suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 
30 #include "app-layer.h"
31 #include "app-layer-detect-proto.h"
32 #include "app-layer-protos.h"
33 #include "app-layer-parser.h"
34 #include "app-layer-frames.h"
35 #include "app-layer-ssl.h"
36 
37 #include "conf.h"
38 
39 #include "feature.h"
40 
41 #include "util-debug.h"
42 #include "util-ja3.h"
43 #include "util-enum.h"
44 #include "util-validate.h"
45 
46 SCEnumCharMap tls_frame_table[] = {
47  {
48  "pdu",
49  TLS_FRAME_PDU,
50  },
51  {
52  "hdr",
53  TLS_FRAME_HDR,
54  },
55  {
56  "data",
57  TLS_FRAME_DATA,
58  },
59  {
60  "alert",
61  TLS_FRAME_ALERT_DATA,
62  },
63  {
64  "heartbeat",
65  TLS_FRAME_HB_DATA,
66  },
67  {
68  "ssl2.hdr",
69  TLS_FRAME_SSLV2_HDR,
70  },
71  {
72  "ssl2.pdu",
73  TLS_FRAME_SSLV2_PDU,
74  },
75  { NULL, -1 },
76 };
77 
78 SCEnumCharMap tls_decoder_event_table[] = {
79  /* TLS protocol messages */
80  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
81  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
82  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
83  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
84  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
85  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
86  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
87  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
88  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
89  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
90  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
91  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
92  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
93  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
94  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
95  { "INVALID_ALERT_MESSAGE", TLS_DECODER_EVENT_INVALID_ALERT },
96  /* certificate decoding messages */
97  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
98  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
99  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
100  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
101  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
102  TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
103  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
104  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
105  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
106  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
107  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
108  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
109  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
110  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
111  /* used as a generic error event */
112  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
113  { NULL, -1 },
114 };
115 
116 enum {
117  /* X.509 error codes, returned by decoder
118  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
119  ERR_INVALID_CERTIFICATE=1,
120  ERR_INVALID_LENGTH,
121  ERR_INVALID_VERSION,
122  ERR_INVALID_SERIAL,
123  ERR_INVALID_ALGORITHMIDENTIFIER,
124  ERR_INVALID_X509NAME,
125  ERR_INVALID_DATE,
126  ERR_INVALID_EXTENSIONS,
127  ERR_INVALID_DER,
128 
129  /* error getting data */
130  ERR_EXTRACT_SUBJECT,
131  ERR_EXTRACT_ISSUER,
132  ERR_EXTRACT_VALIDITY,
133 };
134 
135 /* JA3 and JA4 fingerprints are disabled by default */
136 #define SSL_CONFIG_DEFAULT_JA3 0
137 #define SSL_CONFIG_DEFAULT_JA4 0
138 
139 enum SslConfigEncryptHandling {
140  SSL_CNF_ENC_HANDLE_DEFAULT = 0, /**< disable raw content, continue tracking */
141  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
142  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
143 };
144 
145 typedef struct SslConfig_ {
146  enum SslConfigEncryptHandling encrypt_mode;
147  /** dynamic setting for ja3 and ja4: can be enabled on demand if not
148  * explicitly disabled. */
149  SC_ATOMIC_DECLARE(int, enable_ja3);
150  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
151  SC_ATOMIC_DECLARE(int, enable_ja4);
152  bool disable_ja4; /**< ja4 explicitly disabled. Don't enable on demand. */
153 } SslConfig;
154 
155 SslConfig ssl_config;
156 
157 /* SSLv3 record types */
158 #define SSLV3_CHANGE_CIPHER_SPEC 20
159 #define SSLV3_ALERT_PROTOCOL 21
160 #define SSLV3_HANDSHAKE_PROTOCOL 22
161 #define SSLV3_APPLICATION_PROTOCOL 23
162 #define SSLV3_HEARTBEAT_PROTOCOL 24
163 
164 /* SSLv3 handshake protocol types */
165 #define SSLV3_HS_HELLO_REQUEST 0
166 #define SSLV3_HS_CLIENT_HELLO 1
167 #define SSLV3_HS_SERVER_HELLO 2
168 #define SSLV3_HS_NEW_SESSION_TICKET 4
169 #define SSLV3_HS_CERTIFICATE 11
170 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
171 #define SSLV3_HS_CERTIFICATE_REQUEST 13
172 #define SSLV3_HS_SERVER_HELLO_DONE 14
173 #define SSLV3_HS_CERTIFICATE_VERIFY 15
174 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
175 #define SSLV3_HS_FINISHED 20
176 #define SSLV3_HS_CERTIFICATE_URL 21
177 #define SSLV3_HS_CERTIFICATE_STATUS 22
178 
179 /* SSLv2 protocol message types */
180 #define SSLV2_MT_ERROR 0
181 #define SSLV2_MT_CLIENT_HELLO 1
182 #define SSLV2_MT_CLIENT_MASTER_KEY 2
183 #define SSLV2_MT_CLIENT_FINISHED 3
184 #define SSLV2_MT_SERVER_HELLO 4
185 #define SSLV2_MT_SERVER_VERIFY 5
186 #define SSLV2_MT_SERVER_FINISHED 6
187 #define SSLV2_MT_REQUEST_CERTIFICATE 7
188 #define SSLV2_MT_CLIENT_CERTIFICATE 8
189 
190 #define SSLV3_RECORD_HDR_LEN 5
191 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
192 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
193 
194 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
195 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
196 
197 /* TLS heartbeat protocol types */
198 #define TLS_HB_REQUEST 1
199 #define TLS_HB_RESPONSE 2
200 
201 #define SSL_RECORD_MINIMUM_LENGTH 6
202 
203 #define SHA1_STRING_LENGTH 60
204 
205 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
206 
207 struct SSLDecoderResult {
208  int retval; // nr bytes consumed from input, or < 0 on error
209  uint32_t needed; // more bytes needed
210 };
211 #define SSL_DECODER_ERROR(e) \
212  (struct SSLDecoderResult) \
213  { \
214  (e), 0 \
215  }
216 #define SSL_DECODER_OK(c) \
217  (struct SSLDecoderResult) \
218  { \
219  (uint32_t)(c), 0 \
220  }
221 #define SSL_DECODER_INCOMPLETE(c, n) \
222  (struct SSLDecoderResult) \
223  { \
224  (uint32_t)(c), (n) \
225  }
226 
227 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
228  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
229 
230 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
231  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
232 {
233  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
234  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
235  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
236  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
237 
238  if (dst_offset < dst_size && src_offset < src_size &&
239  src_tocopy <= (src_size - src_offset) &&
240  src_tocopy <= (dst_size - dst_offset)) {
241  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
242  return 0;
243  }
244  return -1;
245 }
246 
247 #ifdef DEBUG_VALIDATION
248 #define ValidateRecordState(connp) \
249  do { \
250  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
251  (connp)->bytes_processed); \
252  } while(0);
253 #else
254 #define ValidateRecordState(...)
255 #endif
256 
257 #define SSLParserHSReset(connp) \
258  do { \
259  (connp)->handshake_type = 0; \
260  (connp)->message_length = 0; \
261  } while (0)
262 
263 #define SSLParserReset(state) \
264  do { \
265  SCLogDebug("resetting state"); \
266  (state)->curr_connp->bytes_processed = 0; \
267  SSLParserHSReset((state)->curr_connp); \
268  } while(0)
269 
270 #define SSLSetEvent(ssl_state, event) \
271  do { \
272  SCLogDebug("setting event %u", (event)); \
273  if ((ssl_state) == NULL) { \
274  SCLogDebug("could not set decoder event %u", event); \
275  } else { \
276  AppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
277  (ssl_state)->events++; \
278  } \
279  } while (0)
280 
281 static void SSLStateCertSANFree(SSLStateConnp *connp);
282 
283 static void *SSLGetTx(void *state, uint64_t tx_id)
284 {
285  SSLState *ssl_state = (SSLState *)state;
286  return ssl_state;
287 }
288 
289 static uint64_t SSLGetTxCnt(void *state)
290 {
291  /* single tx */
292  return 1;
293 }
294 
295 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
296 {
297  SSLState *ssl_state = (SSLState *)tx;
298 
299  /* we don't care about direction, only that app-layer parser is done
300  and have sent an EOF */
301  if (ssl_state->flags & SSL_AL_FLAG_STATE_FINISHED) {
302  return TLS_STATE_FINISHED;
303  }
304 
305  /* we want the logger to log when the handshake is done, even if the
306  state is not finished */
307  if (ssl_state->flags & SSL_AL_FLAG_HANDSHAKE_DONE) {
308  return TLS_HANDSHAKE_DONE;
309  }
310 
311  if (direction == STREAM_TOSERVER &&
312  (ssl_state->server_connp.cert0_subject != NULL ||
313  ssl_state->server_connp.cert0_issuerdn != NULL))
314  {
315  return TLS_STATE_CERT_READY;
316  }
317 
318  return TLS_STATE_IN_PROGRESS;
319 }
320 
321 static AppLayerTxData *SSLGetTxData(void *vtx)
322 {
323  SSLState *ssl_state = (SSLState *)vtx;
324  return &ssl_state->tx_data;
325 }
326 
327 static AppLayerStateData *SSLGetStateData(void *vstate)
328 {
329  SSLState *ssl_state = (SSLState *)vstate;
330  return &ssl_state->state_data;
331 }
332 
333 void SSLVersionToString(uint16_t version, char *buffer)
334 {
335  buffer[0] = '\0';
336 
337  switch (version) {
338  case TLS_VERSION_UNKNOWN:
339  strlcat(buffer, "UNDETERMINED", 13);
340  break;
341  case SSL_VERSION_2:
342  strlcat(buffer, "SSLv2", 6);
343  break;
344  case SSL_VERSION_3:
345  strlcat(buffer, "SSLv3", 6);
346  break;
347  case TLS_VERSION_10:
348  strlcat(buffer, "TLSv1", 6);
349  break;
350  case TLS_VERSION_11:
351  strlcat(buffer, "TLS 1.1", 8);
352  break;
353  case TLS_VERSION_12:
354  strlcat(buffer, "TLS 1.2", 8);
355  break;
356  case TLS_VERSION_13:
357  strlcat(buffer, "TLS 1.3", 8);
358  break;
359  case TLS_VERSION_13_DRAFT28:
360  strlcat(buffer, "TLS 1.3 draft-28", 17);
361  break;
362  case TLS_VERSION_13_DRAFT27:
363  strlcat(buffer, "TLS 1.3 draft-27", 17);
364  break;
365  case TLS_VERSION_13_DRAFT26:
366  strlcat(buffer, "TLS 1.3 draft-26", 17);
367  break;
368  case TLS_VERSION_13_DRAFT25:
369  strlcat(buffer, "TLS 1.3 draft-25", 17);
370  break;
371  case TLS_VERSION_13_DRAFT24:
372  strlcat(buffer, "TLS 1.3 draft-24", 17);
373  break;
374  case TLS_VERSION_13_DRAFT23:
375  strlcat(buffer, "TLS 1.3 draft-23", 17);
376  break;
377  case TLS_VERSION_13_DRAFT22:
378  strlcat(buffer, "TLS 1.3 draft-22", 17);
379  break;
380  case TLS_VERSION_13_DRAFT21:
381  strlcat(buffer, "TLS 1.3 draft-21", 17);
382  break;
383  case TLS_VERSION_13_DRAFT20:
384  strlcat(buffer, "TLS 1.3 draft-20", 17);
385  break;
386  case TLS_VERSION_13_DRAFT19:
387  strlcat(buffer, "TLS 1.3 draft-19", 17);
388  break;
389  case TLS_VERSION_13_DRAFT18:
390  strlcat(buffer, "TLS 1.3 draft-18", 17);
391  break;
392  case TLS_VERSION_13_DRAFT17:
393  strlcat(buffer, "TLS 1.3 draft-17", 17);
394  break;
395  case TLS_VERSION_13_DRAFT16:
396  strlcat(buffer, "TLS 1.3 draft-16", 17);
397  break;
398  case TLS_VERSION_13_PRE_DRAFT16:
399  strlcat(buffer, "TLS 1.3 draft-<16", 18);
400  break;
401  case TLS_VERSION_13_DRAFT20_FB:
402  strlcat(buffer, "TLS 1.3 draft-20-fb", 20);
403  break;
404  case TLS_VERSION_13_DRAFT21_FB:
405  strlcat(buffer, "TLS 1.3 draft-21-fb", 20);
406  break;
407  case TLS_VERSION_13_DRAFT22_FB:
408  strlcat(buffer, "TLS 1.3 draft-22-fb", 20);
409  break;
410  case TLS_VERSION_13_DRAFT23_FB:
411  strlcat(buffer, "TLS 1.3 draft-23-fb", 20);
412  break;
413  case TLS_VERSION_13_DRAFT26_FB:
414  strlcat(buffer, "TLS 1.3 draft-26-fb", 20);
415  break;
416  default:
417  snprintf(buffer, 7, "0x%04x", version);
418  break;
419  }
420 }
421 
422 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
423 {
424  switch(err) {
425  case ERR_EXTRACT_VALIDITY:
426  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY);
427  break;
428  case ERR_EXTRACT_ISSUER:
429  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER);
430  break;
431  case ERR_EXTRACT_SUBJECT:
432  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT);
433  break;
434  case ERR_INVALID_DER:
435  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER);
436  break;
437  case ERR_INVALID_EXTENSIONS:
438  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS);
439  break;
440  case ERR_INVALID_DATE:
441  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE);
442  break;
443  case ERR_INVALID_X509NAME:
444  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME);
445  break;
446  case ERR_INVALID_ALGORITHMIDENTIFIER:
447  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER);
448  break;
449  case ERR_INVALID_SERIAL:
450  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL);
451  break;
452  case ERR_INVALID_VERSION:
453  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION);
454  break;
455  case ERR_INVALID_LENGTH:
456  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH);
457  break;
458  case ERR_INVALID_CERTIFICATE:
459  default:
460  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
461  break;
462  }
463 }
464 
465 static inline int TlsDecodeHSCertificateFingerprint(
466  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
467 {
468  if (unlikely(connp->cert0_fingerprint != NULL))
469  return 0;
470 
471  connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH);
472  if (connp->cert0_fingerprint == NULL)
473  return -1;
474 
475  uint8_t hash[SC_SHA1_LEN];
476  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
477  rs_to_hex_sep(
478  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
479  }
480  return 0;
481 }
482 
483 static inline int TlsDecodeHSCertificateAddCertToChain(
484  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
485 {
486  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
487  if (cert == NULL)
488  return -1;
489 
490  cert->cert_data = (uint8_t *)input;
491  cert->cert_len = cert_len;
492  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
493 
494  return 0;
495 }
496 
497 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
498  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
499 {
500  const uint8_t *input = (uint8_t *)initial_input;
501  uint32_t err_code = 0;
502  X509 *x509 = NULL;
503  int rc = 0;
504 
505  if (!(HAS_SPACE(3)))
506  goto invalid_cert;
507 
508  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
509  input += 3;
510 
511  if (!(HAS_SPACE(cert_len)))
512  goto invalid_cert;
513 
514  /* only store fields from the first certificate in the chain */
515  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
516  connp->cert0_serial == NULL) {
517  x509 = rs_x509_decode(input, cert_len, &err_code);
518  if (x509 == NULL) {
519  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
520  goto next;
521  }
522 
523  char *str = rs_x509_get_subject(x509);
524  if (str == NULL) {
525  err_code = ERR_EXTRACT_SUBJECT;
526  goto error;
527  }
528  connp->cert0_subject = str;
529 
530  str = rs_x509_get_issuer(x509);
531  if (str == NULL) {
532  err_code = ERR_EXTRACT_ISSUER;
533  goto error;
534  }
535  connp->cert0_issuerdn = str;
536 
537  connp->cert0_sans_len = rs_x509_get_subjectaltname_len(x509);
538  char **sans = SCCalloc(connp->cert0_sans_len, sizeof(char *));
539  if (sans == NULL) {
540  goto error;
541  }
542  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
543  sans[i] = rs_x509_get_subjectaltname_at(x509, i);
544  }
545  connp->cert0_sans = sans;
546  str = rs_x509_get_serial(x509);
547  if (str == NULL) {
548  err_code = ERR_INVALID_SERIAL;
549  goto error;
550  }
551  connp->cert0_serial = str;
552 
553  rc = rs_x509_get_validity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
554  if (rc != 0) {
555  err_code = ERR_EXTRACT_VALIDITY;
556  goto error;
557  }
558 
559  rs_x509_free(x509);
560  x509 = NULL;
561 
562  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
563  if (rc != 0) {
564  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
565  goto error;
566  }
567  }
568 
569  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
570  if (rc != 0) {
571  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
572  goto error;
573  }
574 
575 next:
576  input += cert_len;
577  return (int)(input - initial_input);
578 
579 error:
580  if (err_code != 0)
581  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
582  if (x509 != NULL)
583  rs_x509_free(x509);
584 
585  SSLStateCertSANFree(connp);
586  return -1;
587 
588 invalid_cert:
589  SCLogDebug("TLS invalid certificate");
590  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
591  return -1;
592 }
593 
594 /** \internal
595  * \brief parse cert data in a certificate handshake message
596  * will be called with all data.
597  * \retval consumed bytes consumed or -1 on error
598  */
599 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
600  const uint8_t *const initial_input, const uint32_t input_len)
601 {
602  const uint8_t *input = (uint8_t *)initial_input;
603 
604  if (!(HAS_SPACE(3)))
605  return -1;
606 
607  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
608  input += 3;
609 
610  if (!(HAS_SPACE(cert_chain_len)))
611  return -1;
612 
613  if (connp->certs_buffer != NULL) {
614  // TODO should we set an event here?
615  return -1;
616  }
617 
618  connp->certs_buffer = SCCalloc(1, cert_chain_len);
619  if (connp->certs_buffer == NULL) {
620  return -1;
621  }
622  connp->certs_buffer_size = cert_chain_len;
623  memcpy(connp->certs_buffer, input, cert_chain_len);
624 
625  int cert_cnt = 0;
626  uint32_t processed_len = 0;
627  /* coverity[tainted_data] */
628  while (processed_len < cert_chain_len) {
629  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
630  connp->certs_buffer_size - processed_len, cert_cnt);
631  if (rc <= 0) { // 0 should be impossible, but lets be defensive
632  return -1;
633  }
634  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
635  if (processed_len + (uint32_t)rc > cert_chain_len) {
636  return -1;
637  }
638 
639  processed_len += (uint32_t)rc;
640  }
641 
642  return processed_len + 3;
643 }
644 
645 /**
646  * \inline
647  * \brief Check if value is GREASE.
648  *
649  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
650  *
651  * \param value Value to check.
652  *
653  * \retval 1 if is GREASE.
654  * \retval 0 if not is GREASE.
655  */
656 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
657 {
658  switch (value)
659  {
660  case 0x0a0a:
661  case 0x1a1a:
662  case 0x2a2a:
663  case 0x3a3a:
664  case 0x4a4a:
665  case 0x5a5a:
666  case 0x6a6a:
667  case 0x7a7a:
668  case 0x8a8a:
669  case 0x9a9a:
670  case 0xaaaa:
671  case 0xbaba:
672  case 0xcaca:
673  case 0xdada:
674  case 0xeaea:
675  case 0xfafa:
676  return 1;
677  default:
678  return 0;
679  }
680 }
681 
682 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
683  const uint8_t * const initial_input,
684  const uint32_t input_len)
685 {
686  uint8_t *input = (uint8_t *)initial_input;
687 
688  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_VERSION_LEN))) {
689  SCLogDebug("TLS handshake invalid length");
690  SSLSetEvent(ssl_state,
691  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
692  return -1;
693  }
694 
695  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
696  ssl_state->curr_connp->version = version;
697 
698  if (ssl_state->curr_connp->ja4 != NULL &&
699  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
700  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, version);
701  }
702 
703  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
704  versions, instead of using the supported versions extension. */
705  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
706  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
707  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
708  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
709  }
710 
711  /* Catch some early TLSv1.3 draft implementations that does not conform
712  to the draft version. */
713  if ((ssl_state->curr_connp->version >= 0x7f01) &&
714  (ssl_state->curr_connp->version < 0x7f10)) {
715  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
716  }
717 
718  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
719  version number, which makes it hard to accurately pinpoint the
720  exact draft version. */
721  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
722  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
723  }
724 
725  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
726  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
727  if (ssl_state->curr_connp->ja3_str == NULL)
728  return -1;
729 
730  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
731  if (rc != 0)
732  return -1;
733  }
734 
735  input += SSLV3_CLIENT_HELLO_VERSION_LEN;
736 
737  return (int)(input - initial_input);
738 }
739 
740 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
741  const uint8_t * const initial_input,
742  const uint32_t input_len)
743 {
744  uint8_t *input = (uint8_t *)initial_input;
745 
746  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_RANDOM_LEN))) {
747  SCLogDebug("TLS handshake invalid length");
748  SSLSetEvent(ssl_state,
749  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
750  return -1;
751  }
752 
753  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
754  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
755  ssl_state->flags |= TLS_TS_RANDOM_SET;
756  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
757  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
758  ssl_state->flags |= TLS_TC_RANDOM_SET;
759  }
760 
761  /* Skip random */
762  input += SSLV3_CLIENT_HELLO_RANDOM_LEN;
763 
764  return (int)(input - initial_input);
765 }
766 
767 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
768  const uint8_t * const initial_input,
769  const uint32_t input_len)
770 {
771  uint8_t *input = (uint8_t *)initial_input;
772 
773  if (!(HAS_SPACE(1)))
774  goto invalid_length;
775 
776  uint8_t session_id_length = *input;
777  input += 1;
778 
779  if (!(HAS_SPACE(session_id_length)))
780  goto invalid_length;
781 
782  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
783  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
784 
785  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
786  return -1;
787  }
788 
789  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
790  input, 0, input_len, session_id_length) != 0) {
791  return -1;
792  }
793  ssl_state->curr_connp->session_id_length = session_id_length;
794 
795  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
796  ssl_state->client_connp.session_id != NULL &&
797  ssl_state->server_connp.session_id != NULL) {
798  if ((ssl_state->client_connp.session_id_length ==
799  ssl_state->server_connp.session_id_length) &&
800  (memcmp(ssl_state->server_connp.session_id,
801  ssl_state->client_connp.session_id, session_id_length) == 0)) {
802  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
803  }
804  }
805  }
806 
807  input += session_id_length;
808 
809  return (int)(input - initial_input);
810 
811 invalid_length:
812  SCLogDebug("TLS handshake invalid length");
813  SSLSetEvent(ssl_state,
814  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
815  return -1;
816 }
817 
818 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
819  const uint8_t * const initial_input,
820  const uint32_t input_len)
821 {
822  const uint8_t *input = initial_input;
823 
824  if (!(HAS_SPACE(2)))
825  goto invalid_length;
826 
827  uint16_t cipher_suites_length;
828 
829  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
830  cipher_suites_length = 2;
831  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
832  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
833  input += 2;
834  } else {
835  return -1;
836  }
837 
838  if (!(HAS_SPACE(cipher_suites_length)))
839  goto invalid_length;
840 
841  /* Cipher suites length should always be divisible by 2 */
842  if ((cipher_suites_length % 2) != 0) {
843  goto invalid_length;
844  }
845 
846  const bool enable_ja3 =
847  SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL;
848 
849  if (enable_ja3 || SC_ATOMIC_GET(ssl_config.enable_ja4)) {
850  JA3Buffer *ja3_cipher_suites = NULL;
851 
852  if (enable_ja3) {
853  ja3_cipher_suites = Ja3BufferInit();
854  if (ja3_cipher_suites == NULL)
855  return -1;
856  }
857 
858  uint16_t processed_len = 0;
859  /* coverity[tainted_data] */
860  while (processed_len < cipher_suites_length)
861  {
862  if (!(HAS_SPACE(2))) {
863  if (enable_ja3) {
864  Ja3BufferFree(&ja3_cipher_suites);
865  }
866  goto invalid_length;
867  }
868 
869  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
870  input += 2;
871 
872  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
873  if (ssl_state->curr_connp->ja4 != NULL &&
874  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
875  SCJA4AddCipher(ssl_state->curr_connp->ja4, cipher_suite);
876  }
877  if (enable_ja3) {
878  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
879  if (rc != 0) {
880  return -1;
881  }
882  }
883  }
884  processed_len += 2;
885  }
886 
887  if (enable_ja3) {
888  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str, &ja3_cipher_suites);
889  if (rc == -1) {
890  return -1;
891  }
892  }
893 
894  } else {
895  /* Skip cipher suites */
896  input += cipher_suites_length;
897  }
898 
899  return (int)(input - initial_input);
900 
901 invalid_length:
902  SCLogDebug("TLS handshake invalid length");
903  SSLSetEvent(ssl_state,
904  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
905  return -1;
906 }
907 
908 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
909  const uint8_t * const initial_input,
910  const uint32_t input_len)
911 {
912  const uint8_t *input = initial_input;
913 
914  if (!(HAS_SPACE(1)))
915  goto invalid_length;
916 
917  /* Skip compression methods */
918  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
919  input += 1;
920  } else {
921  uint8_t compression_methods_length = *input;
922  input += 1;
923 
924  if (!(HAS_SPACE(compression_methods_length)))
925  goto invalid_length;
926 
927  input += compression_methods_length;
928  }
929 
930  return (int)(input - initial_input);
931 
932 invalid_length:
933  SCLogDebug("TLS handshake invalid_length");
934  SSLSetEvent(ssl_state,
935  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
936  return -1;
937 }
938 
939 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
940  const uint8_t * const initial_input,
941  const uint32_t input_len)
942 {
943  uint8_t *input = (uint8_t *)initial_input;
944 
945  /* Empty extension */
946  if (input_len == 0)
947  return 0;
948 
949  if (!(HAS_SPACE(2)))
950  goto invalid_length;
951 
952  /* Skip sni_list_length */
953  input += 2;
954 
955  if (!(HAS_SPACE(1)))
956  goto invalid_length;
957 
958  uint8_t sni_type = *input;
959  input += 1;
960 
961  /* Currently the only type allowed is host_name
962  (RFC6066 section 3). */
963  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
964  SCLogDebug("Unknown SNI type");
965  SSLSetEvent(ssl_state,
966  TLS_DECODER_EVENT_INVALID_SNI_TYPE);
967  return -1;
968  }
969 
970  if (!(HAS_SPACE(2)))
971  goto invalid_length;
972 
973  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
974  input += 2;
975 
976  /* host_name contains the fully qualified domain name,
977  and should therefore be limited by the maximum domain
978  name length. */
979  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
980  SSLSetEvent(ssl_state,
981  TLS_DECODER_EVENT_INVALID_SNI_LENGTH);
982  return -1;
983  }
984 
985  /* There must not be more than one extension of the same
986  type (RFC5246 section 7.4.1.4). */
987  if (ssl_state->curr_connp->sni) {
988  SCLogDebug("Multiple SNI extensions");
989  SSLSetEvent(ssl_state,
990  TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS);
991  input += sni_len;
992  return (int)(input - initial_input);
993  }
994 
995  const size_t sni_strlen = sni_len + 1;
996  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
997  if (unlikely(ssl_state->curr_connp->sni == NULL))
998  return -1;
999 
1000  const size_t consumed = input - initial_input;
1001  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
1002  initial_input, consumed, input_len, sni_len) != 0) {
1003  SCFree(ssl_state->curr_connp->sni);
1004  ssl_state->curr_connp->sni = NULL;
1005  return -1;
1006  }
1007  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
1008 
1009  input += sni_len;
1010 
1011  return (int)(input - initial_input);
1012 
1013 invalid_length:
1014  SCLogDebug("TLS handshake invalid length");
1015  SSLSetEvent(ssl_state,
1016  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1017 
1018 
1019  return -1;
1020 }
1021 
1022 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
1023  const uint8_t * const initial_input,
1024  const uint32_t input_len)
1025 {
1026  const uint8_t *input = initial_input;
1027 
1028  /* Empty extension */
1029  if (input_len == 0)
1030  return 0;
1031 
1032  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1033  if (!(HAS_SPACE(1)))
1034  goto invalid_length;
1035 
1036  uint8_t supported_ver_len = *input;
1037  input += 1;
1038 
1039  if (supported_ver_len < 2)
1040  goto invalid_length;
1041 
1042  if (!(HAS_SPACE(supported_ver_len)))
1043  goto invalid_length;
1044 
1045  /* Use the first (and preferred) valid version as client version,
1046  * skip over GREASE and other possible noise. */
1047  uint16_t i = 0;
1048  while (i + 1 < (uint16_t)supported_ver_len) {
1049  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1050  if (TLSVersionValid(ver)) {
1051  ssl_state->curr_connp->version = ver;
1052  if (ssl_state->curr_connp->ja4 != NULL &&
1053  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1054  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, ver);
1055  }
1056  break;
1057  }
1058  i += 2;
1059  }
1060 
1061  /* Set a flag to indicate that we have seen this extension */
1062  ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;
1063 
1064  input += supported_ver_len;
1065  }
1066  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1067  if (!(HAS_SPACE(2)))
1068  goto invalid_length;
1069 
1070  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1071 
1072  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1073  (ver > TLS_VERSION_12)) {
1074  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1075  }
1076 
1077  ssl_state->curr_connp->version = ver;
1078  input += 2;
1079  }
1080 
1081  return (int)(input - initial_input);
1082 
1083 invalid_length:
1084  SCLogDebug("TLS handshake invalid length");
1085  SSLSetEvent(ssl_state,
1086  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1087 
1088  return -1;
1089 }
1090 
1091 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1092  const uint8_t * const initial_input,
1093  const uint32_t input_len,
1094  JA3Buffer *ja3_elliptic_curves)
1095 {
1096  const uint8_t *input = initial_input;
1097 
1098  /* Empty extension */
1099  if (input_len == 0)
1100  return 0;
1101 
1102  if (!(HAS_SPACE(2)))
1103  goto invalid_length;
1104 
1105  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1106  input += 2;
1107 
1108  if (!(HAS_SPACE(elliptic_curves_len)))
1109  goto invalid_length;
1110 
1111  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves) {
1112  uint16_t ec_processed_len = 0;
1113  /* coverity[tainted_data] */
1114  while (ec_processed_len < elliptic_curves_len)
1115  {
1116  if (!(HAS_SPACE(2)))
1117  goto invalid_length;
1118 
1119  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1120  input += 2;
1121 
1122  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1123  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1124  elliptic_curve);
1125  if (rc != 0)
1126  return -1;
1127  }
1128 
1129  ec_processed_len += 2;
1130  }
1131 
1132  } else {
1133  /* Skip elliptic curves */
1134  input += elliptic_curves_len;
1135  }
1136 
1137  return (int)(input - initial_input);
1138 
1139 invalid_length:
1140  SCLogDebug("TLS handshake invalid length");
1141  SSLSetEvent(ssl_state,
1142  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1143 
1144  return -1;
1145 }
1146 
1147 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1148  const uint8_t * const initial_input,
1149  const uint32_t input_len,
1150  JA3Buffer *ja3_elliptic_curves_pf)
1151 {
1152  const uint8_t *input = initial_input;
1153 
1154  /* Empty extension */
1155  if (input_len == 0)
1156  return 0;
1157 
1158  if (!(HAS_SPACE(1)))
1159  goto invalid_length;
1160 
1161  uint8_t ec_pf_len = *input;
1162  input += 1;
1163 
1164  if (!(HAS_SPACE(ec_pf_len)))
1165  goto invalid_length;
1166 
1167  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves_pf) {
1168  uint8_t ec_pf_processed_len = 0;
1169  /* coverity[tainted_data] */
1170  while (ec_pf_processed_len < ec_pf_len)
1171  {
1172  uint8_t elliptic_curve_pf = *input;
1173  input += 1;
1174 
1175  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1176  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1177  elliptic_curve_pf);
1178  if (rc != 0)
1179  return -1;
1180  }
1181 
1182  ec_pf_processed_len += 1;
1183  }
1184 
1185  } else {
1186  /* Skip elliptic curve point formats */
1187  input += ec_pf_len;
1188  }
1189 
1190  return (int)(input - initial_input);
1191 
1192 invalid_length:
1193  SCLogDebug("TLS handshake invalid length");
1194  SSLSetEvent(ssl_state,
1195  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1196 
1197  return -1;
1198 }
1199 
1200 static inline int TLSDecodeHSHelloExtensionSigAlgorithms(
1201  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1202 {
1203  const uint8_t *input = initial_input;
1204 
1205  /* Empty extension */
1206  if (input_len == 0)
1207  return 0;
1208 
1209  if (!(HAS_SPACE(2)))
1210  goto invalid_length;
1211 
1212  uint16_t sigalgo_len = (uint16_t)(*input << 8) | *(input + 1);
1213  input += 2;
1214 
1215  /* Signature algorithms length should always be divisible by 2 */
1216  if ((sigalgo_len % 2) != 0) {
1217  goto invalid_length;
1218  }
1219 
1220  if (!(HAS_SPACE(sigalgo_len)))
1221  goto invalid_length;
1222 
1223  if (ssl_state->curr_connp->ja4 != NULL &&
1224  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1225  uint16_t sigalgo_processed_len = 0;
1226  while (sigalgo_processed_len < sigalgo_len) {
1227  uint16_t sigalgo = (uint16_t)(*input << 8) | *(input + 1);
1228  input += 2;
1229  sigalgo_processed_len += 2;
1230 
1231  SCJA4AddSigAlgo(ssl_state->curr_connp->ja4, sigalgo);
1232  }
1233  } else {
1234  /* Skip signature algorithms */
1235  input += sigalgo_len;
1236  }
1237 
1238  return (int)(input - initial_input);
1239 
1240 invalid_length:
1241  SCLogDebug("Signature algorithm list invalid length");
1242  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1243 
1244  return -1;
1245 }
1246 
1247 static void StoreALPN(SSLStateConnp *connp, const uint8_t *alpn, const uint32_t size)
1248 {
1249  if (size > 0) {
1250  SSLAlpns *a = SCCalloc(1, sizeof(*a) + size);
1251  if (a != NULL) {
1252  memcpy(a->alpn, alpn, size);
1253  a->size = size;
1254  TAILQ_INSERT_TAIL(&connp->alpns, a, next);
1255  }
1256  }
1257 }
1258 
1259 static inline int TLSDecodeHSHelloExtensionALPN(
1260  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1261 {
1262  const uint8_t *input = initial_input;
1263 
1264  /* Empty extension */
1265  if (input_len == 0)
1266  return 0;
1267 
1268  if (!(HAS_SPACE(2)))
1269  goto invalid_length;
1270 
1271  uint16_t alpn_len = (uint16_t)(*input << 8) | *(input + 1);
1272  input += 2;
1273 
1274  if (!(HAS_SPACE(alpn_len)))
1275  goto invalid_length;
1276 
1277  /* We use 32 bits here to avoid potentially overflowing a value that
1278  needs to be compared to an unsigned 16-bit value. */
1279  uint32_t alpn_processed_len = 0;
1280  while (alpn_processed_len < alpn_len) {
1281  uint8_t protolen = *input;
1282  input += 1;
1283  alpn_processed_len += 1;
1284 
1285  if (!(HAS_SPACE(protolen)))
1286  goto invalid_length;
1287 
1288  /* Check if reading another protolen bytes would exceed the
1289  overall ALPN length; if so, skip and continue */
1290  if (alpn_processed_len + protolen > ((uint32_t)alpn_len)) {
1291  input += alpn_len - alpn_processed_len;
1292  break;
1293  }
1294 
1295  /* Only record the first value for JA4 */
1296  if (ssl_state->curr_connp->ja4 != NULL &&
1297  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1298  if (alpn_processed_len == 1) {
1299  SCJA4SetALPN(ssl_state->curr_connp->ja4, (const char *)input, protolen);
1300  }
1301  }
1302  StoreALPN(ssl_state->curr_connp, input, protolen);
1303 
1304  alpn_processed_len += protolen;
1305  input += protolen;
1306  }
1307 
1308  return (int)(input - initial_input);
1309 
1310 invalid_length:
1311  SCLogDebug("ALPN list invalid length");
1312  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1313 
1314  return -1;
1315 }
1316 
1317 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1318  const uint8_t * const initial_input,
1319  const uint32_t input_len)
1320 {
1321  const uint8_t *input = initial_input;
1322 
1323  int ret;
1324  int rc;
1325  // if ja3_hash is already computed, do not use new hello to augment ja3_str
1326  const bool ja3 =
1327  (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1) && ssl_state->curr_connp->ja3_hash == NULL;
1328 
1329  JA3Buffer *ja3_extensions = NULL;
1330  JA3Buffer *ja3_elliptic_curves = NULL;
1331  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1332 
1333  if (ja3) {
1334  ja3_extensions = Ja3BufferInit();
1335  if (ja3_extensions == NULL)
1336  goto error;
1337 
1338  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1339  ja3_elliptic_curves = Ja3BufferInit();
1340  if (ja3_elliptic_curves == NULL)
1341  goto error;
1342 
1343  ja3_elliptic_curves_pf = Ja3BufferInit();
1344  if (ja3_elliptic_curves_pf == NULL)
1345  goto error;
1346  }
1347  }
1348 
1349  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1350  if (!(HAS_SPACE(2)))
1351  goto end;
1352 
1353  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1354  input += 2;
1355 
1356  if (!(HAS_SPACE(extensions_len)))
1357  goto invalid_length;
1358 
1359  uint16_t processed_len = 0;
1360  /* coverity[tainted_data] */
1361  while (processed_len < extensions_len)
1362  {
1363  if (!(HAS_SPACE(2)))
1364  goto invalid_length;
1365 
1366  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1367  input += 2;
1368 
1369  if (!(HAS_SPACE(2)))
1370  goto invalid_length;
1371 
1372  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1373  input += 2;
1374 
1375  if (!(HAS_SPACE(ext_len)))
1376  goto invalid_length;
1377 
1378  switch (ext_type) {
1379  case SSL_EXTENSION_SNI:
1380  {
1381  /* coverity[tainted_data] */
1382  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1383  ext_len);
1384  if (ret < 0)
1385  goto end;
1386 
1387  input += ret;
1388 
1389  break;
1390  }
1391 
1392  case SSL_EXTENSION_ELLIPTIC_CURVES:
1393  {
1394  /* coverity[tainted_data] */
1395  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1396  ext_len,
1397  ja3_elliptic_curves);
1398  if (ret < 0)
1399  goto end;
1400 
1401  input += ret;
1402 
1403  break;
1404  }
1405 
1406  case SSL_EXTENSION_EC_POINT_FORMATS:
1407  {
1408  /* coverity[tainted_data] */
1409  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1410  ext_len,
1411  ja3_elliptic_curves_pf);
1412  if (ret < 0)
1413  goto end;
1414 
1415  input += ret;
1416 
1417  break;
1418  }
1419 
1420  case SSL_EXTENSION_SIGNATURE_ALGORITHMS: {
1421  /* coverity[tainted_data] */
1422  ret = TLSDecodeHSHelloExtensionSigAlgorithms(ssl_state, input, ext_len);
1423  if (ret < 0)
1424  goto end;
1425 
1426  input += ret;
1427 
1428  break;
1429  }
1430 
1431  case SSL_EXTENSION_ALPN: {
1432  /* coverity[tainted_data] */
1433  ret = TLSDecodeHSHelloExtensionALPN(ssl_state, input, ext_len);
1434  if (ret < 0)
1435  goto end;
1436 
1437  input += ext_len;
1438 
1439  break;
1440  }
1441 
1442  case SSL_EXTENSION_EARLY_DATA:
1443  {
1444  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1445  /* Used by 0-RTT to indicate that encrypted data will
1446  be sent right after the ClientHello record. */
1447  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1448  }
1449 
1450  input += ext_len;
1451 
1452  break;
1453  }
1454 
1455  case SSL_EXTENSION_SUPPORTED_VERSIONS:
1456  {
1457  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1458  ext_len);
1459  if (ret < 0)
1460  goto end;
1461 
1462  input += ret;
1463 
1464  break;
1465  }
1466 
1467  case SSL_EXTENSION_SESSION_TICKET:
1468  {
1469  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1470  /* This has to be verified later on by checking if a
1471  certificate record has been sent by the server. */
1472  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1473  }
1474 
1475  input += ext_len;
1476 
1477  break;
1478  }
1479 
1480  default:
1481  {
1482  input += ext_len;
1483  break;
1484  }
1485  }
1486 
1487  if (ja3) {
1488  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1489  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1490  if (rc != 0)
1491  goto error;
1492  }
1493  }
1494 
1495  if (ssl_state->curr_connp->ja4 != NULL &&
1496  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1497  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1498  SCJA4AddExtension(ssl_state->curr_connp->ja4, ext_type);
1499  }
1500  }
1501 
1502  processed_len += ext_len + 4;
1503  }
1504 
1505 end:
1506  if (ja3) {
1507  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1508  &ja3_extensions);
1509  if (rc == -1)
1510  goto error;
1511 
1512  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1513  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1514  &ja3_elliptic_curves);
1515  if (rc == -1)
1516  goto error;
1517 
1518  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1519  &ja3_elliptic_curves_pf);
1520  if (rc == -1)
1521  goto error;
1522  }
1523  }
1524 
1525  return (int)(input - initial_input);
1526 
1527 invalid_length:
1528  SCLogDebug("TLS handshake invalid length");
1529  SSLSetEvent(ssl_state,
1530  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1531 
1532 error:
1533  if (ja3_extensions != NULL)
1534  Ja3BufferFree(&ja3_extensions);
1535  if (ja3_elliptic_curves != NULL)
1536  Ja3BufferFree(&ja3_elliptic_curves);
1537  if (ja3_elliptic_curves_pf != NULL)
1538  Ja3BufferFree(&ja3_elliptic_curves_pf);
1539 
1540  return -1;
1541 }
1542 
1543 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1544  const uint8_t * const input,
1545  const uint32_t input_len)
1546 {
1547  int ret;
1548  uint32_t parsed = 0;
1549 
1550  /* Ensure that we have a JA4 state defined by now if we have JA4 enabled,
1551  we are in a client hello and we don't have such a state yet (to avoid
1552  leaking memory in case this function is entered more than once). */
1553  if (SC_ATOMIC_GET(ssl_config.enable_ja4) &&
1554  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO &&
1555  ssl_state->curr_connp->ja4 == NULL) {
1556  ssl_state->curr_connp->ja4 = SCJA4New();
1557  }
1558 
1559  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1560  if (ret < 0)
1561  goto end;
1562 
1563  parsed += ret;
1564 
1565  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1566  if (ret < 0)
1567  goto end;
1568 
1569  parsed += ret;
1570 
1571  /* The session id field in the server hello record was removed in
1572  TLSv1.3 draft1, but was readded in draft22. */
1573  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1574  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1575  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1576  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1577  input_len - parsed);
1578  if (ret < 0)
1579  goto end;
1580 
1581  parsed += ret;
1582  }
1583 
1584  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1585  input_len - parsed);
1586  if (ret < 0)
1587  goto end;
1588 
1589  parsed += ret;
1590 
1591  /* The compression methods field in the server hello record was
1592  removed in TLSv1.3 draft1, but was readded in draft22. */
1593  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1594  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1595  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1596  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1597  input_len - parsed);
1598  if (ret < 0)
1599  goto end;
1600 
1601  parsed += ret;
1602  }
1603 
1604  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1605  input_len - parsed);
1606  if (ret < 0)
1607  goto end;
1608 
1609  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1610  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1611  }
1612 
1613 end:
1614  return 0;
1615 }
1616 
1617 #ifdef DEBUG_VALIDATION
1618 static inline bool
1619 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1620 {
1621  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1622  curr_connp->bytes_processed);
1623 }
1624 #endif
1625 
1626 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1627  const uint8_t *const initial_input, const uint32_t input_len)
1628 {
1629  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1630  SCLogDebug("rc %d", rc);
1631  if (rc > 0) {
1632  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1633  SSLParserHSReset(connp);
1634  } else if (rc < 0) {
1635  SCLogDebug("error parsing cert, reset state");
1636  SSLParserHSReset(connp);
1637  /* fall through to still consume the cert bytes */
1638  }
1639  return input_len;
1640 }
1641 
1642 static int SupportedHandshakeType(const uint8_t type)
1643 {
1644  switch (type) {
1645  case SSLV3_HS_CLIENT_HELLO:
1646  case SSLV3_HS_SERVER_HELLO:
1647  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1648  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1649  case SSLV3_HS_CERTIFICATE:
1650  case SSLV3_HS_HELLO_REQUEST:
1651  case SSLV3_HS_CERTIFICATE_REQUEST:
1652  case SSLV3_HS_CERTIFICATE_VERIFY:
1653  case SSLV3_HS_FINISHED:
1654  case SSLV3_HS_CERTIFICATE_URL:
1655  case SSLV3_HS_CERTIFICATE_STATUS:
1656  case SSLV3_HS_NEW_SESSION_TICKET:
1657  case SSLV3_HS_SERVER_HELLO_DONE:
1658  return true;
1659  break;
1660 
1661  default:
1662  return false;
1663  break;
1664  }
1665 }
1666 
1667 /**
1668  * \param input_len length of bytes after record header. Can be 0 (e.g. for server hello done).
1669  * \retval parsed number of consumed bytes
1670  * \retval < 0 error
1671  */
1672 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1673  uint32_t input_len, uint8_t direction)
1674 {
1675  const uint8_t *initial_input = input;
1676  int rc;
1677 
1678  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1679 
1680  switch (ssl_state->curr_connp->handshake_type) {
1681  case SSLV3_HS_CLIENT_HELLO:
1682  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
1683 
1684  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1685  if (rc < 0)
1686  return rc;
1687  break;
1688 
1689  case SSLV3_HS_SERVER_HELLO:
1690  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
1691 
1692  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1693  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1694  if (rc < 0)
1695  return rc;
1696  break;
1697 
1698  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1699  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_KEYX;
1700  break;
1701 
1702  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1703  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
1704  break;
1705 
1706  case SSLV3_HS_CERTIFICATE:
1707 
1708  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1709  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1710  input_len);
1711  if (rc < 0)
1712  return rc;
1713  break;
1714 
1715  case SSLV3_HS_HELLO_REQUEST:
1716  break;
1717  case SSLV3_HS_CERTIFICATE_REQUEST:
1718  if (direction) {
1719  ssl_state->current_flags = SSL_AL_FLAG_NEED_CLIENT_CERT;
1720  }
1721  break;
1722  case SSLV3_HS_CERTIFICATE_VERIFY:
1723  case SSLV3_HS_FINISHED:
1724  case SSLV3_HS_CERTIFICATE_URL:
1725  case SSLV3_HS_CERTIFICATE_STATUS:
1726  break;
1727  case SSLV3_HS_NEW_SESSION_TICKET:
1728  SCLogDebug("new session ticket");
1729  break;
1730  case SSLV3_HS_SERVER_HELLO_DONE:
1731  break;
1732  default:
1733  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1734  return -1;
1735  }
1736 
1737  ssl_state->flags |= ssl_state->current_flags;
1738 
1739  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1740  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1741 
1742  return input_len;
1743 }
1744 
1745 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1746  uint32_t input_len, uint8_t direction)
1747 {
1748  const uint8_t *initial_input = input;
1749 
1750  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1751  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1752  SCReturnInt(0);
1753  }
1754 
1755  while (input_len) {
1756  SCLogDebug("input_len %u", input_len);
1757 
1758  if (ssl_state->curr_connp->hs_buffer != NULL) {
1759  SCLogDebug("partial handshake record in place");
1760  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1761  ssl_state->curr_connp->hs_buffer_offset;
1762  const uint32_t add = MIN(need, input_len);
1763 
1764  /* grow buffer to next multiple of 4k that fits all data we have */
1765  if (ssl_state->curr_connp->hs_buffer_offset + add >
1766  ssl_state->curr_connp->hs_buffer_size) {
1767  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1768  const uint32_t new_size = avail + (4096 - (avail % 4096));
1769  SCLogDebug("new_size %u, avail %u", new_size, avail);
1770  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1771  if (ptr == NULL)
1772  return -1;
1773  ssl_state->curr_connp->hs_buffer = ptr;
1774  ssl_state->curr_connp->hs_buffer_size = new_size;
1775  }
1776 
1777  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1778  "ssl_state->curr_connp->hs_buffer_size %u",
1779  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1780  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1781 
1782  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1783  ssl_state->curr_connp->hs_buffer_offset,
1784  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1785  SCLogDebug("copy failed");
1786  return -1;
1787  }
1788  ssl_state->curr_connp->hs_buffer_offset += add;
1789 
1790  if (ssl_state->curr_connp->hs_buffer_message_size <=
1791  ssl_state->curr_connp->hs_buffer_offset) {
1792  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->hs_buffer_message_size !=
1793  ssl_state->curr_connp->hs_buffer_offset);
1794 
1795  ssl_state->curr_connp->handshake_type =
1796  ssl_state->curr_connp->hs_buffer_message_type;
1797  ssl_state->curr_connp->message_length =
1798  ssl_state->curr_connp->hs_buffer_message_size;
1799 
1800  SCLogDebug("got all data now: handshake_type %u message_length %u",
1801  ssl_state->curr_connp->handshake_type,
1802  ssl_state->curr_connp->message_length);
1803 
1804  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1805  ssl_state->curr_connp->hs_buffer_offset, direction);
1806  if (retval < 0) {
1807  SSLParserHSReset(ssl_state->curr_connp);
1808  return (retval);
1809  }
1810  SCLogDebug("retval %d", retval);
1811 
1812  /* data processed, reset buffer */
1813  SCFree(ssl_state->curr_connp->hs_buffer);
1814  ssl_state->curr_connp->hs_buffer = NULL;
1815  ssl_state->curr_connp->hs_buffer_size = 0;
1816  ssl_state->curr_connp->hs_buffer_message_size = 0;
1817  ssl_state->curr_connp->hs_buffer_message_type = 0;
1818  ssl_state->curr_connp->hs_buffer_offset = 0;
1819  } else {
1820  SCLogDebug("partial data");
1821  }
1822 
1823  input += add;
1824  input_len -= add;
1825  SCLogDebug("input_len %u", input_len);
1826  SSLParserHSReset(ssl_state->curr_connp);
1827  continue;
1828  }
1829 
1830  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1831  SCLogDebug("input %p input_len %u", input, input_len);
1832 
1833  if (input_len < 4) {
1834  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1835  SCReturnInt(-1);
1836  }
1837 
1838  ssl_state->curr_connp->handshake_type = input[0];
1839  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1840  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1841  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1842  input_len);
1843  input += 4;
1844  input_len -= 4;
1845 
1846  const uint32_t record_len = ssl_state->curr_connp->message_length;
1847  /* see if we support this type. We check here to not use the fragment
1848  * handling on things we don't support. */
1849  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1850  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1851  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1852  if (!supported_type) {
1853  uint32_t avail_record_len = MIN(input_len, record_len);
1854  input += avail_record_len;
1855  input_len -= avail_record_len;
1856 
1857  SSLParserHSReset(ssl_state->curr_connp);
1858 
1859  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1860  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1861  // after Change Cipher Spec we get Encrypted Handshake Messages
1862  } else {
1863  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
1864  }
1865  continue;
1866  }
1867 
1868  /* if the message length exceeds our input_len, we have a tls fragment. */
1869  if (record_len > input_len) {
1870  const uint32_t avail = input_len;
1871  const uint32_t size = avail + (4096 - (avail % 4096));
1872  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1873  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1874  if (ssl_state->curr_connp->hs_buffer == NULL) {
1875  return -1;
1876  }
1877  ssl_state->curr_connp->hs_buffer_size = size;
1878  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1879  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1880 
1881  if (input_len > 0) {
1882  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1883  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1884  input_len) != 0) {
1885  return -1;
1886  }
1887  ssl_state->curr_connp->hs_buffer_offset = input_len;
1888  }
1889  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1890  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1891  ssl_state->curr_connp->hs_buffer_offset,
1892  ssl_state->curr_connp->hs_buffer_message_type,
1893  ssl_state->curr_connp->hs_buffer_message_size);
1894  input += input_len;
1895  SSLParserHSReset(ssl_state->curr_connp);
1896  return (int)(input - initial_input);
1897 
1898  } else {
1899  /* full record, parse it now */
1900  int retval = SSLv3ParseHandshakeType(
1901  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1902  if (retval < 0 || retval > (int)input_len) {
1903  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1904  return (retval);
1905  }
1906  SCLogDebug("retval %d input_len %u", retval, input_len);
1907  input += retval;
1908  input_len -= retval;
1909 
1910  SSLParserHSReset(ssl_state->curr_connp);
1911  }
1912  SCLogDebug("input_len left %u", input_len);
1913  }
1914  return (int)(input - initial_input);
1915 }
1916 
1917 /**
1918  * \internal
1919  * \brief TLS Alert parser
1920  *
1921  * \param sslstate Pointer to the SSL state.
1922  * \param input Pointer to the received input data.
1923  * \param input_len Length in bytes of the received data.
1924  * \param direction 1 toclient, 0 toserver
1925  *
1926  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1927  */
1928 static int SSLv3ParseAlertProtocol(
1929  SSLState *ssl_state, const uint8_t *input, uint32_t input_len, uint8_t direction)
1930 {
1931  if (input_len < 2) {
1932  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_ALERT);
1933  return -1;
1934  }
1935 
1936  /* assume a record > 2 to be an encrypted alert record */
1937  if (input_len == 2) {
1938  uint8_t level = input[0];
1939  // uint8_t desc = input[1];
1940 
1941  /* if level Fatal, we consider the tx finished */
1942  if (level == 2) {
1943  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
1944  }
1945  }
1946  return 0;
1947 }
1948 
1949 /**
1950  * \internal
1951  * \brief TLS Heartbeat parser (see RFC 6520)
1952  *
1953  * \param sslstate Pointer to the SSL state.
1954  * \param input Pointer to the received input data.
1955  * \param input_len Length in bytes of the received data.
1956  * \param direction 1 toclient, 0 toserver
1957  *
1958  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1959  */
1960 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1961  uint32_t input_len, uint8_t direction)
1962 {
1963  uint8_t hb_type;
1964  uint16_t payload_len;
1965  uint32_t padding_len;
1966 
1967  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1968  if (input_len < 3) {
1969  return 0;
1970  }
1971 
1972  hb_type = *input++;
1973 
1974  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1975  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1976  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1977  return -1;
1978  }
1979  }
1980 
1981  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1982  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1983 
1984  if (direction) {
1985  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1986  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1987  } else {
1988  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1989  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1990  }
1991 
1992  /* if we reach this point, then we can assume that the HB request
1993  is encrypted. If so, let's set the HB record length */
1994  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1995  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1996  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1997  ssl_state->hb_record_len);
1998  return (ssl_state->curr_connp->record_length - 3);
1999  }
2000 
2001  payload_len = (uint16_t)(*input << 8) | *(input + 1);
2002 
2003  /* check that the requested payload length is really present in
2004  the record (CVE-2014-0160) */
2005  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
2006  SCLogDebug("We have a short record in HeartBeat Request");
2007  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT);
2008  return -1;
2009  }
2010 
2011  /* check the padding length. It must be at least 16 bytes
2012  (RFC 6520, section 4) */
2013  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
2014  if (padding_len < 16) {
2015  SCLogDebug("We have a short record in HeartBeat Request");
2016  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2017  return -1;
2018  }
2019 
2020  /* we don't have the payload */
2021  if (input_len < payload_len + padding_len) {
2022  return 0;
2023  }
2024 
2025  /* OpenSSL still seems to discard multiple in-flight
2026  heartbeats although some tools send multiple at once */
2027  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
2028  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
2029  SCLogDebug("Multiple in-flight server initiated HeartBeats");
2030  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2031  return -1;
2032 
2033  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
2034  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
2035  SCLogDebug("Multiple in-flight client initiated HeartBeats");
2036  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2037  return -1;
2038 
2039  } else {
2040  /* we have a HB record in the opposite direction of the request,
2041  let's reset our flags */
2042  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
2043  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
2044  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
2045 
2046  /* if we reach this point, then we can assume that the HB request
2047  is encrypted. If so, let's set the HB record length */
2048  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2049  /* check to see if the encrypted response is longer than the
2050  encrypted request */
2051  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
2052  ssl_state->curr_connp->record_length) {
2053  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
2054  ssl_state->hb_record_len);
2055  SSLSetEvent(ssl_state,
2056  TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH);
2057  ssl_state->hb_record_len = 0;
2058  return -1;
2059  }
2060  }
2061 
2062  /* reset the HB record length in case we have a legit HB followed
2063  by a bad one */
2064  ssl_state->hb_record_len = 0;
2065  }
2066 
2067  /* skip the HeartBeat, 3 bytes were already parsed,
2068  e.g |18 03 02| for TLS 1.2 */
2069  return (ssl_state->curr_connp->record_length - 3);
2070 }
2071 
2072 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
2073  const uint8_t *input, uint32_t input_len)
2074 {
2075  const uint8_t *initial_input = input;
2076 
2077  if (input_len == 0) {
2078  return 0;
2079  }
2080 
2081  uint8_t skip_version = 0;
2082 
2083  /* Only set SSL/TLS version here if it has not already been set in
2084  client/server hello. */
2085  if (direction == 0) {
2086  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2087  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
2088  skip_version = 1;
2089  }
2090  } else {
2091  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
2092  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
2093  skip_version = 1;
2094  }
2095  }
2096 
2097  switch (ssl_state->curr_connp->bytes_processed) {
2098  case 0:
2099  if (input_len >= 5) {
2100  ssl_state->curr_connp->content_type = input[0];
2101  if (!skip_version) {
2102  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
2103  }
2104  ssl_state->curr_connp->record_length = input[3] << 8;
2105  ssl_state->curr_connp->record_length |= input[4];
2106  ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_HDR_LEN;
2107  return SSLV3_RECORD_HDR_LEN;
2108  } else {
2109  ssl_state->curr_connp->content_type = *(input++);
2110  if (--input_len == 0)
2111  break;
2112  }
2113 
2114  /* fall through */
2115  case 1:
2116  if (!skip_version) {
2117  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
2118  } else {
2119  input++;
2120  }
2121  if (--input_len == 0)
2122  break;
2123 
2124  /* fall through */
2125  case 2:
2126  if (!skip_version) {
2127  ssl_state->curr_connp->version |= *(input++);
2128  } else {
2129  input++;
2130  }
2131  if (--input_len == 0)
2132  break;
2133 
2134  /* fall through */
2135  case 3:
2136  ssl_state->curr_connp->record_length = *(input++) << 8;
2137  if (--input_len == 0)
2138  break;
2139 
2140  /* fall through */
2141  case 4:
2142  ssl_state->curr_connp->record_length |= *(input++);
2143  if (--input_len == 0)
2144  break;
2145 
2146  /* fall through */
2147  }
2148 
2149  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2150 
2151  return (int)(input - initial_input);
2152 }
2153 
2154 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
2155  const uint8_t *input, uint32_t input_len)
2156 {
2157  const uint8_t *initial_input = input;
2158 
2159  if (input_len == 0) {
2160  return 0;
2161  }
2162 
2163  if (ssl_state->curr_connp->record_lengths_length == 2) {
2164  switch (ssl_state->curr_connp->bytes_processed) {
2165  case 0:
2166  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2167  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
2168  ssl_state->curr_connp->content_type = input[2];
2169  ssl_state->curr_connp->version = SSL_VERSION_2;
2170  ssl_state->curr_connp->bytes_processed += 3;
2171  return 3;
2172  } else {
2173  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
2174  if (--input_len == 0)
2175  break;
2176  }
2177 
2178  /* fall through */
2179  case 1:
2180  ssl_state->curr_connp->record_length |= *(input++);
2181  if (--input_len == 0)
2182  break;
2183 
2184  /* fall through */
2185  case 2:
2186  ssl_state->curr_connp->content_type = *(input++);
2187  ssl_state->curr_connp->version = SSL_VERSION_2;
2188  if (--input_len == 0)
2189  break;
2190 
2191  /* fall through */
2192  }
2193 
2194  } else {
2195  switch (ssl_state->curr_connp->bytes_processed) {
2196  case 0:
2197  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2198  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
2199  ssl_state->curr_connp->content_type = input[3];
2200  ssl_state->curr_connp->version = SSL_VERSION_2;
2201  ssl_state->curr_connp->bytes_processed += 4;
2202  return 4;
2203  } else {
2204  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
2205  if (--input_len == 0)
2206  break;
2207  }
2208 
2209  /* fall through */
2210  case 1:
2211  ssl_state->curr_connp->record_length |= *(input++);
2212  if (--input_len == 0)
2213  break;
2214 
2215  /* fall through */
2216  case 2:
2217  /* padding */
2218  input++;
2219  if (--input_len == 0)
2220  break;
2221 
2222  /* fall through */
2223  case 3:
2224  ssl_state->curr_connp->content_type = *(input++);
2225  ssl_state->curr_connp->version = SSL_VERSION_2;
2226  if (--input_len == 0)
2227  break;
2228 
2229  /* fall through */
2230  }
2231  }
2232 
2233  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2234 
2235  return (int)(input - initial_input);
2236 }
2237 
2238 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2239  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2240  const StreamSlice stream_slice)
2241 {
2242  const uint8_t *initial_input = input;
2243 
2244  if (ssl_state->curr_connp->bytes_processed == 0) {
2245  if (input[0] & 0x80) {
2246  ssl_state->curr_connp->record_lengths_length = 2;
2247  } else {
2248  ssl_state->curr_connp->record_lengths_length = 3;
2249  }
2250 
2251  SCLogDebug("record start: ssl2.hdr frame");
2252  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2253  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2254  }
2255 
2256  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2257  "ssl_state->curr_connp->bytes_processed %u",
2258  direction, ssl_state->curr_connp->record_lengths_length + 1,
2259  ssl_state->curr_connp->bytes_processed);
2260  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2261  to read the msg_type */
2262  if (ssl_state->curr_connp->bytes_processed <
2263  (ssl_state->curr_connp->record_lengths_length + 1)) {
2264  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2265  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2266  ssl_state->curr_connp->record_length);
2267  if (retval < 0 || retval > (int)input_len) {
2268  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2269  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2270  return SSL_DECODER_ERROR(-1);
2271  }
2272 
2273  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2274  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2275  direction, TLS_FRAME_SSLV2_PDU);
2276  SCLogDebug("record start: ssl2.pdu frame");
2277 
2278  input += retval;
2279  input_len -= retval;
2280  }
2281 
2282  /* if we don't have the full record, we return incomplete */
2283  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2284  input_len + ssl_state->curr_connp->bytes_processed) {
2285  uint32_t needed = ssl_state->curr_connp->record_length;
2286  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2287  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2288  needed);
2289  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2290  }
2291 
2292  if (input_len == 0) {
2293  return SSL_DECODER_OK((input - initial_input));
2294  }
2295 
2296  /* record_length should never be zero */
2297  if (ssl_state->curr_connp->record_length == 0) {
2298  SCLogDebug("SSLv2 record length is zero");
2299  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2300  return SSL_DECODER_ERROR(-1);
2301  }
2302 
2303  /* record_lengths_length should never be zero */
2304  if (ssl_state->curr_connp->record_lengths_length == 0) {
2305  SCLogDebug("SSLv2 record lengths length is zero");
2306  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2307  return SSL_DECODER_ERROR(-1);
2308  }
2309 
2310  switch (ssl_state->curr_connp->content_type) {
2311  case SSLV2_MT_ERROR:
2312  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2313  "in establishing the sslv2 session, may be version");
2314  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED);
2315 
2316  break;
2317 
2318  case SSLV2_MT_CLIENT_HELLO:
2319  if (input_len < 6) {
2320  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2321  return SSL_DECODER_ERROR(-1);
2322  }
2323 
2324  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2325  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2326 
2327  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2328  SCLogDebug("SSLv2: version %04x", version);
2329  ssl_state->curr_connp->version = version;
2330  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2331  input += 6;
2332  input_len -= 6;
2333  ssl_state->curr_connp->bytes_processed += 6;
2334  if (session_id_length == 0) {
2335  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2336  }
2337  break;
2338 
2339  case SSLV2_MT_CLIENT_MASTER_KEY:
2340  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2341  SCLogDebug("Client hello is not seen before master key "
2342  "message!");
2343  }
2344  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2345 
2346  break;
2347 
2348  case SSLV2_MT_CLIENT_CERTIFICATE:
2349  if (direction == 1) {
2350  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2351  "direction!");
2352  } else {
2353  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2354  }
2355 
2356  /* fall through */
2357  case SSLV2_MT_SERVER_VERIFY:
2358  case SSLV2_MT_SERVER_FINISHED:
2359  if (direction == 0 &&
2360  !(ssl_state->curr_connp->content_type &
2361  SSLV2_MT_CLIENT_CERTIFICATE)) {
2362  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2363  "direction!");
2364  }
2365 
2366  /* fall through */
2367  case SSLV2_MT_CLIENT_FINISHED:
2368  case SSLV2_MT_REQUEST_CERTIFICATE:
2369  /* both client hello and server hello must be seen */
2370  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2371  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2372 
2373  if (direction == 0) {
2374  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2375  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2376  SCLogDebug("SSLv2 client side has started the encryption");
2377  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2378  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2379  SCLogDebug("SSLv2 client side has started the encryption");
2380  }
2381  } else {
2382  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2383  SCLogDebug("SSLv2 Server side has started the encryption");
2384  }
2385 
2386  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2387  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2388  {
2389  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2390  AppLayerParserStateSetFlag(pstate,
2391  APP_LAYER_PARSER_NO_INSPECTION);
2392  }
2393 
2394  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2395  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2396  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2397  }
2398  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2399  }
2400  }
2401 
2402  break;
2403 
2404  case SSLV2_MT_SERVER_HELLO:
2405  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2406  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2407 
2408  break;
2409  }
2410 
2411  ssl_state->flags |= ssl_state->current_flags;
2412 
2413  if (input_len + ssl_state->curr_connp->bytes_processed >=
2414  (ssl_state->curr_connp->record_length +
2415  ssl_state->curr_connp->record_lengths_length)) {
2416 
2417  /* looks like we have another record after this */
2418  uint32_t diff = ssl_state->curr_connp->record_length +
2419  ssl_state->curr_connp->record_lengths_length + -
2420  ssl_state->curr_connp->bytes_processed;
2421  input += diff;
2422  SSLParserReset(ssl_state);
2423 
2424  /* we still don't have the entire record for the one we are
2425  currently parsing */
2426  } else {
2427  input += input_len;
2428  ssl_state->curr_connp->bytes_processed += input_len;
2429  }
2430  return SSL_DECODER_OK((input - initial_input));
2431 }
2432 
2433 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2434  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2435  const StreamSlice stream_slice)
2436 {
2437  uint32_t parsed = 0;
2438  uint32_t record_len; /* slice of input_len for the current record */
2439  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2440 
2441  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2442  const uint16_t prev_version = ssl_state->curr_connp->version;
2443 
2444  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2445  if (retval < 0 || retval > (int)input_len) {
2446  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2447  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2448  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
2449  return SSL_DECODER_ERROR(-1);
2450  }
2451  parsed = retval;
2452 
2453  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2454  input, ssl_state->curr_connp->record_length);
2455 
2456  /* first the hdr frame at our first chance */
2457  if (first_call) {
2458  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2459  direction, TLS_FRAME_HDR);
2460  }
2461 
2462  /* parser is streaming for the initial header, then switches to incomplete
2463  * API: so if we don't have the hdr yet, return consumed bytes and wait
2464  * until we are called again with new data. */
2465  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2466  SCLogDebug(
2467  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2468  return SSL_DECODER_OK(parsed);
2469  }
2470 
2471  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2472  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2473  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2474  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2475  SCLogDebug(
2476  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2477  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2478 
2479  bool unknown_record = false;
2480  switch (ssl_state->curr_connp->content_type) {
2481  case SSLV3_CHANGE_CIPHER_SPEC:
2482  case SSLV3_ALERT_PROTOCOL:
2483  case SSLV3_HANDSHAKE_PROTOCOL:
2484  case SSLV3_APPLICATION_PROTOCOL:
2485  case SSLV3_HEARTBEAT_PROTOCOL:
2486  break;
2487  default:
2488  unknown_record = true;
2489  break;
2490  }
2491 
2492  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2493  * on Wireshark logic. */
2494  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2495  if (unknown_record) {
2496  SCLogDebug("unknown record, ignore it");
2497  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2498 
2499  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2500  ssl_state->curr_connp->content_type = 0;
2501  ssl_state->curr_connp->record_length = 0;
2502  // restore last good version
2503  ssl_state->curr_connp->version = prev_version;
2504  return SSL_DECODER_OK(input_len); // consume everything
2505  }
2506  } else {
2507  if (unknown_record) {
2508  SCLogDebug("unknown record, fatal");
2509  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2510  return SSL_DECODER_ERROR(-1);
2511  }
2512  }
2513 
2514  /* record_length should never be zero */
2515  if (ssl_state->curr_connp->record_length == 0) {
2516  SCLogDebug("SSLv3 Record length is 0");
2517  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2518  return SSL_DECODER_ERROR(-1);
2519  }
2520 
2521  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2522  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2523  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_VERSION);
2524  return SSL_DECODER_ERROR(-1);
2525  }
2526 
2527  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2528  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2529  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2530  return SSL_DECODER_ERROR(-1);
2531  }
2532  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2533  } else {
2534  ValidateRecordState(ssl_state->curr_connp);
2535 
2536  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2537  record_len = MIN(input_len, record_len);
2538  }
2539  SCLogDebug("record length %u processed %u got %u",
2540  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2541 
2542  /* if we don't have the full record, we return incomplete */
2543  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2544  /* no need to use incomplete api buffering for application
2545  * records that we'll not use anyway. */
2546  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2547  SCLogDebug("application record");
2548  } else {
2549  uint32_t needed = ssl_state->curr_connp->record_length;
2550  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2551  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2552  DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
2553  return SSL_DECODER_INCOMPLETE(parsed, needed);
2554  }
2555  }
2556 
2557  if (record_len == 0) {
2558  return SSL_DECODER_OK(parsed);
2559  }
2560 
2561  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2562  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2563 
2564  switch (ssl_state->curr_connp->content_type) {
2565  /* we don't need any data from these types */
2566  case SSLV3_CHANGE_CIPHER_SPEC:
2567  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2568 
2569  if (direction) {
2570  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2571  } else {
2572  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2573  }
2574  break;
2575 
2576  case SSLV3_ALERT_PROTOCOL: {
2577  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2578  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2579 
2580  int retval = SSLv3ParseAlertProtocol(ssl_state, input + parsed, record_len, direction);
2581  if (retval < 0) {
2582  SCLogDebug("SSLv3ParseAlertProtocol returned %d", retval);
2583  return SSL_DECODER_ERROR(-1);
2584  }
2585  break;
2586  }
2587  case SSLV3_APPLICATION_PROTOCOL:
2588  /* In TLSv1.3 early data (0-RTT) could be sent before the
2589  handshake is complete (rfc8446, section 2.3). We should
2590  therefore not mark the handshake as done before we have
2591  seen the ServerHello record. */
2592  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2593  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2594  break;
2595 
2596  /* if we see (encrypted) application data, then this means the
2597  handshake must be done */
2598  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2599 
2600  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2601  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2602  AppLayerParserStateSetFlag(pstate,
2603  APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD);
2604  }
2605 
2606  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2607  * heartbeat lke inspection to be able to be able to bypass the flow */
2608  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2609  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2610  AppLayerParserStateSetFlag(pstate,
2611  APP_LAYER_PARSER_NO_REASSEMBLY);
2612  AppLayerParserStateSetFlag(pstate,
2613  APP_LAYER_PARSER_NO_INSPECTION);
2614  AppLayerParserStateSetFlag(pstate,
2615  APP_LAYER_PARSER_BYPASS_READY);
2616  }
2617  break;
2618 
2619  case SSLV3_HANDSHAKE_PROTOCOL: {
2620  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2621  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2622  compatibility (rfc8446, appendix D.4). */
2623  // Client hello flags is needed to have a valid version
2624  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2625  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2626  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2627  /* do nothing */
2628  } else {
2629  // if we started parsing this, we must stop
2630  break;
2631  }
2632  }
2633 
2634  if (ssl_state->curr_connp->record_length < 4) {
2635  SSLParserReset(ssl_state);
2636  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2637  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2638  return SSL_DECODER_ERROR(-1);
2639  }
2640 
2641  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2642  record_len, direction);
2643  SCLogDebug("retval %d", retval);
2644  if (retval < 0 || retval > (int)record_len) {
2645  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2646  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
2647  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2648  return SSL_DECODER_ERROR(-1);
2649  }
2650  ValidateRecordState(ssl_state->curr_connp);
2651  break;
2652  }
2653  case SSLV3_HEARTBEAT_PROTOCOL: {
2654  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2655  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2656  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2657  record_len, direction);
2658  if (retval < 0) {
2659  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2660  return SSL_DECODER_ERROR(-1);
2661  }
2662  break;
2663  }
2664  default:
2665  // should be unreachable now that we check after header parsing
2666  DEBUG_VALIDATE_BUG_ON(1);
2667  SCLogDebug("unsupported record type");
2668  return SSL_DECODER_ERROR(-1);
2669  }
2670 
2671  parsed += record_len;
2672  ssl_state->curr_connp->bytes_processed += record_len;
2673 
2674  if (ssl_state->curr_connp->bytes_processed >=
2675  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2676  SCLogDebug("record complete, trigger RAW");
2677  AppLayerParserTriggerRawStreamReassembly(
2678  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2679  SSLParserReset(ssl_state);
2680  ValidateRecordState(ssl_state->curr_connp);
2681  return SSL_DECODER_OK(parsed);
2682 
2683  } else {
2684  /* we still don't have the entire record for the one we are
2685  currently parsing */
2686  ValidateRecordState(ssl_state->curr_connp);
2687  return SSL_DECODER_OK(parsed);
2688  }
2689 }
2690 
2691 /**
2692  * \internal
2693  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2694  *
2695  * On parsing error, this should be the only function that should reset
2696  * the parser state, to avoid multiple functions in the chain resetting
2697  * the parser state.
2698  *
2699  * \param direction 0 for toserver, 1 for toclient.
2700  * \param alstate Pointer to the state.
2701  * \param pstate Application layer parser state for this session.
2702  * \param output Pointer to the list of parsed output elements.
2703  *
2704  * \todo On reaching an inconsistent state, check if the input has
2705  * another new record, instead of just returning after the reset
2706  *
2707  * \retval >=0 On success.
2708  */
2709 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2710  AppLayerParserState *pstate, StreamSlice stream_slice)
2711 {
2712  SSLState *ssl_state = (SSLState *)alstate;
2713  ssl_state->tx_data.updated_tc = true;
2714  ssl_state->tx_data.updated_ts = true;
2715  uint32_t counter = 0;
2716  ssl_state->f = f;
2717  const uint8_t *input = StreamSliceGetData(&stream_slice);
2718  const uint8_t *init_input = input;
2719  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2720 
2721  if ((input == NULL || input_len == 0) &&
2722  ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2723  (direction == 1 &&
2724  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
2725  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2726  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2727  SCReturnStruct(APP_LAYER_OK);
2728  } else if (input == NULL || input_len == 0) {
2729  SCReturnStruct(APP_LAYER_ERROR);
2730  }
2731 
2732  if (direction == 0)
2733  ssl_state->curr_connp = &ssl_state->client_connp;
2734  else
2735  ssl_state->curr_connp = &ssl_state->server_connp;
2736 
2737  /* If entering on a new record, reset the current flags. */
2738  if (ssl_state->curr_connp->bytes_processed == 0) {
2739  ssl_state->current_flags = 0;
2740  }
2741 
2742  /* if we have more than one record */
2743  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2744  while (input_len > 0) {
2745  if (counter > max_records) {
2746  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2747  "and get out of here");
2748  SSLParserReset(ssl_state);
2749  SSLSetEvent(ssl_state,
2750  TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET);
2751  return APP_LAYER_ERROR;
2752  }
2753 
2754  /* ssl_state->bytes_processed is zero for a fresh record or
2755  positive to indicate a record currently being parsed */
2756 
2757  if (ssl_state->curr_connp->bytes_processed == 0) {
2758  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2759  /* only SSLv2, has one of the top 2 bits set */
2760  ssl_state->curr_connp->version = SSL_VERSION_2;
2761  SCLogDebug("SSLv2 detected");
2762  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2763  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2764  SCLogDebug("SSL/TLS version reset");
2765  }
2766  }
2767  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2768  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2769 
2770  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2771  if (ssl_state->curr_connp->bytes_processed == 0) {
2772  SCLogDebug("New SSLv2 record parsing");
2773  } else {
2774  SCLogDebug("Continuing parsing SSLv2 record");
2775  }
2776  struct SSLDecoderResult r =
2777  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2778  if (r.retval < 0 || r.retval > input_len) {
2779  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2780  SCLogDebug("Error parsing SSLv2. Resetting parser "
2781  "state. Let's get outta here");
2782  SSLParserReset(ssl_state);
2783  SSLSetEvent(ssl_state,
2784  TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2785  return APP_LAYER_ERROR;
2786  } else if (r.needed) {
2787  input += r.retval;
2788  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2789  (uintmax_t)(input - init_input), r.needed);
2790  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2791  }
2792  input_len -= r.retval;
2793  input += r.retval;
2794  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2795  } else {
2796  if (ssl_state->curr_connp->bytes_processed == 0) {
2797  SCLogDebug("New TLS record: record_length %u",
2798  ssl_state->curr_connp->record_length);
2799  } else {
2800  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2801  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2802  }
2803  struct SSLDecoderResult r =
2804  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2805  if (r.retval < 0 || r.retval > input_len) {
2806  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2807  SCLogDebug("Error parsing TLS. Resetting parser "
2808  "state. Let's get outta here");
2809  SSLParserReset(ssl_state);
2810  return APP_LAYER_ERROR;
2811  } else if (r.needed) {
2812  input += r.retval;
2813  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2814  (uintmax_t)(input - init_input), r.needed);
2815  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2816  }
2817  input_len -= r.retval;
2818  input += r.retval;
2819  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2820 
2821  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
2822  && ssl_state->curr_connp->record_length == 0) {
2823  SCLogDebug("TLS empty record");
2824  /* empty record */
2825  SSLParserReset(ssl_state);
2826  }
2827  }
2828  counter++;
2829  } /* while (input_len) */
2830 
2831  /* mark handshake as done if we have subject and issuer */
2832  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2833  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2834  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2835  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2836  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2837  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2838  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2839  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2840  }
2841 
2842  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2843  if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
2844  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
2845  SCLogDebug("SSL_AL_FLAG_STATE_FINISHED");
2846  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2847  }
2848 
2849  return APP_LAYER_OK;
2850 }
2851 
2852 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2853  StreamSlice stream_slice, void *local_data)
2854 {
2855  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2856 }
2857 
2858 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2859  StreamSlice stream_slice, void *local_data)
2860 {
2861  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2862 }
2863 
2864 /**
2865  * \internal
2866  * \brief Function to allocate the SSL state memory.
2867  */
2868 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2869 {
2870  SSLState *ssl_state = SCCalloc(1, sizeof(SSLState));
2871  if (unlikely(ssl_state == NULL))
2872  return NULL;
2873  ssl_state->client_connp.cert_log_flag = 0;
2874  ssl_state->server_connp.cert_log_flag = 0;
2875  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2876  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2877  TAILQ_INIT(&ssl_state->server_connp.certs);
2878  TAILQ_INIT(&ssl_state->server_connp.alpns);
2879  TAILQ_INIT(&ssl_state->client_connp.certs);
2880  TAILQ_INIT(&ssl_state->client_connp.alpns);
2881 
2882  return (void *)ssl_state;
2883 }
2884 
2885 static void SSLStateCertSANFree(SSLStateConnp *connp)
2886 {
2887  if (connp->cert0_sans) {
2888  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
2889  rs_cstring_free(connp->cert0_sans[i]);
2890  }
2891  SCFree(connp->cert0_sans);
2892  }
2893 }
2894 
2895 /**
2896  * \internal
2897  * \brief Function to free the SSL state memory.
2898  */
2899 static void SSLStateFree(void *p)
2900 {
2901  SSLState *ssl_state = (SSLState *)p;
2902  SSLCertsChain *item;
2903 
2904  if (ssl_state->client_connp.cert0_subject)
2905  rs_cstring_free(ssl_state->client_connp.cert0_subject);
2906  if (ssl_state->client_connp.cert0_issuerdn)
2907  rs_cstring_free(ssl_state->client_connp.cert0_issuerdn);
2908  if (ssl_state->client_connp.cert0_serial)
2909  rs_cstring_free(ssl_state->client_connp.cert0_serial);
2910  if (ssl_state->client_connp.cert0_fingerprint)
2911  SCFree(ssl_state->client_connp.cert0_fingerprint);
2912  if (ssl_state->client_connp.sni)
2913  SCFree(ssl_state->client_connp.sni);
2914  if (ssl_state->client_connp.session_id)
2915  SCFree(ssl_state->client_connp.session_id);
2916  if (ssl_state->client_connp.hs_buffer)
2917  SCFree(ssl_state->client_connp.hs_buffer);
2918 
2919  if (ssl_state->server_connp.cert0_subject)
2920  rs_cstring_free(ssl_state->server_connp.cert0_subject);
2921  if (ssl_state->server_connp.cert0_issuerdn)
2922  rs_cstring_free(ssl_state->server_connp.cert0_issuerdn);
2923  if (ssl_state->server_connp.cert0_serial)
2924  rs_cstring_free(ssl_state->server_connp.cert0_serial);
2925  if (ssl_state->server_connp.cert0_fingerprint)
2926  SCFree(ssl_state->server_connp.cert0_fingerprint);
2927  if (ssl_state->server_connp.sni)
2928  SCFree(ssl_state->server_connp.sni);
2929  if (ssl_state->server_connp.session_id)
2930  SCFree(ssl_state->server_connp.session_id);
2931 
2932  if (ssl_state->client_connp.ja4)
2933  SCJA4Free(ssl_state->client_connp.ja4);
2934  if (ssl_state->client_connp.ja3_str)
2935  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2936  if (ssl_state->client_connp.ja3_hash)
2937  SCFree(ssl_state->client_connp.ja3_hash);
2938  if (ssl_state->server_connp.ja3_str)
2939  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2940  if (ssl_state->server_connp.ja3_hash)
2941  SCFree(ssl_state->server_connp.ja3_hash);
2942  if (ssl_state->server_connp.hs_buffer)
2943  SCFree(ssl_state->server_connp.hs_buffer);
2944 
2945  SSLStateCertSANFree(&ssl_state->server_connp);
2946  SSLStateCertSANFree(&ssl_state->client_connp);
2947 
2948  SCAppLayerTxDataCleanup(&ssl_state->tx_data);
2949 
2950  /* Free certificate chain */
2951  if (ssl_state->server_connp.certs_buffer)
2952  SCFree(ssl_state->server_connp.certs_buffer);
2953  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2954  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2955  SCFree(item);
2956  }
2957  TAILQ_INIT(&ssl_state->server_connp.certs);
2958  /* Free certificate chain */
2959  if (ssl_state->client_connp.certs_buffer)
2960  SCFree(ssl_state->client_connp.certs_buffer);
2961  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2962  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2963  SCFree(item);
2964  }
2965  TAILQ_INIT(&ssl_state->client_connp.certs);
2966 
2967  SSLAlpns *a;
2968  while ((a = TAILQ_FIRST(&ssl_state->server_connp.alpns))) {
2969  TAILQ_REMOVE(&ssl_state->server_connp.alpns, a, next);
2970  SCFree(a);
2971  }
2972  TAILQ_INIT(&ssl_state->server_connp.alpns);
2973  while ((a = TAILQ_FIRST(&ssl_state->client_connp.alpns))) {
2974  TAILQ_REMOVE(&ssl_state->client_connp.alpns, a, next);
2975  SCFree(a);
2976  }
2977  TAILQ_INIT(&ssl_state->client_connp.alpns);
2978 
2979  SCFree(ssl_state);
2980 }
2981 
2982 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2983 {
2984  /* do nothing */
2985 }
2986 
2987 static AppProto SSLProbingParser(Flow *f, uint8_t direction,
2988  const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2989 {
2990  /* probably a rst/fin sending an eof */
2991  if (ilen < 3)
2992  return ALPROTO_UNKNOWN;
2993 
2994  /* for now just the 3 byte header ones */
2995  /* \todo Detect the 2 byte ones */
2996  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2997  return ALPROTO_TLS;
2998  }
2999 
3000  return ALPROTO_FAILED;
3001 }
3002 
3003 static int SSLStateGetFrameIdByName(const char *frame_name)
3004 {
3005  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
3006  if (id < 0) {
3007  return -1;
3008  }
3009  return id;
3010 }
3011 
3012 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
3013 {
3014  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
3015  return name;
3016 }
3017 
3018 static int SSLStateGetEventInfo(
3019  const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
3020 {
3021  if (SCAppLayerGetEventIdByName(event_name, tls_decoder_event_table, event_id) == 0) {
3022  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3023  return 0;
3024  }
3025  return -1;
3026 }
3027 
3028 static int SSLStateGetEventInfoById(
3029  uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
3030 {
3031  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
3032  if (*event_name == NULL) {
3033  SCLogError("event \"%d\" not present in "
3034  "ssl's enum map table.",
3035  event_id);
3036  /* yes this is fatal */
3037  return -1;
3038  }
3039 
3040  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3041 
3042  return 0;
3043 }
3044 
3045 static int SSLRegisterPatternsForProtocolDetection(void)
3046 {
3047  if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
3048  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
3049  return -1;
3050  }
3051 
3052  /** SSLv3 */
3053  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3054  "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3055  {
3056  return -1;
3057  }
3058  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3059  "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3060  {
3061  return -1;
3062  }
3063 
3064  /** TLSv1 */
3065  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3066  "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3067  {
3068  return -1;
3069  }
3070  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3071  "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3072  {
3073  return -1;
3074  }
3075 
3076  /** TLSv1.1 */
3077  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3078  "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3079  {
3080  return -1;
3081  }
3082  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3083  "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3084  {
3085  return -1;
3086  }
3087 
3088  /** TLSv1.2 */
3089  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3090  "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3091  {
3092  return -1;
3093  }
3094  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3095  "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3096  {
3097  return -1;
3098  }
3099 
3100  /***** toclient direction *****/
3101 
3102  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3103  "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3104  {
3105  return -1;
3106  }
3107  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3108  "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3109  {
3110  return -1;
3111  }
3112  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3113  "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3114  {
3115  return -1;
3116  }
3117 
3118  /** TLSv1 */
3119  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3120  "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3121  {
3122  return -1;
3123  }
3124  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3125  "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3126  {
3127  return -1;
3128  }
3129  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3130  "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3131  {
3132  return -1;
3133  }
3134 
3135  /** TLSv1.1 */
3136  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3137  "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3138  {
3139  return -1;
3140  }
3141  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3142  "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3143  {
3144  return -1;
3145  }
3146  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3147  "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3148  {
3149  return -1;
3150  }
3151 
3152  /** TLSv1.2 */
3153  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3154  "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3155  {
3156  return -1;
3157  }
3158  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3159  "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3160  {
3161  return -1;
3162  }
3163  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3164  "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3165  {
3166  return -1;
3167  }
3168 
3169  /* Subsection - SSLv2 style record by client, but informing the server
3170  * the max version it supports.
3171  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
3172  * it after some tests */
3173 #if 0
3174  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3175  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
3176  {
3177  return -1;
3178  }
3179  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3180  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
3181  {
3182  return -1;
3183  }
3184 #endif
3185 
3186  return 0;
3187 }
3188 
3189 #ifdef HAVE_JA3
3190 static void CheckJA3Enabled(void)
3191 {
3192  const char *strval = NULL;
3193  /* Check if we should generate JA3 fingerprints */
3194  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3195  if (ConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3196  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3197  } else if (strcmp(strval, "auto") == 0) {
3198  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3199  } else if (ConfValIsFalse(strval)) {
3200  enable_ja3 = 0;
3201  ssl_config.disable_ja3 = true;
3202  } else if (ConfValIsTrue(strval)) {
3203  enable_ja3 = true;
3204  }
3205  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3206  if (!ssl_config.disable_ja3 && !g_disable_hashing) {
3207  /* The feature is available, i.e. _could_ be activated by a rule or
3208  even is enabled in the configuration. */
3209  ProvidesFeature(FEATURE_JA3);
3210  }
3211 }
3212 #endif /* HAVE_JA3 */
3213 
3214 #ifdef HAVE_JA4
3215 static void CheckJA4Enabled(void)
3216 {
3217  const char *strval = NULL;
3218  /* Check if we should generate JA4 fingerprints */
3219  int enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3220  if (ConfGet("app-layer.protocols.tls.ja4-fingerprints", &strval) != 1) {
3221  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3222  } else if (strcmp(strval, "auto") == 0) {
3223  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3224  } else if (ConfValIsFalse(strval)) {
3225  enable_ja4 = 0;
3226  ssl_config.disable_ja4 = true;
3227  } else if (ConfValIsTrue(strval)) {
3228  enable_ja4 = true;
3229  }
3230  SC_ATOMIC_SET(ssl_config.enable_ja4, enable_ja4);
3231  if (!ssl_config.disable_ja4 && !g_disable_hashing) {
3232  /* The feature is available, i.e. _could_ be activated by a rule or
3233  even is enabled in the configuration. */
3234  ProvidesFeature(FEATURE_JA4);
3235  }
3236 }
3237 #endif /* HAVE_JA4 */
3238 
3239 /**
3240  * \brief Function to register the SSL protocol parser and other functions
3241  */
3242 void RegisterSSLParsers(void)
3243 {
3244  const char *proto_name = "tls";
3245 
3246  SC_ATOMIC_INIT(ssl_config.enable_ja3);
3247 
3248  /** SSLv2 and SSLv23*/
3249  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
3250  AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
3251 
3252  if (SSLRegisterPatternsForProtocolDetection() < 0)
3253  return;
3254 
3255  if (RunmodeIsUnittests()) {
3256  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3257  "443",
3258  ALPROTO_TLS,
3259  0, 3,
3260  STREAM_TOSERVER,
3261  SSLProbingParser, NULL);
3262  } else {
3263  if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
3264  proto_name, ALPROTO_TLS,
3265  0, 3,
3266  SSLProbingParser, NULL) == 0) {
3267  SCLogConfig("no TLS config found, "
3268  "enabling TLS detection on port 443.");
3269  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3270  "443",
3271  ALPROTO_TLS,
3272  0, 3,
3273  STREAM_TOSERVER,
3274  SSLProbingParser, NULL);
3275  }
3276  }
3277  } else {
3278  SCLogConfig("Protocol detection and parser disabled for %s protocol",
3279  proto_name);
3280  return;
3281  }
3282 
3283  if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
3284  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
3285  SSLParseClientRecord);
3286 
3287  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3288  SSLParseServerRecord);
3289 
3290  AppLayerParserRegisterGetFrameFuncs(
3291  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3292  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3293  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3294 
3295  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3296 
3297  AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER);
3298 
3299  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3300 
3301  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3302  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3303  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3304 
3305  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3306 
3307  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3308 
3309  AppLayerParserRegisterStateProgressCompletionStatus(
3310  ALPROTO_TLS, TLS_STATE_FINISHED, TLS_STATE_FINISHED);
3311 
3312  ConfNode *enc_handle = ConfGetNode("app-layer.protocols.tls.encryption-handling");
3313  if (enc_handle != NULL && enc_handle->val != NULL) {
3314  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3315  if (strcmp(enc_handle->val, "full") == 0) {
3316  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_FULL;
3317  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3318  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3319  } else if (strcmp(enc_handle->val, "default") == 0) {
3320  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_DEFAULT;
3321  } else {
3322  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_DEFAULT;
3323  }
3324  } else {
3325  /* Get the value of no reassembly option from the config file */
3326  if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3327  int value = 0;
3328  if (ConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3329  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3330  } else {
3331  int value = 0;
3332  if (ConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 && value == 1)
3333  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3334  }
3335  }
3336  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3337 
3338 #ifdef HAVE_JA3
3339  CheckJA3Enabled();
3340 #endif /* HAVE_JA3 */
3341 #ifdef HAVE_JA4
3342  CheckJA4Enabled();
3343 #endif /* HAVE_JA4 */
3344 
3345  if (g_disable_hashing) {
3346  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3347  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3348  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3349  }
3350  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3351  SCLogWarning("Hashing has been disabled, disabling JA4");
3352  SC_ATOMIC_SET(ssl_config.enable_ja4, 0);
3353  }
3354  } else {
3355  if (RunmodeIsUnittests()) {
3356 #ifdef HAVE_JA3
3357  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3358 #endif /* HAVE_JA3 */
3359 #ifdef HAVE_JA4
3360  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3361 #endif /* HAVE_JA4 */
3362  }
3363  }
3364  } else {
3365  SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.", proto_name);
3366  }
3367 }
3368 
3369 /**
3370  * \brief if not explicitly disabled in config, enable ja3 support
3371  *
3372  * Implemented using atomic to allow rule reloads to do this at
3373  * runtime.
3374  */
3375 void SSLEnableJA3(void)
3376 {
3377  if (g_disable_hashing || ssl_config.disable_ja3) {
3378  return;
3379  }
3380  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3381  return;
3382  }
3383  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3384 }
3385 
3386 /**
3387  * \brief if not explicitly disabled in config, enable ja4 support
3388  *
3389  * Implemented using atomic to allow rule reloads to do this at
3390  * runtime.
3391  */
3392 void SSLEnableJA4(void)
3393 {
3394  if (g_disable_hashing || ssl_config.disable_ja4) {
3395  return;
3396  }
3397  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3398  return;
3399  }
3400  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3401 }
3402 
3403 /**
3404  * \brief return whether ja3 is effectively enabled
3405  *
3406  * This means that it either has been enabled explicitly or has been
3407  * enabled by having loaded a rule while not being explicitly disabled.
3408  *
3409  * \retval true if enabled, false otherwise
3410  */
3411 bool SSLJA3IsEnabled(void)
3412 {
3413  return SC_ATOMIC_GET(ssl_config.enable_ja3);
3414 }
3415 
3416 /**
3417  * \brief return whether ja4 is effectively enabled
3418  *
3419  * This means that it either has been enabled explicitly or has been
3420  * enabled by having loaded a rule while not being explicitly disabled.
3421  *
3422  * \retval true if enabled, false otherwise
3423  */
3424 bool SSLJA4IsEnabled(void)
3425 {
3426  return SC_ATOMIC_GET(ssl_config.enable_ja4);
3427 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:158
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:46
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:124
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:256
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:480
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:297
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:150
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:144
AppLayerProtoDetectPPParseConfPorts
int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1565
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
JA3Buffer_
Definition: util-ja3.h:31
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:226
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:199
TLS_DECODER_EVENT_INVALID_ALERT
@ TLS_DECODER_EVENT_INVALID_ALERT
Definition: app-layer-ssl.h:59
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:203
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:63
SSL_AL_FLAG_HANDSHAKE_DONE
#define SSL_AL_FLAG_HANDSHAKE_DONE
Definition: app-layer-ssl.h:114
ConfNode_::val
char * val
Definition: conf.h:34
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:482
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:132
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:175
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:307
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:143
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:243
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:315
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:39
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3392
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:128
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:251
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:38
TLS_STATE_CERT_READY
@ TLS_STATE_CERT_READY
Definition: app-layer-ssl.h:79
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:186
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:316
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:259
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:117
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:85
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:254
SSLStateConnp_
Definition: app-layer-ssl.h:236
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:338
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1537
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:279
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:136
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:253
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:78
Flow_
Flow data structure.
Definition: flow.h:354
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:149
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:298
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:100
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: util-file.h:40
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:167
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:528
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:408
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:301
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:257
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:169
TLS_VERSION_13_DRAFT25
@ TLS_VERSION_13_DRAFT25
Definition: app-layer-ssl.h:173
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:490
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:162
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:184
SSLAlpns_::size
uint32_t size
Definition: app-layer-ssl.h:232
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:313
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Definition: util-ja3.c:314
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:68
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:176
TLS_VERSION_11
@ TLS_VERSION_11
Definition: app-layer-ssl.h:167
MIN
#define MIN(x, y)
Definition: suricata-common.h:400
SSLAlpns_
Definition: app-layer-ssl.h:230
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:125
util-ja3.h
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:102
TLS_VERSION_13_DRAFT20_FB
@ TLS_VERSION_13_DRAFT20_FB
Definition: app-layer-ssl.h:184
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:300
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:266
SSLStateConnp_::ja4
JA4 * ja4
Definition: app-layer-ssl.h:281
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:173
MAX
#define MAX(x, y)
Definition: suricata-common.h:404
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:286
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:39
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:122
TLS_VERSION_UNKNOWN
@ TLS_VERSION_UNKNOWN
Definition: app-layer-ssl.h:163
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:65
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:121
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:240
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:88
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:257
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:536
SSL_VERSION_2
@ SSL_VERSION_2
Definition: app-layer-ssl.h:164
TLS_VERSION_13_DRAFT16
@ TLS_VERSION_13_DRAFT16
Definition: app-layer-ssl.h:182
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:119
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:288
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:93
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:94
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:260
TLS_VERSION_13_DRAFT17
@ TLS_VERSION_13_DRAFT17
Definition: app-layer-ssl.h:181
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:311
AppLayerProtoDetectPPRegister
void AppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1525
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:111
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:185
app-layer-detect-proto.h
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:74
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:209
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
SSL_CNF_ENC_HANDLE_DEFAULT
@ SSL_CNF_ENC_HANDLE_DEFAULT
Definition: app-layer-ssl.c:140
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:73
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
feature.h
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:62
decode.h
util-debug.h
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
AppLayerParserState_
Definition: app-layer-parser.c:129
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:198
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3411
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:134
TLS_VERSION_13_DRAFT24
@ TLS_VERSION_13_DRAFT24
Definition: app-layer-ssl.h:174
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Definition: util-ja3.c:309
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:248
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:187
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:208
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:289
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:273
SSLCertsChain_
Definition: app-layer-ssl.h:224
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:555
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:263
TLS_VERSION_13_DRAFT21_FB
@ TLS_VERSION_13_DRAFT21_FB
Definition: app-layer-ssl.h:185
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:131
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:429
AppLayerProtoDetectPMRegisterPatternCSwPP
int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1652
SSLVersionToString
void SSLVersionToString(uint16_t version, char *buffer)
Definition: app-layer-ssl.c:333
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:36
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:99
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:158
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:565
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:139
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:110
TLS_VERSION_13_DRAFT22_FB
@ TLS_VERSION_13_DRAFT22_FB
Definition: app-layer-ssl.h:186
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:101
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:190
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:182
SSL_EXTENSION_ALPN
#define SSL_EXTENSION_ALPN
Definition: app-layer-ssl.h:146
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:71
type
uint16_t type
Definition: decode-vlan.c:106
TLS_STATE_FINISHED
@ TLS_STATE_FINISHED
Definition: app-layer-ssl.h:81
TLS_VERSION_12
@ TLS_VERSION_12
Definition: app-layer-ssl.h:168
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:40
conf.h
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
SSL_CONFIG_DEFAULT_JA4
#define SSL_CONFIG_DEFAULT_JA4
Definition: app-layer-ssl.c:137
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:120
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3375
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:238
SslConfig_
Definition: app-layer-ssl.c:145
SSL_AL_FLAG_STATE_FINISHED
#define SSL_AL_FLAG_STATE_FINISHED
Definition: app-layer-ssl.h:106
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
name
const char * name
Definition: tm-threads.c:2081
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:181
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1757
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:161
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:159
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:188
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:225
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:255
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:274
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:35
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:396
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:136
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:174
TLS_VERSION_13_DRAFT20
@ TLS_VERSION_13_DRAFT20
Definition: app-layer-ssl.h:178
TLS_VERSION_13_DRAFT18
@ TLS_VERSION_13_DRAFT18
Definition: app-layer-ssl.h:180
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:85
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:205
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:510
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1782
SSLDecoderResult
Definition: app-layer-ssl.c:207
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:61
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1389
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:255
TLS_VERSION_13_DRAFT22
@ TLS_VERSION_13_DRAFT22
Definition: app-layer-ssl.h:176
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:192
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:211
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:73
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:91
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:291
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3242
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:194
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:216
TLS_VERSION_10
@ TLS_VERSION_10
Definition: app-layer-ssl.h:166
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:147
SSL_EXTENSION_SIGNATURE_ALGORITHMS
#define SSL_EXTENSION_SIGNATURE_ALGORITHMS
Definition: app-layer-ssl.h:145
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Definition: util-ja3.c:319
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:148
SCEnumCharMap_
Definition: util-enum.h:27
SSLAlpns_::alpn
uint8_t alpn[]
Definition: app-layer-ssl.h:233
TLS_VERSION_13_DRAFT21
@ TLS_VERSION_13_DRAFT21
Definition: app-layer-ssl.h:177
TLS_VERSION_13
@ TLS_VERSION_13
Definition: app-layer-ssl.h:169
TLS_VERSION_13_DRAFT26_FB
@ TLS_VERSION_13_DRAFT26_FB
Definition: app-layer-ssl.h:188
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:246
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:270
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:586
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:287
TLS_VERSION_13_DRAFT23
@ TLS_VERSION_13_DRAFT23
Definition: app-layer-ssl.h:175
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:221
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:576
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:457
FEATURE_JA4
#define FEATURE_JA4
Definition: feature.h:30
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:146
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:165
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:87
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:171
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:152
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:183
SSL_VERSION_3
@ SSL_VERSION_3
Definition: app-layer-ssl.h:165
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:155
str
#define str(s)
Definition: suricata-common.h:300
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:64
src
uint16_t src
Definition: app-layer-dnp3.h:5
TLS_HANDSHAKE_DONE
@ TLS_HANDSHAKE_DONE
Definition: app-layer-ssl.h:80
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:180
TLS_VERSION_13_PRE_DRAFT16
@ TLS_VERSION_13_PRE_DRAFT16
Definition: app-layer-ssl.h:183
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:561
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:72
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:95
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:160
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3424
SSLStateConnp_::cert0_sans_len
uint16_t cert0_sans_len
Definition: app-layer-ssl.h:264
SslConfig_::disable_ja4
bool disable_ja4
Definition: app-layer-ssl.c:152
TLS_VERSION_13_DRAFT23_FB
@ TLS_VERSION_13_DRAFT23_FB
Definition: app-layer-ssl.h:187
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:33
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:166
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:69
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:276
TLS_VERSION_13_DRAFT19
@ TLS_VERSION_13_DRAFT19
Definition: app-layer-ssl.h:179
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:195
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:111
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja4)
app-layer-protos.h
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:67
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:120
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:127
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:500
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:141
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:65
SslConfig
struct SslConfig_ SslConfig
TLS_VERSION_13_DRAFT28
@ TLS_VERSION_13_DRAFT28
Definition: app-layer-ssl.h:170
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:66
FEATURE_JA3
#define FEATURE_JA3
Definition: feature.h:29
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:543
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:96
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:130
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1639
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:61
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:37
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:268
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:142
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:261
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:201
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:278
TLS_STATE_IN_PROGRESS
@ TLS_STATE_IN_PROGRESS
Definition: app-layer-ssl.h:78
AppLayerParserStateIssetFlag
uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1790
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:172
util-enum.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:285
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1949
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:70
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:131
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:258
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
TLS_VERSION_13_DRAFT26
@ TLS_VERSION_13_DRAFT26
Definition: app-layer-ssl.h:172
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:168
SCAppLayerGetEventIdByName
int SCAppLayerGetEventIdByName(const char *event_name, SCEnumCharMap *table, uint8_t *event_id)
Definition: app-layer-events.c:28
WARN_UNUSED
#define WARN_UNUSED
Definition: suricata-common.h:412
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:124
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:177
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:109
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:126
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:92
TLS_VERSION_13_DRAFT27
@ TLS_VERSION_13_DRAFT27
Definition: app-layer-ssl.h:171
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:142
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:123
SSLStateConnp_::cert0_sans
char ** cert0_sans
Definition: app-layer-ssl.h:263
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:304
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:245
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:170
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:211