suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 
30 #include "app-layer.h"
31 #include "app-layer-detect-proto.h"
32 #include "app-layer-protos.h"
33 #include "app-layer-parser.h"
34 #include "app-layer-frames.h"
35 #include "app-layer-events.h"
36 #include "app-layer-ssl.h"
37 
38 #include "conf.h"
39 
40 #include "feature.h"
41 
42 #include "util-debug.h"
43 #include "util-ja3.h"
44 #include "util-enum.h"
45 #include "util-validate.h"
46 
47 static SCEnumCharMap tls_state_client_table[] = {
48  {
49  "client_in_progress",
50  TLS_STATE_CLIENT_IN_PROGRESS,
51  },
52  {
53  "client_hello_done",
54  TLS_STATE_CLIENT_HELLO_DONE,
55  },
56  {
57  "client_cert_done",
58  TLS_STATE_CLIENT_CERT_DONE,
59  },
60  {
61  "client_handshake_done",
62  TLS_STATE_CLIENT_HANDSHAKE_DONE,
63  },
64  {
65  "client_finished",
66  TLS_STATE_CLIENT_FINISHED,
67  },
68  { NULL, -1 },
69 };
70 
71 static SCEnumCharMap tls_state_server_table[] = {
72  {
73  "server_in_progress",
74  TLS_STATE_SERVER_IN_PROGRESS,
75  },
76  {
77  "server_hello",
78  TLS_STATE_SERVER_HELLO,
79  },
80  {
81  "server_cert_done",
82  TLS_STATE_SERVER_CERT_DONE,
83  },
84  {
85  "server_hello_done",
86  TLS_STATE_SERVER_HELLO_DONE,
87  },
88  {
89  "server_handshake_done",
90  TLS_STATE_SERVER_HANDSHAKE_DONE,
91  },
92  {
93  "server_finished",
94  TLS_STATE_SERVER_FINISHED,
95  },
96  { NULL, -1 },
97 };
98 
99 SCEnumCharMap tls_frame_table[] = {
100  {
101  "pdu",
102  TLS_FRAME_PDU,
103  },
104  {
105  "hdr",
106  TLS_FRAME_HDR,
107  },
108  {
109  "data",
110  TLS_FRAME_DATA,
111  },
112  {
113  "alert",
114  TLS_FRAME_ALERT_DATA,
115  },
116  {
117  "heartbeat",
118  TLS_FRAME_HB_DATA,
119  },
120  {
121  "ssl2.hdr",
122  TLS_FRAME_SSLV2_HDR,
123  },
124  {
125  "ssl2.pdu",
126  TLS_FRAME_SSLV2_PDU,
127  },
128  { NULL, -1 },
129 };
130 
131 SCEnumCharMap tls_decoder_event_table[] = {
132  /* TLS protocol messages */
133  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
134  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
135  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
136  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
137  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
138  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
139  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
140  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
141  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
142  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
143  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
144  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
145  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
146  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
147  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
148  { "INVALID_ALERT_MESSAGE", TLS_DECODER_EVENT_INVALID_ALERT },
149  /* certificate decoding messages */
150  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
151  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
152  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
153  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
154  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
155  TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
156  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
157  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
158  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
159  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
160  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
161  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
162  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
163  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
164  /* used as a generic error event */
165  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
166  { NULL, -1 },
167 };
168 
169 enum {
170  /* X.509 error codes, returned by decoder
171  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
172  ERR_INVALID_CERTIFICATE=1,
173  ERR_INVALID_LENGTH,
174  ERR_INVALID_VERSION,
175  ERR_INVALID_SERIAL,
176  ERR_INVALID_ALGORITHMIDENTIFIER,
177  ERR_INVALID_X509NAME,
178  ERR_INVALID_DATE,
179  ERR_INVALID_EXTENSIONS,
180  ERR_INVALID_DER,
181 
182  /* error getting data */
183  ERR_EXTRACT_SUBJECT,
184  ERR_EXTRACT_ISSUER,
185  ERR_EXTRACT_VALIDITY,
186 };
187 
188 /* JA3 and JA4 fingerprints are disabled by default */
189 #define SSL_CONFIG_DEFAULT_JA3 0
190 #ifdef HAVE_JA4
191 #define SSL_CONFIG_DEFAULT_JA4 0
192 #endif
193 
194 enum SslConfigEncryptHandling {
195  SSL_CNF_ENC_HANDLE_TRACK_ONLY = 0, /**< disable raw content, continue tracking */
196  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
197  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
198 };
199 
200 typedef struct SslConfig_ {
201  enum SslConfigEncryptHandling encrypt_mode;
202  /** dynamic setting for ja3 and ja4: can be enabled on demand if not
203  * explicitly disabled. */
204  SC_ATOMIC_DECLARE(int, enable_ja3);
205  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
206  SC_ATOMIC_DECLARE(int, enable_ja4);
207  bool disable_ja4; /**< ja4 explicitly disabled. Don't enable on demand. */
208 } SslConfig;
209 
210 SslConfig ssl_config;
211 
212 /* SSLv3 record types */
213 #define SSLV3_CHANGE_CIPHER_SPEC 20
214 #define SSLV3_ALERT_PROTOCOL 21
215 #define SSLV3_HANDSHAKE_PROTOCOL 22
216 #define SSLV3_APPLICATION_PROTOCOL 23
217 #define SSLV3_HEARTBEAT_PROTOCOL 24
218 
219 /* SSLv3 handshake protocol types */
220 #define SSLV3_HS_HELLO_REQUEST 0
221 #define SSLV3_HS_CLIENT_HELLO 1
222 #define SSLV3_HS_SERVER_HELLO 2
223 #define SSLV3_HS_NEW_SESSION_TICKET 4
224 #define SSLV3_HS_CERTIFICATE 11
225 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
226 #define SSLV3_HS_CERTIFICATE_REQUEST 13
227 #define SSLV3_HS_SERVER_HELLO_DONE 14
228 #define SSLV3_HS_CERTIFICATE_VERIFY 15
229 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
230 #define SSLV3_HS_FINISHED 20
231 #define SSLV3_HS_CERTIFICATE_URL 21
232 #define SSLV3_HS_CERTIFICATE_STATUS 22
233 
234 /* SSLv2 protocol message types */
235 #define SSLV2_MT_ERROR 0
236 #define SSLV2_MT_CLIENT_HELLO 1
237 #define SSLV2_MT_CLIENT_MASTER_KEY 2
238 #define SSLV2_MT_CLIENT_FINISHED 3
239 #define SSLV2_MT_SERVER_HELLO 4
240 #define SSLV2_MT_SERVER_VERIFY 5
241 #define SSLV2_MT_SERVER_FINISHED 6
242 #define SSLV2_MT_REQUEST_CERTIFICATE 7
243 #define SSLV2_MT_CLIENT_CERTIFICATE 8
244 
245 #define SSLV3_RECORD_HDR_LEN 5
246 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
247 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
248 
249 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
250 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
251 
252 /* TLS heartbeat protocol types */
253 #define TLS_HB_REQUEST 1
254 #define TLS_HB_RESPONSE 2
255 
256 #define SSL_RECORD_MINIMUM_LENGTH 6
257 
258 #define SHA1_STRING_LENGTH 60
259 
260 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
261 
262 struct SSLDecoderResult {
263  int retval; // nr bytes consumed from input, or < 0 on error
264  uint32_t needed; // more bytes needed
265 };
266 #define SSL_DECODER_ERROR(e) \
267  (struct SSLDecoderResult) \
268  { \
269  (e), 0 \
270  }
271 #define SSL_DECODER_OK(c) \
272  (struct SSLDecoderResult) \
273  { \
274  (uint32_t)(c), 0 \
275  }
276 #define SSL_DECODER_INCOMPLETE(c, n) \
277  (struct SSLDecoderResult) \
278  { \
279  (uint32_t)(c), (n) \
280  }
281 
282 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
283  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
284 
285 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
286  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
287 {
288  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
289  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
290  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
291  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
292 
293  if (dst_offset < dst_size && src_offset < src_size &&
294  src_tocopy <= (src_size - src_offset) &&
295  src_tocopy <= (dst_size - dst_offset)) {
296  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
297  return 0;
298  }
299  return -1;
300 }
301 
302 #ifdef DEBUG_VALIDATION
303 #define ValidateRecordState(connp) \
304  do { \
305  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
306  (connp)->bytes_processed); \
307  } while(0);
308 #else
309 #define ValidateRecordState(...)
310 #endif
311 
312 #define SSLParserHSReset(connp) \
313  do { \
314  (connp)->handshake_type = 0; \
315  (connp)->message_length = 0; \
316  } while (0)
317 
318 #define SSLParserReset(state) \
319  do { \
320  SCLogDebug("resetting state"); \
321  (state)->curr_connp->bytes_processed = 0; \
322  SSLParserHSReset((state)->curr_connp); \
323  } while(0)
324 
325 #define SSLSetEvent(ssl_state, event) \
326  do { \
327  SCLogDebug("setting event %u", (event)); \
328  if ((ssl_state) == NULL) { \
329  SCLogDebug("could not set decoder event %u", event); \
330  } else { \
331  AppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
332  (ssl_state)->events++; \
333  } \
334  } while (0)
335 
336 static void SSLStateCertSANFree(SSLStateConnp *connp);
337 
338 static void *SSLGetTx(void *state, uint64_t tx_id)
339 {
340  SSLState *ssl_state = (SSLState *)state;
341  return ssl_state;
342 }
343 
344 static uint64_t SSLGetTxCnt(void *state)
345 {
346  /* single tx */
347  return 1;
348 }
349 
350 static void UpdateClientState(SSLState *ssl_state, enum TlsStateClient s)
351 {
352 #ifdef DEBUG
353  enum TlsStateClient old = ssl_state->client_state;
354 #endif
355  ssl_state->client_state = s;
356 #ifdef DEBUG
357  SCLogDebug("toserver: state updated to %u from %u", s, old);
358 #endif
359 }
360 
361 static void UpdateServerState(SSLState *ssl_state, enum TlsStateServer s)
362 {
363 #ifdef DEBUG
364  enum TlsStateServer old = ssl_state->server_state;
365 #endif
366  ssl_state->server_state = s;
367 #ifdef DEBUG
368  SCLogDebug("toclient: state updated to %u from %u", s, old);
369 #endif
370 }
371 
372 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
373 {
374  SSLState *ssl_state = (SSLState *)tx;
375  if (direction & STREAM_TOCLIENT) {
376  return ssl_state->server_state;
377  } else {
378  return ssl_state->client_state;
379  }
380 }
381 
382 static AppLayerTxData *SSLGetTxData(void *vtx)
383 {
384  SSLState *ssl_state = (SSLState *)vtx;
385  return &ssl_state->tx_data;
386 }
387 
388 static AppLayerStateData *SSLGetStateData(void *vstate)
389 {
390  SSLState *ssl_state = (SSLState *)vstate;
391  return &ssl_state->state_data;
392 }
393 
394 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
395 {
396  switch(err) {
397  case ERR_EXTRACT_VALIDITY:
398  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY);
399  break;
400  case ERR_EXTRACT_ISSUER:
401  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER);
402  break;
403  case ERR_EXTRACT_SUBJECT:
404  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT);
405  break;
406  case ERR_INVALID_DER:
407  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER);
408  break;
409  case ERR_INVALID_EXTENSIONS:
410  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS);
411  break;
412  case ERR_INVALID_DATE:
413  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE);
414  break;
415  case ERR_INVALID_X509NAME:
416  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME);
417  break;
418  case ERR_INVALID_ALGORITHMIDENTIFIER:
419  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER);
420  break;
421  case ERR_INVALID_SERIAL:
422  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL);
423  break;
424  case ERR_INVALID_VERSION:
425  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION);
426  break;
427  case ERR_INVALID_LENGTH:
428  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH);
429  break;
430  case ERR_INVALID_CERTIFICATE:
431  default:
432  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
433  break;
434  }
435 }
436 
437 static inline int TlsDecodeHSCertificateFingerprint(
438  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
439 {
440  if (unlikely(connp->cert0_fingerprint != NULL))
441  return 0;
442 
443  connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH);
444  if (connp->cert0_fingerprint == NULL)
445  return -1;
446 
447  uint8_t hash[SC_SHA1_LEN];
448  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
449  SCToHex_sep(
450  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
451  }
452  return 0;
453 }
454 
455 static inline int TlsDecodeHSCertificateAddCertToChain(
456  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
457 {
458  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
459  if (cert == NULL)
460  return -1;
461 
462  cert->cert_data = (uint8_t *)input;
463  cert->cert_len = cert_len;
464  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
465 
466  return 0;
467 }
468 
469 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
470  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
471 {
472  const uint8_t *input = (uint8_t *)initial_input;
473  uint32_t err_code = 0;
474  X509 *x509 = NULL;
475  int rc = 0;
476 
477  if (!(HAS_SPACE(3)))
478  goto invalid_cert;
479 
480  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
481  input += 3;
482 
483  if (!(HAS_SPACE(cert_len)))
484  goto invalid_cert;
485 
486  /* only store fields from the first certificate in the chain */
487  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
488  connp->cert0_serial == NULL) {
489  x509 = SCX509Decode(input, cert_len, &err_code);
490  if (x509 == NULL) {
491  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
492  goto next;
493  }
494 
495  char *str = SCX509GetSubject(x509);
496  if (str == NULL) {
497  err_code = ERR_EXTRACT_SUBJECT;
498  goto error;
499  }
500  connp->cert0_subject = str;
501 
502  str = SCX509GetIssuer(x509);
503  if (str == NULL) {
504  err_code = ERR_EXTRACT_ISSUER;
505  goto error;
506  }
507  connp->cert0_issuerdn = str;
508 
509  connp->cert0_sans_len = SCX509GetSubjectAltNameLen(x509);
510  char **sans = SCCalloc(connp->cert0_sans_len, sizeof(char *));
511  if (sans == NULL) {
512  goto error;
513  }
514  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
515  sans[i] = SCX509GetSubjectAltNameAt(x509, i);
516  }
517  connp->cert0_sans = sans;
518  str = SCX509GetSerial(x509);
519  if (str == NULL) {
520  err_code = ERR_INVALID_SERIAL;
521  goto error;
522  }
523  connp->cert0_serial = str;
524 
525  rc = SCX509GetValidity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
526  if (rc != 0) {
527  err_code = ERR_EXTRACT_VALIDITY;
528  goto error;
529  }
530 
531  SCX509Free(x509);
532  x509 = NULL;
533 
534  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
535  if (rc != 0) {
536  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
537  goto error;
538  }
539  }
540 
541  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
542  if (rc != 0) {
543  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
544  goto error;
545  }
546 
547 next:
548  input += cert_len;
549  return (int)(input - initial_input);
550 
551 error:
552  if (err_code != 0)
553  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
554  if (x509 != NULL)
555  SCX509Free(x509);
556 
557  SSLStateCertSANFree(connp);
558  return -1;
559 
560 invalid_cert:
561  SCLogDebug("TLS invalid certificate");
562  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
563  return -1;
564 }
565 
566 /** \internal
567  * \brief parse cert data in a certificate handshake message
568  * will be called with all data.
569  * \retval consumed bytes consumed or -1 on error
570  */
571 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
572  const uint8_t *const initial_input, const uint32_t input_len)
573 {
574  const uint8_t *input = (uint8_t *)initial_input;
575 
576  if (!(HAS_SPACE(3)))
577  return -1;
578 
579  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
580  input += 3;
581 
582  if (!(HAS_SPACE(cert_chain_len)))
583  return -1;
584 
585  if (connp->certs_buffer != NULL) {
586  // TODO should we set an event here?
587  return -1;
588  }
589 
590  connp->certs_buffer = SCCalloc(1, cert_chain_len);
591  if (connp->certs_buffer == NULL) {
592  return -1;
593  }
594  connp->certs_buffer_size = cert_chain_len;
595  memcpy(connp->certs_buffer, input, cert_chain_len);
596 
597  int cert_cnt = 0;
598  uint32_t processed_len = 0;
599  /* coverity[tainted_data] */
600  while (processed_len < cert_chain_len) {
601  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
602  connp->certs_buffer_size - processed_len, cert_cnt);
603  if (rc <= 0) { // 0 should be impossible, but lets be defensive
604  return -1;
605  }
606  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
607  if (processed_len + (uint32_t)rc > cert_chain_len) {
608  return -1;
609  }
610 
611  processed_len += (uint32_t)rc;
612  }
613 
614  return processed_len + 3;
615 }
616 
617 /**
618  * \inline
619  * \brief Check if value is GREASE.
620  *
621  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
622  *
623  * \param value Value to check.
624  *
625  * \retval 1 if is GREASE.
626  * \retval 0 if not is GREASE.
627  */
628 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
629 {
630  switch (value)
631  {
632  case 0x0a0a:
633  case 0x1a1a:
634  case 0x2a2a:
635  case 0x3a3a:
636  case 0x4a4a:
637  case 0x5a5a:
638  case 0x6a6a:
639  case 0x7a7a:
640  case 0x8a8a:
641  case 0x9a9a:
642  case 0xaaaa:
643  case 0xbaba:
644  case 0xcaca:
645  case 0xdada:
646  case 0xeaea:
647  case 0xfafa:
648  return 1;
649  default:
650  return 0;
651  }
652 }
653 
654 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
655  const uint8_t * const initial_input,
656  const uint32_t input_len)
657 {
658  uint8_t *input = (uint8_t *)initial_input;
659 
660  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_VERSION_LEN))) {
661  SCLogDebug("TLS handshake invalid length");
662  SSLSetEvent(ssl_state,
663  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
664  return -1;
665  }
666 
667  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
668  ssl_state->curr_connp->version = version;
669 
670  if (ssl_state->current_flags &
671  (SSL_AL_FLAG_STATE_CLIENT_HELLO | SSL_AL_FLAG_STATE_SERVER_HELLO)) {
672  SCTLSHandshakeSetTLSVersion(ssl_state->curr_connp->hs, version);
673  }
674 
675  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
676  versions, instead of using the supported versions extension. */
677  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
678  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
679  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
680  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
681  }
682 
683  /* Catch some early TLSv1.3 draft implementations that does not conform
684  to the draft version. */
685  if ((ssl_state->curr_connp->version >= 0x7f01) &&
686  (ssl_state->curr_connp->version < 0x7f10)) {
687  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
688  }
689 
690  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
691  version number, which makes it hard to accurately pinpoint the
692  exact draft version. */
693  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
694  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
695  }
696 
697  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
698  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
699  if (ssl_state->curr_connp->ja3_str == NULL)
700  return -1;
701 
702  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
703  if (rc != 0)
704  return -1;
705  }
706 
707  input += SSLV3_CLIENT_HELLO_VERSION_LEN;
708 
709  return (int)(input - initial_input);
710 }
711 
712 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
713  const uint8_t * const initial_input,
714  const uint32_t input_len)
715 {
716  uint8_t *input = (uint8_t *)initial_input;
717 
718  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_RANDOM_LEN))) {
719  SCLogDebug("TLS handshake invalid length");
720  SSLSetEvent(ssl_state,
721  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
722  return -1;
723  }
724 
725  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
726  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
727  ssl_state->flags |= TLS_TS_RANDOM_SET;
728  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
729  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
730  ssl_state->flags |= TLS_TC_RANDOM_SET;
731  }
732 
733  /* Skip random */
734  input += SSLV3_CLIENT_HELLO_RANDOM_LEN;
735 
736  return (int)(input - initial_input);
737 }
738 
739 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
740  const uint8_t * const initial_input,
741  const uint32_t input_len)
742 {
743  uint8_t *input = (uint8_t *)initial_input;
744 
745  if (!(HAS_SPACE(1)))
746  goto invalid_length;
747 
748  uint8_t session_id_length = *input;
749  input += 1;
750 
751  if (!(HAS_SPACE(session_id_length)))
752  goto invalid_length;
753 
754  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
755  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
756 
757  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
758  return -1;
759  }
760 
761  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
762  input, 0, input_len, session_id_length) != 0) {
763  return -1;
764  }
765  ssl_state->curr_connp->session_id_length = session_id_length;
766 
767  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
768  ssl_state->client_connp.session_id != NULL &&
769  ssl_state->server_connp.session_id != NULL) {
770  if ((ssl_state->client_connp.session_id_length ==
771  ssl_state->server_connp.session_id_length) &&
772  (memcmp(ssl_state->server_connp.session_id,
773  ssl_state->client_connp.session_id, session_id_length) == 0)) {
774  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
775  }
776  }
777  }
778 
779  input += session_id_length;
780 
781  return (int)(input - initial_input);
782 
783 invalid_length:
784  SCLogDebug("TLS handshake invalid length");
785  SSLSetEvent(ssl_state,
786  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
787  return -1;
788 }
789 
790 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
791  const uint8_t * const initial_input,
792  const uint32_t input_len)
793 {
794  const uint8_t *input = initial_input;
795 
796  if (!(HAS_SPACE(2)))
797  goto invalid_length;
798 
799  uint16_t cipher_suites_length;
800 
801  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
802  cipher_suites_length = 2;
803  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
804  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
805  input += 2;
806  } else {
807  return -1;
808  }
809 
810  if (!(HAS_SPACE(cipher_suites_length)))
811  goto invalid_length;
812 
813  /* Cipher suites length should always be divisible by 2 */
814  if ((cipher_suites_length % 2) != 0) {
815  goto invalid_length;
816  }
817 
818  const bool enable_ja3 =
819  SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL;
820 
821  JA3Buffer *ja3_cipher_suites = NULL;
822 
823  if (enable_ja3) {
824  ja3_cipher_suites = Ja3BufferInit();
825  if (ja3_cipher_suites == NULL)
826  return -1;
827  }
828 
829  uint16_t processed_len = 0;
830  /* coverity[tainted_data] */
831  while (processed_len < cipher_suites_length) {
832  if (!(HAS_SPACE(2))) {
833  if (enable_ja3) {
834  Ja3BufferFree(&ja3_cipher_suites);
835  }
836  goto invalid_length;
837  }
838 
839  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
840  input += 2;
841 
842  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
843  if (ssl_state->current_flags &
844  (SSL_AL_FLAG_STATE_CLIENT_HELLO | SSL_AL_FLAG_STATE_SERVER_HELLO)) {
845  SCTLSHandshakeAddCipher(ssl_state->curr_connp->hs, cipher_suite);
846  }
847  if (enable_ja3) {
848  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
849  if (rc != 0) {
850  return -1;
851  }
852  }
853  }
854  processed_len += 2;
855  }
856 
857  if (enable_ja3) {
858  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str, &ja3_cipher_suites);
859  if (rc == -1) {
860  return -1;
861  }
862  }
863 
864  return (int)(input - initial_input);
865 
866 invalid_length:
867  SCLogDebug("TLS handshake invalid length");
868  SSLSetEvent(ssl_state,
869  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
870  return -1;
871 }
872 
873 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
874  const uint8_t * const initial_input,
875  const uint32_t input_len)
876 {
877  const uint8_t *input = initial_input;
878 
879  if (!(HAS_SPACE(1)))
880  goto invalid_length;
881 
882  /* Skip compression methods */
883  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
884  input += 1;
885  } else {
886  uint8_t compression_methods_length = *input;
887  input += 1;
888 
889  if (!(HAS_SPACE(compression_methods_length)))
890  goto invalid_length;
891 
892  input += compression_methods_length;
893  }
894 
895  return (int)(input - initial_input);
896 
897 invalid_length:
898  SCLogDebug("TLS handshake invalid_length");
899  SSLSetEvent(ssl_state,
900  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
901  return -1;
902 }
903 
904 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
905  const uint8_t * const initial_input,
906  const uint32_t input_len)
907 {
908  uint8_t *input = (uint8_t *)initial_input;
909 
910  /* Empty extension */
911  if (input_len == 0)
912  return 0;
913 
914  if (!(HAS_SPACE(2)))
915  goto invalid_length;
916 
917  /* Skip sni_list_length */
918  input += 2;
919 
920  if (!(HAS_SPACE(1)))
921  goto invalid_length;
922 
923  uint8_t sni_type = *input;
924  input += 1;
925 
926  /* Currently the only type allowed is host_name
927  (RFC6066 section 3). */
928  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
929  SCLogDebug("Unknown SNI type");
930  SSLSetEvent(ssl_state,
931  TLS_DECODER_EVENT_INVALID_SNI_TYPE);
932  return -1;
933  }
934 
935  if (!(HAS_SPACE(2)))
936  goto invalid_length;
937 
938  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
939  input += 2;
940 
941  /* host_name contains the fully qualified domain name,
942  and should therefore be limited by the maximum domain
943  name length. */
944  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
945  SSLSetEvent(ssl_state,
946  TLS_DECODER_EVENT_INVALID_SNI_LENGTH);
947  return -1;
948  }
949 
950  /* There must not be more than one extension of the same
951  type (RFC5246 section 7.4.1.4). */
952  if (ssl_state->curr_connp->sni) {
953  SCLogDebug("Multiple SNI extensions");
954  SSLSetEvent(ssl_state,
955  TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS);
956  input += sni_len;
957  return (int)(input - initial_input);
958  }
959 
960  const size_t sni_strlen = sni_len + 1;
961  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
962  if (unlikely(ssl_state->curr_connp->sni == NULL))
963  return -1;
964 
965  const size_t consumed = input - initial_input;
966  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
967  initial_input, consumed, input_len, sni_len) != 0) {
968  SCFree(ssl_state->curr_connp->sni);
969  ssl_state->curr_connp->sni = NULL;
970  return -1;
971  }
972  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
973 
974  input += sni_len;
975 
976  return (int)(input - initial_input);
977 
978 invalid_length:
979  SCLogDebug("TLS handshake invalid length");
980  SSLSetEvent(ssl_state,
981  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
982 
983 
984  return -1;
985 }
986 
987 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
988  const uint8_t * const initial_input,
989  const uint32_t input_len)
990 {
991  const uint8_t *input = initial_input;
992 
993  /* Empty extension */
994  if (input_len == 0)
995  return 0;
996 
997  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
998  if (!(HAS_SPACE(1)))
999  goto invalid_length;
1000 
1001  uint8_t supported_ver_len = *input;
1002  input += 1;
1003 
1004  if (supported_ver_len < 2)
1005  goto invalid_length;
1006 
1007  if (!(HAS_SPACE(supported_ver_len)))
1008  goto invalid_length;
1009 
1010  /* Use the first (and preferred) valid version as client version,
1011  * skip over GREASE and other possible noise. */
1012  uint16_t i = 0;
1013  while (i + 1 < (uint16_t)supported_ver_len) {
1014  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1015  if (TLSVersionValid(ver)) {
1016  ssl_state->curr_connp->version = ver;
1017  SCTLSHandshakeSetTLSVersion(ssl_state->curr_connp->hs, ver);
1018  break;
1019  }
1020  i += 2;
1021  }
1022 
1023  /* Set a flag to indicate that we have seen this extension */
1024  ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;
1025 
1026  input += supported_ver_len;
1027  }
1028  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1029  if (!(HAS_SPACE(2)))
1030  goto invalid_length;
1031 
1032  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1033 
1034  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1035  (ver > TLS_VERSION_12)) {
1036  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1037  }
1038 
1039  ssl_state->curr_connp->version = ver;
1040  input += 2;
1041  }
1042 
1043  return (int)(input - initial_input);
1044 
1045 invalid_length:
1046  SCLogDebug("TLS handshake invalid length");
1047  SSLSetEvent(ssl_state,
1048  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1049 
1050  return -1;
1051 }
1052 
1053 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1054  const uint8_t * const initial_input,
1055  const uint32_t input_len,
1056  JA3Buffer *ja3_elliptic_curves)
1057 {
1058  const uint8_t *input = initial_input;
1059 
1060  /* Empty extension */
1061  if (input_len == 0)
1062  return 0;
1063 
1064  if (!(HAS_SPACE(2)))
1065  goto invalid_length;
1066 
1067  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1068  input += 2;
1069 
1070  if (!(HAS_SPACE(elliptic_curves_len)))
1071  goto invalid_length;
1072 
1073  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves) {
1074  uint16_t ec_processed_len = 0;
1075  /* coverity[tainted_data] */
1076  while (ec_processed_len < elliptic_curves_len)
1077  {
1078  if (!(HAS_SPACE(2)))
1079  goto invalid_length;
1080 
1081  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1082  input += 2;
1083 
1084  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1085  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1086  elliptic_curve);
1087  if (rc != 0)
1088  return -1;
1089  }
1090 
1091  ec_processed_len += 2;
1092  }
1093 
1094  } else {
1095  /* Skip elliptic curves */
1096  input += elliptic_curves_len;
1097  }
1098 
1099  return (int)(input - initial_input);
1100 
1101 invalid_length:
1102  SCLogDebug("TLS handshake invalid length");
1103  SSLSetEvent(ssl_state,
1104  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1105 
1106  return -1;
1107 }
1108 
1109 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1110  const uint8_t * const initial_input,
1111  const uint32_t input_len,
1112  JA3Buffer *ja3_elliptic_curves_pf)
1113 {
1114  const uint8_t *input = initial_input;
1115 
1116  /* Empty extension */
1117  if (input_len == 0)
1118  return 0;
1119 
1120  if (!(HAS_SPACE(1)))
1121  goto invalid_length;
1122 
1123  uint8_t ec_pf_len = *input;
1124  input += 1;
1125 
1126  if (!(HAS_SPACE(ec_pf_len)))
1127  goto invalid_length;
1128 
1129  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves_pf) {
1130  uint8_t ec_pf_processed_len = 0;
1131  /* coverity[tainted_data] */
1132  while (ec_pf_processed_len < ec_pf_len)
1133  {
1134  uint8_t elliptic_curve_pf = *input;
1135  input += 1;
1136 
1137  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1138  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1139  elliptic_curve_pf);
1140  if (rc != 0)
1141  return -1;
1142  }
1143 
1144  ec_pf_processed_len += 1;
1145  }
1146 
1147  } else {
1148  /* Skip elliptic curve point formats */
1149  input += ec_pf_len;
1150  }
1151 
1152  return (int)(input - initial_input);
1153 
1154 invalid_length:
1155  SCLogDebug("TLS handshake invalid length");
1156  SSLSetEvent(ssl_state,
1157  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1158 
1159  return -1;
1160 }
1161 
1162 static inline int TLSDecodeHSHelloExtensionSigAlgorithms(
1163  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1164 {
1165  const uint8_t *input = initial_input;
1166 
1167  /* Empty extension */
1168  if (input_len == 0)
1169  return 0;
1170 
1171  if (!(HAS_SPACE(2)))
1172  goto invalid_length;
1173 
1174  uint16_t sigalgo_len = (uint16_t)(*input << 8) | *(input + 1);
1175  input += 2;
1176 
1177  /* Signature algorithms length should always be divisible by 2 */
1178  if ((sigalgo_len % 2) != 0) {
1179  goto invalid_length;
1180  }
1181 
1182  if (!(HAS_SPACE(sigalgo_len)))
1183  goto invalid_length;
1184 
1185  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1186  uint16_t sigalgo_processed_len = 0;
1187  while (sigalgo_processed_len < sigalgo_len) {
1188  uint16_t sigalgo = (uint16_t)(*input << 8) | *(input + 1);
1189  input += 2;
1190  sigalgo_processed_len += 2;
1191 
1192  SCTLSHandshakeAddSigAlgo(ssl_state->curr_connp->hs, sigalgo);
1193  }
1194  } else {
1195  /* Skip signature algorithms */
1196  input += sigalgo_len;
1197  }
1198 
1199  return (int)(input - initial_input);
1200 
1201 invalid_length:
1202  SCLogDebug("Signature algorithm list invalid length");
1203  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1204 
1205  return -1;
1206 }
1207 
1208 static inline int TLSDecodeHSHelloExtensionALPN(
1209  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1210 {
1211  const uint8_t *input = initial_input;
1212 
1213  /* Empty extension */
1214  if (input_len == 0)
1215  return 0;
1216 
1217  if (!(HAS_SPACE(2)))
1218  goto invalid_length;
1219 
1220  uint16_t alpn_len = (uint16_t)(*input << 8) | *(input + 1);
1221  input += 2;
1222 
1223  if (!(HAS_SPACE(alpn_len)))
1224  goto invalid_length;
1225 
1226  /* We use 32 bits here to avoid potentially overflowing a value that
1227  needs to be compared to an unsigned 16-bit value. */
1228  uint32_t alpn_processed_len = 0;
1229  while (alpn_processed_len < alpn_len) {
1230  uint8_t protolen = *input;
1231  input += 1;
1232  alpn_processed_len += 1;
1233 
1234  if (!(HAS_SPACE(protolen)))
1235  goto invalid_length;
1236 
1237  /* Check if reading another protolen bytes would exceed the
1238  overall ALPN length; if so, skip and continue */
1239  if (alpn_processed_len + protolen > ((uint32_t)alpn_len)) {
1240  input += alpn_len - alpn_processed_len;
1241  break;
1242  }
1243  SCTLSHandshakeAddALPN(ssl_state->curr_connp->hs, (const char *)input, protolen);
1244 
1245  alpn_processed_len += protolen;
1246  input += protolen;
1247  }
1248 
1249  return (int)(input - initial_input);
1250 
1251 invalid_length:
1252  SCLogDebug("ALPN list invalid length");
1253  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1254 
1255  return -1;
1256 }
1257 
1258 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1259  const uint8_t * const initial_input,
1260  const uint32_t input_len)
1261 {
1262  const uint8_t *input = initial_input;
1263 
1264  int ret;
1265  int rc;
1266  // if ja3_hash is already computed, do not use new hello to augment ja3_str
1267  const bool ja3 =
1268  (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1) && ssl_state->curr_connp->ja3_hash == NULL;
1269 
1270  JA3Buffer *ja3_extensions = NULL;
1271  JA3Buffer *ja3_elliptic_curves = NULL;
1272  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1273 
1274  if (ja3) {
1275  ja3_extensions = Ja3BufferInit();
1276  if (ja3_extensions == NULL)
1277  goto error;
1278 
1279  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1280  ja3_elliptic_curves = Ja3BufferInit();
1281  if (ja3_elliptic_curves == NULL)
1282  goto error;
1283 
1284  ja3_elliptic_curves_pf = Ja3BufferInit();
1285  if (ja3_elliptic_curves_pf == NULL)
1286  goto error;
1287  }
1288  }
1289 
1290  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1291  if (!(HAS_SPACE(2)))
1292  goto end;
1293 
1294  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1295  input += 2;
1296 
1297  if (!(HAS_SPACE(extensions_len)))
1298  goto invalid_length;
1299 
1300  uint16_t processed_len = 0;
1301  /* coverity[tainted_data] */
1302  while (processed_len < extensions_len)
1303  {
1304  if (!(HAS_SPACE(2)))
1305  goto invalid_length;
1306 
1307  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1308  input += 2;
1309 
1310  if (!(HAS_SPACE(2)))
1311  goto invalid_length;
1312 
1313  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1314  input += 2;
1315 
1316  if (!(HAS_SPACE(ext_len)))
1317  goto invalid_length;
1318 
1319  switch (ext_type) {
1320  case SSL_EXTENSION_SNI:
1321  {
1322  /* coverity[tainted_data] */
1323  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1324  ext_len);
1325  if (ret < 0)
1326  goto end;
1327 
1328  input += ret;
1329 
1330  break;
1331  }
1332 
1333  case SSL_EXTENSION_ELLIPTIC_CURVES:
1334  {
1335  /* coverity[tainted_data] */
1336  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1337  ext_len,
1338  ja3_elliptic_curves);
1339  if (ret < 0)
1340  goto end;
1341 
1342  input += ret;
1343 
1344  break;
1345  }
1346 
1347  case SSL_EXTENSION_EC_POINT_FORMATS:
1348  {
1349  /* coverity[tainted_data] */
1350  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1351  ext_len,
1352  ja3_elliptic_curves_pf);
1353  if (ret < 0)
1354  goto end;
1355 
1356  input += ret;
1357 
1358  break;
1359  }
1360 
1361  case SSL_EXTENSION_SIGNATURE_ALGORITHMS: {
1362  /* coverity[tainted_data] */
1363  ret = TLSDecodeHSHelloExtensionSigAlgorithms(ssl_state, input, ext_len);
1364  if (ret < 0)
1365  goto end;
1366 
1367  input += ret;
1368 
1369  break;
1370  }
1371 
1372  case SSL_EXTENSION_ALPN: {
1373  /* coverity[tainted_data] */
1374  ret = TLSDecodeHSHelloExtensionALPN(ssl_state, input, ext_len);
1375  if (ret < 0)
1376  goto end;
1377 
1378  input += ext_len;
1379 
1380  break;
1381  }
1382 
1383  case SSL_EXTENSION_EARLY_DATA:
1384  {
1385  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1386  /* Used by 0-RTT to indicate that encrypted data will
1387  be sent right after the ClientHello record. */
1388  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1389  }
1390 
1391  input += ext_len;
1392 
1393  break;
1394  }
1395 
1396  case SSL_EXTENSION_SUPPORTED_VERSIONS:
1397  {
1398  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1399  ext_len);
1400  if (ret < 0)
1401  goto end;
1402 
1403  input += ret;
1404 
1405  break;
1406  }
1407 
1408  case SSL_EXTENSION_SESSION_TICKET:
1409  {
1410  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1411  /* This has to be verified later on by checking if a
1412  certificate record has been sent by the server. */
1413  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1414  }
1415 
1416  input += ext_len;
1417 
1418  break;
1419  }
1420 
1421  default:
1422  {
1423  input += ext_len;
1424  break;
1425  }
1426  }
1427 
1428  if (ja3) {
1429  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1430  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1431  if (rc != 0)
1432  goto error;
1433  }
1434  }
1435 
1436  if (ssl_state->current_flags &
1437  (SSL_AL_FLAG_STATE_CLIENT_HELLO | SSL_AL_FLAG_STATE_SERVER_HELLO)) {
1438  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1439  SCTLSHandshakeAddExtension(ssl_state->curr_connp->hs, ext_type);
1440  }
1441  }
1442 
1443  processed_len += ext_len + 4;
1444  }
1445 
1446 end:
1447  if (ja3) {
1448  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1449  &ja3_extensions);
1450  if (rc == -1)
1451  goto error;
1452 
1453  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1454  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1455  &ja3_elliptic_curves);
1456  if (rc == -1)
1457  goto error;
1458 
1459  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1460  &ja3_elliptic_curves_pf);
1461  if (rc == -1)
1462  goto error;
1463  }
1464  }
1465 
1466  return (int)(input - initial_input);
1467 
1468 invalid_length:
1469  SCLogDebug("TLS handshake invalid length");
1470  SSLSetEvent(ssl_state,
1471  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1472 
1473 error:
1474  if (ja3_extensions != NULL)
1475  Ja3BufferFree(&ja3_extensions);
1476  if (ja3_elliptic_curves != NULL)
1477  Ja3BufferFree(&ja3_elliptic_curves);
1478  if (ja3_elliptic_curves_pf != NULL)
1479  Ja3BufferFree(&ja3_elliptic_curves_pf);
1480 
1481  return -1;
1482 }
1483 
1484 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1485  const uint8_t * const input,
1486  const uint32_t input_len)
1487 {
1488  int ret;
1489  uint32_t parsed = 0;
1490 
1491  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1492  if (ret < 0)
1493  goto end;
1494 
1495  parsed += ret;
1496 
1497  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1498  if (ret < 0)
1499  goto end;
1500 
1501  parsed += ret;
1502 
1503  /* The session id field in the server hello record was removed in
1504  TLSv1.3 draft1, but was readded in draft22. */
1505  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1506  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1507  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1508  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1509  input_len - parsed);
1510  if (ret < 0)
1511  goto end;
1512 
1513  parsed += ret;
1514  }
1515 
1516  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1517  input_len - parsed);
1518  if (ret < 0)
1519  goto end;
1520 
1521  parsed += ret;
1522 
1523  /* The compression methods field in the server hello record was
1524  removed in TLSv1.3 draft1, but was readded in draft22. */
1525  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1526  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1527  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1528  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1529  input_len - parsed);
1530  if (ret < 0)
1531  goto end;
1532 
1533  parsed += ret;
1534  }
1535 
1536  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1537  input_len - parsed);
1538  if (ret < 0)
1539  goto end;
1540 
1541  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1542  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1543  }
1544 
1545  if (ssl_state->curr_connp == &ssl_state->client_connp) {
1546  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
1547  } else {
1548  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
1549  }
1550 end:
1551  return 0;
1552 }
1553 
1554 #ifdef DEBUG_VALIDATION
1555 static inline bool
1556 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1557 {
1558  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1559  curr_connp->bytes_processed);
1560 }
1561 #endif
1562 
1563 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1564  const uint8_t *const initial_input, const uint32_t input_len)
1565 {
1566  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1567  SCLogDebug("rc %d", rc);
1568  if (rc > 0) {
1569  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1570  SSLParserHSReset(connp);
1571  } else if (rc < 0) {
1572  SCLogDebug("error parsing cert, reset state");
1573  SSLParserHSReset(connp);
1574  /* fall through to still consume the cert bytes */
1575  }
1576  if (connp == &ssl_state->client_connp) {
1577  UpdateClientState(ssl_state, TLS_STATE_CLIENT_CERT_DONE);
1578  } else {
1579  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
1580  }
1581  return input_len;
1582 }
1583 
1584 static int SupportedHandshakeType(const uint8_t type)
1585 {
1586  switch (type) {
1587  case SSLV3_HS_CLIENT_HELLO:
1588  case SSLV3_HS_SERVER_HELLO:
1589  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1590  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1591  case SSLV3_HS_CERTIFICATE:
1592  case SSLV3_HS_HELLO_REQUEST:
1593  case SSLV3_HS_CERTIFICATE_REQUEST:
1594  case SSLV3_HS_CERTIFICATE_VERIFY:
1595  case SSLV3_HS_FINISHED:
1596  case SSLV3_HS_CERTIFICATE_URL:
1597  case SSLV3_HS_CERTIFICATE_STATUS:
1598  case SSLV3_HS_NEW_SESSION_TICKET:
1599  case SSLV3_HS_SERVER_HELLO_DONE:
1600  return true;
1601  break;
1602 
1603  default:
1604  return false;
1605  break;
1606  }
1607 }
1608 
1609 /**
1610  * \param input_len length of bytes after record header. Can be 0 (e.g. for server hello done).
1611  * \retval parsed number of consumed bytes
1612  * \retval < 0 error
1613  */
1614 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1615  uint32_t input_len, uint8_t direction)
1616 {
1617  const uint8_t *initial_input = input;
1618  int rc;
1619 
1620  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1621 
1622  switch (ssl_state->curr_connp->handshake_type) {
1623  case SSLV3_HS_CLIENT_HELLO:
1624  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
1625 
1626  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1627  if (rc < 0)
1628  return rc;
1629  break;
1630 
1631  case SSLV3_HS_SERVER_HELLO:
1632  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
1633 
1634  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1635  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1636  if (rc < 0)
1637  return rc;
1638  break;
1639 
1640  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1641  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_KEYX;
1642  break;
1643 
1644  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1645  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
1646  break;
1647 
1648  case SSLV3_HS_CERTIFICATE:
1649  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1650  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1651  input_len);
1652  if (rc < 0)
1653  return rc;
1654  break;
1655 
1656  case SSLV3_HS_HELLO_REQUEST:
1657  break;
1658  case SSLV3_HS_CERTIFICATE_REQUEST:
1659  if (direction) {
1660  ssl_state->current_flags = SSL_AL_FLAG_NEED_CLIENT_CERT;
1661  }
1662  break;
1663  case SSLV3_HS_CERTIFICATE_VERIFY:
1664  case SSLV3_HS_FINISHED:
1665  case SSLV3_HS_CERTIFICATE_URL:
1666  case SSLV3_HS_CERTIFICATE_STATUS:
1667  break;
1668  case SSLV3_HS_NEW_SESSION_TICKET:
1669  SCLogDebug("new session ticket");
1670  break;
1671  case SSLV3_HS_SERVER_HELLO_DONE:
1672  if (direction) {
1673  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO_DONE);
1674  }
1675  break;
1676  default:
1677  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1678  return -1;
1679  }
1680 
1681  ssl_state->flags |= ssl_state->current_flags;
1682 
1683  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1684  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1685 
1686  return input_len;
1687 }
1688 
1689 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1690  uint32_t input_len, uint8_t direction)
1691 {
1692  const uint8_t *initial_input = input;
1693 
1694  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1695  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1696  SCReturnInt(0);
1697  }
1698 
1699  while (input_len) {
1700  SCLogDebug("input_len %u", input_len);
1701 
1702  if (ssl_state->curr_connp->hs_buffer != NULL) {
1703  SCLogDebug("partial handshake record in place");
1704  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1705  ssl_state->curr_connp->hs_buffer_offset;
1706  const uint32_t add = MIN(need, input_len);
1707 
1708  /* grow buffer to next multiple of 4k that fits all data we have */
1709  if (ssl_state->curr_connp->hs_buffer_offset + add >
1710  ssl_state->curr_connp->hs_buffer_size) {
1711  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1712  const uint32_t new_size = avail + (4096 - (avail % 4096));
1713  SCLogDebug("new_size %u, avail %u", new_size, avail);
1714  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1715  if (ptr == NULL)
1716  return -1;
1717  ssl_state->curr_connp->hs_buffer = ptr;
1718  ssl_state->curr_connp->hs_buffer_size = new_size;
1719  }
1720 
1721  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1722  "ssl_state->curr_connp->hs_buffer_size %u",
1723  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1724  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1725 
1726  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1727  ssl_state->curr_connp->hs_buffer_offset,
1728  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1729  SCLogDebug("copy failed");
1730  return -1;
1731  }
1732  ssl_state->curr_connp->hs_buffer_offset += add;
1733 
1734  if (ssl_state->curr_connp->hs_buffer_message_size <=
1735  ssl_state->curr_connp->hs_buffer_offset) {
1736  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->hs_buffer_message_size !=
1737  ssl_state->curr_connp->hs_buffer_offset);
1738 
1739  ssl_state->curr_connp->handshake_type =
1740  ssl_state->curr_connp->hs_buffer_message_type;
1741  ssl_state->curr_connp->message_length =
1742  ssl_state->curr_connp->hs_buffer_message_size;
1743 
1744  SCLogDebug("got all data now: handshake_type %u message_length %u",
1745  ssl_state->curr_connp->handshake_type,
1746  ssl_state->curr_connp->message_length);
1747 
1748  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1749  ssl_state->curr_connp->hs_buffer_offset, direction);
1750  if (retval < 0) {
1751  SSLParserHSReset(ssl_state->curr_connp);
1752  return (retval);
1753  }
1754  SCLogDebug("retval %d", retval);
1755 
1756  /* data processed, reset buffer */
1757  SCFree(ssl_state->curr_connp->hs_buffer);
1758  ssl_state->curr_connp->hs_buffer = NULL;
1759  ssl_state->curr_connp->hs_buffer_size = 0;
1760  ssl_state->curr_connp->hs_buffer_message_size = 0;
1761  ssl_state->curr_connp->hs_buffer_message_type = 0;
1762  ssl_state->curr_connp->hs_buffer_offset = 0;
1763  } else {
1764  SCLogDebug("partial data");
1765  }
1766 
1767  input += add;
1768  input_len -= add;
1769  SCLogDebug("input_len %u", input_len);
1770  SSLParserHSReset(ssl_state->curr_connp);
1771  continue;
1772  }
1773 
1774  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1775  SCLogDebug("input %p input_len %u", input, input_len);
1776 
1777  if (input_len < 4) {
1778  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1779  SCReturnInt(-1);
1780  }
1781 
1782  ssl_state->curr_connp->handshake_type = input[0];
1783  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1784  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1785  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1786  input_len);
1787  input += 4;
1788  input_len -= 4;
1789 
1790  const uint32_t record_len = ssl_state->curr_connp->message_length;
1791  /* see if we support this type. We check here to not use the fragment
1792  * handling on things we don't support. */
1793  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1794  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1795  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1796  if (!supported_type) {
1797  uint32_t avail_record_len = MIN(input_len, record_len);
1798  input += avail_record_len;
1799  input_len -= avail_record_len;
1800 
1801  SSLParserHSReset(ssl_state->curr_connp);
1802 
1803  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1804  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1805  // after Change Cipher Spec we get Encrypted Handshake Messages
1806  } else {
1807  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
1808  }
1809  continue;
1810  }
1811 
1812  /* if the message length exceeds our input_len, we have a tls fragment. */
1813  if (record_len > input_len) {
1814  const uint32_t avail = input_len;
1815  const uint32_t size = avail + (4096 - (avail % 4096));
1816  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1817  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1818  if (ssl_state->curr_connp->hs_buffer == NULL) {
1819  return -1;
1820  }
1821  ssl_state->curr_connp->hs_buffer_size = size;
1822  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1823  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1824 
1825  if (input_len > 0) {
1826  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1827  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1828  input_len) != 0) {
1829  return -1;
1830  }
1831  ssl_state->curr_connp->hs_buffer_offset = input_len;
1832  }
1833  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1834  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1835  ssl_state->curr_connp->hs_buffer_offset,
1836  ssl_state->curr_connp->hs_buffer_message_type,
1837  ssl_state->curr_connp->hs_buffer_message_size);
1838  input += input_len;
1839  SSLParserHSReset(ssl_state->curr_connp);
1840  return (int)(input - initial_input);
1841 
1842  } else {
1843  /* full record, parse it now */
1844  int retval = SSLv3ParseHandshakeType(
1845  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1846  if (retval < 0 || retval > (int)input_len) {
1847  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1848  return (retval);
1849  }
1850  SCLogDebug("retval %d input_len %u", retval, input_len);
1851  input += retval;
1852  input_len -= retval;
1853 
1854  SSLParserHSReset(ssl_state->curr_connp);
1855  }
1856  SCLogDebug("input_len left %u", input_len);
1857  }
1858  return (int)(input - initial_input);
1859 }
1860 
1861 /**
1862  * \internal
1863  * \brief TLS Alert parser
1864  *
1865  * \param sslstate Pointer to the SSL state.
1866  * \param input Pointer to the received input data.
1867  * \param input_len Length in bytes of the received data.
1868  * \param direction 1 toclient, 0 toserver
1869  *
1870  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1871  */
1872 static int SSLv3ParseAlertProtocol(
1873  SSLState *ssl_state, const uint8_t *input, uint32_t input_len, uint8_t direction)
1874 {
1875  if (input_len < 2) {
1876  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_ALERT);
1877  return -1;
1878  }
1879 
1880  /* assume a record > 2 to be an encrypted alert record */
1881  if (input_len == 2) {
1882  uint8_t level = input[0];
1883  // uint8_t desc = input[1];
1884 
1885  /* if level Fatal, we consider the tx finished */
1886  if (level == 2) {
1887  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
1888  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
1889  }
1890  }
1891  return 0;
1892 }
1893 
1894 /**
1895  * \internal
1896  * \brief TLS Heartbeat parser (see RFC 6520)
1897  *
1898  * \param sslstate Pointer to the SSL state.
1899  * \param input Pointer to the received input data.
1900  * \param input_len Length in bytes of the received data.
1901  * \param direction 1 toclient, 0 toserver
1902  *
1903  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1904  */
1905 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1906  uint32_t input_len, uint8_t direction)
1907 {
1908  uint8_t hb_type;
1909  uint16_t payload_len;
1910  uint32_t padding_len;
1911 
1912  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1913  if (input_len < 3) {
1914  return 0;
1915  }
1916 
1917  hb_type = *input++;
1918 
1919  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1920  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1921  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1922  return -1;
1923  }
1924  }
1925 
1926  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1927  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1928 
1929  if (direction) {
1930  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1931  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1932  } else {
1933  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1934  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1935  }
1936 
1937  /* if we reach this point, then we can assume that the HB request
1938  is encrypted. If so, let's set the HB record length */
1939  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1940  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1941  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1942  ssl_state->hb_record_len);
1943  return (ssl_state->curr_connp->record_length - 3);
1944  }
1945 
1946  payload_len = (uint16_t)(*input << 8) | *(input + 1);
1947 
1948  /* check that the requested payload length is really present in
1949  the record (CVE-2014-0160) */
1950  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
1951  SCLogDebug("We have a short record in HeartBeat Request");
1952  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT);
1953  return -1;
1954  }
1955 
1956  /* check the padding length. It must be at least 16 bytes
1957  (RFC 6520, section 4) */
1958  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
1959  if (padding_len < 16) {
1960  SCLogDebug("We have a short record in HeartBeat Request");
1961  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1962  return -1;
1963  }
1964 
1965  /* we don't have the payload */
1966  if (input_len < payload_len + padding_len) {
1967  return 0;
1968  }
1969 
1970  /* OpenSSL still seems to discard multiple in-flight
1971  heartbeats although some tools send multiple at once */
1972  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1973  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
1974  SCLogDebug("Multiple in-flight server initiated HeartBeats");
1975  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1976  return -1;
1977 
1978  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1979  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
1980  SCLogDebug("Multiple in-flight client initiated HeartBeats");
1981  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1982  return -1;
1983 
1984  } else {
1985  /* we have a HB record in the opposite direction of the request,
1986  let's reset our flags */
1987  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
1988  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
1989  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
1990 
1991  /* if we reach this point, then we can assume that the HB request
1992  is encrypted. If so, let's set the HB record length */
1993  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1994  /* check to see if the encrypted response is longer than the
1995  encrypted request */
1996  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
1997  ssl_state->curr_connp->record_length) {
1998  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
1999  ssl_state->hb_record_len);
2000  SSLSetEvent(ssl_state,
2001  TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH);
2002  ssl_state->hb_record_len = 0;
2003  return -1;
2004  }
2005  }
2006 
2007  /* reset the HB record length in case we have a legit HB followed
2008  by a bad one */
2009  ssl_state->hb_record_len = 0;
2010  }
2011 
2012  /* skip the HeartBeat, 3 bytes were already parsed,
2013  e.g |18 03 02| for TLS 1.2 */
2014  return (ssl_state->curr_connp->record_length - 3);
2015 }
2016 
2017 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
2018  const uint8_t *input, uint32_t input_len)
2019 {
2020  const uint8_t *initial_input = input;
2021 
2022  if (input_len == 0) {
2023  return 0;
2024  }
2025 
2026  uint8_t skip_version = 0;
2027 
2028  /* Only set SSL/TLS version here if it has not already been set in
2029  client/server hello. */
2030  if (direction == 0) {
2031  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2032  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
2033  skip_version = 1;
2034  }
2035  } else {
2036  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
2037  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
2038  skip_version = 1;
2039  }
2040  }
2041 
2042  switch (ssl_state->curr_connp->bytes_processed) {
2043  case 0:
2044  if (input_len >= 5) {
2045  ssl_state->curr_connp->content_type = input[0];
2046  if (!skip_version) {
2047  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
2048  }
2049  ssl_state->curr_connp->record_length = input[3] << 8;
2050  ssl_state->curr_connp->record_length |= input[4];
2051  ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_HDR_LEN;
2052  return SSLV3_RECORD_HDR_LEN;
2053  } else {
2054  ssl_state->curr_connp->content_type = *(input++);
2055  if (--input_len == 0)
2056  break;
2057  }
2058 
2059  /* fall through */
2060  case 1:
2061  if (!skip_version) {
2062  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
2063  } else {
2064  input++;
2065  }
2066  if (--input_len == 0)
2067  break;
2068 
2069  /* fall through */
2070  case 2:
2071  if (!skip_version) {
2072  ssl_state->curr_connp->version |= *(input++);
2073  } else {
2074  input++;
2075  }
2076  if (--input_len == 0)
2077  break;
2078 
2079  /* fall through */
2080  case 3:
2081  ssl_state->curr_connp->record_length = *(input++) << 8;
2082  if (--input_len == 0)
2083  break;
2084 
2085  /* fall through */
2086  case 4:
2087  ssl_state->curr_connp->record_length |= *(input++);
2088  if (--input_len == 0)
2089  break;
2090 
2091  /* fall through */
2092  }
2093 
2094  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2095 
2096  return (int)(input - initial_input);
2097 }
2098 
2099 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
2100  const uint8_t *input, uint32_t input_len)
2101 {
2102  const uint8_t *initial_input = input;
2103 
2104  if (input_len == 0) {
2105  return 0;
2106  }
2107 
2108  if (ssl_state->curr_connp->record_lengths_length == 2) {
2109  switch (ssl_state->curr_connp->bytes_processed) {
2110  case 0:
2111  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2112  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
2113  ssl_state->curr_connp->content_type = input[2];
2114  ssl_state->curr_connp->version = SSL_VERSION_2;
2115  ssl_state->curr_connp->bytes_processed += 3;
2116  return 3;
2117  } else {
2118  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
2119  if (--input_len == 0)
2120  break;
2121  }
2122 
2123  /* fall through */
2124  case 1:
2125  ssl_state->curr_connp->record_length |= *(input++);
2126  if (--input_len == 0)
2127  break;
2128 
2129  /* fall through */
2130  case 2:
2131  ssl_state->curr_connp->content_type = *(input++);
2132  ssl_state->curr_connp->version = SSL_VERSION_2;
2133  if (--input_len == 0)
2134  break;
2135 
2136  /* fall through */
2137  }
2138 
2139  } else {
2140  switch (ssl_state->curr_connp->bytes_processed) {
2141  case 0:
2142  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2143  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
2144  ssl_state->curr_connp->content_type = input[3];
2145  ssl_state->curr_connp->version = SSL_VERSION_2;
2146  ssl_state->curr_connp->bytes_processed += 4;
2147  return 4;
2148  } else {
2149  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
2150  if (--input_len == 0)
2151  break;
2152  }
2153 
2154  /* fall through */
2155  case 1:
2156  ssl_state->curr_connp->record_length |= *(input++);
2157  if (--input_len == 0)
2158  break;
2159 
2160  /* fall through */
2161  case 2:
2162  /* padding */
2163  input++;
2164  if (--input_len == 0)
2165  break;
2166 
2167  /* fall through */
2168  case 3:
2169  ssl_state->curr_connp->content_type = *(input++);
2170  ssl_state->curr_connp->version = SSL_VERSION_2;
2171  if (--input_len == 0)
2172  break;
2173 
2174  /* fall through */
2175  }
2176  }
2177 
2178  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2179 
2180  return (int)(input - initial_input);
2181 }
2182 
2183 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2184  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2185  const StreamSlice stream_slice)
2186 {
2187  const uint8_t *initial_input = input;
2188 
2189  if (ssl_state->curr_connp->bytes_processed == 0) {
2190  if (input[0] & 0x80) {
2191  ssl_state->curr_connp->record_lengths_length = 2;
2192  } else {
2193  ssl_state->curr_connp->record_lengths_length = 3;
2194  }
2195 
2196  SCLogDebug("record start: ssl2.hdr frame");
2197  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2198  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2199  }
2200 
2201  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2202  "ssl_state->curr_connp->bytes_processed %u",
2203  direction, ssl_state->curr_connp->record_lengths_length + 1,
2204  ssl_state->curr_connp->bytes_processed);
2205  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2206  to read the msg_type */
2207  if (ssl_state->curr_connp->bytes_processed <
2208  (ssl_state->curr_connp->record_lengths_length + 1)) {
2209  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2210  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2211  ssl_state->curr_connp->record_length);
2212  if (retval < 0 || retval > (int)input_len) {
2213  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2214  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2215  return SSL_DECODER_ERROR(-1);
2216  }
2217 
2218  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2219  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2220  direction, TLS_FRAME_SSLV2_PDU);
2221  SCLogDebug("record start: ssl2.pdu frame");
2222 
2223  input += retval;
2224  input_len -= retval;
2225  }
2226 
2227  /* if we don't have the full record, we return incomplete */
2228  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2229  input_len + ssl_state->curr_connp->bytes_processed) {
2230  uint32_t needed = ssl_state->curr_connp->record_length;
2231  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2232  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2233  needed);
2234  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2235  }
2236 
2237  if (input_len == 0) {
2238  return SSL_DECODER_OK((input - initial_input));
2239  }
2240 
2241  /* record_length should never be zero */
2242  if (ssl_state->curr_connp->record_length == 0) {
2243  SCLogDebug("SSLv2 record length is zero");
2244  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2245  return SSL_DECODER_ERROR(-1);
2246  }
2247 
2248  /* record_lengths_length should never be zero */
2249  if (ssl_state->curr_connp->record_lengths_length == 0) {
2250  SCLogDebug("SSLv2 record lengths length is zero");
2251  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2252  return SSL_DECODER_ERROR(-1);
2253  }
2254 
2255  switch (ssl_state->curr_connp->content_type) {
2256  case SSLV2_MT_ERROR:
2257  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2258  "in establishing the sslv2 session, may be version");
2259  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED);
2260 
2261  break;
2262 
2263  case SSLV2_MT_CLIENT_HELLO:
2264  if (input_len < 6) {
2265  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2266  return SSL_DECODER_ERROR(-1);
2267  }
2268 
2269  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2270  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2271  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
2272 
2273  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2274  SCLogDebug("SSLv2: version %04x", version);
2275  ssl_state->curr_connp->version = version;
2276  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2277  input += 6;
2278  input_len -= 6;
2279  ssl_state->curr_connp->bytes_processed += 6;
2280  if (session_id_length == 0) {
2281  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2282  }
2283  break;
2284 
2285  case SSLV2_MT_CLIENT_MASTER_KEY:
2286  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2287  SCLogDebug("Client hello is not seen before master key "
2288  "message!");
2289  }
2290  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2291 
2292  break;
2293 
2294  case SSLV2_MT_CLIENT_CERTIFICATE:
2295  if (direction == 1) {
2296  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2297  "direction!");
2298  } else {
2299  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2300  }
2301  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
2302 
2303  /* fall through */
2304  case SSLV2_MT_SERVER_VERIFY:
2305  case SSLV2_MT_SERVER_FINISHED:
2306  if (direction == 0 &&
2307  !(ssl_state->curr_connp->content_type &
2308  SSLV2_MT_CLIENT_CERTIFICATE)) {
2309  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2310  "direction!");
2311  }
2312 
2313  /* fall through */
2314  case SSLV2_MT_CLIENT_FINISHED:
2315  case SSLV2_MT_REQUEST_CERTIFICATE:
2316  /* both client hello and server hello must be seen */
2317  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2318  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2319 
2320  if (direction == 0) {
2321  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2322  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2323  SCLogDebug("SSLv2 client side has started the encryption");
2324  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2325  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2326  SCLogDebug("SSLv2 client side has started the encryption");
2327  }
2328  } else {
2329  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2330  SCLogDebug("SSLv2 Server side has started the encryption");
2331  }
2332 
2333  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2334  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2335  {
2336  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2337  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION);
2338  }
2339 
2340  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2341  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2342  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2343  }
2344  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2345  }
2346  }
2347 
2348  break;
2349 
2350  case SSLV2_MT_SERVER_HELLO:
2351  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2352  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2353  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
2354 
2355  break;
2356  }
2357 
2358  ssl_state->flags |= ssl_state->current_flags;
2359 
2360  if (input_len + ssl_state->curr_connp->bytes_processed >=
2361  (ssl_state->curr_connp->record_length +
2362  ssl_state->curr_connp->record_lengths_length)) {
2363 
2364  /* looks like we have another record after this */
2365  uint32_t diff = ssl_state->curr_connp->record_length +
2366  ssl_state->curr_connp->record_lengths_length + -
2367  ssl_state->curr_connp->bytes_processed;
2368  input += diff;
2369  SSLParserReset(ssl_state);
2370 
2371  /* we still don't have the entire record for the one we are
2372  currently parsing */
2373  } else {
2374  input += input_len;
2375  ssl_state->curr_connp->bytes_processed += input_len;
2376  }
2377  return SSL_DECODER_OK((input - initial_input));
2378 }
2379 
2380 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2381  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2382  const StreamSlice stream_slice)
2383 {
2384  uint32_t parsed = 0;
2385  uint32_t record_len; /* slice of input_len for the current record */
2386  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2387 
2388  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2389  const uint16_t prev_version = ssl_state->curr_connp->version;
2390 
2391  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2392  if (retval < 0 || retval > (int)input_len) {
2393  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2394  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2395  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
2396  return SSL_DECODER_ERROR(-1);
2397  }
2398  parsed = retval;
2399 
2400  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2401  input, ssl_state->curr_connp->record_length);
2402 
2403  /* first the hdr frame at our first chance */
2404  if (first_call) {
2405  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2406  direction, TLS_FRAME_HDR);
2407  }
2408 
2409  /* parser is streaming for the initial header, then switches to incomplete
2410  * API: so if we don't have the hdr yet, return consumed bytes and wait
2411  * until we are called again with new data. */
2412  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2413  SCLogDebug(
2414  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2415  return SSL_DECODER_OK(parsed);
2416  }
2417 
2418  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2419  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2420  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2421  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2422  SCLogDebug(
2423  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2424  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2425 
2426  bool unknown_record = false;
2427  switch (ssl_state->curr_connp->content_type) {
2428  case SSLV3_CHANGE_CIPHER_SPEC:
2429  case SSLV3_ALERT_PROTOCOL:
2430  case SSLV3_HANDSHAKE_PROTOCOL:
2431  case SSLV3_APPLICATION_PROTOCOL:
2432  case SSLV3_HEARTBEAT_PROTOCOL:
2433  break;
2434  default:
2435  unknown_record = true;
2436  break;
2437  }
2438 
2439  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2440  * on Wireshark logic. */
2441  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2442  if (unknown_record) {
2443  SCLogDebug("unknown record, ignore it");
2444  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2445 
2446  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2447  ssl_state->curr_connp->content_type = 0;
2448  ssl_state->curr_connp->record_length = 0;
2449  // restore last good version
2450  ssl_state->curr_connp->version = prev_version;
2451  return SSL_DECODER_OK(input_len); // consume everything
2452  }
2453  } else {
2454  if (unknown_record) {
2455  SCLogDebug("unknown record, fatal");
2456  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2457  return SSL_DECODER_ERROR(-1);
2458  }
2459  }
2460 
2461  /* record_length should never be zero */
2462  if (ssl_state->curr_connp->record_length == 0) {
2463  SCLogDebug("SSLv3 Record length is 0");
2464  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2465  return SSL_DECODER_ERROR(-1);
2466  }
2467 
2468  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2469  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2470  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_VERSION);
2471  return SSL_DECODER_ERROR(-1);
2472  }
2473 
2474  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2475  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2476  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2477  return SSL_DECODER_ERROR(-1);
2478  }
2479  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2480  } else {
2481  ValidateRecordState(ssl_state->curr_connp);
2482 
2483  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2484  record_len = MIN(input_len, record_len);
2485  }
2486  SCLogDebug("record length %u processed %u got %u",
2487  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2488 
2489  /* if we don't have the full record, we return incomplete */
2490  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2491  /* no need to use incomplete api buffering for application
2492  * records that we'll not use anyway. */
2493  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2494  SCLogDebug("application record");
2495  } else {
2496  uint32_t needed = ssl_state->curr_connp->record_length;
2497  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2498  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2499  DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
2500  return SSL_DECODER_INCOMPLETE(parsed, needed);
2501  }
2502  }
2503 
2504  if (record_len == 0) {
2505  return SSL_DECODER_OK(parsed);
2506  }
2507 
2508  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2509  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2510 
2511  switch (ssl_state->curr_connp->content_type) {
2512  /* we don't need any data from these types */
2513  case SSLV3_CHANGE_CIPHER_SPEC:
2514  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2515 
2516  if (direction) {
2517  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2518  } else {
2519  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2520 
2521  // TODO TLS 1.3
2522  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2523  }
2524  break;
2525 
2526  case SSLV3_ALERT_PROTOCOL: {
2527  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2528  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2529 
2530  int retval = SSLv3ParseAlertProtocol(ssl_state, input + parsed, record_len, direction);
2531  if (retval < 0) {
2532  SCLogDebug("SSLv3ParseAlertProtocol returned %d", retval);
2533  return SSL_DECODER_ERROR(-1);
2534  }
2535  break;
2536  }
2537  case SSLV3_APPLICATION_PROTOCOL:
2538  /* In TLSv1.3 early data (0-RTT) could be sent before the
2539  handshake is complete (rfc8446, section 2.3). We should
2540  therefore not mark the handshake as done before we have
2541  seen the ServerHello record. */
2542  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2543  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2544  break;
2545 
2546  /* if we see (encrypted) application data, then this means the
2547  handshake must be done */
2548  if (ssl_state->curr_connp == &ssl_state->client_connp) {
2549  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2550  } else {
2551  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2552  }
2553 
2554  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2555  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2556  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD);
2557  }
2558 
2559  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2560  * heartbeat lke inspection to be able to be able to bypass the flow */
2561  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2562  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2563  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2564  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION);
2565  SCAppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2566  }
2567  break;
2568 
2569  case SSLV3_HANDSHAKE_PROTOCOL: {
2570  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2571  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2572  compatibility (rfc8446, appendix D.4). */
2573  // Client hello flags is needed to have a valid version
2574  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2575  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2576  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2577  /* do nothing */
2578  } else {
2579  // if we started parsing this, we must stop
2580  break;
2581  }
2582  }
2583 
2584  if (ssl_state->curr_connp->record_length < 4) {
2585  SSLParserReset(ssl_state);
2586  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2587  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2588  return SSL_DECODER_ERROR(-1);
2589  }
2590 
2591  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2592  record_len, direction);
2593  SCLogDebug("retval %d", retval);
2594  if (retval < 0 || retval > (int)record_len) {
2595  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2596  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
2597  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2598  return SSL_DECODER_ERROR(-1);
2599  }
2600  ValidateRecordState(ssl_state->curr_connp);
2601  break;
2602  }
2603  case SSLV3_HEARTBEAT_PROTOCOL: {
2604  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2605  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2606  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2607  record_len, direction);
2608  if (retval < 0) {
2609  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2610  return SSL_DECODER_ERROR(-1);
2611  }
2612  break;
2613  }
2614  default:
2615  // should be unreachable now that we check after header parsing
2616  DEBUG_VALIDATE_BUG_ON(1);
2617  SCLogDebug("unsupported record type");
2618  return SSL_DECODER_ERROR(-1);
2619  }
2620 
2621  parsed += record_len;
2622  ssl_state->curr_connp->bytes_processed += record_len;
2623 
2624  if (ssl_state->curr_connp->bytes_processed >=
2625  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2626  SCLogDebug("record complete, trigger RAW");
2627  AppLayerParserTriggerRawStreamInspection(
2628  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2629  SSLParserReset(ssl_state);
2630  ValidateRecordState(ssl_state->curr_connp);
2631  return SSL_DECODER_OK(parsed);
2632 
2633  } else {
2634  /* we still don't have the entire record for the one we are
2635  currently parsing */
2636  ValidateRecordState(ssl_state->curr_connp);
2637  return SSL_DECODER_OK(parsed);
2638  }
2639 }
2640 
2641 /**
2642  * \internal
2643  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2644  *
2645  * On parsing error, this should be the only function that should reset
2646  * the parser state, to avoid multiple functions in the chain resetting
2647  * the parser state.
2648  *
2649  * \param direction 0 for toserver, 1 for toclient.
2650  * \param alstate Pointer to the state.
2651  * \param pstate Application layer parser state for this session.
2652  * \param output Pointer to the list of parsed output elements.
2653  *
2654  * \todo On reaching an inconsistent state, check if the input has
2655  * another new record, instead of just returning after the reset
2656  *
2657  * \retval >=0 On success.
2658  */
2659 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2660  AppLayerParserState *pstate, StreamSlice stream_slice)
2661 {
2662  SSLState *ssl_state = (SSLState *)alstate;
2663  ssl_state->tx_data.updated_tc = true;
2664  ssl_state->tx_data.updated_ts = true;
2665  uint32_t counter = 0;
2666  ssl_state->f = f;
2667  const uint8_t *input = StreamSliceGetData(&stream_slice);
2668  const uint8_t *init_input = input;
2669  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2670 
2671  if ((input == NULL || input_len == 0) &&
2672  ((direction == 0 && SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2673  (direction == 1 &&
2674  SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
2675  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2676  if (direction == 0)
2677  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2678  else
2679  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2680  SCReturnStruct(APP_LAYER_OK);
2681  } else if (input == NULL || input_len == 0) {
2682  SCReturnStruct(APP_LAYER_ERROR);
2683  }
2684 
2685  if (direction == 0)
2686  ssl_state->curr_connp = &ssl_state->client_connp;
2687  else
2688  ssl_state->curr_connp = &ssl_state->server_connp;
2689 
2690  /* If entering on a new record, reset the current flags. */
2691  if (ssl_state->curr_connp->bytes_processed == 0) {
2692  ssl_state->current_flags = 0;
2693  }
2694 
2695  /* if we have more than one record */
2696  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2697  while (input_len > 0) {
2698  if (counter > max_records) {
2699  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2700  "and get out of here");
2701  SSLParserReset(ssl_state);
2702  SSLSetEvent(ssl_state,
2703  TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET);
2704  return APP_LAYER_ERROR;
2705  }
2706 
2707  /* ssl_state->bytes_processed is zero for a fresh record or
2708  positive to indicate a record currently being parsed */
2709 
2710  if (ssl_state->curr_connp->bytes_processed == 0) {
2711  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2712  /* only SSLv2, has one of the top 2 bits set */
2713  ssl_state->curr_connp->version = SSL_VERSION_2;
2714  SCLogDebug("SSLv2 detected");
2715  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2716  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2717  SCLogDebug("SSL/TLS version reset");
2718  }
2719  }
2720  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2721  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2722 
2723  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2724  if (ssl_state->curr_connp->bytes_processed == 0) {
2725  SCLogDebug("New SSLv2 record parsing");
2726  } else {
2727  SCLogDebug("Continuing parsing SSLv2 record");
2728  }
2729  struct SSLDecoderResult r =
2730  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2731  if (r.retval < 0 || r.retval > input_len) {
2732  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2733  SCLogDebug("Error parsing SSLv2. Resetting parser "
2734  "state. Let's get outta here");
2735  SSLParserReset(ssl_state);
2736  SSLSetEvent(ssl_state,
2737  TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2738  return APP_LAYER_ERROR;
2739  } else if (r.needed) {
2740  input += r.retval;
2741  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2742  (uintmax_t)(input - init_input), r.needed);
2743  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2744  }
2745  input_len -= r.retval;
2746  input += r.retval;
2747  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2748  } else {
2749  if (ssl_state->curr_connp->bytes_processed == 0) {
2750  SCLogDebug("New TLS record: record_length %u",
2751  ssl_state->curr_connp->record_length);
2752  } else {
2753  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2754  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2755  }
2756  struct SSLDecoderResult r =
2757  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2758  if (r.retval < 0 || r.retval > input_len) {
2759  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2760  SCLogDebug("Error parsing TLS. Resetting parser "
2761  "state. Let's get outta here");
2762  SSLParserReset(ssl_state);
2763  return APP_LAYER_ERROR;
2764  } else if (r.needed) {
2765  input += r.retval;
2766  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2767  (uintmax_t)(input - init_input), r.needed);
2768  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2769  }
2770  input_len -= r.retval;
2771  input += r.retval;
2772  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2773 
2774  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
2775  && ssl_state->curr_connp->record_length == 0) {
2776  SCLogDebug("TLS empty record");
2777  /* empty record */
2778  SSLParserReset(ssl_state);
2779  }
2780  }
2781  counter++;
2782  } /* while (input_len) */
2783 
2784  /* mark handshake as done if we have subject and issuer */
2785  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2786  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2787  /* update both sides to keep existing behavior */
2788  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2789  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2790  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2791  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2792  /* update both sides to keep existing behavior */
2793  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2794  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2795  }
2796 
2797  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2798  if (SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
2799  SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
2800  /* update both sides to keep existing behavior */
2801  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2802  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2803  }
2804 
2805  return APP_LAYER_OK;
2806 }
2807 
2808 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2809  StreamSlice stream_slice, void *local_data)
2810 {
2811  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2812 }
2813 
2814 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2815  StreamSlice stream_slice, void *local_data)
2816 {
2817  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2818 }
2819 
2820 /**
2821  * \internal
2822  * \brief Function to allocate the SSL state memory.
2823  */
2824 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2825 {
2826  SSLState *ssl_state = SCCalloc(1, sizeof(SSLState));
2827  if (unlikely(ssl_state == NULL))
2828  return NULL;
2829  ssl_state->client_connp.cert_log_flag = 0;
2830  ssl_state->server_connp.cert_log_flag = 0;
2831  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2832  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2833  ssl_state->client_connp.hs = SCTLSHandshakeNew();
2834  ssl_state->server_connp.hs = SCTLSHandshakeNew();
2835  TAILQ_INIT(&ssl_state->server_connp.certs);
2836  TAILQ_INIT(&ssl_state->client_connp.certs);
2837 
2838  return (void *)ssl_state;
2839 }
2840 
2841 static void SSLStateCertSANFree(SSLStateConnp *connp)
2842 {
2843  if (connp->cert0_sans) {
2844  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
2845  SCRustCStringFree(connp->cert0_sans[i]);
2846  }
2847  SCFree(connp->cert0_sans);
2848  }
2849 }
2850 
2851 /**
2852  * \internal
2853  * \brief Function to free the SSL state memory.
2854  */
2855 static void SSLStateFree(void *p)
2856 {
2857  SSLState *ssl_state = (SSLState *)p;
2858  SSLCertsChain *item;
2859 
2860  if (ssl_state->client_connp.cert0_subject)
2861  SCRustCStringFree(ssl_state->client_connp.cert0_subject);
2862  if (ssl_state->client_connp.cert0_issuerdn)
2863  SCRustCStringFree(ssl_state->client_connp.cert0_issuerdn);
2864  if (ssl_state->client_connp.cert0_serial)
2865  SCRustCStringFree(ssl_state->client_connp.cert0_serial);
2866  if (ssl_state->client_connp.cert0_fingerprint)
2867  SCFree(ssl_state->client_connp.cert0_fingerprint);
2868  if (ssl_state->client_connp.sni)
2869  SCFree(ssl_state->client_connp.sni);
2870  if (ssl_state->client_connp.session_id)
2871  SCFree(ssl_state->client_connp.session_id);
2872  if (ssl_state->client_connp.hs_buffer)
2873  SCFree(ssl_state->client_connp.hs_buffer);
2874 
2875  if (ssl_state->server_connp.cert0_subject)
2876  SCRustCStringFree(ssl_state->server_connp.cert0_subject);
2877  if (ssl_state->server_connp.cert0_issuerdn)
2878  SCRustCStringFree(ssl_state->server_connp.cert0_issuerdn);
2879  if (ssl_state->server_connp.cert0_serial)
2880  SCRustCStringFree(ssl_state->server_connp.cert0_serial);
2881  if (ssl_state->server_connp.cert0_fingerprint)
2882  SCFree(ssl_state->server_connp.cert0_fingerprint);
2883  if (ssl_state->server_connp.sni)
2884  SCFree(ssl_state->server_connp.sni);
2885  if (ssl_state->server_connp.session_id)
2886  SCFree(ssl_state->server_connp.session_id);
2887 
2888  if (ssl_state->client_connp.hs)
2889  SCTLSHandshakeFree(ssl_state->client_connp.hs);
2890  if (ssl_state->client_connp.ja3_str)
2891  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2892  if (ssl_state->client_connp.ja3_hash)
2893  SCFree(ssl_state->client_connp.ja3_hash);
2894  if (ssl_state->server_connp.hs)
2895  SCTLSHandshakeFree(ssl_state->server_connp.hs);
2896  if (ssl_state->server_connp.ja3_str)
2897  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2898  if (ssl_state->server_connp.ja3_hash)
2899  SCFree(ssl_state->server_connp.ja3_hash);
2900  if (ssl_state->server_connp.hs_buffer)
2901  SCFree(ssl_state->server_connp.hs_buffer);
2902 
2903  SSLStateCertSANFree(&ssl_state->server_connp);
2904  SSLStateCertSANFree(&ssl_state->client_connp);
2905 
2906  SCAppLayerTxDataCleanup(&ssl_state->tx_data);
2907 
2908  /* Free certificate chain */
2909  if (ssl_state->server_connp.certs_buffer)
2910  SCFree(ssl_state->server_connp.certs_buffer);
2911  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2912  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2913  SCFree(item);
2914  }
2915  TAILQ_INIT(&ssl_state->server_connp.certs);
2916  /* Free certificate chain */
2917  if (ssl_state->client_connp.certs_buffer)
2918  SCFree(ssl_state->client_connp.certs_buffer);
2919  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2920  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2921  SCFree(item);
2922  }
2923  TAILQ_INIT(&ssl_state->client_connp.certs);
2924 
2925  SCFree(ssl_state);
2926 }
2927 
2928 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2929 {
2930  /* do nothing */
2931 }
2932 
2933 static AppProto SSLProbingParser(
2934  const Flow *f, uint8_t direction, const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2935 {
2936  /* probably a rst/fin sending an eof */
2937  if (ilen < 3)
2938  return ALPROTO_UNKNOWN;
2939 
2940  /* for now just the 3 byte header ones */
2941  /* \todo Detect the 2 byte ones */
2942  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2943  return ALPROTO_TLS;
2944  }
2945 
2946  return ALPROTO_FAILED;
2947 }
2948 
2949 static int SSLStateGetStateIdByName(const char *name, const uint8_t direction)
2950 {
2951  SCEnumCharMap *map =
2952  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
2953 
2954  int id = SCMapEnumNameToValue(name, map);
2955  if (id < 0) {
2956  return -1;
2957  }
2958  return id;
2959 }
2960 
2961 static const char *SSLStateGetStateNameById(const int id, const uint8_t direction)
2962 {
2963  SCEnumCharMap *map =
2964  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
2965  const char *name = SCMapEnumValueToName(id, map);
2966  return name;
2967 }
2968 
2969 static int SSLStateGetFrameIdByName(const char *frame_name)
2970 {
2971  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
2972  if (id < 0) {
2973  return -1;
2974  }
2975  return id;
2976 }
2977 
2978 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
2979 {
2980  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
2981  return name;
2982 }
2983 
2984 static int SSLStateGetEventInfo(
2985  const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
2986 {
2987  if (SCAppLayerGetEventIdByName(event_name, tls_decoder_event_table, event_id) == 0) {
2988  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2989  return 0;
2990  }
2991  return -1;
2992 }
2993 
2994 static int SSLStateGetEventInfoById(
2995  uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
2996 {
2997  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
2998  if (*event_name == NULL) {
2999  SCLogError("event \"%d\" not present in "
3000  "ssl's enum map table.",
3001  event_id);
3002  /* yes this is fatal */
3003  return -1;
3004  }
3005 
3006  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3007 
3008  return 0;
3009 }
3010 
3011 static int SSLRegisterPatternsForProtocolDetection(void)
3012 {
3013  if (SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
3014  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
3015  return -1;
3016  }
3017 
3018  /** SSLv3 */
3019  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3020  IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0) {
3021  return -1;
3022  }
3023  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3024  IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0) {
3025  return -1;
3026  }
3027 
3028  /** TLSv1 */
3029  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3030  IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0) {
3031  return -1;
3032  }
3033  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3034  IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0) {
3035  return -1;
3036  }
3037 
3038  /** TLSv1.1 */
3039  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3040  IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0) {
3041  return -1;
3042  }
3043  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3044  IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0) {
3045  return -1;
3046  }
3047 
3048  /** TLSv1.2 */
3049  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3050  IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0) {
3051  return -1;
3052  }
3053  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3054  IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0) {
3055  return -1;
3056  }
3057 
3058  /***** toclient direction *****/
3059 
3060  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3061  IPPROTO_TCP, ALPROTO_TLS, "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
3062  return -1;
3063  }
3064  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3065  IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
3066  return -1;
3067  }
3068  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3069  IPPROTO_TCP, ALPROTO_TLS, "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
3070  return -1;
3071  }
3072 
3073  /** TLSv1 */
3074  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3075  IPPROTO_TCP, ALPROTO_TLS, "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
3076  return -1;
3077  }
3078  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3079  IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
3080  return -1;
3081  }
3082  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3083  IPPROTO_TCP, ALPROTO_TLS, "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
3084  return -1;
3085  }
3086 
3087  /** TLSv1.1 */
3088  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3089  IPPROTO_TCP, ALPROTO_TLS, "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
3090  return -1;
3091  }
3092  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3093  IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
3094  return -1;
3095  }
3096  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3097  IPPROTO_TCP, ALPROTO_TLS, "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
3098  return -1;
3099  }
3100 
3101  /** TLSv1.2 */
3102  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3103  IPPROTO_TCP, ALPROTO_TLS, "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
3104  return -1;
3105  }
3106  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3107  IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
3108  return -1;
3109  }
3110  if (SCAppLayerProtoDetectPMRegisterPatternCS(
3111  IPPROTO_TCP, ALPROTO_TLS, "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
3112  return -1;
3113  }
3114 
3115  /* Subsection - SSLv2 style record by client, but informing the server
3116  * the max version it supports.
3117  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
3118  * it after some tests */
3119 #if 0
3120  if (SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3121  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
3122  {
3123  return -1;
3124  }
3125  if (SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3126  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
3127  {
3128  return -1;
3129  }
3130 #endif
3131 
3132  return 0;
3133 }
3134 
3135 #ifdef HAVE_JA3
3136 static void CheckJA3Enabled(void)
3137 {
3138  const char *strval = NULL;
3139  /* Check if we should generate JA3 fingerprints */
3140  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3141  if (SCConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3142  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3143  } else if (strcmp(strval, "auto") == 0) {
3144  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3145  } else if (SCConfValIsFalse(strval)) {
3146  enable_ja3 = 0;
3147  ssl_config.disable_ja3 = true;
3148  } else if (SCConfValIsTrue(strval)) {
3149  enable_ja3 = true;
3150  }
3151  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3152  if (!ssl_config.disable_ja3 && !g_disable_hashing) {
3153  /* The feature is available, i.e. _could_ be activated by a rule or
3154  even is enabled in the configuration. */
3155  ProvidesFeature(FEATURE_JA3);
3156  }
3157 }
3158 #endif /* HAVE_JA3 */
3159 
3160 #ifdef HAVE_JA4
3161 static void CheckJA4Enabled(void)
3162 {
3163  const char *strval = NULL;
3164  /* Check if we should generate JA4 fingerprints */
3165  int enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3166  if (SCConfGet("app-layer.protocols.tls.ja4-fingerprints", &strval) != 1) {
3167  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3168  } else if (strcmp(strval, "auto") == 0) {
3169  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3170  } else if (SCConfValIsFalse(strval)) {
3171  enable_ja4 = 0;
3172  ssl_config.disable_ja4 = true;
3173  } else if (SCConfValIsTrue(strval)) {
3174  enable_ja4 = true;
3175  }
3176  SC_ATOMIC_SET(ssl_config.enable_ja4, enable_ja4);
3177  if (!ssl_config.disable_ja4 && !g_disable_hashing) {
3178  /* The feature is available, i.e. _could_ be activated by a rule or
3179  even is enabled in the configuration. */
3180  ProvidesFeature(FEATURE_JA4);
3181  }
3182 }
3183 #endif /* HAVE_JA4 */
3184 
3185 /**
3186  * \brief Function to register the SSL protocol parser and other functions
3187  */
3188 void RegisterSSLParsers(void)
3189 {
3190  const char *proto_name = "tls";
3191 
3192  SC_ATOMIC_INIT(ssl_config.enable_ja3);
3193 
3194  /** SSLv2 and SSLv23*/
3195  if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
3196  AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
3197 
3198  if (SSLRegisterPatternsForProtocolDetection() < 0)
3199  return;
3200 
3201  if (RunmodeIsUnittests()) {
3202  SCAppLayerProtoDetectPPRegister(
3203  IPPROTO_TCP, "443", ALPROTO_TLS, 0, 3, STREAM_TOSERVER, SSLProbingParser, NULL);
3204  } else {
3205  if (SCAppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP, proto_name, ALPROTO_TLS,
3206  0, 3, SSLProbingParser, NULL) == 0) {
3207  SCLogConfig("no TLS config found, "
3208  "enabling TLS detection on port 443.");
3209  SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "443", ALPROTO_TLS, 0, 3,
3210  STREAM_TOSERVER, SSLProbingParser, NULL);
3211  }
3212  }
3213  } else {
3214  SCLogConfig("Protocol detection and parser disabled for %s protocol",
3215  proto_name);
3216  return;
3217  }
3218 
3219  if (SCAppLayerParserConfParserEnabled("tcp", proto_name)) {
3220  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
3221  SSLParseClientRecord);
3222 
3223  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3224  SSLParseServerRecord);
3225  AppLayerParserRegisterGetStateFuncs(
3226  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetStateIdByName, SSLStateGetStateNameById);
3227  AppLayerParserRegisterGetFrameFuncs(
3228  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3229  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3230  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3231 
3232  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3233 
3234  SCAppLayerParserRegisterParserAcceptableDataDirection(
3235  IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER);
3236 
3237  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3238 
3239  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3240  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3241  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3242 
3243  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3244 
3245  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3246 
3247  AppLayerParserRegisterStateProgressCompletionStatus(
3248  ALPROTO_TLS, TLS_STATE_CLIENT_FINISHED, TLS_STATE_SERVER_FINISHED);
3249 
3250  SCConfNode *enc_handle = SCConfGetNode("app-layer.protocols.tls.encryption-handling");
3251  if (enc_handle != NULL && enc_handle->val != NULL) {
3252  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3253  if (strcmp(enc_handle->val, "full") == 0) {
3254  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_FULL;
3255  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3256  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3257  } else if (strcmp(enc_handle->val, "track-only") == 0) {
3258  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3259  } else if (strcmp(enc_handle->val, "default") == 0) {
3260  SCLogWarning("app-layer.protocols.tls.encryption-handling = default is deprecated "
3261  "and will be removed in Suricata 9, use \"track-only\" instead, "
3262  "(see ticket #7642)");
3263  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3264  } else {
3265  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3266  }
3267  } else {
3268  /* Get the value of no reassembly option from the config file */
3269  if (SCConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3270  int value = 0;
3271  if (SCConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3272  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3273  } else {
3274  int value = 0;
3275  if (SCConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 &&
3276  value == 1)
3277  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3278  }
3279  }
3280  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3281 
3282 #ifdef HAVE_JA3
3283  CheckJA3Enabled();
3284 #endif /* HAVE_JA3 */
3285 #ifdef HAVE_JA4
3286  CheckJA4Enabled();
3287 #endif /* HAVE_JA4 */
3288 
3289  if (g_disable_hashing) {
3290  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3291  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3292  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3293  }
3294  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3295  SCLogWarning("Hashing has been disabled, disabling JA4");
3296  SC_ATOMIC_SET(ssl_config.enable_ja4, 0);
3297  }
3298  } else {
3299  if (RunmodeIsUnittests()) {
3300 #ifdef HAVE_JA3
3301  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3302 #endif /* HAVE_JA3 */
3303 #ifdef HAVE_JA4
3304  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3305 #endif /* HAVE_JA4 */
3306  }
3307  }
3308  } else {
3309  SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.", proto_name);
3310  }
3311 }
3312 
3313 /**
3314  * \brief if not explicitly disabled in config, enable ja3 support
3315  *
3316  * Implemented using atomic to allow rule reloads to do this at
3317  * runtime.
3318  */
3319 void SSLEnableJA3(void)
3320 {
3321  if (g_disable_hashing || ssl_config.disable_ja3) {
3322  return;
3323  }
3324  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3325  return;
3326  }
3327  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3328 }
3329 
3330 /**
3331  * \brief if not explicitly disabled in config, enable ja4 support
3332  *
3333  * Implemented using atomic to allow rule reloads to do this at
3334  * runtime.
3335  */
3336 void SSLEnableJA4(void)
3337 {
3338  // only caller has #ifdef HAVE_JA4
3339  if (g_disable_hashing || ssl_config.disable_ja4) {
3340  return;
3341  }
3342  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3343  return;
3344  }
3345  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3346 }
3347 
3348 /**
3349  * \brief return whether ja3 is effectively enabled
3350  *
3351  * This means that it either has been enabled explicitly or has been
3352  * enabled by having loaded a rule while not being explicitly disabled.
3353  *
3354  * \retval true if enabled, false otherwise
3355  */
3356 bool SSLJA3IsEnabled(void)
3357 {
3358  return SC_ATOMIC_GET(ssl_config.enable_ja3);
3359 }
3360 
3361 /**
3362  * \brief return whether ja4 is effectively enabled
3363  *
3364  * This means that it either has been enabled explicitly or has been
3365  * enabled by having loaded a rule while not being explicitly disabled.
3366  *
3367  * \retval true if enabled, false otherwise
3368  */
3369 bool SSLJA4IsEnabled(void)
3370 {
3371  return SC_ATOMIC_GET(ssl_config.enable_ja4);
3372 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:213
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:175
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:99
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:71
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:187
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:500
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:227
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:205
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:148
SCConfValIsTrue
int SCConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:551
SCAppLayerParserStateIssetFlag
uint16_t SCAppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1829
JA3Buffer_
Definition: util-ja3.h:31
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:163
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:254
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:258
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:73
StreamSlice
struct StreamSlice StreamSlice
Definition: app-layer-parser.h:38
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:183
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:230
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:237
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:147
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:174
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:248
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:39
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3336
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:275
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:132
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:182
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:52
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:241
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:249
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:190
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:121
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:86
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:309
SSLStateConnp_
Definition: app-layer-ssl.h:167
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:209
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:189
SCAppLayerParserStateSetFlag
void SCAppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1821
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:184
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:131
Flow_
Flow data structure.
Definition: flow.h:356
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:153
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:228
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:110
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: util-file.h:40
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:222
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:548
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:350
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:231
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:312
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:224
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:177
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:510
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:217
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:239
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:243
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Definition: util-ja3.c:314
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:231
TLS_STATE_SERVER_HELLO_DONE
@ TLS_STATE_SERVER_HELLO_DONE
Definition: app-layer-ssl.h:89
MIN
#define MIN(x, y)
Definition: suricata-common.h:408
SCConfGetBool
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:497
AppLayerParserRegisterGetStateFuncs
void AppLayerParserRegisterGetStateFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetStateIdByNameFn GetIdByNameFunc, AppLayerParserGetStateNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:575
util-ja3.h
SCConfValIsFalse
int SCConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:576
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:176
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: app-layer-parser.h:42
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:112
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:230
AppLayerEventType
enum AppLayerEventType AppLayerEventType
Definition: app-layer-parser.h:43
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:197
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:228
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
SSL_CNF_ENC_HANDLE_TRACK_ONLY
@ SSL_CNF_ENC_HANDLE_TRACK_ONLY
Definition: app-layer-ssl.c:195
MAX
#define MAX(x, y)
Definition: suricata-common.h:412
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:216
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:53
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:74
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:171
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:98
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:188
SCAppLayerProtoDetectPMRegisterPatternCSwPP
int SCAppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1637
AppLayerParserTriggerRawStreamInspection
void AppLayerParserTriggerRawStreamInspection(Flow *f, int direction)
Definition: app-layer-parser.c:1557
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:178
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:218
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:69
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:62
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:103
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:104
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:191
SCAppLayerProtoDetectConfProtoDetectionEnabled
int SCAppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1942
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:173
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:241
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:118
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:72
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:240
app-layer-detect-proto.h
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:264
AppLayerResult
struct AppLayerResult AppLayerResult
Definition: app-layer-parser.h:39
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:89
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
feature.h
decode.h
util-debug.h
TLS_STATE_CLIENT_HANDSHAKE_DONE
@ TLS_STATE_CLIENT_HANDSHAKE_DONE
Definition: app-layer-ssl.h:81
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
AppLayerParserState_
Definition: app-layer-parser.c:135
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:253
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3356
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:138
SCAppLayerParserConfParserEnabled
int SCAppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:345
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:172
SSLState_::client_state
enum TlsStateClient client_state
Definition: app-layer-ssl.h:245
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Definition: util-ja3.c:309
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:179
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:242
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:263
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:219
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:203
TLS_STATE_CLIENT_HELLO_DONE
@ TLS_STATE_CLIENT_HELLO_DONE
Definition: app-layer-ssl.h:79
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
TlsStateServer
TlsStateServer
Definition: app-layer-ssl.h:85
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:67
SSLCertsChain_
Definition: app-layer-ssl.h:161
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:585
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:64
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:318
TlsStateClient
TlsStateClient
Definition: app-layer-ssl.h:77
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:70
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:135
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:435
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:50
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:109
TLS_STATE_SERVER_FINISHED
@ TLS_STATE_SERVER_FINISHED
Definition: app-layer-ssl.h:91
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:255
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:159
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
TLS_STATE_CLIENT_IN_PROGRESS
@ TLS_STATE_CLIENT_IN_PROGRESS
Definition: app-layer-ssl.h:78
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:595
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:194
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:117
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:111
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:245
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:237
SSL_EXTENSION_ALPN
#define SSL_EXTENSION_ALPN
Definition: app-layer-ssl.h:150
type
uint16_t type
Definition: decode-vlan.c:106
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:54
conf.h
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:184
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:124
SSLState_::server_state
enum TlsStateServer server_state
Definition: app-layer-ssl.h:246
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3319
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:169
SslConfig_
Definition: app-layer-ssl.c:200
name
const char * name
Definition: tm-threads.c:2163
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:236
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1742
TLS_STATE_SERVER_CERT_DONE
@ TLS_STATE_SERVER_CERT_DONE
Definition: app-layer-ssl.h:88
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:216
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:214
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:243
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:162
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:270
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:204
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:49
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:402
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:140
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:229
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:95
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:260
SCAppLayerProtoDetectPPRegister
void SCAppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1527
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:530
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
SSLDecoderResult
Definition: app-layer-ssl.c:262
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:77
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:63
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:186
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:247
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:266
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:101
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:297
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:185
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:61
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3188
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:249
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:271
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:151
SSL_EXTENSION_SIGNATURE_ALGORITHMS
#define SSL_EXTENSION_SIGNATURE_ALGORITHMS
Definition: app-layer-ssl.h:149
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Definition: util-ja3.c:319
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:152
SCEnumCharMap_
Definition: util-enum.h:27
SCAppLayerParserRegisterParserAcceptableDataDirection
void SCAppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:414
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:177
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:325
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:616
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:217
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:65
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:276
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:606
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:457
FEATURE_JA4
#define FEATURE_JA4
Definition: feature.h:30
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:201
TLS_STATE_CLIENT_CERT_DONE
@ TLS_STATE_CLIENT_CERT_DONE
Definition: app-layer-ssl.h:80
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:220
AppLayerStateData
struct AppLayerStateData AppLayerStateData
Definition: app-layer-parser.h:44
app-layer-events.h
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:97
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:226
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:156
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:238
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:210
str
#define str(s)
Definition: suricata-common.h:308
SCAppLayerProtoDetectPMRegisterPatternCS
int SCAppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1626
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:267
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCAppLayerProtoDetectPPParseConfPorts
int SCAppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1563
TLS_STATE_SERVER_IN_PROGRESS
@ TLS_STATE_SERVER_IN_PROGRESS
Definition: app-layer-ssl.h:86
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:66
src
uint16_t src
Definition: app-layer-dnp3.h:5
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:235
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:105
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:215
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3369
WARN_UNUSED
#define WARN_UNUSED
Definition: bindgen.h:32
SSLStateConnp_::cert0_sans_len
uint16_t cert0_sans_len
Definition: app-layer-ssl.h:195
SslConfig_::disable_ja4
bool disable_ja4
Definition: app-layer-ssl.c:207
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:33
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:221
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:206
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:68
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:250
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:111
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja4)
app-layer-protos.h
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:180
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:520
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:196
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:81
SslConfig
struct SslConfig_ SslConfig
SSLStateConnp_::hs
HandshakeParams * hs
Definition: app-layer-ssl.h:211
FEATURE_JA3
#define FEATURE_JA3
Definition: feature.h:29
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:563
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:106
id
uint32_t id
Definition: detect-flowbits.c:938
TLS_STATE_SERVER_HELLO
@ TLS_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:87
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:51
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:199
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
TLS_DECODER_EVENT_INVALID_ALERT
@ TLS_DECODER_EVENT_INVALID_ALERT
Definition: app-layer-ssl.h:59
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:146
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:192
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:256
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:208
TLS_STATE_SERVER_HANDSHAKE_DONE
@ TLS_STATE_SERVER_HANDSHAKE_DONE
Definition: app-layer-ssl.h:90
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:179
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:227
util-enum.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:281
SCConfNode_
Definition: conf.h:37
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:215
SCConfNode_::val
char * val
Definition: conf.h:39
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:174
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:189
TLS_STATE_CLIENT_FINISHED
@ TLS_STATE_CLIENT_FINISHED
Definition: app-layer-ssl.h:82
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:223
SCAppLayerGetEventIdByName
int SCAppLayerGetEventIdByName(const char *event_name, SCEnumCharMap *table, uint8_t *event_id)
Definition: app-layer-events.c:28
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:128
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:232
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:116
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:102
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:197
SSLStateConnp_::cert0_sans
char ** cert0_sans
Definition: app-layer-ssl.h:194
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:234
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:176
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:225
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:214