suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 #include "threads.h"
30 
31 #include "stream-tcp-private.h"
32 #include "stream-tcp-reassemble.h"
33 #include "stream-tcp.h"
34 #include "stream.h"
35 
36 #include "app-layer.h"
37 #include "app-layer-detect-proto.h"
38 #include "app-layer-protos.h"
39 #include "app-layer-parser.h"
40 #include "app-layer-frames.h"
41 #include "app-layer-ssl.h"
42 
43 #include "decode-events.h"
44 #include "conf.h"
45 
46 #include "util-spm.h"
47 #include "util-unittest.h"
48 #include "util-debug.h"
49 #include "util-print.h"
50 #include "util-pool.h"
51 #include "util-byte.h"
52 #include "util-ja3.h"
53 #include "util-enum.h"
54 #include "flow-util.h"
55 #include "flow-private.h"
56 #include "util-validate.h"
57 
59  {
60  "pdu",
62  },
63  {
64  "hdr",
66  },
67  {
68  "data",
70  },
71  {
72  "alert",
74  },
75  {
76  "heartbeat",
78  },
79  {
80  "ssl2.hdr",
82  },
83  {
84  "ssl2.pdu",
86  },
87  { NULL, -1 },
88 };
89 
91  /* TLS protocol messages */
92  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
93  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
94  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
95  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
96  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
97  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
98  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
99  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
100  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
101  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
102  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
103  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
104  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
105  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
106  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
107  /* certificate decoding messages */
108  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
109  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
110  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
111  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
112  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
114  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
115  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
116  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
117  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
118  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
119  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
120  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
121  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
122  /* used as a generic error event */
123  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
124  { NULL, -1 },
125 };
126 
127 enum {
128  /* X.509 error codes, returned by decoder
129  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
139 
140  /* error getting data */
144 };
145 
146 /* JA3 fingerprints are disabled by default */
147 #define SSL_CONFIG_DEFAULT_JA3 0
148 
150  SSL_CNF_ENC_HANDLE_DEFAULT = 0, /**< disable raw content, continue tracking */
151  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
152  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
153 };
154 
155 typedef struct SslConfig_ {
157  /** dynamic setting for ja3: can be enabled on demand if not explicitly
158  * disabled. */
159  SC_ATOMIC_DECLARE(int, enable_ja3);
160  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
162 
164 
165 /* SSLv3 record types */
166 #define SSLV3_CHANGE_CIPHER_SPEC 20
167 #define SSLV3_ALERT_PROTOCOL 21
168 #define SSLV3_HANDSHAKE_PROTOCOL 22
169 #define SSLV3_APPLICATION_PROTOCOL 23
170 #define SSLV3_HEARTBEAT_PROTOCOL 24
171 
172 /* SSLv3 handshake protocol types */
173 #define SSLV3_HS_HELLO_REQUEST 0
174 #define SSLV3_HS_CLIENT_HELLO 1
175 #define SSLV3_HS_SERVER_HELLO 2
176 #define SSLV3_HS_NEW_SESSION_TICKET 4
177 #define SSLV3_HS_CERTIFICATE 11
178 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
179 #define SSLV3_HS_CERTIFICATE_REQUEST 13
180 #define SSLV3_HS_SERVER_HELLO_DONE 14
181 #define SSLV3_HS_CERTIFICATE_VERIFY 15
182 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
183 #define SSLV3_HS_FINISHED 20
184 #define SSLV3_HS_CERTIFICATE_URL 21
185 #define SSLV3_HS_CERTIFICATE_STATUS 22
186 
187 /* SSLv2 protocol message types */
188 #define SSLV2_MT_ERROR 0
189 #define SSLV2_MT_CLIENT_HELLO 1
190 #define SSLV2_MT_CLIENT_MASTER_KEY 2
191 #define SSLV2_MT_CLIENT_FINISHED 3
192 #define SSLV2_MT_SERVER_HELLO 4
193 #define SSLV2_MT_SERVER_VERIFY 5
194 #define SSLV2_MT_SERVER_FINISHED 6
195 #define SSLV2_MT_REQUEST_CERTIFICATE 7
196 #define SSLV2_MT_CLIENT_CERTIFICATE 8
197 
198 #define SSLV3_RECORD_HDR_LEN 5
199 #define SSLV3_MESSAGE_HDR_LEN 4
200 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
201 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
202 
203 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
204 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
205 
206 /* TLS heartbeat protocol types */
207 #define TLS_HB_REQUEST 1
208 #define TLS_HB_RESPONSE 2
209 
210 #define SSL_RECORD_MINIMUM_LENGTH 6
211 
212 #define SHA1_STRING_LENGTH 60
213 
214 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
215 
217  int retval; // nr bytes consumed from input, or < 0 on error
218  uint32_t needed; // more bytes needed
219 };
220 #define SSL_DECODER_ERROR(e) \
221  (struct SSLDecoderResult) \
222  { \
223  (e), 0 \
224  }
225 #define SSL_DECODER_OK(c) \
226  (struct SSLDecoderResult) \
227  { \
228  (c), 0 \
229  }
230 #define SSL_DECODER_INCOMPLETE(c, n) \
231  (struct SSLDecoderResult) \
232  { \
233  (c), (n) \
234  }
235 
236 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
237  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
238 
239 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
240  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
241 {
242  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
243  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
244  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
245  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
246 
247  if (dst_offset < dst_size && src_offset < src_size &&
248  src_tocopy <= (src_size - src_offset) &&
249  src_tocopy <= (dst_size - dst_offset)) {
250  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
251  return 0;
252  }
253  return -1;
254 }
255 
256 #ifdef DEBUG_VALIDATION
257 #define ValidateRecordState(connp) \
258  do { \
259  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
260  (connp)->bytes_processed); \
261  } while(0);
262 #else
263 #define ValidateRecordState(...)
264 #endif
265 
266 #define SSLParserHSReset(connp) \
267  do { \
268  (connp)->handshake_type = 0; \
269  (connp)->message_length = 0; \
270  } while (0)
271 
272 #define SSLParserReset(state) \
273  do { \
274  SCLogDebug("resetting state"); \
275  (state)->curr_connp->bytes_processed = 0; \
276  SSLParserHSReset((state)->curr_connp); \
277  } while(0)
278 
279 #define SSLSetEvent(ssl_state, event) \
280  do { \
281  SCLogDebug("setting event %u", (event)); \
282  if ((ssl_state) == NULL) { \
283  SCLogDebug("could not set decoder event %u", event); \
284  } else { \
285  AppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
286  (ssl_state)->events++; \
287  } \
288  } while (0)
289 
290 static void *SSLGetTx(void *state, uint64_t tx_id)
291 {
292  SSLState *ssl_state = (SSLState *)state;
293  return ssl_state;
294 }
295 
296 static uint64_t SSLGetTxCnt(void *state)
297 {
298  /* single tx */
299  return 1;
300 }
301 
302 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
303 {
304  SSLState *ssl_state = (SSLState *)tx;
305 
306  /* we don't care about direction, only that app-layer parser is done
307  and have sent an EOF */
308  if (ssl_state->flags & SSL_AL_FLAG_STATE_FINISHED) {
309  return TLS_STATE_FINISHED;
310  }
311 
312  /* we want the logger to log when the handshake is done, even if the
313  state is not finished */
314  if (ssl_state->flags & SSL_AL_FLAG_HANDSHAKE_DONE) {
315  return TLS_HANDSHAKE_DONE;
316  }
317 
318  if (direction == STREAM_TOSERVER &&
319  (ssl_state->server_connp.cert0_subject != NULL ||
320  ssl_state->server_connp.cert0_issuerdn != NULL))
321  {
322  return TLS_STATE_CERT_READY;
323  }
324 
325  return TLS_STATE_IN_PROGRESS;
326 }
327 
328 static AppLayerTxData *SSLGetTxData(void *vtx)
329 {
330  SSLState *ssl_state = (SSLState *)vtx;
331  return &ssl_state->tx_data;
332 }
333 
334 static AppLayerStateData *SSLGetStateData(void *vstate)
335 {
336  SSLState *ssl_state = (SSLState *)vstate;
337  return &ssl_state->state_data;
338 }
339 
340 void SSLVersionToString(uint16_t version, char *buffer)
341 {
342  buffer[0] = '\0';
343 
344  switch (version) {
345  case TLS_VERSION_UNKNOWN:
346  strlcat(buffer, "UNDETERMINED", 13);
347  break;
348  case SSL_VERSION_2:
349  strlcat(buffer, "SSLv2", 6);
350  break;
351  case SSL_VERSION_3:
352  strlcat(buffer, "SSLv3", 6);
353  break;
354  case TLS_VERSION_10:
355  strlcat(buffer, "TLSv1", 6);
356  break;
357  case TLS_VERSION_11:
358  strlcat(buffer, "TLS 1.1", 8);
359  break;
360  case TLS_VERSION_12:
361  strlcat(buffer, "TLS 1.2", 8);
362  break;
363  case TLS_VERSION_13:
364  strlcat(buffer, "TLS 1.3", 8);
365  break;
367  strlcat(buffer, "TLS 1.3 draft-28", 17);
368  break;
370  strlcat(buffer, "TLS 1.3 draft-27", 17);
371  break;
373  strlcat(buffer, "TLS 1.3 draft-26", 17);
374  break;
376  strlcat(buffer, "TLS 1.3 draft-25", 17);
377  break;
379  strlcat(buffer, "TLS 1.3 draft-24", 17);
380  break;
382  strlcat(buffer, "TLS 1.3 draft-23", 17);
383  break;
385  strlcat(buffer, "TLS 1.3 draft-22", 17);
386  break;
388  strlcat(buffer, "TLS 1.3 draft-21", 17);
389  break;
391  strlcat(buffer, "TLS 1.3 draft-20", 17);
392  break;
394  strlcat(buffer, "TLS 1.3 draft-19", 17);
395  break;
397  strlcat(buffer, "TLS 1.3 draft-18", 17);
398  break;
400  strlcat(buffer, "TLS 1.3 draft-17", 17);
401  break;
403  strlcat(buffer, "TLS 1.3 draft-16", 17);
404  break;
406  strlcat(buffer, "TLS 1.3 draft-<16", 18);
407  break;
409  strlcat(buffer, "TLS 1.3 draft-20-fb", 20);
410  break;
412  strlcat(buffer, "TLS 1.3 draft-21-fb", 20);
413  break;
415  strlcat(buffer, "TLS 1.3 draft-22-fb", 20);
416  break;
418  strlcat(buffer, "TLS 1.3 draft-23-fb", 20);
419  break;
421  strlcat(buffer, "TLS 1.3 draft-26-fb", 20);
422  break;
423  default:
424  snprintf(buffer, 7, "0x%04x", version);
425  break;
426  }
427 }
428 
429 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
430 {
431  switch(err) {
434  break;
435  case ERR_EXTRACT_ISSUER:
437  break;
438  case ERR_EXTRACT_SUBJECT:
440  break;
441  case ERR_INVALID_DER:
443  break;
446  break;
447  case ERR_INVALID_DATE:
449  break;
452  break;
455  break;
456  case ERR_INVALID_SERIAL:
458  break;
459  case ERR_INVALID_VERSION:
461  break;
462  case ERR_INVALID_LENGTH:
464  break;
466  default:
468  break;
469  }
470 }
471 
472 static inline int TlsDecodeHSCertificateFingerprint(
473  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
474 {
475  if (unlikely(connp->cert0_fingerprint != NULL))
476  return 0;
477 
479  if (connp->cert0_fingerprint == NULL)
480  return -1;
481 
482  uint8_t hash[SC_SHA1_LEN];
483  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
484  rs_to_hex_sep(
485  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
486  }
487  return 0;
488 }
489 
490 static inline int TlsDecodeHSCertificateAddCertToChain(
491  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
492 {
493  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
494  if (cert == NULL)
495  return -1;
496 
497  cert->cert_data = (uint8_t *)input;
498  cert->cert_len = cert_len;
499  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
500 
501  return 0;
502 }
503 
504 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
505  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
506 {
507  const uint8_t *input = (uint8_t *)initial_input;
508  uint32_t err_code = 0;
509  X509 *x509 = NULL;
510  int rc = 0;
511 
512  if (!(HAS_SPACE(3)))
513  goto invalid_cert;
514 
515  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
516  input += 3;
517 
518  if (!(HAS_SPACE(cert_len)))
519  goto invalid_cert;
520 
521  /* only store fields from the first certificate in the chain */
522  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
523  connp->cert0_serial == NULL) {
524  x509 = rs_x509_decode(input, cert_len, &err_code);
525  if (x509 == NULL) {
526  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
527  goto next;
528  }
529 
530  char *str = rs_x509_get_subject(x509);
531  if (str == NULL) {
532  err_code = ERR_EXTRACT_SUBJECT;
533  goto error;
534  }
535  connp->cert0_subject = str;
536 
537  str = rs_x509_get_issuer(x509);
538  if (str == NULL) {
539  err_code = ERR_EXTRACT_ISSUER;
540  goto error;
541  }
542  connp->cert0_issuerdn = str;
543 
544  str = rs_x509_get_serial(x509);
545  if (str == NULL) {
546  err_code = ERR_INVALID_SERIAL;
547  goto error;
548  }
549  connp->cert0_serial = str;
550 
551  rc = rs_x509_get_validity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
552  if (rc != 0) {
553  err_code = ERR_EXTRACT_VALIDITY;
554  goto error;
555  }
556 
557  rs_x509_free(x509);
558  x509 = NULL;
559 
560  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
561  if (rc != 0) {
562  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
563  goto error;
564  }
565  }
566 
567  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
568  if (rc != 0) {
569  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
570  goto error;
571  }
572 
573 next:
574  input += cert_len;
575  return (input - initial_input);
576 
577 error:
578  if (err_code != 0)
579  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
580  if (x509 != NULL)
581  rs_x509_free(x509);
582  return -1;
583 
584 invalid_cert:
585  SCLogDebug("TLS invalid certificate");
587  return -1;
588 }
589 
590 /** \internal
591  * \brief parse cert data in a certificate handshake message
592  * will be called with all data.
593  * \retval consumed bytes consumed or -1 on error
594  */
595 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
596  const uint8_t *const initial_input, const uint32_t input_len)
597 {
598  const uint8_t *input = (uint8_t *)initial_input;
599 
600  if (!(HAS_SPACE(3)))
601  return -1;
602 
603  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
604  input += 3;
605 
606  if (!(HAS_SPACE(cert_chain_len)))
607  return -1;
608 
609  if (connp->certs_buffer != NULL) {
610  // TODO should we set an event here?
611  return -1;
612  }
613 
614  connp->certs_buffer = SCCalloc(1, cert_chain_len);
615  if (connp->certs_buffer == NULL) {
616  return -1;
617  }
618  connp->certs_buffer_size = cert_chain_len;
619  memcpy(connp->certs_buffer, input, cert_chain_len);
620 
621  int cert_cnt = 0;
622  uint32_t processed_len = 0;
623  /* coverity[tainted_data] */
624  while (processed_len < cert_chain_len) {
625  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
626  connp->certs_buffer_size - processed_len, cert_cnt);
627  if (rc <= 0) { // 0 should be impossible, but lets be defensive
628  return -1;
629  }
630  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
631  if (processed_len + (uint32_t)rc > cert_chain_len) {
632  return -1;
633  }
634 
635  processed_len += (uint32_t)rc;
636  }
637 
638  return processed_len + 3;
639 }
640 
641 /**
642  * \inline
643  * \brief Check if value is GREASE.
644  *
645  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
646  *
647  * \param value Value to check.
648  *
649  * \retval 1 if is GREASE.
650  * \retval 0 if not is GREASE.
651  */
652 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
653 {
654  switch (value)
655  {
656  case 0x0a0a:
657  case 0x1a1a:
658  case 0x2a2a:
659  case 0x3a3a:
660  case 0x4a4a:
661  case 0x5a5a:
662  case 0x6a6a:
663  case 0x7a7a:
664  case 0x8a8a:
665  case 0x9a9a:
666  case 0xaaaa:
667  case 0xbaba:
668  case 0xcaca:
669  case 0xdada:
670  case 0xeaea:
671  case 0xfafa:
672  return 1;
673  default:
674  return 0;
675  }
676 }
677 
678 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
679  const uint8_t * const initial_input,
680  const uint32_t input_len)
681 {
682  uint8_t *input = (uint8_t *)initial_input;
683 
685  SCLogDebug("TLS handshake invalid length");
686  SSLSetEvent(ssl_state,
688  return -1;
689  }
690 
691  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
692  ssl_state->curr_connp->version = version;
693 
694  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
695  versions, instead of using the supported versions extension. */
696  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
697  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
698  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
699  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
700  }
701 
702  /* Catch some early TLSv1.3 draft implementations that does not conform
703  to the draft version. */
704  if ((ssl_state->curr_connp->version >= 0x7f01) &&
705  (ssl_state->curr_connp->version < 0x7f10)) {
707  }
708 
709  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
710  version number, which makes it hard to accurately pinpoint the
711  exact draft version. */
712  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
714  }
715 
716  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
717  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
718  if (ssl_state->curr_connp->ja3_str == NULL)
719  return -1;
720 
721  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
722  if (rc != 0)
723  return -1;
724  }
725 
727 
728  return (input - initial_input);
729 }
730 
731 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
732  const uint8_t * const initial_input,
733  const uint32_t input_len)
734 {
735  uint8_t *input = (uint8_t *)initial_input;
736 
738  SCLogDebug("TLS handshake invalid length");
739  SSLSetEvent(ssl_state,
741  return -1;
742  }
743 
745  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
746  ssl_state->flags |= TLS_TS_RANDOM_SET;
747  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
748  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
749  ssl_state->flags |= TLS_TC_RANDOM_SET;
750  }
751 
752  /* Skip random */
754 
755  return (input - initial_input);
756 }
757 
758 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
759  const uint8_t * const initial_input,
760  const uint32_t input_len)
761 {
762  uint8_t *input = (uint8_t *)initial_input;
763 
764  if (!(HAS_SPACE(1)))
765  goto invalid_length;
766 
767  uint8_t session_id_length = *input;
768  input += 1;
769 
770  if (!(HAS_SPACE(session_id_length)))
771  goto invalid_length;
772 
773  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
774  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
775 
776  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
777  return -1;
778  }
779 
780  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
781  input, 0, input_len, session_id_length) != 0) {
782  return -1;
783  }
784  ssl_state->curr_connp->session_id_length = session_id_length;
785 
786  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
787  ssl_state->client_connp.session_id != NULL &&
788  ssl_state->server_connp.session_id != NULL) {
789  if ((ssl_state->client_connp.session_id_length ==
790  ssl_state->server_connp.session_id_length) &&
791  (memcmp(ssl_state->server_connp.session_id,
792  ssl_state->client_connp.session_id, session_id_length) == 0)) {
793  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
794  }
795  }
796  }
797 
798  input += session_id_length;
799 
800  return (input - initial_input);
801 
802 invalid_length:
803  SCLogDebug("TLS handshake invalid length");
804  SSLSetEvent(ssl_state,
806  return -1;
807 }
808 
809 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
810  const uint8_t * const initial_input,
811  const uint32_t input_len)
812 {
813  const uint8_t *input = initial_input;
814 
815  if (!(HAS_SPACE(2)))
816  goto invalid_length;
817 
818  uint16_t cipher_suites_length;
819 
821  cipher_suites_length = 2;
822  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
823  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
824  input += 2;
825  } else {
826  return -1;
827  }
828 
829  if (!(HAS_SPACE(cipher_suites_length)))
830  goto invalid_length;
831 
832  /* Cipher suites length should always be divisible by 2 */
833  if ((cipher_suites_length % 2) != 0) {
834  goto invalid_length;
835  }
836 
837  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
838  JA3Buffer *ja3_cipher_suites = Ja3BufferInit();
839  if (ja3_cipher_suites == NULL)
840  return -1;
841 
842  uint16_t processed_len = 0;
843  /* coverity[tainted_data] */
844  while (processed_len < cipher_suites_length)
845  {
846  if (!(HAS_SPACE(2))) {
847  Ja3BufferFree(&ja3_cipher_suites);
848  goto invalid_length;
849  }
850 
851  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
852  input += 2;
853 
854  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
855  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
856  if (rc != 0) {
857  return -1;
858  }
859  }
860 
861  processed_len += 2;
862  }
863 
864  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
865  &ja3_cipher_suites);
866  if (rc == -1) {
867  return -1;
868  }
869 
870  } else {
871  /* Skip cipher suites */
872  input += cipher_suites_length;
873  }
874 
875  return (input - initial_input);
876 
877 invalid_length:
878  SCLogDebug("TLS handshake invalid length");
879  SSLSetEvent(ssl_state,
881  return -1;
882 }
883 
884 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
885  const uint8_t * const initial_input,
886  const uint32_t input_len)
887 {
888  const uint8_t *input = initial_input;
889 
890  if (!(HAS_SPACE(1)))
891  goto invalid_length;
892 
893  /* Skip compression methods */
895  input += 1;
896  } else {
897  uint8_t compression_methods_length = *input;
898  input += 1;
899 
900  if (!(HAS_SPACE(compression_methods_length)))
901  goto invalid_length;
902 
903  input += compression_methods_length;
904  }
905 
906  return (input - initial_input);
907 
908 invalid_length:
909  SCLogDebug("TLS handshake invalid_length");
910  SSLSetEvent(ssl_state,
912  return -1;
913 }
914 
915 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
916  const uint8_t * const initial_input,
917  const uint32_t input_len)
918 {
919  uint8_t *input = (uint8_t *)initial_input;
920 
921  /* Empty extension */
922  if (input_len == 0)
923  return 0;
924 
925  if (!(HAS_SPACE(2)))
926  goto invalid_length;
927 
928  /* Skip sni_list_length */
929  input += 2;
930 
931  if (!(HAS_SPACE(1)))
932  goto invalid_length;
933 
934  uint8_t sni_type = *input;
935  input += 1;
936 
937  /* Currently the only type allowed is host_name
938  (RFC6066 section 3). */
939  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
940  SCLogDebug("Unknown SNI type");
941  SSLSetEvent(ssl_state,
943  return -1;
944  }
945 
946  if (!(HAS_SPACE(2)))
947  goto invalid_length;
948 
949  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
950  input += 2;
951 
952  /* host_name contains the fully qualified domain name,
953  and should therefore be limited by the maximum domain
954  name length. */
955  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
956  SSLSetEvent(ssl_state,
958  return -1;
959  }
960 
961  /* There must not be more than one extension of the same
962  type (RFC5246 section 7.4.1.4). */
963  if (ssl_state->curr_connp->sni) {
964  SCLogDebug("Multiple SNI extensions");
965  SSLSetEvent(ssl_state,
967  input += sni_len;
968  return (input - initial_input);
969  }
970 
971  const size_t sni_strlen = sni_len + 1;
972  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
973  if (unlikely(ssl_state->curr_connp->sni == NULL))
974  return -1;
975 
976  const size_t consumed = input - initial_input;
977  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
978  initial_input, consumed, input_len, sni_len) != 0) {
979  SCFree(ssl_state->curr_connp->sni);
980  ssl_state->curr_connp->sni = NULL;
981  return -1;
982  }
983  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
984 
985  input += sni_len;
986 
987  return (input - initial_input);
988 
989 invalid_length:
990  SCLogDebug("TLS handshake invalid length");
991  SSLSetEvent(ssl_state,
993 
994 
995  return -1;
996 }
997 
998 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
999  const uint8_t * const initial_input,
1000  const uint32_t input_len)
1001 {
1002  const uint8_t *input = initial_input;
1003 
1004  /* Empty extension */
1005  if (input_len == 0)
1006  return 0;
1007 
1008  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1009  if (!(HAS_SPACE(1)))
1010  goto invalid_length;
1011 
1012  uint8_t supported_ver_len = *input;
1013  input += 1;
1014 
1015  if (supported_ver_len < 2)
1016  goto invalid_length;
1017 
1018  if (!(HAS_SPACE(supported_ver_len)))
1019  goto invalid_length;
1020 
1021  /* Use the first (and prefered) valid version as client version,
1022  * skip over GREASE and other possible noise. */
1023  uint16_t i = 0;
1024  while (i + 1 < (uint16_t)supported_ver_len) {
1025  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1026  if (TLSVersionValid(ver)) {
1027  ssl_state->curr_connp->version = ver;
1028  break;
1029  }
1030  i += 2;
1031  }
1032 
1033  /* Set a flag to indicate that we have seen this extension */
1035 
1036  input += supported_ver_len;
1037  }
1038  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1039  if (!(HAS_SPACE(2)))
1040  goto invalid_length;
1041 
1042  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1043 
1044  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1045  (ver > TLS_VERSION_12)) {
1046  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1047  }
1048 
1049  ssl_state->curr_connp->version = ver;
1050  input += 2;
1051  }
1052 
1053  return (input - initial_input);
1054 
1055 invalid_length:
1056  SCLogDebug("TLS handshake invalid length");
1057  SSLSetEvent(ssl_state,
1059 
1060  return -1;
1061 }
1062 
1063 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1064  const uint8_t * const initial_input,
1065  const uint32_t input_len,
1066  JA3Buffer *ja3_elliptic_curves)
1067 {
1068  const uint8_t *input = initial_input;
1069 
1070  /* Empty extension */
1071  if (input_len == 0)
1072  return 0;
1073 
1074  if (!(HAS_SPACE(2)))
1075  goto invalid_length;
1076 
1077  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1078  input += 2;
1079 
1080  if (!(HAS_SPACE(elliptic_curves_len)))
1081  goto invalid_length;
1082 
1083  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1084  SC_ATOMIC_GET(ssl_config.enable_ja3)) {
1085  uint16_t ec_processed_len = 0;
1086  /* coverity[tainted_data] */
1087  while (ec_processed_len < elliptic_curves_len)
1088  {
1089  if (!(HAS_SPACE(2)))
1090  goto invalid_length;
1091 
1092  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1093  input += 2;
1094 
1095  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1096  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1097  elliptic_curve);
1098  if (rc != 0)
1099  return -1;
1100  }
1101 
1102  ec_processed_len += 2;
1103  }
1104 
1105  } else {
1106  /* Skip elliptic curves */
1107  input += elliptic_curves_len;
1108  }
1109 
1110  return (input - initial_input);
1111 
1112 invalid_length:
1113  SCLogDebug("TLS handshake invalid length");
1114  SSLSetEvent(ssl_state,
1116 
1117  return -1;
1118 }
1119 
1120 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1121  const uint8_t * const initial_input,
1122  const uint32_t input_len,
1123  JA3Buffer *ja3_elliptic_curves_pf)
1124 {
1125  const uint8_t *input = initial_input;
1126 
1127  /* Empty extension */
1128  if (input_len == 0)
1129  return 0;
1130 
1131  if (!(HAS_SPACE(1)))
1132  goto invalid_length;
1133 
1134  uint8_t ec_pf_len = *input;
1135  input += 1;
1136 
1137  if (!(HAS_SPACE(ec_pf_len)))
1138  goto invalid_length;
1139 
1140  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1141  SC_ATOMIC_GET(ssl_config.enable_ja3)) {
1142  uint8_t ec_pf_processed_len = 0;
1143  /* coverity[tainted_data] */
1144  while (ec_pf_processed_len < ec_pf_len)
1145  {
1146  uint8_t elliptic_curve_pf = *input;
1147  input += 1;
1148 
1149  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1150  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1151  elliptic_curve_pf);
1152  if (rc != 0)
1153  return -1;
1154  }
1155 
1156  ec_pf_processed_len += 1;
1157  }
1158 
1159  } else {
1160  /* Skip elliptic curve point formats */
1161  input += ec_pf_len;
1162  }
1163 
1164  return (input - initial_input);
1165 
1166 invalid_length:
1167  SCLogDebug("TLS handshake invalid length");
1168  SSLSetEvent(ssl_state,
1170 
1171  return -1;
1172 }
1173 
1174 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1175  const uint8_t * const initial_input,
1176  const uint32_t input_len)
1177 {
1178  const uint8_t *input = initial_input;
1179 
1180  int ret;
1181  int rc;
1182  const bool ja3 = (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1);
1183 
1184  JA3Buffer *ja3_extensions = NULL;
1185  JA3Buffer *ja3_elliptic_curves = NULL;
1186  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1187 
1188  if (ja3) {
1189  ja3_extensions = Ja3BufferInit();
1190  if (ja3_extensions == NULL)
1191  goto error;
1192 
1193  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1194  ja3_elliptic_curves = Ja3BufferInit();
1195  if (ja3_elliptic_curves == NULL)
1196  goto error;
1197 
1198  ja3_elliptic_curves_pf = Ja3BufferInit();
1199  if (ja3_elliptic_curves_pf == NULL)
1200  goto error;
1201  }
1202  }
1203 
1204  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1205  if (!(HAS_SPACE(2)))
1206  goto end;
1207 
1208  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1209  input += 2;
1210 
1211  if (!(HAS_SPACE(extensions_len)))
1212  goto invalid_length;
1213 
1214  uint16_t processed_len = 0;
1215  /* coverity[tainted_data] */
1216  while (processed_len < extensions_len)
1217  {
1218  if (!(HAS_SPACE(2)))
1219  goto invalid_length;
1220 
1221  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1222  input += 2;
1223 
1224  if (!(HAS_SPACE(2)))
1225  goto invalid_length;
1226 
1227  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1228  input += 2;
1229 
1230  if (!(HAS_SPACE(ext_len)))
1231  goto invalid_length;
1232 
1233  switch (ext_type) {
1234  case SSL_EXTENSION_SNI:
1235  {
1236  /* coverity[tainted_data] */
1237  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1238  ext_len);
1239  if (ret < 0)
1240  goto end;
1241 
1242  input += ret;
1243 
1244  break;
1245  }
1246 
1248  {
1249  /* coverity[tainted_data] */
1250  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1251  ext_len,
1252  ja3_elliptic_curves);
1253  if (ret < 0)
1254  goto end;
1255 
1256  input += ret;
1257 
1258  break;
1259  }
1260 
1262  {
1263  /* coverity[tainted_data] */
1264  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1265  ext_len,
1266  ja3_elliptic_curves_pf);
1267  if (ret < 0)
1268  goto end;
1269 
1270  input += ret;
1271 
1272  break;
1273  }
1274 
1276  {
1277  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1278  /* Used by 0-RTT to indicate that encrypted data will
1279  be sent right after the ClientHello record. */
1280  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1281  }
1282 
1283  input += ext_len;
1284 
1285  break;
1286  }
1287 
1289  {
1290  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1291  ext_len);
1292  if (ret < 0)
1293  goto end;
1294 
1295  input += ret;
1296 
1297  break;
1298  }
1299 
1301  {
1302  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1303  /* This has to be verified later on by checking if a
1304  certificate record has been sent by the server. */
1305  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1306  }
1307 
1308  input += ext_len;
1309 
1310  break;
1311  }
1312 
1313  default:
1314  {
1315  input += ext_len;
1316  break;
1317  }
1318  }
1319 
1320  if (ja3) {
1321  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1322  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1323  if (rc != 0)
1324  goto error;
1325  }
1326  }
1327 
1328  processed_len += ext_len + 4;
1329  }
1330 
1331 end:
1332  if (ja3) {
1333  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1334  &ja3_extensions);
1335  if (rc == -1)
1336  goto error;
1337 
1338  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1339  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1340  &ja3_elliptic_curves);
1341  if (rc == -1)
1342  goto error;
1343 
1344  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1345  &ja3_elliptic_curves_pf);
1346  if (rc == -1)
1347  goto error;
1348  }
1349  }
1350 
1351  return (input - initial_input);
1352 
1353 invalid_length:
1354  SCLogDebug("TLS handshake invalid length");
1355  SSLSetEvent(ssl_state,
1357 
1358 error:
1359  if (ja3_extensions != NULL)
1360  Ja3BufferFree(&ja3_extensions);
1361  if (ja3_elliptic_curves != NULL)
1362  Ja3BufferFree(&ja3_elliptic_curves);
1363  if (ja3_elliptic_curves_pf != NULL)
1364  Ja3BufferFree(&ja3_elliptic_curves_pf);
1365 
1366  return -1;
1367 }
1368 
1369 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1370  const uint8_t * const input,
1371  const uint32_t input_len)
1372 {
1373  int ret;
1374  uint32_t parsed = 0;
1375 
1376  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1377  if (ret < 0)
1378  goto end;
1379 
1380  parsed += ret;
1381 
1382  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1383  if (ret < 0)
1384  goto end;
1385 
1386  parsed += ret;
1387 
1388  /* The session id field in the server hello record was removed in
1389  TLSv1.3 draft1, but was readded in draft22. */
1390  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1392  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1393  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1394  input_len - parsed);
1395  if (ret < 0)
1396  goto end;
1397 
1398  parsed += ret;
1399  }
1400 
1401  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1402  input_len - parsed);
1403  if (ret < 0)
1404  goto end;
1405 
1406  parsed += ret;
1407 
1408  /* The compression methods field in the server hello record was
1409  removed in TLSv1.3 draft1, but was readded in draft22. */
1410  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1412  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1413  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1414  input_len - parsed);
1415  if (ret < 0)
1416  goto end;
1417 
1418  parsed += ret;
1419  }
1420 
1421  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1422  input_len - parsed);
1423  if (ret < 0)
1424  goto end;
1425 
1426  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1427  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1428  }
1429 
1430 end:
1431  return 0;
1432 }
1433 
1434 #ifdef DEBUG_VALIDATION
1435 static inline bool
1436 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1437 {
1438  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1439  curr_connp->bytes_processed);
1440 }
1441 #endif
1442 
1443 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1444  const uint8_t *const initial_input, const uint32_t input_len)
1445 {
1446  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1447  SCLogDebug("rc %d", rc);
1448  if (rc > 0) {
1449  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1450  SSLParserHSReset(connp);
1451  } else if (rc < 0) {
1452  SCLogDebug("error parsing cert, reset state");
1453  SSLParserHSReset(connp);
1454  /* fall through to still consume the cert bytes */
1455  }
1456  return input_len;
1457 }
1458 
1459 static int SupportedHandshakeType(const uint8_t type)
1460 {
1461  switch (type) {
1462  case SSLV3_HS_CLIENT_HELLO:
1463  case SSLV3_HS_SERVER_HELLO:
1466  case SSLV3_HS_CERTIFICATE:
1470  case SSLV3_HS_FINISHED:
1475  return true;
1476  break;
1477 
1478  default:
1479  return false;
1480  break;
1481  }
1482 }
1483 
1484 /**
1485  * \retval parsed number of consumed bytes
1486  * \retval < 0 error
1487  */
1488 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1489  uint32_t input_len, uint8_t direction)
1490 {
1491  const uint8_t *initial_input = input;
1492  int rc;
1493 
1494  if (input_len == 0) {
1495  return 0;
1496  }
1497  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1498 
1499  switch (ssl_state->curr_connp->handshake_type) {
1500  case SSLV3_HS_CLIENT_HELLO:
1502 
1503  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1504  if (rc < 0)
1505  return rc;
1506  break;
1507 
1508  case SSLV3_HS_SERVER_HELLO:
1510 
1511  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1512  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1513  if (rc < 0)
1514  return rc;
1515  break;
1516 
1519  break;
1520 
1523  break;
1524 
1525  case SSLV3_HS_CERTIFICATE:
1526 
1527  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1528  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1529  input_len);
1530  if (rc < 0)
1531  return rc;
1532  break;
1533 
1535  break;
1537  if (direction) {
1539  }
1540  break;
1542  case SSLV3_HS_FINISHED:
1545  break;
1547  SCLogDebug("new session ticket");
1548  break;
1550  break;
1551  default:
1553  return -1;
1554  }
1555 
1556  ssl_state->flags |= ssl_state->current_flags;
1557 
1558  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1559  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1560 
1561  return input_len;
1562 }
1563 
1564 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1565  uint32_t input_len, uint8_t direction)
1566 {
1567  const uint8_t *initial_input = input;
1568 
1569  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1570  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1571  SCReturnInt(0);
1572  }
1573 
1574  while (input_len) {
1575  SCLogDebug("input_len %u", input_len);
1576 
1577  if (ssl_state->curr_connp->hs_buffer != NULL) {
1578  SCLogDebug("partial handshake record in place");
1579  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1580  ssl_state->curr_connp->hs_buffer_offset;
1581  const uint32_t add = MIN(need, input_len);
1582 
1583  /* grow buffer to next multiple of 4k that fits all data we have */
1584  if (ssl_state->curr_connp->hs_buffer_offset + add >
1585  ssl_state->curr_connp->hs_buffer_size) {
1586  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1587  const uint32_t new_size = avail + (4096 - (avail % 4096));
1588  SCLogDebug("new_size %u, avail %u", new_size, avail);
1589  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1590  if (ptr == NULL)
1591  return -1;
1592  ssl_state->curr_connp->hs_buffer = ptr;
1593  ssl_state->curr_connp->hs_buffer_size = new_size;
1594  }
1595 
1596  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1597  "ssl_state->curr_connp->hs_buffer_size %u",
1598  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1599  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1600 
1601  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1602  ssl_state->curr_connp->hs_buffer_offset,
1603  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1604  SCLogDebug("copy failed");
1605  return -1;
1606  }
1607  ssl_state->curr_connp->hs_buffer_offset += add;
1608 
1609  if (ssl_state->curr_connp->hs_buffer_message_size <=
1610  ssl_state->curr_connp->hs_buffer_offset) {
1612  ssl_state->curr_connp->hs_buffer_offset);
1613 
1614  ssl_state->curr_connp->handshake_type =
1615  ssl_state->curr_connp->hs_buffer_message_type;
1616  ssl_state->curr_connp->message_length =
1617  ssl_state->curr_connp->hs_buffer_message_size;
1618 
1619  SCLogDebug("got all data now: handshake_type %u message_length %u",
1620  ssl_state->curr_connp->handshake_type,
1621  ssl_state->curr_connp->message_length);
1622 
1623  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1624  ssl_state->curr_connp->hs_buffer_offset, direction);
1625  if (retval < 0) {
1626  SSLParserHSReset(ssl_state->curr_connp);
1627  return (retval);
1628  }
1629  SCLogDebug("retval %d", retval);
1630 
1631  /* data processed, reset buffer */
1632  SCFree(ssl_state->curr_connp->hs_buffer);
1633  ssl_state->curr_connp->hs_buffer = NULL;
1634  ssl_state->curr_connp->hs_buffer_size = 0;
1635  ssl_state->curr_connp->hs_buffer_message_size = 0;
1636  ssl_state->curr_connp->hs_buffer_message_type = 0;
1637  ssl_state->curr_connp->hs_buffer_offset = 0;
1638  } else {
1639  SCLogDebug("partial data");
1640  }
1641 
1642  input += add;
1643  input_len -= add;
1644  SCLogDebug("input_len %u", input_len);
1645  SSLParserHSReset(ssl_state->curr_connp);
1646  continue;
1647  }
1648 
1649  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1650  SCLogDebug("input %p input_len %u", input, input_len);
1651 
1652  if (input_len < 4) {
1654  SCReturnInt(-1);
1655  }
1656 
1657  ssl_state->curr_connp->handshake_type = input[0];
1658  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1659  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1660  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1661  input_len);
1662  input += 4;
1663  input_len -= 4;
1664 
1665  const uint32_t record_len = ssl_state->curr_connp->message_length;
1666  /* see if we support this type. We check here to not use the fragment
1667  * handling on things we don't support. */
1668  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1669  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1670  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1671  if (!supported_type) {
1672  uint32_t avail_record_len = MIN(input_len, record_len);
1673  input += avail_record_len;
1674  input_len -= avail_record_len;
1675 
1676  SSLParserHSReset(ssl_state->curr_connp);
1677 
1678  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1679  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1680  // after Change Cipher Spec we get Encrypted Handshake Messages
1681  } else {
1683  }
1684  continue;
1685  }
1686 
1687  /* if the message lenght exceeds our input_len, we have a tls fragment. */
1688  if (record_len > input_len) {
1689  const uint32_t avail = input_len;
1690  const uint32_t size = avail + (4096 - (avail % 4096));
1691  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1692  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1693  if (ssl_state->curr_connp->hs_buffer == NULL) {
1694  return -1;
1695  }
1696  ssl_state->curr_connp->hs_buffer_size = size;
1697  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1698  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1699 
1700  if (input_len > 0) {
1701  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1702  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1703  input_len) != 0) {
1704  return -1;
1705  }
1706  ssl_state->curr_connp->hs_buffer_offset = input_len;
1707  }
1708  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1709  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1710  ssl_state->curr_connp->hs_buffer_offset,
1711  ssl_state->curr_connp->hs_buffer_message_type,
1712  ssl_state->curr_connp->hs_buffer_message_size);
1713  input += input_len;
1714  SSLParserHSReset(ssl_state->curr_connp);
1715  return (input - initial_input);
1716 
1717  } else {
1718  /* full record, parse it now */
1719  int retval = SSLv3ParseHandshakeType(
1720  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1721  if (retval < 0 || retval > (int)input_len) {
1722  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1723  return (retval);
1724  }
1725  SCLogDebug("retval %d input_len %u", retval, input_len);
1726  input += retval;
1727  input_len -= retval;
1728 
1729  SSLParserHSReset(ssl_state->curr_connp);
1730  }
1731  SCLogDebug("input_len left %u", input_len);
1732  }
1733  return (input - initial_input);
1734 }
1735 
1736 /**
1737  * \internal
1738  * \brief TLS Heartbeat parser (see RFC 6520)
1739  *
1740  * \param sslstate Pointer to the SSL state.
1741  * \param input Pointer to the received input data.
1742  * \param input_len Length in bytes of the received data.
1743  * \param direction 1 toclient, 0 toserver
1744  *
1745  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1746  */
1747 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1748  uint32_t input_len, uint8_t direction)
1749 {
1750  uint8_t hb_type;
1751  uint16_t payload_len;
1752  uint32_t padding_len;
1753 
1754  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1755  if (input_len < 3) {
1756  return 0;
1757  }
1758 
1759  hb_type = *input++;
1760 
1761  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1762  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1764  return -1;
1765  }
1766  }
1767 
1768  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1769  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1770 
1771  if (direction) {
1772  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1773  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1774  } else {
1775  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1776  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1777  }
1778 
1779  /* if we reach this point, then we can assume that the HB request
1780  is encrypted. If so, let's set the HB record length */
1781  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1782  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1783  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1784  ssl_state->hb_record_len);
1785  return (ssl_state->curr_connp->record_length - 3);
1786  }
1787 
1788  payload_len = (uint16_t)(*input << 8) | *(input + 1);
1789 
1790  /* check that the requested payload length is really present in
1791  the record (CVE-2014-0160) */
1792  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
1793  SCLogDebug("We have a short record in HeartBeat Request");
1795  return -1;
1796  }
1797 
1798  /* check the padding length. It must be at least 16 bytes
1799  (RFC 6520, section 4) */
1800  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
1801  if (padding_len < 16) {
1802  SCLogDebug("We have a short record in HeartBeat Request");
1804  return -1;
1805  }
1806 
1807  /* we don't have the payload */
1808  if (input_len < payload_len + padding_len) {
1809  return 0;
1810  }
1811 
1812  /* OpenSSL still seems to discard multiple in-flight
1813  heartbeats although some tools send multiple at once */
1814  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1815  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
1816  SCLogDebug("Multiple in-flight server initiated HeartBeats");
1818  return -1;
1819 
1820  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1821  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
1822  SCLogDebug("Multiple in-flight client initiated HeartBeats");
1824  return -1;
1825 
1826  } else {
1827  /* we have a HB record in the opposite direction of the request,
1828  let's reset our flags */
1829  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
1830  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
1831  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
1832 
1833  /* if we reach this point, then we can assume that the HB request
1834  is encrypted. If so, let's set the HB record length */
1835  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1836  /* check to see if the encrypted response is longer than the
1837  encrypted request */
1838  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
1839  ssl_state->curr_connp->record_length) {
1840  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
1841  ssl_state->hb_record_len);
1842  SSLSetEvent(ssl_state,
1844  ssl_state->hb_record_len = 0;
1845  return -1;
1846  }
1847  }
1848 
1849  /* reset the HB record length in case we have a legit HB followed
1850  by a bad one */
1851  ssl_state->hb_record_len = 0;
1852  }
1853 
1854  /* skip the HeartBeat, 3 bytes were already parsed,
1855  e.g |18 03 02| for TLS 1.2 */
1856  return (ssl_state->curr_connp->record_length - 3);
1857 }
1858 
1859 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
1860  const uint8_t *input, uint32_t input_len)
1861 {
1862  const uint8_t *initial_input = input;
1863 
1864  if (input_len == 0) {
1865  return 0;
1866  }
1867 
1868  uint8_t skip_version = 0;
1869 
1870  /* Only set SSL/TLS version here if it has not already been set in
1871  client/server hello. */
1872  if (direction == 0) {
1873  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1874  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
1875  skip_version = 1;
1876  }
1877  } else {
1878  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1879  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
1880  skip_version = 1;
1881  }
1882  }
1883 
1884  switch (ssl_state->curr_connp->bytes_processed) {
1885  case 0:
1886  if (input_len >= 5) {
1887  ssl_state->curr_connp->content_type = input[0];
1888  if (!skip_version) {
1889  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
1890  }
1891  ssl_state->curr_connp->record_length = input[3] << 8;
1892  ssl_state->curr_connp->record_length |= input[4];
1894  return SSLV3_RECORD_HDR_LEN;
1895  } else {
1896  ssl_state->curr_connp->content_type = *(input++);
1897  if (--input_len == 0)
1898  break;
1899  }
1900 
1901  /* fall through */
1902  case 1:
1903  if (!skip_version) {
1904  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
1905  } else {
1906  input++;
1907  }
1908  if (--input_len == 0)
1909  break;
1910 
1911  /* fall through */
1912  case 2:
1913  if (!skip_version) {
1914  ssl_state->curr_connp->version |= *(input++);
1915  } else {
1916  input++;
1917  }
1918  if (--input_len == 0)
1919  break;
1920 
1921  /* fall through */
1922  case 3:
1923  ssl_state->curr_connp->record_length = *(input++) << 8;
1924  if (--input_len == 0)
1925  break;
1926 
1927  /* fall through */
1928  case 4:
1929  ssl_state->curr_connp->record_length |= *(input++);
1930  if (--input_len == 0)
1931  break;
1932 
1933  /* fall through */
1934  }
1935 
1936  ssl_state->curr_connp->bytes_processed += (input - initial_input);
1937 
1938  return (input - initial_input);
1939 }
1940 
1941 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
1942  const uint8_t *input, uint32_t input_len)
1943 {
1944  const uint8_t *initial_input = input;
1945 
1946  if (input_len == 0) {
1947  return 0;
1948  }
1949 
1950  if (ssl_state->curr_connp->record_lengths_length == 2) {
1951  switch (ssl_state->curr_connp->bytes_processed) {
1952  case 0:
1953  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
1954  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
1955  ssl_state->curr_connp->content_type = input[2];
1956  ssl_state->curr_connp->version = SSL_VERSION_2;
1957  ssl_state->curr_connp->bytes_processed += 3;
1958  return 3;
1959  } else {
1960  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
1961  if (--input_len == 0)
1962  break;
1963  }
1964 
1965  /* fall through */
1966  case 1:
1967  ssl_state->curr_connp->record_length |= *(input++);
1968  if (--input_len == 0)
1969  break;
1970 
1971  /* fall through */
1972  case 2:
1973  ssl_state->curr_connp->content_type = *(input++);
1974  ssl_state->curr_connp->version = SSL_VERSION_2;
1975  if (--input_len == 0)
1976  break;
1977 
1978  /* fall through */
1979  }
1980 
1981  } else {
1982  switch (ssl_state->curr_connp->bytes_processed) {
1983  case 0:
1984  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
1985  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
1986  ssl_state->curr_connp->content_type = input[3];
1987  ssl_state->curr_connp->version = SSL_VERSION_2;
1988  ssl_state->curr_connp->bytes_processed += 4;
1989  return 4;
1990  } else {
1991  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
1992  if (--input_len == 0)
1993  break;
1994  }
1995 
1996  /* fall through */
1997  case 1:
1998  ssl_state->curr_connp->record_length |= *(input++);
1999  if (--input_len == 0)
2000  break;
2001 
2002  /* fall through */
2003  case 2:
2004  /* padding */
2005  input++;
2006  if (--input_len == 0)
2007  break;
2008 
2009  /* fall through */
2010  case 3:
2011  ssl_state->curr_connp->content_type = *(input++);
2012  ssl_state->curr_connp->version = SSL_VERSION_2;
2013  if (--input_len == 0)
2014  break;
2015 
2016  /* fall through */
2017  }
2018  }
2019 
2020  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2021 
2022  return (input - initial_input);
2023 }
2024 
2025 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2026  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2027  const StreamSlice stream_slice)
2028 {
2029  const uint8_t *initial_input = input;
2030 
2031  if (ssl_state->curr_connp->bytes_processed == 0) {
2032  if (input[0] & 0x80) {
2033  ssl_state->curr_connp->record_lengths_length = 2;
2034  } else {
2035  ssl_state->curr_connp->record_lengths_length = 3;
2036  }
2037 
2038  SCLogDebug("record start: ssl2.hdr frame");
2039  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2040  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2041  }
2042 
2043  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2044  "ssl_state->curr_connp->bytes_processed %u",
2045  direction, ssl_state->curr_connp->record_lengths_length + 1,
2046  ssl_state->curr_connp->bytes_processed);
2047  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2048  to read the msg_type */
2049  if (ssl_state->curr_connp->bytes_processed <
2050  (ssl_state->curr_connp->record_lengths_length + 1)) {
2051  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2052  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2053  ssl_state->curr_connp->record_length);
2054  if (retval < 0 || retval > (int)input_len) {
2055  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2057  return SSL_DECODER_ERROR(-1);
2058  }
2059 
2060  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2061  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2062  direction, TLS_FRAME_SSLV2_PDU);
2063  SCLogDebug("record start: ssl2.pdu frame");
2064 
2065  input += retval;
2066  input_len -= retval;
2067  }
2068 
2069  /* if we don't have the full record, we return incomplete */
2070  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2071  input_len + ssl_state->curr_connp->bytes_processed) {
2072  uint32_t needed = ssl_state->curr_connp->record_length;
2073  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2074  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2075  needed);
2076  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2077  }
2078 
2079  if (input_len == 0) {
2080  return SSL_DECODER_OK((input - initial_input));
2081  }
2082 
2083  /* record_length should never be zero */
2084  if (ssl_state->curr_connp->record_length == 0) {
2085  SCLogDebug("SSLv2 record length is zero");
2087  return SSL_DECODER_ERROR(-1);
2088  }
2089 
2090  /* record_lengths_length should never be zero */
2091  if (ssl_state->curr_connp->record_lengths_length == 0) {
2092  SCLogDebug("SSLv2 record lengths length is zero");
2094  return SSL_DECODER_ERROR(-1);
2095  }
2096 
2097  switch (ssl_state->curr_connp->content_type) {
2098  case SSLV2_MT_ERROR:
2099  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2100  "in establishing the sslv2 session, may be version");
2102 
2103  break;
2104 
2105  case SSLV2_MT_CLIENT_HELLO:
2106  if (input_len < 6) {
2108  return SSL_DECODER_ERROR(-1);
2109  }
2110 
2111  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2112  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2113 
2114  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2115  SCLogDebug("SSLv2: version %04x", version);
2116  ssl_state->curr_connp->version = version;
2117  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2118  input += 6;
2119  input_len -= 6;
2120  ssl_state->curr_connp->bytes_processed += 6;
2121  if (session_id_length == 0) {
2122  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2123  }
2124  break;
2125 
2127  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2128  SCLogDebug("Client hello is not seen before master key "
2129  "message!");
2130  }
2131  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2132 
2133  break;
2134 
2136  if (direction == 1) {
2137  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2138  "direction!");
2139  } else {
2140  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2141  }
2142 
2143  /* fall through */
2146  if (direction == 0 &&
2147  !(ssl_state->curr_connp->content_type &
2149  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2150  "direction!");
2151  }
2152 
2153  /* fall through */
2156  /* both client hello and server hello must be seen */
2157  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2158  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2159 
2160  if (direction == 0) {
2161  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2162  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2163  SCLogDebug("SSLv2 client side has started the encryption");
2164  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2165  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2166  SCLogDebug("SSLv2 client side has started the encryption");
2167  }
2168  } else {
2169  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2170  SCLogDebug("SSLv2 Server side has started the encryption");
2171  }
2172 
2173  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2174  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2175  {
2179  }
2180 
2184  }
2185  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2186  }
2187  }
2188 
2189  break;
2190 
2191  case SSLV2_MT_SERVER_HELLO:
2192  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2193  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2194 
2195  break;
2196  }
2197 
2198  ssl_state->flags |= ssl_state->current_flags;
2199 
2200  if (input_len + ssl_state->curr_connp->bytes_processed >=
2201  (ssl_state->curr_connp->record_length +
2202  ssl_state->curr_connp->record_lengths_length)) {
2203 
2204  /* looks like we have another record after this */
2205  uint32_t diff = ssl_state->curr_connp->record_length +
2206  ssl_state->curr_connp->record_lengths_length + -
2207  ssl_state->curr_connp->bytes_processed;
2208  input += diff;
2209  SSLParserReset(ssl_state);
2210 
2211  /* we still don't have the entire record for the one we are
2212  currently parsing */
2213  } else {
2214  input += input_len;
2215  ssl_state->curr_connp->bytes_processed += input_len;
2216  }
2217  return SSL_DECODER_OK((input - initial_input));
2218 }
2219 
2220 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2221  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2222  const StreamSlice stream_slice)
2223 {
2224  uint32_t parsed = 0;
2225  uint32_t record_len; /* slice of input_len for the current record */
2226  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2227 
2228  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2229  const uint16_t prev_version = ssl_state->curr_connp->version;
2230 
2231  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2232  if (retval < 0 || retval > (int)input_len) {
2233  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2234  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2236  return SSL_DECODER_ERROR(-1);
2237  }
2238  parsed = retval;
2239 
2240  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2241  input, ssl_state->curr_connp->record_length);
2242 
2243  /* first the hdr frame at our first chance */
2244  if (first_call) {
2245  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2246  direction, TLS_FRAME_HDR);
2247  }
2248 
2249  /* parser is streaming for the initial header, then switches to incomplete
2250  * API: so if we don't have the hdr yet, return consumed bytes and wait
2251  * until we are called again with new data. */
2252  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2253  SCLogDebug(
2254  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2255  return SSL_DECODER_OK(parsed);
2256  }
2257 
2258  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2259  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2260  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2261  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2262  SCLogDebug(
2263  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2264  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2265 
2266  bool unknown_record = false;
2267  switch (ssl_state->curr_connp->content_type) {
2269  case SSLV3_ALERT_PROTOCOL:
2273  break;
2274  default:
2275  unknown_record = true;
2276  break;
2277  }
2278 
2279  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2280  * on Wireshark logic. */
2281  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2282  if (unknown_record) {
2283  SCLogDebug("unknown record, ignore it");
2285 
2286  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2287  ssl_state->curr_connp->content_type = 0;
2288  ssl_state->curr_connp->record_length = 0;
2289  // restore last good version
2290  ssl_state->curr_connp->version = prev_version;
2291  return SSL_DECODER_OK(input_len); // consume everything
2292  }
2293  } else {
2294  if (unknown_record) {
2295  SCLogDebug("unknown record, fatal");
2297  return SSL_DECODER_ERROR(-1);
2298  }
2299  }
2300 
2301  /* record_length should never be zero */
2302  if (ssl_state->curr_connp->record_length == 0) {
2303  SCLogDebug("SSLv3 Record length is 0");
2305  return SSL_DECODER_ERROR(-1);
2306  }
2307 
2308  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2309  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2311  return SSL_DECODER_ERROR(-1);
2312  }
2313 
2314  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2315  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2317  return SSL_DECODER_ERROR(-1);
2318  }
2319  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2320  } else {
2321  ValidateRecordState(ssl_state->curr_connp);
2322 
2323  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2324  record_len = MIN(input_len, record_len);
2325  }
2326  SCLogDebug("record length %u processed %u got %u",
2327  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2328 
2329  /* if we don't have the full record, we return incomplete */
2330  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2331  /* no need to use incomplete api buffering for application
2332  * records that we'll not use anyway. */
2333  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2334  SCLogDebug("application record");
2335  } else {
2336  uint32_t needed = ssl_state->curr_connp->record_length;
2337  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2338  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2340  return SSL_DECODER_INCOMPLETE(parsed, needed);
2341  }
2342  }
2343 
2344  if (record_len == 0) {
2345  return SSL_DECODER_OK(parsed);
2346  }
2347 
2348  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2349  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2350 
2351  switch (ssl_state->curr_connp->content_type) {
2352  /* we don't need any data from these types */
2354  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2355 
2356  if (direction) {
2357  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2358  } else {
2359  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2360  }
2361  break;
2362 
2363  case SSLV3_ALERT_PROTOCOL:
2364  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2365  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2366  break;
2367 
2369  /* In TLSv1.3 early data (0-RTT) could be sent before the
2370  handshake is complete (rfc8446, section 2.3). We should
2371  therefore not mark the handshake as done before we have
2372  seen the ServerHello record. */
2373  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2374  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2375  break;
2376 
2377  /* if we see (encrypted) aplication data, then this means the
2378  handshake must be done */
2379  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2380 
2382  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2385  }
2386 
2387  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2388  * heartbeat lke inspection to be able to be able to bypass the flow */
2390  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2397  }
2398  break;
2399 
2400  case SSLV3_HANDSHAKE_PROTOCOL: {
2401  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2402  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2403  compability (rfc8446, appendix D.4). */
2404  // Client hello flags is needed to have a valid version
2405  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2406  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2407  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2408  /* do nothing */
2409  } else {
2410  // if we started parsing this, we must stop
2411  break;
2412  }
2413  }
2414 
2415  if (ssl_state->curr_connp->record_length < 4) {
2416  SSLParserReset(ssl_state);
2418  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2419  return SSL_DECODER_ERROR(-1);
2420  }
2421 
2422  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2423  record_len, direction);
2424  SCLogDebug("retval %d", retval);
2425  if (retval < 0 || retval > (int)record_len) {
2426  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2428  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2429  return SSL_DECODER_ERROR(-1);
2430  }
2431  ValidateRecordState(ssl_state->curr_connp);
2432  break;
2433  }
2434  case SSLV3_HEARTBEAT_PROTOCOL: {
2435  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2436  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2437  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2438  record_len, direction);
2439  if (retval < 0) {
2440  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2441  return SSL_DECODER_ERROR(-1);
2442  }
2443  break;
2444  }
2445  default:
2446  // should be unreachable now that we check after header parsing
2448  SCLogDebug("unsupported record type");
2449  return SSL_DECODER_ERROR(-1);
2450  }
2451 
2452  parsed += record_len;
2453  ssl_state->curr_connp->bytes_processed += record_len;
2454 
2455  if (ssl_state->curr_connp->bytes_processed >=
2456  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2457  SCLogDebug("record complete, trigger RAW");
2459  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2460  SSLParserReset(ssl_state);
2461  ValidateRecordState(ssl_state->curr_connp);
2462  return SSL_DECODER_OK(parsed);
2463 
2464  } else {
2465  /* we still don't have the entire record for the one we are
2466  currently parsing */
2467  ValidateRecordState(ssl_state->curr_connp);
2468  return SSL_DECODER_OK(parsed);
2469  }
2470 }
2471 
2472 /**
2473  * \internal
2474  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2475  *
2476  * On parsing error, this should be the only function that should reset
2477  * the parser state, to avoid multiple functions in the chain reseting
2478  * the parser state.
2479  *
2480  * \param direction 0 for toserver, 1 for toclient.
2481  * \param alstate Pointer to the state.
2482  * \param pstate Application layer parser state for this session.
2483  * \param output Pointer to the list of parsed output elements.
2484  *
2485  * \todo On reaching an inconsistent state, check if the input has
2486  * another new record, instead of just returning after the reset
2487  *
2488  * \retval >=0 On success.
2489  */
2490 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2491  AppLayerParserState *pstate, StreamSlice stream_slice)
2492 {
2493  SSLState *ssl_state = (SSLState *)alstate;
2494  uint32_t counter = 0;
2495  ssl_state->f = f;
2496  const uint8_t *input = StreamSliceGetData(&stream_slice);
2497  const uint8_t *init_input = input;
2498  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2499 
2500  if (input == NULL &&
2501  ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2502  (direction == 1 &&
2504  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2505  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2507  } else if (input == NULL || input_len == 0) {
2509  }
2510 
2511  if (direction == 0)
2512  ssl_state->curr_connp = &ssl_state->client_connp;
2513  else
2514  ssl_state->curr_connp = &ssl_state->server_connp;
2515 
2516  /* If entering on a new record, reset the current flags. */
2517  if (ssl_state->curr_connp->bytes_processed == 0) {
2518  ssl_state->current_flags = 0;
2519  }
2520 
2521  /* if we have more than one record */
2522  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2523  while (input_len > 0) {
2524  if (counter > max_records) {
2525  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2526  "and get out of here");
2527  SSLParserReset(ssl_state);
2528  SSLSetEvent(ssl_state,
2530  return APP_LAYER_ERROR;
2531  }
2532 
2533  /* ssl_state->bytes_processed is zero for a fresh record or
2534  positive to indicate a record currently being parsed */
2535 
2536  if (ssl_state->curr_connp->bytes_processed == 0) {
2537  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2538  /* only SSLv2, has one of the top 2 bits set */
2539  ssl_state->curr_connp->version = SSL_VERSION_2;
2540  SCLogDebug("SSLv2 detected");
2541  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2542  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2543  SCLogDebug("SSL/TLS version reset");
2544  }
2545  }
2546  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2547  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2548 
2549  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2550  if (ssl_state->curr_connp->bytes_processed == 0) {
2551  SCLogDebug("New SSLv2 record parsing");
2552  } else {
2553  SCLogDebug("Continuing parsing SSLv2 record");
2554  }
2555  struct SSLDecoderResult r =
2556  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2557  if (r.retval < 0 || r.retval > input_len) {
2558  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2559  SCLogDebug("Error parsing SSLv2. Reseting parser "
2560  "state. Let's get outta here");
2561  SSLParserReset(ssl_state);
2562  SSLSetEvent(ssl_state,
2564  return APP_LAYER_ERROR;
2565  } else if (r.needed) {
2566  input += r.retval;
2567  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2568  (uintmax_t)(input - init_input), r.needed);
2569  SCReturnStruct(APP_LAYER_INCOMPLETE(input - init_input, r.needed));
2570  }
2571  input_len -= r.retval;
2572  input += r.retval;
2573  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2574  } else {
2575  if (ssl_state->curr_connp->bytes_processed == 0) {
2576  SCLogDebug("New TLS record: record_length %u",
2577  ssl_state->curr_connp->record_length);
2578  } else {
2579  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2580  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2581  }
2582  struct SSLDecoderResult r =
2583  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2584  if (r.retval < 0 || r.retval > input_len) {
2585  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2586  SCLogDebug("Error parsing TLS. Reseting parser "
2587  "state. Let's get outta here");
2588  SSLParserReset(ssl_state);
2589  return APP_LAYER_ERROR;
2590  } else if (r.needed) {
2591  input += r.retval;
2592  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2593  (uintmax_t)(input - init_input), r.needed);
2594  SCReturnStruct(APP_LAYER_INCOMPLETE(input - init_input, r.needed));
2595  }
2596  input_len -= r.retval;
2597  input += r.retval;
2598  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2599 
2601  && ssl_state->curr_connp->record_length == 0) {
2602  SCLogDebug("TLS empty record");
2603  /* empty record */
2604  SSLParserReset(ssl_state);
2605  }
2606  }
2607  counter++;
2608  } /* while (input_len) */
2609 
2610  /* mark handshake as done if we have subject and issuer */
2611  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2612  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2613  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2614  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2615  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2616  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2617  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2618  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2619  }
2620 
2621  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2624  SCLogDebug("SSL_AL_FLAG_STATE_FINISHED");
2625  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2626  }
2627 
2628  return APP_LAYER_OK;
2629 }
2630 
2631 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2632  StreamSlice stream_slice, void *local_data)
2633 {
2634  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2635 }
2636 
2637 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2638  StreamSlice stream_slice, void *local_data)
2639 {
2640  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2641 }
2642 
2643 /**
2644  * \internal
2645  * \brief Function to allocate the SSL state memory.
2646  */
2647 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2648 {
2649  SSLState *ssl_state = SCMalloc(sizeof(SSLState));
2650  if (unlikely(ssl_state == NULL))
2651  return NULL;
2652  memset(ssl_state, 0, sizeof(SSLState));
2653  ssl_state->client_connp.cert_log_flag = 0;
2654  ssl_state->server_connp.cert_log_flag = 0;
2655  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2656  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2657  TAILQ_INIT(&ssl_state->server_connp.certs);
2658  TAILQ_INIT(&ssl_state->client_connp.certs);
2659 
2660  return (void *)ssl_state;
2661 }
2662 
2663 /**
2664  * \internal
2665  * \brief Function to free the SSL state memory.
2666  */
2667 static void SSLStateFree(void *p)
2668 {
2669  SSLState *ssl_state = (SSLState *)p;
2670  SSLCertsChain *item;
2671 
2672  if (ssl_state->client_connp.cert0_subject)
2673  rs_cstring_free(ssl_state->client_connp.cert0_subject);
2674  if (ssl_state->client_connp.cert0_issuerdn)
2675  rs_cstring_free(ssl_state->client_connp.cert0_issuerdn);
2676  if (ssl_state->client_connp.cert0_serial)
2677  rs_cstring_free(ssl_state->client_connp.cert0_serial);
2678  if (ssl_state->client_connp.cert0_fingerprint)
2680  if (ssl_state->client_connp.sni)
2681  SCFree(ssl_state->client_connp.sni);
2682  if (ssl_state->client_connp.session_id)
2683  SCFree(ssl_state->client_connp.session_id);
2684  if (ssl_state->client_connp.hs_buffer)
2685  SCFree(ssl_state->client_connp.hs_buffer);
2686 
2687  if (ssl_state->server_connp.cert0_subject)
2688  rs_cstring_free(ssl_state->server_connp.cert0_subject);
2689  if (ssl_state->server_connp.cert0_issuerdn)
2690  rs_cstring_free(ssl_state->server_connp.cert0_issuerdn);
2691  if (ssl_state->server_connp.cert0_serial)
2692  rs_cstring_free(ssl_state->server_connp.cert0_serial);
2693  if (ssl_state->server_connp.cert0_fingerprint)
2695  if (ssl_state->server_connp.sni)
2696  SCFree(ssl_state->server_connp.sni);
2697  if (ssl_state->server_connp.session_id)
2698  SCFree(ssl_state->server_connp.session_id);
2699 
2700  if (ssl_state->client_connp.ja3_str)
2701  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2702  if (ssl_state->client_connp.ja3_hash)
2703  SCFree(ssl_state->client_connp.ja3_hash);
2704  if (ssl_state->server_connp.ja3_str)
2705  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2706  if (ssl_state->server_connp.ja3_hash)
2707  SCFree(ssl_state->server_connp.ja3_hash);
2708  if (ssl_state->server_connp.hs_buffer)
2709  SCFree(ssl_state->server_connp.hs_buffer);
2710 
2711  AppLayerDecoderEventsFreeEvents(&ssl_state->tx_data.events);
2712 
2713  if (ssl_state->tx_data.de_state != NULL) {
2714  DetectEngineStateFree(ssl_state->tx_data.de_state);
2715  }
2716 
2717  /* Free certificate chain */
2718  if (ssl_state->server_connp.certs_buffer)
2719  SCFree(ssl_state->server_connp.certs_buffer);
2720  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2721  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2722  SCFree(item);
2723  }
2724  TAILQ_INIT(&ssl_state->server_connp.certs);
2725  /* Free certificate chain */
2726  if (ssl_state->client_connp.certs_buffer)
2727  SCFree(ssl_state->client_connp.certs_buffer);
2728  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2729  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2730  SCFree(item);
2731  }
2732  TAILQ_INIT(&ssl_state->client_connp.certs);
2733 
2734  SCFree(ssl_state);
2735 
2736  return;
2737 }
2738 
2739 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2740 {
2741  /* do nothing */
2742 }
2743 
2744 static AppProto SSLProbingParser(Flow *f, uint8_t direction,
2745  const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2746 {
2747  /* probably a rst/fin sending an eof */
2748  if (ilen < 3)
2749  return ALPROTO_UNKNOWN;
2750 
2751  /* for now just the 3 byte header ones */
2752  /* \todo Detect the 2 byte ones */
2753  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2754  return ALPROTO_TLS;
2755  }
2756 
2757  return ALPROTO_FAILED;
2758 }
2759 
2760 static int SSLStateGetFrameIdByName(const char *frame_name)
2761 {
2762  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
2763  if (id < 0) {
2764  return -1;
2765  }
2766  return id;
2767 }
2768 
2769 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
2770 {
2771  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
2772  return name;
2773 }
2774 
2775 static int SSLStateGetEventInfo(const char *event_name,
2776  int *event_id, AppLayerEventType *event_type)
2777 {
2778  *event_id = SCMapEnumNameToValue(event_name, tls_decoder_event_table);
2779  if (*event_id == -1) {
2780  SCLogError("event \"%s\" not present in "
2781  "ssl's enum map table.",
2782  event_name);
2783  /* yes this is fatal */
2784  return -1;
2785  }
2786 
2787  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2788 
2789  return 0;
2790 }
2791 
2792 static int SSLStateGetEventInfoById(int event_id, const char **event_name,
2793  AppLayerEventType *event_type)
2794 {
2795  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
2796  if (*event_name == NULL) {
2797  SCLogError("event \"%d\" not present in "
2798  "ssl's enum map table.",
2799  event_id);
2800  /* yes this is fatal */
2801  return -1;
2802  }
2803 
2804  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2805 
2806  return 0;
2807 }
2808 
2809 static int SSLRegisterPatternsForProtocolDetection(void)
2810 {
2811  if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
2812  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
2813  return -1;
2814  }
2815 
2816  /** SSLv3 */
2818  "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
2819  {
2820  return -1;
2821  }
2823  "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
2824  {
2825  return -1;
2826  }
2827 
2828  /** TLSv1 */
2830  "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
2831  {
2832  return -1;
2833  }
2835  "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
2836  {
2837  return -1;
2838  }
2839 
2840  /** TLSv1.1 */
2842  "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
2843  {
2844  return -1;
2845  }
2847  "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
2848  {
2849  return -1;
2850  }
2851 
2852  /** TLSv1.2 */
2854  "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
2855  {
2856  return -1;
2857  }
2859  "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
2860  {
2861  return -1;
2862  }
2863 
2864  /***** toclient direction *****/
2865 
2867  "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
2868  {
2869  return -1;
2870  }
2872  "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
2873  {
2874  return -1;
2875  }
2877  "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
2878  {
2879  return -1;
2880  }
2881 
2882  /** TLSv1 */
2884  "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
2885  {
2886  return -1;
2887  }
2889  "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
2890  {
2891  return -1;
2892  }
2894  "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
2895  {
2896  return -1;
2897  }
2898 
2899  /** TLSv1.1 */
2901  "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
2902  {
2903  return -1;
2904  }
2906  "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
2907  {
2908  return -1;
2909  }
2911  "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
2912  {
2913  return -1;
2914  }
2915 
2916  /** TLSv1.2 */
2918  "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
2919  {
2920  return -1;
2921  }
2923  "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
2924  {
2925  return -1;
2926  }
2928  "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
2929  {
2930  return -1;
2931  }
2932 
2933  /* Subsection - SSLv2 style record by client, but informing the server
2934  * the max version it supports.
2935  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
2936  * it after some tests */
2937 #if 0
2939  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
2940  {
2941  return -1;
2942  }
2944  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
2945  {
2946  return -1;
2947  }
2948 #endif
2949 
2950  return 0;
2951 }
2952 
2953 /**
2954  * \brief Function to register the SSL protocol parser and other functions
2955  */
2957 {
2958  const char *proto_name = "tls";
2959 
2960  SC_ATOMIC_INIT(ssl_config.enable_ja3);
2961 
2962  /** SSLv2 and SSLv23*/
2963  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
2965 
2966  if (SSLRegisterPatternsForProtocolDetection() < 0)
2967  return;
2968 
2969  if (RunmodeIsUnittests()) {
2970  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
2971  "443",
2972  ALPROTO_TLS,
2973  0, 3,
2974  STREAM_TOSERVER,
2975  SSLProbingParser, NULL);
2976  } else {
2977  if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
2978  proto_name, ALPROTO_TLS,
2979  0, 3,
2980  SSLProbingParser, NULL) == 0) {
2981  SCLogConfig("no TLS config found, "
2982  "enabling TLS detection on port 443.");
2983  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
2984  "443",
2985  ALPROTO_TLS,
2986  0, 3,
2987  STREAM_TOSERVER,
2988  SSLProbingParser, NULL);
2989  }
2990  }
2991  } else {
2992  SCLogConfig("Protocol detection and parser disabled for %s protocol",
2993  proto_name);
2994  return;
2995  }
2996 
2997  if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
2998  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
2999  SSLParseClientRecord);
3000 
3001  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3002  SSLParseServerRecord);
3003 
3005  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3006  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3007  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3008 
3009  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3010 
3012 
3013  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3014 
3015  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3016  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3017  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3018 
3019  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3020 
3021  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3022 
3025 
3026  ConfNode *enc_handle = ConfGetNode("app-layer.protocols.tls.encryption-handling");
3027  if (enc_handle != NULL && enc_handle->val != NULL) {
3028  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3029  if (strcmp(enc_handle->val, "full") == 0) {
3031  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3033  } else if (strcmp(enc_handle->val, "default") == 0) {
3035  } else {
3037  }
3038  } else {
3039  /* Get the value of no reassembly option from the config file */
3040  if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3041  int value = 0;
3042  if (ConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3044  } else {
3045  int value = 0;
3046  if (ConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 && value == 1)
3048  }
3049  }
3050  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3051 
3052  /* Check if we should generate JA3 fingerprints */
3053  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3054  const char *strval = NULL;
3055  if (ConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3056  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3057  } else if (strcmp(strval, "auto") == 0) {
3058  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3059  } else if (ConfValIsFalse(strval)) {
3060  enable_ja3 = 0;
3061  ssl_config.disable_ja3 = true;
3062  } else if (ConfValIsTrue(strval)) {
3063  enable_ja3 = true;
3064  }
3065  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3066 
3067  if (g_disable_hashing) {
3068  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3069  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3070  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3071  }
3072  } else {
3073  if (RunmodeIsUnittests()) {
3074  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3075  }
3076  }
3077  } else {
3078  SCLogConfig("Parsed disabled for %s protocol. Protocol detection"
3079  "still on.", proto_name);
3080  }
3081 
3082  return;
3083 }
3084 
3085 /**
3086  * \brief if not explicitly disabled in config, enable ja3 support
3087  *
3088  * Implemented using atomic to allow rule reloads to do this at
3089  * runtime.
3090  */
3091 void SSLEnableJA3(void)
3092 {
3094  return;
3095  }
3096  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3097  return;
3098  }
3099  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3100 }
3101 
3103 {
3104  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3105  return true;
3106  }
3107  return false;
3108 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:166
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:58
util-byte.h
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:252
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:496
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:288
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:160
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:146
AppLayerProtoDetectPPParseConfPorts
int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1731
TLS_VERSION_11
@ TLS_VERSION_11
Definition: app-layer-ssl.h:167
JA3Buffer_
Definition: util-ja3.h:31
TLS_VERSION_13_DRAFT26_FB
@ TLS_VERSION_13_DRAFT26_FB
Definition: app-layer-ssl.h:188
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:226
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:208
TLS_VERSION_12
@ TLS_VERSION_12
Definition: app-layer-ssl.h:168
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:212
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
flow-util.h
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
SSL_AL_FLAG_HANDSHAKE_DONE
#define SSL_AL_FLAG_HANDSHAKE_DONE
Definition: app-layer-ssl.h:113
ConfNode_::val
char * val
Definition: conf.h:34
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
Definition: conf.c:482
stream-tcp.h
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:130
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:183
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:298
TLS_VERSION_13_DRAFT21_FB
@ TLS_VERSION_13_DRAFT21_FB
Definition: app-layer-ssl.h:185
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:145
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:238
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:306
TLS_VERSION_13_DRAFT21
@ TLS_VERSION_13_DRAFT21
Definition: app-layer-ssl.h:177
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:33
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:130
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:247
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:38
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:194
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:307
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:255
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:119
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:80
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:263
SSLStateConnp_
Definition: app-layer-ssl.h:231
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:334
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1591
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:272
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:147
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:249
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
TLS_STATE_FINISHED
@ TLS_STATE_FINISHED
Definition: app-layer-ssl.h:80
threads.h
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:142
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:90
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:357
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:149
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:289
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:99
AppLayerEventType
enum AppLayerEventType_ AppLayerEventType
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:175
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:548
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:404
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:292
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:266
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:177
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:507
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:170
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:192
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:304
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Add value to buffer.
Definition: util-ja3.c:170
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:60
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:184
TLS_VERSION_13_DRAFT18
@ TLS_VERSION_13_DRAFT18
Definition: app-layer-ssl.h:180
MIN
#define MIN(x, y)
Definition: suricata-common.h:380
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:134
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
util-ja3.h
stream-tcp-reassemble.h
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:101
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:73
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:291
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:132
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:260
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:181
TLS_STATE_CERT_READY
@ TLS_STATE_CERT_READY
Definition: app-layer-ssl.h:78
MAX
#define MAX(x, y)
Definition: suricata-common.h:384
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:277
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:39
TLS_VERSION_13_DRAFT26
@ TLS_VERSION_13_DRAFT26
Definition: app-layer-ssl.h:172
util-unittest.h
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:235
APP_LAYER_EVENT_TYPE_TRANSACTION
@ APP_LAYER_EVENT_TYPE_TRANSACTION
Definition: app-layer-events.h:57
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:87
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:253
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:531
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:279
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:92
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:93
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:256
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:68
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:302
AppLayerProtoDetectPPRegister
void AppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1692
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:133
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:110
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:193
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
app-layer-detect-proto.h
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:218
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
SSL_CNF_ENC_HANDLE_DEFAULT
@ SSL_CNF_ENC_HANDLE_DEFAULT
Definition: app-layer-ssl.c:150
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:100
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
decode.h
util-debug.h
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
type
uint8_t type
Definition: decode-icmpv4.h:0
TLS_VERSION_UNKNOWN
@ TLS_VERSION_UNKNOWN
Definition: app-layer-ssl.h:163
AppLayerParserState_
Definition: app-layer-parser.c:139
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:207
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
Definition: app-layer-ssl.c:3102
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:136
TLS_VERSION_13_DRAFT28
@ TLS_VERSION_13_DRAFT28
Definition: app-layer-ssl.h:170
TLS_VERSION_10
@ TLS_VERSION_10
Definition: app-layer-ssl.h:166
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:71
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:135
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:67
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Append buffer to buffer.
Definition: util-ja3.c:106
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:243
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:195
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:217
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:280
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:266
TLS_VERSION_13_DRAFT20
@ TLS_VERSION_13_DRAFT20
Definition: app-layer-ssl.h:178
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:141
SSLCertsChain_
Definition: app-layer-ssl.h:224
util-print.h
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:575
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:272
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:133
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:431
AppLayerProtoDetectPMRegisterPatternCSwPP
int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1818
SSLVersionToString
void SSLVersionToString(uint16_t version, char *buffer)
Definition: app-layer-ssl.c:340
TLS_VERSION_13_DRAFT22
@ TLS_VERSION_13_DRAFT22
Definition: app-layer-ssl.h:176
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:36
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: rust.h:32
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:98
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:158
TLS_VERSION_13_DRAFT23
@ TLS_VERSION_13_DRAFT23
Definition: app-layer-ssl.h:175
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:143
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:149
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:136
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:109
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:100
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:198
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:190
stream.h
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:65
TLS_VERSION_13_DRAFT27
@ TLS_VERSION_13_DRAFT27
Definition: app-layer-ssl.h:171
TLS_VERSION_13
@ TLS_VERSION_13
Definition: app-layer-ssl.h:169
stream-tcp-private.h
TLS_VERSION_13_DRAFT23_FB
@ TLS_VERSION_13_DRAFT23_FB
Definition: app-layer-ssl.h:187
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:40
conf.h
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:72
TLS_VERSION_13_DRAFT25
@ TLS_VERSION_13_DRAFT25
Definition: app-layer-ssl.h:173
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:122
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3091
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:585
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:233
SslConfig_
Definition: app-layer-ssl.c:155
SSL_AL_FLAG_STATE_FINISHED
#define SSL_AL_FLAG_STATE_FINISHED
Definition: app-layer-ssl.h:105
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:189
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1909
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:138
TLS_VERSION_13_DRAFT17
@ TLS_VERSION_13_DRAFT17
Definition: app-layer-ssl.h:181
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:169
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:167
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:196
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:225
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:232
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:267
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:35
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:392
DetectEngineStateFree
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
Definition: detect-engine-state.c:174
decode-events.h
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:138
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:182
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:84
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:214
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:529
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:137
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1814
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:66
SSLDecoderResult
Definition: app-layer-ssl.c:216
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:88
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1303
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:251
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:201
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:220
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:90
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:291
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:2956
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:203
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:225
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:147
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Generate Ja3 hash string.
Definition: util-ja3.c:214
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:148
SCEnumCharMap_
Definition: util-enum.h:27
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:61
TLS_VERSION_13_DRAFT16
@ TLS_VERSION_13_DRAFT16
Definition: app-layer-ssl.h:182
util-spm.h
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:241
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:279
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:607
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:278
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:230
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:597
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:416
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:156
TLS_VERSION_13_DRAFT19
@ TLS_VERSION_13_DRAFT19
Definition: app-layer-ssl.h:179
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:173
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:86
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:179
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:152
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:191
SSL_VERSION_2
@ SSL_VERSION_2
Definition: app-layer-ssl.h:164
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:163
str
#define str(s)
Definition: suricata-common.h:280
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:70
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:563
src
uint16_t src
Definition: app-layer-dnp3.h:5
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:69
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:188
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:556
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:94
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:168
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:70
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:174
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:62
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:269
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:204
app-layer-protos.h
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:131
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:518
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:151
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:92
SslConfig
struct SslConfig_ SslConfig
TLS_VERSION_13_DRAFT22_FB
@ TLS_VERSION_13_DRAFT22_FB
Definition: app-layer-ssl.h:186
TLS_STATE_IN_PROGRESS
@ TLS_STATE_IN_PROGRESS
Definition: app-layer-ssl.h:77
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:95
TLS_VERSION_13_DRAFT20_FB
@ TLS_VERSION_13_DRAFT20_FB
Definition: app-layer-ssl.h:184
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1805
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:37
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:262
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:376
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:134
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:144
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:257
TLS_VERSION_13_DRAFT24
@ TLS_VERSION_13_DRAFT24
Definition: app-layer-ssl.h:174
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:210
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:271
AppLayerParserStateIssetFlag
uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1822
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:64
TLS_HANDSHAKE_DONE
@ TLS_HANDSHAKE_DONE
Definition: app-layer-ssl.h:79
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:180
SSL_VERSION_3
@ SSL_VERSION_3
Definition: app-layer-ssl.h:165
util-enum.h
util-pool.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:276
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:2079
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:254
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:111
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:176
WARN_UNUSED
#define WARN_UNUSED
Definition: suricata-common.h:392
TLS_VERSION_13_PRE_DRAFT16
@ TLS_VERSION_13_PRE_DRAFT16
Definition: app-layer-ssl.h:183
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:126
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:185
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:108
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:91
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:152
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:63
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:295
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:240
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:178
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:201