suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 
30 #include "app-layer.h"
31 #include "app-layer-detect-proto.h"
32 #include "app-layer-protos.h"
33 #include "app-layer-parser.h"
34 #include "app-layer-frames.h"
35 #include "app-layer-ssl.h"
36 
37 #include "conf.h"
38 
39 #include "feature.h"
40 
41 #include "util-debug.h"
42 #include "util-ja3.h"
43 #include "util-enum.h"
44 #include "util-validate.h"
45 
46 SCEnumCharMap tls_frame_table[] = {
47  {
48  "pdu",
49  TLS_FRAME_PDU,
50  },
51  {
52  "hdr",
53  TLS_FRAME_HDR,
54  },
55  {
56  "data",
57  TLS_FRAME_DATA,
58  },
59  {
60  "alert",
61  TLS_FRAME_ALERT_DATA,
62  },
63  {
64  "heartbeat",
65  TLS_FRAME_HB_DATA,
66  },
67  {
68  "ssl2.hdr",
69  TLS_FRAME_SSLV2_HDR,
70  },
71  {
72  "ssl2.pdu",
73  TLS_FRAME_SSLV2_PDU,
74  },
75  { NULL, -1 },
76 };
77 
78 SCEnumCharMap tls_decoder_event_table[] = {
79  /* TLS protocol messages */
80  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
81  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
82  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
83  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
84  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
85  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
86  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
87  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
88  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
89  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
90  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
91  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
92  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
93  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
94  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
95  /* certificate decoding messages */
96  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
97  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
98  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
99  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
100  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
101  TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
102  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
103  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
104  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
105  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
106  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
107  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
108  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
109  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
110  /* used as a generic error event */
111  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
112  { NULL, -1 },
113 };
114 
115 enum {
116  /* X.509 error codes, returned by decoder
117  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
118  ERR_INVALID_CERTIFICATE=1,
119  ERR_INVALID_LENGTH,
120  ERR_INVALID_VERSION,
121  ERR_INVALID_SERIAL,
122  ERR_INVALID_ALGORITHMIDENTIFIER,
123  ERR_INVALID_X509NAME,
124  ERR_INVALID_DATE,
125  ERR_INVALID_EXTENSIONS,
126  ERR_INVALID_DER,
127 
128  /* error getting data */
129  ERR_EXTRACT_SUBJECT,
130  ERR_EXTRACT_ISSUER,
131  ERR_EXTRACT_VALIDITY,
132 };
133 
134 /* JA3 and JA4 fingerprints are disabled by default */
135 #define SSL_CONFIG_DEFAULT_JA3 0
136 #define SSL_CONFIG_DEFAULT_JA4 0
137 
138 enum SslConfigEncryptHandling {
139  SSL_CNF_ENC_HANDLE_DEFAULT = 0, /**< disable raw content, continue tracking */
140  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
141  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
142 };
143 
144 typedef struct SslConfig_ {
145  enum SslConfigEncryptHandling encrypt_mode;
146  /** dynamic setting for ja3 and ja4: can be enabled on demand if not
147  * explicitly disabled. */
148  SC_ATOMIC_DECLARE(int, enable_ja3);
149  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
150  SC_ATOMIC_DECLARE(int, enable_ja4);
151  bool disable_ja4; /**< ja4 explicitly disabled. Don't enable on demand. */
152 } SslConfig;
153 
154 SslConfig ssl_config;
155 
156 /* SSLv3 record types */
157 #define SSLV3_CHANGE_CIPHER_SPEC 20
158 #define SSLV3_ALERT_PROTOCOL 21
159 #define SSLV3_HANDSHAKE_PROTOCOL 22
160 #define SSLV3_APPLICATION_PROTOCOL 23
161 #define SSLV3_HEARTBEAT_PROTOCOL 24
162 
163 /* SSLv3 handshake protocol types */
164 #define SSLV3_HS_HELLO_REQUEST 0
165 #define SSLV3_HS_CLIENT_HELLO 1
166 #define SSLV3_HS_SERVER_HELLO 2
167 #define SSLV3_HS_NEW_SESSION_TICKET 4
168 #define SSLV3_HS_CERTIFICATE 11
169 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
170 #define SSLV3_HS_CERTIFICATE_REQUEST 13
171 #define SSLV3_HS_SERVER_HELLO_DONE 14
172 #define SSLV3_HS_CERTIFICATE_VERIFY 15
173 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
174 #define SSLV3_HS_FINISHED 20
175 #define SSLV3_HS_CERTIFICATE_URL 21
176 #define SSLV3_HS_CERTIFICATE_STATUS 22
177 
178 /* SSLv2 protocol message types */
179 #define SSLV2_MT_ERROR 0
180 #define SSLV2_MT_CLIENT_HELLO 1
181 #define SSLV2_MT_CLIENT_MASTER_KEY 2
182 #define SSLV2_MT_CLIENT_FINISHED 3
183 #define SSLV2_MT_SERVER_HELLO 4
184 #define SSLV2_MT_SERVER_VERIFY 5
185 #define SSLV2_MT_SERVER_FINISHED 6
186 #define SSLV2_MT_REQUEST_CERTIFICATE 7
187 #define SSLV2_MT_CLIENT_CERTIFICATE 8
188 
189 #define SSLV3_RECORD_HDR_LEN 5
190 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
191 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
192 
193 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
194 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
195 
196 /* TLS heartbeat protocol types */
197 #define TLS_HB_REQUEST 1
198 #define TLS_HB_RESPONSE 2
199 
200 #define SSL_RECORD_MINIMUM_LENGTH 6
201 
202 #define SHA1_STRING_LENGTH 60
203 
204 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
205 
206 struct SSLDecoderResult {
207  int retval; // nr bytes consumed from input, or < 0 on error
208  uint32_t needed; // more bytes needed
209 };
210 #define SSL_DECODER_ERROR(e) \
211  (struct SSLDecoderResult) \
212  { \
213  (e), 0 \
214  }
215 #define SSL_DECODER_OK(c) \
216  (struct SSLDecoderResult) \
217  { \
218  (uint32_t)(c), 0 \
219  }
220 #define SSL_DECODER_INCOMPLETE(c, n) \
221  (struct SSLDecoderResult) \
222  { \
223  (uint32_t)(c), (n) \
224  }
225 
226 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
227  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
228 
229 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
230  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
231 {
232  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
233  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
234  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
235  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
236 
237  if (dst_offset < dst_size && src_offset < src_size &&
238  src_tocopy <= (src_size - src_offset) &&
239  src_tocopy <= (dst_size - dst_offset)) {
240  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
241  return 0;
242  }
243  return -1;
244 }
245 
246 #ifdef DEBUG_VALIDATION
247 #define ValidateRecordState(connp) \
248  do { \
249  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
250  (connp)->bytes_processed); \
251  } while(0);
252 #else
253 #define ValidateRecordState(...)
254 #endif
255 
256 #define SSLParserHSReset(connp) \
257  do { \
258  (connp)->handshake_type = 0; \
259  (connp)->message_length = 0; \
260  } while (0)
261 
262 #define SSLParserReset(state) \
263  do { \
264  SCLogDebug("resetting state"); \
265  (state)->curr_connp->bytes_processed = 0; \
266  SSLParserHSReset((state)->curr_connp); \
267  } while(0)
268 
269 #define SSLSetEvent(ssl_state, event) \
270  do { \
271  SCLogDebug("setting event %u", (event)); \
272  if ((ssl_state) == NULL) { \
273  SCLogDebug("could not set decoder event %u", event); \
274  } else { \
275  AppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
276  (ssl_state)->events++; \
277  } \
278  } while (0)
279 
280 static void SSLStateCertSANFree(SSLStateConnp *connp);
281 
282 static void *SSLGetTx(void *state, uint64_t tx_id)
283 {
284  SSLState *ssl_state = (SSLState *)state;
285  return ssl_state;
286 }
287 
288 static uint64_t SSLGetTxCnt(void *state)
289 {
290  /* single tx */
291  return 1;
292 }
293 
294 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
295 {
296  SSLState *ssl_state = (SSLState *)tx;
297 
298  /* we don't care about direction, only that app-layer parser is done
299  and have sent an EOF */
300  if (ssl_state->flags & SSL_AL_FLAG_STATE_FINISHED) {
301  return TLS_STATE_FINISHED;
302  }
303 
304  /* we want the logger to log when the handshake is done, even if the
305  state is not finished */
306  if (ssl_state->flags & SSL_AL_FLAG_HANDSHAKE_DONE) {
307  return TLS_HANDSHAKE_DONE;
308  }
309 
310  if (direction == STREAM_TOSERVER &&
311  (ssl_state->server_connp.cert0_subject != NULL ||
312  ssl_state->server_connp.cert0_issuerdn != NULL))
313  {
314  return TLS_STATE_CERT_READY;
315  }
316 
317  return TLS_STATE_IN_PROGRESS;
318 }
319 
320 static AppLayerTxData *SSLGetTxData(void *vtx)
321 {
322  SSLState *ssl_state = (SSLState *)vtx;
323  return &ssl_state->tx_data;
324 }
325 
326 static AppLayerStateData *SSLGetStateData(void *vstate)
327 {
328  SSLState *ssl_state = (SSLState *)vstate;
329  return &ssl_state->state_data;
330 }
331 
332 void SSLVersionToString(uint16_t version, char *buffer)
333 {
334  buffer[0] = '\0';
335 
336  switch (version) {
337  case TLS_VERSION_UNKNOWN:
338  strlcat(buffer, "UNDETERMINED", 13);
339  break;
340  case SSL_VERSION_2:
341  strlcat(buffer, "SSLv2", 6);
342  break;
343  case SSL_VERSION_3:
344  strlcat(buffer, "SSLv3", 6);
345  break;
346  case TLS_VERSION_10:
347  strlcat(buffer, "TLSv1", 6);
348  break;
349  case TLS_VERSION_11:
350  strlcat(buffer, "TLS 1.1", 8);
351  break;
352  case TLS_VERSION_12:
353  strlcat(buffer, "TLS 1.2", 8);
354  break;
355  case TLS_VERSION_13:
356  strlcat(buffer, "TLS 1.3", 8);
357  break;
358  case TLS_VERSION_13_DRAFT28:
359  strlcat(buffer, "TLS 1.3 draft-28", 17);
360  break;
361  case TLS_VERSION_13_DRAFT27:
362  strlcat(buffer, "TLS 1.3 draft-27", 17);
363  break;
364  case TLS_VERSION_13_DRAFT26:
365  strlcat(buffer, "TLS 1.3 draft-26", 17);
366  break;
367  case TLS_VERSION_13_DRAFT25:
368  strlcat(buffer, "TLS 1.3 draft-25", 17);
369  break;
370  case TLS_VERSION_13_DRAFT24:
371  strlcat(buffer, "TLS 1.3 draft-24", 17);
372  break;
373  case TLS_VERSION_13_DRAFT23:
374  strlcat(buffer, "TLS 1.3 draft-23", 17);
375  break;
376  case TLS_VERSION_13_DRAFT22:
377  strlcat(buffer, "TLS 1.3 draft-22", 17);
378  break;
379  case TLS_VERSION_13_DRAFT21:
380  strlcat(buffer, "TLS 1.3 draft-21", 17);
381  break;
382  case TLS_VERSION_13_DRAFT20:
383  strlcat(buffer, "TLS 1.3 draft-20", 17);
384  break;
385  case TLS_VERSION_13_DRAFT19:
386  strlcat(buffer, "TLS 1.3 draft-19", 17);
387  break;
388  case TLS_VERSION_13_DRAFT18:
389  strlcat(buffer, "TLS 1.3 draft-18", 17);
390  break;
391  case TLS_VERSION_13_DRAFT17:
392  strlcat(buffer, "TLS 1.3 draft-17", 17);
393  break;
394  case TLS_VERSION_13_DRAFT16:
395  strlcat(buffer, "TLS 1.3 draft-16", 17);
396  break;
397  case TLS_VERSION_13_PRE_DRAFT16:
398  strlcat(buffer, "TLS 1.3 draft-<16", 18);
399  break;
400  case TLS_VERSION_13_DRAFT20_FB:
401  strlcat(buffer, "TLS 1.3 draft-20-fb", 20);
402  break;
403  case TLS_VERSION_13_DRAFT21_FB:
404  strlcat(buffer, "TLS 1.3 draft-21-fb", 20);
405  break;
406  case TLS_VERSION_13_DRAFT22_FB:
407  strlcat(buffer, "TLS 1.3 draft-22-fb", 20);
408  break;
409  case TLS_VERSION_13_DRAFT23_FB:
410  strlcat(buffer, "TLS 1.3 draft-23-fb", 20);
411  break;
412  case TLS_VERSION_13_DRAFT26_FB:
413  strlcat(buffer, "TLS 1.3 draft-26-fb", 20);
414  break;
415  default:
416  snprintf(buffer, 7, "0x%04x", version);
417  break;
418  }
419 }
420 
421 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
422 {
423  switch(err) {
424  case ERR_EXTRACT_VALIDITY:
425  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY);
426  break;
427  case ERR_EXTRACT_ISSUER:
428  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER);
429  break;
430  case ERR_EXTRACT_SUBJECT:
431  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT);
432  break;
433  case ERR_INVALID_DER:
434  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER);
435  break;
436  case ERR_INVALID_EXTENSIONS:
437  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS);
438  break;
439  case ERR_INVALID_DATE:
440  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE);
441  break;
442  case ERR_INVALID_X509NAME:
443  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME);
444  break;
445  case ERR_INVALID_ALGORITHMIDENTIFIER:
446  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER);
447  break;
448  case ERR_INVALID_SERIAL:
449  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL);
450  break;
451  case ERR_INVALID_VERSION:
452  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION);
453  break;
454  case ERR_INVALID_LENGTH:
455  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH);
456  break;
457  case ERR_INVALID_CERTIFICATE:
458  default:
459  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
460  break;
461  }
462 }
463 
464 static inline int TlsDecodeHSCertificateFingerprint(
465  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
466 {
467  if (unlikely(connp->cert0_fingerprint != NULL))
468  return 0;
469 
470  connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH);
471  if (connp->cert0_fingerprint == NULL)
472  return -1;
473 
474  uint8_t hash[SC_SHA1_LEN];
475  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
476  rs_to_hex_sep(
477  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
478  }
479  return 0;
480 }
481 
482 static inline int TlsDecodeHSCertificateAddCertToChain(
483  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
484 {
485  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
486  if (cert == NULL)
487  return -1;
488 
489  cert->cert_data = (uint8_t *)input;
490  cert->cert_len = cert_len;
491  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
492 
493  return 0;
494 }
495 
496 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
497  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
498 {
499  const uint8_t *input = (uint8_t *)initial_input;
500  uint32_t err_code = 0;
501  X509 *x509 = NULL;
502  int rc = 0;
503 
504  if (!(HAS_SPACE(3)))
505  goto invalid_cert;
506 
507  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
508  input += 3;
509 
510  if (!(HAS_SPACE(cert_len)))
511  goto invalid_cert;
512 
513  /* only store fields from the first certificate in the chain */
514  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
515  connp->cert0_serial == NULL) {
516  x509 = rs_x509_decode(input, cert_len, &err_code);
517  if (x509 == NULL) {
518  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
519  goto next;
520  }
521 
522  char *str = rs_x509_get_subject(x509);
523  if (str == NULL) {
524  err_code = ERR_EXTRACT_SUBJECT;
525  goto error;
526  }
527  connp->cert0_subject = str;
528 
529  str = rs_x509_get_issuer(x509);
530  if (str == NULL) {
531  err_code = ERR_EXTRACT_ISSUER;
532  goto error;
533  }
534  connp->cert0_issuerdn = str;
535 
536  connp->cert0_sans_len = rs_x509_get_subjectaltname_len(x509);
537  char **sans = SCCalloc(connp->cert0_sans_len, sizeof(char *));
538  if (sans == NULL) {
539  goto error;
540  }
541  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
542  sans[i] = rs_x509_get_subjectaltname_at(x509, i);
543  }
544  connp->cert0_sans = sans;
545  str = rs_x509_get_serial(x509);
546  if (str == NULL) {
547  err_code = ERR_INVALID_SERIAL;
548  goto error;
549  }
550  connp->cert0_serial = str;
551 
552  rc = rs_x509_get_validity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
553  if (rc != 0) {
554  err_code = ERR_EXTRACT_VALIDITY;
555  goto error;
556  }
557 
558  rs_x509_free(x509);
559  x509 = NULL;
560 
561  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
562  if (rc != 0) {
563  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
564  goto error;
565  }
566  }
567 
568  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
569  if (rc != 0) {
570  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
571  goto error;
572  }
573 
574 next:
575  input += cert_len;
576  return (int)(input - initial_input);
577 
578 error:
579  if (err_code != 0)
580  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
581  if (x509 != NULL)
582  rs_x509_free(x509);
583 
584  SSLStateCertSANFree(connp);
585  return -1;
586 
587 invalid_cert:
588  SCLogDebug("TLS invalid certificate");
589  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
590  return -1;
591 }
592 
593 /** \internal
594  * \brief parse cert data in a certificate handshake message
595  * will be called with all data.
596  * \retval consumed bytes consumed or -1 on error
597  */
598 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
599  const uint8_t *const initial_input, const uint32_t input_len)
600 {
601  const uint8_t *input = (uint8_t *)initial_input;
602 
603  if (!(HAS_SPACE(3)))
604  return -1;
605 
606  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
607  input += 3;
608 
609  if (!(HAS_SPACE(cert_chain_len)))
610  return -1;
611 
612  if (connp->certs_buffer != NULL) {
613  // TODO should we set an event here?
614  return -1;
615  }
616 
617  connp->certs_buffer = SCCalloc(1, cert_chain_len);
618  if (connp->certs_buffer == NULL) {
619  return -1;
620  }
621  connp->certs_buffer_size = cert_chain_len;
622  memcpy(connp->certs_buffer, input, cert_chain_len);
623 
624  int cert_cnt = 0;
625  uint32_t processed_len = 0;
626  /* coverity[tainted_data] */
627  while (processed_len < cert_chain_len) {
628  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
629  connp->certs_buffer_size - processed_len, cert_cnt);
630  if (rc <= 0) { // 0 should be impossible, but lets be defensive
631  return -1;
632  }
633  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
634  if (processed_len + (uint32_t)rc > cert_chain_len) {
635  return -1;
636  }
637 
638  processed_len += (uint32_t)rc;
639  }
640 
641  return processed_len + 3;
642 }
643 
644 /**
645  * \inline
646  * \brief Check if value is GREASE.
647  *
648  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
649  *
650  * \param value Value to check.
651  *
652  * \retval 1 if is GREASE.
653  * \retval 0 if not is GREASE.
654  */
655 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
656 {
657  switch (value)
658  {
659  case 0x0a0a:
660  case 0x1a1a:
661  case 0x2a2a:
662  case 0x3a3a:
663  case 0x4a4a:
664  case 0x5a5a:
665  case 0x6a6a:
666  case 0x7a7a:
667  case 0x8a8a:
668  case 0x9a9a:
669  case 0xaaaa:
670  case 0xbaba:
671  case 0xcaca:
672  case 0xdada:
673  case 0xeaea:
674  case 0xfafa:
675  return 1;
676  default:
677  return 0;
678  }
679 }
680 
681 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
682  const uint8_t * const initial_input,
683  const uint32_t input_len)
684 {
685  uint8_t *input = (uint8_t *)initial_input;
686 
687  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_VERSION_LEN))) {
688  SCLogDebug("TLS handshake invalid length");
689  SSLSetEvent(ssl_state,
690  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
691  return -1;
692  }
693 
694  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
695  ssl_state->curr_connp->version = version;
696 
697  if (ssl_state->curr_connp->ja4 != NULL &&
698  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
699  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, version);
700  }
701 
702  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
703  versions, instead of using the supported versions extension. */
704  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
705  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
706  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
707  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
708  }
709 
710  /* Catch some early TLSv1.3 draft implementations that does not conform
711  to the draft version. */
712  if ((ssl_state->curr_connp->version >= 0x7f01) &&
713  (ssl_state->curr_connp->version < 0x7f10)) {
714  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
715  }
716 
717  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
718  version number, which makes it hard to accurately pinpoint the
719  exact draft version. */
720  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
721  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
722  }
723 
724  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
725  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
726  if (ssl_state->curr_connp->ja3_str == NULL)
727  return -1;
728 
729  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
730  if (rc != 0)
731  return -1;
732  }
733 
734  input += SSLV3_CLIENT_HELLO_VERSION_LEN;
735 
736  return (int)(input - initial_input);
737 }
738 
739 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
740  const uint8_t * const initial_input,
741  const uint32_t input_len)
742 {
743  uint8_t *input = (uint8_t *)initial_input;
744 
745  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_RANDOM_LEN))) {
746  SCLogDebug("TLS handshake invalid length");
747  SSLSetEvent(ssl_state,
748  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
749  return -1;
750  }
751 
752  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
753  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
754  ssl_state->flags |= TLS_TS_RANDOM_SET;
755  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
756  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
757  ssl_state->flags |= TLS_TC_RANDOM_SET;
758  }
759 
760  /* Skip random */
761  input += SSLV3_CLIENT_HELLO_RANDOM_LEN;
762 
763  return (int)(input - initial_input);
764 }
765 
766 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
767  const uint8_t * const initial_input,
768  const uint32_t input_len)
769 {
770  uint8_t *input = (uint8_t *)initial_input;
771 
772  if (!(HAS_SPACE(1)))
773  goto invalid_length;
774 
775  uint8_t session_id_length = *input;
776  input += 1;
777 
778  if (!(HAS_SPACE(session_id_length)))
779  goto invalid_length;
780 
781  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
782  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
783 
784  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
785  return -1;
786  }
787 
788  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
789  input, 0, input_len, session_id_length) != 0) {
790  return -1;
791  }
792  ssl_state->curr_connp->session_id_length = session_id_length;
793 
794  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
795  ssl_state->client_connp.session_id != NULL &&
796  ssl_state->server_connp.session_id != NULL) {
797  if ((ssl_state->client_connp.session_id_length ==
798  ssl_state->server_connp.session_id_length) &&
799  (memcmp(ssl_state->server_connp.session_id,
800  ssl_state->client_connp.session_id, session_id_length) == 0)) {
801  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
802  }
803  }
804  }
805 
806  input += session_id_length;
807 
808  return (int)(input - initial_input);
809 
810 invalid_length:
811  SCLogDebug("TLS handshake invalid length");
812  SSLSetEvent(ssl_state,
813  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
814  return -1;
815 }
816 
817 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
818  const uint8_t * const initial_input,
819  const uint32_t input_len)
820 {
821  const uint8_t *input = initial_input;
822 
823  if (!(HAS_SPACE(2)))
824  goto invalid_length;
825 
826  uint16_t cipher_suites_length;
827 
828  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
829  cipher_suites_length = 2;
830  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
831  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
832  input += 2;
833  } else {
834  return -1;
835  }
836 
837  if (!(HAS_SPACE(cipher_suites_length)))
838  goto invalid_length;
839 
840  /* Cipher suites length should always be divisible by 2 */
841  if ((cipher_suites_length % 2) != 0) {
842  goto invalid_length;
843  }
844 
845  const bool enable_ja3 =
846  SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL;
847 
848  if (enable_ja3 || SC_ATOMIC_GET(ssl_config.enable_ja4)) {
849  JA3Buffer *ja3_cipher_suites = NULL;
850 
851  if (enable_ja3) {
852  ja3_cipher_suites = Ja3BufferInit();
853  if (ja3_cipher_suites == NULL)
854  return -1;
855  }
856 
857  uint16_t processed_len = 0;
858  /* coverity[tainted_data] */
859  while (processed_len < cipher_suites_length)
860  {
861  if (!(HAS_SPACE(2))) {
862  if (enable_ja3) {
863  Ja3BufferFree(&ja3_cipher_suites);
864  }
865  goto invalid_length;
866  }
867 
868  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
869  input += 2;
870 
871  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
872  if (ssl_state->curr_connp->ja4 != NULL &&
873  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
874  SCJA4AddCipher(ssl_state->curr_connp->ja4, cipher_suite);
875  }
876  if (enable_ja3) {
877  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
878  if (rc != 0) {
879  return -1;
880  }
881  }
882  }
883  processed_len += 2;
884  }
885 
886  if (enable_ja3) {
887  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str, &ja3_cipher_suites);
888  if (rc == -1) {
889  return -1;
890  }
891  }
892 
893  } else {
894  /* Skip cipher suites */
895  input += cipher_suites_length;
896  }
897 
898  return (int)(input - initial_input);
899 
900 invalid_length:
901  SCLogDebug("TLS handshake invalid length");
902  SSLSetEvent(ssl_state,
903  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
904  return -1;
905 }
906 
907 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
908  const uint8_t * const initial_input,
909  const uint32_t input_len)
910 {
911  const uint8_t *input = initial_input;
912 
913  if (!(HAS_SPACE(1)))
914  goto invalid_length;
915 
916  /* Skip compression methods */
917  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
918  input += 1;
919  } else {
920  uint8_t compression_methods_length = *input;
921  input += 1;
922 
923  if (!(HAS_SPACE(compression_methods_length)))
924  goto invalid_length;
925 
926  input += compression_methods_length;
927  }
928 
929  return (int)(input - initial_input);
930 
931 invalid_length:
932  SCLogDebug("TLS handshake invalid_length");
933  SSLSetEvent(ssl_state,
934  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
935  return -1;
936 }
937 
938 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
939  const uint8_t * const initial_input,
940  const uint32_t input_len)
941 {
942  uint8_t *input = (uint8_t *)initial_input;
943 
944  /* Empty extension */
945  if (input_len == 0)
946  return 0;
947 
948  if (!(HAS_SPACE(2)))
949  goto invalid_length;
950 
951  /* Skip sni_list_length */
952  input += 2;
953 
954  if (!(HAS_SPACE(1)))
955  goto invalid_length;
956 
957  uint8_t sni_type = *input;
958  input += 1;
959 
960  /* Currently the only type allowed is host_name
961  (RFC6066 section 3). */
962  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
963  SCLogDebug("Unknown SNI type");
964  SSLSetEvent(ssl_state,
965  TLS_DECODER_EVENT_INVALID_SNI_TYPE);
966  return -1;
967  }
968 
969  if (!(HAS_SPACE(2)))
970  goto invalid_length;
971 
972  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
973  input += 2;
974 
975  /* host_name contains the fully qualified domain name,
976  and should therefore be limited by the maximum domain
977  name length. */
978  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
979  SSLSetEvent(ssl_state,
980  TLS_DECODER_EVENT_INVALID_SNI_LENGTH);
981  return -1;
982  }
983 
984  /* There must not be more than one extension of the same
985  type (RFC5246 section 7.4.1.4). */
986  if (ssl_state->curr_connp->sni) {
987  SCLogDebug("Multiple SNI extensions");
988  SSLSetEvent(ssl_state,
989  TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS);
990  input += sni_len;
991  return (int)(input - initial_input);
992  }
993 
994  const size_t sni_strlen = sni_len + 1;
995  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
996  if (unlikely(ssl_state->curr_connp->sni == NULL))
997  return -1;
998 
999  const size_t consumed = input - initial_input;
1000  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
1001  initial_input, consumed, input_len, sni_len) != 0) {
1002  SCFree(ssl_state->curr_connp->sni);
1003  ssl_state->curr_connp->sni = NULL;
1004  return -1;
1005  }
1006  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
1007 
1008  input += sni_len;
1009 
1010  return (int)(input - initial_input);
1011 
1012 invalid_length:
1013  SCLogDebug("TLS handshake invalid length");
1014  SSLSetEvent(ssl_state,
1015  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1016 
1017 
1018  return -1;
1019 }
1020 
1021 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
1022  const uint8_t * const initial_input,
1023  const uint32_t input_len)
1024 {
1025  const uint8_t *input = initial_input;
1026 
1027  /* Empty extension */
1028  if (input_len == 0)
1029  return 0;
1030 
1031  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1032  if (!(HAS_SPACE(1)))
1033  goto invalid_length;
1034 
1035  uint8_t supported_ver_len = *input;
1036  input += 1;
1037 
1038  if (supported_ver_len < 2)
1039  goto invalid_length;
1040 
1041  if (!(HAS_SPACE(supported_ver_len)))
1042  goto invalid_length;
1043 
1044  /* Use the first (and preferred) valid version as client version,
1045  * skip over GREASE and other possible noise. */
1046  uint16_t i = 0;
1047  while (i + 1 < (uint16_t)supported_ver_len) {
1048  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1049  if (TLSVersionValid(ver)) {
1050  ssl_state->curr_connp->version = ver;
1051  if (ssl_state->curr_connp->ja4 != NULL &&
1052  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1053  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, ver);
1054  }
1055  break;
1056  }
1057  i += 2;
1058  }
1059 
1060  /* Set a flag to indicate that we have seen this extension */
1061  ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;
1062 
1063  input += supported_ver_len;
1064  }
1065  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1066  if (!(HAS_SPACE(2)))
1067  goto invalid_length;
1068 
1069  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1070 
1071  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1072  (ver > TLS_VERSION_12)) {
1073  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1074  }
1075 
1076  ssl_state->curr_connp->version = ver;
1077  input += 2;
1078  }
1079 
1080  return (int)(input - initial_input);
1081 
1082 invalid_length:
1083  SCLogDebug("TLS handshake invalid length");
1084  SSLSetEvent(ssl_state,
1085  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1086 
1087  return -1;
1088 }
1089 
1090 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1091  const uint8_t * const initial_input,
1092  const uint32_t input_len,
1093  JA3Buffer *ja3_elliptic_curves)
1094 {
1095  const uint8_t *input = initial_input;
1096 
1097  /* Empty extension */
1098  if (input_len == 0)
1099  return 0;
1100 
1101  if (!(HAS_SPACE(2)))
1102  goto invalid_length;
1103 
1104  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1105  input += 2;
1106 
1107  if (!(HAS_SPACE(elliptic_curves_len)))
1108  goto invalid_length;
1109 
1110  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves) {
1111  uint16_t ec_processed_len = 0;
1112  /* coverity[tainted_data] */
1113  while (ec_processed_len < elliptic_curves_len)
1114  {
1115  if (!(HAS_SPACE(2)))
1116  goto invalid_length;
1117 
1118  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1119  input += 2;
1120 
1121  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1122  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1123  elliptic_curve);
1124  if (rc != 0)
1125  return -1;
1126  }
1127 
1128  ec_processed_len += 2;
1129  }
1130 
1131  } else {
1132  /* Skip elliptic curves */
1133  input += elliptic_curves_len;
1134  }
1135 
1136  return (int)(input - initial_input);
1137 
1138 invalid_length:
1139  SCLogDebug("TLS handshake invalid length");
1140  SSLSetEvent(ssl_state,
1141  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1142 
1143  return -1;
1144 }
1145 
1146 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1147  const uint8_t * const initial_input,
1148  const uint32_t input_len,
1149  JA3Buffer *ja3_elliptic_curves_pf)
1150 {
1151  const uint8_t *input = initial_input;
1152 
1153  /* Empty extension */
1154  if (input_len == 0)
1155  return 0;
1156 
1157  if (!(HAS_SPACE(1)))
1158  goto invalid_length;
1159 
1160  uint8_t ec_pf_len = *input;
1161  input += 1;
1162 
1163  if (!(HAS_SPACE(ec_pf_len)))
1164  goto invalid_length;
1165 
1166  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves_pf) {
1167  uint8_t ec_pf_processed_len = 0;
1168  /* coverity[tainted_data] */
1169  while (ec_pf_processed_len < ec_pf_len)
1170  {
1171  uint8_t elliptic_curve_pf = *input;
1172  input += 1;
1173 
1174  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1175  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1176  elliptic_curve_pf);
1177  if (rc != 0)
1178  return -1;
1179  }
1180 
1181  ec_pf_processed_len += 1;
1182  }
1183 
1184  } else {
1185  /* Skip elliptic curve point formats */
1186  input += ec_pf_len;
1187  }
1188 
1189  return (int)(input - initial_input);
1190 
1191 invalid_length:
1192  SCLogDebug("TLS handshake invalid length");
1193  SSLSetEvent(ssl_state,
1194  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1195 
1196  return -1;
1197 }
1198 
1199 static inline int TLSDecodeHSHelloExtensionSigAlgorithms(
1200  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1201 {
1202  const uint8_t *input = initial_input;
1203 
1204  /* Empty extension */
1205  if (input_len == 0)
1206  return 0;
1207 
1208  if (!(HAS_SPACE(2)))
1209  goto invalid_length;
1210 
1211  uint16_t sigalgo_len = (uint16_t)(*input << 8) | *(input + 1);
1212  input += 2;
1213 
1214  /* Signature algorithms length should always be divisible by 2 */
1215  if ((sigalgo_len % 2) != 0) {
1216  goto invalid_length;
1217  }
1218 
1219  if (!(HAS_SPACE(sigalgo_len)))
1220  goto invalid_length;
1221 
1222  if (ssl_state->curr_connp->ja4 != NULL &&
1223  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1224  uint16_t sigalgo_processed_len = 0;
1225  while (sigalgo_processed_len < sigalgo_len) {
1226  uint16_t sigalgo = (uint16_t)(*input << 8) | *(input + 1);
1227  input += 2;
1228  sigalgo_processed_len += 2;
1229 
1230  SCJA4AddSigAlgo(ssl_state->curr_connp->ja4, sigalgo);
1231  }
1232  } else {
1233  /* Skip signature algorithms */
1234  input += sigalgo_len;
1235  }
1236 
1237  return (int)(input - initial_input);
1238 
1239 invalid_length:
1240  SCLogDebug("Signature algorithm list invalid length");
1241  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1242 
1243  return -1;
1244 }
1245 
1246 static void StoreALPN(SSLStateConnp *connp, const uint8_t *alpn, const uint32_t size)
1247 {
1248  if (size > 0) {
1249  SSLAlpns *a = SCCalloc(1, sizeof(*a) + size);
1250  if (a != NULL) {
1251  memcpy(a->alpn, alpn, size);
1252  a->size = size;
1253  TAILQ_INSERT_TAIL(&connp->alpns, a, next);
1254  }
1255  }
1256 }
1257 
1258 static inline int TLSDecodeHSHelloExtensionALPN(
1259  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1260 {
1261  const uint8_t *input = initial_input;
1262 
1263  /* Empty extension */
1264  if (input_len == 0)
1265  return 0;
1266 
1267  if (!(HAS_SPACE(2)))
1268  goto invalid_length;
1269 
1270  uint16_t alpn_len = (uint16_t)(*input << 8) | *(input + 1);
1271  input += 2;
1272 
1273  if (!(HAS_SPACE(alpn_len)))
1274  goto invalid_length;
1275 
1276  /* We use 32 bits here to avoid potentially overflowing a value that
1277  needs to be compared to an unsigned 16-bit value. */
1278  uint32_t alpn_processed_len = 0;
1279  while (alpn_processed_len < alpn_len) {
1280  uint8_t protolen = *input;
1281  input += 1;
1282  alpn_processed_len += 1;
1283 
1284  if (!(HAS_SPACE(protolen)))
1285  goto invalid_length;
1286 
1287  /* Check if reading another protolen bytes would exceed the
1288  overall ALPN length; if so, skip and continue */
1289  if (alpn_processed_len + protolen > ((uint32_t)alpn_len)) {
1290  input += alpn_len - alpn_processed_len;
1291  break;
1292  }
1293 
1294  /* Only record the first value for JA4 */
1295  if (ssl_state->curr_connp->ja4 != NULL &&
1296  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1297  if (alpn_processed_len == 1) {
1298  SCJA4SetALPN(ssl_state->curr_connp->ja4, (const char *)input, protolen);
1299  }
1300  }
1301  StoreALPN(ssl_state->curr_connp, input, protolen);
1302 
1303  alpn_processed_len += protolen;
1304  input += protolen;
1305  }
1306 
1307  return (int)(input - initial_input);
1308 
1309 invalid_length:
1310  SCLogDebug("ALPN list invalid length");
1311  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1312 
1313  return -1;
1314 }
1315 
1316 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1317  const uint8_t * const initial_input,
1318  const uint32_t input_len)
1319 {
1320  const uint8_t *input = initial_input;
1321 
1322  int ret;
1323  int rc;
1324  // if ja3_hash is already computed, do not use new hello to augment ja3_str
1325  const bool ja3 =
1326  (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1) && ssl_state->curr_connp->ja3_hash == NULL;
1327 
1328  JA3Buffer *ja3_extensions = NULL;
1329  JA3Buffer *ja3_elliptic_curves = NULL;
1330  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1331 
1332  if (ja3) {
1333  ja3_extensions = Ja3BufferInit();
1334  if (ja3_extensions == NULL)
1335  goto error;
1336 
1337  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1338  ja3_elliptic_curves = Ja3BufferInit();
1339  if (ja3_elliptic_curves == NULL)
1340  goto error;
1341 
1342  ja3_elliptic_curves_pf = Ja3BufferInit();
1343  if (ja3_elliptic_curves_pf == NULL)
1344  goto error;
1345  }
1346  }
1347 
1348  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1349  if (!(HAS_SPACE(2)))
1350  goto end;
1351 
1352  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1353  input += 2;
1354 
1355  if (!(HAS_SPACE(extensions_len)))
1356  goto invalid_length;
1357 
1358  uint16_t processed_len = 0;
1359  /* coverity[tainted_data] */
1360  while (processed_len < extensions_len)
1361  {
1362  if (!(HAS_SPACE(2)))
1363  goto invalid_length;
1364 
1365  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1366  input += 2;
1367 
1368  if (!(HAS_SPACE(2)))
1369  goto invalid_length;
1370 
1371  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1372  input += 2;
1373 
1374  if (!(HAS_SPACE(ext_len)))
1375  goto invalid_length;
1376 
1377  switch (ext_type) {
1378  case SSL_EXTENSION_SNI:
1379  {
1380  /* coverity[tainted_data] */
1381  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1382  ext_len);
1383  if (ret < 0)
1384  goto end;
1385 
1386  input += ret;
1387 
1388  break;
1389  }
1390 
1391  case SSL_EXTENSION_ELLIPTIC_CURVES:
1392  {
1393  /* coverity[tainted_data] */
1394  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1395  ext_len,
1396  ja3_elliptic_curves);
1397  if (ret < 0)
1398  goto end;
1399 
1400  input += ret;
1401 
1402  break;
1403  }
1404 
1405  case SSL_EXTENSION_EC_POINT_FORMATS:
1406  {
1407  /* coverity[tainted_data] */
1408  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1409  ext_len,
1410  ja3_elliptic_curves_pf);
1411  if (ret < 0)
1412  goto end;
1413 
1414  input += ret;
1415 
1416  break;
1417  }
1418 
1419  case SSL_EXTENSION_SIGNATURE_ALGORITHMS: {
1420  /* coverity[tainted_data] */
1421  ret = TLSDecodeHSHelloExtensionSigAlgorithms(ssl_state, input, ext_len);
1422  if (ret < 0)
1423  goto end;
1424 
1425  input += ret;
1426 
1427  break;
1428  }
1429 
1430  case SSL_EXTENSION_ALPN: {
1431  /* coverity[tainted_data] */
1432  ret = TLSDecodeHSHelloExtensionALPN(ssl_state, input, ext_len);
1433  if (ret < 0)
1434  goto end;
1435 
1436  input += ext_len;
1437 
1438  break;
1439  }
1440 
1441  case SSL_EXTENSION_EARLY_DATA:
1442  {
1443  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1444  /* Used by 0-RTT to indicate that encrypted data will
1445  be sent right after the ClientHello record. */
1446  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1447  }
1448 
1449  input += ext_len;
1450 
1451  break;
1452  }
1453 
1454  case SSL_EXTENSION_SUPPORTED_VERSIONS:
1455  {
1456  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1457  ext_len);
1458  if (ret < 0)
1459  goto end;
1460 
1461  input += ret;
1462 
1463  break;
1464  }
1465 
1466  case SSL_EXTENSION_SESSION_TICKET:
1467  {
1468  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1469  /* This has to be verified later on by checking if a
1470  certificate record has been sent by the server. */
1471  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1472  }
1473 
1474  input += ext_len;
1475 
1476  break;
1477  }
1478 
1479  default:
1480  {
1481  input += ext_len;
1482  break;
1483  }
1484  }
1485 
1486  if (ja3) {
1487  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1488  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1489  if (rc != 0)
1490  goto error;
1491  }
1492  }
1493 
1494  if (ssl_state->curr_connp->ja4 != NULL &&
1495  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1496  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1497  SCJA4AddExtension(ssl_state->curr_connp->ja4, ext_type);
1498  }
1499  }
1500 
1501  processed_len += ext_len + 4;
1502  }
1503 
1504 end:
1505  if (ja3) {
1506  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1507  &ja3_extensions);
1508  if (rc == -1)
1509  goto error;
1510 
1511  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1512  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1513  &ja3_elliptic_curves);
1514  if (rc == -1)
1515  goto error;
1516 
1517  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1518  &ja3_elliptic_curves_pf);
1519  if (rc == -1)
1520  goto error;
1521  }
1522  }
1523 
1524  return (int)(input - initial_input);
1525 
1526 invalid_length:
1527  SCLogDebug("TLS handshake invalid length");
1528  SSLSetEvent(ssl_state,
1529  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1530 
1531 error:
1532  if (ja3_extensions != NULL)
1533  Ja3BufferFree(&ja3_extensions);
1534  if (ja3_elliptic_curves != NULL)
1535  Ja3BufferFree(&ja3_elliptic_curves);
1536  if (ja3_elliptic_curves_pf != NULL)
1537  Ja3BufferFree(&ja3_elliptic_curves_pf);
1538 
1539  return -1;
1540 }
1541 
1542 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1543  const uint8_t * const input,
1544  const uint32_t input_len)
1545 {
1546  int ret;
1547  uint32_t parsed = 0;
1548 
1549  /* Ensure that we have a JA4 state defined by now if we have JA4 enabled,
1550  we are in a client hello and we don't have such a state yet (to avoid
1551  leaking memory in case this function is entered more than once). */
1552  if (SC_ATOMIC_GET(ssl_config.enable_ja4) &&
1553  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO &&
1554  ssl_state->curr_connp->ja4 == NULL) {
1555  ssl_state->curr_connp->ja4 = SCJA4New();
1556  }
1557 
1558  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1559  if (ret < 0)
1560  goto end;
1561 
1562  parsed += ret;
1563 
1564  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1565  if (ret < 0)
1566  goto end;
1567 
1568  parsed += ret;
1569 
1570  /* The session id field in the server hello record was removed in
1571  TLSv1.3 draft1, but was readded in draft22. */
1572  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1573  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1574  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1575  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1576  input_len - parsed);
1577  if (ret < 0)
1578  goto end;
1579 
1580  parsed += ret;
1581  }
1582 
1583  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1584  input_len - parsed);
1585  if (ret < 0)
1586  goto end;
1587 
1588  parsed += ret;
1589 
1590  /* The compression methods field in the server hello record was
1591  removed in TLSv1.3 draft1, but was readded in draft22. */
1592  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1593  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1594  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1595  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1596  input_len - parsed);
1597  if (ret < 0)
1598  goto end;
1599 
1600  parsed += ret;
1601  }
1602 
1603  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1604  input_len - parsed);
1605  if (ret < 0)
1606  goto end;
1607 
1608  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1609  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1610  }
1611 
1612 end:
1613  return 0;
1614 }
1615 
1616 #ifdef DEBUG_VALIDATION
1617 static inline bool
1618 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1619 {
1620  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1621  curr_connp->bytes_processed);
1622 }
1623 #endif
1624 
1625 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1626  const uint8_t *const initial_input, const uint32_t input_len)
1627 {
1628  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1629  SCLogDebug("rc %d", rc);
1630  if (rc > 0) {
1631  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1632  SSLParserHSReset(connp);
1633  } else if (rc < 0) {
1634  SCLogDebug("error parsing cert, reset state");
1635  SSLParserHSReset(connp);
1636  /* fall through to still consume the cert bytes */
1637  }
1638  return input_len;
1639 }
1640 
1641 static int SupportedHandshakeType(const uint8_t type)
1642 {
1643  switch (type) {
1644  case SSLV3_HS_CLIENT_HELLO:
1645  case SSLV3_HS_SERVER_HELLO:
1646  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1647  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1648  case SSLV3_HS_CERTIFICATE:
1649  case SSLV3_HS_HELLO_REQUEST:
1650  case SSLV3_HS_CERTIFICATE_REQUEST:
1651  case SSLV3_HS_CERTIFICATE_VERIFY:
1652  case SSLV3_HS_FINISHED:
1653  case SSLV3_HS_CERTIFICATE_URL:
1654  case SSLV3_HS_CERTIFICATE_STATUS:
1655  case SSLV3_HS_NEW_SESSION_TICKET:
1656  case SSLV3_HS_SERVER_HELLO_DONE:
1657  return true;
1658  break;
1659 
1660  default:
1661  return false;
1662  break;
1663  }
1664 }
1665 
1666 /**
1667  * \retval parsed number of consumed bytes
1668  * \retval < 0 error
1669  */
1670 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1671  uint32_t input_len, uint8_t direction)
1672 {
1673  const uint8_t *initial_input = input;
1674  int rc;
1675 
1676  if (input_len == 0) {
1677  return 0;
1678  }
1679  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1680 
1681  switch (ssl_state->curr_connp->handshake_type) {
1682  case SSLV3_HS_CLIENT_HELLO:
1683  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
1684 
1685  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1686  if (rc < 0)
1687  return rc;
1688  break;
1689 
1690  case SSLV3_HS_SERVER_HELLO:
1691  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
1692 
1693  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1694  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1695  if (rc < 0)
1696  return rc;
1697  break;
1698 
1699  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1700  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_KEYX;
1701  break;
1702 
1703  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1704  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
1705  break;
1706 
1707  case SSLV3_HS_CERTIFICATE:
1708 
1709  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1710  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1711  input_len);
1712  if (rc < 0)
1713  return rc;
1714  break;
1715 
1716  case SSLV3_HS_HELLO_REQUEST:
1717  break;
1718  case SSLV3_HS_CERTIFICATE_REQUEST:
1719  if (direction) {
1720  ssl_state->current_flags = SSL_AL_FLAG_NEED_CLIENT_CERT;
1721  }
1722  break;
1723  case SSLV3_HS_CERTIFICATE_VERIFY:
1724  case SSLV3_HS_FINISHED:
1725  case SSLV3_HS_CERTIFICATE_URL:
1726  case SSLV3_HS_CERTIFICATE_STATUS:
1727  break;
1728  case SSLV3_HS_NEW_SESSION_TICKET:
1729  SCLogDebug("new session ticket");
1730  break;
1731  case SSLV3_HS_SERVER_HELLO_DONE:
1732  break;
1733  default:
1734  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1735  return -1;
1736  }
1737 
1738  ssl_state->flags |= ssl_state->current_flags;
1739 
1740  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1741  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1742 
1743  return input_len;
1744 }
1745 
1746 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1747  uint32_t input_len, uint8_t direction)
1748 {
1749  const uint8_t *initial_input = input;
1750 
1751  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1752  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1753  SCReturnInt(0);
1754  }
1755 
1756  while (input_len) {
1757  SCLogDebug("input_len %u", input_len);
1758 
1759  if (ssl_state->curr_connp->hs_buffer != NULL) {
1760  SCLogDebug("partial handshake record in place");
1761  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1762  ssl_state->curr_connp->hs_buffer_offset;
1763  const uint32_t add = MIN(need, input_len);
1764 
1765  /* grow buffer to next multiple of 4k that fits all data we have */
1766  if (ssl_state->curr_connp->hs_buffer_offset + add >
1767  ssl_state->curr_connp->hs_buffer_size) {
1768  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1769  const uint32_t new_size = avail + (4096 - (avail % 4096));
1770  SCLogDebug("new_size %u, avail %u", new_size, avail);
1771  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1772  if (ptr == NULL)
1773  return -1;
1774  ssl_state->curr_connp->hs_buffer = ptr;
1775  ssl_state->curr_connp->hs_buffer_size = new_size;
1776  }
1777 
1778  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1779  "ssl_state->curr_connp->hs_buffer_size %u",
1780  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1781  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1782 
1783  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1784  ssl_state->curr_connp->hs_buffer_offset,
1785  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1786  SCLogDebug("copy failed");
1787  return -1;
1788  }
1789  ssl_state->curr_connp->hs_buffer_offset += add;
1790 
1791  if (ssl_state->curr_connp->hs_buffer_message_size <=
1792  ssl_state->curr_connp->hs_buffer_offset) {
1793  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->hs_buffer_message_size !=
1794  ssl_state->curr_connp->hs_buffer_offset);
1795 
1796  ssl_state->curr_connp->handshake_type =
1797  ssl_state->curr_connp->hs_buffer_message_type;
1798  ssl_state->curr_connp->message_length =
1799  ssl_state->curr_connp->hs_buffer_message_size;
1800 
1801  SCLogDebug("got all data now: handshake_type %u message_length %u",
1802  ssl_state->curr_connp->handshake_type,
1803  ssl_state->curr_connp->message_length);
1804 
1805  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1806  ssl_state->curr_connp->hs_buffer_offset, direction);
1807  if (retval < 0) {
1808  SSLParserHSReset(ssl_state->curr_connp);
1809  return (retval);
1810  }
1811  SCLogDebug("retval %d", retval);
1812 
1813  /* data processed, reset buffer */
1814  SCFree(ssl_state->curr_connp->hs_buffer);
1815  ssl_state->curr_connp->hs_buffer = NULL;
1816  ssl_state->curr_connp->hs_buffer_size = 0;
1817  ssl_state->curr_connp->hs_buffer_message_size = 0;
1818  ssl_state->curr_connp->hs_buffer_message_type = 0;
1819  ssl_state->curr_connp->hs_buffer_offset = 0;
1820  } else {
1821  SCLogDebug("partial data");
1822  }
1823 
1824  input += add;
1825  input_len -= add;
1826  SCLogDebug("input_len %u", input_len);
1827  SSLParserHSReset(ssl_state->curr_connp);
1828  continue;
1829  }
1830 
1831  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1832  SCLogDebug("input %p input_len %u", input, input_len);
1833 
1834  if (input_len < 4) {
1835  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1836  SCReturnInt(-1);
1837  }
1838 
1839  ssl_state->curr_connp->handshake_type = input[0];
1840  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1841  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1842  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1843  input_len);
1844  input += 4;
1845  input_len -= 4;
1846 
1847  const uint32_t record_len = ssl_state->curr_connp->message_length;
1848  /* see if we support this type. We check here to not use the fragment
1849  * handling on things we don't support. */
1850  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1851  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1852  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1853  if (!supported_type) {
1854  uint32_t avail_record_len = MIN(input_len, record_len);
1855  input += avail_record_len;
1856  input_len -= avail_record_len;
1857 
1858  SSLParserHSReset(ssl_state->curr_connp);
1859 
1860  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1861  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1862  // after Change Cipher Spec we get Encrypted Handshake Messages
1863  } else {
1864  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
1865  }
1866  continue;
1867  }
1868 
1869  /* if the message length exceeds our input_len, we have a tls fragment. */
1870  if (record_len > input_len) {
1871  const uint32_t avail = input_len;
1872  const uint32_t size = avail + (4096 - (avail % 4096));
1873  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1874  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1875  if (ssl_state->curr_connp->hs_buffer == NULL) {
1876  return -1;
1877  }
1878  ssl_state->curr_connp->hs_buffer_size = size;
1879  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1880  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1881 
1882  if (input_len > 0) {
1883  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1884  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1885  input_len) != 0) {
1886  return -1;
1887  }
1888  ssl_state->curr_connp->hs_buffer_offset = input_len;
1889  }
1890  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1891  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1892  ssl_state->curr_connp->hs_buffer_offset,
1893  ssl_state->curr_connp->hs_buffer_message_type,
1894  ssl_state->curr_connp->hs_buffer_message_size);
1895  input += input_len;
1896  SSLParserHSReset(ssl_state->curr_connp);
1897  return (int)(input - initial_input);
1898 
1899  } else {
1900  /* full record, parse it now */
1901  int retval = SSLv3ParseHandshakeType(
1902  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1903  if (retval < 0 || retval > (int)input_len) {
1904  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1905  return (retval);
1906  }
1907  SCLogDebug("retval %d input_len %u", retval, input_len);
1908  input += retval;
1909  input_len -= retval;
1910 
1911  SSLParserHSReset(ssl_state->curr_connp);
1912  }
1913  SCLogDebug("input_len left %u", input_len);
1914  }
1915  return (int)(input - initial_input);
1916 }
1917 
1918 /**
1919  * \internal
1920  * \brief TLS Heartbeat parser (see RFC 6520)
1921  *
1922  * \param sslstate Pointer to the SSL state.
1923  * \param input Pointer to the received input data.
1924  * \param input_len Length in bytes of the received data.
1925  * \param direction 1 toclient, 0 toserver
1926  *
1927  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1928  */
1929 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1930  uint32_t input_len, uint8_t direction)
1931 {
1932  uint8_t hb_type;
1933  uint16_t payload_len;
1934  uint32_t padding_len;
1935 
1936  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1937  if (input_len < 3) {
1938  return 0;
1939  }
1940 
1941  hb_type = *input++;
1942 
1943  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1944  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1945  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1946  return -1;
1947  }
1948  }
1949 
1950  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1951  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1952 
1953  if (direction) {
1954  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1955  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1956  } else {
1957  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1958  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1959  }
1960 
1961  /* if we reach this point, then we can assume that the HB request
1962  is encrypted. If so, let's set the HB record length */
1963  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1964  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1965  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1966  ssl_state->hb_record_len);
1967  return (ssl_state->curr_connp->record_length - 3);
1968  }
1969 
1970  payload_len = (uint16_t)(*input << 8) | *(input + 1);
1971 
1972  /* check that the requested payload length is really present in
1973  the record (CVE-2014-0160) */
1974  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
1975  SCLogDebug("We have a short record in HeartBeat Request");
1976  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT);
1977  return -1;
1978  }
1979 
1980  /* check the padding length. It must be at least 16 bytes
1981  (RFC 6520, section 4) */
1982  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
1983  if (padding_len < 16) {
1984  SCLogDebug("We have a short record in HeartBeat Request");
1985  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1986  return -1;
1987  }
1988 
1989  /* we don't have the payload */
1990  if (input_len < payload_len + padding_len) {
1991  return 0;
1992  }
1993 
1994  /* OpenSSL still seems to discard multiple in-flight
1995  heartbeats although some tools send multiple at once */
1996  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1997  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
1998  SCLogDebug("Multiple in-flight server initiated HeartBeats");
1999  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2000  return -1;
2001 
2002  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
2003  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
2004  SCLogDebug("Multiple in-flight client initiated HeartBeats");
2005  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2006  return -1;
2007 
2008  } else {
2009  /* we have a HB record in the opposite direction of the request,
2010  let's reset our flags */
2011  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
2012  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
2013  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
2014 
2015  /* if we reach this point, then we can assume that the HB request
2016  is encrypted. If so, let's set the HB record length */
2017  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2018  /* check to see if the encrypted response is longer than the
2019  encrypted request */
2020  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
2021  ssl_state->curr_connp->record_length) {
2022  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
2023  ssl_state->hb_record_len);
2024  SSLSetEvent(ssl_state,
2025  TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH);
2026  ssl_state->hb_record_len = 0;
2027  return -1;
2028  }
2029  }
2030 
2031  /* reset the HB record length in case we have a legit HB followed
2032  by a bad one */
2033  ssl_state->hb_record_len = 0;
2034  }
2035 
2036  /* skip the HeartBeat, 3 bytes were already parsed,
2037  e.g |18 03 02| for TLS 1.2 */
2038  return (ssl_state->curr_connp->record_length - 3);
2039 }
2040 
2041 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
2042  const uint8_t *input, uint32_t input_len)
2043 {
2044  const uint8_t *initial_input = input;
2045 
2046  if (input_len == 0) {
2047  return 0;
2048  }
2049 
2050  uint8_t skip_version = 0;
2051 
2052  /* Only set SSL/TLS version here if it has not already been set in
2053  client/server hello. */
2054  if (direction == 0) {
2055  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2056  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
2057  skip_version = 1;
2058  }
2059  } else {
2060  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
2061  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
2062  skip_version = 1;
2063  }
2064  }
2065 
2066  switch (ssl_state->curr_connp->bytes_processed) {
2067  case 0:
2068  if (input_len >= 5) {
2069  ssl_state->curr_connp->content_type = input[0];
2070  if (!skip_version) {
2071  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
2072  }
2073  ssl_state->curr_connp->record_length = input[3] << 8;
2074  ssl_state->curr_connp->record_length |= input[4];
2075  ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_HDR_LEN;
2076  return SSLV3_RECORD_HDR_LEN;
2077  } else {
2078  ssl_state->curr_connp->content_type = *(input++);
2079  if (--input_len == 0)
2080  break;
2081  }
2082 
2083  /* fall through */
2084  case 1:
2085  if (!skip_version) {
2086  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
2087  } else {
2088  input++;
2089  }
2090  if (--input_len == 0)
2091  break;
2092 
2093  /* fall through */
2094  case 2:
2095  if (!skip_version) {
2096  ssl_state->curr_connp->version |= *(input++);
2097  } else {
2098  input++;
2099  }
2100  if (--input_len == 0)
2101  break;
2102 
2103  /* fall through */
2104  case 3:
2105  ssl_state->curr_connp->record_length = *(input++) << 8;
2106  if (--input_len == 0)
2107  break;
2108 
2109  /* fall through */
2110  case 4:
2111  ssl_state->curr_connp->record_length |= *(input++);
2112  if (--input_len == 0)
2113  break;
2114 
2115  /* fall through */
2116  }
2117 
2118  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2119 
2120  return (int)(input - initial_input);
2121 }
2122 
2123 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
2124  const uint8_t *input, uint32_t input_len)
2125 {
2126  const uint8_t *initial_input = input;
2127 
2128  if (input_len == 0) {
2129  return 0;
2130  }
2131 
2132  if (ssl_state->curr_connp->record_lengths_length == 2) {
2133  switch (ssl_state->curr_connp->bytes_processed) {
2134  case 0:
2135  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2136  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
2137  ssl_state->curr_connp->content_type = input[2];
2138  ssl_state->curr_connp->version = SSL_VERSION_2;
2139  ssl_state->curr_connp->bytes_processed += 3;
2140  return 3;
2141  } else {
2142  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
2143  if (--input_len == 0)
2144  break;
2145  }
2146 
2147  /* fall through */
2148  case 1:
2149  ssl_state->curr_connp->record_length |= *(input++);
2150  if (--input_len == 0)
2151  break;
2152 
2153  /* fall through */
2154  case 2:
2155  ssl_state->curr_connp->content_type = *(input++);
2156  ssl_state->curr_connp->version = SSL_VERSION_2;
2157  if (--input_len == 0)
2158  break;
2159 
2160  /* fall through */
2161  }
2162 
2163  } else {
2164  switch (ssl_state->curr_connp->bytes_processed) {
2165  case 0:
2166  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2167  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
2168  ssl_state->curr_connp->content_type = input[3];
2169  ssl_state->curr_connp->version = SSL_VERSION_2;
2170  ssl_state->curr_connp->bytes_processed += 4;
2171  return 4;
2172  } else {
2173  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
2174  if (--input_len == 0)
2175  break;
2176  }
2177 
2178  /* fall through */
2179  case 1:
2180  ssl_state->curr_connp->record_length |= *(input++);
2181  if (--input_len == 0)
2182  break;
2183 
2184  /* fall through */
2185  case 2:
2186  /* padding */
2187  input++;
2188  if (--input_len == 0)
2189  break;
2190 
2191  /* fall through */
2192  case 3:
2193  ssl_state->curr_connp->content_type = *(input++);
2194  ssl_state->curr_connp->version = SSL_VERSION_2;
2195  if (--input_len == 0)
2196  break;
2197 
2198  /* fall through */
2199  }
2200  }
2201 
2202  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2203 
2204  return (int)(input - initial_input);
2205 }
2206 
2207 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2208  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2209  const StreamSlice stream_slice)
2210 {
2211  const uint8_t *initial_input = input;
2212 
2213  if (ssl_state->curr_connp->bytes_processed == 0) {
2214  if (input[0] & 0x80) {
2215  ssl_state->curr_connp->record_lengths_length = 2;
2216  } else {
2217  ssl_state->curr_connp->record_lengths_length = 3;
2218  }
2219 
2220  SCLogDebug("record start: ssl2.hdr frame");
2221  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2222  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2223  }
2224 
2225  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2226  "ssl_state->curr_connp->bytes_processed %u",
2227  direction, ssl_state->curr_connp->record_lengths_length + 1,
2228  ssl_state->curr_connp->bytes_processed);
2229  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2230  to read the msg_type */
2231  if (ssl_state->curr_connp->bytes_processed <
2232  (ssl_state->curr_connp->record_lengths_length + 1)) {
2233  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2234  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2235  ssl_state->curr_connp->record_length);
2236  if (retval < 0 || retval > (int)input_len) {
2237  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2238  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2239  return SSL_DECODER_ERROR(-1);
2240  }
2241 
2242  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2243  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2244  direction, TLS_FRAME_SSLV2_PDU);
2245  SCLogDebug("record start: ssl2.pdu frame");
2246 
2247  input += retval;
2248  input_len -= retval;
2249  }
2250 
2251  /* if we don't have the full record, we return incomplete */
2252  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2253  input_len + ssl_state->curr_connp->bytes_processed) {
2254  uint32_t needed = ssl_state->curr_connp->record_length;
2255  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2256  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2257  needed);
2258  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2259  }
2260 
2261  if (input_len == 0) {
2262  return SSL_DECODER_OK((input - initial_input));
2263  }
2264 
2265  /* record_length should never be zero */
2266  if (ssl_state->curr_connp->record_length == 0) {
2267  SCLogDebug("SSLv2 record length is zero");
2268  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2269  return SSL_DECODER_ERROR(-1);
2270  }
2271 
2272  /* record_lengths_length should never be zero */
2273  if (ssl_state->curr_connp->record_lengths_length == 0) {
2274  SCLogDebug("SSLv2 record lengths length is zero");
2275  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2276  return SSL_DECODER_ERROR(-1);
2277  }
2278 
2279  switch (ssl_state->curr_connp->content_type) {
2280  case SSLV2_MT_ERROR:
2281  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2282  "in establishing the sslv2 session, may be version");
2283  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED);
2284 
2285  break;
2286 
2287  case SSLV2_MT_CLIENT_HELLO:
2288  if (input_len < 6) {
2289  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2290  return SSL_DECODER_ERROR(-1);
2291  }
2292 
2293  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2294  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2295 
2296  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2297  SCLogDebug("SSLv2: version %04x", version);
2298  ssl_state->curr_connp->version = version;
2299  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2300  input += 6;
2301  input_len -= 6;
2302  ssl_state->curr_connp->bytes_processed += 6;
2303  if (session_id_length == 0) {
2304  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2305  }
2306  break;
2307 
2308  case SSLV2_MT_CLIENT_MASTER_KEY:
2309  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2310  SCLogDebug("Client hello is not seen before master key "
2311  "message!");
2312  }
2313  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2314 
2315  break;
2316 
2317  case SSLV2_MT_CLIENT_CERTIFICATE:
2318  if (direction == 1) {
2319  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2320  "direction!");
2321  } else {
2322  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2323  }
2324 
2325  /* fall through */
2326  case SSLV2_MT_SERVER_VERIFY:
2327  case SSLV2_MT_SERVER_FINISHED:
2328  if (direction == 0 &&
2329  !(ssl_state->curr_connp->content_type &
2330  SSLV2_MT_CLIENT_CERTIFICATE)) {
2331  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2332  "direction!");
2333  }
2334 
2335  /* fall through */
2336  case SSLV2_MT_CLIENT_FINISHED:
2337  case SSLV2_MT_REQUEST_CERTIFICATE:
2338  /* both client hello and server hello must be seen */
2339  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2340  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2341 
2342  if (direction == 0) {
2343  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2344  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2345  SCLogDebug("SSLv2 client side has started the encryption");
2346  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2347  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2348  SCLogDebug("SSLv2 client side has started the encryption");
2349  }
2350  } else {
2351  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2352  SCLogDebug("SSLv2 Server side has started the encryption");
2353  }
2354 
2355  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2356  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2357  {
2358  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2359  AppLayerParserStateSetFlag(pstate,
2360  APP_LAYER_PARSER_NO_INSPECTION);
2361  }
2362 
2363  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2364  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2365  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2366  }
2367  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2368  }
2369  }
2370 
2371  break;
2372 
2373  case SSLV2_MT_SERVER_HELLO:
2374  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2375  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2376 
2377  break;
2378  }
2379 
2380  ssl_state->flags |= ssl_state->current_flags;
2381 
2382  if (input_len + ssl_state->curr_connp->bytes_processed >=
2383  (ssl_state->curr_connp->record_length +
2384  ssl_state->curr_connp->record_lengths_length)) {
2385 
2386  /* looks like we have another record after this */
2387  uint32_t diff = ssl_state->curr_connp->record_length +
2388  ssl_state->curr_connp->record_lengths_length + -
2389  ssl_state->curr_connp->bytes_processed;
2390  input += diff;
2391  SSLParserReset(ssl_state);
2392 
2393  /* we still don't have the entire record for the one we are
2394  currently parsing */
2395  } else {
2396  input += input_len;
2397  ssl_state->curr_connp->bytes_processed += input_len;
2398  }
2399  return SSL_DECODER_OK((input - initial_input));
2400 }
2401 
2402 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2403  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2404  const StreamSlice stream_slice)
2405 {
2406  uint32_t parsed = 0;
2407  uint32_t record_len; /* slice of input_len for the current record */
2408  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2409 
2410  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2411  const uint16_t prev_version = ssl_state->curr_connp->version;
2412 
2413  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2414  if (retval < 0 || retval > (int)input_len) {
2415  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2416  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2417  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
2418  return SSL_DECODER_ERROR(-1);
2419  }
2420  parsed = retval;
2421 
2422  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2423  input, ssl_state->curr_connp->record_length);
2424 
2425  /* first the hdr frame at our first chance */
2426  if (first_call) {
2427  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2428  direction, TLS_FRAME_HDR);
2429  }
2430 
2431  /* parser is streaming for the initial header, then switches to incomplete
2432  * API: so if we don't have the hdr yet, return consumed bytes and wait
2433  * until we are called again with new data. */
2434  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2435  SCLogDebug(
2436  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2437  return SSL_DECODER_OK(parsed);
2438  }
2439 
2440  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2441  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2442  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2443  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2444  SCLogDebug(
2445  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2446  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2447 
2448  bool unknown_record = false;
2449  switch (ssl_state->curr_connp->content_type) {
2450  case SSLV3_CHANGE_CIPHER_SPEC:
2451  case SSLV3_ALERT_PROTOCOL:
2452  case SSLV3_HANDSHAKE_PROTOCOL:
2453  case SSLV3_APPLICATION_PROTOCOL:
2454  case SSLV3_HEARTBEAT_PROTOCOL:
2455  break;
2456  default:
2457  unknown_record = true;
2458  break;
2459  }
2460 
2461  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2462  * on Wireshark logic. */
2463  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2464  if (unknown_record) {
2465  SCLogDebug("unknown record, ignore it");
2466  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2467 
2468  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2469  ssl_state->curr_connp->content_type = 0;
2470  ssl_state->curr_connp->record_length = 0;
2471  // restore last good version
2472  ssl_state->curr_connp->version = prev_version;
2473  return SSL_DECODER_OK(input_len); // consume everything
2474  }
2475  } else {
2476  if (unknown_record) {
2477  SCLogDebug("unknown record, fatal");
2478  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2479  return SSL_DECODER_ERROR(-1);
2480  }
2481  }
2482 
2483  /* record_length should never be zero */
2484  if (ssl_state->curr_connp->record_length == 0) {
2485  SCLogDebug("SSLv3 Record length is 0");
2486  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2487  return SSL_DECODER_ERROR(-1);
2488  }
2489 
2490  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2491  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2492  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_VERSION);
2493  return SSL_DECODER_ERROR(-1);
2494  }
2495 
2496  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2497  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2498  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2499  return SSL_DECODER_ERROR(-1);
2500  }
2501  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2502  } else {
2503  ValidateRecordState(ssl_state->curr_connp);
2504 
2505  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2506  record_len = MIN(input_len, record_len);
2507  }
2508  SCLogDebug("record length %u processed %u got %u",
2509  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2510 
2511  /* if we don't have the full record, we return incomplete */
2512  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2513  /* no need to use incomplete api buffering for application
2514  * records that we'll not use anyway. */
2515  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2516  SCLogDebug("application record");
2517  } else {
2518  uint32_t needed = ssl_state->curr_connp->record_length;
2519  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2520  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2521  DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
2522  return SSL_DECODER_INCOMPLETE(parsed, needed);
2523  }
2524  }
2525 
2526  if (record_len == 0) {
2527  return SSL_DECODER_OK(parsed);
2528  }
2529 
2530  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2531  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2532 
2533  switch (ssl_state->curr_connp->content_type) {
2534  /* we don't need any data from these types */
2535  case SSLV3_CHANGE_CIPHER_SPEC:
2536  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2537 
2538  if (direction) {
2539  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2540  } else {
2541  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2542  }
2543  break;
2544 
2545  case SSLV3_ALERT_PROTOCOL:
2546  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2547  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2548  break;
2549 
2550  case SSLV3_APPLICATION_PROTOCOL:
2551  /* In TLSv1.3 early data (0-RTT) could be sent before the
2552  handshake is complete (rfc8446, section 2.3). We should
2553  therefore not mark the handshake as done before we have
2554  seen the ServerHello record. */
2555  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2556  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2557  break;
2558 
2559  /* if we see (encrypted) application data, then this means the
2560  handshake must be done */
2561  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2562 
2563  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2564  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2565  AppLayerParserStateSetFlag(pstate,
2566  APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD);
2567  }
2568 
2569  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2570  * heartbeat lke inspection to be able to be able to bypass the flow */
2571  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2572  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2573  AppLayerParserStateSetFlag(pstate,
2574  APP_LAYER_PARSER_NO_REASSEMBLY);
2575  AppLayerParserStateSetFlag(pstate,
2576  APP_LAYER_PARSER_NO_INSPECTION);
2577  AppLayerParserStateSetFlag(pstate,
2578  APP_LAYER_PARSER_BYPASS_READY);
2579  }
2580  break;
2581 
2582  case SSLV3_HANDSHAKE_PROTOCOL: {
2583  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2584  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2585  compatibility (rfc8446, appendix D.4). */
2586  // Client hello flags is needed to have a valid version
2587  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2588  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2589  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2590  /* do nothing */
2591  } else {
2592  // if we started parsing this, we must stop
2593  break;
2594  }
2595  }
2596 
2597  if (ssl_state->curr_connp->record_length < 4) {
2598  SSLParserReset(ssl_state);
2599  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2600  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2601  return SSL_DECODER_ERROR(-1);
2602  }
2603 
2604  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2605  record_len, direction);
2606  SCLogDebug("retval %d", retval);
2607  if (retval < 0 || retval > (int)record_len) {
2608  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2609  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
2610  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2611  return SSL_DECODER_ERROR(-1);
2612  }
2613  ValidateRecordState(ssl_state->curr_connp);
2614  break;
2615  }
2616  case SSLV3_HEARTBEAT_PROTOCOL: {
2617  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2618  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2619  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2620  record_len, direction);
2621  if (retval < 0) {
2622  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2623  return SSL_DECODER_ERROR(-1);
2624  }
2625  break;
2626  }
2627  default:
2628  // should be unreachable now that we check after header parsing
2629  DEBUG_VALIDATE_BUG_ON(1);
2630  SCLogDebug("unsupported record type");
2631  return SSL_DECODER_ERROR(-1);
2632  }
2633 
2634  parsed += record_len;
2635  ssl_state->curr_connp->bytes_processed += record_len;
2636 
2637  if (ssl_state->curr_connp->bytes_processed >=
2638  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2639  SCLogDebug("record complete, trigger RAW");
2640  AppLayerParserTriggerRawStreamReassembly(
2641  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2642  SSLParserReset(ssl_state);
2643  ValidateRecordState(ssl_state->curr_connp);
2644  return SSL_DECODER_OK(parsed);
2645 
2646  } else {
2647  /* we still don't have the entire record for the one we are
2648  currently parsing */
2649  ValidateRecordState(ssl_state->curr_connp);
2650  return SSL_DECODER_OK(parsed);
2651  }
2652 }
2653 
2654 /**
2655  * \internal
2656  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2657  *
2658  * On parsing error, this should be the only function that should reset
2659  * the parser state, to avoid multiple functions in the chain resetting
2660  * the parser state.
2661  *
2662  * \param direction 0 for toserver, 1 for toclient.
2663  * \param alstate Pointer to the state.
2664  * \param pstate Application layer parser state for this session.
2665  * \param output Pointer to the list of parsed output elements.
2666  *
2667  * \todo On reaching an inconsistent state, check if the input has
2668  * another new record, instead of just returning after the reset
2669  *
2670  * \retval >=0 On success.
2671  */
2672 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2673  AppLayerParserState *pstate, StreamSlice stream_slice)
2674 {
2675  SSLState *ssl_state = (SSLState *)alstate;
2676  uint32_t counter = 0;
2677  ssl_state->f = f;
2678  const uint8_t *input = StreamSliceGetData(&stream_slice);
2679  const uint8_t *init_input = input;
2680  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2681 
2682  if (input == NULL &&
2683  ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2684  (direction == 1 &&
2685  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
2686  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2687  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2688  SCReturnStruct(APP_LAYER_OK);
2689  } else if (input == NULL || input_len == 0) {
2690  SCReturnStruct(APP_LAYER_ERROR);
2691  }
2692 
2693  if (direction == 0)
2694  ssl_state->curr_connp = &ssl_state->client_connp;
2695  else
2696  ssl_state->curr_connp = &ssl_state->server_connp;
2697 
2698  /* If entering on a new record, reset the current flags. */
2699  if (ssl_state->curr_connp->bytes_processed == 0) {
2700  ssl_state->current_flags = 0;
2701  }
2702 
2703  /* if we have more than one record */
2704  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2705  while (input_len > 0) {
2706  if (counter > max_records) {
2707  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2708  "and get out of here");
2709  SSLParserReset(ssl_state);
2710  SSLSetEvent(ssl_state,
2711  TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET);
2712  return APP_LAYER_ERROR;
2713  }
2714 
2715  /* ssl_state->bytes_processed is zero for a fresh record or
2716  positive to indicate a record currently being parsed */
2717 
2718  if (ssl_state->curr_connp->bytes_processed == 0) {
2719  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2720  /* only SSLv2, has one of the top 2 bits set */
2721  ssl_state->curr_connp->version = SSL_VERSION_2;
2722  SCLogDebug("SSLv2 detected");
2723  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2724  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2725  SCLogDebug("SSL/TLS version reset");
2726  }
2727  }
2728  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2729  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2730 
2731  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2732  if (ssl_state->curr_connp->bytes_processed == 0) {
2733  SCLogDebug("New SSLv2 record parsing");
2734  } else {
2735  SCLogDebug("Continuing parsing SSLv2 record");
2736  }
2737  struct SSLDecoderResult r =
2738  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2739  if (r.retval < 0 || r.retval > input_len) {
2740  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2741  SCLogDebug("Error parsing SSLv2. Resetting parser "
2742  "state. Let's get outta here");
2743  SSLParserReset(ssl_state);
2744  SSLSetEvent(ssl_state,
2745  TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2746  return APP_LAYER_ERROR;
2747  } else if (r.needed) {
2748  input += r.retval;
2749  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2750  (uintmax_t)(input - init_input), r.needed);
2751  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2752  }
2753  input_len -= r.retval;
2754  input += r.retval;
2755  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2756  } else {
2757  if (ssl_state->curr_connp->bytes_processed == 0) {
2758  SCLogDebug("New TLS record: record_length %u",
2759  ssl_state->curr_connp->record_length);
2760  } else {
2761  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2762  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2763  }
2764  struct SSLDecoderResult r =
2765  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2766  if (r.retval < 0 || r.retval > input_len) {
2767  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2768  SCLogDebug("Error parsing TLS. Resetting parser "
2769  "state. Let's get outta here");
2770  SSLParserReset(ssl_state);
2771  return APP_LAYER_ERROR;
2772  } else if (r.needed) {
2773  input += r.retval;
2774  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2775  (uintmax_t)(input - init_input), r.needed);
2776  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2777  }
2778  input_len -= r.retval;
2779  input += r.retval;
2780  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2781 
2782  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
2783  && ssl_state->curr_connp->record_length == 0) {
2784  SCLogDebug("TLS empty record");
2785  /* empty record */
2786  SSLParserReset(ssl_state);
2787  }
2788  }
2789  counter++;
2790  } /* while (input_len) */
2791 
2792  /* mark handshake as done if we have subject and issuer */
2793  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2794  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2795  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2796  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2797  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2798  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2799  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2800  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2801  }
2802 
2803  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2804  if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
2805  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
2806  SCLogDebug("SSL_AL_FLAG_STATE_FINISHED");
2807  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2808  }
2809 
2810  return APP_LAYER_OK;
2811 }
2812 
2813 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2814  StreamSlice stream_slice, void *local_data)
2815 {
2816  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2817 }
2818 
2819 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2820  StreamSlice stream_slice, void *local_data)
2821 {
2822  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2823 }
2824 
2825 /**
2826  * \internal
2827  * \brief Function to allocate the SSL state memory.
2828  */
2829 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2830 {
2831  SSLState *ssl_state = SCCalloc(1, sizeof(SSLState));
2832  if (unlikely(ssl_state == NULL))
2833  return NULL;
2834  ssl_state->client_connp.cert_log_flag = 0;
2835  ssl_state->server_connp.cert_log_flag = 0;
2836  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2837  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2838  TAILQ_INIT(&ssl_state->server_connp.certs);
2839  TAILQ_INIT(&ssl_state->server_connp.alpns);
2840  TAILQ_INIT(&ssl_state->client_connp.certs);
2841  TAILQ_INIT(&ssl_state->client_connp.alpns);
2842 
2843  return (void *)ssl_state;
2844 }
2845 
2846 static void SSLStateCertSANFree(SSLStateConnp *connp)
2847 {
2848  if (connp->cert0_sans) {
2849  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
2850  rs_cstring_free(connp->cert0_sans[i]);
2851  }
2852  SCFree(connp->cert0_sans);
2853  }
2854 }
2855 
2856 /**
2857  * \internal
2858  * \brief Function to free the SSL state memory.
2859  */
2860 static void SSLStateFree(void *p)
2861 {
2862  SSLState *ssl_state = (SSLState *)p;
2863  SSLCertsChain *item;
2864 
2865  if (ssl_state->client_connp.cert0_subject)
2866  rs_cstring_free(ssl_state->client_connp.cert0_subject);
2867  if (ssl_state->client_connp.cert0_issuerdn)
2868  rs_cstring_free(ssl_state->client_connp.cert0_issuerdn);
2869  if (ssl_state->client_connp.cert0_serial)
2870  rs_cstring_free(ssl_state->client_connp.cert0_serial);
2871  if (ssl_state->client_connp.cert0_fingerprint)
2872  SCFree(ssl_state->client_connp.cert0_fingerprint);
2873  if (ssl_state->client_connp.sni)
2874  SCFree(ssl_state->client_connp.sni);
2875  if (ssl_state->client_connp.session_id)
2876  SCFree(ssl_state->client_connp.session_id);
2877  if (ssl_state->client_connp.hs_buffer)
2878  SCFree(ssl_state->client_connp.hs_buffer);
2879 
2880  if (ssl_state->server_connp.cert0_subject)
2881  rs_cstring_free(ssl_state->server_connp.cert0_subject);
2882  if (ssl_state->server_connp.cert0_issuerdn)
2883  rs_cstring_free(ssl_state->server_connp.cert0_issuerdn);
2884  if (ssl_state->server_connp.cert0_serial)
2885  rs_cstring_free(ssl_state->server_connp.cert0_serial);
2886  if (ssl_state->server_connp.cert0_fingerprint)
2887  SCFree(ssl_state->server_connp.cert0_fingerprint);
2888  if (ssl_state->server_connp.sni)
2889  SCFree(ssl_state->server_connp.sni);
2890  if (ssl_state->server_connp.session_id)
2891  SCFree(ssl_state->server_connp.session_id);
2892 
2893  if (ssl_state->client_connp.ja4)
2894  SCJA4Free(ssl_state->client_connp.ja4);
2895  if (ssl_state->client_connp.ja3_str)
2896  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2897  if (ssl_state->client_connp.ja3_hash)
2898  SCFree(ssl_state->client_connp.ja3_hash);
2899  if (ssl_state->server_connp.ja3_str)
2900  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2901  if (ssl_state->server_connp.ja3_hash)
2902  SCFree(ssl_state->server_connp.ja3_hash);
2903  if (ssl_state->server_connp.hs_buffer)
2904  SCFree(ssl_state->server_connp.hs_buffer);
2905 
2906  SSLStateCertSANFree(&ssl_state->server_connp);
2907  SSLStateCertSANFree(&ssl_state->client_connp);
2908 
2909  AppLayerDecoderEventsFreeEvents(&ssl_state->tx_data.events);
2910 
2911  if (ssl_state->tx_data.de_state != NULL) {
2912  DetectEngineStateFree(ssl_state->tx_data.de_state);
2913  }
2914 
2915  /* Free certificate chain */
2916  if (ssl_state->server_connp.certs_buffer)
2917  SCFree(ssl_state->server_connp.certs_buffer);
2918  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2919  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2920  SCFree(item);
2921  }
2922  TAILQ_INIT(&ssl_state->server_connp.certs);
2923  /* Free certificate chain */
2924  if (ssl_state->client_connp.certs_buffer)
2925  SCFree(ssl_state->client_connp.certs_buffer);
2926  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2927  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2928  SCFree(item);
2929  }
2930  TAILQ_INIT(&ssl_state->client_connp.certs);
2931 
2932  SSLAlpns *a;
2933  while ((a = TAILQ_FIRST(&ssl_state->server_connp.alpns))) {
2934  TAILQ_REMOVE(&ssl_state->server_connp.alpns, a, next);
2935  SCFree(a);
2936  }
2937  TAILQ_INIT(&ssl_state->server_connp.alpns);
2938  while ((a = TAILQ_FIRST(&ssl_state->client_connp.alpns))) {
2939  TAILQ_REMOVE(&ssl_state->client_connp.alpns, a, next);
2940  SCFree(a);
2941  }
2942  TAILQ_INIT(&ssl_state->client_connp.alpns);
2943 
2944  SCFree(ssl_state);
2945 }
2946 
2947 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2948 {
2949  /* do nothing */
2950 }
2951 
2952 static AppProto SSLProbingParser(Flow *f, uint8_t direction,
2953  const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2954 {
2955  /* probably a rst/fin sending an eof */
2956  if (ilen < 3)
2957  return ALPROTO_UNKNOWN;
2958 
2959  /* for now just the 3 byte header ones */
2960  /* \todo Detect the 2 byte ones */
2961  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2962  return ALPROTO_TLS;
2963  }
2964 
2965  return ALPROTO_FAILED;
2966 }
2967 
2968 static int SSLStateGetFrameIdByName(const char *frame_name)
2969 {
2970  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
2971  if (id < 0) {
2972  return -1;
2973  }
2974  return id;
2975 }
2976 
2977 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
2978 {
2979  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
2980  return name;
2981 }
2982 
2983 static int SSLStateGetEventInfo(
2984  const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
2985 {
2986  if (SCAppLayerGetEventIdByName(event_name, tls_decoder_event_table, event_id) == 0) {
2987  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2988  return 0;
2989  }
2990  return -1;
2991 }
2992 
2993 static int SSLStateGetEventInfoById(
2994  uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
2995 {
2996  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
2997  if (*event_name == NULL) {
2998  SCLogError("event \"%d\" not present in "
2999  "ssl's enum map table.",
3000  event_id);
3001  /* yes this is fatal */
3002  return -1;
3003  }
3004 
3005  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3006 
3007  return 0;
3008 }
3009 
3010 static int SSLRegisterPatternsForProtocolDetection(void)
3011 {
3012  if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
3013  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
3014  return -1;
3015  }
3016 
3017  /** SSLv3 */
3018  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3019  "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3020  {
3021  return -1;
3022  }
3023  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3024  "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3025  {
3026  return -1;
3027  }
3028 
3029  /** TLSv1 */
3030  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3031  "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3032  {
3033  return -1;
3034  }
3035  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3036  "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3037  {
3038  return -1;
3039  }
3040 
3041  /** TLSv1.1 */
3042  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3043  "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3044  {
3045  return -1;
3046  }
3047  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3048  "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3049  {
3050  return -1;
3051  }
3052 
3053  /** TLSv1.2 */
3054  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3055  "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3056  {
3057  return -1;
3058  }
3059  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3060  "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3061  {
3062  return -1;
3063  }
3064 
3065  /***** toclient direction *****/
3066 
3067  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3068  "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3069  {
3070  return -1;
3071  }
3072  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3073  "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3074  {
3075  return -1;
3076  }
3077  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3078  "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3079  {
3080  return -1;
3081  }
3082 
3083  /** TLSv1 */
3084  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3085  "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3086  {
3087  return -1;
3088  }
3089  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3090  "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3091  {
3092  return -1;
3093  }
3094  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3095  "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3096  {
3097  return -1;
3098  }
3099 
3100  /** TLSv1.1 */
3101  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3102  "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3103  {
3104  return -1;
3105  }
3106  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3107  "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3108  {
3109  return -1;
3110  }
3111  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3112  "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3113  {
3114  return -1;
3115  }
3116 
3117  /** TLSv1.2 */
3118  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3119  "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3120  {
3121  return -1;
3122  }
3123  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3124  "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3125  {
3126  return -1;
3127  }
3128  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3129  "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3130  {
3131  return -1;
3132  }
3133 
3134  /* Subsection - SSLv2 style record by client, but informing the server
3135  * the max version it supports.
3136  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
3137  * it after some tests */
3138 #if 0
3139  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3140  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
3141  {
3142  return -1;
3143  }
3144  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3145  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
3146  {
3147  return -1;
3148  }
3149 #endif
3150 
3151  return 0;
3152 }
3153 
3154 #ifdef HAVE_JA3
3155 static void CheckJA3Enabled(void)
3156 {
3157  const char *strval = NULL;
3158  /* Check if we should generate JA3 fingerprints */
3159  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3160  if (ConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3161  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3162  } else if (strcmp(strval, "auto") == 0) {
3163  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3164  } else if (ConfValIsFalse(strval)) {
3165  enable_ja3 = 0;
3166  ssl_config.disable_ja3 = true;
3167  } else if (ConfValIsTrue(strval)) {
3168  enable_ja3 = true;
3169  }
3170  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3171  if (!ssl_config.disable_ja3 && !g_disable_hashing) {
3172  /* The feature is available, i.e. _could_ be activated by a rule or
3173  even is enabled in the configuration. */
3174  ProvidesFeature(FEATURE_JA3);
3175  }
3176 }
3177 #endif /* HAVE_JA3 */
3178 
3179 #ifdef HAVE_JA4
3180 static void CheckJA4Enabled(void)
3181 {
3182  const char *strval = NULL;
3183  /* Check if we should generate JA4 fingerprints */
3184  int enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3185  if (ConfGet("app-layer.protocols.tls.ja4-fingerprints", &strval) != 1) {
3186  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3187  } else if (strcmp(strval, "auto") == 0) {
3188  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3189  } else if (ConfValIsFalse(strval)) {
3190  enable_ja4 = 0;
3191  ssl_config.disable_ja4 = true;
3192  } else if (ConfValIsTrue(strval)) {
3193  enable_ja4 = true;
3194  }
3195  SC_ATOMIC_SET(ssl_config.enable_ja4, enable_ja4);
3196  if (!ssl_config.disable_ja4 && !g_disable_hashing) {
3197  /* The feature is available, i.e. _could_ be activated by a rule or
3198  even is enabled in the configuration. */
3199  ProvidesFeature(FEATURE_JA4);
3200  }
3201 }
3202 #endif /* HAVE_JA4 */
3203 
3204 /**
3205  * \brief Function to register the SSL protocol parser and other functions
3206  */
3207 void RegisterSSLParsers(void)
3208 {
3209  const char *proto_name = "tls";
3210 
3211  SC_ATOMIC_INIT(ssl_config.enable_ja3);
3212 
3213  /** SSLv2 and SSLv23*/
3214  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
3215  AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
3216 
3217  if (SSLRegisterPatternsForProtocolDetection() < 0)
3218  return;
3219 
3220  if (RunmodeIsUnittests()) {
3221  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3222  "443",
3223  ALPROTO_TLS,
3224  0, 3,
3225  STREAM_TOSERVER,
3226  SSLProbingParser, NULL);
3227  } else {
3228  if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
3229  proto_name, ALPROTO_TLS,
3230  0, 3,
3231  SSLProbingParser, NULL) == 0) {
3232  SCLogConfig("no TLS config found, "
3233  "enabling TLS detection on port 443.");
3234  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3235  "443",
3236  ALPROTO_TLS,
3237  0, 3,
3238  STREAM_TOSERVER,
3239  SSLProbingParser, NULL);
3240  }
3241  }
3242  } else {
3243  SCLogConfig("Protocol detection and parser disabled for %s protocol",
3244  proto_name);
3245  return;
3246  }
3247 
3248  if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
3249  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
3250  SSLParseClientRecord);
3251 
3252  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3253  SSLParseServerRecord);
3254 
3255  AppLayerParserRegisterGetFrameFuncs(
3256  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3257  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3258  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3259 
3260  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3261 
3262  AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER);
3263 
3264  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3265 
3266  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3267  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3268  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3269 
3270  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3271 
3272  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3273 
3274  AppLayerParserRegisterStateProgressCompletionStatus(
3275  ALPROTO_TLS, TLS_STATE_FINISHED, TLS_STATE_FINISHED);
3276 
3277  ConfNode *enc_handle = ConfGetNode("app-layer.protocols.tls.encryption-handling");
3278  if (enc_handle != NULL && enc_handle->val != NULL) {
3279  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3280  if (strcmp(enc_handle->val, "full") == 0) {
3281  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_FULL;
3282  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3283  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3284  } else if (strcmp(enc_handle->val, "default") == 0) {
3285  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_DEFAULT;
3286  } else {
3287  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_DEFAULT;
3288  }
3289  } else {
3290  /* Get the value of no reassembly option from the config file */
3291  if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3292  int value = 0;
3293  if (ConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3294  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3295  } else {
3296  int value = 0;
3297  if (ConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 && value == 1)
3298  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3299  }
3300  }
3301  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3302 
3303 #ifdef HAVE_JA3
3304  CheckJA3Enabled();
3305 #endif /* HAVE_JA3 */
3306 #ifdef HAVE_JA4
3307  CheckJA4Enabled();
3308 #endif /* HAVE_JA4 */
3309 
3310  if (g_disable_hashing) {
3311  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3312  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3313  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3314  }
3315  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3316  SCLogWarning("Hashing has been disabled, disabling JA4");
3317  SC_ATOMIC_SET(ssl_config.enable_ja4, 0);
3318  }
3319  } else {
3320  if (RunmodeIsUnittests()) {
3321 #ifdef HAVE_JA3
3322  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3323 #endif /* HAVE_JA3 */
3324 #ifdef HAVE_JA4
3325  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3326 #endif /* HAVE_JA4 */
3327  }
3328  }
3329  } else {
3330  SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.", proto_name);
3331  }
3332 }
3333 
3334 /**
3335  * \brief if not explicitly disabled in config, enable ja3 support
3336  *
3337  * Implemented using atomic to allow rule reloads to do this at
3338  * runtime.
3339  */
3340 void SSLEnableJA3(void)
3341 {
3342  if (g_disable_hashing || ssl_config.disable_ja3) {
3343  return;
3344  }
3345  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3346  return;
3347  }
3348  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3349 }
3350 
3351 /**
3352  * \brief if not explicitly disabled in config, enable ja4 support
3353  *
3354  * Implemented using atomic to allow rule reloads to do this at
3355  * runtime.
3356  */
3357 void SSLEnableJA4(void)
3358 {
3359  if (g_disable_hashing || ssl_config.disable_ja4) {
3360  return;
3361  }
3362  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3363  return;
3364  }
3365  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3366 }
3367 
3368 /**
3369  * \brief return whether ja3 is effectively enabled
3370  *
3371  * This means that it either has been enabled explicitly or has been
3372  * enabled by having loaded a rule while not being explicitly disabled.
3373  *
3374  * \retval true if enabled, false otherwise
3375  */
3376 bool SSLJA3IsEnabled(void)
3377 {
3378  return SC_ATOMIC_GET(ssl_config.enable_ja3);
3379 }
3380 
3381 /**
3382  * \brief return whether ja4 is effectively enabled
3383  *
3384  * This means that it either has been enabled explicitly or has been
3385  * enabled by having loaded a rule while not being explicitly disabled.
3386  *
3387  * \retval true if enabled, false otherwise
3388  */
3389 bool SSLJA4IsEnabled(void)
3390 {
3391  return SC_ATOMIC_GET(ssl_config.enable_ja4);
3392 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:157
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:46
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:255
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:466
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:296
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:149
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:143
AppLayerProtoDetectPPParseConfPorts
int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1583
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:122
JA3Buffer_
Definition: util-ja3.h:31
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:225
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:73
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:198
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:202
TLS_VERSION_13_DRAFT16
@ TLS_VERSION_13_DRAFT16
Definition: app-layer-ssl.h:181
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:124
SSL_AL_FLAG_HANDSHAKE_DONE
#define SSL_AL_FLAG_HANDSHAKE_DONE
Definition: app-layer-ssl.h:113
ConfNode_::val
char * val
Definition: conf.h:34
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:482
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:131
TLS_VERSION_13_DRAFT27
@ TLS_VERSION_13_DRAFT27
Definition: app-layer-ssl.h:170
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:174
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:306
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:142
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:242
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:314
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:33
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3357
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:127
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:250
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:38
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:65
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:185
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:315
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:258
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:116
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:81
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:253
SSLStateConnp_
Definition: app-layer-ssl.h:235
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:320
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1531
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:278
TLS_VERSION_13_DRAFT23
@ TLS_VERSION_13_DRAFT23
Definition: app-layer-ssl.h:174
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:135
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:252
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:68
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:67
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:78
Flow_
Flow data structure.
Definition: flow.h:356
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:148
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:297
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:99
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: util-file.h:40
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:63
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:62
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:166
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:518
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:390
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:300
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:256
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:168
TLS_VERSION_13_DRAFT26_FB
@ TLS_VERSION_13_DRAFT26_FB
Definition: app-layer-ssl.h:187
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:477
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:161
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:183
SSLAlpns_::size
uint32_t size
Definition: app-layer-ssl.h:231
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:312
TLS_VERSION_12
@ TLS_VERSION_12
Definition: app-layer-ssl.h:167
TLS_VERSION_13_DRAFT21
@ TLS_VERSION_13_DRAFT21
Definition: app-layer-ssl.h:176
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Definition: util-ja3.c:315
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:175
MIN
#define MIN(x, y)
Definition: suricata-common.h:391
SSLAlpns_
Definition: app-layer-ssl.h:229
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:136
util-ja3.h
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:119
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:125
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:101
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:299
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:129
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:71
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:265
SSLStateConnp_::ja4
JA4 * ja4
Definition: app-layer-ssl.h:280
SSL_VERSION_3
@ SSL_VERSION_3
Definition: app-layer-ssl.h:164
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:172
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
MAX
#define MAX(x, y)
Definition: suricata-common.h:395
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:285
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:39
TLS_VERSION_13_DRAFT20_FB
@ TLS_VERSION_13_DRAFT20_FB
Definition: app-layer-ssl.h:183
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:239
TLS_VERSION_13_PRE_DRAFT16
@ TLS_VERSION_13_PRE_DRAFT16
Definition: app-layer-ssl.h:182
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:87
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:256
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:536
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:287
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:92
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:93
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:259
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:310
AppLayerProtoDetectPPRegister
void AppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1543
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:130
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:110
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:184
app-layer-detect-proto.h
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:123
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:208
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
SSL_CNF_ENC_HANDLE_DEFAULT
@ SSL_CNF_ENC_HANDLE_DEFAULT
Definition: app-layer-ssl.c:139
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:99
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
feature.h
decode.h
TLS_VERSION_13
@ TLS_VERSION_13
Definition: app-layer-ssl.h:168
util-debug.h
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
AppLayerParserState_
Definition: app-layer-parser.c:129
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:197
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3376
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:133
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
TLS_VERSION_13_DRAFT22_FB
@ TLS_VERSION_13_DRAFT22_FB
Definition: app-layer-ssl.h:185
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Definition: util-ja3.c:310
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:247
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:186
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:207
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:288
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:272
SSLCertsChain_
Definition: app-layer-ssl.h:223
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:545
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:262
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:130
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:411
AppLayerProtoDetectPMRegisterPatternCSwPP
int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1670
SSLVersionToString
void SSLVersionToString(uint16_t version, char *buffer)
Definition: app-layer-ssl.c:332
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:36
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:98
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:157
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
TLS_VERSION_13_DRAFT24
@ TLS_VERSION_13_DRAFT24
Definition: app-layer-ssl.h:173
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:555
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:138
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:69
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:109
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:100
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:189
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:181
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:61
SSL_EXTENSION_ALPN
#define SSL_EXTENSION_ALPN
Definition: app-layer-ssl.h:145
type
uint16_t type
Definition: decode-vlan.c:107
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:40
conf.h
TLS_STATE_CERT_READY
@ TLS_STATE_CERT_READY
Definition: app-layer-ssl.h:78
SSL_CONFIG_DEFAULT_JA4
#define SSL_CONFIG_DEFAULT_JA4
Definition: app-layer-ssl.c:136
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:119
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3340
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:237
SslConfig_
Definition: app-layer-ssl.c:144
SSL_AL_FLAG_STATE_FINISHED
#define SSL_AL_FLAG_STATE_FINISHED
Definition: app-layer-ssl.h:105
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:180
TLS_VERSION_UNKNOWN
@ TLS_VERSION_UNKNOWN
Definition: app-layer-ssl.h:162
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1761
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:160
TLS_VERSION_13_DRAFT20
@ TLS_VERSION_13_DRAFT20
Definition: app-layer-ssl.h:177
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:120
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:158
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:187
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:224
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:251
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:273
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:35
TLS_VERSION_13_DRAFT17
@ TLS_VERSION_13_DRAFT17
Definition: app-layer-ssl.h:180
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:378
DetectEngineStateFree
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
Definition: detect-engine-state.c:169
TLS_VERSION_11
@ TLS_VERSION_11
Definition: app-layer-ssl.h:166
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:135
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:173
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:84
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:126
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:64
TLS_VERSION_13_DRAFT18
@ TLS_VERSION_13_DRAFT18
Definition: app-layer-ssl.h:179
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:204
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:499
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:70
TLS_VERSION_13_DRAFT21_FB
@ TLS_VERSION_13_DRAFT21_FB
Definition: app-layer-ssl.h:184
TLS_VERSION_13_DRAFT19
@ TLS_VERSION_13_DRAFT19
Definition: app-layer-ssl.h:178
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1752
SSLDecoderResult
Definition: app-layer-ssl.c:206
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:87
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1367
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:254
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:191
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:210
TLS_VERSION_10
@ TLS_VERSION_10
Definition: app-layer-ssl.h:165
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:90
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:291
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3207
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:193
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:215
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:66
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:146
SSL_EXTENSION_SIGNATURE_ALGORITHMS
#define SSL_EXTENSION_SIGNATURE_ALGORITHMS
Definition: app-layer-ssl.h:144
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Definition: util-ja3.c:320
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:147
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:118
SCEnumCharMap_
Definition: util-enum.h:27
TLS_VERSION_13_DRAFT22
@ TLS_VERSION_13_DRAFT22
Definition: app-layer-ssl.h:175
SSLAlpns_::alpn
uint8_t alpn[]
Definition: app-layer-ssl.h:232
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:245
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:269
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:577
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:286
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:220
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:567
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:447
FEATURE_JA4
#define FEATURE_JA4
Definition: feature.h:30
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:145
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:164
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:86
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:170
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:151
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:182
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
TLS_HANDSHAKE_DONE
@ TLS_HANDSHAKE_DONE
Definition: app-layer-ssl.h:79
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:154
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
SSL_VERSION_2
@ SSL_VERSION_2
Definition: app-layer-ssl.h:163
TLS_VERSION_13_DRAFT26
@ TLS_VERSION_13_DRAFT26
Definition: app-layer-ssl.h:171
src
uint16_t src
Definition: app-layer-dnp3.h:5
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:179
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:561
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:94
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:159
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3389
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:121
SSLStateConnp_::cert0_sans_len
uint16_t cert0_sans_len
Definition: app-layer-ssl.h:263
SslConfig_::disable_ja4
bool disable_ja4
Definition: app-layer-ssl.c:151
TLS_VERSION_13_DRAFT23_FB
@ TLS_VERSION_13_DRAFT23_FB
Definition: app-layer-ssl.h:186
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:74
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:165
TLS_VERSION_13_DRAFT28
@ TLS_VERSION_13_DRAFT28
Definition: app-layer-ssl.h:169
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:275
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:194
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:111
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja4)
app-layer-protos.h
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:72
TLS_VERSION_13_DRAFT25
@ TLS_VERSION_13_DRAFT25
Definition: app-layer-ssl.h:172
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
TLS_STATE_IN_PROGRESS
@ TLS_STATE_IN_PROGRESS
Definition: app-layer-ssl.h:77
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:488
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:140
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:91
SslConfig
struct SslConfig_ SslConfig
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
FEATURE_JA3
#define FEATURE_JA3
Definition: feature.h:29
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:533
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:95
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1657
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:37
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:267
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:60
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:141
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:260
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:200
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:277
AppLayerParserStateIssetFlag
uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1760
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:171
util-enum.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
TLS_STATE_FINISHED
@ TLS_STATE_FINISHED
Definition: app-layer-ssl.h:80
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:284
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1952
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:257
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:167
SCAppLayerGetEventIdByName
int SCAppLayerGetEventIdByName(const char *event_name, SCEnumCharMap *table, uint8_t *event_id)
Definition: app-layer-events.c:28
WARN_UNUSED
#define WARN_UNUSED
Definition: suricata-common.h:403
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:123
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:176
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:108
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:91
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:141
SSLStateConnp_::cert0_sans
char ** cert0_sans
Definition: app-layer-ssl.h:262
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:303
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:244
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:169
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:207