
795 
796  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
797  cipher_suites_length = 2;
798  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
799  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
800  input += 2;
801  } else {
802  return -1;
803  }
804 
805  if (!(HAS_SPACE(cipher_suites_length)))
806  goto invalid_length;
807 
808  /* Cipher suites length should always be divisible by 2 */
809  if ((cipher_suites_length % 2) != 0) {
810  goto invalid_length;
811  }
812 
813  const bool enable_ja3 =
814  SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL;
815 
816  JA3Buffer *ja3_cipher_suites = NULL;
817 
818  if (enable_ja3) {
819  ja3_cipher_suites = Ja3BufferInit();
820  if (ja3_cipher_suites == NULL)
821  return -1;
822  }
823 
824  uint16_t processed_len = 0;
825  /* coverity[tainted_data] */
826  while (processed_len < cipher_suites_length) {
827  if (!(HAS_SPACE(2))) {
828  if (enable_ja3) {
829  Ja3BufferFree(&ja3_cipher_suites);
830  }
831  goto invalid_length;
832  }
833 
834  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
835  input += 2;
836 
837  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
838  if (ssl_state->current_flags &
839  (SSL_AL_FLAG_STATE_CLIENT_HELLO | SSL_AL_FLAG_STATE_SERVER_HELLO)) {
840  SCTLSHandshakeAddCipher(ssl_state->curr_connp->hs, cipher_suite);
841  }
842  if (enable_ja3) {
843  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
844  if (rc != 0) {
845  return -1;
846  }
847  }
848  }
849  processed_len += 2;
850  }
851 
852  if (enable_ja3) {
853  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str, &ja3_cipher_suites);
854  if (rc == -1) {
855  return -1;
856  }
857  }
858 
859  return (int)(input - initial_input);
860 
861 invalid_length:
862  SCLogDebug("TLS handshake invalid length");
863  SSLSetEvent(ssl_state,
864  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
865  return -1;
866 }
867 
868 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
869  const uint8_t * const initial_input,
870  const uint32_t input_len)
871 {
872  const uint8_t *input = initial_input;
873 
874  if (!(HAS_SPACE(1)))
875  goto invalid_length;
876 
877  /* Skip compression methods */
878  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
879  input += 1;
880  } else {
881  uint8_t compression_methods_length = *input;
882  input += 1;
883 
884  if (!(HAS_SPACE(compression_methods_length)))
885  goto invalid_length;
886 
887  input += compression_methods_length;
888  }
889 
890  return (int)(input - initial_input);
891 
892 invalid_length:
893  SCLogDebug("TLS handshake invalid_length");
894  SSLSetEvent(ssl_state,
895  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
896  return -1;
897 }
898 
899 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
900  const uint8_t * const initial_input,
901  const uint32_t input_len)
902 {
903  uint8_t *input = (uint8_t *)initial_input;
904 
905  /* Empty extension */
906  if (input_len == 0)
907  return 0;
908 
909  if (!(HAS_SPACE(2)))
910  goto invalid_length;
911 
912  /* Skip sni_list_length */
913  input += 2;
914 
915  if (!(HAS_SPACE(1)))
916  goto invalid_length;
917 
918  uint8_t sni_type = *input;
919  input += 1;
920 
921  /* Currently the only type allowed is host_name
922  (RFC6066 section 3). */
923  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
924  SCLogDebug("Unknown SNI type");
925  SSLSetEvent(ssl_state,
926  TLS_DECODER_EVENT_INVALID_SNI_TYPE);
927  return -1;
928  }
929 
930  if (!(HAS_SPACE(2)))
931  goto invalid_length;
932 
933  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
934  input += 2;
935 
936  /* host_name contains the fully qualified domain name,
937  and should therefore be limited by the maximum domain
938  name length. */
939  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
940  SSLSetEvent(ssl_state,
941  TLS_DECODER_EVENT_INVALID_SNI_LENGTH);
942  return -1;
943  }
944 
945  /* There must not be more than one extension of the same
946  type (RFC5246 section 7.4.1.4). */
947  if (ssl_state->curr_connp->sni) {
948  SCLogDebug("Multiple SNI extensions");
949  SSLSetEvent(ssl_state,
950  TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS);
951  input += sni_len;
952  return (int)(input - initial_input);
953  }
954 
955  ssl_state->curr_connp->sni_len = sni_len;
956  ssl_state->curr_connp->sni = SCMalloc(sni_len);
957  if (unlikely(ssl_state->curr_connp->sni == NULL))
958  return -1;
959 
960  const size_t consumed = input - initial_input;
961  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_len, initial_input, consumed, input_len,
962  sni_len) != 0) {
963  SCFree(ssl_state->curr_connp->sni);
964  ssl_state->curr_connp->sni = NULL;
965  return -1;
966  }
967  input += sni_len;
968 
969  return (int)(input - initial_input);
970 
971 invalid_length:
972  SCLogDebug("TLS handshake invalid length");
973  SSLSetEvent(ssl_state,
974  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
975 
976 
977  return -1;
978 }
979 
980 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
981  const uint8_t * const initial_input,
982  const uint32_t input_len)
983 {
984  const uint8_t *input = initial_input;
985 
986  /* Empty extension */
987  if (input_len == 0)
988  return 0;
989 
990  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
991  if (!(HAS_SPACE(1)))
992  goto invalid_length;
993 
994  uint8_t supported_ver_len = *input;
995  input += 1;
996 
997  if (supported_ver_len < 2)
998  goto invalid_length;
999 
1000  if (!(HAS_SPACE(supported_ver_len)))
1001  goto invalid_length;
1002 
1003  /* Use the first (and preferred) valid version as client version,
1004  * skip over GREASE and other possible noise. */
1005  uint16_t i = 0;
1006  while (i + 1 < (uint16_t)supported_ver_len) {
1007  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1008  if (TLSVersionValid(ver)) {
1009  ssl_state->curr_connp->version = ver;
1010  SCTLSHandshakeSetTLSVersion(ssl_state->curr_connp->hs, ver);
1011  break;
1012  }
1013  i += 2;
1014  }
1015 
1016  /* Set a flag to indicate that we have seen this extension */
1017  ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;
1018 
1019  input += supported_ver_len;
1020  }
1021  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1022  if (!(HAS_SPACE(2)))
1023  goto invalid_length;
1024 
1025  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1026 
1027  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1028  (ver > TLS_VERSION_12)) {
1029  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1030  }
1031 
1032  ssl_state->curr_connp->version = ver;
1033  input += 2;
1034  }
1035 
1036  return (int)(input - initial_input);
1037 
1038 invalid_length:
1039  SCLogDebug("TLS handshake invalid length");
1040  SSLSetEvent(ssl_state,
1041  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1042 
1043  return -1;
1044 }
1045 
1046 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1047  const uint8_t * const initial_input,
1048  const uint32_t input_len,
1049  JA3Buffer *ja3_elliptic_curves)
1050 {
1051  const uint8_t *input = initial_input;
1052 
1053  /* Empty extension */
1054  if (input_len == 0)
1055  return 0;
1056 
1057  if (!(HAS_SPACE(2)))
1058  goto invalid_length;
1059 
1060  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1061  input += 2;
1062 
1063  if (!(HAS_SPACE(elliptic_curves_len)))
1064  goto invalid_length;
1065 
1066  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves) {
1067  uint16_t ec_processed_len = 0;
1068  /* coverity[tainted_data] */
1069  while (ec_processed_len < elliptic_curves_len)
1070  {
1071  if (!(HAS_SPACE(2)))
1072  goto invalid_length;
1073 
1074  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1075  input += 2;
1076 
1077  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1078  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1079  elliptic_curve);
1080  if (rc != 0)
1081  return -1;
1082  }
1083 
1084  ec_processed_len += 2;
1085  }
1086 
1087  } else {
1088  /* Skip elliptic curves */
1089  input += elliptic_curves_len;
1090  }
1091 
1092  return (int)(input - initial_input);
1093 
1094 invalid_length:
1095  SCLogDebug("TLS handshake invalid length");
1096  SSLSetEvent(ssl_state,
1097  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1098 
1099  return -1;
1100 }
1101 
1102 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1103  const uint8_t * const initial_input,
1104  const uint32_t input_len,
1105  JA3Buffer *ja3_elliptic_curves_pf)
1106 {
1107  const uint8_t *input = initial_input;
1108 
1109  /* Empty extension */
1110  if (input_len == 0)
1111  return 0;
1112 
1113  if (!(HAS_SPACE(1)))
1114  goto invalid_length;
1115 
1116  uint8_t ec_pf_len = *input;
1117  input += 1;
1118 
1119  if (!(HAS_SPACE(ec_pf_len)))
1120  goto invalid_length;
1121 
1122  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves_pf) {
1123  uint8_t ec_pf_processed_len = 0;
1124  /* coverity[tainted_data] */
1125  while (ec_pf_processed_len < ec_pf_len)
1126  {
1127  uint8_t elliptic_curve_pf = *input;
1128  input += 1;
1129 
1130  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1131  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1132  elliptic_curve_pf);
1133  if (rc != 0)
1134  return -1;
1135  }
1136 
1137  ec_pf_processed_len += 1;
1138  }
1139 
1140  } else {
1141  /* Skip elliptic curve point formats */
1142  input += ec_pf_len;
1143  }
1144 
1145  return (int)(input - initial_input);
1146 
1147 invalid_length:
1148  SCLogDebug("TLS handshake invalid length");
1149  SSLSetEvent(ssl_state,
1150  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1151 
1152  return -1;
1153 }
1154 
1155 static inline int TLSDecodeHSHelloExtensionSigAlgorithms(
1156  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1157 {
1158  const uint8_t *input = initial_input;
1159 
1160  /* Empty extension */
1161  if (input_len == 0)
1162  return 0;
1163 
1164  if (!(HAS_SPACE(2)))
1165  goto invalid_length;
1166 
1167  uint16_t sigalgo_len = (uint16_t)(*input << 8) | *(input + 1);
1168  input += 2;
1169 
1170  /* Signature algorithms length should always be divisible by 2 */
1171  if ((sigalgo_len % 2) != 0) {
1172  goto invalid_length;
1173  }
1174 
1175  if (!(HAS_SPACE(sigalgo_len)))
1176  goto invalid_length;
1177 
1178  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1179  uint16_t sigalgo_processed_len = 0;
1180  while (sigalgo_processed_len < sigalgo_len) {
1181  uint16_t sigalgo = (uint16_t)(*input << 8) | *(input + 1);
1182  input += 2;
1183  sigalgo_processed_len += 2;
1184 
1185  SCTLSHandshakeAddSigAlgo(ssl_state->curr_connp->hs, sigalgo);
1186  }
1187  } else {
1188  /* Skip signature algorithms */
1189  input += sigalgo_len;
1190  }
1191 
1192  return (int)(input - initial_input);
1193 
1194 invalid_length:
1195  SCLogDebug("Signature algorithm list invalid length");
1196  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1197 
1198  return -1;
1199 }
1200 
1201 static inline int TLSDecodeHSHelloExtensionALPN(
1202  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1203 {
1204  const uint8_t *input = initial_input;
1205 
1206  /* Empty extension */
1207  if (input_len == 0)
1208  return 0;
1209 
1210  if (!(HAS_SPACE(2)))
1211  goto invalid_length;
1212 
1213  uint16_t alpn_len = (uint16_t)(*input << 8) | *(input + 1);
1214  input += 2;
1215 
1216  if (!(HAS_SPACE(alpn_len)))
1217  goto invalid_length;
1218 
1219  /* We use 32 bits here to avoid potentially overflowing a value that
1220  needs to be compared to an unsigned 16-bit value. */
1221  uint32_t alpn_processed_len = 0;
1222  while (alpn_processed_len < alpn_len) {
1223  uint8_t protolen = *input;
1224  input += 1;
1225  alpn_processed_len += 1;
1226 
1227  if (!(HAS_SPACE(protolen)))
1228  goto invalid_length;
1229 
1230  /* Check if reading another protolen bytes would exceed the
1231  overall ALPN length; if so, skip and continue */
1232  if (alpn_processed_len + protolen > ((uint32_t)alpn_len)) {
1233  input += alpn_len - alpn_processed_len;
1234  break;
1235  }
1236  SCTLSHandshakeAddALPN(ssl_state->curr_connp->hs, (const char *)input, protolen);
1237 
1238  alpn_processed_len += protolen;
1239  input += protolen;
1240  }
1241 
1242  return (int)(input - initial_input);
1243 
1244 invalid_length:
1245  SCLogDebug("ALPN list invalid length");
1246  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1247 
1248  return -1;
1249 }
1250 
1251 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1252  const uint8_t * const initial_input,
1253  const uint32_t input_len)
1254 {
1255  const uint8_t *input = initial_input;
1256 
1257  int ret;
1258  int rc;
1259  // if ja3_hash is already computed, do not use new hello to augment ja3_str
1260  const bool ja3 =
1261  (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1) && ssl_state->curr_connp->ja3_hash == NULL;
1262 
1263  JA3Buffer *ja3_extensions = NULL;
1264  JA3Buffer *ja3_elliptic_curves = NULL;
1265  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1266 
1267  if (ja3) {
1268  ja3_extensions = Ja3BufferInit();
1269  if (ja3_extensions == NULL)
1270  goto error;
1271 
1272  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1273  ja3_elliptic_curves = Ja3BufferInit();
1274  if (ja3_elliptic_curves == NULL)
1275  goto error;
1276 
1277  ja3_elliptic_curves_pf = Ja3BufferInit();
1278  if (ja3_elliptic_curves_pf == NULL)
1279  goto error;
1280  }
1281  }
1282 
1283  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1284  if (!(HAS_SPACE(2)))
1285  goto end;
1286 
1287  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1288  input += 2;
1289 
1290  if (!(HAS_SPACE(extensions_len)))
1291  goto invalid_length;
1292 
1293  uint16_t processed_len = 0;
1294  /* coverity[tainted_data] */
1295  while (processed_len < extensions_len)
1296  {
1297  if (!(HAS_SPACE(2)))
1298  goto invalid_length;
1299 
1300  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1301  input += 2;
1302 
1303  if (!(HAS_SPACE(2)))
1304  goto invalid_length;
1305 
1306  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1307  input += 2;
1308 
1309  if (!(HAS_SPACE(ext_len)))
1310  goto invalid_length;
1311 
1312  switch (ext_type) {
1313  case SSL_EXTENSION_SNI:
1314  {
1315  /* coverity[tainted_data] */
1316  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1317  ext_len);
1318  if (ret < 0)
1319  goto end;
1320 
1321  input += ret;
1322 
1323  break;
1324  }
1325 
1326  case SSL_EXTENSION_ELLIPTIC_CURVES:
1327  {
1328  /* coverity[tainted_data] */
1329  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1330  ext_len,
1331  ja3_elliptic_curves);
1332  if (ret < 0)
1333  goto end;
1334 
1335  input += ret;
1336 
1337  break;
1338  }
1339 
1340  case SSL_EXTENSION_EC_POINT_FORMATS:
1341  {
1342  /* coverity[tainted_data] */
1343  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1344  ext_len,
1345  ja3_elliptic_curves_pf);
1346  if (ret < 0)
1347  goto end;
1348 
1349  input += ret;
1350 
1351  break;
1352  }
1353 
1354  case SSL_EXTENSION_SIGNATURE_ALGORITHMS: {
1355  /* coverity[tainted_data] */
1356  ret = TLSDecodeHSHelloExtensionSigAlgorithms(ssl_state, input, ext_len);
1357  if (ret < 0)
1358  goto end;
1359 
1360  input += ret;
1361 
1362  break;
1363  }
1364 
1365  case SSL_EXTENSION_ALPN: {
1366  /* coverity[tainted_data] */
1367  ret = TLSDecodeHSHelloExtensionALPN(ssl_state, input, ext_len);
1368  if (ret < 0)
1369  goto end;
1370 
1371  input += ext_len;
1372 
1373  break;
1374  }
1375 
1376  case SSL_EXTENSION_EARLY_DATA:
1377  {
1378  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1379  /* Used by 0-RTT to indicate that encrypted data will
1380  be sent right after the ClientHello record. */
1381  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1382  }
1383 
1384  input += ext_len;
1385 
1386  break;
1387  }
1388 
1389  case SSL_EXTENSION_SUPPORTED_VERSIONS:
1390  {
1391  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1392  ext_len);
1393  if (ret < 0)
1394  goto end;
1395 
1396  input += ret;
1397 
1398  break;
1399  }
1400 
1401  case SSL_EXTENSION_SESSION_TICKET:
1402  {
1403  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1404  /* This has to be verified later on by checking if a
1405  certificate record has been sent by the server. */
1406  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1407  }
1408 
1409  input += ext_len;
1410 
1411  break;
1412  }
1413 
1414  default:
1415  {
1416  input += ext_len;
1417  break;
1418  }
1419  }
1420 
1421  if (ja3) {
1422  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1423  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1424  if (rc != 0)
1425  goto error;
1426  }
1427  }
1428 
1429  if (ssl_state->current_flags &
1430  (SSL_AL_FLAG_STATE_CLIENT_HELLO | SSL_AL_FLAG_STATE_SERVER_HELLO)) {
1431  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1432  SCTLSHandshakeAddExtension(ssl_state->curr_connp->hs, ext_type);
1433  }
1434  }
1435 
1436  processed_len += ext_len + 4;
1437  }
1438 
1439 end:
1440  if (ja3) {
1441  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1442  &ja3_extensions);
1443  if (rc == -1)
1444  goto error;
1445 
1446  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1447  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1448  &ja3_elliptic_curves);
1449  if (rc == -1)
1450  goto error;
1451 
1452  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1453  &ja3_elliptic_curves_pf);
1454  if (rc == -1)
1455  goto error;
1456  }
1457  }
1458 
1459  return (int)(input - initial_input);
1460 
1461 invalid_length:
1462  SCLogDebug("TLS handshake invalid length");
1463  SSLSetEvent(ssl_state,
1464  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1465 
1466 error:
1467  if (ja3_extensions != NULL)
1468  Ja3BufferFree(&ja3_extensions);
1469  if (ja3_elliptic_curves != NULL)
1470  Ja3BufferFree(&ja3_elliptic_curves);
1471  if (ja3_elliptic_curves_pf != NULL)
1472  Ja3BufferFree(&ja3_elliptic_curves_pf);
1473 
1474  return -1;
1475 }
1476 
1477 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1478  const uint8_t * const input,
1479  const uint32_t input_len)
1480 {
1481  int ret;
1482  uint32_t parsed = 0;
1483 
1484  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1485  if (ret < 0)
1486  goto end;
1487 
1488  parsed += ret;
1489 
1490  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1491  if (ret < 0)
1492  goto end;
1493 
1494  parsed += ret;
1495 
1496  /* The session id field in the server hello record was removed in
1497  TLSv1.3 draft1, but was readded in draft22. */
1498  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1499  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1500  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1501  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1502  input_len - parsed);
1503  if (ret < 0)
1504  goto end;
1505 
1506  parsed += ret;
1507  }
1508 
1509  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1510  input_len - parsed);
1511  if (ret < 0)
1512  goto end;
1513 
1514  parsed += ret;
1515 
1516  /* The compression methods field in the server hello record was
1517  removed in TLSv1.3 draft1, but was readded in draft22. */
1518  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1519  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1520  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1521  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1522  input_len - parsed);
1523  if (ret < 0)
1524  goto end;
1525 
1526  parsed += ret;
1527  }
1528 
1529  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1530  input_len - parsed);
1531  if (ret < 0)
1532  goto end;
1533 
1534  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1535  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1536  }
1537 
1538  if (ssl_state->curr_connp == &ssl_state->client_connp) {
1539  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
1540  } else {
1541  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
1542  }
1543 end:
1544  return 0;
1545 }
1546 
1547 #ifdef DEBUG_VALIDATION
1548 static inline bool
1549 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1550 {
1551  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1552  curr_connp->bytes_processed);
1553 }
1554 #endif
1555 
1556 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1557  const uint8_t *const initial_input, const uint32_t input_len)
1558 {
1559  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1560  SCLogDebug("rc %d", rc);
1561  if (rc > 0) {
1562  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1563  SSLParserHSReset(connp);
1564  } else if (rc < 0) {
1565  SCLogDebug("error parsing cert, reset state");
1566  SSLParserHSReset(connp);
1567  /* fall through to still consume the cert bytes */
1568  }
1569  if (connp == &ssl_state->client_connp) {
1570  UpdateClientState(ssl_state, TLS_STATE_CLIENT_CERT_DONE);
1571  } else {
1572  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
1573  }
1574  return input_len;
1575 }
1576 
1577 static int SupportedHandshakeType(const uint8_t type)
1578 {
1579  switch (type) {
1580  case SSLV3_HS_CLIENT_HELLO:
1581  case SSLV3_HS_SERVER_HELLO:
1582  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1583  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1584  case SSLV3_HS_CERTIFICATE:
1585  case SSLV3_HS_HELLO_REQUEST:
1586  case SSLV3_HS_CERTIFICATE_REQUEST:
1587  case SSLV3_HS_CERTIFICATE_VERIFY:
1588  case SSLV3_HS_FINISHED:
1589  case SSLV3_HS_CERTIFICATE_URL:
1590  case SSLV3_HS_CERTIFICATE_STATUS:
1591  case SSLV3_HS_NEW_SESSION_TICKET:
1592  case SSLV3_HS_SERVER_HELLO_DONE:
1593  return true;
1594  break;
1595 
1596  default:
1597  return false;
1598  break;
1599  }
1600 }
1601 
1602 /**
1603  * \param input_len length of bytes after record header. Can be 0 (e.g. for server hello done).
1604  * \retval parsed number of consumed bytes
1605  * \retval < 0 error
1606  */
1607 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1608  uint32_t input_len, uint8_t direction)
1609 {
1610  const uint8_t *initial_input = input;
1611  int rc;
1612 
1613  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1614 
1615  switch (ssl_state->curr_connp->handshake_type) {
1616  case SSLV3_HS_CLIENT_HELLO:
1617  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
1618 
1619  if (ssl_state->curr_connp->hs == NULL)
1620  ssl_state->curr_connp->hs = SCTLSHandshakeNew();
1621 
1622  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1623  if (rc < 0)
1624  return rc;
1625  break;
1626 
1627  case SSLV3_HS_SERVER_HELLO:
1628  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
1629 
1630  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1631  if (ssl_state->curr_connp->hs == NULL)
1632  ssl_state->curr_connp->hs = SCTLSHandshakeNew();
1633 
1634  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1635  if (rc < 0)
1636  return rc;
1637  break;
1638 
1639  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1640  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_KEYX;
1641  break;
1642 
1643  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1644  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
1645  break;
1646 
1647  case SSLV3_HS_CERTIFICATE:
1648  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1649  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1650  input_len);
1651  if (rc < 0)
1652  return rc;
1653  break;
1654 
1655  case SSLV3_HS_HELLO_REQUEST:
1656  break;
1657  case SSLV3_HS_CERTIFICATE_REQUEST:
1658  if (direction) {
1659  ssl_state->current_flags = SSL_AL_FLAG_NEED_CLIENT_CERT;
1660  }
1661  break;
1662  case SSLV3_HS_CERTIFICATE_VERIFY:
1663  case SSLV3_HS_FINISHED:
1664  case SSLV3_HS_CERTIFICATE_URL:
1665  case SSLV3_HS_CERTIFICATE_STATUS:
1666  break;
1667  case SSLV3_HS_NEW_SESSION_TICKET:
1668  SCLogDebug("new session ticket");
1669  break;
1670  case SSLV3_HS_SERVER_HELLO_DONE:
1671  if (direction) {
1672  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO_DONE);
1673  }
1674  break;
1675  default:
1676  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1677  return -1;
1678  }
1679 
1680  ssl_state->flags |= ssl_state->current_flags;
1681 
1682  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1683  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1684 
1685  return input_len;
1686 }
1687 
1688 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1689  uint32_t input_len, uint8_t direction)
1690 {
1691  const uint8_t *initial_input = input;
1692 
1693  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1694  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1695  SCReturnInt(0);
1696  }
1697 
1698  while (input_len) {
1699  SCLogDebug("input_len %u", input_len);
1700 
1701  if (ssl_state->curr_connp->hs_buffer != NULL) {
1702  SCLogDebug("partial handshake record in place");
1703  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1704  ssl_state->curr_connp->hs_buffer_offset;
1705  const uint32_t add = MIN(need, input_len);
1706 
1707  /* grow buffer to next multiple of 4k that fits all data we have */
1708  if (ssl_state->curr_connp->hs_buffer_offset + add >
1709  ssl_state->curr_connp->hs_buffer_size) {
1710  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1711  const uint32_t new_size = avail + (4096 - (avail % 4096));
1712  SCLogDebug("new_size %u, avail %u", new_size, avail);
1713  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1714  if (ptr == NULL)
1715  return -1;
1716  ssl_state->curr_connp->hs_buffer = ptr;
1717  ssl_state->curr_connp->hs_buffer_size = new_size;
1718  }
1719 
1720  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1721  "ssl_state->curr_connp->hs_buffer_size %u",
1722  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1723  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1724 
1725  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1726  ssl_state->curr_connp->hs_buffer_offset,
1727  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1728  SCLogDebug("copy failed");
1729  return -1;
1730  }
1731  ssl_state->curr_connp->hs_buffer_offset += add;
1732 
1733  if (ssl_state->curr_connp->hs_buffer_message_size <=
1734  ssl_state->curr_connp->hs_buffer_offset) {
1735  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->hs_buffer_message_size !=
1736  ssl_state->curr_connp->hs_buffer_offset);
1737 
1738  ssl_state->curr_connp->handshake_type =
1739  ssl_state->curr_connp->hs_buffer_message_type;
1740  ssl_state->curr_connp->message_length =
1741  ssl_state->curr_connp->hs_buffer_message_size;
1742 
1743  SCLogDebug("got all data now: handshake_type %u message_length %u",
1744  ssl_state->curr_connp->handshake_type,
1745  ssl_state->curr_connp->message_length);
1746 
1747  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1748  ssl_state->curr_connp->hs_buffer_offset, direction);
1749  if (retval < 0) {
1750  SSLParserHSReset(ssl_state->curr_connp);
1751  return (retval);
1752  }
1753  SCLogDebug("retval %d", retval);
1754 
1755  /* data processed, reset buffer */
1756  SCFree(ssl_state->curr_connp->hs_buffer);
1757  ssl_state->curr_connp->hs_buffer = NULL;
1758  ssl_state->curr_connp->hs_buffer_size = 0;
1759  ssl_state->curr_connp->hs_buffer_message_size = 0;
1760  ssl_state->curr_connp->hs_buffer_message_type = 0;
1761  ssl_state->curr_connp->hs_buffer_offset = 0;
1762  } else {
1763  SCLogDebug("partial data");
1764  }
1765 
1766  input += add;
1767  input_len -= add;
1768  SCLogDebug("input_len %u", input_len);
1769  SSLParserHSReset(ssl_state->curr_connp);
1770  continue;
1771  }
1772 
1773  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1774  SCLogDebug("input %p input_len %u", input, input_len);
1775 
1776  if (input_len < 4) {
1777  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1778  SCReturnInt(-1);
1779  }
1780 
1781  ssl_state->curr_connp->handshake_type = input[0];
1782  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1783  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1784  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1785  input_len);
1786  input += 4;
1787  input_len -= 4;
1788 
1789  const uint32_t record_len = ssl_state->curr_connp->message_length;
1790  /* see if we support this type. We check here to not use the fragment
1791  * handling on things we don't support. */
1792  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1793  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1794  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1795  if (!supported_type) {
1796  uint32_t avail_record_len = MIN(input_len, record_len);
1797  input += avail_record_len;
1798  input_len -= avail_record_len;
1799 
1800  SSLParserHSReset(ssl_state->curr_connp);
1801 
1802  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1803  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1804  // after Change Cipher Spec we get Encrypted Handshake Messages
1805  } else {
1806  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
1807  }
1808  continue;
1809  }
1810 
1811  /* if the message length exceeds our input_len, we have a tls fragment. */
1812  if (record_len > input_len) {
1813  const uint32_t avail = input_len;
1814  const uint32_t size = avail + (4096 - (avail % 4096));
1815  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1816  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1817  if (ssl_state->curr_connp->hs_buffer == NULL) {
1818  return -1;
1819  }
1820  ssl_state->curr_connp->hs_buffer_size = size;
1821  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1822  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1823 
1824  if (input_len > 0) {
1825  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1826  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1827  input_len) != 0) {
1828  return -1;
1829  }
1830  ssl_state->curr_connp->hs_buffer_offset = input_len;
1831  }
1832  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1833  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1834  ssl_state->curr_connp->hs_buffer_offset,
1835  ssl_state->curr_connp->hs_buffer_message_type,
1836  ssl_state->curr_connp->hs_buffer_message_size);
1837  input += input_len;
1838  SSLParserHSReset(ssl_state->curr_connp);
1839  return (int)(input - initial_input);
1840 
1841  } else {
1842  /* full record, parse it now */
1843  int retval = SSLv3ParseHandshakeType(
1844  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1845  if (retval < 0 || retval > (int)input_len) {
1846  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1847  return (retval);
1848  }
1849  SCLogDebug("retval %d input_len %u", retval, input_len);
1850  input += retval;
1851  input_len -= retval;
1852 
1853  SSLParserHSReset(ssl_state->curr_connp);
1854  }
1855  SCLogDebug("input_len left %u", input_len);
1856  }
1857  return (int)(input - initial_input);
1858 }
1859 
1860 /**
1861  * \internal
1862  * \brief TLS Alert parser
1863  *
1864  * \param sslstate Pointer to the SSL state.
1865  * \param input Pointer to the received input data.
1866  * \param input_len Length in bytes of the received data.
1867  * \param direction 1 toclient, 0 toserver
1868  *
1869  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1870  */
1871 static int SSLv3ParseAlertProtocol(
1872  SSLState *ssl_state, const uint8_t *input, uint32_t input_len, uint8_t direction)
1873 {
1874  if (input_len < 2) {
1875  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_ALERT);
1876  return -1;
1877  }
1878 
1879  /* assume a record > 2 to be an encrypted alert record */
1880  if (input_len == 2) {
1881  uint8_t level = input[0];
1882  // uint8_t desc = input[1];
1883 
1884  /* if level Fatal, we consider the tx finished */
1885  if (level == 2) {
1886  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
1887  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
1888  }
1889  }
1890  return 0;
1891 }
1892 
1893 /**
1894  * \internal
1895  * \brief TLS Heartbeat parser (see RFC 6520)
1896  *
1897  * \param sslstate Pointer to the SSL state.
1898  * \param input Pointer to the received input data.
1899  * \param input_len Length in bytes of the received data.
1900  * \param direction 1 toclient, 0 toserver
1901  *
1902  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1903  */
1904 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1905  uint32_t input_len, uint8_t direction)
1906 {
1907  uint8_t hb_type;
1908  uint16_t payload_len;
1909  uint32_t padding_len;
1910 
1911  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1912  if (input_len < 3) {
1913  return 0;
1914  }
1915 
1916  hb_type = *input++;
1917 
1918  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1919  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1920  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1921  return -1;
1922  }
1923  }
1924 
1925  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1926  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1927 
1928  if (direction) {
1929  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1930  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1931  } else {
1932  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1933  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1934  }
1935 
1936  /* if we reach this point, then we can assume that the HB request
1937  is encrypted. If so, let's set the HB record length */
1938  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1939  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1940  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1941  ssl_state->hb_record_len);
1942  return (ssl_state->curr_connp->record_length - 3);
1943  }
1944 
1945  payload_len = (uint16_t)(*input << 8) | *(input + 1);
1946 
1947  /* check that the requested payload length is really present in
1948  the record (CVE-2014-0160) */
1949  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
1950  SCLogDebug("We have a short record in HeartBeat Request");
1951  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT);
1952  return -1;
1953  }
1954 
1955  /* check the padding length. It must be at least 16 bytes
1956  (RFC 6520, section 4) */
1957  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
1958  if (padding_len < 16) {
1959  SCLogDebug("We have a short record in HeartBeat Request");
1960  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1961  return -1;
1962  }
1963 
1964  /* we don't have the payload */
1965  if (input_len < payload_len + padding_len) {
1966  return 0;
1967  }
1968 
1969  /* OpenSSL still seems to discard multiple in-flight
1970  heartbeats although some tools send multiple at once */
1971  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1972  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
1973  SCLogDebug("Multiple in-flight server initiated HeartBeats");
1974  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1975  return -1;
1976 
1977  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1978  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
1979  SCLogDebug("Multiple in-flight client initiated HeartBeats");
1980  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1981  return -1;
1982 
1983  } else {
1984  /* we have a HB record in the opposite direction of the request,
1985  let's reset our flags */
1986  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
1987  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
1988  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
1989 
1990  /* if we reach this point, then we can assume that the HB request
1991  is encrypted. If so, let's set the HB record length */
1992  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1993  /* check to see if the encrypted response is longer than the
1994  encrypted request */
1995  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
1996  ssl_state->curr_connp->record_length) {
1997  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
1998  ssl_state->hb_record_len);
1999  SSLSetEvent(ssl_state,
2000  TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH);
2001  ssl_state->hb_record_len = 0;
2002  return -1;
2003  }
2004  }
2005 
2006  /* reset the HB record length in case we have a legit HB followed
2007  by a bad one */
2008  ssl_state->hb_record_len = 0;
2009  }
2010 
2011  /* skip the HeartBeat, 3 bytes were already parsed,
2012  e.g |18 03 02| for TLS 1.2 */
2013  return (ssl_state->curr_connp->record_length - 3);
2014 }
2015 
2016 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
2017  const uint8_t *input, uint32_t input_len)
2018 {
2019  const uint8_t *initial_input = input;
2020 
2021  if (input_len == 0) {
2022  return 0;
2023  }
2024 
2025  uint8_t skip_version = 0;
2026 
2027  /* Only set SSL/TLS version here if it has not already been set in
2028  client/server hello. */
2029  if (direction == 0) {
2030  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2031  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
2032  skip_version = 1;
2033  }
2034  } else {
2035  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
2036  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
2037  skip_version = 1;
2038  }
2039  }
2040 
2041  switch (ssl_state->curr_connp->bytes_processed) {
2042  case 0:
2043  if (input_len >= 5) {
2044  ssl_state->curr_connp->content_type = input[0];
2045  if (!skip_version) {
2046  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
2047  }
2048  ssl_state->curr_connp->record_length = input[3] << 8;
2049  ssl_state->curr_connp->record_length |= input[4];
2050  ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_HDR_LEN;
2051  return SSLV3_RECORD_HDR_LEN;
2052  } else {
2053  ssl_state->curr_connp->content_type = *(input++);
2054  if (--input_len == 0)
2055  break;
2056  }
2057 
2058  /* fall through */
2059  case 1:
2060  if (!skip_version) {
2061  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
2062  } else {
2063  input++;
2064  }
2065  if (--input_len == 0)
2066  break;
2067 
2068  /* fall through */
2069  case 2:
2070  if (!skip_version) {
2071  ssl_state->curr_connp->version |= *(input++);
2072  } else {
2073  input++;
2074  }
2075  if (--input_len == 0)
2076  break;
2077 
2078  /* fall through */
2079  case 3:
2080  ssl_state->curr_connp->record_length = *(input++) << 8;
2081  if (--input_len == 0)
2082  break;
2083 
2084  /* fall through */
2085  case 4:
2086  ssl_state->curr_connp->record_length |= *(input++);
2087  if (--input_len == 0)
2088  break;
2089 
2090  /* fall through */
2091  }
2092 
2093  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2094 
2095  return (int)(input - initial_input);
2096 }
2097 
2098 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
2099  const uint8_t *input, uint32_t input_len)
2100 {
2101  const uint8_t *initial_input = input;
2102 
2103  if (input_len == 0) {
2104  return 0;
2105  }
2106 
2107  if (ssl_state->curr_connp->record_lengths_length == 2) {
2108  switch (ssl_state->curr_connp->bytes_processed) {
2109  case 0:
2110  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2111  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
2112  ssl_state->curr_connp->content_type = input[2];
2113  ssl_state->curr_connp->version = SSL_VERSION_2;
2114  ssl_state->curr_connp->bytes_processed += 3;
2115  return 3;
2116  } else {
2117  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
2118  if (--input_len == 0)
2119  break;
2120  }
2121 
2122  /* fall through */
2123  case 1:
2124  ssl_state->curr_connp->record_length |= *(input++);
2125  if (--input_len == 0)
2126  break;
2127 
2128  /* fall through */
2129  case 2:
2130  ssl_state->curr_connp->content_type = *(input++);
2131  ssl_state->curr_connp->version = SSL_VERSION_2;
2132  if (--input_len == 0)
2133  break;
2134 
2135  /* fall through */
2136  }
2137 
2138  } else {
2139  switch (ssl_state->curr_connp->bytes_processed) {
2140  case 0:
2141  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2142  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
2143  ssl_state->curr_connp->content_type = input[3];
2144  ssl_state->curr_connp->version = SSL_VERSION_2;
2145  ssl_state->curr_connp->bytes_processed += 4;
2146  return 4;
2147  } else {
2148  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
2149  if (--input_len == 0)
2150  break;
2151  }
2152 
2153  /* fall through */
2154  case 1:
2155  ssl_state->curr_connp->record_length |= *(input++);
2156  if (--input_len == 0)
2157  break;
2158 
2159  /* fall through */
2160  case 2:
2161  /* padding */
2162  input++;
2163  if (--input_len == 0)
2164  break;
2165 
2166  /* fall through */
2167  case 3:
2168  ssl_state->curr_connp->content_type = *(input++);
2169  ssl_state->curr_connp->version = SSL_VERSION_2;
2170  if (--input_len == 0)
2171  break;
2172 
2173  /* fall through */
2174  }
2175  }
2176 
2177  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2178 
2179  return (int)(input - initial_input);
2180 }
2181 
2182 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2183  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2184  const StreamSlice stream_slice)
2185 {
2186  const uint8_t *initial_input = input;
2187 
2188  if (ssl_state->curr_connp->bytes_processed == 0) {
2189  if (input[0] & 0x80) {
2190  ssl_state->curr_connp->record_lengths_length = 2;
2191  } else {
2192  ssl_state->curr_connp->record_lengths_length = 3;
2193  }
2194 
2195  SCLogDebug("record start: ssl2.hdr frame");
2196  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2197  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2198  }
2199 
2200  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2201  "ssl_state->curr_connp->bytes_processed %u",
2202  direction, ssl_state->curr_connp->record_lengths_length + 1,
2203  ssl_state->curr_connp->bytes_processed);
2204  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2205  to read the msg_type */
2206  if (ssl_state->curr_connp->bytes_processed <
2207  (ssl_state->curr_connp->record_lengths_length + 1)) {
2208  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2209  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2210  ssl_state->curr_connp->record_length);
2211  if (retval < 0 || retval > (int)input_len) {
2212  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2213  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2214  return SSL_DECODER_ERROR(-1);
2215  }
2216 
2217  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2218  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2219  direction, TLS_FRAME_SSLV2_PDU);
2220  SCLogDebug("record start: ssl2.pdu frame");
2221 
2222  input += retval;
2223  input_len -= retval;
2224  }
2225 
2226  /* if we don't have the full record, we return incomplete */
2227  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2228  input_len + ssl_state->curr_connp->bytes_processed) {
2229  uint32_t needed = ssl_state->curr_connp->record_length;
2230  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2231  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2232  needed);
2233  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2234  }
2235 
2236  if (input_len == 0) {
2237  return SSL_DECODER_OK((input - initial_input));
2238  }
2239 
2240  /* record_length should never be zero */
2241  if (ssl_state->curr_connp->record_length == 0) {
2242  SCLogDebug("SSLv2 record length is zero");
2243  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2244  return SSL_DECODER_ERROR(-1);
2245  }
2246 
2247  /* record_lengths_length should never be zero */
2248  if (ssl_state->curr_connp->record_lengths_length == 0) {
2249  SCLogDebug("SSLv2 record lengths length is zero");
2250  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2251  return SSL_DECODER_ERROR(-1);
2252  }
2253 
2254  switch (ssl_state->curr_connp->content_type) {
2255  case SSLV2_MT_ERROR:
2256  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2257  "in establishing the sslv2 session, may be version");
2258  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED);
2259 
2260  break;
2261 
2262  case SSLV2_MT_CLIENT_HELLO:
2263  if (input_len < 6) {
2264  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2265  return SSL_DECODER_ERROR(-1);
2266  }
2267 
2268  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2269  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2270  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
2271 
2272  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2273  SCLogDebug("SSLv2: version %04x", version);
2274  ssl_state->curr_connp->version = version;
2275  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2276  input += 6;
2277  input_len -= 6;
2278  ssl_state->curr_connp->bytes_processed += 6;
2279  if (session_id_length == 0) {
2280  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2281  }
2282  break;
2283 
2284  case SSLV2_MT_CLIENT_MASTER_KEY:
2285  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2286  SCLogDebug("Client hello is not seen before master key "
2287  "message!");
2288  }
2289  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2290 
2291  break;
2292 
2293  case SSLV2_MT_CLIENT_CERTIFICATE:
2294  if (direction == 1) {
2295  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2296  "direction!");
2297  } else {
2298  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2299  }
2300  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
2301 
2302  /* fall through */
2303  case SSLV2_MT_SERVER_VERIFY:
2304  case SSLV2_MT_SERVER_FINISHED:
2305  if (direction == 0 &&
2306  !(ssl_state->curr_connp->content_type &
2307  SSLV2_MT_CLIENT_CERTIFICATE)) {
2308  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2309  "direction!");
2310  }
2311 
2312  /* fall through */
2313  case SSLV2_MT_CLIENT_FINISHED:
2314  case SSLV2_MT_REQUEST_CERTIFICATE:
2315  /* both client hello and server hello must be seen */
2316  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2317  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2318 
2319  if (direction == 0) {
2320  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2321  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2322  SCLogDebug("SSLv2 client side has started the encryption");
2323  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2324  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2325  SCLogDebug("SSLv2 client side has started the encryption");
2326  }
2327  } else {
2328  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2329  SCLogDebug("SSLv2 Server side has started the encryption");
2330  }
2331 
2332  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2333  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2334  {
2335  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2336  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION);
2337  }
2338 
2339  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2340  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2341  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2342  }
2343  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2344  }
2345  }
2346 
2347  break;
2348 
2349  case SSLV2_MT_SERVER_HELLO:
2350  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2351  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2352  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
2353 
2354  break;
2355  }
2356 
2357  ssl_state->flags |= ssl_state->current_flags;
2358 
2359  if (input_len + ssl_state->curr_connp->bytes_processed >=
2360  (ssl_state->curr_connp->record_length +
2361  ssl_state->curr_connp->record_lengths_length)) {
2362 
2363  /* looks like we have another record after this */
2364  uint32_t diff = ssl_state->curr_connp->record_length +
2365  ssl_state->curr_connp->record_lengths_length + -
2366  ssl_state->curr_connp->bytes_processed;
2367  input += diff;
2368  SSLParserReset(ssl_state);
2369 
2370  /* we still don't have the entire record for the one we are
2371  currently parsing */
2372  } else {
2373  input += input_len;
2374  ssl_state->curr_connp->bytes_processed += input_len;
2375  }
2376  return SSL_DECODER_OK((input - initial_input));
2377 }
2378 
2379 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2380  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2381  const StreamSlice stream_slice)
2382 {
2383  uint32_t parsed = 0;
2384  uint32_t record_len; /* slice of input_len for the current record */
2385  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2386 
2387  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2388  const uint16_t prev_version = ssl_state->curr_connp->version;
2389 
2390  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2391  if (retval < 0 || retval > (int)input_len) {
2392  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2393  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2394  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
2395  return SSL_DECODER_ERROR(-1);
2396  }
2397  parsed = retval;
2398 
2399  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2400  input, ssl_state->curr_connp->record_length);
2401 
2402  /* first the hdr frame at our first chance */
2403  if (first_call) {
2404  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2405  direction, TLS_FRAME_HDR);
2406  }
2407 
2408  /* parser is streaming for the initial header, then switches to incomplete
2409  * API: so if we don't have the hdr yet, return consumed bytes and wait
2410  * until we are called again with new data. */
2411  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2412  SCLogDebug(
2413  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2414  return SSL_DECODER_OK(parsed);
2415  }
2416 
2417  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2418  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2419  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2420  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2421  SCLogDebug(
2422  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2423  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2424 
2425  bool unknown_record = false;
2426  switch (ssl_state->curr_connp->content_type) {
2427  case SSLV3_CHANGE_CIPHER_SPEC:
2428  case SSLV3_ALERT_PROTOCOL:
2429  case SSLV3_HANDSHAKE_PROTOCOL:
2430  case SSLV3_APPLICATION_PROTOCOL:
2431  case SSLV3_HEARTBEAT_PROTOCOL:
2432  break;
2433  default:
2434  unknown_record = true;
2435  break;
2436  }
2437 
2438  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2439  * on Wireshark logic. */
2440  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2441  if (unknown_record) {
2442  SCLogDebug("unknown record, ignore it");
2443  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2444 
2445  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2446  ssl_state->curr_connp->content_type = 0;
2447  ssl_state->curr_connp->record_length = 0;
2448  // restore last good version
2449  ssl_state->curr_connp->version = prev_version;
2450  return SSL_DECODER_OK(input_len); // consume everything
2451  }
2452  } else {
2453  if (unknown_record) {
2454  SCLogDebug("unknown record, fatal");
2455  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2456  return SSL_DECODER_ERROR(-1);
2457  }
2458  }
2459 
2460  /* record_length should never be zero */
2461  if (ssl_state->curr_connp->record_length == 0) {
2462  SCLogDebug("SSLv3 Record length is 0");
2463  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2464  return SSL_DECODER_ERROR(-1);
2465  }
2466 
2467  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2468  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2469  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_VERSION);
2470  return SSL_DECODER_ERROR(-1);
2471  }
2472 
2473  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2474  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2475  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2476  return SSL_DECODER_ERROR(-1);
2477  }
2478  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2479  } else {
2480  ValidateRecordState(ssl_state->curr_connp);
2481 
2482  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2483  record_len = MIN(input_len, record_len);
2484  }
2485  SCLogDebug("record length %u processed %u got %u",
2486  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2487 
2488  /* if we don't have the full record, we return incomplete */
2489  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2490  /* no need to use incomplete api buffering for application
2491  * records that we'll not use anyway. */
2492  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2493  SCLogDebug("application record");
2494  } else {
2495  uint32_t needed = ssl_state->curr_connp->record_length;
2496  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2497  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2498  DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
2499  return SSL_DECODER_INCOMPLETE(parsed, needed);
2500  }
2501  }
2502 
2503  if (record_len == 0) {
2504  return SSL_DECODER_OK(parsed);
2505  }
2506 
2507  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2508  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2509 
2510  switch (ssl_state->curr_connp->content_type) {
2511  /* we don't need any data from these types */
2512  case SSLV3_CHANGE_CIPHER_SPEC:
2513  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2514 
2515  if (direction) {
2516  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2517  } else {
2518  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2519 
2520  // TODO TLS 1.3
2521  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2522  }
2523  break;
2524 
2525  case SSLV3_ALERT_PROTOCOL: {
2526  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2527  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2528 
2529  int retval = SSLv3ParseAlertProtocol(ssl_state, input + parsed, record_len, direction);
2530  if (retval < 0) {
2531  SCLogDebug("SSLv3ParseAlertProtocol returned %d", retval);
2532  return SSL_DECODER_ERROR(-1);
2533  }
2534  break;
2535  }
2536  case SSLV3_APPLICATION_PROTOCOL:
2537  /* In TLSv1.3 early data (0-RTT) could be sent before the
2538  handshake is complete (rfc8446, section 2.3). We should
2539  therefore not mark the handshake as done before we have
2540  seen the ServerHello record. */
2541  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2542  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2543  break;
2544 
2545  /* if we see (encrypted) application data, then this means the
2546  handshake must be done */
2547  if (ssl_state->curr_connp == &ssl_state->client_connp) {
2548  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2549  } else {
2550  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2551  }
2552 
2553  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2554  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2555  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD);
2556  }
2557 
2558  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2559  * heartbeat lke inspection to be able to be able to bypass the flow */
2560  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2561  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2562  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2563  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION);
2564  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2565  }
2566  break;
2567 
2568  case SSLV3_HANDSHAKE_PROTOCOL: {
2569  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2570  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2571  compatibility (rfc8446, appendix D.4). */
2572  // Client hello flags is needed to have a valid version
2573  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2574  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2575  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2576  /* do nothing */
2577  } else {
2578  // if we started parsing this, we must stop
2579  break;
2580  }
2581  }
2582 
2583  if (ssl_state->curr_connp->record_length < 4) {
2584  SSLParserReset(ssl_state);
2585  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2586  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2587  return SSL_DECODER_ERROR(-1);
2588  }
2589 
2590  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2591  record_len, direction);
2592  SCLogDebug("retval %d", retval);
2593  if (retval < 0 || retval > (int)record_len) {
2594  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2595  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
2596  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2597  return SSL_DECODER_ERROR(-1);
2598  }
2599  ValidateRecordState(ssl_state->curr_connp);
2600  break;
2601  }
2602  case SSLV3_HEARTBEAT_PROTOCOL: {
2603  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2604  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2605  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2606  record_len, direction);
2607  if (retval < 0) {
2608  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2609  return SSL_DECODER_ERROR(-1);
2610  }
2611  break;
2612  }
2613  default:
2614  // should be unreachable now that we check after header parsing
2615  DEBUG_VALIDATE_BUG_ON(1);
2616  SCLogDebug("unsupported record type");
2617  return SSL_DECODER_ERROR(-1);
2618  }
2619 
2620  parsed += record_len;
2621  ssl_state->curr_connp->bytes_processed += record_len;
2622 
2623  if (ssl_state->curr_connp->bytes_processed >=
2624  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2625  SCLogDebug("record complete, trigger RAW");
2626  SCAppLayerParserTriggerRawStreamInspection(
2627  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2628  SSLParserReset(ssl_state);
2629  ValidateRecordState(ssl_state->curr_connp);
2630  return SSL_DECODER_OK(parsed);
2631 
2632  } else {
2633  /* we still don't have the entire record for the one we are
2634  currently parsing */
2635  ValidateRecordState(ssl_state->curr_connp);
2636  return SSL_DECODER_OK(parsed);
2637  }
2638 }
2639 
2640 /**
2641  * \internal
2642  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2643  *
2644  * On parsing error, this should be the only function that should reset
2645  * the parser state, to avoid multiple functions in the chain resetting
2646  * the parser state.
2647  *
2648  * \param direction 0 for toserver, 1 for toclient.
2649  * \param alstate Pointer to the state.
2650  * \param pstate Application layer parser state for this session.
2651  * \param output Pointer to the list of parsed output elements.
2652  *
2653  * \todo On reaching an inconsistent state, check if the input has
2654  * another new record, instead of just returning after the reset
2655  *
2656  * \retval >=0 On success.
2657  */
2658 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2659  AppLayerParserState *pstate, StreamSlice stream_slice)
2660 {
2661  SSLState *ssl_state = (SSLState *)alstate;
2662  ssl_state->tx_data.updated_tc = true;
2663  ssl_state->tx_data.updated_ts = true;
2664  uint32_t counter = 0;
2665  ssl_state->f = f;
2666  const uint8_t *input = StreamSliceGetData(&stream_slice);
2667  const uint8_t *init_input = input;
2668  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2669 
2670  if ((input == NULL || input_len == 0) &&
2671  ((direction == 0 && SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2672  (direction == 1 &&
2673  SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
2674  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2675  if (direction == 0)
2676  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2677  else
2678  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2679  SCReturnStruct(APP_LAYER_OK);
2680  } else if (input == NULL || input_len == 0) {
2681  SCReturnStruct(APP_LAYER_ERROR);
2682  }
2683 
2684  if (direction == 0)
2685  ssl_state->curr_connp = &ssl_state->client_connp;
2686  else
2687  ssl_state->curr_connp = &ssl_state->server_connp;
2688 
2689  /* If entering on a new record, reset the current flags. */
2690  if (ssl_state->curr_connp->bytes_processed == 0) {
2691  ssl_state->current_flags = 0;
2692  }
2693 
2694  /* if we have more than one record */
2695  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2696  while (input_len > 0) {
2697  if (counter > max_records) {
2698  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2699  "and get out of here");
2700  SSLParserReset(ssl_state);
2701  SSLSetEvent(ssl_state,
2702  TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET);
2703  return APP_LAYER_ERROR;
2704  }
2705 
2706  /* ssl_state->bytes_processed is zero for a fresh record or
2707  positive to indicate a record currently being parsed */
2708 
2709  if (ssl_state->curr_connp->bytes_processed == 0) {
2710  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2711  /* only SSLv2, has one of the top 2 bits set */
2712  ssl_state->curr_connp->version = SSL_VERSION_2;
2713  SCLogDebug("SSLv2 detected");
2714  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2715  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2716  SCLogDebug("SSL/TLS version reset");
2717  }
2718  }
2719  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2720  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2721 
2722  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2723  if (ssl_state->curr_connp->bytes_processed == 0) {
2724  SCLogDebug("New SSLv2 record parsing");
2725  } else {
2726  SCLogDebug("Continuing parsing SSLv2 record");
2727  }
2728  struct SSLDecoderResult r =
2729  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2730  if (r.retval < 0 || r.retval > input_len) {
2731  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2732  SCLogDebug("Error parsing SSLv2. Resetting parser "
2733  "state. Let's get outta here");
2734  SSLParserReset(ssl_state);
2735  SSLSetEvent(ssl_state,
2736  TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2737  return APP_LAYER_ERROR;
2738  } else if (r.needed) {
2739  input += r.retval;
2740  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2741  (uintmax_t)(input - init_input), r.needed);
2742  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2743  }
2744  input_len -= r.retval;
2745  input += r.retval;
2746  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2747  } else {
2748  if (ssl_state->curr_connp->bytes_processed == 0) {
2749  SCLogDebug("New TLS record: record_length %u",
2750  ssl_state->curr_connp->record_length);
2751  } else {
2752  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2753  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2754  }
2755  struct SSLDecoderResult r =
2756  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2757  if (r.retval < 0 || r.retval > input_len) {
2758  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2759  SCLogDebug("Error parsing TLS. Resetting parser "
2760  "state. Let's get outta here");
2761  SSLParserReset(ssl_state);
2762  return APP_LAYER_ERROR;
2763  } else if (r.needed) {
2764  input += r.retval;
2765  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2766  (uintmax_t)(input - init_input), r.needed);
2767  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2768  }
2769  input_len -= r.retval;
2770  input += r.retval;
2771  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2772 
2773  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
2774  && ssl_state->curr_connp->record_length == 0) {
2775  SCLogDebug("TLS empty record");
2776  /* empty record */
2777  SSLParserReset(ssl_state);
2778  }
2779  }
2780  counter++;
2781  } /* while (input_len) */
2782 
2783  /* mark handshake as done if we have subject and issuer */
2784  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2785  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2786  /* update both sides to keep existing behavior */
2787  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2788  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2789  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2790  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2791  /* update both sides to keep existing behavior */
2792  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2793  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2794  }
2795 
2796  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2797  if (SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
2798  SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
2799  /* update both sides to keep existing behavior */
2800  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2801  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2802  }
2803 
2804  return APP_LAYER_OK;
2805 }
2806 
2807 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2808  StreamSlice stream_slice, void *local_data)
2809 {
2810  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2811 }
2812 
2813 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2814  StreamSlice stream_slice, void *local_data)
2815 {
2816  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2817 }
2818 
2819 /**
2820  * \internal
2821  * \brief Function to allocate the SSL state memory.
2822  */
2823 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2824 {
2825  SSLState *ssl_state = SCCalloc(1, sizeof(SSLState));
2826  if (unlikely(ssl_state == NULL))
2827  return NULL;
2828  TAILQ_INIT(&ssl_state->server_connp.certs);
2829  TAILQ_INIT(&ssl_state->client_connp.certs);
2830 
2831  return (void *)ssl_state;
2832 }
2833 
2834 static void SSLStateCertSANFree(SSLStateConnp *connp)
2835 {
2836  if (connp->cert0_sans) {
2837  for (uint16_t i = 0; i < connp->cert0_sans_num; i++) {
2838  SCX509ArrayFree(connp->cert0_sans[i].san, connp->cert0_sans[i].san_len);
2839  }
2840  SCFree(connp->cert0_sans);
2841  }
2842 }
2843 
2844 /**
2845  * \internal
2846  * \brief Function to free the SSL state memory.
2847  */
2848 static void SSLStateFree(void *p)
2849 {
2850  SSLState *ssl_state = (SSLState *)p;
2851  SSLCertsChain *item;
2852 
2853  if (ssl_state->client_connp.cert0_subject)
2854  SCX509ArrayFree(
2855  ssl_state->client_connp.cert0_subject, ssl_state->client_connp.cert0_subject_len);
2856  if (ssl_state->client_connp.cert0_issuerdn)
2857  SCX509ArrayFree(
2858  ssl_state->client_connp.cert0_issuerdn, ssl_state->client_connp.cert0_issuerdn_len);
2859  if (ssl_state->client_connp.cert0_serial)
2860  SCX509ArrayFree(
2861  ssl_state->client_connp.cert0_serial, ssl_state->client_connp.cert0_serial_len);
2862  if (ssl_state->client_connp.cert0_fingerprint)
2863  SCFree(ssl_state->client_connp.cert0_fingerprint);
2864  if (ssl_state->client_connp.sni)
2865  SCFree(ssl_state->client_connp.sni);
2866  if (ssl_state->client_connp.session_id)
2867  SCFree(ssl_state->client_connp.session_id);
2868  if (ssl_state->client_connp.hs_buffer)
2869  SCFree(ssl_state->client_connp.hs_buffer);
2870 
2871  if (ssl_state->server_connp.cert0_subject)
2872  SCX509ArrayFree(
2873  ssl_state->server_connp.cert0_subject, ssl_state->server_connp.cert0_subject_len);
2874  if (ssl_state->server_connp.cert0_issuerdn)
2875  SCX509ArrayFree(
2876  ssl_state->server_connp.cert0_issuerdn, ssl_state->server_connp.cert0_issuerdn_len);
2877  if (ssl_state->server_connp.cert0_serial)
2878  SCX509ArrayFree(
2879  ssl_state->server_connp.cert0_serial, ssl_state->server_connp.cert0_serial_len);
2880  if (ssl_state->server_connp.cert0_fingerprint)
2881  SCFree(ssl_state->server_connp.cert0_fingerprint);
2882  if (ssl_state->server_connp.sni)
2883  SCFree(ssl_state->server_connp.sni);
2884  if (ssl_state->server_connp.session_id)
2885  SCFree(ssl_state->server_connp.session_id);
2886 
2887  if (ssl_state->client_connp.hs)
2888  SCTLSHandshakeFree(ssl_state->client_connp.hs);
2889  if (ssl_state->client_connp.ja3_str)
2890  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2891  if (ssl_state->client_connp.ja3_hash)
2892  SCFree(ssl_state->client_connp.ja3_hash);
2893  if (ssl_state->server_connp.hs)
2894  SCTLSHandshakeFree(ssl_state->server_connp.hs);
2895  if (ssl_state->server_connp.ja3_str)
2896  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2897  if (ssl_state->server_connp.ja3_hash)
2898  SCFree(ssl_state->server_connp.ja3_hash);
2899  if (ssl_state->server_connp.hs_buffer)
2900  SCFree(ssl_state->server_connp.hs_buffer);
2901 
2902  SSLStateCertSANFree(&ssl_state->server_connp);
2903  SSLStateCertSANFree(&ssl_state->client_connp);
2904 
2905  SCAppLayerTxDataCleanup(&ssl_state->tx_data);
2906 
2907  /* Free certificate chain */
2908  if (ssl_state->server_connp.certs_buffer)
2909  SCFree(ssl_state->server_connp.certs_buffer);
2910  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2911  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2912  SCFree(item);
2913  }
2914  TAILQ_INIT(&ssl_state->server_connp.certs);
2915  /* Free certificate chain */
2916  if (ssl_state->client_connp.certs_buffer)
2917  SCFree(ssl_state->client_connp.certs_buffer);
2918  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2919  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2920  SCFree(item);
2921  }
2922  TAILQ_INIT(&ssl_state->client_connp.certs);
2923 
2924  SCFree(ssl_state);
2925 }
2926 
2927 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2928 {
2929  /* do nothing */
2930 }
2931 
2932 static AppProto SSLProbingParser(
2933  const Flow *f, uint8_t direction, const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2934 {
2935  /* probably a rst/fin sending an eof */
2936  if (ilen < 3)
2937  return ALPROTO_UNKNOWN;
2938 
2939  /* for now just the 3 byte header ones */
2940  /* \todo Detect the 2 byte ones */
2941  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2942  return ALPROTO_TLS;
2943  }
2944 
2945  return ALPROTO_FAILED;
2946 }
2947 
2948 static int SSLStateGetStateIdByName(const char *name, const uint8_t direction)
2949 {
2950  SCEnumCharMap *map =
2951  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
2952 
2953  int id = SCMapEnumNameToValue(name, map);
2954  if (id < 0) {
2955  return -1;
2956  }
2957  return id;
2958 }
2959 
2960 static const char *SSLStateGetStateNameById(const int id, const uint8_t direction)
2961 {
2962  SCEnumCharMap *map =
2963  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
2964  const char *name = SCMapEnumValueToName(id, map);
2965  return name;
2966 }
2967 
2968 static int SSLStateGetFrameIdByName(const char *frame_name)
2969 {
2970  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
2971  if (id < 0) {
2972  return -1;
2973  }
2974  return id;
2975 }
2976 
2977 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
2978 {
2979  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
2980  return name;
2981 }
2982 
2983 static int SSLStateGetEventInfo(
2984  const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
2985 {
2986  if (SCAppLayerGetEventIdByName(event_name, tls_decoder_event_table, event_id) == 0) {
2987  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2988  return 0;
2989  }
2990  return -1;
2991 }
2992 
2993 static int SSLStateGetEventInfoById(
2994  uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
2995 {
2996  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
2997  if (*event_name == NULL) {
2998  SCLogError("event \"%d\" not present in "
2999  "ssl's enum map table.",
3000  event_id);
3001  /* yes this is fatal */
3002  return -1;
3003  }
3004 
3005  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3006 
3007  return 0;
3008 }
3009 
3010 static int SSLRegisterPatternsForProtocolDetection(void)
3011 {
3012  if (SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
3013  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
3014  return -1;
3015  }
3016 
3017  /** SSLv3 */
3018  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3019  IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0) {
3020  return -1;
3021  }
3022  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3023  IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0) {
3024  return -1;
3025  }
3026 
3027  /** TLSv1 */
3028  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3029  IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0) {
3030  return -1;
3031  }
3032  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3033  IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0) {
3034  return -1;
3035  }
3036 
3037  /** TLSv1.1 */
3038  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3039  IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0) {
3040  return -1;
3041  }
3042  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3043  IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0) {
3044  return -1;
3045  }
3046 
3047  /** TLSv1.2 */
3048  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3049  IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0) {
3050  return -1;
3051  }
3052  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3053  IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0) {
3054  return -1;
3055  }
3056 
3057  /***** toclient direction *****/
3058 
3059  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3060  IPPROTO_TCP, ALPROTO_TLS, "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
3061  return -1;
3062  }
3063  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3064  IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
3065  return -1;
3066  }
3067  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3068  IPPROTO_TCP, ALPROTO_TLS, "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
3069  return -1;
3070  }
3071 
3072  /** TLSv1 */
3073  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3074  IPPROTO_TCP, ALPROTO_TLS, "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
3075  return -1;
3076  }
3077  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3078  IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
3079  return -1;
3080  }
3081  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3082  IPPROTO_TCP, ALPROTO_TLS, "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
3083  return -1;
3084  }
3085 
3086  /** TLSv1.1 */
3087  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3088  IPPROTO_TCP, ALPROTO_TLS, "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
3089  return -1;
3090  }
3091  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3092  IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
3093  return -1;
3094  }
3095  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3096  IPPROTO_TCP, ALPROTO_TLS, "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
3097  return -1;
3098  }
3099 
3100  /** TLSv1.2 */
3101  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3102  IPPROTO_TCP, ALPROTO_TLS, "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
3103  return -1;
3104  }
3105  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3106  IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
3107  return -1;
3108  }
3109  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3110  IPPROTO_TCP, ALPROTO_TLS, "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
3111  return -1;
3112  }
3113 
3114  /* Subsection - SSLv2 style record by client, but informing the server
3115  * the max version it supports.
3116  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
3117  * it after some tests */
3118 #if 0
3119  if (SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3120  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
3121  {
3122  return -1;
3123  }
3124  if (SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3125  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
3126  {
3127  return -1;
3128  }
3129 #endif
3130 
3131  return 0;
3132 }
3133 
3134 #ifdef HAVE_JA3
3135 static void CheckJA3Enabled(void)
3136 {
3137  const char *strval = NULL;
3138  /* Check if we should generate JA3 fingerprints */
3139  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3140  if (SCConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3141  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3142  } else if (strcmp(strval, "auto") == 0) {
3143  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3144  } else if (SCConfValIsFalse(strval)) {
3145  enable_ja3 = 0;
3146  ssl_config.disable_ja3 = true;
3147  } else if (SCConfValIsTrue(strval)) {
3148  enable_ja3 = true;
3149  }
3150  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3151  if (!ssl_config.disable_ja3 && !g_disable_hashing) {
3152  /* The feature is available, i.e. _could_ be activated by a rule or
3153  even is enabled in the configuration. */
3154  ProvidesFeature(FEATURE_JA3);
3155  }
3156 }
3157 #endif /* HAVE_JA3 */
3158 
3159 #ifdef HAVE_JA4
3160 static void CheckJA4Enabled(void)
3161 {
3162  const char *strval = NULL;
3163  /* Check if we should generate JA4 fingerprints */
3164  int enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3165  if (SCConfGet("app-layer.protocols.tls.ja4-fingerprints", &strval) != 1) {
3166  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3167  } else if (strcmp(strval, "auto") == 0) {
3168  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3169  } else if (SCConfValIsFalse(strval)) {
3170  enable_ja4 = 0;
3171  ssl_config.disable_ja4 = true;
3172  } else if (SCConfValIsTrue(strval)) {
3173  enable_ja4 = true;
3174  }
3175  SC_ATOMIC_SET(ssl_config.enable_ja4, enable_ja4);
3176  if (!ssl_config.disable_ja4 && !g_disable_hashing) {
3177  /* The feature is available, i.e. _could_ be activated by a rule or
3178  even is enabled in the configuration. */
3179  ProvidesFeature(FEATURE_JA4);
3180  }
3181 }
3182 #endif /* HAVE_JA4 */
3183 
3184 /**
3185  * \brief Function to register the SSL protocol parser and other functions
3186  */
3187 void RegisterSSLParsers(void)
3188 {
3189  const char *proto_name = "tls";
3190 
3191  SC_ATOMIC_INIT(ssl_config.enable_ja3);
3192 
3193  /** SSLv2 and SSLv23*/
3194  if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
3195  AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
3196 
3197  if (SSLRegisterPatternsForProtocolDetection() < 0)
3198  return;
3199 
3200  if (RunmodeIsUnittests()) {
3201  SCAppLayerProtoDetectPPRegister(
3202  IPPROTO_TCP, "443", ALPROTO_TLS, 0, 3, STREAM_TOSERVER, SSLProbingParser, NULL);
3203  } else {
3204  if (SCAppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP, proto_name, ALPROTO_TLS,
3205  0, 3, SSLProbingParser, NULL) == 0) {
3206  SCLogConfig("no TLS config found, "
3207  "enabling TLS detection on port 443.");
3208  SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "443", ALPROTO_TLS, 0, 3,
3209  STREAM_TOSERVER, SSLProbingParser, NULL);
3210  }
3211  }
3212  } else {
3213  SCLogConfig("Protocol detection and parser disabled for %s protocol",
3214  proto_name);
3215  return;
3216  }
3217 
3218  if (SCAppLayerParserConfParserEnabled("tcp", proto_name)) {
3219  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
3220  SSLParseClientRecord);
3221 
3222  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3223  SSLParseServerRecord);
3224  AppLayerParserRegisterGetStateFuncs(
3225  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetStateIdByName, SSLStateGetStateNameById);
3226  AppLayerParserRegisterGetFrameFuncs(
3227  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3228  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3229  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3230 
3231  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3232 
3233  SCAppLayerParserRegisterParserAcceptableDataDirection(
3234  IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER);
3235 
3236  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3237 
3238  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3239  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3240  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3241 
3242  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3243 
3244  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3245 
3246  AppLayerParserRegisterStateProgressCompletionStatus(
3247  ALPROTO_TLS, TLS_STATE_CLIENT_FINISHED, TLS_STATE_SERVER_FINISHED);
3248 
3249  SCConfNode *enc_handle = SCConfGetNode("app-layer.protocols.tls.encryption-handling");
3250  if (enc_handle != NULL && enc_handle->val != NULL) {
3251  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3252  if (strcmp(enc_handle->val, "full") == 0) {
3253  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_FULL;
3254  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3255  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3256  } else if (strcmp(enc_handle->val, "track-only") == 0) {
3257  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3258  } else if (strcmp(enc_handle->val, "default") == 0) {
3259  SCLogWarning("app-layer.protocols.tls.encryption-handling = default is deprecated "
3260  "and will be removed in Suricata 9, use \"track-only\" instead, "
3261  "(see ticket #7642)");
3262  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3263  } else {
3264  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3265  }
3266  } else {
3267  /* Get the value of no reassembly option from the config file */
3268  if (SCConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3269  int value = 0;
3270  if (SCConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3271  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3272  } else {
3273  int value = 0;
3274  if (SCConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 &&
3275  value == 1)
3276  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3277  }
3278  }
3279  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3280 
3281 #ifdef HAVE_JA3
3282  CheckJA3Enabled();
3283 #endif /* HAVE_JA3 */
3284 #ifdef HAVE_JA4
3285  CheckJA4Enabled();
3286 #endif /* HAVE_JA4 */
3287 
3288  if (g_disable_hashing) {
3289  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3290  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3291  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3292  }
3293  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3294  SCLogWarning("Hashing has been disabled, disabling JA4");
3295  SC_ATOMIC_SET(ssl_config.enable_ja4, 0);
3296  }
3297  } else {
3298  if (RunmodeIsUnittests()) {
3299 #ifdef HAVE_JA3
3300  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3301 #endif /* HAVE_JA3 */
3302 #ifdef HAVE_JA4
3303  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3304 #endif /* HAVE_JA4 */
3305  }
3306  }
3307  } else {
3308  SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.", proto_name);
3309  }
3310 }
3311 
3312 /**
3313  * \brief if not explicitly disabled in config, enable ja3 support
3314  *
3315  * Implemented using atomic to allow rule reloads to do this at
3316  * runtime.
3317  */
3318 void SSLEnableJA3(void)
3319 {
3320  if (g_disable_hashing || ssl_config.disable_ja3) {
3321  return;
3322  }
3323  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3324  return;
3325  }
3326  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3327 }
3328 
3329 /**
3330  * \brief if not explicitly disabled in config, enable ja4 support
3331  *
3332  * Implemented using atomic to allow rule reloads to do this at
3333  * runtime.
3334  */
3335 void SSLEnableJA4(void)
3336 {
3337  // only caller has #ifdef HAVE_JA4
3338  if (g_disable_hashing || ssl_config.disable_ja4) {
3339  return;
3340  }
3341  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3342  return;
3343  }
3344  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3345 }
3346 
3347 /**
3348  * \brief return whether ja3 is effectively enabled
3349  *
3350  * This means that it either has been enabled explicitly or has been
3351  * enabled by having loaded a rule while not being explicitly disabled.
3352  *
3353  * \retval true if enabled, false otherwise
3354  */
3355 bool SSLJA3IsEnabled(void)
3356 {
3357  return SC_ATOMIC_GET(ssl_config.enable_ja3);
3358 }
3359 
3360 /**
3361  * \brief return whether ja4 is effectively enabled
3362  *
3363  * This means that it either has been enabled explicitly or has been
3364  * enabled by having loaded a rule while not being explicitly disabled.
3365  *
3366  * \retval true if enabled, false otherwise
3367  */
3368 bool SSLJA4IsEnabled(void)
3369 {
3370  return SC_ATOMIC_GET(ssl_config.enable_ja4);
3371 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:213
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:175
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:99
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:71
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:486
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:236
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:205
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:148
SSLSubjectAltName_::san_len
uint32_t san_len
Definition: app-layer-ssl.h:169
SCConfValIsTrue
int SCConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:552
SCAppLayerParserStateIssetFlag
uint16_t SCAppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1840
JA3Buffer_
Definition: util-ja3.h:31
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:163
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:254
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:258
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:73
StreamSlice
struct StreamSlice StreamSlice
Definition: app-layer-parser.h:39
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:183
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:230
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:246
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:147
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:179
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:257
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:39
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3335
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:282
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:132
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:187
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:52
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:241
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:258
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:198
name
const char * name
Definition: detect-engine-proto.c:48
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:121
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:86
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:309
SSLStateConnp_
Definition: app-layer-ssl.h:172
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:218
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:189
SCAppLayerParserStateSetFlag
void SCAppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1832
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:189
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:131
Flow_
Flow data structure.
Definition: flow.h:347
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:153
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:237
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:110
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: util-file.h:100
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:222
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:534
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:351
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:240
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:312
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:224
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:177
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:496
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:217
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:239
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:252
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Definition: util-ja3.c:314
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:231
TLS_STATE_SERVER_HELLO_DONE
@ TLS_STATE_SERVER_HELLO_DONE
Definition: app-layer-ssl.h:89
MIN
#define MIN(x, y)
Definition: suricata-common.h:408
SCConfGetBool
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:498
AppLayerParserRegisterGetStateFuncs
void AppLayerParserRegisterGetStateFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetStateIdByNameFn GetIdByNameFunc, AppLayerParserGetStateNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:561
util-ja3.h
SCConfValIsFalse
int SCConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:577
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:176
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: app-layer-parser.h:43
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:112
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:239
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:228
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
SSL_CNF_ENC_HANDLE_TRACK_ONLY
@ SSL_CNF_ENC_HANDLE_TRACK_ONLY
Definition: app-layer-ssl.c:195
MAX
#define MAX(x, y)
Definition: suricata-common.h:412
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:225
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:53
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:74
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:176
SSLSubjectAltName_::san
uint8_t * san
Definition: app-layer-ssl.h:168
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:98
SCAppLayerProtoDetectPMRegisterPatternCSwPP
int SCAppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1636
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:178
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:227
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:69
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:62
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:103
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:104
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:199
SCAppLayerProtoDetectConfProtoDetectionEnabled
int SCAppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1957
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:173
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:250
SSLStateConnp_::cert0_sans
SSLSubjectAltName * cert0_sans
Definition: app-layer-ssl.h:202
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:118
SCAppLayerParserTriggerRawStreamInspection
void SCAppLayerParserTriggerRawStreamInspection(Flow *f, int direction)
Definition: app-layer-parser.c:1550
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:72
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:240
app-layer-detect-proto.h
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:264
AppLayerResult
struct AppLayerResult AppLayerResult
Definition: app-layer-parser.h:40
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:89
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
feature.h
decode.h
util-debug.h
TLS_STATE_CLIENT_HANDSHAKE_DONE
@ TLS_STATE_CLIENT_HANDSHAKE_DONE
Definition: app-layer-ssl.h:81
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
AppLayerParserState_
Definition: app-layer-parser.c:135
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:253
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3355
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:138
SCAppLayerParserConfParserEnabled
int SCAppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:345
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:172
SSLState_::client_state
enum TlsStateClient client_state
Definition: app-layer-ssl.h:254
APP_LAYER_EVENT_TYPE_TRANSACTION
@ APP_LAYER_EVENT_TYPE_TRANSACTION
Definition: app-layer-events.h:55
AppLayerEventType
AppLayerEventType
Definition: app-layer-events.h:54
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Definition: util-ja3.c:309
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:184
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:242
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:263
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:228
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:212
TLS_STATE_CLIENT_HELLO_DONE
@ TLS_STATE_CLIENT_HELLO_DONE
Definition: app-layer-ssl.h:79
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
TlsStateServer
TlsStateServer
Definition: app-layer-ssl.h:85
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:67
SSLCertsChain_
Definition: app-layer-ssl.h:161
SSLStateConnp_::cert0_serial_len
uint32_t cert0_serial_len
Definition: app-layer-ssl.h:197
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:571
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:64
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:318
TlsStateClient
TlsStateClient
Definition: app-layer-ssl.h:77
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:70
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:135
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:435
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:50
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:109
TLS_STATE_SERVER_FINISHED
@ TLS_STATE_SERVER_FINISHED
Definition: app-layer-ssl.h:91
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:262
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:159
SSLStateConnp_::cert0_serial
uint8_t * cert0_serial
Definition: app-layer-ssl.h:196
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
TLS_STATE_CLIENT_IN_PROGRESS
@ TLS_STATE_CLIENT_IN_PROGRESS
Definition: app-layer-ssl.h:78
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:581
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:194
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:117
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:111
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:245
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:237
SSL_EXTENSION_ALPN
#define SSL_EXTENSION_ALPN
Definition: app-layer-ssl.h:150
type
uint16_t type
Definition: decode-vlan.c:106
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:54
conf.h
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:184
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:124
SSLStateConnp_::cert0_issuerdn
uint8_t * cert0_issuerdn
Definition: app-layer-ssl.h:194
SSLState_::server_state
enum TlsStateServer server_state
Definition: app-layer-ssl.h:255
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3318
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:174
SslConfig_
Definition: app-layer-ssl.c:200
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:236
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1757
TLS_STATE_SERVER_CERT_DONE
@ TLS_STATE_SERVER_CERT_DONE
Definition: app-layer-ssl.h:88
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:216
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:214
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:243
SSLStateConnp_::sni
uint8_t * sni
Definition: app-layer-ssl.h:205
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:162
SSLStateConnp_::cert0_sans_num
uint16_t cert0_sans_num
Definition: app-layer-ssl.h:203
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:274
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:213
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:49
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:402
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:140
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:229
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:95
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:260
SCAppLayerProtoDetectPPRegister
void SCAppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1526
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:516
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
SSLDecoderResult
Definition: app-layer-ssl.c:262
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:77
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:63
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:191
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:247
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:266
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:101
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:304
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:185
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:61
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3187
SSLStateConnp_::cert0_subject_len
uint32_t cert0_subject_len
Definition: app-layer-ssl.h:193
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:249
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:271
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:151
SSL_EXTENSION_SIGNATURE_ALGORITHMS
#define SSL_EXTENSION_SIGNATURE_ALGORITHMS
Definition: app-layer-ssl.h:149
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Definition: util-ja3.c:319
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:152
SCEnumCharMap_
Definition: util-enum.h:27
SCAppLayerParserRegisterParserAcceptableDataDirection
void SCAppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:414
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:182
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:325
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:602
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:226
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:65
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:276
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:592
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:464
FEATURE_JA4
#define FEATURE_JA4
Definition: feature.h:30
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:201
TLS_STATE_CLIENT_CERT_DONE
@ TLS_STATE_CLIENT_CERT_DONE
Definition: app-layer-ssl.h:80
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:220
AppLayerStateData
struct AppLayerStateData AppLayerStateData
Definition: app-layer-parser.h:44
app-layer-events.h
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:97
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:226
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:156
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:238
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:210
SCAppLayerProtoDetectPMRegisterPatternCS
int SCAppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1625
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:182
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:274
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCAppLayerProtoDetectPPParseConfPorts
int SCAppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1562
SSLSubjectAltName_
Definition: app-layer-ssl.h:167
TLS_STATE_SERVER_IN_PROGRESS
@ TLS_STATE_SERVER_IN_PROGRESS
Definition: app-layer-ssl.h:86
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:66
src
uint16_t src
Definition: app-layer-dnp3.h:5
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:235
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:105
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:215
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3368
WARN_UNUSED
#define WARN_UNUSED
Definition: bindgen.h:33
SslConfig_::disable_ja4
bool disable_ja4
Definition: app-layer-ssl.c:207
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:33
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:221
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:68
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:250
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:106
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja4)
app-layer-protos.h
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:180
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:506
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:196
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:81
SslConfig
struct SslConfig_ SslConfig
SSLStateConnp_::hs
HandshakeParams * hs
Definition: app-layer-ssl.h:220
FEATURE_JA3
#define FEATURE_JA3
Definition: feature.h:29
SSLStateConnp_::cert0_issuerdn_len
uint32_t cert0_issuerdn_len
Definition: app-layer-ssl.h:195
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:549
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:106
id
uint32_t id
Definition: detect-flowbits.c:1042
TLS_STATE_SERVER_HELLO
@ TLS_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:87
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:51
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:208
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
TLS_DECODER_EVENT_INVALID_ALERT
@ TLS_DECODER_EVENT_INVALID_ALERT
Definition: app-layer-ssl.h:59
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:146
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:200
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:256
SSLStateConnp_::sni_len
uint16_t sni_len
Definition: app-layer-ssl.h:206
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:217
TLS_STATE_SERVER_HANDSHAKE_DONE
@ TLS_STATE_SERVER_HANDSHAKE_DONE
Definition: app-layer-ssl.h:90
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:179
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:227
util-enum.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:288
SCConfNode_
Definition: conf.h:37
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:224
SCConfNode_::val
char * val
Definition: conf.h:39
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:174
TLS_STATE_CLIENT_FINISHED
@ TLS_STATE_CLIENT_FINISHED
Definition: app-layer-ssl.h:82
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:223
SCAppLayerGetEventIdByName
int SCAppLayerGetEventIdByName(const char *event_name, SCEnumCharMap *table, uint8_t *event_id)
Definition: app-layer-events.c:30
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:128
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:232
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:116
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:102
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:197
SSLStateConnp_::cert0_subject
uint8_t * cert0_subject
Definition: app-layer-ssl.h:192
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:243
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:181
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:225
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:218