suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 #include "threads.h"
30 
31 #include "stream-tcp-private.h"
32 #include "stream-tcp-reassemble.h"
33 #include "stream-tcp.h"
34 #include "stream.h"
35 
36 #include "app-layer.h"
37 #include "app-layer-detect-proto.h"
38 #include "app-layer-protos.h"
39 #include "app-layer-parser.h"
40 #include "app-layer-frames.h"
41 #include "app-layer-ssl.h"
42 
43 #include "decode-events.h"
44 #include "conf.h"
45 
46 #include "feature.h"
47 
48 #include "util-spm.h"
49 #include "util-unittest.h"
50 #include "util-debug.h"
51 #include "util-print.h"
52 #include "util-pool.h"
53 #include "util-byte.h"
54 #include "util-ja3.h"
55 #include "util-enum.h"
56 #include "flow-util.h"
57 #include "flow-private.h"
58 #include "util-validate.h"
59 
60 SCEnumCharMap tls_frame_table[] = {
61  {
62  "pdu",
63  TLS_FRAME_PDU,
64  },
65  {
66  "hdr",
67  TLS_FRAME_HDR,
68  },
69  {
70  "data",
71  TLS_FRAME_DATA,
72  },
73  {
74  "alert",
75  TLS_FRAME_ALERT_DATA,
76  },
77  {
78  "heartbeat",
79  TLS_FRAME_HB_DATA,
80  },
81  {
82  "ssl2.hdr",
83  TLS_FRAME_SSLV2_HDR,
84  },
85  {
86  "ssl2.pdu",
87  TLS_FRAME_SSLV2_PDU,
88  },
89  { NULL, -1 },
90 };
91 
92 SCEnumCharMap tls_decoder_event_table[] = {
93  /* TLS protocol messages */
94  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
95  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
96  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
97  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
98  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
99  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
100  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
101  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
102  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
103  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
104  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
105  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
106  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
107  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
108  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
109  /* certificate decoding messages */
110  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
111  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
112  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
113  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
114  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
115  TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
116  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
117  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
118  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
119  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
120  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
121  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
122  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
123  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
124  /* used as a generic error event */
125  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
126  { NULL, -1 },
127 };
128 
129 enum {
130  /* X.509 error codes, returned by decoder
131  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
132  ERR_INVALID_CERTIFICATE=1,
133  ERR_INVALID_LENGTH,
134  ERR_INVALID_VERSION,
135  ERR_INVALID_SERIAL,
136  ERR_INVALID_ALGORITHMIDENTIFIER,
137  ERR_INVALID_X509NAME,
138  ERR_INVALID_DATE,
139  ERR_INVALID_EXTENSIONS,
140  ERR_INVALID_DER,
141 
142  /* error getting data */
143  ERR_EXTRACT_SUBJECT,
144  ERR_EXTRACT_ISSUER,
145  ERR_EXTRACT_VALIDITY,
146 };
147 
148 /* JA3 and JA4 fingerprints are disabled by default */
149 #define SSL_CONFIG_DEFAULT_JA3 0
150 #define SSL_CONFIG_DEFAULT_JA4 0
151 
152 enum SslConfigEncryptHandling {
153  SSL_CNF_ENC_HANDLE_DEFAULT = 0, /**< disable raw content, continue tracking */
154  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
155  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
156 };
157 
158 typedef struct SslConfig_ {
159  enum SslConfigEncryptHandling encrypt_mode;
160  /** dynamic setting for ja3 and ja4: can be enabled on demand if not
161  * explicitly disabled. */
162  SC_ATOMIC_DECLARE(int, enable_ja3);
163  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
164  SC_ATOMIC_DECLARE(int, enable_ja4);
165  bool disable_ja4; /**< ja4 explicitly disabled. Don't enable on demand. */
166 } SslConfig;
167 
168 SslConfig ssl_config;
169 
170 /* SSLv3 record types */
171 #define SSLV3_CHANGE_CIPHER_SPEC 20
172 #define SSLV3_ALERT_PROTOCOL 21
173 #define SSLV3_HANDSHAKE_PROTOCOL 22
174 #define SSLV3_APPLICATION_PROTOCOL 23
175 #define SSLV3_HEARTBEAT_PROTOCOL 24
176 
177 /* SSLv3 handshake protocol types */
178 #define SSLV3_HS_HELLO_REQUEST 0
179 #define SSLV3_HS_CLIENT_HELLO 1
180 #define SSLV3_HS_SERVER_HELLO 2
181 #define SSLV3_HS_NEW_SESSION_TICKET 4
182 #define SSLV3_HS_CERTIFICATE 11
183 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
184 #define SSLV3_HS_CERTIFICATE_REQUEST 13
185 #define SSLV3_HS_SERVER_HELLO_DONE 14
186 #define SSLV3_HS_CERTIFICATE_VERIFY 15
187 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
188 #define SSLV3_HS_FINISHED 20
189 #define SSLV3_HS_CERTIFICATE_URL 21
190 #define SSLV3_HS_CERTIFICATE_STATUS 22
191 
192 /* SSLv2 protocol message types */
193 #define SSLV2_MT_ERROR 0
194 #define SSLV2_MT_CLIENT_HELLO 1
195 #define SSLV2_MT_CLIENT_MASTER_KEY 2
196 #define SSLV2_MT_CLIENT_FINISHED 3
197 #define SSLV2_MT_SERVER_HELLO 4
198 #define SSLV2_MT_SERVER_VERIFY 5
199 #define SSLV2_MT_SERVER_FINISHED 6
200 #define SSLV2_MT_REQUEST_CERTIFICATE 7
201 #define SSLV2_MT_CLIENT_CERTIFICATE 8
202 
203 #define SSLV3_RECORD_HDR_LEN 5
204 #define SSLV3_MESSAGE_HDR_LEN 4
205 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
206 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
207 
208 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
209 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
210 
211 /* TLS heartbeat protocol types */
212 #define TLS_HB_REQUEST 1
213 #define TLS_HB_RESPONSE 2
214 
215 #define SSL_RECORD_MINIMUM_LENGTH 6
216 
217 #define SHA1_STRING_LENGTH 60
218 
219 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
220 
221 struct SSLDecoderResult {
222  int retval; // nr bytes consumed from input, or < 0 on error
223  uint32_t needed; // more bytes needed
224 };
225 #define SSL_DECODER_ERROR(e) \
226  (struct SSLDecoderResult) \
227  { \
228  (e), 0 \
229  }
230 #define SSL_DECODER_OK(c) \
231  (struct SSLDecoderResult) \
232  { \
233  (c), 0 \
234  }
235 #define SSL_DECODER_INCOMPLETE(c, n) \
236  (struct SSLDecoderResult) \
237  { \
238  (c), (n) \
239  }
240 
241 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
242  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
243 
244 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
245  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
246 {
247  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
248  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
249  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
250  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
251 
252  if (dst_offset < dst_size && src_offset < src_size &&
253  src_tocopy <= (src_size - src_offset) &&
254  src_tocopy <= (dst_size - dst_offset)) {
255  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
256  return 0;
257  }
258  return -1;
259 }
260 
261 #ifdef DEBUG_VALIDATION
262 #define ValidateRecordState(connp) \
263  do { \
264  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
265  (connp)->bytes_processed); \
266  } while(0);
267 #else
268 #define ValidateRecordState(...)
269 #endif
270 
271 #define SSLParserHSReset(connp) \
272  do { \
273  (connp)->handshake_type = 0; \
274  (connp)->message_length = 0; \
275  } while (0)
276 
277 #define SSLParserReset(state) \
278  do { \
279  SCLogDebug("resetting state"); \
280  (state)->curr_connp->bytes_processed = 0; \
281  SSLParserHSReset((state)->curr_connp); \
282  } while(0)
283 
284 #define SSLSetEvent(ssl_state, event) \
285  do { \
286  SCLogDebug("setting event %u", (event)); \
287  if ((ssl_state) == NULL) { \
288  SCLogDebug("could not set decoder event %u", event); \
289  } else { \
290  AppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
291  (ssl_state)->events++; \
292  } \
293  } while (0)
294 
295 static void *SSLGetTx(void *state, uint64_t tx_id)
296 {
297  SSLState *ssl_state = (SSLState *)state;
298  return ssl_state;
299 }
300 
301 static uint64_t SSLGetTxCnt(void *state)
302 {
303  /* single tx */
304  return 1;
305 }
306 
307 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
308 {
309  SSLState *ssl_state = (SSLState *)tx;
310 
311  /* we don't care about direction, only that app-layer parser is done
312  and have sent an EOF */
313  if (ssl_state->flags & SSL_AL_FLAG_STATE_FINISHED) {
314  return TLS_STATE_FINISHED;
315  }
316 
317  /* we want the logger to log when the handshake is done, even if the
318  state is not finished */
319  if (ssl_state->flags & SSL_AL_FLAG_HANDSHAKE_DONE) {
320  return TLS_HANDSHAKE_DONE;
321  }
322 
323  if (direction == STREAM_TOSERVER &&
324  (ssl_state->server_connp.cert0_subject != NULL ||
325  ssl_state->server_connp.cert0_issuerdn != NULL))
326  {
327  return TLS_STATE_CERT_READY;
328  }
329 
330  return TLS_STATE_IN_PROGRESS;
331 }
332 
333 static AppLayerTxData *SSLGetTxData(void *vtx)
334 {
335  SSLState *ssl_state = (SSLState *)vtx;
336  return &ssl_state->tx_data;
337 }
338 
339 static AppLayerStateData *SSLGetStateData(void *vstate)
340 {
341  SSLState *ssl_state = (SSLState *)vstate;
342  return &ssl_state->state_data;
343 }
344 
345 void SSLVersionToString(uint16_t version, char *buffer)
346 {
347  buffer[0] = '\0';
348 
349  switch (version) {
350  case TLS_VERSION_UNKNOWN:
351  strlcat(buffer, "UNDETERMINED", 13);
352  break;
353  case SSL_VERSION_2:
354  strlcat(buffer, "SSLv2", 6);
355  break;
356  case SSL_VERSION_3:
357  strlcat(buffer, "SSLv3", 6);
358  break;
359  case TLS_VERSION_10:
360  strlcat(buffer, "TLSv1", 6);
361  break;
362  case TLS_VERSION_11:
363  strlcat(buffer, "TLS 1.1", 8);
364  break;
365  case TLS_VERSION_12:
366  strlcat(buffer, "TLS 1.2", 8);
367  break;
368  case TLS_VERSION_13:
369  strlcat(buffer, "TLS 1.3", 8);
370  break;
371  case TLS_VERSION_13_DRAFT28:
372  strlcat(buffer, "TLS 1.3 draft-28", 17);
373  break;
374  case TLS_VERSION_13_DRAFT27:
375  strlcat(buffer, "TLS 1.3 draft-27", 17);
376  break;
377  case TLS_VERSION_13_DRAFT26:
378  strlcat(buffer, "TLS 1.3 draft-26", 17);
379  break;
380  case TLS_VERSION_13_DRAFT25:
381  strlcat(buffer, "TLS 1.3 draft-25", 17);
382  break;
383  case TLS_VERSION_13_DRAFT24:
384  strlcat(buffer, "TLS 1.3 draft-24", 17);
385  break;
386  case TLS_VERSION_13_DRAFT23:
387  strlcat(buffer, "TLS 1.3 draft-23", 17);
388  break;
389  case TLS_VERSION_13_DRAFT22:
390  strlcat(buffer, "TLS 1.3 draft-22", 17);
391  break;
392  case TLS_VERSION_13_DRAFT21:
393  strlcat(buffer, "TLS 1.3 draft-21", 17);
394  break;
395  case TLS_VERSION_13_DRAFT20:
396  strlcat(buffer, "TLS 1.3 draft-20", 17);
397  break;
398  case TLS_VERSION_13_DRAFT19:
399  strlcat(buffer, "TLS 1.3 draft-19", 17);
400  break;
401  case TLS_VERSION_13_DRAFT18:
402  strlcat(buffer, "TLS 1.3 draft-18", 17);
403  break;
404  case TLS_VERSION_13_DRAFT17:
405  strlcat(buffer, "TLS 1.3 draft-17", 17);
406  break;
407  case TLS_VERSION_13_DRAFT16:
408  strlcat(buffer, "TLS 1.3 draft-16", 17);
409  break;
410  case TLS_VERSION_13_PRE_DRAFT16:
411  strlcat(buffer, "TLS 1.3 draft-<16", 18);
412  break;
413  case TLS_VERSION_13_DRAFT20_FB:
414  strlcat(buffer, "TLS 1.3 draft-20-fb", 20);
415  break;
416  case TLS_VERSION_13_DRAFT21_FB:
417  strlcat(buffer, "TLS 1.3 draft-21-fb", 20);
418  break;
419  case TLS_VERSION_13_DRAFT22_FB:
420  strlcat(buffer, "TLS 1.3 draft-22-fb", 20);
421  break;
422  case TLS_VERSION_13_DRAFT23_FB:
423  strlcat(buffer, "TLS 1.3 draft-23-fb", 20);
424  break;
425  case TLS_VERSION_13_DRAFT26_FB:
426  strlcat(buffer, "TLS 1.3 draft-26-fb", 20);
427  break;
428  default:
429  snprintf(buffer, 7, "0x%04x", version);
430  break;
431  }
432 }
433 
434 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
435 {
436  switch(err) {
437  case ERR_EXTRACT_VALIDITY:
438  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY);
439  break;
440  case ERR_EXTRACT_ISSUER:
441  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER);
442  break;
443  case ERR_EXTRACT_SUBJECT:
444  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT);
445  break;
446  case ERR_INVALID_DER:
447  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER);
448  break;
449  case ERR_INVALID_EXTENSIONS:
450  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS);
451  break;
452  case ERR_INVALID_DATE:
453  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE);
454  break;
455  case ERR_INVALID_X509NAME:
456  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME);
457  break;
458  case ERR_INVALID_ALGORITHMIDENTIFIER:
459  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER);
460  break;
461  case ERR_INVALID_SERIAL:
462  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL);
463  break;
464  case ERR_INVALID_VERSION:
465  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION);
466  break;
467  case ERR_INVALID_LENGTH:
468  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH);
469  break;
470  case ERR_INVALID_CERTIFICATE:
471  default:
472  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
473  break;
474  }
475 }
476 
477 static inline int TlsDecodeHSCertificateFingerprint(
478  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
479 {
480  if (unlikely(connp->cert0_fingerprint != NULL))
481  return 0;
482 
483  connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH);
484  if (connp->cert0_fingerprint == NULL)
485  return -1;
486 
487  uint8_t hash[SC_SHA1_LEN];
488  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
489  rs_to_hex_sep(
490  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
491  }
492  return 0;
493 }
494 
495 static inline int TlsDecodeHSCertificateAddCertToChain(
496  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
497 {
498  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
499  if (cert == NULL)
500  return -1;
501 
502  cert->cert_data = (uint8_t *)input;
503  cert->cert_len = cert_len;
504  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
505 
506  return 0;
507 }
508 
509 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
510  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
511 {
512  const uint8_t *input = (uint8_t *)initial_input;
513  uint32_t err_code = 0;
514  X509 *x509 = NULL;
515  int rc = 0;
516 
517  if (!(HAS_SPACE(3)))
518  goto invalid_cert;
519 
520  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
521  input += 3;
522 
523  if (!(HAS_SPACE(cert_len)))
524  goto invalid_cert;
525 
526  /* only store fields from the first certificate in the chain */
527  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
528  connp->cert0_serial == NULL) {
529  x509 = rs_x509_decode(input, cert_len, &err_code);
530  if (x509 == NULL) {
531  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
532  goto next;
533  }
534 
535  char *str = rs_x509_get_subject(x509);
536  if (str == NULL) {
537  err_code = ERR_EXTRACT_SUBJECT;
538  goto error;
539  }
540  connp->cert0_subject = str;
541 
542  str = rs_x509_get_issuer(x509);
543  if (str == NULL) {
544  err_code = ERR_EXTRACT_ISSUER;
545  goto error;
546  }
547  connp->cert0_issuerdn = str;
548 
549  str = rs_x509_get_serial(x509);
550  if (str == NULL) {
551  err_code = ERR_INVALID_SERIAL;
552  goto error;
553  }
554  connp->cert0_serial = str;
555 
556  rc = rs_x509_get_validity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
557  if (rc != 0) {
558  err_code = ERR_EXTRACT_VALIDITY;
559  goto error;
560  }
561 
562  rs_x509_free(x509);
563  x509 = NULL;
564 
565  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
566  if (rc != 0) {
567  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
568  goto error;
569  }
570  }
571 
572  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
573  if (rc != 0) {
574  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
575  goto error;
576  }
577 
578 next:
579  input += cert_len;
580  return (input - initial_input);
581 
582 error:
583  if (err_code != 0)
584  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
585  if (x509 != NULL)
586  rs_x509_free(x509);
587  return -1;
588 
589 invalid_cert:
590  SCLogDebug("TLS invalid certificate");
591  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
592  return -1;
593 }
594 
595 /** \internal
596  * \brief parse cert data in a certificate handshake message
597  * will be called with all data.
598  * \retval consumed bytes consumed or -1 on error
599  */
600 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
601  const uint8_t *const initial_input, const uint32_t input_len)
602 {
603  const uint8_t *input = (uint8_t *)initial_input;
604 
605  if (!(HAS_SPACE(3)))
606  return -1;
607 
608  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
609  input += 3;
610 
611  if (!(HAS_SPACE(cert_chain_len)))
612  return -1;
613 
614  if (connp->certs_buffer != NULL) {
615  // TODO should we set an event here?
616  return -1;
617  }
618 
619  connp->certs_buffer = SCCalloc(1, cert_chain_len);
620  if (connp->certs_buffer == NULL) {
621  return -1;
622  }
623  connp->certs_buffer_size = cert_chain_len;
624  memcpy(connp->certs_buffer, input, cert_chain_len);
625 
626  int cert_cnt = 0;
627  uint32_t processed_len = 0;
628  /* coverity[tainted_data] */
629  while (processed_len < cert_chain_len) {
630  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
631  connp->certs_buffer_size - processed_len, cert_cnt);
632  if (rc <= 0) { // 0 should be impossible, but lets be defensive
633  return -1;
634  }
635  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
636  if (processed_len + (uint32_t)rc > cert_chain_len) {
637  return -1;
638  }
639 
640  processed_len += (uint32_t)rc;
641  }
642 
643  return processed_len + 3;
644 }
645 
646 /**
647  * \inline
648  * \brief Check if value is GREASE.
649  *
650  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
651  *
652  * \param value Value to check.
653  *
654  * \retval 1 if is GREASE.
655  * \retval 0 if not is GREASE.
656  */
657 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
658 {
659  switch (value)
660  {
661  case 0x0a0a:
662  case 0x1a1a:
663  case 0x2a2a:
664  case 0x3a3a:
665  case 0x4a4a:
666  case 0x5a5a:
667  case 0x6a6a:
668  case 0x7a7a:
669  case 0x8a8a:
670  case 0x9a9a:
671  case 0xaaaa:
672  case 0xbaba:
673  case 0xcaca:
674  case 0xdada:
675  case 0xeaea:
676  case 0xfafa:
677  return 1;
678  default:
679  return 0;
680  }
681 }
682 
683 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
684  const uint8_t * const initial_input,
685  const uint32_t input_len)
686 {
687  uint8_t *input = (uint8_t *)initial_input;
688 
689  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_VERSION_LEN))) {
690  SCLogDebug("TLS handshake invalid length");
691  SSLSetEvent(ssl_state,
692  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
693  return -1;
694  }
695 
696  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
697  ssl_state->curr_connp->version = version;
698 
699  if (ssl_state->curr_connp->ja4 != NULL &&
700  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
701  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, version);
702  }
703 
704  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
705  versions, instead of using the supported versions extension. */
706  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
707  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
708  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
709  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
710  }
711 
712  /* Catch some early TLSv1.3 draft implementations that does not conform
713  to the draft version. */
714  if ((ssl_state->curr_connp->version >= 0x7f01) &&
715  (ssl_state->curr_connp->version < 0x7f10)) {
716  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
717  }
718 
719  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
720  version number, which makes it hard to accurately pinpoint the
721  exact draft version. */
722  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
723  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
724  }
725 
726  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
727  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
728  if (ssl_state->curr_connp->ja3_str == NULL)
729  return -1;
730 
731  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
732  if (rc != 0)
733  return -1;
734  }
735 
736  input += SSLV3_CLIENT_HELLO_VERSION_LEN;
737 
738  return (input - initial_input);
739 }
740 
741 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
742  const uint8_t * const initial_input,
743  const uint32_t input_len)
744 {
745  uint8_t *input = (uint8_t *)initial_input;
746 
747  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_RANDOM_LEN))) {
748  SCLogDebug("TLS handshake invalid length");
749  SSLSetEvent(ssl_state,
750  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
751  return -1;
752  }
753 
754  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
755  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
756  ssl_state->flags |= TLS_TS_RANDOM_SET;
757  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
758  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
759  ssl_state->flags |= TLS_TC_RANDOM_SET;
760  }
761 
762  /* Skip random */
763  input += SSLV3_CLIENT_HELLO_RANDOM_LEN;
764 
765  return (input - initial_input);
766 }
767 
768 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
769  const uint8_t * const initial_input,
770  const uint32_t input_len)
771 {
772  uint8_t *input = (uint8_t *)initial_input;
773 
774  if (!(HAS_SPACE(1)))
775  goto invalid_length;
776 
777  uint8_t session_id_length = *input;
778  input += 1;
779 
780  if (!(HAS_SPACE(session_id_length)))
781  goto invalid_length;
782 
783  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
784  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
785 
786  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
787  return -1;
788  }
789 
790  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
791  input, 0, input_len, session_id_length) != 0) {
792  return -1;
793  }
794  ssl_state->curr_connp->session_id_length = session_id_length;
795 
796  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
797  ssl_state->client_connp.session_id != NULL &&
798  ssl_state->server_connp.session_id != NULL) {
799  if ((ssl_state->client_connp.session_id_length ==
800  ssl_state->server_connp.session_id_length) &&
801  (memcmp(ssl_state->server_connp.session_id,
802  ssl_state->client_connp.session_id, session_id_length) == 0)) {
803  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
804  }
805  }
806  }
807 
808  input += session_id_length;
809 
810  return (input - initial_input);
811 
812 invalid_length:
813  SCLogDebug("TLS handshake invalid length");
814  SSLSetEvent(ssl_state,
815  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
816  return -1;
817 }
818 
819 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
820  const uint8_t * const initial_input,
821  const uint32_t input_len)
822 {
823  const uint8_t *input = initial_input;
824 
825  if (!(HAS_SPACE(2)))
826  goto invalid_length;
827 
828  uint16_t cipher_suites_length;
829 
830  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
831  cipher_suites_length = 2;
832  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
833  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
834  input += 2;
835  } else {
836  return -1;
837  }
838 
839  if (!(HAS_SPACE(cipher_suites_length)))
840  goto invalid_length;
841 
842  /* Cipher suites length should always be divisible by 2 */
843  if ((cipher_suites_length % 2) != 0) {
844  goto invalid_length;
845  }
846 
847  const bool enable_ja3 = SC_ATOMIC_GET(ssl_config.enable_ja3);
848 
849  if (enable_ja3 || SC_ATOMIC_GET(ssl_config.enable_ja4)) {
850  JA3Buffer *ja3_cipher_suites = NULL;
851 
852  if (enable_ja3) {
853  ja3_cipher_suites = Ja3BufferInit();
854  if (ja3_cipher_suites == NULL)
855  return -1;
856  }
857 
858  uint16_t processed_len = 0;
859  /* coverity[tainted_data] */
860  while (processed_len < cipher_suites_length)
861  {
862  if (!(HAS_SPACE(2))) {
863  if (enable_ja3) {
864  Ja3BufferFree(&ja3_cipher_suites);
865  }
866  goto invalid_length;
867  }
868 
869  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
870  input += 2;
871 
872  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
873  if (ssl_state->curr_connp->ja4 != NULL &&
874  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
875  SCJA4AddCipher(ssl_state->curr_connp->ja4, cipher_suite);
876  }
877  if (enable_ja3) {
878  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
879  if (rc != 0) {
880  return -1;
881  }
882  }
883  }
884  processed_len += 2;
885  }
886 
887  if (enable_ja3) {
888  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str, &ja3_cipher_suites);
889  if (rc == -1) {
890  return -1;
891  }
892  }
893 
894  } else {
895  /* Skip cipher suites */
896  input += cipher_suites_length;
897  }
898 
899  return (input - initial_input);
900 
901 invalid_length:
902  SCLogDebug("TLS handshake invalid length");
903  SSLSetEvent(ssl_state,
904  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
905  return -1;
906 }
907 
908 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
909  const uint8_t * const initial_input,
910  const uint32_t input_len)
911 {
912  const uint8_t *input = initial_input;
913 
914  if (!(HAS_SPACE(1)))
915  goto invalid_length;
916 
917  /* Skip compression methods */
918  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
919  input += 1;
920  } else {
921  uint8_t compression_methods_length = *input;
922  input += 1;
923 
924  if (!(HAS_SPACE(compression_methods_length)))
925  goto invalid_length;
926 
927  input += compression_methods_length;
928  }
929 
930  return (input - initial_input);
931 
932 invalid_length:
933  SCLogDebug("TLS handshake invalid_length");
934  SSLSetEvent(ssl_state,
935  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
936  return -1;
937 }
938 
939 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
940  const uint8_t * const initial_input,
941  const uint32_t input_len)
942 {
943  uint8_t *input = (uint8_t *)initial_input;
944 
945  /* Empty extension */
946  if (input_len == 0)
947  return 0;
948 
949  if (!(HAS_SPACE(2)))
950  goto invalid_length;
951 
952  /* Skip sni_list_length */
953  input += 2;
954 
955  if (!(HAS_SPACE(1)))
956  goto invalid_length;
957 
958  uint8_t sni_type = *input;
959  input += 1;
960 
961  /* Currently the only type allowed is host_name
962  (RFC6066 section 3). */
963  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
964  SCLogDebug("Unknown SNI type");
965  SSLSetEvent(ssl_state,
966  TLS_DECODER_EVENT_INVALID_SNI_TYPE);
967  return -1;
968  }
969 
970  if (!(HAS_SPACE(2)))
971  goto invalid_length;
972 
973  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
974  input += 2;
975 
976  /* host_name contains the fully qualified domain name,
977  and should therefore be limited by the maximum domain
978  name length. */
979  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
980  SSLSetEvent(ssl_state,
981  TLS_DECODER_EVENT_INVALID_SNI_LENGTH);
982  return -1;
983  }
984 
985  /* There must not be more than one extension of the same
986  type (RFC5246 section 7.4.1.4). */
987  if (ssl_state->curr_connp->sni) {
988  SCLogDebug("Multiple SNI extensions");
989  SSLSetEvent(ssl_state,
990  TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS);
991  input += sni_len;
992  return (input - initial_input);
993  }
994 
995  const size_t sni_strlen = sni_len + 1;
996  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
997  if (unlikely(ssl_state->curr_connp->sni == NULL))
998  return -1;
999 
1000  const size_t consumed = input - initial_input;
1001  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
1002  initial_input, consumed, input_len, sni_len) != 0) {
1003  SCFree(ssl_state->curr_connp->sni);
1004  ssl_state->curr_connp->sni = NULL;
1005  return -1;
1006  }
1007  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
1008 
1009  input += sni_len;
1010 
1011  return (input - initial_input);
1012 
1013 invalid_length:
1014  SCLogDebug("TLS handshake invalid length");
1015  SSLSetEvent(ssl_state,
1016  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1017 
1018 
1019  return -1;
1020 }
1021 
1022 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
1023  const uint8_t * const initial_input,
1024  const uint32_t input_len)
1025 {
1026  const uint8_t *input = initial_input;
1027 
1028  /* Empty extension */
1029  if (input_len == 0)
1030  return 0;
1031 
1032  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1033  if (!(HAS_SPACE(1)))
1034  goto invalid_length;
1035 
1036  uint8_t supported_ver_len = *input;
1037  input += 1;
1038 
1039  if (supported_ver_len < 2)
1040  goto invalid_length;
1041 
1042  if (!(HAS_SPACE(supported_ver_len)))
1043  goto invalid_length;
1044 
1045  /* Use the first (and preferred) valid version as client version,
1046  * skip over GREASE and other possible noise. */
1047  uint16_t i = 0;
1048  while (i + 1 < (uint16_t)supported_ver_len) {
1049  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1050  if (TLSVersionValid(ver)) {
1051  ssl_state->curr_connp->version = ver;
1052  if (ssl_state->curr_connp->ja4 != NULL &&
1053  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1054  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, ver);
1055  }
1056  break;
1057  }
1058  i += 2;
1059  }
1060 
1061  /* Set a flag to indicate that we have seen this extension */
1062  ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;
1063 
1064  input += supported_ver_len;
1065  }
1066  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1067  if (!(HAS_SPACE(2)))
1068  goto invalid_length;
1069 
1070  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1071 
1072  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1073  (ver > TLS_VERSION_12)) {
1074  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1075  }
1076 
1077  ssl_state->curr_connp->version = ver;
1078  input += 2;
1079  }
1080 
1081  return (input - initial_input);
1082 
1083 invalid_length:
1084  SCLogDebug("TLS handshake invalid length");
1085  SSLSetEvent(ssl_state,
1086  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1087 
1088  return -1;
1089 }
1090 
1091 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1092  const uint8_t * const initial_input,
1093  const uint32_t input_len,
1094  JA3Buffer *ja3_elliptic_curves)
1095 {
1096  const uint8_t *input = initial_input;
1097 
1098  /* Empty extension */
1099  if (input_len == 0)
1100  return 0;
1101 
1102  if (!(HAS_SPACE(2)))
1103  goto invalid_length;
1104 
1105  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1106  input += 2;
1107 
1108  if (!(HAS_SPACE(elliptic_curves_len)))
1109  goto invalid_length;
1110 
1111  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1112  SC_ATOMIC_GET(ssl_config.enable_ja3)) {
1113  uint16_t ec_processed_len = 0;
1114  /* coverity[tainted_data] */
1115  while (ec_processed_len < elliptic_curves_len)
1116  {
1117  if (!(HAS_SPACE(2)))
1118  goto invalid_length;
1119 
1120  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1121  input += 2;
1122 
1123  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1124  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1125  elliptic_curve);
1126  if (rc != 0)
1127  return -1;
1128  }
1129 
1130  ec_processed_len += 2;
1131  }
1132 
1133  } else {
1134  /* Skip elliptic curves */
1135  input += elliptic_curves_len;
1136  }
1137 
1138  return (input - initial_input);
1139 
1140 invalid_length:
1141  SCLogDebug("TLS handshake invalid length");
1142  SSLSetEvent(ssl_state,
1143  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1144 
1145  return -1;
1146 }
1147 
1148 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1149  const uint8_t * const initial_input,
1150  const uint32_t input_len,
1151  JA3Buffer *ja3_elliptic_curves_pf)
1152 {
1153  const uint8_t *input = initial_input;
1154 
1155  /* Empty extension */
1156  if (input_len == 0)
1157  return 0;
1158 
1159  if (!(HAS_SPACE(1)))
1160  goto invalid_length;
1161 
1162  uint8_t ec_pf_len = *input;
1163  input += 1;
1164 
1165  if (!(HAS_SPACE(ec_pf_len)))
1166  goto invalid_length;
1167 
1168  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
1169  SC_ATOMIC_GET(ssl_config.enable_ja3)) {
1170  uint8_t ec_pf_processed_len = 0;
1171  /* coverity[tainted_data] */
1172  while (ec_pf_processed_len < ec_pf_len)
1173  {
1174  uint8_t elliptic_curve_pf = *input;
1175  input += 1;
1176 
1177  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1178  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1179  elliptic_curve_pf);
1180  if (rc != 0)
1181  return -1;
1182  }
1183 
1184  ec_pf_processed_len += 1;
1185  }
1186 
1187  } else {
1188  /* Skip elliptic curve point formats */
1189  input += ec_pf_len;
1190  }
1191 
1192  return (input - initial_input);
1193 
1194 invalid_length:
1195  SCLogDebug("TLS handshake invalid length");
1196  SSLSetEvent(ssl_state,
1197  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1198 
1199  return -1;
1200 }
1201 
1202 static inline int TLSDecodeHSHelloExtensionSigAlgorithms(
1203  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1204 {
1205  const uint8_t *input = initial_input;
1206 
1207  /* Empty extension */
1208  if (input_len == 0)
1209  return 0;
1210 
1211  if (!(HAS_SPACE(2)))
1212  goto invalid_length;
1213 
1214  uint16_t sigalgo_len = (uint16_t)(*input << 8) | *(input + 1);
1215  input += 2;
1216 
1217  /* Signature algorithms length should always be divisible by 2 */
1218  if ((sigalgo_len % 2) != 0) {
1219  goto invalid_length;
1220  }
1221 
1222  if (!(HAS_SPACE(sigalgo_len)))
1223  goto invalid_length;
1224 
1225  if (ssl_state->curr_connp->ja4 != NULL &&
1226  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1227  uint16_t sigalgo_processed_len = 0;
1228  while (sigalgo_processed_len < sigalgo_len) {
1229  uint16_t sigalgo = (uint16_t)(*input << 8) | *(input + 1);
1230  input += 2;
1231  sigalgo_processed_len += 2;
1232 
1233  SCJA4AddSigAlgo(ssl_state->curr_connp->ja4, sigalgo);
1234  }
1235  } else {
1236  /* Skip signature algorithms */
1237  input += sigalgo_len;
1238  }
1239 
1240  return (input - initial_input);
1241 
1242 invalid_length:
1243  SCLogDebug("Signature algorithm list invalid length");
1244  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1245 
1246  return -1;
1247 }
1248 
1249 static inline int TLSDecodeHSHelloExtensionALPN(
1250  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1251 {
1252  const uint8_t *input = initial_input;
1253 
1254  /* Empty extension */
1255  if (input_len == 0)
1256  return 0;
1257 
1258  if (!(HAS_SPACE(2)))
1259  goto invalid_length;
1260 
1261  uint16_t alpn_len = (uint16_t)(*input << 8) | *(input + 1);
1262  input += 2;
1263 
1264  if (!(HAS_SPACE(alpn_len)))
1265  goto invalid_length;
1266 
1267  if (ssl_state->curr_connp->ja4 != NULL &&
1268  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1269  /* We use 32 bits here to avoid potentially overflowing a value that
1270  needs to be compared to an unsigned 16-bit value. */
1271  uint32_t alpn_processed_len = 0;
1272  while (alpn_processed_len < alpn_len) {
1273  uint8_t protolen = *input;
1274  input += 1;
1275  alpn_processed_len += 1;
1276 
1277  if (!(HAS_SPACE(protolen)))
1278  goto invalid_length;
1279 
1280  /* Check if reading another protolen bytes would exceed the
1281  overall ALPN length; if so, skip and continue */
1282  if (alpn_processed_len + protolen > ((uint32_t)alpn_len)) {
1283  input += alpn_len - alpn_processed_len;
1284  break;
1285  }
1286 
1287  /* Only record the first value for JA4 */
1288  if (alpn_processed_len == 1) {
1289  SCJA4SetALPN(ssl_state->curr_connp->ja4, (const char *)input, protolen);
1290  }
1291 
1292  alpn_processed_len += protolen;
1293  input += protolen;
1294  }
1295  } else {
1296  /* Skip ALPN protocols */
1297  input += alpn_len;
1298  }
1299 
1300  return (input - initial_input);
1301 
1302 invalid_length:
1303  SCLogDebug("ALPN list invalid length");
1304  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1305 
1306  return -1;
1307 }
1308 
1309 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1310  const uint8_t * const initial_input,
1311  const uint32_t input_len)
1312 {
1313  const uint8_t *input = initial_input;
1314 
1315  int ret;
1316  int rc;
1317  const bool ja3 = (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1);
1318 
1319  JA3Buffer *ja3_extensions = NULL;
1320  JA3Buffer *ja3_elliptic_curves = NULL;
1321  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1322 
1323  if (ja3) {
1324  ja3_extensions = Ja3BufferInit();
1325  if (ja3_extensions == NULL)
1326  goto error;
1327 
1328  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1329  ja3_elliptic_curves = Ja3BufferInit();
1330  if (ja3_elliptic_curves == NULL)
1331  goto error;
1332 
1333  ja3_elliptic_curves_pf = Ja3BufferInit();
1334  if (ja3_elliptic_curves_pf == NULL)
1335  goto error;
1336  }
1337  }
1338 
1339  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1340  if (!(HAS_SPACE(2)))
1341  goto end;
1342 
1343  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1344  input += 2;
1345 
1346  if (!(HAS_SPACE(extensions_len)))
1347  goto invalid_length;
1348 
1349  uint16_t processed_len = 0;
1350  /* coverity[tainted_data] */
1351  while (processed_len < extensions_len)
1352  {
1353  if (!(HAS_SPACE(2)))
1354  goto invalid_length;
1355 
1356  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1357  input += 2;
1358 
1359  if (!(HAS_SPACE(2)))
1360  goto invalid_length;
1361 
1362  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1363  input += 2;
1364 
1365  if (!(HAS_SPACE(ext_len)))
1366  goto invalid_length;
1367 
1368  switch (ext_type) {
1369  case SSL_EXTENSION_SNI:
1370  {
1371  /* coverity[tainted_data] */
1372  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1373  ext_len);
1374  if (ret < 0)
1375  goto end;
1376 
1377  input += ret;
1378 
1379  break;
1380  }
1381 
1382  case SSL_EXTENSION_ELLIPTIC_CURVES:
1383  {
1384  /* coverity[tainted_data] */
1385  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1386  ext_len,
1387  ja3_elliptic_curves);
1388  if (ret < 0)
1389  goto end;
1390 
1391  input += ret;
1392 
1393  break;
1394  }
1395 
1396  case SSL_EXTENSION_EC_POINT_FORMATS:
1397  {
1398  /* coverity[tainted_data] */
1399  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1400  ext_len,
1401  ja3_elliptic_curves_pf);
1402  if (ret < 0)
1403  goto end;
1404 
1405  input += ret;
1406 
1407  break;
1408  }
1409 
1410  case SSL_EXTENSION_SIGNATURE_ALGORITHMS: {
1411  /* coverity[tainted_data] */
1412  ret = TLSDecodeHSHelloExtensionSigAlgorithms(ssl_state, input, ext_len);
1413  if (ret < 0)
1414  goto end;
1415 
1416  input += ret;
1417 
1418  break;
1419  }
1420 
1421  case SSL_EXTENSION_ALPN: {
1422  /* coverity[tainted_data] */
1423  ret = TLSDecodeHSHelloExtensionALPN(ssl_state, input, ext_len);
1424  if (ret < 0)
1425  goto end;
1426 
1427  input += ext_len;
1428 
1429  break;
1430  }
1431 
1432  case SSL_EXTENSION_EARLY_DATA:
1433  {
1434  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1435  /* Used by 0-RTT to indicate that encrypted data will
1436  be sent right after the ClientHello record. */
1437  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1438  }
1439 
1440  input += ext_len;
1441 
1442  break;
1443  }
1444 
1445  case SSL_EXTENSION_SUPPORTED_VERSIONS:
1446  {
1447  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1448  ext_len);
1449  if (ret < 0)
1450  goto end;
1451 
1452  input += ret;
1453 
1454  break;
1455  }
1456 
1457  case SSL_EXTENSION_SESSION_TICKET:
1458  {
1459  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1460  /* This has to be verified later on by checking if a
1461  certificate record has been sent by the server. */
1462  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1463  }
1464 
1465  input += ext_len;
1466 
1467  break;
1468  }
1469 
1470  default:
1471  {
1472  input += ext_len;
1473  break;
1474  }
1475  }
1476 
1477  if (ja3) {
1478  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1479  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1480  if (rc != 0)
1481  goto error;
1482  }
1483  }
1484 
1485  if (ssl_state->curr_connp->ja4 != NULL &&
1486  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1487  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1488  SCJA4AddExtension(ssl_state->curr_connp->ja4, ext_type);
1489  }
1490  }
1491 
1492  processed_len += ext_len + 4;
1493  }
1494 
1495 end:
1496  if (ja3) {
1497  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1498  &ja3_extensions);
1499  if (rc == -1)
1500  goto error;
1501 
1502  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1503  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1504  &ja3_elliptic_curves);
1505  if (rc == -1)
1506  goto error;
1507 
1508  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1509  &ja3_elliptic_curves_pf);
1510  if (rc == -1)
1511  goto error;
1512  }
1513  }
1514 
1515  return (input - initial_input);
1516 
1517 invalid_length:
1518  SCLogDebug("TLS handshake invalid length");
1519  SSLSetEvent(ssl_state,
1520  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1521 
1522 error:
1523  if (ja3_extensions != NULL)
1524  Ja3BufferFree(&ja3_extensions);
1525  if (ja3_elliptic_curves != NULL)
1526  Ja3BufferFree(&ja3_elliptic_curves);
1527  if (ja3_elliptic_curves_pf != NULL)
1528  Ja3BufferFree(&ja3_elliptic_curves_pf);
1529 
1530  return -1;
1531 }
1532 
1533 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1534  const uint8_t * const input,
1535  const uint32_t input_len)
1536 {
1537  int ret;
1538  uint32_t parsed = 0;
1539 
1540  /* Ensure that we have a JA4 state defined by now if we have JA4 enabled,
1541  we are in a client hello and we don't have such a state yet (to avoid
1542  leaking memory in case this function is entered more than once). */
1543  if (SC_ATOMIC_GET(ssl_config.enable_ja4) &&
1544  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO &&
1545  ssl_state->curr_connp->ja4 == NULL) {
1546  ssl_state->curr_connp->ja4 = SCJA4New();
1547  }
1548 
1549  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1550  if (ret < 0)
1551  goto end;
1552 
1553  parsed += ret;
1554 
1555  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1556  if (ret < 0)
1557  goto end;
1558 
1559  parsed += ret;
1560 
1561  /* The session id field in the server hello record was removed in
1562  TLSv1.3 draft1, but was readded in draft22. */
1563  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1564  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1565  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1566  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1567  input_len - parsed);
1568  if (ret < 0)
1569  goto end;
1570 
1571  parsed += ret;
1572  }
1573 
1574  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1575  input_len - parsed);
1576  if (ret < 0)
1577  goto end;
1578 
1579  parsed += ret;
1580 
1581  /* The compression methods field in the server hello record was
1582  removed in TLSv1.3 draft1, but was readded in draft22. */
1583  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1584  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1585  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1586  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1587  input_len - parsed);
1588  if (ret < 0)
1589  goto end;
1590 
1591  parsed += ret;
1592  }
1593 
1594  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1595  input_len - parsed);
1596  if (ret < 0)
1597  goto end;
1598 
1599  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1600  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1601  }
1602 
1603 end:
1604  return 0;
1605 }
1606 
1607 #ifdef DEBUG_VALIDATION
1608 static inline bool
1609 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1610 {
1611  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1612  curr_connp->bytes_processed);
1613 }
1614 #endif
1615 
1616 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1617  const uint8_t *const initial_input, const uint32_t input_len)
1618 {
1619  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1620  SCLogDebug("rc %d", rc);
1621  if (rc > 0) {
1622  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1623  SSLParserHSReset(connp);
1624  } else if (rc < 0) {
1625  SCLogDebug("error parsing cert, reset state");
1626  SSLParserHSReset(connp);
1627  /* fall through to still consume the cert bytes */
1628  }
1629  return input_len;
1630 }
1631 
1632 static int SupportedHandshakeType(const uint8_t type)
1633 {
1634  switch (type) {
1635  case SSLV3_HS_CLIENT_HELLO:
1636  case SSLV3_HS_SERVER_HELLO:
1637  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1638  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1639  case SSLV3_HS_CERTIFICATE:
1640  case SSLV3_HS_HELLO_REQUEST:
1641  case SSLV3_HS_CERTIFICATE_REQUEST:
1642  case SSLV3_HS_CERTIFICATE_VERIFY:
1643  case SSLV3_HS_FINISHED:
1644  case SSLV3_HS_CERTIFICATE_URL:
1645  case SSLV3_HS_CERTIFICATE_STATUS:
1646  case SSLV3_HS_NEW_SESSION_TICKET:
1647  case SSLV3_HS_SERVER_HELLO_DONE:
1648  return true;
1649  break;
1650 
1651  default:
1652  return false;
1653  break;
1654  }
1655 }
1656 
1657 /**
1658  * \retval parsed number of consumed bytes
1659  * \retval < 0 error
1660  */
1661 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1662  uint32_t input_len, uint8_t direction)
1663 {
1664  const uint8_t *initial_input = input;
1665  int rc;
1666 
1667  if (input_len == 0) {
1668  return 0;
1669  }
1670  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1671 
1672  switch (ssl_state->curr_connp->handshake_type) {
1673  case SSLV3_HS_CLIENT_HELLO:
1674  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
1675 
1676  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1677  if (rc < 0)
1678  return rc;
1679  break;
1680 
1681  case SSLV3_HS_SERVER_HELLO:
1682  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
1683 
1684  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1685  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1686  if (rc < 0)
1687  return rc;
1688  break;
1689 
1690  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1691  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_KEYX;
1692  break;
1693 
1694  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1695  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
1696  break;
1697 
1698  case SSLV3_HS_CERTIFICATE:
1699 
1700  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1701  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1702  input_len);
1703  if (rc < 0)
1704  return rc;
1705  break;
1706 
1707  case SSLV3_HS_HELLO_REQUEST:
1708  break;
1709  case SSLV3_HS_CERTIFICATE_REQUEST:
1710  if (direction) {
1711  ssl_state->current_flags = SSL_AL_FLAG_NEED_CLIENT_CERT;
1712  }
1713  break;
1714  case SSLV3_HS_CERTIFICATE_VERIFY:
1715  case SSLV3_HS_FINISHED:
1716  case SSLV3_HS_CERTIFICATE_URL:
1717  case SSLV3_HS_CERTIFICATE_STATUS:
1718  break;
1719  case SSLV3_HS_NEW_SESSION_TICKET:
1720  SCLogDebug("new session ticket");
1721  break;
1722  case SSLV3_HS_SERVER_HELLO_DONE:
1723  break;
1724  default:
1725  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1726  return -1;
1727  }
1728 
1729  ssl_state->flags |= ssl_state->current_flags;
1730 
1731  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1732  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1733 
1734  return input_len;
1735 }
1736 
1737 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1738  uint32_t input_len, uint8_t direction)
1739 {
1740  const uint8_t *initial_input = input;
1741 
1742  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1743  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1744  SCReturnInt(0);
1745  }
1746 
1747  while (input_len) {
1748  SCLogDebug("input_len %u", input_len);
1749 
1750  if (ssl_state->curr_connp->hs_buffer != NULL) {
1751  SCLogDebug("partial handshake record in place");
1752  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1753  ssl_state->curr_connp->hs_buffer_offset;
1754  const uint32_t add = MIN(need, input_len);
1755 
1756  /* grow buffer to next multiple of 4k that fits all data we have */
1757  if (ssl_state->curr_connp->hs_buffer_offset + add >
1758  ssl_state->curr_connp->hs_buffer_size) {
1759  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1760  const uint32_t new_size = avail + (4096 - (avail % 4096));
1761  SCLogDebug("new_size %u, avail %u", new_size, avail);
1762  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1763  if (ptr == NULL)
1764  return -1;
1765  ssl_state->curr_connp->hs_buffer = ptr;
1766  ssl_state->curr_connp->hs_buffer_size = new_size;
1767  }
1768 
1769  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1770  "ssl_state->curr_connp->hs_buffer_size %u",
1771  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1772  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1773 
1774  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1775  ssl_state->curr_connp->hs_buffer_offset,
1776  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1777  SCLogDebug("copy failed");
1778  return -1;
1779  }
1780  ssl_state->curr_connp->hs_buffer_offset += add;
1781 
1782  if (ssl_state->curr_connp->hs_buffer_message_size <=
1783  ssl_state->curr_connp->hs_buffer_offset) {
1784  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->hs_buffer_message_size !=
1785  ssl_state->curr_connp->hs_buffer_offset);
1786 
1787  ssl_state->curr_connp->handshake_type =
1788  ssl_state->curr_connp->hs_buffer_message_type;
1789  ssl_state->curr_connp->message_length =
1790  ssl_state->curr_connp->hs_buffer_message_size;
1791 
1792  SCLogDebug("got all data now: handshake_type %u message_length %u",
1793  ssl_state->curr_connp->handshake_type,
1794  ssl_state->curr_connp->message_length);
1795 
1796  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1797  ssl_state->curr_connp->hs_buffer_offset, direction);
1798  if (retval < 0) {
1799  SSLParserHSReset(ssl_state->curr_connp);
1800  return (retval);
1801  }
1802  SCLogDebug("retval %d", retval);
1803 
1804  /* data processed, reset buffer */
1805  SCFree(ssl_state->curr_connp->hs_buffer);
1806  ssl_state->curr_connp->hs_buffer = NULL;
1807  ssl_state->curr_connp->hs_buffer_size = 0;
1808  ssl_state->curr_connp->hs_buffer_message_size = 0;
1809  ssl_state->curr_connp->hs_buffer_message_type = 0;
1810  ssl_state->curr_connp->hs_buffer_offset = 0;
1811  } else {
1812  SCLogDebug("partial data");
1813  }
1814 
1815  input += add;
1816  input_len -= add;
1817  SCLogDebug("input_len %u", input_len);
1818  SSLParserHSReset(ssl_state->curr_connp);
1819  continue;
1820  }
1821 
1822  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1823  SCLogDebug("input %p input_len %u", input, input_len);
1824 
1825  if (input_len < 4) {
1826  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1827  SCReturnInt(-1);
1828  }
1829 
1830  ssl_state->curr_connp->handshake_type = input[0];
1831  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1832  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1833  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1834  input_len);
1835  input += 4;
1836  input_len -= 4;
1837 
1838  const uint32_t record_len = ssl_state->curr_connp->message_length;
1839  /* see if we support this type. We check here to not use the fragment
1840  * handling on things we don't support. */
1841  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1842  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1843  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1844  if (!supported_type) {
1845  uint32_t avail_record_len = MIN(input_len, record_len);
1846  input += avail_record_len;
1847  input_len -= avail_record_len;
1848 
1849  SSLParserHSReset(ssl_state->curr_connp);
1850 
1851  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1852  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1853  // after Change Cipher Spec we get Encrypted Handshake Messages
1854  } else {
1855  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
1856  }
1857  continue;
1858  }
1859 
1860  /* if the message length exceeds our input_len, we have a tls fragment. */
1861  if (record_len > input_len) {
1862  const uint32_t avail = input_len;
1863  const uint32_t size = avail + (4096 - (avail % 4096));
1864  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1865  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1866  if (ssl_state->curr_connp->hs_buffer == NULL) {
1867  return -1;
1868  }
1869  ssl_state->curr_connp->hs_buffer_size = size;
1870  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1871  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1872 
1873  if (input_len > 0) {
1874  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1875  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1876  input_len) != 0) {
1877  return -1;
1878  }
1879  ssl_state->curr_connp->hs_buffer_offset = input_len;
1880  }
1881  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1882  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1883  ssl_state->curr_connp->hs_buffer_offset,
1884  ssl_state->curr_connp->hs_buffer_message_type,
1885  ssl_state->curr_connp->hs_buffer_message_size);
1886  input += input_len;
1887  SSLParserHSReset(ssl_state->curr_connp);
1888  return (input - initial_input);
1889 
1890  } else {
1891  /* full record, parse it now */
1892  int retval = SSLv3ParseHandshakeType(
1893  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1894  if (retval < 0 || retval > (int)input_len) {
1895  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1896  return (retval);
1897  }
1898  SCLogDebug("retval %d input_len %u", retval, input_len);
1899  input += retval;
1900  input_len -= retval;
1901 
1902  SSLParserHSReset(ssl_state->curr_connp);
1903  }
1904  SCLogDebug("input_len left %u", input_len);
1905  }
1906  return (input - initial_input);
1907 }
1908 
1909 /**
1910  * \internal
1911  * \brief TLS Heartbeat parser (see RFC 6520)
1912  *
1913  * \param sslstate Pointer to the SSL state.
1914  * \param input Pointer to the received input data.
1915  * \param input_len Length in bytes of the received data.
1916  * \param direction 1 toclient, 0 toserver
1917  *
1918  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1919  */
1920 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
1921  uint32_t input_len, uint8_t direction)
1922 {
1923  uint8_t hb_type;
1924  uint16_t payload_len;
1925  uint32_t padding_len;
1926 
1927  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
1928  if (input_len < 3) {
1929  return 0;
1930  }
1931 
1932  hb_type = *input++;
1933 
1934  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
1935  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
1936  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1937  return -1;
1938  }
1939  }
1940 
1941  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
1942  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
1943 
1944  if (direction) {
1945  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
1946  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
1947  } else {
1948  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
1949  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
1950  }
1951 
1952  /* if we reach this point, then we can assume that the HB request
1953  is encrypted. If so, let's set the HB record length */
1954  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
1955  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
1956  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
1957  ssl_state->hb_record_len);
1958  return (ssl_state->curr_connp->record_length - 3);
1959  }
1960 
1961  payload_len = (uint16_t)(*input << 8) | *(input + 1);
1962 
1963  /* check that the requested payload length is really present in
1964  the record (CVE-2014-0160) */
1965  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
1966  SCLogDebug("We have a short record in HeartBeat Request");
1967  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT);
1968  return -1;
1969  }
1970 
1971  /* check the padding length. It must be at least 16 bytes
1972  (RFC 6520, section 4) */
1973  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
1974  if (padding_len < 16) {
1975  SCLogDebug("We have a short record in HeartBeat Request");
1976  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1977  return -1;
1978  }
1979 
1980  /* we don't have the payload */
1981  if (input_len < payload_len + padding_len) {
1982  return 0;
1983  }
1984 
1985  /* OpenSSL still seems to discard multiple in-flight
1986  heartbeats although some tools send multiple at once */
1987  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1988  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
1989  SCLogDebug("Multiple in-flight server initiated HeartBeats");
1990  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1991  return -1;
1992 
1993  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
1994  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
1995  SCLogDebug("Multiple in-flight client initiated HeartBeats");
1996  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
1997  return -1;
1998 
1999  } else {
2000  /* we have a HB record in the opposite direction of the request,
2001  let's reset our flags */
2002  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
2003  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
2004  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
2005 
2006  /* if we reach this point, then we can assume that the HB request
2007  is encrypted. If so, let's set the HB record length */
2008  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2009  /* check to see if the encrypted response is longer than the
2010  encrypted request */
2011  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
2012  ssl_state->curr_connp->record_length) {
2013  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
2014  ssl_state->hb_record_len);
2015  SSLSetEvent(ssl_state,
2016  TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH);
2017  ssl_state->hb_record_len = 0;
2018  return -1;
2019  }
2020  }
2021 
2022  /* reset the HB record length in case we have a legit HB followed
2023  by a bad one */
2024  ssl_state->hb_record_len = 0;
2025  }
2026 
2027  /* skip the HeartBeat, 3 bytes were already parsed,
2028  e.g |18 03 02| for TLS 1.2 */
2029  return (ssl_state->curr_connp->record_length - 3);
2030 }
2031 
2032 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
2033  const uint8_t *input, uint32_t input_len)
2034 {
2035  const uint8_t *initial_input = input;
2036 
2037  if (input_len == 0) {
2038  return 0;
2039  }
2040 
2041  uint8_t skip_version = 0;
2042 
2043  /* Only set SSL/TLS version here if it has not already been set in
2044  client/server hello. */
2045  if (direction == 0) {
2046  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2047  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
2048  skip_version = 1;
2049  }
2050  } else {
2051  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
2052  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
2053  skip_version = 1;
2054  }
2055  }
2056 
2057  switch (ssl_state->curr_connp->bytes_processed) {
2058  case 0:
2059  if (input_len >= 5) {
2060  ssl_state->curr_connp->content_type = input[0];
2061  if (!skip_version) {
2062  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
2063  }
2064  ssl_state->curr_connp->record_length = input[3] << 8;
2065  ssl_state->curr_connp->record_length |= input[4];
2066  ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_HDR_LEN;
2067  return SSLV3_RECORD_HDR_LEN;
2068  } else {
2069  ssl_state->curr_connp->content_type = *(input++);
2070  if (--input_len == 0)
2071  break;
2072  }
2073 
2074  /* fall through */
2075  case 1:
2076  if (!skip_version) {
2077  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
2078  } else {
2079  input++;
2080  }
2081  if (--input_len == 0)
2082  break;
2083 
2084  /* fall through */
2085  case 2:
2086  if (!skip_version) {
2087  ssl_state->curr_connp->version |= *(input++);
2088  } else {
2089  input++;
2090  }
2091  if (--input_len == 0)
2092  break;
2093 
2094  /* fall through */
2095  case 3:
2096  ssl_state->curr_connp->record_length = *(input++) << 8;
2097  if (--input_len == 0)
2098  break;
2099 
2100  /* fall through */
2101  case 4:
2102  ssl_state->curr_connp->record_length |= *(input++);
2103  if (--input_len == 0)
2104  break;
2105 
2106  /* fall through */
2107  }
2108 
2109  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2110 
2111  return (input - initial_input);
2112 }
2113 
2114 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
2115  const uint8_t *input, uint32_t input_len)
2116 {
2117  const uint8_t *initial_input = input;
2118 
2119  if (input_len == 0) {
2120  return 0;
2121  }
2122 
2123  if (ssl_state->curr_connp->record_lengths_length == 2) {
2124  switch (ssl_state->curr_connp->bytes_processed) {
2125  case 0:
2126  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2127  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
2128  ssl_state->curr_connp->content_type = input[2];
2129  ssl_state->curr_connp->version = SSL_VERSION_2;
2130  ssl_state->curr_connp->bytes_processed += 3;
2131  return 3;
2132  } else {
2133  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
2134  if (--input_len == 0)
2135  break;
2136  }
2137 
2138  /* fall through */
2139  case 1:
2140  ssl_state->curr_connp->record_length |= *(input++);
2141  if (--input_len == 0)
2142  break;
2143 
2144  /* fall through */
2145  case 2:
2146  ssl_state->curr_connp->content_type = *(input++);
2147  ssl_state->curr_connp->version = SSL_VERSION_2;
2148  if (--input_len == 0)
2149  break;
2150 
2151  /* fall through */
2152  }
2153 
2154  } else {
2155  switch (ssl_state->curr_connp->bytes_processed) {
2156  case 0:
2157  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2158  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
2159  ssl_state->curr_connp->content_type = input[3];
2160  ssl_state->curr_connp->version = SSL_VERSION_2;
2161  ssl_state->curr_connp->bytes_processed += 4;
2162  return 4;
2163  } else {
2164  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
2165  if (--input_len == 0)
2166  break;
2167  }
2168 
2169  /* fall through */
2170  case 1:
2171  ssl_state->curr_connp->record_length |= *(input++);
2172  if (--input_len == 0)
2173  break;
2174 
2175  /* fall through */
2176  case 2:
2177  /* padding */
2178  input++;
2179  if (--input_len == 0)
2180  break;
2181 
2182  /* fall through */
2183  case 3:
2184  ssl_state->curr_connp->content_type = *(input++);
2185  ssl_state->curr_connp->version = SSL_VERSION_2;
2186  if (--input_len == 0)
2187  break;
2188 
2189  /* fall through */
2190  }
2191  }
2192 
2193  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2194 
2195  return (input - initial_input);
2196 }
2197 
2198 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2199  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2200  const StreamSlice stream_slice)
2201 {
2202  const uint8_t *initial_input = input;
2203 
2204  if (ssl_state->curr_connp->bytes_processed == 0) {
2205  if (input[0] & 0x80) {
2206  ssl_state->curr_connp->record_lengths_length = 2;
2207  } else {
2208  ssl_state->curr_connp->record_lengths_length = 3;
2209  }
2210 
2211  SCLogDebug("record start: ssl2.hdr frame");
2212  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2213  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2214  }
2215 
2216  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2217  "ssl_state->curr_connp->bytes_processed %u",
2218  direction, ssl_state->curr_connp->record_lengths_length + 1,
2219  ssl_state->curr_connp->bytes_processed);
2220  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2221  to read the msg_type */
2222  if (ssl_state->curr_connp->bytes_processed <
2223  (ssl_state->curr_connp->record_lengths_length + 1)) {
2224  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2225  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2226  ssl_state->curr_connp->record_length);
2227  if (retval < 0 || retval > (int)input_len) {
2228  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2229  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2230  return SSL_DECODER_ERROR(-1);
2231  }
2232 
2233  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2234  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2235  direction, TLS_FRAME_SSLV2_PDU);
2236  SCLogDebug("record start: ssl2.pdu frame");
2237 
2238  input += retval;
2239  input_len -= retval;
2240  }
2241 
2242  /* if we don't have the full record, we return incomplete */
2243  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2244  input_len + ssl_state->curr_connp->bytes_processed) {
2245  uint32_t needed = ssl_state->curr_connp->record_length;
2246  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2247  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2248  needed);
2249  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2250  }
2251 
2252  if (input_len == 0) {
2253  return SSL_DECODER_OK((input - initial_input));
2254  }
2255 
2256  /* record_length should never be zero */
2257  if (ssl_state->curr_connp->record_length == 0) {
2258  SCLogDebug("SSLv2 record length is zero");
2259  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2260  return SSL_DECODER_ERROR(-1);
2261  }
2262 
2263  /* record_lengths_length should never be zero */
2264  if (ssl_state->curr_connp->record_lengths_length == 0) {
2265  SCLogDebug("SSLv2 record lengths length is zero");
2266  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2267  return SSL_DECODER_ERROR(-1);
2268  }
2269 
2270  switch (ssl_state->curr_connp->content_type) {
2271  case SSLV2_MT_ERROR:
2272  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2273  "in establishing the sslv2 session, may be version");
2274  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED);
2275 
2276  break;
2277 
2278  case SSLV2_MT_CLIENT_HELLO:
2279  if (input_len < 6) {
2280  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2281  return SSL_DECODER_ERROR(-1);
2282  }
2283 
2284  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2285  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2286 
2287  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2288  SCLogDebug("SSLv2: version %04x", version);
2289  ssl_state->curr_connp->version = version;
2290  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2291  input += 6;
2292  input_len -= 6;
2293  ssl_state->curr_connp->bytes_processed += 6;
2294  if (session_id_length == 0) {
2295  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2296  }
2297  break;
2298 
2299  case SSLV2_MT_CLIENT_MASTER_KEY:
2300  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2301  SCLogDebug("Client hello is not seen before master key "
2302  "message!");
2303  }
2304  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2305 
2306  break;
2307 
2308  case SSLV2_MT_CLIENT_CERTIFICATE:
2309  if (direction == 1) {
2310  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2311  "direction!");
2312  } else {
2313  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2314  }
2315 
2316  /* fall through */
2317  case SSLV2_MT_SERVER_VERIFY:
2318  case SSLV2_MT_SERVER_FINISHED:
2319  if (direction == 0 &&
2320  !(ssl_state->curr_connp->content_type &
2321  SSLV2_MT_CLIENT_CERTIFICATE)) {
2322  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2323  "direction!");
2324  }
2325 
2326  /* fall through */
2327  case SSLV2_MT_CLIENT_FINISHED:
2328  case SSLV2_MT_REQUEST_CERTIFICATE:
2329  /* both client hello and server hello must be seen */
2330  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2331  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2332 
2333  if (direction == 0) {
2334  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2335  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2336  SCLogDebug("SSLv2 client side has started the encryption");
2337  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2338  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2339  SCLogDebug("SSLv2 client side has started the encryption");
2340  }
2341  } else {
2342  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2343  SCLogDebug("SSLv2 Server side has started the encryption");
2344  }
2345 
2346  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2347  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2348  {
2349  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2350  AppLayerParserStateSetFlag(pstate,
2351  APP_LAYER_PARSER_NO_INSPECTION);
2352  }
2353 
2354  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2355  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2356  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2357  }
2358  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2359  }
2360  }
2361 
2362  break;
2363 
2364  case SSLV2_MT_SERVER_HELLO:
2365  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2366  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2367 
2368  break;
2369  }
2370 
2371  ssl_state->flags |= ssl_state->current_flags;
2372 
2373  if (input_len + ssl_state->curr_connp->bytes_processed >=
2374  (ssl_state->curr_connp->record_length +
2375  ssl_state->curr_connp->record_lengths_length)) {
2376 
2377  /* looks like we have another record after this */
2378  uint32_t diff = ssl_state->curr_connp->record_length +
2379  ssl_state->curr_connp->record_lengths_length + -
2380  ssl_state->curr_connp->bytes_processed;
2381  input += diff;
2382  SSLParserReset(ssl_state);
2383 
2384  /* we still don't have the entire record for the one we are
2385  currently parsing */
2386  } else {
2387  input += input_len;
2388  ssl_state->curr_connp->bytes_processed += input_len;
2389  }
2390  return SSL_DECODER_OK((input - initial_input));
2391 }
2392 
2393 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2394  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2395  const StreamSlice stream_slice)
2396 {
2397  uint32_t parsed = 0;
2398  uint32_t record_len; /* slice of input_len for the current record */
2399  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2400 
2401  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2402  const uint16_t prev_version = ssl_state->curr_connp->version;
2403 
2404  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2405  if (retval < 0 || retval > (int)input_len) {
2406  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2407  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2408  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
2409  return SSL_DECODER_ERROR(-1);
2410  }
2411  parsed = retval;
2412 
2413  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2414  input, ssl_state->curr_connp->record_length);
2415 
2416  /* first the hdr frame at our first chance */
2417  if (first_call) {
2418  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2419  direction, TLS_FRAME_HDR);
2420  }
2421 
2422  /* parser is streaming for the initial header, then switches to incomplete
2423  * API: so if we don't have the hdr yet, return consumed bytes and wait
2424  * until we are called again with new data. */
2425  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2426  SCLogDebug(
2427  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2428  return SSL_DECODER_OK(parsed);
2429  }
2430 
2431  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2432  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2433  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2434  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2435  SCLogDebug(
2436  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2437  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2438 
2439  bool unknown_record = false;
2440  switch (ssl_state->curr_connp->content_type) {
2441  case SSLV3_CHANGE_CIPHER_SPEC:
2442  case SSLV3_ALERT_PROTOCOL:
2443  case SSLV3_HANDSHAKE_PROTOCOL:
2444  case SSLV3_APPLICATION_PROTOCOL:
2445  case SSLV3_HEARTBEAT_PROTOCOL:
2446  break;
2447  default:
2448  unknown_record = true;
2449  break;
2450  }
2451 
2452  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2453  * on Wireshark logic. */
2454  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2455  if (unknown_record) {
2456  SCLogDebug("unknown record, ignore it");
2457  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2458 
2459  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2460  ssl_state->curr_connp->content_type = 0;
2461  ssl_state->curr_connp->record_length = 0;
2462  // restore last good version
2463  ssl_state->curr_connp->version = prev_version;
2464  return SSL_DECODER_OK(input_len); // consume everything
2465  }
2466  } else {
2467  if (unknown_record) {
2468  SCLogDebug("unknown record, fatal");
2469  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2470  return SSL_DECODER_ERROR(-1);
2471  }
2472  }
2473 
2474  /* record_length should never be zero */
2475  if (ssl_state->curr_connp->record_length == 0) {
2476  SCLogDebug("SSLv3 Record length is 0");
2477  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2478  return SSL_DECODER_ERROR(-1);
2479  }
2480 
2481  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2482  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2483  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_VERSION);
2484  return SSL_DECODER_ERROR(-1);
2485  }
2486 
2487  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2488  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2489  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2490  return SSL_DECODER_ERROR(-1);
2491  }
2492  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2493  } else {
2494  ValidateRecordState(ssl_state->curr_connp);
2495 
2496  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2497  record_len = MIN(input_len, record_len);
2498  }
2499  SCLogDebug("record length %u processed %u got %u",
2500  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2501 
2502  /* if we don't have the full record, we return incomplete */
2503  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2504  /* no need to use incomplete api buffering for application
2505  * records that we'll not use anyway. */
2506  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2507  SCLogDebug("application record");
2508  } else {
2509  uint32_t needed = ssl_state->curr_connp->record_length;
2510  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2511  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2512  DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
2513  return SSL_DECODER_INCOMPLETE(parsed, needed);
2514  }
2515  }
2516 
2517  if (record_len == 0) {
2518  return SSL_DECODER_OK(parsed);
2519  }
2520 
2521  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2522  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2523 
2524  switch (ssl_state->curr_connp->content_type) {
2525  /* we don't need any data from these types */
2526  case SSLV3_CHANGE_CIPHER_SPEC:
2527  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2528 
2529  if (direction) {
2530  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2531  } else {
2532  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2533  }
2534  break;
2535 
2536  case SSLV3_ALERT_PROTOCOL:
2537  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2538  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2539  break;
2540 
2541  case SSLV3_APPLICATION_PROTOCOL:
2542  /* In TLSv1.3 early data (0-RTT) could be sent before the
2543  handshake is complete (rfc8446, section 2.3). We should
2544  therefore not mark the handshake as done before we have
2545  seen the ServerHello record. */
2546  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2547  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2548  break;
2549 
2550  /* if we see (encrypted) application data, then this means the
2551  handshake must be done */
2552  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2553 
2554  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2555  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2556  AppLayerParserStateSetFlag(pstate,
2557  APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD);
2558  }
2559 
2560  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2561  * heartbeat lke inspection to be able to be able to bypass the flow */
2562  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2563  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2564  AppLayerParserStateSetFlag(pstate,
2565  APP_LAYER_PARSER_NO_REASSEMBLY);
2566  AppLayerParserStateSetFlag(pstate,
2567  APP_LAYER_PARSER_NO_INSPECTION);
2568  AppLayerParserStateSetFlag(pstate,
2569  APP_LAYER_PARSER_BYPASS_READY);
2570  }
2571  break;
2572 
2573  case SSLV3_HANDSHAKE_PROTOCOL: {
2574  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2575  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2576  compatibility (rfc8446, appendix D.4). */
2577  // Client hello flags is needed to have a valid version
2578  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2579  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2580  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2581  /* do nothing */
2582  } else {
2583  // if we started parsing this, we must stop
2584  break;
2585  }
2586  }
2587 
2588  if (ssl_state->curr_connp->record_length < 4) {
2589  SSLParserReset(ssl_state);
2590  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2591  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2592  return SSL_DECODER_ERROR(-1);
2593  }
2594 
2595  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2596  record_len, direction);
2597  SCLogDebug("retval %d", retval);
2598  if (retval < 0 || retval > (int)record_len) {
2599  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2600  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
2601  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2602  return SSL_DECODER_ERROR(-1);
2603  }
2604  ValidateRecordState(ssl_state->curr_connp);
2605  break;
2606  }
2607  case SSLV3_HEARTBEAT_PROTOCOL: {
2608  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2609  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2610  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2611  record_len, direction);
2612  if (retval < 0) {
2613  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2614  return SSL_DECODER_ERROR(-1);
2615  }
2616  break;
2617  }
2618  default:
2619  // should be unreachable now that we check after header parsing
2620  DEBUG_VALIDATE_BUG_ON(1);
2621  SCLogDebug("unsupported record type");
2622  return SSL_DECODER_ERROR(-1);
2623  }
2624 
2625  parsed += record_len;
2626  ssl_state->curr_connp->bytes_processed += record_len;
2627 
2628  if (ssl_state->curr_connp->bytes_processed >=
2629  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2630  SCLogDebug("record complete, trigger RAW");
2631  AppLayerParserTriggerRawStreamReassembly(
2632  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2633  SSLParserReset(ssl_state);
2634  ValidateRecordState(ssl_state->curr_connp);
2635  return SSL_DECODER_OK(parsed);
2636 
2637  } else {
2638  /* we still don't have the entire record for the one we are
2639  currently parsing */
2640  ValidateRecordState(ssl_state->curr_connp);
2641  return SSL_DECODER_OK(parsed);
2642  }
2643 }
2644 
2645 /**
2646  * \internal
2647  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2648  *
2649  * On parsing error, this should be the only function that should reset
2650  * the parser state, to avoid multiple functions in the chain resetting
2651  * the parser state.
2652  *
2653  * \param direction 0 for toserver, 1 for toclient.
2654  * \param alstate Pointer to the state.
2655  * \param pstate Application layer parser state for this session.
2656  * \param output Pointer to the list of parsed output elements.
2657  *
2658  * \todo On reaching an inconsistent state, check if the input has
2659  * another new record, instead of just returning after the reset
2660  *
2661  * \retval >=0 On success.
2662  */
2663 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2664  AppLayerParserState *pstate, StreamSlice stream_slice)
2665 {
2666  SSLState *ssl_state = (SSLState *)alstate;
2667  uint32_t counter = 0;
2668  ssl_state->f = f;
2669  const uint8_t *input = StreamSliceGetData(&stream_slice);
2670  const uint8_t *init_input = input;
2671  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2672 
2673  if (input == NULL &&
2674  ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2675  (direction == 1 &&
2676  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
2677  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2678  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2679  SCReturnStruct(APP_LAYER_OK);
2680  } else if (input == NULL || input_len == 0) {
2681  SCReturnStruct(APP_LAYER_ERROR);
2682  }
2683 
2684  if (direction == 0)
2685  ssl_state->curr_connp = &ssl_state->client_connp;
2686  else
2687  ssl_state->curr_connp = &ssl_state->server_connp;
2688 
2689  /* If entering on a new record, reset the current flags. */
2690  if (ssl_state->curr_connp->bytes_processed == 0) {
2691  ssl_state->current_flags = 0;
2692  }
2693 
2694  /* if we have more than one record */
2695  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2696  while (input_len > 0) {
2697  if (counter > max_records) {
2698  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2699  "and get out of here");
2700  SSLParserReset(ssl_state);
2701  SSLSetEvent(ssl_state,
2702  TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET);
2703  return APP_LAYER_ERROR;
2704  }
2705 
2706  /* ssl_state->bytes_processed is zero for a fresh record or
2707  positive to indicate a record currently being parsed */
2708 
2709  if (ssl_state->curr_connp->bytes_processed == 0) {
2710  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2711  /* only SSLv2, has one of the top 2 bits set */
2712  ssl_state->curr_connp->version = SSL_VERSION_2;
2713  SCLogDebug("SSLv2 detected");
2714  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2715  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2716  SCLogDebug("SSL/TLS version reset");
2717  }
2718  }
2719  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2720  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2721 
2722  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2723  if (ssl_state->curr_connp->bytes_processed == 0) {
2724  SCLogDebug("New SSLv2 record parsing");
2725  } else {
2726  SCLogDebug("Continuing parsing SSLv2 record");
2727  }
2728  struct SSLDecoderResult r =
2729  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2730  if (r.retval < 0 || r.retval > input_len) {
2731  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2732  SCLogDebug("Error parsing SSLv2. Resetting parser "
2733  "state. Let's get outta here");
2734  SSLParserReset(ssl_state);
2735  SSLSetEvent(ssl_state,
2736  TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2737  return APP_LAYER_ERROR;
2738  } else if (r.needed) {
2739  input += r.retval;
2740  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2741  (uintmax_t)(input - init_input), r.needed);
2742  SCReturnStruct(APP_LAYER_INCOMPLETE(input - init_input, r.needed));
2743  }
2744  input_len -= r.retval;
2745  input += r.retval;
2746  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2747  } else {
2748  if (ssl_state->curr_connp->bytes_processed == 0) {
2749  SCLogDebug("New TLS record: record_length %u",
2750  ssl_state->curr_connp->record_length);
2751  } else {
2752  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2753  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2754  }
2755  struct SSLDecoderResult r =
2756  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2757  if (r.retval < 0 || r.retval > input_len) {
2758  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2759  SCLogDebug("Error parsing TLS. Resetting parser "
2760  "state. Let's get outta here");
2761  SSLParserReset(ssl_state);
2762  return APP_LAYER_ERROR;
2763  } else if (r.needed) {
2764  input += r.retval;
2765  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2766  (uintmax_t)(input - init_input), r.needed);
2767  SCReturnStruct(APP_LAYER_INCOMPLETE(input - init_input, r.needed));
2768  }
2769  input_len -= r.retval;
2770  input += r.retval;
2771  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2772 
2773  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
2774  && ssl_state->curr_connp->record_length == 0) {
2775  SCLogDebug("TLS empty record");
2776  /* empty record */
2777  SSLParserReset(ssl_state);
2778  }
2779  }
2780  counter++;
2781  } /* while (input_len) */
2782 
2783  /* mark handshake as done if we have subject and issuer */
2784  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2785  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2786  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2787  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2788  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2789  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2790  SCLogDebug("SSL_AL_FLAG_HANDSHAKE_DONE");
2791  ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;
2792  }
2793 
2794  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2795  if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
2796  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
2797  SCLogDebug("SSL_AL_FLAG_STATE_FINISHED");
2798  ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED;
2799  }
2800 
2801  return APP_LAYER_OK;
2802 }
2803 
2804 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2805  StreamSlice stream_slice, void *local_data)
2806 {
2807  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2808 }
2809 
2810 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2811  StreamSlice stream_slice, void *local_data)
2812 {
2813  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2814 }
2815 
2816 /**
2817  * \internal
2818  * \brief Function to allocate the SSL state memory.
2819  */
2820 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2821 {
2822  SSLState *ssl_state = SCCalloc(1, sizeof(SSLState));
2823  if (unlikely(ssl_state == NULL))
2824  return NULL;
2825  ssl_state->client_connp.cert_log_flag = 0;
2826  ssl_state->server_connp.cert_log_flag = 0;
2827  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2828  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2829  TAILQ_INIT(&ssl_state->server_connp.certs);
2830  TAILQ_INIT(&ssl_state->client_connp.certs);
2831 
2832  return (void *)ssl_state;
2833 }
2834 
2835 /**
2836  * \internal
2837  * \brief Function to free the SSL state memory.
2838  */
2839 static void SSLStateFree(void *p)
2840 {
2841  SSLState *ssl_state = (SSLState *)p;
2842  SSLCertsChain *item;
2843 
2844  if (ssl_state->client_connp.cert0_subject)
2845  rs_cstring_free(ssl_state->client_connp.cert0_subject);
2846  if (ssl_state->client_connp.cert0_issuerdn)
2847  rs_cstring_free(ssl_state->client_connp.cert0_issuerdn);
2848  if (ssl_state->client_connp.cert0_serial)
2849  rs_cstring_free(ssl_state->client_connp.cert0_serial);
2850  if (ssl_state->client_connp.cert0_fingerprint)
2851  SCFree(ssl_state->client_connp.cert0_fingerprint);
2852  if (ssl_state->client_connp.sni)
2853  SCFree(ssl_state->client_connp.sni);
2854  if (ssl_state->client_connp.session_id)
2855  SCFree(ssl_state->client_connp.session_id);
2856  if (ssl_state->client_connp.hs_buffer)
2857  SCFree(ssl_state->client_connp.hs_buffer);
2858 
2859  if (ssl_state->server_connp.cert0_subject)
2860  rs_cstring_free(ssl_state->server_connp.cert0_subject);
2861  if (ssl_state->server_connp.cert0_issuerdn)
2862  rs_cstring_free(ssl_state->server_connp.cert0_issuerdn);
2863  if (ssl_state->server_connp.cert0_serial)
2864  rs_cstring_free(ssl_state->server_connp.cert0_serial);
2865  if (ssl_state->server_connp.cert0_fingerprint)
2866  SCFree(ssl_state->server_connp.cert0_fingerprint);
2867  if (ssl_state->server_connp.sni)
2868  SCFree(ssl_state->server_connp.sni);
2869  if (ssl_state->server_connp.session_id)
2870  SCFree(ssl_state->server_connp.session_id);
2871 
2872  if (ssl_state->client_connp.ja4)
2873  SCJA4Free(ssl_state->client_connp.ja4);
2874  if (ssl_state->client_connp.ja3_str)
2875  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
2876  if (ssl_state->client_connp.ja3_hash)
2877  SCFree(ssl_state->client_connp.ja3_hash);
2878  if (ssl_state->server_connp.ja3_str)
2879  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
2880  if (ssl_state->server_connp.ja3_hash)
2881  SCFree(ssl_state->server_connp.ja3_hash);
2882  if (ssl_state->server_connp.hs_buffer)
2883  SCFree(ssl_state->server_connp.hs_buffer);
2884 
2885  AppLayerDecoderEventsFreeEvents(&ssl_state->tx_data.events);
2886 
2887  if (ssl_state->tx_data.de_state != NULL) {
2888  DetectEngineStateFree(ssl_state->tx_data.de_state);
2889  }
2890 
2891  /* Free certificate chain */
2892  if (ssl_state->server_connp.certs_buffer)
2893  SCFree(ssl_state->server_connp.certs_buffer);
2894  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
2895  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
2896  SCFree(item);
2897  }
2898  TAILQ_INIT(&ssl_state->server_connp.certs);
2899  /* Free certificate chain */
2900  if (ssl_state->client_connp.certs_buffer)
2901  SCFree(ssl_state->client_connp.certs_buffer);
2902  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
2903  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
2904  SCFree(item);
2905  }
2906  TAILQ_INIT(&ssl_state->client_connp.certs);
2907 
2908  SCFree(ssl_state);
2909 
2910  return;
2911 }
2912 
2913 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
2914 {
2915  /* do nothing */
2916 }
2917 
2918 static AppProto SSLProbingParser(Flow *f, uint8_t direction,
2919  const uint8_t *input, uint32_t ilen, uint8_t *rdir)
2920 {
2921  /* probably a rst/fin sending an eof */
2922  if (ilen < 3)
2923  return ALPROTO_UNKNOWN;
2924 
2925  /* for now just the 3 byte header ones */
2926  /* \todo Detect the 2 byte ones */
2927  if ((input[0] & 0x80) && (input[2] == 0x01)) {
2928  return ALPROTO_TLS;
2929  }
2930 
2931  return ALPROTO_FAILED;
2932 }
2933 
2934 static int SSLStateGetFrameIdByName(const char *frame_name)
2935 {
2936  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
2937  if (id < 0) {
2938  return -1;
2939  }
2940  return id;
2941 }
2942 
2943 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
2944 {
2945  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
2946  return name;
2947 }
2948 
2949 static int SSLStateGetEventInfo(const char *event_name,
2950  int *event_id, AppLayerEventType *event_type)
2951 {
2952  *event_id = SCMapEnumNameToValue(event_name, tls_decoder_event_table);
2953  if (*event_id == -1) {
2954  SCLogError("event \"%s\" not present in "
2955  "ssl's enum map table.",
2956  event_name);
2957  /* yes this is fatal */
2958  return -1;
2959  }
2960 
2961  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2962 
2963  return 0;
2964 }
2965 
2966 static int SSLStateGetEventInfoById(int event_id, const char **event_name,
2967  AppLayerEventType *event_type)
2968 {
2969  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
2970  if (*event_name == NULL) {
2971  SCLogError("event \"%d\" not present in "
2972  "ssl's enum map table.",
2973  event_id);
2974  /* yes this is fatal */
2975  return -1;
2976  }
2977 
2978  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
2979 
2980  return 0;
2981 }
2982 
2983 static int SSLRegisterPatternsForProtocolDetection(void)
2984 {
2985  if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
2986  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
2987  return -1;
2988  }
2989 
2990  /** SSLv3 */
2991  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
2992  "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
2993  {
2994  return -1;
2995  }
2996  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
2997  "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
2998  {
2999  return -1;
3000  }
3001 
3002  /** TLSv1 */
3003  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3004  "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3005  {
3006  return -1;
3007  }
3008  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3009  "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3010  {
3011  return -1;
3012  }
3013 
3014  /** TLSv1.1 */
3015  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3016  "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3017  {
3018  return -1;
3019  }
3020  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3021  "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3022  {
3023  return -1;
3024  }
3025 
3026  /** TLSv1.2 */
3027  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3028  "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3029  {
3030  return -1;
3031  }
3032  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3033  "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3034  {
3035  return -1;
3036  }
3037 
3038  /***** toclient direction *****/
3039 
3040  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3041  "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3042  {
3043  return -1;
3044  }
3045  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3046  "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3047  {
3048  return -1;
3049  }
3050  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3051  "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3052  {
3053  return -1;
3054  }
3055 
3056  /** TLSv1 */
3057  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3058  "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3059  {
3060  return -1;
3061  }
3062  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3063  "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3064  {
3065  return -1;
3066  }
3067  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3068  "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3069  {
3070  return -1;
3071  }
3072 
3073  /** TLSv1.1 */
3074  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3075  "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3076  {
3077  return -1;
3078  }
3079  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3080  "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3081  {
3082  return -1;
3083  }
3084  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3085  "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3086  {
3087  return -1;
3088  }
3089 
3090  /** TLSv1.2 */
3091  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3092  "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3093  {
3094  return -1;
3095  }
3096  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3097  "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3098  {
3099  return -1;
3100  }
3101  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3102  "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3103  {
3104  return -1;
3105  }
3106 
3107  /* Subsection - SSLv2 style record by client, but informing the server
3108  * the max version it supports.
3109  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
3110  * it after some tests */
3111 #if 0
3112  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3113  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
3114  {
3115  return -1;
3116  }
3117  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3118  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
3119  {
3120  return -1;
3121  }
3122 #endif
3123 
3124  return 0;
3125 }
3126 
3127 #ifdef HAVE_JA3
3128 static void CheckJA3Enabled(void)
3129 {
3130  const char *strval = NULL;
3131  /* Check if we should generate JA3 fingerprints */
3132  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3133  if (ConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3134  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3135  } else if (strcmp(strval, "auto") == 0) {
3136  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3137  } else if (ConfValIsFalse(strval)) {
3138  enable_ja3 = 0;
3139  ssl_config.disable_ja3 = true;
3140  } else if (ConfValIsTrue(strval)) {
3141  enable_ja3 = true;
3142  }
3143  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3144  if (!ssl_config.disable_ja3 && !g_disable_hashing) {
3145  /* The feature is available, i.e. _could_ be activated by a rule or
3146  even is enabled in the configuration. */
3147  ProvidesFeature(FEATURE_JA3);
3148  }
3149 }
3150 #endif /* HAVE_JA3 */
3151 
3152 #ifdef HAVE_JA4
3153 static void CheckJA4Enabled(void)
3154 {
3155  const char *strval = NULL;
3156  /* Check if we should generate JA4 fingerprints */
3157  int enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3158  if (ConfGet("app-layer.protocols.tls.ja4-fingerprints", &strval) != 1) {
3159  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3160  } else if (strcmp(strval, "auto") == 0) {
3161  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3162  } else if (ConfValIsFalse(strval)) {
3163  enable_ja4 = 0;
3164  ssl_config.disable_ja4 = true;
3165  } else if (ConfValIsTrue(strval)) {
3166  enable_ja4 = true;
3167  }
3168  SC_ATOMIC_SET(ssl_config.enable_ja4, enable_ja4);
3169  if (!ssl_config.disable_ja4 && !g_disable_hashing) {
3170  /* The feature is available, i.e. _could_ be activated by a rule or
3171  even is enabled in the configuration. */
3172  ProvidesFeature(FEATURE_JA4);
3173  }
3174 }
3175 #endif /* HAVE_JA4 */
3176 
3177 /**
3178  * \brief Function to register the SSL protocol parser and other functions
3179  */
3180 void RegisterSSLParsers(void)
3181 {
3182  const char *proto_name = "tls";
3183 
3184  SC_ATOMIC_INIT(ssl_config.enable_ja3);
3185 
3186  /** SSLv2 and SSLv23*/
3187  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
3188  AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
3189 
3190  if (SSLRegisterPatternsForProtocolDetection() < 0)
3191  return;
3192 
3193  if (RunmodeIsUnittests()) {
3194  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3195  "443",
3196  ALPROTO_TLS,
3197  0, 3,
3198  STREAM_TOSERVER,
3199  SSLProbingParser, NULL);
3200  } else {
3201  if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
3202  proto_name, ALPROTO_TLS,
3203  0, 3,
3204  SSLProbingParser, NULL) == 0) {
3205  SCLogConfig("no TLS config found, "
3206  "enabling TLS detection on port 443.");
3207  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3208  "443",
3209  ALPROTO_TLS,
3210  0, 3,
3211  STREAM_TOSERVER,
3212  SSLProbingParser, NULL);
3213  }
3214  }
3215  } else {
3216  SCLogConfig("Protocol detection and parser disabled for %s protocol",
3217  proto_name);
3218  return;
3219  }
3220 
3221  if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
3222  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
3223  SSLParseClientRecord);
3224 
3225  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3226  SSLParseServerRecord);
3227 
3228  AppLayerParserRegisterGetFrameFuncs(
3229  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3230  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3231  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3232 
3233  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3234 
3235  AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER);
3236 
3237  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3238 
3239  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3240  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3241  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3242 
3243  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3244 
3245  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3246 
3247  AppLayerParserRegisterStateProgressCompletionStatus(
3248  ALPROTO_TLS, TLS_STATE_FINISHED, TLS_STATE_FINISHED);
3249 
3250  ConfNode *enc_handle = ConfGetNode("app-layer.protocols.tls.encryption-handling");
3251  if (enc_handle != NULL && enc_handle->val != NULL) {
3252  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3253  if (strcmp(enc_handle->val, "full") == 0) {
3254  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_FULL;
3255  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3256  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3257  } else if (strcmp(enc_handle->val, "default") == 0) {
3258  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_DEFAULT;
3259  } else {
3260  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_DEFAULT;
3261  }
3262  } else {
3263  /* Get the value of no reassembly option from the config file */
3264  if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3265  int value = 0;
3266  if (ConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3267  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3268  } else {
3269  int value = 0;
3270  if (ConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 && value == 1)
3271  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3272  }
3273  }
3274  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3275 
3276 #ifdef HAVE_JA3
3277  CheckJA3Enabled();
3278 #endif /* HAVE_JA3 */
3279 #ifdef HAVE_JA4
3280  CheckJA4Enabled();
3281 #endif /* HAVE_JA4 */
3282 
3283  if (g_disable_hashing) {
3284  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3285  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3286  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3287  }
3288  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3289  SCLogWarning("Hashing has been disabled, disabling JA4");
3290  SC_ATOMIC_SET(ssl_config.enable_ja4, 0);
3291  }
3292  } else {
3293  if (RunmodeIsUnittests()) {
3294 #ifdef HAVE_JA3
3295  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3296 #endif /* HAVE_JA3 */
3297 #ifdef HAVE_JA4
3298  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3299 #endif /* HAVE_JA4 */
3300  }
3301  }
3302  } else {
3303  SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.", proto_name);
3304  }
3305 
3306  return;
3307 }
3308 
3309 /**
3310  * \brief if not explicitly disabled in config, enable ja3 support
3311  *
3312  * Implemented using atomic to allow rule reloads to do this at
3313  * runtime.
3314  */
3315 void SSLEnableJA3(void)
3316 {
3317  if (g_disable_hashing || ssl_config.disable_ja3) {
3318  return;
3319  }
3320  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3321  return;
3322  }
3323  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3324 }
3325 
3326 /**
3327  * \brief if not explicitly disabled in config, enable ja4 support
3328  *
3329  * Implemented using atomic to allow rule reloads to do this at
3330  * runtime.
3331  */
3332 void SSLEnableJA4(void)
3333 {
3334  if (g_disable_hashing || ssl_config.disable_ja4) {
3335  return;
3336  }
3337  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3338  return;
3339  }
3340  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3341 }
3342 
3343 /**
3344  * \brief return whether ja3 is effectively enabled
3345  *
3346  * This means that it either has been enabled explicitly or has been
3347  * enabled by having loaded a rule while not being explicitly disabled.
3348  *
3349  * \retval true if enabled, false otherwise
3350  */
3351 bool SSLJA3IsEnabled(void)
3352 {
3353  return SC_ATOMIC_GET(ssl_config.enable_ja3);
3354 }
3355 
3356 /**
3357  * \brief return whether ja4 is effectively enabled
3358  *
3359  * This means that it either has been enabled explicitly or has been
3360  * enabled by having loaded a rule while not being explicitly disabled.
3361  *
3362  * \retval true if enabled, false otherwise
3363  */
3364 bool SSLJA4IsEnabled(void)
3365 {
3366  return SC_ATOMIC_GET(ssl_config.enable_ja4);
3367 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:171
TLS_VERSION_10
@ TLS_VERSION_10
Definition: app-layer-ssl.h:165
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:60
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
TLS_VERSION_13_DRAFT20
@ TLS_VERSION_13_DRAFT20
Definition: app-layer-ssl.h:177
util-byte.h
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:250
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:482
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:69
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:288
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:163
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:143
AppLayerProtoDetectPPParseConfPorts
int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1583
JA3Buffer_
Definition: util-ja3.h:31
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:225
TLS_STATE_CERT_READY
@ TLS_STATE_CERT_READY
Definition: app-layer-ssl.h:78
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:213
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:217
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:144
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
flow-util.h
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
SSL_VERSION_3
@ SSL_VERSION_3
Definition: app-layer-ssl.h:164
TLS_VERSION_13_DRAFT21
@ TLS_VERSION_13_DRAFT21
Definition: app-layer-ssl.h:176
SSL_AL_FLAG_HANDSHAKE_DONE
#define SSL_AL_FLAG_HANDSHAKE_DONE
Definition: app-layer-ssl.h:113
ConfNode_::val
char * val
Definition: conf.h:34
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:483
stream-tcp.h
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:188
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:298
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:142
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:237
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:306
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:33
TLS_VERSION_13_DRAFT19
@ TLS_VERSION_13_DRAFT19
Definition: app-layer-ssl.h:178
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3332
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:127
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:245
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:38
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:199
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:307
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:253
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:116
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:64
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:81
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:268
SSLStateConnp_
Definition: app-layer-ssl.h:230
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:326
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1556
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:68
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:270
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:149
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:247
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
threads.h
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:92
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:355
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:148
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:289
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:99
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: util-file.h:40
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:73
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:180
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:534
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:396
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
TLS_VERSION_11
@ TLS_VERSION_11
Definition: app-layer-ssl.h:166
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:292
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:271
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:182
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:493
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:175
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:197
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:134
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:138
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:304
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Definition: util-ja3.c:315
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:189
MIN
#define MIN(x, y)
Definition: suricata-common.h:391
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:133
util-ja3.h
stream-tcp-reassemble.h
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:101
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:291
SSL_VERSION_2
@ SSL_VERSION_2
Definition: app-layer-ssl.h:163
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:258
SSLStateConnp_::ja4
JA4 * ja4
Definition: app-layer-ssl.h:272
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:186
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
MAX
#define MAX(x, y)
Definition: suricata-common.h:395
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:277
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:39
util-unittest.h
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:234
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:87
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:251
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:537
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:66
TLS_VERSION_13_PRE_DRAFT16
@ TLS_VERSION_13_PRE_DRAFT16
Definition: app-layer-ssl.h:182
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:279
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:92
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:93
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:254
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:302
AppLayerProtoDetectPPRegister
void AppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1543
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:72
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:110
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:198
app-layer-detect-proto.h
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:61
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:223
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:71
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
SSL_CNF_ENC_HANDLE_DEFAULT
@ SSL_CNF_ENC_HANDLE_DEFAULT
Definition: app-layer-ssl.c:153
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:100
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
feature.h
decode.h
TLS_VERSION_13_DRAFT28
@ TLS_VERSION_13_DRAFT28
Definition: app-layer-ssl.h:169
util-debug.h
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
AppLayerParserState_
Definition: app-layer-parser.c:132
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:212
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3351
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:133
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Definition: util-ja3.c:310
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:242
TLS_VERSION_12
@ TLS_VERSION_12
Definition: app-layer-ssl.h:167
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:200
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:222
TLS_VERSION_13
@ TLS_VERSION_13
Definition: app-layer-ssl.h:168
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:280
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:264
TLS_HANDSHAKE_DONE
@ TLS_HANDSHAKE_DONE
Definition: app-layer-ssl.h:79
SSLCertsChain_
Definition: app-layer-ssl.h:223
util-print.h
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:561
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:277
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:130
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:417
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:67
AppLayerProtoDetectPMRegisterPatternCSwPP
int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1670
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:145
SSLVersionToString
void SSLVersionToString(uint16_t version, char *buffer)
Definition: app-layer-ssl.c:345
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:36
TLS_STATE_FINISHED
@ TLS_STATE_FINISHED
Definition: app-layer-ssl.h:80
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:98
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:157
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:152
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:109
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:62
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:100
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:203
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:195
stream.h
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:133
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:63
SSL_EXTENSION_ALPN
#define SSL_EXTENSION_ALPN
Definition: app-layer-ssl.h:145
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
type
uint16_t type
Definition: decode-vlan.c:107
stream-tcp-private.h
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:40
conf.h
SSL_CONFIG_DEFAULT_JA4
#define SSL_CONFIG_DEFAULT_JA4
Definition: app-layer-ssl.c:150
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:119
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3315
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:571
TLS_VERSION_13_DRAFT24
@ TLS_VERSION_13_DRAFT24
Definition: app-layer-ssl.h:173
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:232
SslConfig_
Definition: app-layer-ssl.c:158
SSL_AL_FLAG_STATE_FINISHED
#define SSL_AL_FLAG_STATE_FINISHED
Definition: app-layer-ssl.h:105
TLS_VERSION_13_DRAFT22_FB
@ TLS_VERSION_13_DRAFT22_FB
Definition: app-layer-ssl.h:185
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:194
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1761
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:174
TLS_VERSION_UNKNOWN
@ TLS_VERSION_UNKNOWN
Definition: app-layer-ssl.h:162
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:172
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:201
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:224
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:254
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:265
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:35
TLS_VERSION_13_DRAFT23
@ TLS_VERSION_13_DRAFT23
Definition: app-layer-ssl.h:174
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:384
DetectEngineStateFree
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
Definition: detect-engine-state.c:172
TLS_VERSION_13_DRAFT20_FB
@ TLS_VERSION_13_DRAFT20_FB
Definition: app-layer-ssl.h:183
decode-events.h
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:135
TLS_VERSION_13_DRAFT26
@ TLS_VERSION_13_DRAFT26
Definition: app-layer-ssl.h:171
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:187
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:84
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:219
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:515
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:135
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1780
SSLDecoderResult
Definition: app-layer-ssl.c:221
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:88
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1358
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:249
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:206
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:225
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:90
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:291
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:143
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3180
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:132
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:208
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:230
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:146
SSL_EXTENSION_SIGNATURE_ALGORITHMS
#define SSL_EXTENSION_SIGNATURE_ALGORITHMS
Definition: app-layer-ssl.h:144
TLS_VERSION_13_DRAFT27
@ TLS_VERSION_13_DRAFT27
Definition: app-layer-ssl.h:170
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Definition: util-ja3.c:320
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:147
SCEnumCharMap_
Definition: util-enum.h:27
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:137
util-spm.h
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:240
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:284
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:593
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:278
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:235
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:65
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:583
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:416
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:136
FEATURE_JA4
#define FEATURE_JA4
Definition: feature.h:30
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:159
TLS_VERSION_13_DRAFT21_FB
@ TLS_VERSION_13_DRAFT21_FB
Definition: app-layer-ssl.h:184
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:178
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:86
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:184
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:151
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:196
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:168
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
str
#define str(s)
Definition: suricata-common.h:291
TLS_STATE_IN_PROGRESS
@ TLS_STATE_IN_PROGRESS
Definition: app-layer-ssl.h:77
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:60
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
TLS_VERSION_13_DRAFT26_FB
@ TLS_VERSION_13_DRAFT26_FB
Definition: app-layer-ssl.h:187
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:140
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:549
src
uint16_t src
Definition: app-layer-dnp3.h:5
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:193
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:562
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:94
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:173
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3364
SslConfig_::disable_ja4
bool disable_ja4
Definition: app-layer-ssl.c:165
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:71
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:179
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:267
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:209
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:111
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja4)
app-layer-protos.h
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:504
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:154
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:92
SslConfig
struct SslConfig_ SslConfig
TLS_VERSION_13_DRAFT16
@ TLS_VERSION_13_DRAFT16
Definition: app-layer-ssl.h:181
FEATURE_JA3
#define FEATURE_JA3
Definition: feature.h:29
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:95
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1657
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:37
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:260
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:141
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:139
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:255
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:215
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:269
TLS_VERSION_13_DRAFT17
@ TLS_VERSION_13_DRAFT17
Definition: app-layer-ssl.h:180
AppLayerParserStateIssetFlag
uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1788
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:185
util-enum.h
util-pool.h
TLS_VERSION_13_DRAFT18
@ TLS_VERSION_13_DRAFT18
Definition: app-layer-ssl.h:179
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
TLS_VERSION_13_DRAFT23_FB
@ TLS_VERSION_13_DRAFT23_FB
Definition: app-layer-ssl.h:186
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:276
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1936
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:252
TLS_VERSION_13_DRAFT25
@ TLS_VERSION_13_DRAFT25
Definition: app-layer-ssl.h:172
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:70
app-layer-ssl.h
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:181
WARN_UNUSED
#define WARN_UNUSED
Definition: suricata-common.h:403
TLS_VERSION_13_DRAFT22
@ TLS_VERSION_13_DRAFT22
Definition: app-layer-ssl.h:175
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:123
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:190
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:108
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:91
app-layer.h
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:155
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:295
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:239
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:183
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:210