suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 #include "threads.h"
30 
31 #include "stream-tcp-private.h"
32 #include "stream-tcp-reassemble.h"
33 #include "stream-tcp.h"
34 #include "stream.h"
35 
36 #include "app-layer.h"
37 #include "app-layer-detect-proto.h"
38 #include "app-layer-protos.h"
39 #include "app-layer-parser.h"
40 #include "app-layer-frames.h"
41 #include "app-layer-ssl.h"
42 
43 #include "decode-events.h"
44 #include "conf.h"
45 
46 #include "feature.h"
47 
48 #include "util-spm.h"
49 #include "util-unittest.h"
50 #include "util-debug.h"
51 #include "util-print.h"
52 #include "util-pool.h"
53 #include "util-byte.h"
54 #include "util-ja3.h"
55 #include "util-enum.h"
56 #include "flow-util.h"
57 #include "flow-private.h"
58 #include "util-validate.h"
59 
60 SCEnumCharMap tls_frame_table[] = {
61  {
62  "pdu",
63  TLS_FRAME_PDU,
64  },
65  {
66  "hdr",
67  TLS_FRAME_HDR,
68  },
69  {
70  "data",
71  TLS_FRAME_DATA,
72  },
73  {
74  "alert",
75  TLS_FRAME_ALERT_DATA,
76  },
77  {
78  "heartbeat",
79  TLS_FRAME_HB_DATA,
80  },
81  {
82  "ssl2.hdr",
83  TLS_FRAME_SSLV2_HDR,
84  },
85  {
86  "ssl2.pdu",
87  TLS_FRAME_SSLV2_PDU,
88  },
89  { NULL, -1 },
90 };
91 
92 SCEnumCharMap tls_decoder_event_table[] = {
93  /* TLS protocol messages */
94  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
95  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
96  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
97  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
98  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
99  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
100  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
101  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
102  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
103  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
104  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
105  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
106  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
107  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
108  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
109  /* certificate decoding messages */
110  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
111  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
112  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
113  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
114  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
115  TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
116  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
117  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
118  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
119  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
120  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
121  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
122  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
123  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
124  /* used as a generic error event */
125  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
126  { NULL, -1 },
127 };
128 
129 enum {
130  /* X.509 error codes, returned by decoder
131  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
132  ERR_INVALID_CERTIFICATE=1,
133  ERR_INVALID_LENGTH,
134  ERR_INVALID_VERSION,
135  ERR_INVALID_SERIAL,
136  ERR_INVALID_ALGORITHMIDENTIFIER,
137  ERR_INVALID_X509NAME,
138  ERR_INVALID_DATE,
139  ERR_INVALID_EXTENSIONS,
140  ERR_INVALID_DER,
141 
142  /* error getting data */
143  ERR_EXTRACT_SUBJECT,
144  ERR_EXTRACT_ISSUER,
145  ERR_EXTRACT_VALIDITY,
146 };
147 
148 /* JA3 and JA4 fingerprints are disabled by default */
149 #define SSL_CONFIG_DEFAULT_JA3 0
150 #define SSL_CONFIG_DEFAULT_JA4 0
151 
152 enum SslConfigEncryptHandling {
153  SSL_CNF_ENC_HANDLE_DEFAULT = 0, /**< disable raw content, continue tracking */
154  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
155  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
156 };
157 
158 typedef struct SslConfig_ {
159  enum SslConfigEncryptHandling encrypt_mode;
160  /** dynamic setting for ja3 and ja4: can be enabled on demand if not
161  * explicitly disabled. */
162  SC_ATOMIC_DECLARE(int, enable_ja3);
163  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
164  SC_ATOMIC_DECLARE(int, enable_ja4);
165  bool disable_ja4; /**< ja4 explicitly disabled. Don't enable on demand. */
166 } SslConfig;
167 
168 SslConfig ssl_config;
169 
170 /* SSLv3 record types */
171 #define SSLV3_CHANGE_CIPHER_SPEC 20
172 #define SSLV3_ALERT_PROTOCOL 21
173 #define SSLV3_HANDSHAKE_PROTOCOL 22
174 #define SSLV3_APPLICATION_PROTOCOL 23
175 #define SSLV3_HEARTBEAT_PROTOCOL 24
176 
177 /* SSLv3 handshake protocol types */
178 #define SSLV3_HS_HELLO_REQUEST 0
179 #define SSLV3_HS_CLIENT_HELLO 1
180 #define SSLV3_HS_SERVER_HELLO 2
181 #define SSLV3_HS_NEW_SESSION_TICKET 4
182 #define SSLV3_HS_CERTIFICATE 11
183 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
184 #define SSLV3_HS_CERTIFICATE_REQUEST 13
185 #define SSLV3_HS_SERVER_HELLO_DONE 14
186 #define SSLV3_HS_CERTIFICATE_VERIFY 15
187 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
188 #define SSLV3_HS_FINISHED 20
189 #define SSLV3_HS_CERTIFICATE_URL 21
190 #define SSLV3_HS_CERTIFICATE_STATUS 22
191 
192 /* SSLv2 protocol message types */
193 #define SSLV2_MT_ERROR 0
194 #define SSLV2_MT_CLIENT_HELLO 1
195 #define SSLV2_MT_CLIENT_MASTER_KEY 2
196 #define SSLV2_MT_CLIENT_FINISHED 3
197 #define SSLV2_MT_SERVER_HELLO 4
198 #define SSLV2_MT_SERVER_VERIFY 5
199 #define SSLV2_MT_SERVER_FINISHED 6
200 #define SSLV2_MT_REQUEST_CERTIFICATE 7
201 #define SSLV2_MT_CLIENT_CERTIFICATE 8
202 
203 #define SSLV3_RECORD_HDR_LEN 5
204 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
205 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
206 
207 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
208 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
209 
210 /* TLS heartbeat protocol types */
211 #define TLS_HB_REQUEST 1
212 #define TLS_HB_RESPONSE 2
213 
214 #define SSL_RECORD_MINIMUM_LENGTH 6
215 
216 #define SHA1_STRING_LENGTH 60
217 
218 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
219 
220 struct SSLDecoderResult {
221  int retval; // nr bytes consumed from input, or < 0 on error
222  uint32_t needed; // more bytes needed
223 };
224 #define SSL_DECODER_ERROR(e) \
225  (struct SSLDecoderResult) \
226  { \
227  (e), 0 \
228  }
229 #define SSL_DECODER_OK(c) \
230  (struct SSLDecoderResult) \
231  { \
232  (uint32_t)(c), 0 \
233  }
234 #define SSL_DECODER_INCOMPLETE(c, n) \
235  (struct SSLDecoderResult) \
236  { \
237  (uint32_t)(c), (n) \
238  }
239 
240 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
241  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
242 
243 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
244  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
245 {
246  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
247  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
248  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
249  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
250 
251  if (dst_offset < dst_size && src_offset < src_size &&
252  src_tocopy <= (src_size - src_offset) &&
253  src_tocopy <= (dst_size - dst_offset)) {
254  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
255  return 0;
256  }
257  return -1;
258 }
259 
260 #ifdef DEBUG_VALIDATION
261 #define ValidateRecordState(connp) \
262  do { \
263  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
264  (connp)->bytes_processed); \
265  } while(0);
266 #else
267 #define ValidateRecordState(...)
268 #endif
269 
270 #define SSLParserHSReset(connp) \
271  do { \
272  (connp)->handshake_type = 0; \
273  (connp)->message_length = 0; \
274  } while (0)
275 
276 #define SSLParserReset(state) \
277  do { \
278  SCLogDebug("resetting state"); \
279  (state)->curr_connp->bytes_processed = 0; \
280  SSLParserHSReset((state)->curr_connp); \
281  } while(0)
282 
283 #define SSLSetEvent(ssl_state, event) \
284  do { \
285  SCLogDebug("setting event %u", (event)); \
286  if ((ssl_state) == NULL) { \
287  SCLogDebug("could not set decoder event %u", event); \
288  } else { \
289  AppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
290  (ssl_state)->events++; \
291  } \
292  } while (0)
293 
294 static void SSLStateCertSANFree(SSLStateConnp *connp);
295 
296 static void *SSLGetTx(void *state, uint64_t tx_id)
297 {
298  SSLState *ssl_state = (SSLState *)state;
299  return ssl_state;
300 }
301 
302 static uint64_t SSLGetTxCnt(void *state)
303 {
304  /* single tx */
305  return 1;
306 }
307 
308 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
309 {
310  SSLState *ssl_state = (SSLState *)tx;
311 
312  /* we don't care about direction, only that app-layer parser is done
313  and have sent an EOF */
314  if (ssl_state->flags & SSL_AL_FLAG_STATE_FINISHED) {
315  return TLS_STATE_FINISHED;
316  }
317 
318  /* we want the logger to log when the handshake is done, even if the
319  state is not finished */
320  if (ssl_state->flags & SSL_AL_FLAG_HANDSHAKE_DONE) {
321  return TLS_HANDSHAKE_DONE;
322  }
323 
324  if (direction == STREAM_TOSERVER &&
325  (ssl_state->server_connp.cert0_subject != NULL ||
326  ssl_state->server_connp.cert0_issuerdn != NULL))
327  {
328  return TLS_STATE_CERT_READY;
329  }
330 
331  return TLS_STATE_IN_PROGRESS;
332 }
333 
334 static AppLayerTxData *SSLGetTxData(void *vtx)
335 {
336  SSLState *ssl_state = (SSLState *)vtx;
337  return &ssl_state->tx_data;
338 }
339 
340 static AppLayerStateData *SSLGetStateData(void *vstate)
341 {
342  SSLState *ssl_state = (SSLState *)vstate;
343  return &ssl_state->state_data;
344 }
345 
346 void SSLVersionToString(uint16_t version, char *buffer)
347 {
348  buffer[0] = '\0';
349 
350  switch (version) {
351  case TLS_VERSION_UNKNOWN:
352  strlcat(buffer, "UNDETERMINED", 13);
353  break;
354  case SSL_VERSION_2:
355  strlcat(buffer, "SSLv2", 6);
356  break;
357  case SSL_VERSION_3:
358  strlcat(buffer, "SSLv3", 6);
359  break;
360  case TLS_VERSION_10:
361  strlcat(buffer, "TLSv1", 6);
362  break;
363  case TLS_VERSION_11:
364  strlcat(buffer, "TLS 1.1", 8);
365  break;
366  case TLS_VERSION_12:
367  strlcat(buffer, "TLS 1.2", 8);
368  break;
369  case TLS_VERSION_13:
370  strlcat(buffer, "TLS 1.3", 8);
371  break;
372  case TLS_VERSION_13_DRAFT28:
373  strlcat(buffer, "TLS 1.3 draft-28", 17);
374  break;
375  case TLS_VERSION_13_DRAFT27:
376  strlcat(buffer, "TLS 1.3 draft-27", 17);
377  break;
378  case TLS_VERSION_13_DRAFT26:
379  strlcat(buffer, "TLS 1.3 draft-26", 17);
380  break;
381  case TLS_VERSION_13_DRAFT25:
382  strlcat(buffer, "TLS 1.3 draft-25", 17);
383  break;
384  case TLS_VERSION_13_DRAFT24:
385  strlcat(buffer, "TLS 1.3 draft-24", 17);
386  break;
387  case TLS_VERSION_13_DRAFT23:
388  strlcat(buffer, "TLS 1.3 draft-23", 17);
389  break;
390  case TLS_VERSION_13_DRAFT22:
391  strlcat(buffer, "TLS 1.3 draft-22", 17);
392  break;
393  case TLS_VERSION_13_DRAFT21:
394  strlcat(buffer, "TLS 1.3 draft-21", 17);
395  break;
396  case TLS_VERSION_13_DRAFT20:
397  strlcat(buffer, "TLS 1.3 draft-20", 17);
398  break;
399  case TLS_VERSION_13_DRAFT19:
400  strlcat(buffer, "TLS 1.3 draft-19", 17);
401  break;
402  case TLS_VERSION_13_DRAFT18:
403  strlcat(buffer, "TLS 1.3 draft-18", 17);
404  break;
405  case TLS_VERSION_13_DRAFT17:
406  strlcat(buffer, "TLS 1.3 draft-17", 17);
407  break;
408  case TLS_VERSION_13_DRAFT16:
409  strlcat(buffer, "TLS 1.3 draft-16", 17);
410  break;
411  case TLS_VERSION_13_PRE_DRAFT16:
412  strlcat(buffer, "TLS 1.3 draft-<16", 18);
413  break;
414  case TLS_VERSION_13_DRAFT20_FB:
415  strlcat(buffer, "TLS 1.3 draft-20-fb", 20);
416  break;
417  case TLS_VERSION_13_DRAFT21_FB:
418  strlcat(buffer, "TLS 1.3 draft-21-fb", 20);
419  break;
420  case TLS_VERSION_13_DRAFT22_FB:
421  strlcat(buffer, "TLS 1.3 draft-22-fb", 20);
422  break;
423  case TLS_VERSION_13_DRAFT23_FB:
424  strlcat(buffer, "TLS 1.3 draft-23-fb", 20);
425  break;
426  case TLS_VERSION_13_DRAFT26_FB:
427  strlcat(buffer, "TLS 1.3 draft-26-fb", 20);
428  break;
429  default:
430  snprintf(buffer, 7, "0x%04x", version);
431  break;
432  }
433 }
434 
435 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
436 {
437  switch(err) {
438  case ERR_EXTRACT_VALIDITY:
439  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY);
440  break;
441  case ERR_EXTRACT_ISSUER:
442  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER);
443  break;
444  case ERR_EXTRACT_SUBJECT:
445  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT);
446  break;
447  case ERR_INVALID_DER:
448  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER);
449  break;
450  case ERR_INVALID_EXTENSIONS:
451  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS);
452  break;
453  case ERR_INVALID_DATE:
454  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE);
455  break;
456  case ERR_INVALID_X509NAME:
457  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME);
458  break;
459  case ERR_INVALID_ALGORITHMIDENTIFIER:
460  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER);
461  break;
462  case ERR_INVALID_SERIAL:
463  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL);
464  break;
465  case ERR_INVALID_VERSION:
466  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION);
467  break;
468  case ERR_INVALID_LENGTH:
469  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH);
470  break;
471  case ERR_INVALID_CERTIFICATE:
472  default:
473  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
474  break;
475  }
476 }
477 
478 static inline int TlsDecodeHSCertificateFingerprint(
479  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
480 {
481  if (unlikely(connp->cert0_fingerprint != NULL))
482  return 0;
483 
484  connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH);
485  if (connp->cert0_fingerprint == NULL)
486  return -1;
487 
488  uint8_t hash[SC_SHA1_LEN];
489  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
490  rs_to_hex_sep(
491  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
492  }
493  return 0;
494 }
495 
496 static inline int TlsDecodeHSCertificateAddCertToChain(
497  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
498 {
499  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
500  if (cert == NULL)
501  return -1;
502 
503  cert->cert_data = (uint8_t *)input;
504  cert->cert_len = cert_len;
505  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
506 
507  return 0;
508 }
509 
510 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
511  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
512 {
513  const uint8_t *input = (uint8_t *)initial_input;
514  uint32_t err_code = 0;
515  X509 *x509 = NULL;
516  int rc = 0;
517 
518  if (!(HAS_SPACE(3)))
519  goto invalid_cert;
520 
521  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
522  input += 3;
523 
524  if (!(HAS_SPACE(cert_len)))
525  goto invalid_cert;
526 
527  /* only store fields from the first certificate in the chain */
528  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
529  connp->cert0_serial == NULL) {
530  x509 = rs_x509_decode(input, cert_len, &err_code);
531  if (x509 == NULL) {
532  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
533  goto next;
534  }
535 
536  char *str = rs_x509_get_subject(x509);
537  if (str == NULL) {
538  err_code = ERR_EXTRACT_SUBJECT;
539  goto error;
540  }
541  connp->cert0_subject = str;
542 
543  str = rs_x509_get_issuer(x509);
544  if (str == NULL) {
545  err_code = ERR_EXTRACT_ISSUER;
546  goto error;
547  }
548  connp->cert0_issuerdn = str;
549 
550  connp->cert0_sans_len = rs_x509_get_subjectaltname_len(x509);
551  char **sans = SCCalloc(connp->cert0_sans_len, sizeof(char *));
552  if (sans == NULL) {
553  goto error;
554  }
555  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
556  sans[i] = rs_x509_get_subjectaltname_at(x509, i);
557  }
558  connp->cert0_sans = sans;
559  str = rs_x509_get_serial(x509);
560  if (str == NULL) {
561  err_code = ERR_INVALID_SERIAL;
562  goto error;
563  }
564  connp->cert0_serial = str;
565 
566  rc = rs_x509_get_validity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
567  if (rc != 0) {
568  err_code = ERR_EXTRACT_VALIDITY;
569  goto error;
570  }
571 
572  rs_x509_free(x509);
573  x509 = NULL;
574 
575  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
576  if (rc != 0) {
577  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
578  goto error;
579  }
580  }
581 
582  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
583  if (rc != 0) {
584  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
585  goto error;
586  }
587 
588 next:
589  input += cert_len;
590  return (int)(input - initial_input);
591 
592 error:
593  if (err_code != 0)
594  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
595  if (x509 != NULL)
596  rs_x509_free(x509);
597 
598  SSLStateCertSANFree(connp);
599  return -1;
600 
601 invalid_cert:
602  SCLogDebug("TLS invalid certificate");
603  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
604  return -1;
605 }
606 
607 /** \internal
608  * \brief parse cert data in a certificate handshake message
609  * will be called with all data.
610  * \retval consumed bytes consumed or -1 on error
611  */
612 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
613  const uint8_t *const initial_input, const uint32_t input_len)
614 {
615  const uint8_t *input = (uint8_t *)initial_input;
616 
617  if (!(HAS_SPACE(3)))
618  return -1;
619 
620  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
621  input += 3;
622 
623  if (!(HAS_SPACE(cert_chain_len)))
624  return -1;
625 
626  if (connp->certs_buffer != NULL) {
627  // TODO should we set an event here?
628  return -1;
629  }
630 
631  connp->certs_buffer = SCCalloc(1, cert_chain_len);
632  if (connp->certs_buffer == NULL) {
633  return -1;
634  }
635  connp->certs_buffer_size = cert_chain_len;
636  memcpy(connp->certs_buffer, input, cert_chain_len);
637 
638  int cert_cnt = 0;
639  uint32_t processed_len = 0;
640  /* coverity[tainted_data] */
641  while (processed_len < cert_chain_len) {
642  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
643  connp->certs_buffer_size - processed_len, cert_cnt);
644  if (rc <= 0) { // 0 should be impossible, but lets be defensive
645  return -1;
646  }
647  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
648  if (processed_len + (uint32_t)rc > cert_chain_len) {
649  return -1;
650  }
651 
652  processed_len += (uint32_t)rc;
653  }
654 
655  return processed_len + 3;
656 }
657 
658 /**
659  * \inline
660  * \brief Check if value is GREASE.
661  *
662  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
663  *
664  * \param value Value to check.
665  *
666  * \retval 1 if is GREASE.
667  * \retval 0 if not is GREASE.
668  */
669 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
670 {
671  switch (value)
672  {
673  case 0x0a0a:
674  case 0x1a1a:
675  case 0x2a2a:
676  case 0x3a3a:
677  case 0x4a4a:
678  case 0x5a5a:
679  case 0x6a6a:
680  case 0x7a7a:
681  case 0x8a8a:
682  case 0x9a9a:
683  case 0xaaaa:
684  case 0xbaba:
685  case 0xcaca:
686  case 0xdada:
687  case 0xeaea:
688  case 0xfafa:
689  return 1;
690  default:
691  return 0;
692  }
693 }
694 
695 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
696  const uint8_t * const initial_input,
697  const uint32_t input_len)
698 {
699  uint8_t *input = (uint8_t *)initial_input;
700 
701  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_VERSION_LEN))) {
702  SCLogDebug("TLS handshake invalid length");
703  SSLSetEvent(ssl_state,
704  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
705  return -1;
706  }
707 
708  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
709  ssl_state->curr_connp->version = version;
710 
711  if (ssl_state->curr_connp->ja4 != NULL &&
712  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
713  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, version);
714  }
715 
716  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
717  versions, instead of using the supported versions extension. */
718  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
719  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
720  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
721  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
722  }
723 
724  /* Catch some early TLSv1.3 draft implementations that does not conform
725  to the draft version. */
726  if ((ssl_state->curr_connp->version >= 0x7f01) &&
727  (ssl_state->curr_connp->version < 0x7f10)) {
728  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
729  }
730 
731  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
732  version number, which makes it hard to accurately pinpoint the
733  exact draft version. */
734  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
735  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
736  }
737 
738  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
739  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
740  if (ssl_state->curr_connp->ja3_str == NULL)
741  return -1;
742 
743  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
744  if (rc != 0)
745  return -1;
746  }
747 
748  input += SSLV3_CLIENT_HELLO_VERSION_LEN;
749 
750  return (int)(input - initial_input);
751 }
752 
753 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
754  const uint8_t * const initial_input,
755  const uint32_t input_len)
756 {
757  uint8_t *input = (uint8_t *)initial_input;
758 
759  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_RANDOM_LEN))) {
760  SCLogDebug("TLS handshake invalid length");
761  SSLSetEvent(ssl_state,
762  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
763  return -1;
764  }
765 
766  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
767  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
768  ssl_state->flags |= TLS_TS_RANDOM_SET;
769  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
770  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
771  ssl_state->flags |= TLS_TC_RANDOM_SET;
772  }
773 
774  /* Skip random */
775  input += SSLV3_CLIENT_HELLO_RANDOM_LEN;
776 
777  return (int)(input - initial_input);
778 }
779 
780 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
781  const uint8_t * const initial_input,
782  const uint32_t input_len)
783 {
784  uint8_t *input = (uint8_t *)initial_input;
785 
786  if (!(HAS_SPACE(1)))
787  goto invalid_length;
788 
789  uint8_t session_id_length = *input;
790  input += 1;
791 
792  if (!(HAS_SPACE(session_id_length)))
793  goto invalid_length;
794 
795  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
796  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
797 
798  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
799  return -1;
800  }
801 
802  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
803  input, 0, input_len, session_id_length) != 0) {
804  return -1;
805  }
806  ssl_state->curr_connp->session_id_length = session_id_length;
807 
808  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
809  ssl_state->client_connp.session_id != NULL &&
810  ssl_state->server_connp.session_id != NULL) {
811  if ((ssl_state->client_connp.session_id_length ==
812  ssl_state->server_connp.session_id_length) &&
813  (memcmp(ssl_state->server_connp.session_id,
814  ssl_state->client_connp.session_id, session_id_length) == 0)) {
815  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
816  }
817  }
818  }
819 
820  input += session_id_length;
821 
822  return (int)(input - initial_input);
823 
824 invalid_length:
825  SCLogDebug("TLS handshake invalid length");
826  SSLSetEvent(ssl_state,
827  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
828  return -1;
829 }
830 
831 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
832  const uint8_t * const initial_input,
833  const uint32_t input_len)
834 {
835  const uint8_t *input = initial_input;
836 
837  if (!(HAS_SPACE(2)))
838  goto invalid_length;
839 
840  uint16_t cipher_suites_length;
841 
842  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
843  cipher_suites_length = 2;
844  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
845  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
846  input += 2;
847  } else {
848  return -1;
849  }
850 
851  if (!(HAS_SPACE(cipher_suites_length)))
852  goto invalid_length;
853 
854  /* Cipher suites length should always be divisible by 2 */
855  if ((cipher_suites_length % 2) != 0) {
856  goto invalid_length;
857  }
858 
859  const bool enable_ja3 = SC_ATOMIC_GET(ssl_config.enable_ja3);
860 
861  if (enable_ja3 || SC_ATOMIC_GET(ssl_config.enable_ja4)) {
862  JA3Buffer *ja3_cipher_suites = NULL;
863 
864  if (enable_ja3) {
865  ja3_cipher_suites = Ja3BufferInit();
866  if (ja3_cipher_suites == NULL)
867  return -1;
868  }
869 
870  uint16_t processed_len = 0;
871  /* coverity[tainted_data] */
872  while (processed_len < cipher_suites_length)
873  {
874  if (!(HAS_SPACE(2))) {
875  if (enable_ja3) {
876  Ja3BufferFree(&ja3_cipher_suites);
877  }
878  goto invalid_length;
879  }
880 
881  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
882  input += 2;
883 
884  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
885  if (ssl_state->curr_connp->ja4 != NULL &&
886  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
887  SCJA4AddCipher(ssl_state->curr_connp->ja4, cipher_suite);
888  }
889  if (enable_ja3) {
890  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
891  if (rc != 0) {
892  return -1;
893  }
894  }
895  }
896  processed_len += 2;
897  }
898 
899  if (enable_ja3) {
900  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str, &ja3_cipher_suites);
901  if (rc == -1) {
902  return -1;
903  }
904  }
905 
906  } else {
907  /* Skip cipher suites */
908  input += cipher_suites_length;
909  }
910 
911  return (int)(input - initial_input);
912 
913 invalid_length:
914  SCLogDebug("TLS handshake invalid length");
915  SSLSetEvent(ssl_state,
916  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
917  return -1;
918 }
919 
920 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
921  const uint8_t * const initial_input,
922  const uint32_t input_len)
923 {
924  const uint8_t *input = initial_input;
925 
926  if (!(HAS_SPACE(1)))
927  goto invalid_length;
928 
929  /* Skip compression methods */
930  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
931  input += 1;
932  } else {
933  uint8_t compression_methods_length = *input;
934  input += 1;
935 
936  if (!(HAS_SPACE(compression_methods_length)))
937  goto invalid_length;
938 
939  input += compression_methods_length;
940  }
941 
942  return (int)(input - initial_input);
943 
944 invalid_length:
945  SCLogDebug("TLS handshake invalid_length");
946  SSLSetEvent(ssl_state,
947  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
948  return -1;
949 }
950 
951 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
952  const uint8_t * const initial_input,
953  const uint32_t input_len)
954 {
955  uint8_t *input = (uint8_t *)initial_input;
956 
957  /* Empty extension */
958  if (input_len == 0)
959  return 0;
960 
961  if (!(HAS_SPACE(2)))
962  goto invalid_length;
963 
964  /* Skip sni_list_length */
965  input += 2;
966 
967  if (!(HAS_SPACE(1)))
968  goto invalid_length;
969 
970  uint8_t sni_type = *input;
971  input += 1;
972 
973  /* Currently the only type allowed is host_name
974  (RFC6066 section 3). */
975  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
976  SCLogDebug("Unknown SNI type");
977  SSLSetEvent(ssl_state,
978  TLS_DECODER_EVENT_INVALID_SNI_TYPE);
979  return -1;
980  }
981 
982  if (!(HAS_SPACE(2)))
983  goto invalid_length;
984 
985  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
986  input += 2;
987 
988  /* host_name contains the fully qualified domain name,
989  and should therefore be limited by the maximum domain
990  name length. */
991  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
992  SSLSetEvent(ssl_state,
993  TLS_DECODER_EVENT_INVALID_SNI_LENGTH);
994  return -1;
995  }
996 
997  /* There must not be more than one extension of the same
998  type (RFC5246 section 7.4.1.4). */
999  if (ssl_state->curr_connp->sni) {
1000  SCLogDebug("Multiple SNI extensions");
1001  SSLSetEvent(ssl_state,
1002  TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS);
1003  input += sni_len;
1004  return (int)(input - initial_input);
1005  }
1006 
1007  const size_t sni_strlen = sni_len + 1;
1008  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
1009  if (unlikely(ssl_state->curr_connp->sni == NULL))
1010  return -1;
1011 
1012  const size_t consumed = input - initial_input;
1013  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
1014  initial_input, consumed, input_len, sni_len) != 0) {
1015  SCFree(ssl_state->curr_connp->sni);
1016  ssl_state->curr_connp->sni = NULL;
1017  return -1;
1018  }
1019  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
1020 
1021  input += sni_len;
1022 
1023  return (int)(input - initial_input);
1024 
1025 invalid_length:
1026  SCLogDebug("TLS handshake invalid length");
1027  SSLSetEvent(ssl_state,
1028  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1029 
1030 
1031  return -1;
1032 }
1033 
1034 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
1035  const uint8_t * const initial_input,
1036  const uint32_t input_len)
1037 {
1038  const uint8_t *input = initial_input;
1039 
1040  /* Empty extension */
1041  if (input_len == 0)
1042  return 0;
1043 
1044  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1045  if (!(HAS_SPACE(1)))
1046  goto invalid_length;
1047 
1048  uint8_t supported_ver_len = *input;
1049  input += 1;
1050 
1051  if (supported_ver_len < 2)
1052  goto invalid_length;
1053 
1054  if (!(HAS_SPACE(supported_ver_len)))
1055  goto invalid_length;
1056 
1057  /* Use the first (and preferred) valid version as client version,
1058  * skip over GREASE and other possible noise. */
1059  uint16_t i = 0;
1060  while (i + 1 < (uint16_t)supported_ver_len) {
1061  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1062  if (TLSVersionValid(ver)) {
1063  ssl_state->curr_connp->version = ver;
1064  if (ssl_state->curr_connp->ja4 != NULL &&
1065  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1066  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, ver);
1067  }
1068  break;
1069  }
1070  i += 2;
1071  }
1072 
1073  /* Set a flag to indicate that we have seen this extension */
1074  ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;
1075 
1076  input += supported_ver_len;
1077  }
1078  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1079  if (!(HAS_SPACE(2)))
1080  goto invalid_length;
1081 
1082  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1083 
1084  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1085  (ver > TLS_VERSION_12)) {
1086  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1087  }
1088 
1089  ssl_state->curr_connp->version = ver;
1090  input += 2;
1091  }
1092 
1093  return (int)(input - initial_input);
1094 
1095 invalid_length:
1096  SCLogDebug("TLS handshake invalid length");
1097  SSLSetEvent(ssl_state,
1098  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1099 
1100  return -1;
1101 }
1102 
1103 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1104  const uint8_t * const initial_input,
1105  const uint32_t input_len,
1106  JA3Buffer *ja3_elliptic_curves)
1107 {
1108  const uint8_t *input = initial_input;
1109 
1110  /* Empty extension */
1111  if (input_len == 0)
1112  return 0;
1113 
1114  if (!(HAS_SPACE(2)))
1115  goto invalid_length;
1116 
1117  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1118  input += 2;
1119 
1120  if (!(HAS_SPACE(elliptic_curves_len)))
1121  goto invalid_length;
1122 
1123  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1124  SC_ATOMIC_GET(ssl_config.enable_ja3)) {
1125  uint16_t ec_processed_len = 0;
1126  /* coverity[tainted_data] */
1127  while (ec_processed_len < elliptic_curves_len)
1128  {
1129  if (!(HAS_SPACE(2)))
1130  goto invalid_length;
1131 
1132  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1133  input += 2;
1134 
1135  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1136  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1137  elliptic_curve);
1138  if (rc != 0)
1139  return -1;
1140  }
1141 
1142  ec_processed_len += 2;
1143  }
1144 
1145  } else {
1146  /* Skip elliptic curves */
1147  input += elliptic_curves_len;
1148  }
1149 
1150  return (int)(input - initial_input);
1151 
1152 invalid_length:
1153  SCLogDebug("TLS handshake invalid length");
1154  SSLSetEvent(ssl_state,
1155  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1156 
1157  return -1;
1158 }
1159 
1160 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1161  const uint8_t * const initial_input,
1162  const uint32_t input_len,
1163  JA3Buffer *ja3_elliptic_curves_pf)
1164 {
1165  const uint8_t *input = initial_input;
1166 
1167  /* Empty extension */
1168  if (input_len == 0)
1169  return 0;
1170 
1171  if (!(HAS_SPACE(1)))
1172  goto invalid_length;
1173 
1174  uint8_t ec_pf_len = *input;
1175  input += 1;
1176 
1177  if (!(HAS_SPACE(ec_pf_len)))
1178  goto invalid_length;
1179 
1180  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1181  SC_ATOMIC_GET(ssl_config.enable_ja3)) {
1182  uint8_t ec_pf_processed_len = 0;
1183  /* coverity[tainted_data] */
1184  while (ec_pf_processed_len < ec_pf_len)
1185  {
1186  uint8_t elliptic_curve_pf = *input;
1187  input += 1;
1188 
1189  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1190  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1191  elliptic_curve_pf);
1192  if (rc != 0)
1193  return -1;
1194  }
1195 
1196  ec_pf_processed_len += 1;
1197  }
1198 
1199  } else {
1200  /* Skip elliptic curve point formats */
1201  input += ec_pf_len;
1202  }
1203 
1204  return (int)(input - initial_input);
1205 
1206 invalid_length:
1207  SCLogDebug("TLS handshake invalid length");
1208  SSLSetEvent(ssl_state,
1209  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1210 
1211  return -1;
1212 }
1213 
1214 static inline int TLSDecodeHSHelloExtensionSigAlgorithms(
1215  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1216 {
1217  const uint8_t *input = initial_input;
1218 
1219  /* Empty extension */
1220  if (input_len == 0)
1221  return 0;
1222 
1223  if (!(HAS_SPACE(2)))
1224  goto invalid_length;
1225 
1226  uint16_t sigalgo_len = (uint16_t)(*input << 8) | *(input + 1);
1227  input += 2;
1228 
1229  /* Signature algorithms length should always be divisible by 2 */
1230  if ((sigalgo_len % 2) != 0) {
1231  goto invalid_length;
1232  }
1233 
1234  if (!(HAS_SPACE(sigalgo_len)))
1235  goto invalid_length;
1236 
1237  if (ssl_state->curr_connp->ja4 != NULL &&
1238  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1239  uint16_t sigalgo_processed_len = 0;
1240  while (sigalgo_processed_len < sigalgo_len) {
1241  uint16_t sigalgo = (uint16_t)(*input << 8) | *(input + 1);
1242  input += 2;
1243  sigalgo_processed_len += 2;
1244 
1245  SCJA4AddSigAlgo(ssl_state->curr_connp->ja4, sigalgo);
1246  }
1247  } else {
1248  /* Skip signature algorithms */
1249  input += sigalgo_len;
1250  }
1251 
1252  return (int)(input - initial_input);
1253 
1254 invalid_length:
1255  SCLogDebug("Signature algorithm list invalid length");
1256  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1257 
1258  return -1;
1259 }
1260 
1261 static void StoreALPN(SSLStateConnp *connp, const uint8_t *alpn, const uint32_t size)
1262 {
1263  if (size > 0) {
1264  SSLAlpns *a = SCCalloc(1, sizeof(*a) + size);
1265  if (a != NULL) {
1266  memcpy(a->alpn, alpn, size);
1267  a->size = size;
1268  TAILQ_INSERT_TAIL(&connp->alpns, a, next);
1269  }
1270  }
1271 }
1272 
1273 static inline int TLSDecodeHSHelloExtensionALPN(
1274  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1275 {
1276  const uint8_t *input = initial_input;
1277 
1278  /* Empty extension */
1279  if (input_len == 0)
1280  return 0;
1281 
1282  if (!(HAS_SPACE(2)))
1283  goto invalid_length;
1284 
1285  uint16_t alpn_len = (uint16_t)(*input << 8) | *(input + 1);
1286  input += 2;
1287 
1288  if (!(HAS_SPACE(alpn_len)))
1289  goto invalid_length;
1290 
1291  /* We use 32 bits here to avoid potentially overflowing a value that
1292  needs to be compared to an unsigned 16-bit value. */
1293  uint32_t alpn_processed_len = 0;
1294  while (alpn_processed_len < alpn_len) {
1295  uint8_t protolen = *input;
1296  input += 1;
1297  alpn_processed_len += 1;
1298 
1299  if (!(HAS_SPACE(protolen)))
1300  goto invalid_length;
1301 
1302  /* Check if reading another protolen bytes would exceed the
1303  overall ALPN length; if so, skip and continue */
1304  if (alpn_processed_len + protolen > ((uint32_t)alpn_len)) {
1305  input += alpn_len - alpn_processed_len;
1306  break;
1307  }
1308 
1309  /* Only record the first value for JA4 */
1310  if (ssl_state->curr_connp->ja4 != NULL &&
1311  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1312  if (alpn_processed_len == 1) {
1313  SCJA4SetALPN(ssl_state->curr_connp->ja4, (const char *)input, protolen);
1314  }
1315  }
1316  StoreALPN(ssl_state->curr_connp, input, protolen);
1317 
1318  alpn_processed_len += protolen;
1319  input += protolen;
1320  }
1321 
1322  return (int)(input - initial_input);
1323 
1324 invalid_length:
1325  SCLogDebug("ALPN list invalid length");
1326  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1327 
1328  return -1;
1329 }
1330 
1331 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1332  const uint8_t * const initial_input,
1333  const uint32_t input_len)
1334 {
1335  const uint8_t *input = initial_input;
1336 
1337  int ret;
1338  int rc;
1339  const bool ja3 = (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1);
1340 
1341  JA3Buffer *ja3_extensions = NULL;
1342  JA3Buffer *ja3_elliptic_curves = NULL;
1343  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1344 
1345  if (ja3) {
1346  ja3_extensions = Ja3BufferInit();
1347  if (ja3_extensions == NULL)
1348  goto error;
1349 
1350  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1351  ja3_elliptic_curves = Ja3BufferInit();
1352  if (ja3_elliptic_curves == NULL)
1353  goto error;
1354 
1355  ja3_elliptic_curves_pf = Ja3BufferInit();
1356  if (ja3_elliptic_curves_pf == NULL)
1357  goto error;
1358  }
1359  }
1360 
1361  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1362  if (!(HAS_SPACE(2)))
1363  goto end;
1364 
1365  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1366  input += 2;
1367 
1368  if (!(HAS_SPACE(extensions_len)))
1369  goto invalid_length;
1370 
1371  uint16_t processed_len = 0;
1372  /* coverity[tainted_data] */
1373  while (processed_len < extensions_len)
1374  {
1375  if (!(HAS_SPACE(2)))
1376  goto invalid_length;
1377 
1378  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1379  input += 2;
1380 
1381  if (!(HAS_SPACE(2)))
1382  goto invalid_length;
1383 
1384  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1385  input += 2;
1386 
1387  if (!(HAS_SPACE(ext_len)))
1388  goto invalid_length;
1389 
1390  switch (ext_type) {
1391  case SSL_EXTENSION_SNI:
1392  {
1393  /* coverity[tainted_data] */
1394  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1395  ext_len);
1396  if (ret < 0)
1397  goto end;
1398 
1399  input += ret;
1400 
1401  break;
1402  }
1403 
1404  case SSL_EXTENSION_ELLIPTIC_CURVES:
1405  {
1406  /* coverity[tainted_data] */
1407  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1408  ext_len,
1409  ja3_elliptic_curves);
1410  if (ret < 0)
1411  goto end;
1412 
1413  input += ret;
1414 
1415  break;
1416  }
1417 
1418  case SSL_EXTENSION_EC_POINT_FORMATS:
1419  {
1420  /* coverity[tainted_data] */
1421  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1422  ext_len,
1423  ja3_elliptic_curves_pf);
1424  if (ret < 0)
1425  goto end;
1426 
1427  input += ret;
1428 
1429  break;
1430  }
1431 
1432  case SSL_EXTENSION_SIGNATURE_ALGORITHMS: {
1433  /* coverity[tainted_data] */
1434  ret = TLSDecodeHSHelloExtensionSigAlgorithms(ssl_state, input, ext_len);
1435  if (ret < 0)
1436  goto end;
1437 
1438  input += ret;
1439 
1440  break;
1441  }
1442 
1443  case SSL_EXTENSION_ALPN: {
1444  /* coverity[tainted_data] */
1445  ret = TLSDecodeHSHelloExtensionALPN(ssl_state, input, ext_len);
1446  if (ret < 0)
1447  goto end;
1448 
1449  input += ext_len;
1450 
1451  break;
1452  }
1453 
1454  case SSL_EXTENSION_EARLY_DATA:
1455  {
1456  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1457  /* Used by 0-RTT to indicate that encrypted data will
1458  be sent right after the ClientHello record. */
1459  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1460  }
1461 
1462  input += ext_len;
1463 
1464  break;
1465  }
1466 
1467  case SSL_EXTENSION_SUPPORTED_VERSIONS:
1468  {
1469  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1470  ext_len);
1471  if (ret < 0)
1472  goto end;
1473 
1474  input += ret;
1475 
1476  break;
1477  }
1478 
1479  case SSL_EXTENSION_SESSION_TICKET:
1480  {
1481  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1482  /* This has to be verified later on by checking if a
1483  certificate record has been sent by the server. */
1484  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1485  }
1486 
1487  input += ext_len;
1488 
1489  break;
1490  }
1491 
1492  default:
1493  {
1494  input += ext_len;
1495  break;
1496  }
1497  }
1498 
1499  if (ja3) {
1500  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1501  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1502  if (rc != 0)
1503  goto error;
1504  }
1505  }
1506 
1507  if (ssl_state->curr_connp->ja4 != NULL &&
1508  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1509  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1510  SCJA4AddExtension(ssl_state->curr_connp->ja4, ext_type);
1511  }
1512  }
1513 
1514  processed_len += ext_len + 4;
1515  }
1516 
1517 end:
1518  if (ja3) {
1519  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1520  &ja3_extensions);
1521  if (rc == -1)
1522  goto error;
1523 
1524  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1525  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1526  &ja3_elliptic_curves);
1527  if (rc == -1)
1528  goto error;
1529 
1530  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1531  &ja3_elliptic_curves_pf);
1532  if (rc == -1)
1533  goto error;
1534  }
1535  }
1536 
1537  return (int)(input - initial_input);
1538 
1539 invalid_length:
1540  SCLogDebug("TLS handshake invalid length");
1541  SSLSetEvent(ssl_state,
1542  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1543 
1544 error:
1545  if (ja3_extensions != NULL)
1546  Ja3BufferFree(&ja3_extensions);
1547  if (ja3_elliptic_curves != NULL)
1548  Ja3BufferFree(&ja3_elliptic_curves);
1549  if (ja3_elliptic_curves_pf != NULL)
1550  Ja3BufferFree(&ja3_elliptic_curves_pf);
1551 
1552  return -1;
1553 }
1554 
1555 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1556  const uint8_t * const input,
1557  const uint32_t input_len)
1558 {
1559  int ret;
1560  uint32_t parsed = 0;
1561 
1562  /* Ensure that we have a JA4 state defined by now if we have JA4 enabled,
1563  we are in a client hello and we don't have such a state yet (to avoid
1564  leaking memory in case this function is entered more than once). */
1565  if (SC_ATOMIC_GET(ssl_config.enable_ja4) &&
1566  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO &&
1567  ssl_state->curr_connp->ja4 == NULL) {
1568  ssl_state->curr_connp->ja4 = SCJA4New();
1569  }
1570 
1571  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1572  if (ret < 0)
1573  goto end;
1574 
1575  parsed += ret;
1576 
1577  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1578  if (ret < 0)
1579  goto end;
1580 
1581  parsed += ret;
1582 
1583  /* The session id field in the server hello record was removed in
1584  TLSv1.3 draft1, but was readded in draft22. */
1585  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1586  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1587  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1588  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1589  input_len - parsed);
1590  if (ret < 0)
1591  goto end;
1592 
1593  parsed += ret;
1594  }
1595 
1596  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1597  input_len - parsed);
1598  if (ret < 0)
1599  goto end;
1600 
1601  parsed += ret;
1602 
1603  /* The compression methods field in the server hello record was
1604  removed in TLSv1.3 draft1, but was readded in draft22. */
1605  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1606  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1607  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1608  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1609  input_len - parsed);
1610  if (ret < 0)
1611  goto end;
1612 
1613  parsed += ret;
1614  }
1615 
1616  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1617  input_len - parsed);
1618  if (ret < 0)
1619  goto end;
1620 
1621  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1622  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1623  }
1624 
1625 end:
1626  return 0;
1627 }
1628 
1629 #ifdef DEBUG_VALIDATION
1630 static inline bool
1631 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1632 {
1633  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1634  curr_connp->bytes_processed);
1635 }
1636 #endif
1637 
1638 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1639  const uint8_t *const initial_input, const uint32_t input_len)
1640 {
1641  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1642  SCLogDebug("rc %d", rc);
1643  if (rc > 0) {
1644  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1645  SSLParserHSReset(connp);
1646  } else if (rc < 0) {
1647  SCLogDebug("error parsing cert, reset state");
1648  SSLParserHSReset(connp);
1649  /* fall through to still consume the cert bytes */
1650  }
1651  return input_len;
1652 }
1653 
1654 static int SupportedHandshakeType(const uint8_t type)
1655 {
1656  switch (type) {
1657  case SSLV3_HS_CLIENT_HELLO:
1658  case SSLV3_HS_SERVER_HELLO:
1659  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1660  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1661  case SSLV3_HS_CERTIFICATE:
1662  case SSLV3_HS_HELLO_REQUEST:
1663  case SSLV3_HS_CERTIFICATE_REQUEST:
1664  case SSLV3_HS_CERTIFICATE_VERIFY:
1665  case SSLV3_HS_FINISHED:
1666  case SSLV3_HS_CERTIFICATE_URL:
1667  case SSLV3_HS_CERTIFICATE_STATUS:
1668  case SSLV3_HS_NEW_SESSION_TICKET:
1669  case SSLV3_HS_SERVER_HELLO_DONE:
1670  return true;
1671  break;
1672 
1673  default:
1674  return false;
1675  break;
1676  }
1677 }
1678 
1679 /**
1680  * \retval parsed number of consumed bytes
1681  * \retval < 0 error
1682  */
1683 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1684  uint32_t input_len, uint8_t direction)
1685 {
1686  const uint8_t *initial_input = input;
1687  int rc;
1688 
1689  if (input_len == 0) {
1690  return 0;
1691  }
1692  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1693 
1694  switch (ssl_state->curr_connp->handshake_type) {
1695  case SSLV3_HS_CLIENT_HELLO:
1696  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
1697 
1698  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1699  if (rc < 0)
1700  return rc;
1701  break;
1702 
1703  case SSLV3_HS_SERVER_HELLO:
1704  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
1705 
1706  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1707  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1708  if (rc < 0)
1709  return rc;
1710  break;
1711 
1712  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1713  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_KEYX;
1714  break;
1715 
1716  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1717  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
1718  break;
1719 
1720  case SSLV3_HS_CERTIFICATE:
1721 
1722  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1723  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1724  input_len);
1725  if (rc < 0)
1726  return rc;
1727  break;
1728 
1729  case SSLV3_HS_HELLO_REQUEST:
1730  break;
1731  case SSLV3_HS_CERTIFICATE_REQUEST:
1732  if (direction) {
1733  ssl_state->current_flags = SSL_AL_FLAG_NEED_CLIENT_CERT;
1734  }
1735  break;
1736  case SSLV3_HS_CERTIFICATE_VERIFY:
1737  case SSLV3_HS_FINISHED:
1738  case SSLV3_HS_CERTIFICATE_URL:
1739  case SSLV3_HS_CERTIFICATE_STATUS:
1740  break;
1741  case SSLV3_HS_NEW_SESSION_TICKET:
1742  SCLogDebug("new session ticket");
1743  break;
1744  case SSLV3_HS_SERVER_HELLO_DONE:
1745  break;
1746  default:
1747  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1748  return -1;
1749  }
1750 
1751  ssl_state->flags |= ssl_state->current_flags;
1752 
1753  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1754  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1755 
1756  return input_len;
1757 }
1758 
1759 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1760  uint32_t input_len, uint8_t direction)
1761 {
1762  const uint8_t *initial_input = input;
1763 
1764  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1765  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1766  SCReturnInt(0);
1767  }
1768 
1769  while (input_len) {
1770  SCLogDebug("input_len %u", input_len);
1771 
1772  if (ssl_state->curr_connp->hs_buffer != NULL) {
1773  SCLogDebug("partial handshake record in place");
1774  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1775  ssl_state->curr_connp->hs_buffer_offset;
1776  const uint32_t add = MIN(need, input_len);
1777 
1778  /* grow buffer to next multiple of 4k that fits all data we have */
1779  if (ssl_state->curr_connp->hs_buffer_offset + add >
1780  ssl_state->curr_connp->hs_buffer_size) {
1781  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1782  const uint32_t new_size = avail + (4096 - (avail % 4096));
1783  SCLogDebug("new_size %u, avail %u", new_size, avail);
1784  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1785  if (ptr == NULL)
1786  return -1;
1787  ssl_state->curr_connp->hs_buffer = ptr;
1788  ssl_state->curr_connp->hs_buffer_size = new_size;
1789  }
1790 
1791  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1792  "ssl_state->curr_connp->hs_buffer_size %u",
1793  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1794  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1795 
1796  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1797  ssl_state->curr_connp->hs_buffer_offset,
1798  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1799  SCLogDebug("copy failed");
1800  return -1;
1801  }
1802  ssl_state->curr_connp->hs_buffer_offset += add;
1803 
1804  if (ssl_state->curr_connp->hs_buffer_message_size <=
1805  ssl_state->curr_connp->hs_buffer_offset) {
1806  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->hs_buffer_message_size !=
1807  ssl_state->curr_connp->hs_buffer_offset);
1808 
1809  ssl_state->curr_connp->handshake_type =
1810  ssl_state->curr_connp->hs_buffer_message_type;
1811  ssl_state->curr_connp->message_length =
1812  ssl_state->curr_connp->hs_buffer_message_size;
1813 
1814  SCLogDebug("got all data now: handshake_type %u message_length %u",
1815  ssl_state->curr_connp->handshake_type,
1816  ssl_state->curr_connp->message_length);
1817 
1818  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1819  ssl_state->curr_connp->hs_buffer_offset, direction);
1820  if (retval < 0) {
1821  SSLParserHSReset(ssl_state->curr_connp);
1822  return (retval);
1823  }
1824  SCLogDebug("retval %d", retval);
1825 
1826  /* data processed, reset buffer */
1827  SCFree(ssl_state->curr_connp->hs_buffer);
1828  ssl_state->curr_connp->hs_buffer = NULL;
1829  ssl_state->curr_connp->hs_buffer_size = 0;
1830  ssl_state->curr_connp->hs_buffer_message_size = 0;
1831  ssl_state->curr_connp->hs_buffer_message_type = 0;
1832  ssl_state->curr_connp->hs_buffer_offset = 0;
1833  } else {
1834  SCLogDebug("partial data");
1835  }
1836 
1837  input += add;
1838  input_len -= add;
1839  SCLogDebug("input_len %u", input_len);
1840  SSLParserHSReset(ssl_state->curr_connp);
1841  continue;
1842  }
1843 
1844  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1845  SCLogDebug("input %p input_len %u", input, input_len);
1846 
1847  if (input_len < 4) {
1848  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1849  SCReturnInt(-1);
1850  }
1851 
1852  ssl_state->curr_connp->handshake_type = input[0];
1853  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1854  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1855  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1856  input_len);
1857  input += 4;
1858  input_len -= 4;
1859 
1860  const uint32_t record_len = ssl_state->curr_connp->message_length;
1861  /* see if we support this type. We check here to not use the fragment
1862  * handling on things we don't support. */
1863  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1864  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1865  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1866  if (!supported_type) {
1867  uint32_t avail_record_len = MIN(input_len, record_len);
1868  input += avail_record_len;
1869  input_len -= avail_record_len;
1870 
1871  SSLParserHSReset(ssl_state->curr_connp);
1872 
1873  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1874  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1875  // after Change Cipher Spec we get Encrypted Handshake Messages
1876  } else {
1877  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
1878  }
1879  continue;
1880  }
1881 
1882  /* if the message length exceeds our input_len, we have a tls fragment. */
1883  if (record_len > input_len) {
1884  const uint32_t avail = input_len;
1885  const uint32_t size = avail + (4096 - (avail % 4096));
1886  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1887  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1888  if (ssl_state->curr_connp->hs_buffer == NULL) {
1889  return -1;
1890  }
1891  ssl_state->curr_connp->hs_buffer_size = size;
1892  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1893  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1894 
1895  if (input_len > 0) {
1896  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1897  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1898  input_len) != 0) {
1899  return -1;
1900  }
1901  ssl_state->curr_connp->hs_buffer_offset = input_len;
1902  }
1903  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1904  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1905  ssl_state->curr_connp->hs_buffer_offset,
1906  ssl_state->curr_connp->hs_buffer_message_type,
1907  ssl_state->curr_connp->hs_buffer_message_size);
1908  input += input_len;
1909  SSLParserHSReset(ssl_state->curr_connp);
1910  return (int)(input - initial_input);
1911 
1912  } else {
1913  /* full record, parse it now */
1914  int retval = SSLv3ParseHandshakeType(
1915  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1916  if (retval < 0 || retval > (int)input_len) {
1917  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1918  return (retval);
1919  }
1920  SCLogDebug("retval %d input_len %u", retval, input_len);
1921  input += retval;
1922  input_len -= retval;
1923 
1924  SSLParserHSReset(ssl_state->curr_connp);
1925  }
1926  SCLogDebug("input_len left %u", input_len);
1927  }
1928  return (int)(input - initial_input);
1929 }
1930 
1931 /**
1932  * \internal
1933  * \brief TLS Heartbeat parser (see RFC 6520)
1934  *
1935  * \param sslstate Pointer to the SSL state.
1936  * \param input Pointer to the received input data.
1937  * \param input_len Length in bytes of the received data.
1938  * \param direction 1 toclient, 0 toserver
1939  *
1940  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1941  */
1942 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1943  uint32_t input_len, uint8_t direction)
1944 {
1945  uint8_t hb_type;
1946  uint16_t payload_len;
1947  uint32_t padding_len;
1948 
1949  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1950  if (input_len < 3) {
1951  return 0;
1952  }
1953 
1954  hb_type = *input++;
1955 
1956  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1957  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1958  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1959  return -1;
1960  }
1961  }
1962 
1963  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1964  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1965 
1966  if (direction) {
1967  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1968  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1969  } else {
1970  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1971  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1972  }
1973 
1974  /* if we reach this point, then we can assume that the HB request
1975  is encrypted. If so, let's set the HB record length */
1976  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1977  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1978  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1979  ssl_state->hb_record_len);
1980  return (ssl_state->curr_connp->record_length - 3);
1981  }
1982 
1983  payload_len = (uint16_t)(*input << 8) | *(input + 1);
1984 
1985  /* check that the requested payload length is really present in
1986  the record (CVE-2014-0160) */
1987  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
1988  SCLogDebug("We have a short record in HeartBeat Request");
1989  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT);
1990  return -1;
1991  }
1992 
1993  /* check the padding length. It must be at least 16 bytes
1994  (RFC 6520, section 4) */
1995  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
1996  if (padding_len < 16) {
1997  SCLogDebug("We have a short record in HeartBeat Request");
1998  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1999  return -1;
2000  }
2001 
2002  /* we don't have the payload */
2003  if (input_len < payload_len + padding_len) {
2004  return 0;
2005  }
2006 
2007  /* OpenSSL still seems to discard multiple in-flight
2008  heartbeats although some tools send multiple at once */
2009  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
2010  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
2011  SCLogDebug("Multiple in-flight server initiated HeartBeats");
2012  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2013  return -1;
2014 
2015  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
2016  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
2017  SCLogDebug("Multiple in-flight client initiated HeartBeats");
2018  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2019  return -1;
2020 
2021  } else {
2022  /* we have a HB record in the opposite direction of the request,
2023  let's reset our flags */
2024  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
2025  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
2026  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
2027 
2028  /* if we reach this point, then we can assume that the HB request
2029  is encrypted. If so, let's set the HB record length */
2030  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2031  /* check to see if the encrypted response is longer than the
2032  encrypted request */
2033  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
2034  ssl_state->curr_connp->record_length) {
2035  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
2036  ssl_state->hb_record_len);
2037  SSLSetEvent(ssl_state,
2038  TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH);
2039  ssl_state->hb_record_len = 0;
2040  return -1;
2041  }
2042  }
2043 
2044  /* reset the HB record length in case we have a legit HB followed
2045  by a bad one */
2046  ssl_state->hb_record_len = 0;
2047  }
2048 
2049  /* skip the HeartBeat, 3 bytes were already parsed,
2050  e.g |18 03 02| for TLS 1.2 */
2051  return (ssl_state->curr_connp->record_length - 3);
2052 }
2053 
2054 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
2055  const uint8_t *input, uint32_t input_len)
2056 {
2057  const uint8_t *initial_input = input;
2058 
2059  if (input_len == 0) {
2060  return 0;
2061  }
2062 
2063  uint8_t skip_version = 0;
2064 
2065  /* Only set SSL/TLS version here if it has not already been set in
2066  client/server hello. */
2067  if (direction == 0) {
2068  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2069  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
2070  skip_version = 1;
2071  }
2072  } else {
2073  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
2074  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
2075  skip_version = 1;
2076  }
2077  }
2078 
2079  switch (ssl_state->curr_connp->bytes_processed) {
2080  case 0:
2081  if (input_len >= 5) {
2082  ssl_state->curr_connp->content_type = input[0];
2083  if (!skip_version) {
2084  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
2085  }
2086  ssl_state->curr_connp->record_length = input[3] << 8;
2087  ssl_state->curr_connp->record_length |= input[4];
2088  ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_HDR_LEN;
2089  return SSLV3_RECORD_HDR_LEN;
2090  } else {
2091  ssl_state->curr_connp->content_type = *(input++);
2092  if (--input_len == 0)
2093  break;
2094  }
2095 
2096  /* fall through */
2097  case 1:
2098  if (!skip_version) {
2099  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
2100  } else {
2101  input++;
2102  }
2103  if (--input_len == 0)
2104  break;
2105 
2106  /* fall through */
2107  case 2:
2108  if (!skip_version) {
2109  ssl_state->curr_connp->version |= *(input++);
2110  } else {
2111  input++;
2112  }
2113  if (--input_len == 0)
2114  break;
2115 
2116  /* fall through */
2117  case 3:
2118  ssl_state->curr_connp->record_length = *(input++) << 8;
2119  if (--input_len == 0)
2120  break;
2121 
2122  /* fall through */
2123  case 4:
2124  ssl_state->curr_connp->record_length |= *(input++);
2125  if (--input_len == 0)
2126  break;
2127 
2128  /* fall through */
2129  }
2130 
2131  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2132 
2133  return (int)(input - initial_input);
2134 }
2135 
2136 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
2137  const uint8_t *input, uint32_t input_len)
2138 {
2139  const uint8_t *initial_input = input;
2140 
2141  if (input_len == 0) {
2142  return 0;
2143  }
2144 
2145  if (ssl_state->curr_connp->record_lengths_length == 2) {
2146  switch (ssl_state->curr_connp->bytes_processed) {
2147  case 0:
2148  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2149  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
2150  ssl_state->curr_connp->content_type = input[2];
2151  ssl_state->curr_connp->version = SSL_VERSION_2;
2152  ssl_state->curr_connp->bytes_processed += 3;
2153  return 3;
2154  } else {
2155  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
2156  if (--input_len == 0)
2157  break;
2158  }
2159 
2160  /* fall through */
2161  case 1:
2162  ssl_state->curr_connp->record_length |= *(input++);
2163  if (--input_len == 0)
2164  break;
2165 
2166  /* fall through */
2167  case 2:
2168  ssl_state->curr_connp->content_type = *(input++);
2169  ssl_state->curr_connp->version = SSL_VERSION_2;
2170  if (--input_len == 0)
2171  break;
2172 
2173  /* fall through */
2174  }
2175 
2176  } else {
2177  switch (ssl_state->curr_connp->bytes_processed) {
2178  case 0:
2179  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2180  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
2181  ssl_state->curr_connp->content_type = input[3];
2182  ssl_state->curr_connp->version = SSL_VERSION_2;
2183  ssl_state->curr_connp->bytes_processed += 4;
2184  return 4;
2185  } else {
2186  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
2187  if (--input_len == 0)
2188  break;
2189  }
2190 
2191  /* fall through */
2192  case 1:
2193  ssl_state->curr_connp->record_length |= *(input++);
2194  if (--input_len == 0)
2195  break;
2196 
2197  /* fall through */
2198  case 2:
2199  /* padding */
2200  input++;
2201  if (--input_len == 0)
2202  break;
2203 
2204  /* fall through */
2205  case 3:
2206  ssl_state->curr_connp->content_type = *(input++);
2207  ssl_state->curr_connp->version = SSL_VERSION_2;
2208  if (--input_len == 0)
2209  break;
2210 
2211  /* fall through */
2212  }
2213  }
2214 
2215  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2216 
2217  return (int)(input - initial_input);
2218 }
2219 
2220 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2221  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2222  const StreamSlice stream_slice)
2223 {
2224  const uint8_t *initial_input = input;
2225 
2226  if (ssl_state->curr_connp->bytes_processed == 0) {
2227  if (input[0] & 0x80) {
2228  ssl_state->curr_connp->record_lengths_length = 2;
2229  } else {
2230  ssl_state->curr_connp->record_lengths_length = 3;
2231  }
2232 
2233  SCLogDebug("record start: ssl2.hdr frame");
2234  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2235  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2236  }
2237 
2238  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2239  "ssl_state->curr_connp->bytes_processed %u",
2240  direction, ssl_state->curr_connp->record_lengths_length + 1,
2241  ssl_state->curr_connp->bytes_processed);
2242  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2243  to read the msg_type */
2244  if (ssl_state->curr_connp->bytes_processed <
2245  (ssl_state->curr_connp->record_lengths_length + 1)) {
2246  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2247  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2248  ssl_state->curr_connp->record_length);
2249  if (retval < 0 || retval > (int)input_len) {
2250  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2251  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2252  return SSL_DECODER_ERROR(-1);
2253  }
2254 
2255  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2256  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2257  direction, TLS_FRAME_SSLV2_PDU);
2258  SCLogDebug("record start: ssl2.pdu frame");
2259 
2260  input += retval;
2261  input_len -= retval;
2262  }
2263 
2264  /* if we don't have the full record, we return incomplete */
2265  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2266  input_len + ssl_state->curr_connp->bytes_processed) {
2267  uint32_t needed = ssl_state->curr_connp->record_length;
2268  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2269  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2270  needed);
2271  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2272  }
2273 
2274  if (input_len == 0) {
2275  return SSL_DECODER_OK((input - initial_input));
2276  }
2277 
2278  /* record_length should never be zero */
2279  if (ssl_state->curr_connp->record_length == 0) {
2280  SCLogDebug("SSLv2 record length is zero");
2281  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2282  return SSL_DECODER_ERROR(-1);
2283  }
2284 
2285  /* record_lengths_length should never be zero */
2286  if (ssl_state->curr_connp->record_lengths_length == 0) {
2287  SCLogDebug("SSLv2 record lengths length is zero");
2288  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2289  return SSL_DECODER_ERROR(-1);
2290  }
2291 
2292  switch (ssl_state->curr_connp->content_type) {
2293  case SSLV2_MT_ERROR:
2294  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2295  "in establishing the sslv2 session, may be version");
2296  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED);
2297 
2298  break;
2299 
2300  case SSLV2_MT_CLIENT_HELLO:
2301  if (input_len < 6) {
2302  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2303  return SSL_DECODER_ERROR(-1);
2304  }
2305 
2306  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2307  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2308 
2309  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2310  SCLogDebug("SSLv2: version %04x", version);
2311  ssl_state->curr_connp->version = version;
2312  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2313  input += 6;
2314  input_len -= 6;
2315  ssl_state->curr_connp->bytes_processed += 6;
2316  if (session_id_length == 0) {
2317  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2318  }
2319  break;
2320 
2321  case SSLV2_MT_CLIENT_MASTER_KEY:
2322  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2323  SCLogDebug("Client hello is not seen before master key "
2324  "message!");
2325  }
2326  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2327 
2328  break;
2329 
2330  case SSLV2_MT_CLIENT_CERTIFICATE:
2331  if (direction == 1) {
2332  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2333  "direction!");
2334  } else {
2335  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2336  }
2337 
2338  /* fall through */
2339  case SSLV2_MT_SERVER_VERIFY:
2340  case SSLV2_MT_SERVER_FINISHED:
2341  if (direction == 0 &&
2342  !(ssl_state->curr_connp->content_type &
2343  SSLV2_MT_CLIENT_CERTIFICATE)) {
2344  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2345  "direction!");
2346  }
2347 
2348  /* fall through */
2349  case SSLV2_MT_CLIENT_FINISHED:
2350  case SSLV2_MT_REQUEST_CERTIFICATE:
2351  /* both client hello and server hello must be seen */
2352  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2353  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2354 
2355  if (direction == 0) {
2356  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2357  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2358  SCLogDebug("SSLv2 client side has started the encryption");
2359  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2360  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2361  SCLogDebug("SSLv2 client side has started the encryption");
2362  }
2363  } else {
2364  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2365  SCLogDebug("SSLv2 Server side has started the encryption");
2366  }
2367 
2368  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2369  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2370  {
2371  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2372  AppLayerParserStateSetFlag(pstate,
2373  APP_LAYER_PARSER_NO_INSPECTION);
2374  }
2375 
2376  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2377  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2378  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2379  }
2380  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2381  }
2382  }
2383 
2384  break;
2385 
2386  case SSLV2_MT_SERVER_HELLO:
2387  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2388  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2389 
2390  break;
2391  }
2392 
2393  ssl_state->flags |= ssl_state->current_flags;
2394 
2395  if (input_len + ssl_state->curr_connp->bytes_processed >=
2396  (ssl_state->curr_connp->record_length +
2397  ssl_state->curr_connp->record_lengths_length)) {
2398 
2399  /* looks like we have another record after this */
2400  uint32_t diff = ssl_state->curr_connp->record_length +
2401  ssl_state->curr_connp->record_lengths_length + -
2402  ssl_state->curr_connp->bytes_processed;
2403  input += diff;
2404  SSLParserReset(ssl_state);
2405 
2406  /* we still don't have the entire record for the one we are
2407  currently parsing */
2408  } else {
2409  input += input_len;
2410  ssl_state->curr_connp->bytes_processed += input_len;
2411  }
2412  return SSL_DECODER_OK((input - initial_input));
2413 }
2414 
2415 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2416  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2417  const StreamSlice stream_slice)
2418 {
2419  uint32_t parsed = 0;
2420  uint32_t record_len; /* slice of input_len for the current record */
2421  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2422 
2423  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2424  const uint16_t prev_version = ssl_state->curr_connp->version;
2425 
2426  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2427  if (retval < 0 || retval > (int)input_len) {
2428  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2429  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2430  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
2431  return SSL_DECODER_ERROR(-1);
2432  }
2433  parsed = retval;
2434 
2435  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2436  input, ssl_state->curr_connp->record_length);
2437 
2438  /* first the hdr frame at our first chance */
2439  if (first_call) {
2440  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2441  direction, TLS_FRAME_HDR);
2442  }
2443 
2444  /* parser is streaming for the initial header, then switches to incomplete
2445  * API: so if we don't have the hdr yet, return consumed bytes and wait
2446  * until we are called again with new data. */
2447  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2448  SCLogDebug(
2449  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2450  return SSL_DECODER_OK(parsed);
2451  }
2452 
2453  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2454  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2455  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2456  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2457  SCLogDebug(
2458  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2459  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2460 
2461  bool unknown_record = false;
2462  switch (ssl_state->curr_connp->content_type) {
2463  case SSLV3_CHANGE_CIPHER_SPEC:
2464  case SSLV3_ALERT_PROTOCOL:
2465  case SSLV3_HANDSHAKE_PROTOCOL:
2466  case SSLV3_APPLICATION_PROTOCOL:
2467  case SSLV3_HEARTBEAT_PROTOCOL:
2468  break;
2469  default:
2470  unknown_record = true;
2471  break;
2472  }
2473 
2474  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2475  * on Wireshark logic. */
2476  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2477  if (unknown_record) {
2478  SCLogDebug("unknown record, ignore it");
2479  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2480 
2481  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2482  ssl_state->curr_connp->content_type = 0;
2483  ssl_state->curr_connp->record_length = 0;
2484  // restore last good version
2485  ssl_state->curr_connp->version = prev_version;
2486  return SSL_DECODER_OK(input_len); // consume everything
2487  }
2488  } else {
2489  if (unknown_record) {
2490  SCLogDebug("unknown record, fatal");
2491  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2492  return SSL_DECODER_ERROR(-1);
2493  }
2494  }
2495 
2496  /* record_length should never be zero */
2497  if (ssl_state->curr_connp->record_length == 0) {
2498  SCLogDebug("SSLv3 Record length is 0");
2499  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2500  return SSL_DECODER_ERROR(-1);
2501  }
2502 
2503  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2504  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2505  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_VERSION);
2506  return SSL_DECODER_ERROR(-1);
2507  }
2508 
2509  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2510  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2511  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2512  return SSL_DECODER_ERROR(-1);
2513  }
2514  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2515  } else {
2516  ValidateRecordState(ssl_state->curr_connp);
2517 
2518  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2519  record_len = MIN(input_len, record_len);
2520  }
2521  SCLogDebug("record length %u processed %u got %u",
2522  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2523 
2524  /* if we don't have the full record, we return incomplete */
2525  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2526  /* no need to use incomplete api buffering for application
2527  * records that we'll not use anyway. */
2528  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2529  SCLogDebug("application record");
2530  } else {
2531  uint32_t needed = ssl_state->curr_connp->record_length;
2532  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2533  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2534  DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
2535  return SSL_DECODER_INCOMPLETE(parsed, needed);
2536  }
2537  }
2538 
2539  if (record_len == 0) {
2540  return SSL_DECODER_OK(parsed);
2541  }
2542 
2543  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2544  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2545 
2546  switch (ssl_state->curr_connp->content_type) {
2547  /* we don't need any data from these types */
2548  case SSLV3_CHANGE_CIPHER_SPEC:
2549  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2550 
2551  if (direction) {
2552  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2553  } else {
2554  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2555  }
2556  break;
2557 
2558  case SSLV3_ALERT_PROTOCOL:
2559  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2560  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2561  break;
2562 
2563  case SSLV3_APPLICATION_PROTOCOL:
2564  /* In TLSv1.3 early data (0-RTT) could be sent before the
2565  handshake is complete (rfc8446, section 2.3). We should
2566  therefore not mark the handshake as done before we have
2567  seen the ServerHello record. */
2568  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2569  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2570  break;
2571 
2572  /* if we see (encrypted) application data, then this means the
2573  handshake must be done */
2574  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2575 
2576  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2577  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2578  AppLayerParserStateSetFlag(pstate,
2579  APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD);
2580  }
2581 
2582  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2583  * heartbeat lke inspection to be able to be able to bypass the flow */
2584  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2585  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2586  AppLayerParserStateSetFlag(pstate,
2587  APP_LAYER_PARSER_NO_REASSEMBLY);
2588  AppLayerParserStateSetFlag(pstate,
2589  APP_LAYER_PARSER_NO_INSPECTION);
2590  AppLayerParserStateSetFlag(pstate,
2591  APP_LAYER_PARSER_BYPASS_READY);
2592  }
2593  break;
2594 
2595  case SSLV3_HANDSHAKE_PROTOCOL: {
2596  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2597  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2598  compatibility (rfc8446, appendix D.4). */
2599  // Client hello flags is needed to have a valid version
2600  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2601  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2602  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2603  /* do nothing */
2604  } else {
2605  // if we started parsing this, we must stop
2606  break;
2607  }
2608  }
2609 
2610  if (ssl_state->curr_connp->record_length < 4) {
2611  SSLParserReset(ssl_state);
2612  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2613  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2614  return SSL_DECODER_ERROR(-1);
2615  }
2616 
2617  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2618  record_len, direction);
2619  SCLogDebug("retval %d", retval);
2620  if (retval < 0 || retval > (int)record_len) {
2621  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2622  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
2623  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2624  return SSL_DECODER_ERROR(-1);
2625  }
2626  ValidateRecordState(ssl_state->curr_connp);
2627  break;
2628  }
2629  case SSLV3_HEARTBEAT_PROTOCOL: {
2630  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2631  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2632  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2633  record_len, direction);
2634  if (retval < 0) {
2635  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2636  return SSL_DECODER_ERROR(-1);
2637  }
2638  break;
2639  }
2640  default:
2641  // should be unreachable now that we check after header parsing
2642  DEBUG_VALIDATE_BUG_ON(1);
2643  SCLogDebug("unsupported record type");
2644  return SSL_DECODER_ERROR(-1);
2645  }
2646 
2647  parsed += record_len;
2648  ssl_state->curr_connp->bytes_processed += record_len;
2649 
2650  if (ssl_state->curr_connp->bytes_processed >=
2651  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2652  SCLogDebug("record complete, trigger RAW");
2653  AppLayerParserTriggerRawStreamReassembly(
2654  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2655  SSLParserReset(ssl_state);
2656  ValidateRecordState(ssl_state->curr_connp);
2657  return SSL_DECODER_OK(parsed);
2658 
2659  } else {
2660  /* we still don't have the entire record for the one we are
2661  currently parsing */
2662  ValidateRecordState(ssl_state->curr_connp);
2663  return SSL_DECODER_OK(parsed);
2664  }
2665 }
2666 
2667 /**
2668  * \internal
2669  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2670  *
2671  * On parsing error, this should be the only function that should reset
2672  * the parser state, to avoid multiple functions in the chain resetting
2673  * the parser state.
2674  *
2675  * \param direction 0 for toserver, 1 for toclient.
2676  * \param alstate Pointer to the state.
2677  * \param pstate Application layer parser state for this session.
2678  * \param output Pointer to the list of parsed output elements.
2679  *
2680  * \todo On reaching an inconsistent state, check if the input has
2681  * another new record, instead of just returning after the reset
2682  *
2683  * \retval >=0 On success.
2684  */
2685 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2686  AppLayerParserState *pstate, StreamSlice stream_slice)
2687 {
2688  SSLState *ssl_state = (SSLState *)alstate;
2689  uint32_t counter = 0;
2690  ssl_state->f = f;
2691  const uint8_t *input = StreamSliceGetData(&stream_slice);
2692  const uint8_t *init_input = input;
2693  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2694 
2695  if (input == NULL &&
2696  ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2697  (direction == 1 &&
2698  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
2699  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2700  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2701  SCReturnStruct(APP_LAYER_OK);
2702  } else if (input == NULL || input_len == 0) {
2703  SCReturnStruct(APP_LAYER_ERROR);
2704  }
2705 
2706  if (direction == 0)
2707  ssl_state->curr_connp = &ssl_state->client_connp;
2708  else
2709  ssl_state->curr_connp = &ssl_state->server_connp;
2710 
2711  /* If entering on a new record, reset the current flags. */
2712  if (ssl_state->curr_connp->bytes_processed == 0) {
2713  ssl_state->current_flags = 0;
2714  }
2715 
2716  /* if we have more than one record */
2717  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2718  while (input_len > 0) {
2719  if (counter > max_records) {
2720  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2721  "and get out of here");
2722  SSLParserReset(ssl_state);
2723  SSLSetEvent(ssl_state,
2724  TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET);
2725  return APP_LAYER_ERROR;
2726  }
2727 
2728  /* ssl_state->bytes_processed is zero for a fresh record or
2729  positive to indicate a record currently being parsed */
2730 
2731  if (ssl_state->curr_connp->bytes_processed == 0) {
2732  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2733  /* only SSLv2, has one of the top 2 bits set */
2734  ssl_state->curr_connp->version = SSL_VERSION_2;
2735  SCLogDebug("SSLv2 detected");
2736  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2737  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2738  SCLogDebug("SSL/TLS version reset");
2739  }
2740  }
2741  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2742  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2743 
2744  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2745  if (ssl_state->curr_connp->bytes_processed == 0) {
2746  SCLogDebug("New SSLv2 record parsing");
2747  } else {
2748  SCLogDebug("Continuing parsing SSLv2 record");
2749  }
2750  struct SSLDecoderResult r =
2751  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2752  if (r.retval < 0 || r.retval > input_len) {
2753  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2754  SCLogDebug("Error parsing SSLv2. Resetting parser "
2755  "state. Let's get outta here");
2756  SSLParserReset(ssl_state);
2757  SSLSetEvent(ssl_state,
2758  TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2759  return APP_LAYER_ERROR;
2760  } else if (r.needed) {
2761  input += r.retval;
2762  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2763  (uintmax_t)(input - init_input), r.needed);
2764  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2765  }
2766  input_len -= r.retval;
2767  input += r.retval;
2768  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2769  } else {
2770  if (ssl_state->curr_connp->bytes_processed == 0) {
2771  SCLogDebug("New TLS record: record_length %u",
2772  ssl_state->curr_connp->record_length);
2773  } else {
2774  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2775  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2776  }
2777  struct SSLDecoderResult r =
2778  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2779  if (r.retval < 0 || r.retval > input_len) {
2780  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2781  SCLogDebug("Error parsing TLS. Resetting parser "
2782  "state. Let's get outta here");
2783  SSLParserReset(ssl_state);
2784  return APP_LAYER_ERROR;
2785  } else if (r.needed) {
2786  input += r.retval;
2787  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2788  (uintmax_t)(input - init_input), r.needed);
2789  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2790  }
2791  input_len -= r.retval;
2792  input += r.retval;
2793  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2794 
2795  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
2796  && ssl_state->curr_connp->record_length == 0) {
2797  SCLogDebug("TLS empty record");
2798  /* empty record */
2799  SSLParserReset(ssl_state);
2800  }
2801  }
2802  counter++;
2803  } /* while (input_len) */
2804 
2805  /* mark handshake as done if we have subject and issuer */
2806  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2807  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2808  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2809  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2810  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2811  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2812  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2813  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2814  }
2815 
2816  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2817  if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
2818  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
2819  SCLogDebug("SSL_AL_FLAG_STATE_FINISHED");
2820  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2821  }
2822 
2823  return APP_LAYER_OK;
2824 }
2825 
2826 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2827  StreamSlice stream_slice, void *local_data)
2828 {
2829  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2830 }
2831 
2832 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2833  StreamSlice stream_slice, void *local_data)
2834 {
2835  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2836 }
2837 
2838 /**
2839  * \internal
2840  * \brief Function to allocate the SSL state memory.
2841  */
2842 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2843 {
2844  SSLState *ssl_state = SCCalloc(1, sizeof(SSLState));
2845  if (unlikely(ssl_state == NULL))
2846  return NULL;
2847  ssl_state->client_connp.cert_log_flag = 0;
2848  ssl_state->server_connp.cert_log_flag = 0;
2849  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2850  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2851  TAILQ_INIT(&ssl_state->server_connp.certs);
2852  TAILQ_INIT(&ssl_state->server_connp.alpns);
2853  TAILQ_INIT(&ssl_state->client_connp.certs);
2854  TAILQ_INIT(&ssl_state->client_connp.alpns);
2855 
2856  return (void *)ssl_state;
2857 }
2858 
2859 static void SSLStateCertSANFree(SSLStateConnp *connp)
2860 {
2861  if (connp->cert0_sans) {
2862  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
2863  rs_cstring_free(connp->cert0_sans[i]);
2864  }
2865  SCFree(connp->cert0_sans);
2866  }
2867 }
2868 
2869 /**
2870  * \internal
2871  * \brief Function to free the SSL state memory.
2872  */
2873 static void SSLStateFree(void *p)
2874 {
2875  SSLState *ssl_state = (SSLState *)p;
2876  SSLCertsChain *item;
2877 
2878  if (ssl_state->client_connp.cert0_subject)
2879  rs_cstring_free(ssl_state->client_connp.cert0_subject);
2880  if (ssl_state->client_connp.cert0_issuerdn)
2881  rs_cstring_free(ssl_state->client_connp.cert0_issuerdn);
2882  if (ssl_state->client_connp.cert0_serial)
2883  rs_cstring_free(ssl_state->client_connp.cert0_serial);
2884  if (ssl_state->client_connp.cert0_fingerprint)
2885  SCFree(ssl_state->client_connp.cert0_fingerprint);
2886  if (ssl_state->client_connp.sni)
2887  SCFree(ssl_state->client_connp.sni);
2888  if (ssl_state->client_connp.session_id)
2889  SCFree(ssl_state->client_connp.session_id);
2890  if (ssl_state->client_connp.hs_buffer)
2891  SCFree(ssl_state->client_connp.hs_buffer);
2892 
2893  if (ssl_state->server_connp.cert0_subject)
2894  rs_cstring_free(ssl_state->server_connp.cert0_subject);
2895  if (ssl_state->server_connp.cert0_issuerdn)
2896  rs_cstring_free(ssl_state->server_connp.cert0_issuerdn);
2897  if (ssl_state->server_connp.cert0_serial)
2898  rs_cstring_free(ssl_state->server_connp.cert0_serial);
2899  if (ssl_state->server_connp.cert0_fingerprint)
2900  SCFree(ssl_state->server_connp.cert0_fingerprint);
2901  if (ssl_state->server_connp.sni)
2902  SCFree(ssl_state->server_connp.sni);
2903  if (ssl_state->server_connp.session_id)
2904  SCFree(ssl_state->server_connp.session_id);
2905 
2906  if (ssl_state->client_connp.ja4)
2907  SCJA4Free(ssl_state->client_connp.ja4);
2908  if (ssl_state->client_connp.ja3_str)
2909  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2910  if (ssl_state->client_connp.ja3_hash)
2911  SCFree(ssl_state->client_connp.ja3_hash);
2912  if (ssl_state->server_connp.ja3_str)
2913  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2914  if (ssl_state->server_connp.ja3_hash)
2915  SCFree(ssl_state->server_connp.ja3_hash);
2916  if (ssl_state->server_connp.hs_buffer)
2917  SCFree(ssl_state->server_connp.hs_buffer);
2918 
2919  SSLStateCertSANFree(&ssl_state->server_connp);
2920  SSLStateCertSANFree(&ssl_state->client_connp);
2921 
2922  AppLayerDecoderEventsFreeEvents(&ssl_state->tx_data.events);
2923 
2924  if (ssl_state->tx_data.de_state != NULL) {
2925  DetectEngineStateFree(ssl_state->tx_data.de_state);
2926  }
2927 
2928  /* Free certificate chain */
2929  if (ssl_state->server_connp.certs_buffer)
2930  SCFree(ssl_state->server_connp.certs_buffer);
2931  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2932  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2933  SCFree(item);
2934  }
2935  TAILQ_INIT(&ssl_state->server_connp.certs);
2936  /* Free certificate chain */
2937  if (ssl_state->client_connp.certs_buffer)
2938  SCFree(ssl_state->client_connp.certs_buffer);
2939  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2940  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2941  SCFree(item);
2942  }
2943  TAILQ_INIT(&ssl_state->client_connp.certs);
2944 
2945  SSLAlpns *a;
2946  while ((a = TAILQ_FIRST(&ssl_state->server_connp.alpns))) {
2947  TAILQ_REMOVE(&ssl_state->server_connp.alpns, a, next);
2948  SCFree(a);
2949  }
2950  TAILQ_INIT(&ssl_state->server_connp.alpns);
2951  while ((a = TAILQ_FIRST(&ssl_state->client_connp.alpns))) {
2952  TAILQ_REMOVE(&ssl_state->client_connp.alpns, a, next);
2953  SCFree(a);
2954  }
2955  TAILQ_INIT(&ssl_state->client_connp.alpns);
2956 
2957  SCFree(ssl_state);
2958 }
2959 
2960 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2961 {
2962  /* do nothing */
2963 }
2964 
2965 static AppProto SSLProbingParser(Flow *f, uint8_t direction,
2966  const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2967 {
2968  /* probably a rst/fin sending an eof */
2969  if (ilen < 3)
2970  return ALPROTO_UNKNOWN;
2971 
2972  /* for now just the 3 byte header ones */
2973  /* \todo Detect the 2 byte ones */
2974  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2975  return ALPROTO_TLS;
2976  }
2977 
2978  return ALPROTO_FAILED;
2979 }
2980 
2981 static int SSLStateGetFrameIdByName(const char *frame_name)
2982 {
2983  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
2984  if (id < 0) {
2985  return -1;
2986  }
2987  return id;
2988 }
2989 
2990 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
2991 {
2992  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
2993  return name;
2994 }
2995 
2996 static int SSLStateGetEventInfo(const char *event_name,
2997  int *event_id, AppLayerEventType *event_type)
2998 {
2999  *event_id = SCMapEnumNameToValue(event_name, tls_decoder_event_table);
3000  if (*event_id == -1) {
3001  SCLogError("event \"%s\" not present in "
3002  "ssl's enum map table.",
3003  event_name);
3004  /* yes this is fatal */
3005  return -1;
3006  }
3007 
3008  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3009 
3010  return 0;
3011 }
3012 
3013 static int SSLStateGetEventInfoById(int event_id, const char **event_name,
3014  AppLayerEventType *event_type)
3015 {
3016  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
3017  if (*event_name == NULL) {
3018  SCLogError("event \"%d\" not present in "
3019  "ssl's enum map table.",
3020  event_id);
3021  /* yes this is fatal */
3022  return -1;
3023  }
3024 
3025  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3026 
3027  return 0;
3028 }
3029 
3030 static int SSLRegisterPatternsForProtocolDetection(void)
3031 {
3032  if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
3033  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
3034  return -1;
3035  }
3036 
3037  /** SSLv3 */
3038  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3039  "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3040  {
3041  return -1;
3042  }
3043  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3044  "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3045  {
3046  return -1;
3047  }
3048 
3049  /** TLSv1 */
3050  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3051  "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3052  {
3053  return -1;
3054  }
3055  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3056  "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3057  {
3058  return -1;
3059  }
3060 
3061  /** TLSv1.1 */
3062  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3063  "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3064  {
3065  return -1;
3066  }
3067  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3068  "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3069  {
3070  return -1;
3071  }
3072 
3073  /** TLSv1.2 */
3074  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3075  "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3076  {
3077  return -1;
3078  }
3079  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3080  "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3081  {
3082  return -1;
3083  }
3084 
3085  /***** toclient direction *****/
3086 
3087  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3088  "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3089  {
3090  return -1;
3091  }
3092  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3093  "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3094  {
3095  return -1;
3096  }
3097  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3098  "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3099  {
3100  return -1;
3101  }
3102 
3103  /** TLSv1 */
3104  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3105  "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3106  {
3107  return -1;
3108  }
3109  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3110  "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3111  {
3112  return -1;
3113  }
3114  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3115  "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3116  {
3117  return -1;
3118  }
3119 
3120  /** TLSv1.1 */
3121  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3122  "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3123  {
3124  return -1;
3125  }
3126  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3127  "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3128  {
3129  return -1;
3130  }
3131  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3132  "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3133  {
3134  return -1;
3135  }
3136 
3137  /** TLSv1.2 */
3138  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3139  "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3140  {
3141  return -1;
3142  }
3143  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3144  "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3145  {
3146  return -1;
3147  }
3148  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3149  "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3150  {
3151  return -1;
3152  }
3153 
3154  /* Subsection - SSLv2 style record by client, but informing the server
3155  * the max version it supports.
3156  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
3157  * it after some tests */
3158 #if 0
3159  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3160  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
3161  {
3162  return -1;
3163  }
3164  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3165  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
3166  {
3167  return -1;
3168  }
3169 #endif
3170 
3171  return 0;
3172 }
3173 
3174 #ifdef HAVE_JA3
3175 static void CheckJA3Enabled(void)
3176 {
3177  const char *strval = NULL;
3178  /* Check if we should generate JA3 fingerprints */
3179  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3180  if (ConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3181  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3182  } else if (strcmp(strval, "auto") == 0) {
3183  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3184  } else if (ConfValIsFalse(strval)) {
3185  enable_ja3 = 0;
3186  ssl_config.disable_ja3 = true;
3187  } else if (ConfValIsTrue(strval)) {
3188  enable_ja3 = true;
3189  }
3190  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3191  if (!ssl_config.disable_ja3 && !g_disable_hashing) {
3192  /* The feature is available, i.e. _could_ be activated by a rule or
3193  even is enabled in the configuration. */
3194  ProvidesFeature(FEATURE_JA3);
3195  }
3196 }
3197 #endif /* HAVE_JA3 */
3198 
3199 #ifdef HAVE_JA4
3200 static void CheckJA4Enabled(void)
3201 {
3202  const char *strval = NULL;
3203  /* Check if we should generate JA4 fingerprints */
3204  int enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3205  if (ConfGet("app-layer.protocols.tls.ja4-fingerprints", &strval) != 1) {
3206  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3207  } else if (strcmp(strval, "auto") == 0) {
3208  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3209  } else if (ConfValIsFalse(strval)) {
3210  enable_ja4 = 0;
3211  ssl_config.disable_ja4 = true;
3212  } else if (ConfValIsTrue(strval)) {
3213  enable_ja4 = true;
3214  }
3215  SC_ATOMIC_SET(ssl_config.enable_ja4, enable_ja4);
3216  if (!ssl_config.disable_ja4 && !g_disable_hashing) {
3217  /* The feature is available, i.e. _could_ be activated by a rule or
3218  even is enabled in the configuration. */
3219  ProvidesFeature(FEATURE_JA4);
3220  }
3221 }
3222 #endif /* HAVE_JA4 */
3223 
3224 /**
3225  * \brief Function to register the SSL protocol parser and other functions
3226  */
3227 void RegisterSSLParsers(void)
3228 {
3229  const char *proto_name = "tls";
3230 
3231  SC_ATOMIC_INIT(ssl_config.enable_ja3);
3232 
3233  /** SSLv2 and SSLv23*/
3234  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
3235  AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
3236 
3237  if (SSLRegisterPatternsForProtocolDetection() < 0)
3238  return;
3239 
3240  if (RunmodeIsUnittests()) {
3241  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3242  "443",
3243  ALPROTO_TLS,
3244  0, 3,
3245  STREAM_TOSERVER,
3246  SSLProbingParser, NULL);
3247  } else {
3248  if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
3249  proto_name, ALPROTO_TLS,
3250  0, 3,
3251  SSLProbingParser, NULL) == 0) {
3252  SCLogConfig("no TLS config found, "
3253  "enabling TLS detection on port 443.");
3254  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3255  "443",
3256  ALPROTO_TLS,
3257  0, 3,
3258  STREAM_TOSERVER,
3259  SSLProbingParser, NULL);
3260  }
3261  }
3262  } else {
3263  SCLogConfig("Protocol detection and parser disabled for %s protocol",
3264  proto_name);
3265  return;
3266  }
3267 
3268  if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
3269  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
3270  SSLParseClientRecord);
3271 
3272  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3273  SSLParseServerRecord);
3274 
3275  AppLayerParserRegisterGetFrameFuncs(
3276  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3277  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3278  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3279 
3280  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3281 
3282  AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER);
3283 
3284  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3285 
3286  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3287  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3288  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3289 
3290  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3291 
3292  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3293 
3294  AppLayerParserRegisterStateProgressCompletionStatus(
3295  ALPROTO_TLS, TLS_STATE_FINISHED, TLS_STATE_FINISHED);
3296 
3297  ConfNode *enc_handle = ConfGetNode("app-layer.protocols.tls.encryption-handling");
3298  if (enc_handle != NULL && enc_handle->val != NULL) {
3299  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3300  if (strcmp(enc_handle->val, "full") == 0) {
3301  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_FULL;
3302  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3303  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3304  } else if (strcmp(enc_handle->val, "default") == 0) {
3305  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_DEFAULT;
3306  } else {
3307  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_DEFAULT;
3308  }
3309  } else {
3310  /* Get the value of no reassembly option from the config file */
3311  if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3312  int value = 0;
3313  if (ConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3314  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3315  } else {
3316  int value = 0;
3317  if (ConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 && value == 1)
3318  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3319  }
3320  }
3321  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3322 
3323 #ifdef HAVE_JA3
3324  CheckJA3Enabled();
3325 #endif /* HAVE_JA3 */
3326 #ifdef HAVE_JA4
3327  CheckJA4Enabled();
3328 #endif /* HAVE_JA4 */
3329 
3330  if (g_disable_hashing) {
3331  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3332  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3333  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3334  }
3335  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3336  SCLogWarning("Hashing has been disabled, disabling JA4");
3337  SC_ATOMIC_SET(ssl_config.enable_ja4, 0);
3338  }
3339  } else {
3340  if (RunmodeIsUnittests()) {
3341 #ifdef HAVE_JA3
3342  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3343 #endif /* HAVE_JA3 */
3344 #ifdef HAVE_JA4
3345  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3346 #endif /* HAVE_JA4 */
3347  }
3348  }
3349  } else {
3350  SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.", proto_name);
3351  }
3352 }
3353 
3354 /**
3355  * \brief if not explicitly disabled in config, enable ja3 support
3356  *
3357  * Implemented using atomic to allow rule reloads to do this at
3358  * runtime.
3359  */
3360 void SSLEnableJA3(void)
3361 {
3362  if (g_disable_hashing || ssl_config.disable_ja3) {
3363  return;
3364  }
3365  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3366  return;
3367  }
3368  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3369 }
3370 
3371 /**
3372  * \brief if not explicitly disabled in config, enable ja4 support
3373  *
3374  * Implemented using atomic to allow rule reloads to do this at
3375  * runtime.
3376  */
3377 void SSLEnableJA4(void)
3378 {
3379  if (g_disable_hashing || ssl_config.disable_ja4) {
3380  return;
3381  }
3382  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3383  return;
3384  }
3385  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3386 }
3387 
3388 /**
3389  * \brief return whether ja3 is effectively enabled
3390  *
3391  * This means that it either has been enabled explicitly or has been
3392  * enabled by having loaded a rule while not being explicitly disabled.
3393  *
3394  * \retval true if enabled, false otherwise
3395  */
3396 bool SSLJA3IsEnabled(void)
3397 {
3398  return SC_ATOMIC_GET(ssl_config.enable_ja3);
3399 }
3400 
3401 /**
3402  * \brief return whether ja4 is effectively enabled
3403  *
3404  * This means that it either has been enabled explicitly or has been
3405  * enabled by having loaded a rule while not being explicitly disabled.
3406  *
3407  * \retval true if enabled, false otherwise
3408  */
3409 bool SSLJA4IsEnabled(void)
3410 {
3411  return SC_ATOMIC_GET(ssl_config.enable_ja4);
3412 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:171
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:60
util-byte.h
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:255
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:467
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:296
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:163
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:143
AppLayerProtoDetectPPParseConfPorts
int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1583
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:136
JA3Buffer_
Definition: util-ja3.h:31
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:225
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:73
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:212
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:216
TLS_VERSION_13_DRAFT16
@ TLS_VERSION_13_DRAFT16
Definition: app-layer-ssl.h:181
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
flow-util.h
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:138
SSL_AL_FLAG_HANDSHAKE_DONE
#define SSL_AL_FLAG_HANDSHAKE_DONE
Definition: app-layer-ssl.h:113
ConfNode_::val
char * val
Definition: conf.h:34
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:482
stream-tcp.h
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:145
TLS_VERSION_13_DRAFT27
@ TLS_VERSION_13_DRAFT27
Definition: app-layer-ssl.h:170
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:188
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:306
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:142
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:242
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:314
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:33
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3377
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:127
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:250
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:38
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:65
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:199
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:315
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:258
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:116
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:84
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:267
SSLStateConnp_
Definition: app-layer-ssl.h:235
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:321
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1533
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:278
TLS_VERSION_13_DRAFT23
@ TLS_VERSION_13_DRAFT23
Definition: app-layer-ssl.h:174
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:149
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:252
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:68
threads.h
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:67
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:92
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:360
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:148
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:297
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:99
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: util-file.h:40
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:63
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:62
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:180
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:519
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:391
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:300
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:270
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:182
TLS_VERSION_13_DRAFT26_FB
@ TLS_VERSION_13_DRAFT26_FB
Definition: app-layer-ssl.h:187
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:478
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:175
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:197
SSLAlpns_::size
uint32_t size
Definition: app-layer-ssl.h:231
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:312
TLS_VERSION_12
@ TLS_VERSION_12
Definition: app-layer-ssl.h:167
TLS_VERSION_13_DRAFT21
@ TLS_VERSION_13_DRAFT21
Definition: app-layer-ssl.h:176
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Definition: util-ja3.c:315
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:189
MIN
#define MIN(x, y)
Definition: suricata-common.h:391
SSLAlpns_
Definition: app-layer-ssl.h:229
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:133
util-ja3.h
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:133
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:139
stream-tcp-reassemble.h
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:101
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:299
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:143
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:71
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:265
SSLStateConnp_::ja4
JA4 * ja4
Definition: app-layer-ssl.h:280
SSL_VERSION_3
@ SSL_VERSION_3
Definition: app-layer-ssl.h:164
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:186
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
MAX
#define MAX(x, y)
Definition: suricata-common.h:395
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:285
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:39
TLS_VERSION_13_DRAFT20_FB
@ TLS_VERSION_13_DRAFT20_FB
Definition: app-layer-ssl.h:183
util-unittest.h
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:239
TLS_VERSION_13_PRE_DRAFT16
@ TLS_VERSION_13_PRE_DRAFT16
Definition: app-layer-ssl.h:182
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:87
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:256
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:536
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:287
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:92
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:93
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:259
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:310
AppLayerProtoDetectPPRegister
void AppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1543
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:144
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:110
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:198
app-layer-detect-proto.h
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:137
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:222
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
SSL_CNF_ENC_HANDLE_DEFAULT
@ SSL_CNF_ENC_HANDLE_DEFAULT
Definition: app-layer-ssl.c:153
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:99
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
feature.h
decode.h
TLS_VERSION_13
@ TLS_VERSION_13
Definition: app-layer-ssl.h:168
util-debug.h
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
AppLayerParserState_
Definition: app-layer-parser.c:130
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:211
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3396
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:133
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
TLS_VERSION_13_DRAFT22_FB
@ TLS_VERSION_13_DRAFT22_FB
Definition: app-layer-ssl.h:185
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Definition: util-ja3.c:310
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:247
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:200
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:221
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:288
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:272
SSLCertsChain_
Definition: app-layer-ssl.h:223
util-print.h
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:546
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:276
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:130
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:412
AppLayerProtoDetectPMRegisterPatternCSwPP
int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1670
SSLVersionToString
void SSLVersionToString(uint16_t version, char *buffer)
Definition: app-layer-ssl.c:346
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:36
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:98
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:157
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
TLS_VERSION_13_DRAFT24
@ TLS_VERSION_13_DRAFT24
Definition: app-layer-ssl.h:173
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:152
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:69
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:109
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:100
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:203
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:195
stream.h
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:61
SSL_EXTENSION_ALPN
#define SSL_EXTENSION_ALPN
Definition: app-layer-ssl.h:145
type
uint16_t type
Definition: decode-vlan.c:107
stream-tcp-private.h
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:40
conf.h
TLS_STATE_CERT_READY
@ TLS_STATE_CERT_READY
Definition: app-layer-ssl.h:78
SSL_CONFIG_DEFAULT_JA4
#define SSL_CONFIG_DEFAULT_JA4
Definition: app-layer-ssl.c:150
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:119
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3360
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:556
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:237
SslConfig_
Definition: app-layer-ssl.c:158
SSL_AL_FLAG_STATE_FINISHED
#define SSL_AL_FLAG_STATE_FINISHED
Definition: app-layer-ssl.h:105
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:194
TLS_VERSION_UNKNOWN
@ TLS_VERSION_UNKNOWN
Definition: app-layer-ssl.h:162
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1761
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:174
TLS_VERSION_13_DRAFT20
@ TLS_VERSION_13_DRAFT20
Definition: app-layer-ssl.h:177
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:134
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:172
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:201
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:224
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:252
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:273
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:35
TLS_VERSION_13_DRAFT17
@ TLS_VERSION_13_DRAFT17
Definition: app-layer-ssl.h:180
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:379
DetectEngineStateFree
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
Definition: detect-engine-state.c:169
TLS_VERSION_11
@ TLS_VERSION_11
Definition: app-layer-ssl.h:166
decode-events.h
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:135
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:187
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:84
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:140
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:64
TLS_VERSION_13_DRAFT18
@ TLS_VERSION_13_DRAFT18
Definition: app-layer-ssl.h:179
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:218
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:500
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:70
TLS_VERSION_13_DRAFT21_FB
@ TLS_VERSION_13_DRAFT21_FB
Definition: app-layer-ssl.h:184
TLS_VERSION_13_DRAFT19
@ TLS_VERSION_13_DRAFT19
Definition: app-layer-ssl.h:178
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1753
SSLDecoderResult
Definition: app-layer-ssl.c:220
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:87
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1364
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:254
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:205
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:224
TLS_VERSION_10
@ TLS_VERSION_10
Definition: app-layer-ssl.h:165
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:90
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:291
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3227
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:207
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:229
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:66
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:146
SSL_EXTENSION_SIGNATURE_ALGORITHMS
#define SSL_EXTENSION_SIGNATURE_ALGORITHMS
Definition: app-layer-ssl.h:144
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Definition: util-ja3.c:320
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:147
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:132
SCEnumCharMap_
Definition: util-enum.h:27
TLS_VERSION_13_DRAFT22
@ TLS_VERSION_13_DRAFT22
Definition: app-layer-ssl.h:175
SSLAlpns_::alpn
uint8_t alpn[]
Definition: app-layer-ssl.h:232
util-spm.h
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:245
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:283
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:578
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:286
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:234
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:568
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:447
FEATURE_JA4
#define FEATURE_JA4
Definition: feature.h:30
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:159
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:178
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:86
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:184
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:151
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:196
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
TLS_HANDSHAKE_DONE
@ TLS_HANDSHAKE_DONE
Definition: app-layer-ssl.h:79
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:168
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
SSL_VERSION_2
@ SSL_VERSION_2
Definition: app-layer-ssl.h:163
TLS_VERSION_13_DRAFT26
@ TLS_VERSION_13_DRAFT26
Definition: app-layer-ssl.h:171
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:534
src
uint16_t src
Definition: app-layer-dnp3.h:5
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:193
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:561
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:94
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:173
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3409
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:135
SSLStateConnp_::cert0_sans_len
uint16_t cert0_sans_len
Definition: app-layer-ssl.h:263
SslConfig_::disable_ja4
bool disable_ja4
Definition: app-layer-ssl.c:165
TLS_VERSION_13_DRAFT23_FB
@ TLS_VERSION_13_DRAFT23_FB
Definition: app-layer-ssl.h:186
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:74
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:179
TLS_VERSION_13_DRAFT28
@ TLS_VERSION_13_DRAFT28
Definition: app-layer-ssl.h:169
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:275
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:208
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:111
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja4)
app-layer-protos.h
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:72
TLS_VERSION_13_DRAFT25
@ TLS_VERSION_13_DRAFT25
Definition: app-layer-ssl.h:172
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
TLS_STATE_IN_PROGRESS
@ TLS_STATE_IN_PROGRESS
Definition: app-layer-ssl.h:77
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:489
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:154
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:91
SslConfig
struct SslConfig_ SslConfig
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
FEATURE_JA3
#define FEATURE_JA3
Definition: feature.h:29
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:95
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1657
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:37
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:267
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:60
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:141
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:260
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:214
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:277
AppLayerParserStateIssetFlag
uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1761
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:185
util-enum.h
util-pool.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
TLS_STATE_FINISHED
@ TLS_STATE_FINISHED
Definition: app-layer-ssl.h:80
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:284
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1952
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:257
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:181
WARN_UNUSED
#define WARN_UNUSED
Definition: suricata-common.h:403
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:123
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:190
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:108
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:91
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:155
SSLStateConnp_::cert0_sans
char ** cert0_sans
Definition: app-layer-ssl.h:262
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:303
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:244
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:183
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:208