suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 #include "threads.h"
30 
31 #include "stream-tcp-private.h"
32 #include "stream-tcp-reassemble.h"
33 #include "stream-tcp.h"
34 #include "stream.h"
35 
36 #include "app-layer.h"
37 #include "app-layer-detect-proto.h"
38 #include "app-layer-protos.h"
39 #include "app-layer-parser.h"
40 #include "app-layer-frames.h"
41 #include "app-layer-ssl.h"
42 
43 #include "decode-events.h"
44 #include "conf.h"
45 
46 #include "util-spm.h"
47 #include "util-unittest.h"
48 #include "util-debug.h"
49 #include "util-print.h"
50 #include "util-pool.h"
51 #include "util-byte.h"
52 #include "util-ja3.h"
53 #include "util-enum.h"
54 #include "flow-util.h"
55 #include "flow-private.h"
56 #include "util-validate.h"
57 
59  {
60  "pdu",
62  },
63  {
64  "hdr",
66  },
67  {
68  "data",
70  },
71  {
72  "alert",
74  },
75  {
76  "heartbeat",
78  },
79  {
80  "ssl2.hdr",
82  },
83  {
84  "ssl2.pdu",
86  },
87  { NULL, -1 },
88 };
89 
91  /* TLS protocol messages */
92  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
93  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
94  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
95  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
96  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
97  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
98  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
99  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
100  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
101  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
102  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
103  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
104  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
105  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
106  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
107  /* certificate decoding messages */
108  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
109  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
110  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
111  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
112  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
114  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
115  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
116  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
117  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
118  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
119  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
120  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
121  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
122  /* used as a generic error event */
123  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
124  { NULL, -1 },
125 };
126 
127 enum {
128  /* X.509 error codes, returned by decoder
129  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
139 
140  /* error getting data */
144 };
145 
146 /* JA3 fingerprints are disabled by default */
147 #define SSL_CONFIG_DEFAULT_JA3 0
148 
150  SSL_CNF_ENC_HANDLE_DEFAULT = 0, /**< disable raw content, continue tracking */
151  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
152  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
153 };
154 
155 typedef struct SslConfig_ {
157  /** dynamic setting for ja3: can be enabled on demand if not explicitly
158  * disabled. */
159  SC_ATOMIC_DECLARE(int, enable_ja3);
160  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
162 
164 
165 /* SSLv3 record types */
166 #define SSLV3_CHANGE_CIPHER_SPEC 20
167 #define SSLV3_ALERT_PROTOCOL 21
168 #define SSLV3_HANDSHAKE_PROTOCOL 22
169 #define SSLV3_APPLICATION_PROTOCOL 23
170 #define SSLV3_HEARTBEAT_PROTOCOL 24
171 
172 /* SSLv3 handshake protocol types */
173 #define SSLV3_HS_HELLO_REQUEST 0
174 #define SSLV3_HS_CLIENT_HELLO 1
175 #define SSLV3_HS_SERVER_HELLO 2
176 #define SSLV3_HS_NEW_SESSION_TICKET 4
177 #define SSLV3_HS_CERTIFICATE 11
178 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
179 #define SSLV3_HS_CERTIFICATE_REQUEST 13
180 #define SSLV3_HS_SERVER_HELLO_DONE 14
181 #define SSLV3_HS_CERTIFICATE_VERIFY 15
182 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
183 #define SSLV3_HS_FINISHED 20
184 #define SSLV3_HS_CERTIFICATE_URL 21
185 #define SSLV3_HS_CERTIFICATE_STATUS 22
186 
187 /* SSLv2 protocol message types */
188 #define SSLV2_MT_ERROR 0
189 #define SSLV2_MT_CLIENT_HELLO 1
190 #define SSLV2_MT_CLIENT_MASTER_KEY 2
191 #define SSLV2_MT_CLIENT_FINISHED 3
192 #define SSLV2_MT_SERVER_HELLO 4
193 #define SSLV2_MT_SERVER_VERIFY 5
194 #define SSLV2_MT_SERVER_FINISHED 6
195 #define SSLV2_MT_REQUEST_CERTIFICATE 7
196 #define SSLV2_MT_CLIENT_CERTIFICATE 8
197 
198 #define SSLV3_RECORD_HDR_LEN 5
199 #define SSLV3_MESSAGE_HDR_LEN 4
200 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
201 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
202 
203 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
204 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
205 
206 /* TLS heartbeat protocol types */
207 #define TLS_HB_REQUEST 1
208 #define TLS_HB_RESPONSE 2
209 
210 #define SSL_RECORD_MINIMUM_LENGTH 6
211 
212 #define SHA1_STRING_LENGTH 60
213 
214 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
215 
217  int retval; // nr bytes consumed from input, or < 0 on error
218  uint32_t needed; // more bytes needed
219 };
220 #define SSL_DECODER_ERROR(e) \
221  (struct SSLDecoderResult) \
222  { \
223  (e), 0 \
224  }
225 #define SSL_DECODER_OK(c) \
226  (struct SSLDecoderResult) \
227  { \
228  (c), 0 \
229  }
230 #define SSL_DECODER_INCOMPLETE(c, n) \
231  (struct SSLDecoderResult) \
232  { \
233  (c), (n) \
234  }
235 
236 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
237  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
238 
239 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
240  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
241 {
242  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
243  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
244  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
245  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
246 
247  if (dst_offset < dst_size && src_offset < src_size &&
248  src_tocopy <= (src_size - src_offset) &&
249  src_tocopy <= (dst_size - dst_offset)) {
250  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
251  return 0;
252  }
253  return -1;
254 }
255 
256 #ifdef DEBUG_VALIDATION
257 #define ValidateRecordState(connp) \
258  do { \
259  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
260  (connp)->bytes_processed); \
261  } while(0);
262 #else
263 #define ValidateRecordState(...)
264 #endif
265 
266 #define SSLParserHSReset(connp) \
267  do { \
268  (connp)->handshake_type = 0; \
269  (connp)->message_length = 0; \
270  } while (0)
271 
272 #define SSLParserReset(state) \
273  do { \
274  SCLogDebug("resetting state"); \
275  (state)->curr_connp->bytes_processed = 0; \
276  SSLParserHSReset((state)->curr_connp); \
277  } while(0)
278 
279 #define SSLSetEvent(ssl_state, event) \
280  do { \
281  SCLogDebug("setting event %u", (event)); \
282  if ((ssl_state) == NULL) { \
283  SCLogDebug("could not set decoder event %u", event); \
284  } else { \
285  AppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
286  (ssl_state)->events++; \
287  } \
288  } while (0)
289 
290 static void *SSLGetTx(void *state, uint64_t tx_id)
291 {
292  SSLState *ssl_state = (SSLState *)state;
293  return ssl_state;
294 }
295 
296 static uint64_t SSLGetTxCnt(void *state)
297 {
298  /* single tx */
299  return 1;
300 }
301 
302 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
303 {
304  SSLState *ssl_state = (SSLState *)tx;
305 
306  /* we don't care about direction, only that app-layer parser is done
307  and have sent an EOF */
308  if (ssl_state->flags & SSL_AL_FLAG_STATE_FINISHED) {
309  return TLS_STATE_FINISHED;
310  }
311 
312  /* we want the logger to log when the handshake is done, even if the
313  state is not finished */
314  if (ssl_state->flags & SSL_AL_FLAG_HANDSHAKE_DONE) {
315  return TLS_HANDSHAKE_DONE;
316  }
317 
318  if (direction == STREAM_TOSERVER &&
319  (ssl_state->server_connp.cert0_subject != NULL ||
320  ssl_state->server_connp.cert0_issuerdn != NULL))
321  {
322  return TLS_STATE_CERT_READY;
323  }
324 
325  return TLS_STATE_IN_PROGRESS;
326 }
327 
328 static AppLayerTxData *SSLGetTxData(void *vtx)
329 {
330  SSLState *ssl_state = (SSLState *)vtx;
331  return &ssl_state->tx_data;
332 }
333 
334 void SSLVersionToString(uint16_t version, char *buffer)
335 {
336  buffer[0] = '\0';
337 
338  switch (version) {
339  case TLS_VERSION_UNKNOWN:
340  strlcat(buffer, "UNDETERMINED", 13);
341  break;
342  case SSL_VERSION_2:
343  strlcat(buffer, "SSLv2", 6);
344  break;
345  case SSL_VERSION_3:
346  strlcat(buffer, "SSLv3", 6);
347  break;
348  case TLS_VERSION_10:
349  strlcat(buffer, "TLSv1", 6);
350  break;
351  case TLS_VERSION_11:
352  strlcat(buffer, "TLS 1.1", 8);
353  break;
354  case TLS_VERSION_12:
355  strlcat(buffer, "TLS 1.2", 8);
356  break;
357  case TLS_VERSION_13:
358  strlcat(buffer, "TLS 1.3", 8);
359  break;
361  strlcat(buffer, "TLS 1.3 draft-28", 17);
362  break;
364  strlcat(buffer, "TLS 1.3 draft-27", 17);
365  break;
367  strlcat(buffer, "TLS 1.3 draft-26", 17);
368  break;
370  strlcat(buffer, "TLS 1.3 draft-25", 17);
371  break;
373  strlcat(buffer, "TLS 1.3 draft-24", 17);
374  break;
376  strlcat(buffer, "TLS 1.3 draft-23", 17);
377  break;
379  strlcat(buffer, "TLS 1.3 draft-22", 17);
380  break;
382  strlcat(buffer, "TLS 1.3 draft-21", 17);
383  break;
385  strlcat(buffer, "TLS 1.3 draft-20", 17);
386  break;
388  strlcat(buffer, "TLS 1.3 draft-19", 17);
389  break;
391  strlcat(buffer, "TLS 1.3 draft-18", 17);
392  break;
394  strlcat(buffer, "TLS 1.3 draft-17", 17);
395  break;
397  strlcat(buffer, "TLS 1.3 draft-16", 17);
398  break;
400  strlcat(buffer, "TLS 1.3 draft-<16", 18);
401  break;
403  strlcat(buffer, "TLS 1.3 draft-20-fb", 20);
404  break;
406  strlcat(buffer, "TLS 1.3 draft-21-fb", 20);
407  break;
409  strlcat(buffer, "TLS 1.3 draft-22-fb", 20);
410  break;
412  strlcat(buffer, "TLS 1.3 draft-23-fb", 20);
413  break;
415  strlcat(buffer, "TLS 1.3 draft-26-fb", 20);
416  break;
417  default:
418  snprintf(buffer, 7, "0x%04x", version);
419  break;
420  }
421 }
422 
423 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
424 {
425  switch(err) {
428  break;
429  case ERR_EXTRACT_ISSUER:
431  break;
432  case ERR_EXTRACT_SUBJECT:
434  break;
435  case ERR_INVALID_DER:
437  break;
440  break;
441  case ERR_INVALID_DATE:
443  break;
446  break;
449  break;
450  case ERR_INVALID_SERIAL:
452  break;
453  case ERR_INVALID_VERSION:
455  break;
456  case ERR_INVALID_LENGTH:
458  break;
460  default:
462  break;
463  }
464 }
465 
466 static inline int TlsDecodeHSCertificateFingerprint(
467  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
468 {
469  if (unlikely(connp->cert0_fingerprint != NULL))
470  return 0;
471 
472  connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH * sizeof(char));
473  if (connp->cert0_fingerprint == NULL)
474  return -1;
475 
476  uint8_t hash[SC_SHA1_LEN];
477  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
478  rs_to_hex_sep(
479  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
480  }
481  return 0;
482 }
483 
484 static inline int TlsDecodeHSCertificateAddCertToChain(
485  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
486 {
487  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
488  if (cert == NULL)
489  return -1;
490 
491  cert->cert_data = (uint8_t *)input;
492  cert->cert_len = cert_len;
493  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
494 
495  return 0;
496 }
497 
498 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
499  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
500 {
501  const uint8_t *input = (uint8_t *)initial_input;
502  uint32_t err_code = 0;
503  X509 *x509 = NULL;
504  int rc = 0;
505 
506  if (!(HAS_SPACE(3)))
507  goto invalid_cert;
508 
509  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
510  input += 3;
511 
512  if (!(HAS_SPACE(cert_len)))
513  goto invalid_cert;
514 
515  /* only store fields from the first certificate in the chain */
516  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
517  connp->cert0_serial == NULL) {
518  int64_t not_before, not_after;
519 
520  x509 = rs_x509_decode(input, cert_len, &err_code);
521  if (x509 == NULL) {
522  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
523  goto next;
524  }
525 
526  char *str = rs_x509_get_subject(x509);
527  if (str == NULL) {
528  err_code = ERR_EXTRACT_SUBJECT;
529  goto error;
530  }
531  connp->cert0_subject = str;
532 
533  str = rs_x509_get_issuer(x509);
534  if (str == NULL) {
535  err_code = ERR_EXTRACT_ISSUER;
536  goto error;
537  }
538  connp->cert0_issuerdn = str;
539 
540  str = rs_x509_get_serial(x509);
541  if (str == NULL) {
542  err_code = ERR_INVALID_SERIAL;
543  goto error;
544  }
545  connp->cert0_serial = str;
546 
547  rc = rs_x509_get_validity(x509, &not_before, &not_after);
548  if (rc != 0) {
549  err_code = ERR_EXTRACT_VALIDITY;
550  goto error;
551  }
552  connp->cert0_not_before = (time_t)not_before;
553  connp->cert0_not_after = (time_t)not_after;
554 
555  rs_x509_free(x509);
556  x509 = NULL;
557 
558  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
559  if (rc != 0) {
560  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
561  goto error;
562  }
563  }
564 
565  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
566  if (rc != 0) {
567  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
568  goto error;
569  }
570 
571 next:
572  input += cert_len;
573  return (input - initial_input);
574 
575 error:
576  if (err_code != 0)
577  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
578  if (x509 != NULL)
579  rs_x509_free(x509);
580  return -1;
581 
582 invalid_cert:
583  SCLogDebug("TLS invalid certificate");
585  return -1;
586 }
587 
588 /** \internal
589  * \brief parse cert data in a certificate handshake message
590  * will be called with all data.
591  * \retval consumed bytes consumed or -1 on error
592  */
593 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
594  const uint8_t *const initial_input, const uint32_t input_len)
595 {
596  const uint8_t *input = (uint8_t *)initial_input;
597 
598  if (!(HAS_SPACE(3)))
599  return -1;
600 
601  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
602  input += 3;
603 
604  if (!(HAS_SPACE(cert_chain_len)))
605  return -1;
606 
607  if (connp->certs_buffer != NULL) {
608  // TODO should we set an event here?
609  return -1;
610  }
611 
612  connp->certs_buffer = SCCalloc(1, cert_chain_len);
613  if (connp->certs_buffer == NULL) {
614  return -1;
615  }
616  connp->certs_buffer_size = cert_chain_len;
617  memcpy(connp->certs_buffer, input, cert_chain_len);
618 
619  int cert_cnt = 0;
620  uint32_t processed_len = 0;
621  /* coverity[tainted_data] */
622  while (processed_len < cert_chain_len) {
623  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
624  connp->certs_buffer_size - processed_len, cert_cnt);
625  if (rc <= 0) { // 0 should be impossible, but lets be defensive
626  return -1;
627  }
628  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
629  if (processed_len + (uint32_t)rc > cert_chain_len) {
630  return -1;
631  }
632 
633  processed_len += (uint32_t)rc;
634  }
635 
636  return processed_len + 3;
637 }
638 
639 /**
640  * \inline
641  * \brief Check if value is GREASE.
642  *
643  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
644  *
645  * \param value Value to check.
646  *
647  * \retval 1 if is GREASE.
648  * \retval 0 if not is GREASE.
649  */
650 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
651 {
652  switch (value)
653  {
654  case 0x0a0a:
655  case 0x1a1a:
656  case 0x2a2a:
657  case 0x3a3a:
658  case 0x4a4a:
659  case 0x5a5a:
660  case 0x6a6a:
661  case 0x7a7a:
662  case 0x8a8a:
663  case 0x9a9a:
664  case 0xaaaa:
665  case 0xbaba:
666  case 0xcaca:
667  case 0xdada:
668  case 0xeaea:
669  case 0xfafa:
670  return 1;
671  default:
672  return 0;
673  }
674 }
675 
676 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
677  const uint8_t * const initial_input,
678  const uint32_t input_len)
679 {
680  uint8_t *input = (uint8_t *)initial_input;
681 
683  SCLogDebug("TLS handshake invalid length");
684  SSLSetEvent(ssl_state,
686  return -1;
687  }
688 
689  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
690  ssl_state->curr_connp->version = version;
691 
692  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
693  versions, instead of using the supported versions extension. */
694  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
695  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
696  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
697  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
698  }
699 
700  /* Catch some early TLSv1.3 draft implementations that does not conform
701  to the draft version. */
702  if ((ssl_state->curr_connp->version >= 0x7f01) &&
703  (ssl_state->curr_connp->version < 0x7f10)) {
705  }
706 
707  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
708  version number, which makes it hard to accurately pinpoint the
709  exact draft version. */
710  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
712  }
713 
714  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
715  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
716  if (ssl_state->curr_connp->ja3_str == NULL)
717  return -1;
718 
719  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
720  if (rc != 0)
721  return -1;
722  }
723 
725 
726  return (input - initial_input);
727 }
728 
729 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
730  const uint8_t * const initial_input,
731  const uint32_t input_len)
732 {
733  uint8_t *input = (uint8_t *)initial_input;
734 
736  SCLogDebug("TLS handshake invalid length");
737  SSLSetEvent(ssl_state,
739  return -1;
740  }
741 
743  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
744  ssl_state->flags |= TLS_TS_RANDOM_SET;
745  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
746  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
747  ssl_state->flags |= TLS_TC_RANDOM_SET;
748  }
749 
750  /* Skip random */
752 
753  return (input - initial_input);
754 }
755 
756 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
757  const uint8_t * const initial_input,
758  const uint32_t input_len)
759 {
760  uint8_t *input = (uint8_t *)initial_input;
761 
762  if (!(HAS_SPACE(1)))
763  goto invalid_length;
764 
765  uint8_t session_id_length = *input;
766  input += 1;
767 
768  if (!(HAS_SPACE(session_id_length)))
769  goto invalid_length;
770 
771  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
772  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
773 
774  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
775  return -1;
776  }
777 
778  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
779  input, 0, input_len, session_id_length) != 0) {
780  return -1;
781  }
782  ssl_state->curr_connp->session_id_length = session_id_length;
783 
784  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
785  ssl_state->client_connp.session_id != NULL &&
786  ssl_state->server_connp.session_id != NULL) {
787  if ((ssl_state->client_connp.session_id_length ==
788  ssl_state->server_connp.session_id_length) &&
789  (memcmp(ssl_state->server_connp.session_id,
790  ssl_state->client_connp.session_id, session_id_length) == 0)) {
791  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
792  }
793  }
794  }
795 
796  input += session_id_length;
797 
798  return (input - initial_input);
799 
800 invalid_length:
801  SCLogDebug("TLS handshake invalid length");
802  SSLSetEvent(ssl_state,
804  return -1;
805 }
806 
807 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
808  const uint8_t * const initial_input,
809  const uint32_t input_len)
810 {
811  const uint8_t *input = initial_input;
812 
813  if (!(HAS_SPACE(2)))
814  goto invalid_length;
815 
816  uint16_t cipher_suites_length;
817 
819  cipher_suites_length = 2;
820  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
821  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
822  input += 2;
823  } else {
824  return -1;
825  }
826 
827  if (!(HAS_SPACE(cipher_suites_length)))
828  goto invalid_length;
829 
830  /* Cipher suites length should always be divisible by 2 */
831  if ((cipher_suites_length % 2) != 0) {
832  goto invalid_length;
833  }
834 
835  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
836  JA3Buffer *ja3_cipher_suites = Ja3BufferInit();
837  if (ja3_cipher_suites == NULL)
838  return -1;
839 
840  uint16_t processed_len = 0;
841  /* coverity[tainted_data] */
842  while (processed_len < cipher_suites_length)
843  {
844  if (!(HAS_SPACE(2))) {
845  Ja3BufferFree(&ja3_cipher_suites);
846  goto invalid_length;
847  }
848 
849  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
850  input += 2;
851 
852  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
853  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
854  if (rc != 0) {
855  return -1;
856  }
857  }
858 
859  processed_len += 2;
860  }
861 
862  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
863  &ja3_cipher_suites);
864  if (rc == -1) {
865  return -1;
866  }
867 
868  } else {
869  /* Skip cipher suites */
870  input += cipher_suites_length;
871  }
872 
873  return (input - initial_input);
874 
875 invalid_length:
876  SCLogDebug("TLS handshake invalid length");
877  SSLSetEvent(ssl_state,
879  return -1;
880 }
881 
882 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
883  const uint8_t * const initial_input,
884  const uint32_t input_len)
885 {
886  const uint8_t *input = initial_input;
887 
888  if (!(HAS_SPACE(1)))
889  goto invalid_length;
890 
891  /* Skip compression methods */
893  input += 1;
894  } else {
895  uint8_t compression_methods_length = *input;
896  input += 1;
897 
898  if (!(HAS_SPACE(compression_methods_length)))
899  goto invalid_length;
900 
901  input += compression_methods_length;
902  }
903 
904  return (input - initial_input);
905 
906 invalid_length:
907  SCLogDebug("TLS handshake invalid_length");
908  SSLSetEvent(ssl_state,
910  return -1;
911 }
912 
913 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
914  const uint8_t * const initial_input,
915  const uint32_t input_len)
916 {
917  uint8_t *input = (uint8_t *)initial_input;
918 
919  /* Empty extension */
920  if (input_len == 0)
921  return 0;
922 
923  if (!(HAS_SPACE(2)))
924  goto invalid_length;
925 
926  /* Skip sni_list_length */
927  input += 2;
928 
929  if (!(HAS_SPACE(1)))
930  goto invalid_length;
931 
932  uint8_t sni_type = *input;
933  input += 1;
934 
935  /* Currently the only type allowed is host_name
936  (RFC6066 section 3). */
937  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
938  SCLogDebug("Unknown SNI type");
939  SSLSetEvent(ssl_state,
941  return -1;
942  }
943 
944  if (!(HAS_SPACE(2)))
945  goto invalid_length;
946 
947  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
948  input += 2;
949 
950  /* host_name contains the fully qualified domain name,
951  and should therefore be limited by the maximum domain
952  name length. */
953  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
954  SSLSetEvent(ssl_state,
956  return -1;
957  }
958 
959  /* There must not be more than one extension of the same
960  type (RFC5246 section 7.4.1.4). */
961  if (ssl_state->curr_connp->sni) {
962  SCLogDebug("Multiple SNI extensions");
963  SSLSetEvent(ssl_state,
965  input += sni_len;
966  return (input - initial_input);
967  }
968 
969  const size_t sni_strlen = sni_len + 1;
970  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
971  if (unlikely(ssl_state->curr_connp->sni == NULL))
972  return -1;
973 
974  const size_t consumed = input - initial_input;
975  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
976  initial_input, consumed, input_len, sni_len) != 0) {
977  SCFree(ssl_state->curr_connp->sni);
978  ssl_state->curr_connp->sni = NULL;
979  return -1;
980  }
981  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
982 
983  input += sni_len;
984 
985  return (input - initial_input);
986 
987 invalid_length:
988  SCLogDebug("TLS handshake invalid length");
989  SSLSetEvent(ssl_state,
991 
992 
993  return -1;
994 }
995 
996 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
997  const uint8_t * const initial_input,
998  const uint32_t input_len)
999 {
1000  const uint8_t *input = initial_input;
1001 
1002  /* Empty extension */
1003  if (input_len == 0)
1004  return 0;
1005 
1006  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1007  if (!(HAS_SPACE(1)))
1008  goto invalid_length;
1009 
1010  uint8_t supported_ver_len = *input;
1011  input += 1;
1012 
1013  if (supported_ver_len < 2)
1014  goto invalid_length;
1015 
1016  if (!(HAS_SPACE(supported_ver_len)))
1017  goto invalid_length;
1018 
1019  /* Use the first (and prefered) valid version as client version,
1020  * skip over GREASE and other possible noise. */
1021  uint16_t i = 0;
1022  while (i < (uint16_t)supported_ver_len) {
1023  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1024  if (TLSVersionValid(ver)) {
1025  ssl_state->curr_connp->version = ver;
1026  break;
1027  }
1028  i += 2;
1029  }
1030 
1031  /* Set a flag to indicate that we have seen this extension */
1033 
1034  input += supported_ver_len;
1035  }
1036  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1037  if (!(HAS_SPACE(2)))
1038  goto invalid_length;
1039 
1040  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1041 
1042  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1043  (ver > TLS_VERSION_12)) {
1044  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1045  }
1046 
1047  ssl_state->curr_connp->version = ver;
1048  input += 2;
1049  }
1050 
1051  return (input - initial_input);
1052 
1053 invalid_length:
1054  SCLogDebug("TLS handshake invalid length");
1055  SSLSetEvent(ssl_state,
1057 
1058  return -1;
1059 }
1060 
1061 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1062  const uint8_t * const initial_input,
1063  const uint32_t input_len,
1064  JA3Buffer *ja3_elliptic_curves)
1065 {
1066  const uint8_t *input = initial_input;
1067 
1068  /* Empty extension */
1069  if (input_len == 0)
1070  return 0;
1071 
1072  if (!(HAS_SPACE(2)))
1073  goto invalid_length;
1074 
1075  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1076  input += 2;
1077 
1078  if (!(HAS_SPACE(elliptic_curves_len)))
1079  goto invalid_length;
1080 
1081  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1082  SC_ATOMIC_GET(ssl_config.enable_ja3)) {
1083  uint16_t ec_processed_len = 0;
1084  /* coverity[tainted_data] */
1085  while (ec_processed_len < elliptic_curves_len)
1086  {
1087  if (!(HAS_SPACE(2)))
1088  goto invalid_length;
1089 
1090  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1091  input += 2;
1092 
1093  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1094  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1095  elliptic_curve);
1096  if (rc != 0)
1097  return -1;
1098  }
1099 
1100  ec_processed_len += 2;
1101  }
1102 
1103  } else {
1104  /* Skip elliptic curves */
1105  input += elliptic_curves_len;
1106  }
1107 
1108  return (input - initial_input);
1109 
1110 invalid_length:
1111  SCLogDebug("TLS handshake invalid length");
1112  SSLSetEvent(ssl_state,
1114 
1115  return -1;
1116 }
1117 
1118 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1119  const uint8_t * const initial_input,
1120  const uint32_t input_len,
1121  JA3Buffer *ja3_elliptic_curves_pf)
1122 {
1123  const uint8_t *input = initial_input;
1124 
1125  /* Empty extension */
1126  if (input_len == 0)
1127  return 0;
1128 
1129  if (!(HAS_SPACE(1)))
1130  goto invalid_length;
1131 
1132  uint8_t ec_pf_len = *input;
1133  input += 1;
1134 
1135  if (!(HAS_SPACE(ec_pf_len)))
1136  goto invalid_length;
1137 
1138  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1139  SC_ATOMIC_GET(ssl_config.enable_ja3)) {
1140  uint8_t ec_pf_processed_len = 0;
1141  /* coverity[tainted_data] */
1142  while (ec_pf_processed_len < ec_pf_len)
1143  {
1144  uint8_t elliptic_curve_pf = *input;
1145  input += 1;
1146 
1147  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1148  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1149  elliptic_curve_pf);
1150  if (rc != 0)
1151  return -1;
1152  }
1153 
1154  ec_pf_processed_len += 1;
1155  }
1156 
1157  } else {
1158  /* Skip elliptic curve point formats */
1159  input += ec_pf_len;
1160  }
1161 
1162  return (input - initial_input);
1163 
1164 invalid_length:
1165  SCLogDebug("TLS handshake invalid length");
1166  SSLSetEvent(ssl_state,
1168 
1169  return -1;
1170 }
1171 
1172 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1173  const uint8_t * const initial_input,
1174  const uint32_t input_len)
1175 {
1176  const uint8_t *input = initial_input;
1177 
1178  int ret;
1179  int rc;
1180  const bool ja3 = (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1);
1181 
1182  JA3Buffer *ja3_extensions = NULL;
1183  JA3Buffer *ja3_elliptic_curves = NULL;
1184  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1185 
1186  if (ja3) {
1187  ja3_extensions = Ja3BufferInit();
1188  if (ja3_extensions == NULL)
1189  goto error;
1190 
1191  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1192  ja3_elliptic_curves = Ja3BufferInit();
1193  if (ja3_elliptic_curves == NULL)
1194  goto error;
1195 
1196  ja3_elliptic_curves_pf = Ja3BufferInit();
1197  if (ja3_elliptic_curves_pf == NULL)
1198  goto error;
1199  }
1200  }
1201 
1202  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1203  if (!(HAS_SPACE(2)))
1204  goto end;
1205 
1206  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1207  input += 2;
1208 
1209  if (!(HAS_SPACE(extensions_len)))
1210  goto invalid_length;
1211 
1212  uint16_t processed_len = 0;
1213  /* coverity[tainted_data] */
1214  while (processed_len < extensions_len)
1215  {
1216  if (!(HAS_SPACE(2)))
1217  goto invalid_length;
1218 
1219  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1220  input += 2;
1221 
1222  if (!(HAS_SPACE(2)))
1223  goto invalid_length;
1224 
1225  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1226  input += 2;
1227 
1228  if (!(HAS_SPACE(ext_len)))
1229  goto invalid_length;
1230 
1231  switch (ext_type) {
1232  case SSL_EXTENSION_SNI:
1233  {
1234  /* coverity[tainted_data] */
1235  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1236  ext_len);
1237  if (ret < 0)
1238  goto end;
1239 
1240  input += ret;
1241 
1242  break;
1243  }
1244 
1246  {
1247  /* coverity[tainted_data] */
1248  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1249  ext_len,
1250  ja3_elliptic_curves);
1251  if (ret < 0)
1252  goto end;
1253 
1254  input += ret;
1255 
1256  break;
1257  }
1258 
1260  {
1261  /* coverity[tainted_data] */
1262  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1263  ext_len,
1264  ja3_elliptic_curves_pf);
1265  if (ret < 0)
1266  goto end;
1267 
1268  input += ret;
1269 
1270  break;
1271  }
1272 
1274  {
1275  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1276  /* Used by 0-RTT to indicate that encrypted data will
1277  be sent right after the ClientHello record. */
1278  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1279  }
1280 
1281  input += ext_len;
1282 
1283  break;
1284  }
1285 
1287  {
1288  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1289  ext_len);
1290  if (ret < 0)
1291  goto end;
1292 
1293  input += ret;
1294 
1295  break;
1296  }
1297 
1299  {
1300  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1301  /* This has to be verified later on by checking if a
1302  certificate record has been sent by the server. */
1303  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1304  }
1305 
1306  input += ext_len;
1307 
1308  break;
1309  }
1310 
1311  default:
1312  {
1313  input += ext_len;
1314  break;
1315  }
1316  }
1317 
1318  if (ja3) {
1319  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1320  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1321  if (rc != 0)
1322  goto error;
1323  }
1324  }
1325 
1326  processed_len += ext_len + 4;
1327  }
1328 
1329 end:
1330  if (ja3) {
1331  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1332  &ja3_extensions);
1333  if (rc == -1)
1334  goto error;
1335 
1336  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1337  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1338  &ja3_elliptic_curves);
1339  if (rc == -1)
1340  goto error;
1341 
1342  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1343  &ja3_elliptic_curves_pf);
1344  if (rc == -1)
1345  goto error;
1346  }
1347  }
1348 
1349  return (input - initial_input);
1350 
1351 invalid_length:
1352  SCLogDebug("TLS handshake invalid length");
1353  SSLSetEvent(ssl_state,
1355 
1356 error:
1357  if (ja3_extensions != NULL)
1358  Ja3BufferFree(&ja3_extensions);
1359  if (ja3_elliptic_curves != NULL)
1360  Ja3BufferFree(&ja3_elliptic_curves);
1361  if (ja3_elliptic_curves_pf != NULL)
1362  Ja3BufferFree(&ja3_elliptic_curves_pf);
1363 
1364  return -1;
1365 }
1366 
1367 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1368  const uint8_t * const input,
1369  const uint32_t input_len)
1370 {
1371  int ret;
1372  uint32_t parsed = 0;
1373 
1374  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1375  if (ret < 0)
1376  goto end;
1377 
1378  parsed += ret;
1379 
1380  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1381  if (ret < 0)
1382  goto end;
1383 
1384  parsed += ret;
1385 
1386  /* The session id field in the server hello record was removed in
1387  TLSv1.3 draft1, but was readded in draft22. */
1388  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1390  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1391  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1392  input_len - parsed);
1393  if (ret < 0)
1394  goto end;
1395 
1396  parsed += ret;
1397  }
1398 
1399  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1400  input_len - parsed);
1401  if (ret < 0)
1402  goto end;
1403 
1404  parsed += ret;
1405 
1406  /* The compression methods field in the server hello record was
1407  removed in TLSv1.3 draft1, but was readded in draft22. */
1408  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1410  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1411  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1412  input_len - parsed);
1413  if (ret < 0)
1414  goto end;
1415 
1416  parsed += ret;
1417  }
1418 
1419  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1420  input_len - parsed);
1421  if (ret < 0)
1422  goto end;
1423 
1424  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1425  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1426  }
1427 
1428 end:
1429  return 0;
1430 }
1431 
1432 #ifdef DEBUG_VALIDATION
1433 static inline bool
1434 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1435 {
1436  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1437  curr_connp->bytes_processed);
1438 }
1439 #endif
1440 
1441 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1442  const uint8_t *const initial_input, const uint32_t input_len)
1443 {
1444  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1445  SCLogDebug("rc %d", rc);
1446  if (rc > 0) {
1447  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1448  SSLParserHSReset(connp);
1449  } else if (rc < 0) {
1450  SCLogDebug("error parsing cert, reset state");
1451  SSLParserHSReset(connp);
1452  /* fall through to still consume the cert bytes */
1453  }
1454  return input_len;
1455 }
1456 
1457 static int SupportedHandshakeType(const uint8_t type)
1458 {
1459  switch (type) {
1460  case SSLV3_HS_CLIENT_HELLO:
1461  case SSLV3_HS_SERVER_HELLO:
1464  case SSLV3_HS_CERTIFICATE:
1468  case SSLV3_HS_FINISHED:
1473  return true;
1474  break;
1475 
1476  default:
1477  return false;
1478  break;
1479  }
1480 }
1481 
1482 /**
1483  * \retval parsed number of consumed bytes
1484  * \retval < 0 error
1485  */
1486 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1487  uint32_t input_len, uint8_t direction)
1488 {
1489  const uint8_t *initial_input = input;
1490  int rc;
1491 
1492  if (input_len == 0) {
1493  return 0;
1494  }
1495  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1496 
1497  switch (ssl_state->curr_connp->handshake_type) {
1498  case SSLV3_HS_CLIENT_HELLO:
1500 
1501  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1502  if (rc < 0)
1503  return rc;
1504  break;
1505 
1506  case SSLV3_HS_SERVER_HELLO:
1508 
1509  rc = TLSDecodeHandshakeHello(ssl_state, input, ssl_state->curr_connp->message_length);
1510  if (rc < 0)
1511  return rc;
1512  break;
1513 
1516  break;
1517 
1520  break;
1521 
1522  case SSLV3_HS_CERTIFICATE:
1523 
1524  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1525  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1526  input_len);
1527  if (rc < 0)
1528  return rc;
1529  break;
1530 
1532  break;
1534  if (direction) {
1536  }
1537  break;
1539  case SSLV3_HS_FINISHED:
1542  break;
1544  SCLogDebug("new session ticket");
1545  break;
1547  break;
1548  default:
1550  return -1;
1551  }
1552 
1553  ssl_state->flags |= ssl_state->current_flags;
1554 
1555  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1556  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1557 
1558  return input_len;
1559 }
1560 
1561 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1562  uint32_t input_len, uint8_t direction)
1563 {
1564  const uint8_t *initial_input = input;
1565 
1566  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1567  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1568  SCReturnInt(0);
1569  }
1570 
1571  while (input_len) {
1572  SCLogDebug("input_len %u", input_len);
1573 
1574  if (ssl_state->curr_connp->hs_buffer != NULL) {
1575  SCLogDebug("partial handshake record in place");
1576  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1577  ssl_state->curr_connp->hs_buffer_offset;
1578  const uint32_t add = MIN(need, input_len);
1579 
1580  /* grow buffer to next multiple of 4k that fits all data we have */
1581  if (ssl_state->curr_connp->hs_buffer_offset + add >
1582  ssl_state->curr_connp->hs_buffer_size) {
1583  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1584  const uint32_t new_size = avail + (4096 - (avail % 4096));
1585  SCLogDebug("new_size %u, avail %u", new_size, avail);
1586  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1587  if (ptr == NULL)
1588  return -1;
1589  ssl_state->curr_connp->hs_buffer = ptr;
1590  ssl_state->curr_connp->hs_buffer_size = new_size;
1591  }
1592 
1593  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1594  "ssl_state->curr_connp->hs_buffer_size %u",
1595  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1596  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1597 
1598  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1599  ssl_state->curr_connp->hs_buffer_offset,
1600  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1601  SCLogDebug("copy failed");
1602  return -1;
1603  }
1604  ssl_state->curr_connp->hs_buffer_offset += add;
1605 
1606  if (ssl_state->curr_connp->hs_buffer_message_size <=
1607  ssl_state->curr_connp->hs_buffer_offset + input_len) {
1608 
1609  ssl_state->curr_connp->handshake_type =
1610  ssl_state->curr_connp->hs_buffer_message_type;
1611  ssl_state->curr_connp->message_length =
1612  ssl_state->curr_connp->hs_buffer_message_size;
1613 
1614  SCLogDebug("got all data now: handshake_type %u message_length %u",
1615  ssl_state->curr_connp->handshake_type,
1616  ssl_state->curr_connp->message_length);
1617 
1618  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1619  ssl_state->curr_connp->hs_buffer_offset, direction);
1620  if (retval < 0) {
1621  SSLParserHSReset(ssl_state->curr_connp);
1622  return (retval);
1623  }
1624  SCLogDebug("retval %d", retval);
1625 
1626  /* data processed, reset buffer */
1627  SCFree(ssl_state->curr_connp->hs_buffer);
1628  ssl_state->curr_connp->hs_buffer = NULL;
1629  ssl_state->curr_connp->hs_buffer_size = 0;
1630  ssl_state->curr_connp->hs_buffer_message_size = 0;
1631  ssl_state->curr_connp->hs_buffer_message_type = 0;
1632  ssl_state->curr_connp->hs_buffer_offset = 0;
1633  } else {
1634  SCLogDebug("partial data");
1635  }
1636 
1637  input += add;
1638  input_len -= add;
1639  SCLogDebug("input_len %u", input_len);
1640  SSLParserHSReset(ssl_state->curr_connp);
1641  continue;
1642  }
1643 
1644  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1645  SCLogDebug("input %p input_len %u", input, input_len);
1646 
1647  if (input_len < 4) {
1649  SCReturnInt(-1);
1650  }
1651 
1652  ssl_state->curr_connp->handshake_type = input[0];
1653  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1654  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1655  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1656  input_len);
1657  input += 4;
1658  input_len -= 4;
1659 
1660  const uint32_t record_len = ssl_state->curr_connp->message_length;
1661  /* see if we support this type. We check here to not use the fragment
1662  * handling on things we don't support. */
1663  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1664  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1665  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1666  if (!supported_type) {
1667  uint32_t avail_record_len = MIN(input_len, record_len);
1668  input += avail_record_len;
1669  input_len -= avail_record_len;
1670 
1671  SSLParserHSReset(ssl_state->curr_connp);
1672 
1673  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1674  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1675  // after Change Cipher Spec we get Encrypted Handshake Messages
1676  } else {
1678  }
1679  continue;
1680  }
1681 
1682  /* if the message lenght exceeds our input_len, we have a tls fragment. */
1683  if (record_len > input_len) {
1684  const uint32_t avail = input_len;
1685  const uint32_t size = avail + (4096 - (avail % 4096));
1686  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1687  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1688  if (ssl_state->curr_connp->hs_buffer == NULL) {
1689  return -1;
1690  }
1691  ssl_state->curr_connp->hs_buffer_size = size;
1692  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1693  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1694 
1695  if (input_len > 0) {
1696  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1697  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1698  input_len) != 0) {
1699  return -1;
1700  }
1701  ssl_state->curr_connp->hs_buffer_offset = input_len;
1702  }
1703  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1704  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1705  ssl_state->curr_connp->hs_buffer_offset,
1706  ssl_state->curr_connp->hs_buffer_message_type,
1707  ssl_state->curr_connp->hs_buffer_message_size);
1708  input += input_len;
1709  SSLParserHSReset(ssl_state->curr_connp);
1710  return (input - initial_input);
1711 
1712  } else {
1713  /* full record, parse it now */
1714  int retval = SSLv3ParseHandshakeType(
1715  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1716  if (retval < 0 || retval > (int)input_len) {
1717  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1718  return (retval);
1719  }
1720  SCLogDebug("retval %d input_len %u", retval, input_len);
1721  input += retval;
1722  input_len -= retval;
1723 
1724  SSLParserHSReset(ssl_state->curr_connp);
1725  }
1726  SCLogDebug("input_len left %u", input_len);
1727  }
1728  return (input - initial_input);
1729 }
1730 
1731 /**
1732  * \internal
1733  * \brief TLS Heartbeat parser (see RFC 6520)
1734  *
1735  * \param sslstate Pointer to the SSL state.
1736  * \param input Pointer to the received input data.
1737  * \param input_len Length in bytes of the received data.
1738  * \param direction 1 toclient, 0 toserver
1739  *
1740  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1741  */
1742 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1743  uint32_t input_len, uint8_t direction)
1744 {
1745  uint8_t hb_type;
1746  uint16_t payload_len;
1747  uint32_t padding_len;
1748 
1749  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1750  if (input_len < 3) {
1751  return 0;
1752  }
1753 
1754  hb_type = *input++;
1755 
1756  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1757  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1759  return -1;
1760  }
1761  }
1762 
1763  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1764  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1765 
1766  if (direction) {
1767  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1768  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1769  } else {
1770  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1771  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1772  }
1773 
1774  /* if we reach this point, then we can assume that the HB request
1775  is encrypted. If so, let's set the HB record length */
1776  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1777  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1778  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1779  ssl_state->hb_record_len);
1780  return (ssl_state->curr_connp->record_length - 3);
1781  }
1782 
1783  payload_len = (uint16_t)(*input << 8) | *(input + 1);
1784 
1785  /* check that the requested payload length is really present in
1786  the record (CVE-2014-0160) */
1787  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
1788  SCLogDebug("We have a short record in HeartBeat Request");
1790  return -1;
1791  }
1792 
1793  /* check the padding length. It must be at least 16 bytes
1794  (RFC 6520, section 4) */
1795  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
1796  if (padding_len < 16) {
1797  SCLogDebug("We have a short record in HeartBeat Request");
1799  return -1;
1800  }
1801 
1802  /* we don't have the payload */
1803  if (input_len < payload_len + padding_len) {
1804  return 0;
1805  }
1806 
1807  /* OpenSSL still seems to discard multiple in-flight
1808  heartbeats although some tools send multiple at once */
1809  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1810  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
1811  SCLogDebug("Multiple in-flight server initiated HeartBeats");
1813  return -1;
1814 
1815  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1816  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
1817  SCLogDebug("Multiple in-flight client initiated HeartBeats");
1819  return -1;
1820 
1821  } else {
1822  /* we have a HB record in the opposite direction of the request,
1823  let's reset our flags */
1824  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
1825  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
1826  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
1827 
1828  /* if we reach this point, then we can assume that the HB request
1829  is encrypted. If so, let's set the HB record length */
1830  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1831  /* check to see if the encrypted response is longer than the
1832  encrypted request */
1833  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
1834  ssl_state->curr_connp->record_length) {
1835  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
1836  ssl_state->hb_record_len);
1837  SSLSetEvent(ssl_state,
1839  ssl_state->hb_record_len = 0;
1840  return -1;
1841  }
1842  }
1843 
1844  /* reset the HB record length in case we have a legit HB followed
1845  by a bad one */
1846  ssl_state->hb_record_len = 0;
1847  }
1848 
1849  /* skip the HeartBeat, 3 bytes were already parsed,
1850  e.g |18 03 02| for TLS 1.2 */
1851  return (ssl_state->curr_connp->record_length - 3);
1852 }
1853 
1854 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
1855  const uint8_t *input, uint32_t input_len)
1856 {
1857  const uint8_t *initial_input = input;
1858 
1859  if (input_len == 0) {
1860  return 0;
1861  }
1862 
1863  uint8_t skip_version = 0;
1864 
1865  /* Only set SSL/TLS version here if it has not already been set in
1866  client/server hello. */
1867  if (direction == 0) {
1868  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1869  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
1870  skip_version = 1;
1871  }
1872  } else {
1873  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1874  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
1875  skip_version = 1;
1876  }
1877  }
1878 
1879  switch (ssl_state->curr_connp->bytes_processed) {
1880  case 0:
1881  if (input_len >= 5) {
1882  ssl_state->curr_connp->content_type = input[0];
1883  if (!skip_version) {
1884  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
1885  }
1886  ssl_state->curr_connp->record_length = input[3] << 8;
1887  ssl_state->curr_connp->record_length |= input[4];
1889  return SSLV3_RECORD_HDR_LEN;
1890  } else {
1891  ssl_state->curr_connp->content_type = *(input++);
1892  if (--input_len == 0)
1893  break;
1894  }
1895 
1896  /* fall through */
1897  case 1:
1898  if (!skip_version) {
1899  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
1900  } else {
1901  input++;
1902  }
1903  if (--input_len == 0)
1904  break;
1905 
1906  /* fall through */
1907  case 2:
1908  if (!skip_version) {
1909  ssl_state->curr_connp->version |= *(input++);
1910  } else {
1911  input++;
1912  }
1913  if (--input_len == 0)
1914  break;
1915 
1916  /* fall through */
1917  case 3:
1918  ssl_state->curr_connp->record_length = *(input++) << 8;
1919  if (--input_len == 0)
1920  break;
1921 
1922  /* fall through */
1923  case 4:
1924  ssl_state->curr_connp->record_length |= *(input++);
1925  if (--input_len == 0)
1926  break;
1927 
1928  /* fall through */
1929  }
1930 
1931  ssl_state->curr_connp->bytes_processed += (input - initial_input);
1932 
1933  return (input - initial_input);
1934 }
1935 
1936 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
1937  const uint8_t *input, uint32_t input_len)
1938 {
1939  const uint8_t *initial_input = input;
1940 
1941  if (input_len == 0) {
1942  return 0;
1943  }
1944 
1945  if (ssl_state->curr_connp->record_lengths_length == 2) {
1946  switch (ssl_state->curr_connp->bytes_processed) {
1947  case 0:
1948  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
1949  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
1950  ssl_state->curr_connp->content_type = input[2];
1951  ssl_state->curr_connp->version = SSL_VERSION_2;
1952  ssl_state->curr_connp->bytes_processed += 3;
1953  return 3;
1954  } else {
1955  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
1956  if (--input_len == 0)
1957  break;
1958  }
1959 
1960  /* fall through */
1961  case 1:
1962  ssl_state->curr_connp->record_length |= *(input++);
1963  if (--input_len == 0)
1964  break;
1965 
1966  /* fall through */
1967  case 2:
1968  ssl_state->curr_connp->content_type = *(input++);
1969  ssl_state->curr_connp->version = SSL_VERSION_2;
1970  if (--input_len == 0)
1971  break;
1972 
1973  /* fall through */
1974  }
1975 
1976  } else {
1977  switch (ssl_state->curr_connp->bytes_processed) {
1978  case 0:
1979  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
1980  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
1981  ssl_state->curr_connp->content_type = input[3];
1982  ssl_state->curr_connp->version = SSL_VERSION_2;
1983  ssl_state->curr_connp->bytes_processed += 4;
1984  return 4;
1985  } else {
1986  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
1987  if (--input_len == 0)
1988  break;
1989  }
1990 
1991  /* fall through */
1992  case 1:
1993  ssl_state->curr_connp->record_length |= *(input++);
1994  if (--input_len == 0)
1995  break;
1996 
1997  /* fall through */
1998  case 2:
1999  /* padding */
2000  input++;
2001  if (--input_len == 0)
2002  break;
2003 
2004  /* fall through */
2005  case 3:
2006  ssl_state->curr_connp->content_type = *(input++);
2007  ssl_state->curr_connp->version = SSL_VERSION_2;
2008  if (--input_len == 0)
2009  break;
2010 
2011  /* fall through */
2012  }
2013  }
2014 
2015  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2016 
2017  return (input - initial_input);
2018 }
2019 
2020 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2021  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2022  const StreamSlice stream_slice)
2023 {
2024  const uint8_t *initial_input = input;
2025 
2026  if (ssl_state->curr_connp->bytes_processed == 0) {
2027  if (input[0] & 0x80) {
2028  ssl_state->curr_connp->record_lengths_length = 2;
2029  } else {
2030  ssl_state->curr_connp->record_lengths_length = 3;
2031  }
2032 
2033  SCLogDebug("record start: ssl2.hdr frame");
2034  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2035  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2036  }
2037 
2038  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2039  "ssl_state->curr_connp->bytes_processed %u",
2040  direction, ssl_state->curr_connp->record_lengths_length + 1,
2041  ssl_state->curr_connp->bytes_processed);
2042  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2043  to read the msg_type */
2044  if (ssl_state->curr_connp->bytes_processed <
2045  (ssl_state->curr_connp->record_lengths_length + 1)) {
2046  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2047  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2048  ssl_state->curr_connp->record_length);
2049  if (retval < 0 || retval > (int)input_len) {
2050  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2052  return SSL_DECODER_ERROR(-1);
2053  }
2054 
2055  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2056  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2057  direction, TLS_FRAME_SSLV2_PDU);
2058  SCLogDebug("record start: ssl2.pdu frame");
2059 
2060  input += retval;
2061  input_len -= retval;
2062  }
2063 
2064  /* if we don't have the full record, we return incomplete */
2065  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2066  input_len + ssl_state->curr_connp->bytes_processed) {
2067  uint32_t needed = ssl_state->curr_connp->record_length;
2068  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2069  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2070  needed);
2071  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2072  }
2073 
2074  if (input_len == 0) {
2075  return SSL_DECODER_OK((input - initial_input));
2076  }
2077 
2078  /* record_length should never be zero */
2079  if (ssl_state->curr_connp->record_length == 0) {
2080  SCLogDebug("SSLv2 record length is zero");
2082  return SSL_DECODER_ERROR(-1);
2083  }
2084 
2085  /* record_lengths_length should never be zero */
2086  if (ssl_state->curr_connp->record_lengths_length == 0) {
2087  SCLogDebug("SSLv2 record lengths length is zero");
2089  return SSL_DECODER_ERROR(-1);
2090  }
2091 
2092  switch (ssl_state->curr_connp->content_type) {
2093  case SSLV2_MT_ERROR:
2094  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2095  "in establishing the sslv2 session, may be version");
2097 
2098  break;
2099 
2100  case SSLV2_MT_CLIENT_HELLO:
2101  if (input_len < 6) {
2103  return SSL_DECODER_ERROR(-1);
2104  }
2105 
2106  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2107  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2108 
2109  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2110  SCLogDebug("SSLv2: version %04x", version);
2111  ssl_state->curr_connp->version = version;
2112  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2113  input += 6;
2114  input_len -= 6;
2115  ssl_state->curr_connp->bytes_processed += 6;
2116  if (session_id_length == 0) {
2117  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2118  }
2119  break;
2120 
2122  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2123  SCLogDebug("Client hello is not seen before master key "
2124  "message!");
2125  }
2126  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2127 
2128  break;
2129 
2131  if (direction == 1) {
2132  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2133  "direction!");
2134  } else {
2135  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2136  }
2137 
2138  /* fall through */
2141  if (direction == 0 &&
2142  !(ssl_state->curr_connp->content_type &
2144  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2145  "direction!");
2146  }
2147 
2148  /* fall through */
2151  /* both client hello and server hello must be seen */
2152  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2153  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2154 
2155  if (direction == 0) {
2156  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2157  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2158  SCLogDebug("SSLv2 client side has started the encryption");
2159  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2160  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2161  SCLogDebug("SSLv2 client side has started the encryption");
2162  }
2163  } else {
2164  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2165  SCLogDebug("SSLv2 Server side has started the encryption");
2166  }
2167 
2168  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2169  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2170  {
2174  }
2175 
2179  }
2180  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2181  }
2182  }
2183 
2184  break;
2185 
2186  case SSLV2_MT_SERVER_HELLO:
2187  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2188  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2189 
2190  break;
2191  }
2192 
2193  ssl_state->flags |= ssl_state->current_flags;
2194 
2195  if (input_len + ssl_state->curr_connp->bytes_processed >=
2196  (ssl_state->curr_connp->record_length +
2197  ssl_state->curr_connp->record_lengths_length)) {
2198 
2199  /* looks like we have another record after this */
2200  uint32_t diff = ssl_state->curr_connp->record_length +
2201  ssl_state->curr_connp->record_lengths_length + -
2202  ssl_state->curr_connp->bytes_processed;
2203  input += diff;
2204  SSLParserReset(ssl_state);
2205 
2206  /* we still don't have the entire record for the one we are
2207  currently parsing */
2208  } else {
2209  input += input_len;
2210  ssl_state->curr_connp->bytes_processed += input_len;
2211  }
2212  return SSL_DECODER_OK((input - initial_input));
2213 }
2214 
2215 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2216  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2217  const StreamSlice stream_slice)
2218 {
2219  uint32_t parsed = 0;
2220  uint32_t record_len; /* slice of input_len for the current record */
2221  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2222 
2223  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2224  const uint16_t prev_version = ssl_state->curr_connp->version;
2225 
2226  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2227  if (retval < 0 || retval > (int)input_len) {
2228  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2229  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2231  return SSL_DECODER_ERROR(-1);
2232  }
2233  parsed = retval;
2234 
2235  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2236  input, ssl_state->curr_connp->record_length);
2237 
2238  /* first the hdr frame at our first chance */
2239  if (first_call) {
2240  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2241  direction, TLS_FRAME_HDR);
2242  }
2243 
2244  /* parser is streaming for the initial header, then switches to incomplete
2245  * API: so if we don't have the hdr yet, return consumed bytes and wait
2246  * until we are called again with new data. */
2247  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2248  SCLogDebug(
2249  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2250  return SSL_DECODER_OK(parsed);
2251  }
2252 
2253  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2254  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2255  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2256  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2257  SCLogDebug(
2258  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2259  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2260 
2261  bool unknown_record = false;
2262  switch (ssl_state->curr_connp->content_type) {
2264  case SSLV3_ALERT_PROTOCOL:
2268  break;
2269  default:
2270  unknown_record = true;
2271  break;
2272  }
2273 
2274  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2275  * on Wireshark logic. */
2276  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2277  if (unknown_record) {
2278  SCLogDebug("unknown record, ignore it");
2280 
2281  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2282  ssl_state->curr_connp->content_type = 0;
2283  ssl_state->curr_connp->record_length = 0;
2284  // restore last good version
2285  ssl_state->curr_connp->version = prev_version;
2286  return SSL_DECODER_OK(input_len); // consume everything
2287  }
2288  } else {
2289  if (unknown_record) {
2290  SCLogDebug("unknown record, fatal");
2292  return SSL_DECODER_ERROR(-1);
2293  }
2294  }
2295 
2296  /* record_length should never be zero */
2297  if (ssl_state->curr_connp->record_length == 0) {
2298  SCLogDebug("SSLv3 Record length is 0");
2300  return SSL_DECODER_ERROR(-1);
2301  }
2302 
2303  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2304  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2306  return SSL_DECODER_ERROR(-1);
2307  }
2308 
2309  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2310  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2312  return SSL_DECODER_ERROR(-1);
2313  }
2314  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2315  } else {
2316  ValidateRecordState(ssl_state->curr_connp);
2317 
2318  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2319  record_len = MIN(input_len, record_len);
2320  }
2321  SCLogDebug("record length %u processed %u got %u",
2322  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2323 
2324  /* if we don't have the full record, we return incomplete */
2325  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2326  /* no need to use incomplete api buffering for application
2327  * records that we'll not use anyway. */
2328  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2329  SCLogDebug("application record");
2330  } else {
2331  uint32_t needed = ssl_state->curr_connp->record_length;
2332  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2333  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2335  return SSL_DECODER_INCOMPLETE(parsed, needed);
2336  }
2337  }
2338 
2339  if (record_len == 0) {
2340  return SSL_DECODER_OK(parsed);
2341  }
2342 
2343  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2344  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2345 
2346  switch (ssl_state->curr_connp->content_type) {
2347  /* we don't need any data from these types */
2349  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2350 
2351  if (direction) {
2352  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2353  } else {
2354  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2355  }
2356  break;
2357 
2358  case SSLV3_ALERT_PROTOCOL:
2359  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2360  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2361  break;
2362 
2364  /* In TLSv1.3 early data (0-RTT) could be sent before the
2365  handshake is complete (rfc8446, section 2.3). We should
2366  therefore not mark the handshake as done before we have
2367  seen the ServerHello record. */
2368  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2369  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2370  break;
2371 
2372  /* if we see (encrypted) aplication data, then this means the
2373  handshake must be done */
2374  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2375 
2377  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2380  }
2381 
2382  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2383  * heartbeat lke inspection to be able to be able to bypass the flow */
2385  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2392  }
2393  break;
2394 
2395  case SSLV3_HANDSHAKE_PROTOCOL: {
2396  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2397  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2398  compability (rfc8446, appendix D.4). */
2399  // Client hello flags is needed to have a valid version
2400  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2401  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2402  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2403  /* do nothing */
2404  } else {
2405  // if we started parsing this, we must stop
2406  break;
2407  }
2408  }
2409 
2410  if (ssl_state->curr_connp->record_length < 4) {
2411  SSLParserReset(ssl_state);
2413  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2414  return SSL_DECODER_ERROR(-1);
2415  }
2416 
2417  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2418  record_len, direction);
2419  SCLogDebug("retval %d", retval);
2420  if (retval < 0 || retval > (int)record_len) {
2421  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2423  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2424  return SSL_DECODER_ERROR(-1);
2425  }
2426  ValidateRecordState(ssl_state->curr_connp);
2427  break;
2428  }
2429  case SSLV3_HEARTBEAT_PROTOCOL: {
2430  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2431  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2432  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2433  record_len, direction);
2434  if (retval < 0) {
2435  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2436  return SSL_DECODER_ERROR(-1);
2437  }
2438  break;
2439  }
2440  default:
2441  // should be unreachable now that we check after header parsing
2443  SCLogDebug("unsupported record type");
2444  return SSL_DECODER_ERROR(-1);
2445  }
2446 
2447  parsed += record_len;
2448  ssl_state->curr_connp->bytes_processed += record_len;
2449 
2450  if (ssl_state->curr_connp->bytes_processed >=
2451  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2452  SCLogDebug("record complete, trigger RAW");
2454  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2455  SSLParserReset(ssl_state);
2456  ValidateRecordState(ssl_state->curr_connp);
2457  return SSL_DECODER_OK(parsed);
2458 
2459  } else {
2460  /* we still don't have the entire record for the one we are
2461  currently parsing */
2462  ValidateRecordState(ssl_state->curr_connp);
2463  return SSL_DECODER_OK(parsed);
2464  }
2465 }
2466 
2467 /**
2468  * \internal
2469  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2470  *
2471  * On parsing error, this should be the only function that should reset
2472  * the parser state, to avoid multiple functions in the chain reseting
2473  * the parser state.
2474  *
2475  * \param direction 0 for toserver, 1 for toclient.
2476  * \param alstate Pointer to the state.
2477  * \param pstate Application layer parser state for this session.
2478  * \param output Pointer to the list of parsed output elements.
2479  *
2480  * \todo On reaching an inconsistent state, check if the input has
2481  * another new record, instead of just returning after the reset
2482  *
2483  * \retval >=0 On success.
2484  */
2485 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2486  AppLayerParserState *pstate, StreamSlice stream_slice)
2487 {
2488  SSLState *ssl_state = (SSLState *)alstate;
2489  uint32_t counter = 0;
2490  ssl_state->f = f;
2491  const uint8_t *input = StreamSliceGetData(&stream_slice);
2492  const uint8_t *init_input = input;
2493  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2494 
2495  if (input == NULL &&
2496  ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2497  (direction == 1 &&
2499  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2500  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2502  } else if (input == NULL || input_len == 0) {
2504  }
2505 
2506  if (direction == 0)
2507  ssl_state->curr_connp = &ssl_state->client_connp;
2508  else
2509  ssl_state->curr_connp = &ssl_state->server_connp;
2510 
2511  /* If entering on a new record, reset the current flags. */
2512  if (ssl_state->curr_connp->bytes_processed == 0) {
2513  ssl_state->current_flags = 0;
2514  }
2515 
2516  /* if we have more than one record */
2517  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2518  while (input_len > 0) {
2519  if (counter > max_records) {
2520  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2521  "and get out of here");
2522  SSLParserReset(ssl_state);
2523  SSLSetEvent(ssl_state,
2525  return APP_LAYER_ERROR;
2526  }
2527 
2528  /* ssl_state->bytes_processed is zero for a fresh record or
2529  positive to indicate a record currently being parsed */
2530 
2531  if (ssl_state->curr_connp->bytes_processed == 0) {
2532  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2533  /* only SSLv2, has one of the top 2 bits set */
2534  ssl_state->curr_connp->version = SSL_VERSION_2;
2535  SCLogDebug("SSLv2 detected");
2536  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2537  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2538  SCLogDebug("SSL/TLS version reset");
2539  }
2540  }
2541  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2542  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2543 
2544  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2545  if (ssl_state->curr_connp->bytes_processed == 0) {
2546  SCLogDebug("New SSLv2 record parsing");
2547  } else {
2548  SCLogDebug("Continuing parsing SSLv2 record");
2549  }
2550  struct SSLDecoderResult r =
2551  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2552  if (r.retval < 0 || r.retval > input_len) {
2553  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2554  SCLogDebug("Error parsing SSLv2. Reseting parser "
2555  "state. Let's get outta here");
2556  SSLParserReset(ssl_state);
2557  SSLSetEvent(ssl_state,
2559  return APP_LAYER_ERROR;
2560  } else if (r.needed) {
2561  input += r.retval;
2562  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2563  (uintmax_t)(input - init_input), r.needed);
2564  SCReturnStruct(APP_LAYER_INCOMPLETE(input - init_input, r.needed));
2565  }
2566  input_len -= r.retval;
2567  input += r.retval;
2568  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2569  } else {
2570  if (ssl_state->curr_connp->bytes_processed == 0) {
2571  SCLogDebug("New TLS record: record_length %u",
2572  ssl_state->curr_connp->record_length);
2573  } else {
2574  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2575  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2576  }
2577  struct SSLDecoderResult r =
2578  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2579  if (r.retval < 0 || r.retval > input_len) {
2580  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2581  SCLogDebug("Error parsing TLS. Reseting parser "
2582  "state. Let's get outta here");
2583  SSLParserReset(ssl_state);
2584  return APP_LAYER_ERROR;
2585  } else if (r.needed) {
2586  input += r.retval;
2587  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2588  (uintmax_t)(input - init_input), r.needed);
2589  SCReturnStruct(APP_LAYER_INCOMPLETE(input - init_input, r.needed));
2590  }
2591  input_len -= r.retval;
2592  input += r.retval;
2593  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2594 
2596  && ssl_state->curr_connp->record_length == 0) {
2597  SCLogDebug("TLS empty record");
2598  /* empty record */
2599  SSLParserReset(ssl_state);
2600  }
2601  }
2602  counter++;
2603  } /* while (input_len) */
2604 
2605  /* mark handshake as done if we have subject and issuer */
2606  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2607  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2608  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2609  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2610  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2611  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2612  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2613  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2614  }
2615 
2616  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2619  SCLogDebug("SSL_AL_FLAG_STATE_FINISHED");
2620  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2621  }
2622 
2623  return APP_LAYER_OK;
2624 }
2625 
2626 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2627  StreamSlice stream_slice, void *local_data)
2628 {
2629  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2630 }
2631 
2632 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2633  StreamSlice stream_slice, void *local_data)
2634 {
2635  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2636 }
2637 
2638 /**
2639  * \internal
2640  * \brief Function to allocate the SSL state memory.
2641  */
2642 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2643 {
2644  SSLState *ssl_state = SCMalloc(sizeof(SSLState));
2645  if (unlikely(ssl_state == NULL))
2646  return NULL;
2647  memset(ssl_state, 0, sizeof(SSLState));
2648  ssl_state->client_connp.cert_log_flag = 0;
2649  ssl_state->server_connp.cert_log_flag = 0;
2650  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2651  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2652  TAILQ_INIT(&ssl_state->server_connp.certs);
2653  TAILQ_INIT(&ssl_state->client_connp.certs);
2654 
2655  return (void *)ssl_state;
2656 }
2657 
2658 /**
2659  * \internal
2660  * \brief Function to free the SSL state memory.
2661  */
2662 static void SSLStateFree(void *p)
2663 {
2664  SSLState *ssl_state = (SSLState *)p;
2665  SSLCertsChain *item;
2666 
2667  if (ssl_state->client_connp.cert0_subject)
2668  rs_cstring_free(ssl_state->client_connp.cert0_subject);
2669  if (ssl_state->client_connp.cert0_issuerdn)
2670  rs_cstring_free(ssl_state->client_connp.cert0_issuerdn);
2671  if (ssl_state->client_connp.cert0_serial)
2672  rs_cstring_free(ssl_state->client_connp.cert0_serial);
2673  if (ssl_state->client_connp.cert0_fingerprint)
2675  if (ssl_state->client_connp.sni)
2676  SCFree(ssl_state->client_connp.sni);
2677  if (ssl_state->client_connp.session_id)
2678  SCFree(ssl_state->client_connp.session_id);
2679  if (ssl_state->client_connp.hs_buffer)
2680  SCFree(ssl_state->client_connp.hs_buffer);
2681 
2682  if (ssl_state->server_connp.cert0_subject)
2683  rs_cstring_free(ssl_state->server_connp.cert0_subject);
2684  if (ssl_state->server_connp.cert0_issuerdn)
2685  rs_cstring_free(ssl_state->server_connp.cert0_issuerdn);
2686  if (ssl_state->server_connp.cert0_serial)
2687  rs_cstring_free(ssl_state->server_connp.cert0_serial);
2688  if (ssl_state->server_connp.cert0_fingerprint)
2690  if (ssl_state->server_connp.sni)
2691  SCFree(ssl_state->server_connp.sni);
2692  if (ssl_state->server_connp.session_id)
2693  SCFree(ssl_state->server_connp.session_id);
2694 
2695  if (ssl_state->client_connp.ja3_str)
2696  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2697  if (ssl_state->client_connp.ja3_hash)
2698  SCFree(ssl_state->client_connp.ja3_hash);
2699  if (ssl_state->server_connp.ja3_str)
2700  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2701  if (ssl_state->server_connp.ja3_hash)
2702  SCFree(ssl_state->server_connp.ja3_hash);
2703  if (ssl_state->server_connp.hs_buffer)
2704  SCFree(ssl_state->server_connp.hs_buffer);
2705 
2706  AppLayerDecoderEventsFreeEvents(&ssl_state->tx_data.events);
2707 
2708  if (ssl_state->tx_data.de_state != NULL) {
2709  DetectEngineStateFree(ssl_state->tx_data.de_state);
2710  }
2711 
2712  /* Free certificate chain */
2713  if (ssl_state->server_connp.certs_buffer)
2714  SCFree(ssl_state->server_connp.certs_buffer);
2715  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2716  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2717  SCFree(item);
2718  }
2719  TAILQ_INIT(&ssl_state->server_connp.certs);
2720  /* Free certificate chain */
2721  if (ssl_state->client_connp.certs_buffer)
2722  SCFree(ssl_state->client_connp.certs_buffer);
2723  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2724  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2725  SCFree(item);
2726  }
2727  TAILQ_INIT(&ssl_state->client_connp.certs);
2728 
2729  SCFree(ssl_state);
2730 
2731  return;
2732 }
2733 
2734 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2735 {
2736  /* do nothing */
2737 }
2738 
2739 static AppProto SSLProbingParser(Flow *f, uint8_t direction,
2740  const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2741 {
2742  /* probably a rst/fin sending an eof */
2743  if (ilen < 3)
2744  return ALPROTO_UNKNOWN;
2745 
2746  /* for now just the 3 byte header ones */
2747  /* \todo Detect the 2 byte ones */
2748  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2749  return ALPROTO_TLS;
2750  }
2751 
2752  return ALPROTO_FAILED;
2753 }
2754 
2755 static int SSLStateGetFrameIdByName(const char *frame_name)
2756 {
2757  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
2758  if (id < 0) {
2759  return -1;
2760  }
2761  return id;
2762 }
2763 
2764 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
2765 {
2766  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
2767  return name;
2768 }
2769 
2770 static int SSLStateGetEventInfo(const char *event_name,
2771  int *event_id, AppLayerEventType *event_type)
2772 {
2773  *event_id = SCMapEnumNameToValue(event_name, tls_decoder_event_table);
2774  if (*event_id == -1) {
2775  SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
2776  "ssl's enum map table.", event_name);
2777  /* yes this is fatal */
2778  return -1;
2779  }
2780 
2781  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2782 
2783  return 0;
2784 }
2785 
2786 static int SSLStateGetEventInfoById(int event_id, const char **event_name,
2787  AppLayerEventType *event_type)
2788 {
2789  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
2790  if (*event_name == NULL) {
2791  SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in "
2792  "ssl's enum map table.", event_id);
2793  /* yes this is fatal */
2794  return -1;
2795  }
2796 
2797  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2798 
2799  return 0;
2800 }
2801 
2802 static int SSLRegisterPatternsForProtocolDetection(void)
2803 {
2804  if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
2805  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
2806  return -1;
2807  }
2808 
2809  /** SSLv3 */
2811  "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
2812  {
2813  return -1;
2814  }
2816  "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
2817  {
2818  return -1;
2819  }
2820 
2821  /** TLSv1 */
2823  "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
2824  {
2825  return -1;
2826  }
2828  "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
2829  {
2830  return -1;
2831  }
2832 
2833  /** TLSv1.1 */
2835  "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
2836  {
2837  return -1;
2838  }
2840  "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
2841  {
2842  return -1;
2843  }
2844 
2845  /** TLSv1.2 */
2847  "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
2848  {
2849  return -1;
2850  }
2852  "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
2853  {
2854  return -1;
2855  }
2856 
2857  /***** toclient direction *****/
2858 
2860  "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
2861  {
2862  return -1;
2863  }
2865  "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
2866  {
2867  return -1;
2868  }
2870  "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
2871  {
2872  return -1;
2873  }
2874 
2875  /** TLSv1 */
2877  "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
2878  {
2879  return -1;
2880  }
2882  "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
2883  {
2884  return -1;
2885  }
2887  "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
2888  {
2889  return -1;
2890  }
2891 
2892  /** TLSv1.1 */
2894  "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
2895  {
2896  return -1;
2897  }
2899  "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
2900  {
2901  return -1;
2902  }
2904  "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
2905  {
2906  return -1;
2907  }
2908 
2909  /** TLSv1.2 */
2911  "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
2912  {
2913  return -1;
2914  }
2916  "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
2917  {
2918  return -1;
2919  }
2921  "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
2922  {
2923  return -1;
2924  }
2925 
2926  /* Subsection - SSLv2 style record by client, but informing the server
2927  * the max version it supports.
2928  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
2929  * it after some tests */
2930 #if 0
2932  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
2933  {
2934  return -1;
2935  }
2937  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
2938  {
2939  return -1;
2940  }
2941 #endif
2942 
2943  return 0;
2944 }
2945 
2946 /**
2947  * \brief Function to register the SSL protocol parser and other functions
2948  */
2950 {
2951  const char *proto_name = "tls";
2952 
2953  SC_ATOMIC_INIT(ssl_config.enable_ja3);
2954 
2955  /** SSLv2 and SSLv23*/
2956  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
2958 
2959  if (SSLRegisterPatternsForProtocolDetection() < 0)
2960  return;
2961 
2962  if (RunmodeIsUnittests()) {
2963  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
2964  "443",
2965  ALPROTO_TLS,
2966  0, 3,
2967  STREAM_TOSERVER,
2968  SSLProbingParser, NULL);
2969  } else {
2970  if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
2971  proto_name, ALPROTO_TLS,
2972  0, 3,
2973  SSLProbingParser, NULL) == 0) {
2974  SCLogConfig("no TLS config found, "
2975  "enabling TLS detection on port 443.");
2976  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
2977  "443",
2978  ALPROTO_TLS,
2979  0, 3,
2980  STREAM_TOSERVER,
2981  SSLProbingParser, NULL);
2982  }
2983  }
2984  } else {
2985  SCLogConfig("Protocol detection and parser disabled for %s protocol",
2986  proto_name);
2987  return;
2988  }
2989 
2990  if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
2991  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
2992  SSLParseClientRecord);
2993 
2994  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
2995  SSLParseServerRecord);
2996 
2998  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
2999  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3000  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3001 
3002  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3003 
3005 
3006  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3007 
3008  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3009  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3010 
3011  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3012 
3013  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3014 
3017 
3018  ConfNode *enc_handle = ConfGetNode("app-layer.protocols.tls.encryption-handling");
3019  if (enc_handle != NULL && enc_handle->val != NULL) {
3020  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3021  if (strcmp(enc_handle->val, "full") == 0) {
3023  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3025  } else if (strcmp(enc_handle->val, "default") == 0) {
3027  } else {
3029  }
3030  } else {
3031  /* Get the value of no reassembly option from the config file */
3032  if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3033  int value = 0;
3034  if (ConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3036  } else {
3037  int value = 0;
3038  if (ConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 && value == 1)
3040  }
3041  }
3042  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3043 
3044  /* Check if we should generate JA3 fingerprints */
3045  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3046  const char *strval = NULL;
3047  if (ConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3048  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3049  } else if (strcmp(strval, "auto") == 0) {
3050  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3051  } else if (ConfValIsFalse(strval)) {
3052  enable_ja3 = 0;
3053  ssl_config.disable_ja3 = true;
3054  } else if (ConfValIsTrue(strval)) {
3055  enable_ja3 = true;
3056  }
3057  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3058 
3059  if (g_disable_hashing) {
3060  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3061  SCLogWarning(
3062  SC_WARN_NO_JA3_SUPPORT, "MD5 calculation has been disabled, disabling JA3");
3063  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3064  }
3065  } else {
3066  if (RunmodeIsUnittests()) {
3067  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3068  }
3069  }
3070  } else {
3071  SCLogConfig("Parsed disabled for %s protocol. Protocol detection"
3072  "still on.", proto_name);
3073  }
3074 
3075  return;
3076 }
3077 
3078 /**
3079  * \brief if not explicitly disabled in config, enable ja3 support
3080  *
3081  * Implemented using atomic to allow rule reloads to do this at
3082  * runtime.
3083  */
3084 void SSLEnableJA3(void)
3085 {
3087  return;
3088  }
3089  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3090  return;
3091  }
3092  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3093 }
3094 
3096 {
3097  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3098  return true;
3099  }
3100  return false;
3101 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:166
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:58
SSLStateConnp_::cert0_not_before
time_t cert0_not_before
Definition: app-layer-ssl.h:255
util-byte.h
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:252
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:510
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:288
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:160
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:146
AppLayerProtoDetectPPParseConfPorts
int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1732
TLS_VERSION_11
@ TLS_VERSION_11
Definition: app-layer-ssl.h:167
JA3Buffer_
Definition: util-ja3.h:29
TLS_VERSION_13_DRAFT26_FB
@ TLS_VERSION_13_DRAFT26_FB
Definition: app-layer-ssl.h:188
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:226
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:208
TLS_VERSION_12
@ TLS_VERSION_12
Definition: app-layer-ssl.h:168
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:212
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
flow-util.h
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
SSL_AL_FLAG_HANDSHAKE_DONE
#define SSL_AL_FLAG_HANDSHAKE_DONE
Definition: app-layer-ssl.h:113
ConfNode_::val
char * val
Definition: conf.h:34
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
Definition: conf.c:472
stream-tcp.h
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:130
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:183
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:297
TLS_VERSION_13_DRAFT21_FB
@ TLS_VERSION_13_DRAFT21_FB
Definition: app-layer-ssl.h:185
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:145
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:238
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:305
TLS_VERSION_13_DRAFT21
@ TLS_VERSION_13_DRAFT21
Definition: app-layer-ssl.h:177
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:33
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:296
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:130
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:247
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:38
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:194
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:306
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:119
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:80
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:263
SSLStateConnp_
Definition: app-layer-ssl.h:231
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:347
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1499
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:272
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:147
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:249
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
TLS_STATE_FINISHED
@ TLS_STATE_FINISHED
Definition: app-layer-ssl.h:80
threads.h
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:142
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:90
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:353
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:149
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:289
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:99
AppLayerEventType
enum AppLayerEventType_ AppLayerEventType
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:175
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:562
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:417
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:291
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:266
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:177
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:521
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:170
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:192
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:303
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Add value to buffer.
Definition: util-ja3.c:170
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:60
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:184
TLS_VERSION_13_DRAFT18
@ TLS_VERSION_13_DRAFT18
Definition: app-layer-ssl.h:180
MIN
#define MIN(x, y)
Definition: suricata-common.h:372
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:132
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
util-ja3.h
stream-tcp-reassemble.h
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:101
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:73
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:132
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:260
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:181
TLS_STATE_CERT_READY
@ TLS_STATE_CERT_READY
Definition: app-layer-ssl.h:78
MAX
#define MAX(x, y)
Definition: suricata-common.h:376
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:277
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:39
TLS_VERSION_13_DRAFT26
@ TLS_VERSION_13_DRAFT26
Definition: app-layer-ssl.h:172
util-unittest.h
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:235
APP_LAYER_EVENT_TYPE_TRANSACTION
@ APP_LAYER_EVENT_TYPE_TRANSACTION
Definition: app-layer-events.h:57
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:87
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:253
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:521
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:279
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:92
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:93
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:68
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:301
AppLayerProtoDetectPPRegister
void AppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1693
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:133
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:110
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:330
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:193
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
app-layer-detect-proto.h
AppLayerParserStateIssetFlag
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1726
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:218
SSLStateConnp_::cert0_not_after
time_t cert0_not_after
Definition: app-layer-ssl.h:256
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
SSL_CNF_ENC_HANDLE_DEFAULT
@ SSL_CNF_ENC_HANDLE_DEFAULT
Definition: app-layer-ssl.c:150
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:96
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
decode.h
util-debug.h
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
type
uint8_t type
Definition: decode-icmpv4.h:0
TLS_VERSION_UNKNOWN
@ TLS_VERSION_UNKNOWN
Definition: app-layer-ssl.h:163
AppLayerParserState_
Definition: app-layer-parser.c:155
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:207
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
Definition: app-layer-ssl.c:3095
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:136
TLS_VERSION_13_DRAFT28
@ TLS_VERSION_13_DRAFT28
Definition: app-layer-ssl.h:170
TLS_VERSION_10
@ TLS_VERSION_10
Definition: app-layer-ssl.h:166
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:71
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:135
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:67
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Append buffer to buffer.
Definition: util-ja3.c:106
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:243
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:195
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:217
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:280
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:266
TLS_VERSION_13_DRAFT20
@ TLS_VERSION_13_DRAFT20
Definition: app-layer-ssl.h:178
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:141
SSLCertsChain_
Definition: app-layer-ssl.h:224
util-print.h
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:589
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:272
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:133
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:444
AppLayerProtoDetectPMRegisterPatternCSwPP
int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1819
SSLVersionToString
void SSLVersionToString(uint16_t version, char *buffer)
Definition: app-layer-ssl.c:334
TLS_VERSION_13_DRAFT22
@ TLS_VERSION_13_DRAFT22
Definition: app-layer-ssl.h:176
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:36
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: rust.h:31
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:98
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:158
TLS_VERSION_13_DRAFT23
@ TLS_VERSION_13_DRAFT23
Definition: app-layer-ssl.h:175
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:143
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:149
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:136
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:109
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:100
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:198
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:190
stream.h
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:65
TLS_VERSION_13_DRAFT27
@ TLS_VERSION_13_DRAFT27
Definition: app-layer-ssl.h:171
TLS_VERSION_13
@ TLS_VERSION_13
Definition: app-layer-ssl.h:169
stream-tcp-private.h
TLS_VERSION_13_DRAFT23_FB
@ TLS_VERSION_13_DRAFT23_FB
Definition: app-layer-ssl.h:187
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:40
conf.h
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:72
TLS_VERSION_13_DRAFT25
@ TLS_VERSION_13_DRAFT25
Definition: app-layer-ssl.h:173
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:122
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3084
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:599
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:233
SslConfig_
Definition: app-layer-ssl.c:155
SSL_AL_FLAG_STATE_FINISHED
#define SSL_AL_FLAG_STATE_FINISHED
Definition: app-layer-ssl.h:105
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:189
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1910
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:138
TLS_VERSION_13_DRAFT17
@ TLS_VERSION_13_DRAFT17
Definition: app-layer-ssl.h:181
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:169
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:167
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:196
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:225
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:279
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:267
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:35
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:405
DetectEngineStateFree
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
Definition: detect-engine-state.c:175
decode-events.h
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:138
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:182
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:84
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:214
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:543
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:137
SC_WARN_NO_JA3_SUPPORT
@ SC_WARN_NO_JA3_SUPPORT
Definition: util-error.h:341
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:66
SSLDecoderResult
Definition: app-layer-ssl.c:216
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:84
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:251
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:201
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:220
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:90
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:318
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:2949
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:203
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:225
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:147
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Generate Ja3 hash string.
Definition: util-ja3.c:215
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:148
SCEnumCharMap_
Definition: util-enum.h:27
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:61
TLS_VERSION_13_DRAFT16
@ TLS_VERSION_13_DRAFT16
Definition: app-layer-ssl.h:182
util-spm.h
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:255
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:241
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:279
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:278
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:230
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:611
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:383
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:156
TLS_VERSION_13_DRAFT19
@ TLS_VERSION_13_DRAFT19
Definition: app-layer-ssl.h:179
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:173
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:86
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:179
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:152
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:191
SSL_VERSION_2
@ SSL_VERSION_2
Definition: app-layer-ssl.h:164
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:163
str
#define str(s)
Definition: suricata-common.h:272
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:70
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:242
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:577
src
uint16_t src
Definition: app-layer-dnp3.h:5
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:69
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:188
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:546
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:94
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:168
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:70
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:174
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:62
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:269
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:204
app-layer-protos.h
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:131
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:532
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:151
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:88
SC_ERR_INVALID_ENUM_MAP
@ SC_ERR_INVALID_ENUM_MAP
Definition: util-error.h:45
SslConfig
struct SslConfig_ SslConfig
TLS_VERSION_13_DRAFT22_FB
@ TLS_VERSION_13_DRAFT22_FB
Definition: app-layer-ssl.h:186
TLS_STATE_IN_PROGRESS
@ TLS_STATE_IN_PROGRESS
Definition: app-layer-ssl.h:77
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1718
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:95
TLS_VERSION_13_DRAFT20_FB
@ TLS_VERSION_13_DRAFT20_FB
Definition: app-layer-ssl.h:184
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1806
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:37
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:262
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:376
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:134
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:144
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:257
TLS_VERSION_13_DRAFT24
@ TLS_VERSION_13_DRAFT24
Definition: app-layer-ssl.h:174
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:210
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:271
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:64
TLS_HANDSHAKE_DONE
@ TLS_HANDSHAKE_DONE
Definition: app-layer-ssl.h:79
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:180
SSL_VERSION_3
@ SSL_VERSION_3
Definition: app-layer-ssl.h:165
util-enum.h
util-pool.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:302
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:276
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:2080
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:254
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:111
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:176
WARN_UNUSED
#define WARN_UNUSED
Definition: suricata-common.h:384
TLS_VERSION_13_PRE_DRAFT16
@ TLS_VERSION_13_PRE_DRAFT16
Definition: app-layer-ssl.h:183
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:126
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:185
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:108
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:91
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:152
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:63
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:294
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:240
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:178
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:248