suricata
app-layer-ssl.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  * \author Mats Klepsland <mats.klepsland@gmail.com>
24  *
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 
30 #include "app-layer.h"
31 #include "app-layer-detect-proto.h"
32 #include "app-layer-protos.h"
33 #include "app-layer-parser.h"
34 #include "app-layer-frames.h"
35 #include "app-layer-ssl.h"
36 
37 #include "conf.h"
38 
39 #include "feature.h"
40 
41 #include "util-debug.h"
42 #include "util-ja3.h"
43 #include "util-enum.h"
44 #include "util-validate.h"
45 
46 static SCEnumCharMap tls_state_client_table[] = {
47  {
48  "client_in_progress",
49  TLS_STATE_CLIENT_IN_PROGRESS,
50  },
51  {
52  "client_hello_done",
53  TLS_STATE_CLIENT_HELLO_DONE,
54  },
55  {
56  "client_cert_done",
57  TLS_STATE_CLIENT_CERT_DONE,
58  },
59  {
60  "client_handshake_done",
61  TLS_STATE_CLIENT_HANDSHAKE_DONE,
62  },
63  {
64  "client_finished",
65  TLS_STATE_CLIENT_FINISHED,
66  },
67  { NULL, -1 },
68 };
69 
70 static SCEnumCharMap tls_state_server_table[] = {
71  {
72  "server_in_progress",
73  TLS_STATE_SERVER_IN_PROGRESS,
74  },
75  {
76  "server_hello",
77  TLS_STATE_SERVER_HELLO,
78  },
79  {
80  "server_cert_done",
81  TLS_STATE_SERVER_CERT_DONE,
82  },
83  {
84  "server_hello_done",
85  TLS_STATE_SERVER_HELLO_DONE,
86  },
87  {
88  "server_handshake_done",
89  TLS_STATE_SERVER_HANDSHAKE_DONE,
90  },
91  {
92  "server_finished",
93  TLS_STATE_SERVER_FINISHED,
94  },
95  { NULL, -1 },
96 };
97 
98 SCEnumCharMap tls_frame_table[] = {
99  {
100  "pdu",
101  TLS_FRAME_PDU,
102  },
103  {
104  "hdr",
105  TLS_FRAME_HDR,
106  },
107  {
108  "data",
109  TLS_FRAME_DATA,
110  },
111  {
112  "alert",
113  TLS_FRAME_ALERT_DATA,
114  },
115  {
116  "heartbeat",
117  TLS_FRAME_HB_DATA,
118  },
119  {
120  "ssl2.hdr",
121  TLS_FRAME_SSLV2_HDR,
122  },
123  {
124  "ssl2.pdu",
125  TLS_FRAME_SSLV2_PDU,
126  },
127  { NULL, -1 },
128 };
129 
130 SCEnumCharMap tls_decoder_event_table[] = {
131  /* TLS protocol messages */
132  { "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
133  { "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
134  { "INVALID_RECORD_VERSION", TLS_DECODER_EVENT_INVALID_RECORD_VERSION },
135  { "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
136  { "INVALID_RECORD_LENGTH", TLS_DECODER_EVENT_INVALID_RECORD_LENGTH },
137  { "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
138  { "HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_HEARTBEAT },
139  { "INVALID_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_INVALID_HEARTBEAT },
140  { "OVERFLOW_HEARTBEAT_MESSAGE", TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT },
141  { "DATALEAK_HEARTBEAT_MISMATCH", TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH },
142  { "HANDSHAKE_INVALID_LENGTH", TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH },
143  { "MULTIPLE_SNI_EXTENSIONS", TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS },
144  { "INVALID_SNI_TYPE", TLS_DECODER_EVENT_INVALID_SNI_TYPE },
145  { "INVALID_SNI_LENGTH", TLS_DECODER_EVENT_INVALID_SNI_LENGTH },
146  { "TOO_MANY_RECORDS_IN_PACKET", TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET },
147  { "INVALID_ALERT_MESSAGE", TLS_DECODER_EVENT_INVALID_ALERT },
148  /* certificate decoding messages */
149  { "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
150  { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
151  { "CERTIFICATE_INVALID_VERSION", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION },
152  { "CERTIFICATE_INVALID_SERIAL", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL },
153  { "CERTIFICATE_INVALID_ALGORITHMIDENTIFIER",
154  TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER },
155  { "CERTIFICATE_INVALID_X509NAME", TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME },
156  { "CERTIFICATE_INVALID_DATE", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE },
157  { "CERTIFICATE_INVALID_EXTENSIONS", TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS },
158  { "CERTIFICATE_INVALID_DER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER },
159  { "CERTIFICATE_INVALID_SUBJECT", TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT },
160  { "CERTIFICATE_INVALID_ISSUER", TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER },
161  { "CERTIFICATE_INVALID_VALIDITY", TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY },
162  { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
163  /* used as a generic error event */
164  { "INVALID_SSL_RECORD", TLS_DECODER_EVENT_INVALID_SSL_RECORD },
165  { NULL, -1 },
166 };
167 
168 enum {
169  /* X.509 error codes, returned by decoder
170  * THESE CONSTANTS MUST MATCH rust/src/x509/mod.rs ! */
171  ERR_INVALID_CERTIFICATE=1,
172  ERR_INVALID_LENGTH,
173  ERR_INVALID_VERSION,
174  ERR_INVALID_SERIAL,
175  ERR_INVALID_ALGORITHMIDENTIFIER,
176  ERR_INVALID_X509NAME,
177  ERR_INVALID_DATE,
178  ERR_INVALID_EXTENSIONS,
179  ERR_INVALID_DER,
180 
181  /* error getting data */
182  ERR_EXTRACT_SUBJECT,
183  ERR_EXTRACT_ISSUER,
184  ERR_EXTRACT_VALIDITY,
185 };
186 
187 /* JA3 and JA4 fingerprints are disabled by default */
188 #define SSL_CONFIG_DEFAULT_JA3 0
189 #define SSL_CONFIG_DEFAULT_JA4 0
190 
191 enum SslConfigEncryptHandling {
192  SSL_CNF_ENC_HANDLE_TRACK_ONLY = 0, /**< disable raw content, continue tracking */
193  SSL_CNF_ENC_HANDLE_BYPASS = 1, /**< skip processing of flow, bypass if possible */
194  SSL_CNF_ENC_HANDLE_FULL = 2, /**< handle fully like any other proto */
195 };
196 
197 typedef struct SslConfig_ {
198  enum SslConfigEncryptHandling encrypt_mode;
199  /** dynamic setting for ja3 and ja4: can be enabled on demand if not
200  * explicitly disabled. */
201  SC_ATOMIC_DECLARE(int, enable_ja3);
202  bool disable_ja3; /**< ja3 explicitly disabled. Don't enable on demand. */
203  SC_ATOMIC_DECLARE(int, enable_ja4);
204  bool disable_ja4; /**< ja4 explicitly disabled. Don't enable on demand. */
205 } SslConfig;
206 
207 SslConfig ssl_config;
208 
209 /* SSLv3 record types */
210 #define SSLV3_CHANGE_CIPHER_SPEC 20
211 #define SSLV3_ALERT_PROTOCOL 21
212 #define SSLV3_HANDSHAKE_PROTOCOL 22
213 #define SSLV3_APPLICATION_PROTOCOL 23
214 #define SSLV3_HEARTBEAT_PROTOCOL 24
215 
216 /* SSLv3 handshake protocol types */
217 #define SSLV3_HS_HELLO_REQUEST 0
218 #define SSLV3_HS_CLIENT_HELLO 1
219 #define SSLV3_HS_SERVER_HELLO 2
220 #define SSLV3_HS_NEW_SESSION_TICKET 4
221 #define SSLV3_HS_CERTIFICATE 11
222 #define SSLV3_HS_SERVER_KEY_EXCHANGE 12
223 #define SSLV3_HS_CERTIFICATE_REQUEST 13
224 #define SSLV3_HS_SERVER_HELLO_DONE 14
225 #define SSLV3_HS_CERTIFICATE_VERIFY 15
226 #define SSLV3_HS_CLIENT_KEY_EXCHANGE 16
227 #define SSLV3_HS_FINISHED 20
228 #define SSLV3_HS_CERTIFICATE_URL 21
229 #define SSLV3_HS_CERTIFICATE_STATUS 22
230 
231 /* SSLv2 protocol message types */
232 #define SSLV2_MT_ERROR 0
233 #define SSLV2_MT_CLIENT_HELLO 1
234 #define SSLV2_MT_CLIENT_MASTER_KEY 2
235 #define SSLV2_MT_CLIENT_FINISHED 3
236 #define SSLV2_MT_SERVER_HELLO 4
237 #define SSLV2_MT_SERVER_VERIFY 5
238 #define SSLV2_MT_SERVER_FINISHED 6
239 #define SSLV2_MT_REQUEST_CERTIFICATE 7
240 #define SSLV2_MT_CLIENT_CERTIFICATE 8
241 
242 #define SSLV3_RECORD_HDR_LEN 5
243 /** max length according to RFC 5246 6.2.2 is 2^14 + 1024 */
244 #define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024)
245 
246 #define SSLV3_CLIENT_HELLO_VERSION_LEN 2
247 #define SSLV3_CLIENT_HELLO_RANDOM_LEN 32
248 
249 /* TLS heartbeat protocol types */
250 #define TLS_HB_REQUEST 1
251 #define TLS_HB_RESPONSE 2
252 
253 #define SSL_RECORD_MINIMUM_LENGTH 6
254 
255 #define SHA1_STRING_LENGTH 60
256 
257 #define HAS_SPACE(n) ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len))
258 
259 struct SSLDecoderResult {
260  int retval; // nr bytes consumed from input, or < 0 on error
261  uint32_t needed; // more bytes needed
262 };
263 #define SSL_DECODER_ERROR(e) \
264  (struct SSLDecoderResult) \
265  { \
266  (e), 0 \
267  }
268 #define SSL_DECODER_OK(c) \
269  (struct SSLDecoderResult) \
270  { \
271  (uint32_t)(c), 0 \
272  }
273 #define SSL_DECODER_INCOMPLETE(c, n) \
274  (struct SSLDecoderResult) \
275  { \
276  (uint32_t)(c), (n) \
277  }
278 
279 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
280  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy) WARN_UNUSED;
281 
282 static inline int SafeMemcpy(void *dst, size_t dst_offset, size_t dst_size,
283  const void *src, size_t src_offset, size_t src_size, size_t src_tocopy)
284 {
285  DEBUG_VALIDATE_BUG_ON(dst_offset >= dst_size);
286  DEBUG_VALIDATE_BUG_ON(src_offset >= src_size);
287  DEBUG_VALIDATE_BUG_ON(src_tocopy > (src_size - src_offset));
288  DEBUG_VALIDATE_BUG_ON(src_tocopy > (dst_size - dst_offset));
289 
290  if (dst_offset < dst_size && src_offset < src_size &&
291  src_tocopy <= (src_size - src_offset) &&
292  src_tocopy <= (dst_size - dst_offset)) {
293  memcpy(dst + dst_offset, src + src_offset, src_tocopy);
294  return 0;
295  }
296  return -1;
297 }
298 
299 #ifdef DEBUG_VALIDATION
300 #define ValidateRecordState(connp) \
301  do { \
302  DEBUG_VALIDATE_BUG_ON(((connp)->record_length + SSLV3_RECORD_HDR_LEN) < \
303  (connp)->bytes_processed); \
304  } while(0);
305 #else
306 #define ValidateRecordState(...)
307 #endif
308 
309 #define SSLParserHSReset(connp) \
310  do { \
311  (connp)->handshake_type = 0; \
312  (connp)->message_length = 0; \
313  } while (0)
314 
315 #define SSLParserReset(state) \
316  do { \
317  SCLogDebug("resetting state"); \
318  (state)->curr_connp->bytes_processed = 0; \
319  SSLParserHSReset((state)->curr_connp); \
320  } while(0)
321 
322 #define SSLSetEvent(ssl_state, event) \
323  do { \
324  SCLogDebug("setting event %u", (event)); \
325  if ((ssl_state) == NULL) { \
326  SCLogDebug("could not set decoder event %u", event); \
327  } else { \
328  AppLayerDecoderEventsSetEventRaw(&(ssl_state)->tx_data.events, (event)); \
329  (ssl_state)->events++; \
330  } \
331  } while (0)
332 
333 static void SSLStateCertSANFree(SSLStateConnp *connp);
334 
335 static void *SSLGetTx(void *state, uint64_t tx_id)
336 {
337  SSLState *ssl_state = (SSLState *)state;
338  return ssl_state;
339 }
340 
341 static uint64_t SSLGetTxCnt(void *state)
342 {
343  /* single tx */
344  return 1;
345 }
346 
347 static void UpdateClientState(SSLState *ssl_state, enum TlsStateClient s)
348 {
349 #ifdef DEBUG
350  enum TlsStateClient old = ssl_state->client_state;
351 #endif
352  ssl_state->client_state = s;
353 #ifdef DEBUG
354  SCLogDebug("toserver: state updated to %u from %u", s, old);
355 #endif
356 }
357 
358 static void UpdateServerState(SSLState *ssl_state, enum TlsStateServer s)
359 {
360 #ifdef DEBUG
361  enum TlsStateServer old = ssl_state->server_state;
362 #endif
363  ssl_state->server_state = s;
364 #ifdef DEBUG
365  SCLogDebug("toclient: state updated to %u from %u", s, old);
366 #endif
367 }
368 
369 static int SSLGetAlstateProgress(void *tx, uint8_t direction)
370 {
371  SSLState *ssl_state = (SSLState *)tx;
372  if (direction & STREAM_TOCLIENT) {
373  return ssl_state->server_state;
374  } else {
375  return ssl_state->client_state;
376  }
377 }
378 
379 static AppLayerTxData *SSLGetTxData(void *vtx)
380 {
381  SSLState *ssl_state = (SSLState *)vtx;
382  return &ssl_state->tx_data;
383 }
384 
385 static AppLayerStateData *SSLGetStateData(void *vstate)
386 {
387  SSLState *ssl_state = (SSLState *)vstate;
388  return &ssl_state->state_data;
389 }
390 
391 void SSLVersionToString(uint16_t version, char *buffer)
392 {
393  buffer[0] = '\0';
394 
395  switch (version) {
396  case TLS_VERSION_UNKNOWN:
397  strlcat(buffer, "UNDETERMINED", 13);
398  break;
399  case SSL_VERSION_2:
400  strlcat(buffer, "SSLv2", 6);
401  break;
402  case SSL_VERSION_3:
403  strlcat(buffer, "SSLv3", 6);
404  break;
405  case TLS_VERSION_10:
406  strlcat(buffer, "TLSv1", 6);
407  break;
408  case TLS_VERSION_11:
409  strlcat(buffer, "TLS 1.1", 8);
410  break;
411  case TLS_VERSION_12:
412  strlcat(buffer, "TLS 1.2", 8);
413  break;
414  case TLS_VERSION_13:
415  strlcat(buffer, "TLS 1.3", 8);
416  break;
417  case TLS_VERSION_13_DRAFT28:
418  strlcat(buffer, "TLS 1.3 draft-28", 17);
419  break;
420  case TLS_VERSION_13_DRAFT27:
421  strlcat(buffer, "TLS 1.3 draft-27", 17);
422  break;
423  case TLS_VERSION_13_DRAFT26:
424  strlcat(buffer, "TLS 1.3 draft-26", 17);
425  break;
426  case TLS_VERSION_13_DRAFT25:
427  strlcat(buffer, "TLS 1.3 draft-25", 17);
428  break;
429  case TLS_VERSION_13_DRAFT24:
430  strlcat(buffer, "TLS 1.3 draft-24", 17);
431  break;
432  case TLS_VERSION_13_DRAFT23:
433  strlcat(buffer, "TLS 1.3 draft-23", 17);
434  break;
435  case TLS_VERSION_13_DRAFT22:
436  strlcat(buffer, "TLS 1.3 draft-22", 17);
437  break;
438  case TLS_VERSION_13_DRAFT21:
439  strlcat(buffer, "TLS 1.3 draft-21", 17);
440  break;
441  case TLS_VERSION_13_DRAFT20:
442  strlcat(buffer, "TLS 1.3 draft-20", 17);
443  break;
444  case TLS_VERSION_13_DRAFT19:
445  strlcat(buffer, "TLS 1.3 draft-19", 17);
446  break;
447  case TLS_VERSION_13_DRAFT18:
448  strlcat(buffer, "TLS 1.3 draft-18", 17);
449  break;
450  case TLS_VERSION_13_DRAFT17:
451  strlcat(buffer, "TLS 1.3 draft-17", 17);
452  break;
453  case TLS_VERSION_13_DRAFT16:
454  strlcat(buffer, "TLS 1.3 draft-16", 17);
455  break;
456  case TLS_VERSION_13_PRE_DRAFT16:
457  strlcat(buffer, "TLS 1.3 draft-<16", 18);
458  break;
459  case TLS_VERSION_13_DRAFT20_FB:
460  strlcat(buffer, "TLS 1.3 draft-20-fb", 20);
461  break;
462  case TLS_VERSION_13_DRAFT21_FB:
463  strlcat(buffer, "TLS 1.3 draft-21-fb", 20);
464  break;
465  case TLS_VERSION_13_DRAFT22_FB:
466  strlcat(buffer, "TLS 1.3 draft-22-fb", 20);
467  break;
468  case TLS_VERSION_13_DRAFT23_FB:
469  strlcat(buffer, "TLS 1.3 draft-23-fb", 20);
470  break;
471  case TLS_VERSION_13_DRAFT26_FB:
472  strlcat(buffer, "TLS 1.3 draft-26-fb", 20);
473  break;
474  default:
475  snprintf(buffer, 7, "0x%04x", version);
476  break;
477  }
478 }
479 
480 static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
481 {
482  switch(err) {
483  case ERR_EXTRACT_VALIDITY:
484  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY);
485  break;
486  case ERR_EXTRACT_ISSUER:
487  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER);
488  break;
489  case ERR_EXTRACT_SUBJECT:
490  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT);
491  break;
492  case ERR_INVALID_DER:
493  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER);
494  break;
495  case ERR_INVALID_EXTENSIONS:
496  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS);
497  break;
498  case ERR_INVALID_DATE:
499  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE);
500  break;
501  case ERR_INVALID_X509NAME:
502  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME);
503  break;
504  case ERR_INVALID_ALGORITHMIDENTIFIER:
505  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER);
506  break;
507  case ERR_INVALID_SERIAL:
508  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL);
509  break;
510  case ERR_INVALID_VERSION:
511  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION);
512  break;
513  case ERR_INVALID_LENGTH:
514  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH);
515  break;
516  case ERR_INVALID_CERTIFICATE:
517  default:
518  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
519  break;
520  }
521 }
522 
523 static inline int TlsDecodeHSCertificateFingerprint(
524  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
525 {
526  if (unlikely(connp->cert0_fingerprint != NULL))
527  return 0;
528 
529  connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH);
530  if (connp->cert0_fingerprint == NULL)
531  return -1;
532 
533  uint8_t hash[SC_SHA1_LEN];
534  if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
535  rs_to_hex_sep(
536  (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
537  }
538  return 0;
539 }
540 
541 static inline int TlsDecodeHSCertificateAddCertToChain(
542  SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
543 {
544  SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
545  if (cert == NULL)
546  return -1;
547 
548  cert->cert_data = (uint8_t *)input;
549  cert->cert_len = cert_len;
550  TAILQ_INSERT_TAIL(&connp->certs, cert, next);
551 
552  return 0;
553 }
554 
555 static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
556  const uint8_t *const initial_input, const uint32_t input_len, const int certn)
557 {
558  const uint8_t *input = (uint8_t *)initial_input;
559  uint32_t err_code = 0;
560  X509 *x509 = NULL;
561  int rc = 0;
562 
563  if (!(HAS_SPACE(3)))
564  goto invalid_cert;
565 
566  uint32_t cert_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
567  input += 3;
568 
569  if (!(HAS_SPACE(cert_len)))
570  goto invalid_cert;
571 
572  /* only store fields from the first certificate in the chain */
573  if (certn == 0 && connp->cert0_subject == NULL && connp->cert0_issuerdn == NULL &&
574  connp->cert0_serial == NULL) {
575  x509 = rs_x509_decode(input, cert_len, &err_code);
576  if (x509 == NULL) {
577  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
578  goto next;
579  }
580 
581  char *str = rs_x509_get_subject(x509);
582  if (str == NULL) {
583  err_code = ERR_EXTRACT_SUBJECT;
584  goto error;
585  }
586  connp->cert0_subject = str;
587 
588  str = rs_x509_get_issuer(x509);
589  if (str == NULL) {
590  err_code = ERR_EXTRACT_ISSUER;
591  goto error;
592  }
593  connp->cert0_issuerdn = str;
594 
595  connp->cert0_sans_len = rs_x509_get_subjectaltname_len(x509);
596  char **sans = SCCalloc(connp->cert0_sans_len, sizeof(char *));
597  if (sans == NULL) {
598  goto error;
599  }
600  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
601  sans[i] = rs_x509_get_subjectaltname_at(x509, i);
602  }
603  connp->cert0_sans = sans;
604  str = rs_x509_get_serial(x509);
605  if (str == NULL) {
606  err_code = ERR_INVALID_SERIAL;
607  goto error;
608  }
609  connp->cert0_serial = str;
610 
611  rc = rs_x509_get_validity(x509, &connp->cert0_not_before, &connp->cert0_not_after);
612  if (rc != 0) {
613  err_code = ERR_EXTRACT_VALIDITY;
614  goto error;
615  }
616 
617  rs_x509_free(x509);
618  x509 = NULL;
619 
620  rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
621  if (rc != 0) {
622  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
623  goto error;
624  }
625  }
626 
627  rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
628  if (rc != 0) {
629  SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
630  goto error;
631  }
632 
633 next:
634  input += cert_len;
635  return (int)(input - initial_input);
636 
637 error:
638  if (err_code != 0)
639  TlsDecodeHSCertificateErrSetEvent(ssl_state, err_code);
640  if (x509 != NULL)
641  rs_x509_free(x509);
642 
643  SSLStateCertSANFree(connp);
644  return -1;
645 
646 invalid_cert:
647  SCLogDebug("TLS invalid certificate");
648  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_CERTIFICATE);
649  return -1;
650 }
651 
652 /** \internal
653  * \brief parse cert data in a certificate handshake message
654  * will be called with all data.
655  * \retval consumed bytes consumed or -1 on error
656  */
657 static int TlsDecodeHSCertificates(SSLState *ssl_state, SSLStateConnp *connp,
658  const uint8_t *const initial_input, const uint32_t input_len)
659 {
660  const uint8_t *input = (uint8_t *)initial_input;
661 
662  if (!(HAS_SPACE(3)))
663  return -1;
664 
665  const uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
666  input += 3;
667 
668  if (!(HAS_SPACE(cert_chain_len)))
669  return -1;
670 
671  if (connp->certs_buffer != NULL) {
672  // TODO should we set an event here?
673  return -1;
674  }
675 
676  connp->certs_buffer = SCCalloc(1, cert_chain_len);
677  if (connp->certs_buffer == NULL) {
678  return -1;
679  }
680  connp->certs_buffer_size = cert_chain_len;
681  memcpy(connp->certs_buffer, input, cert_chain_len);
682 
683  int cert_cnt = 0;
684  uint32_t processed_len = 0;
685  /* coverity[tainted_data] */
686  while (processed_len < cert_chain_len) {
687  int rc = TlsDecodeHSCertificate(ssl_state, connp, connp->certs_buffer + processed_len,
688  connp->certs_buffer_size - processed_len, cert_cnt);
689  if (rc <= 0) { // 0 should be impossible, but lets be defensive
690  return -1;
691  }
692  DEBUG_VALIDATE_BUG_ON(processed_len + (uint32_t)rc > cert_chain_len);
693  if (processed_len + (uint32_t)rc > cert_chain_len) {
694  return -1;
695  }
696 
697  processed_len += (uint32_t)rc;
698  }
699 
700  return processed_len + 3;
701 }
702 
703 /**
704  * \inline
705  * \brief Check if value is GREASE.
706  *
707  * http://tools.ietf.org/html/draft-davidben-tls-grease-00
708  *
709  * \param value Value to check.
710  *
711  * \retval 1 if is GREASE.
712  * \retval 0 if not is GREASE.
713  */
714 static inline int TLSDecodeValueIsGREASE(const uint16_t value)
715 {
716  switch (value)
717  {
718  case 0x0a0a:
719  case 0x1a1a:
720  case 0x2a2a:
721  case 0x3a3a:
722  case 0x4a4a:
723  case 0x5a5a:
724  case 0x6a6a:
725  case 0x7a7a:
726  case 0x8a8a:
727  case 0x9a9a:
728  case 0xaaaa:
729  case 0xbaba:
730  case 0xcaca:
731  case 0xdada:
732  case 0xeaea:
733  case 0xfafa:
734  return 1;
735  default:
736  return 0;
737  }
738 }
739 
740 static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
741  const uint8_t * const initial_input,
742  const uint32_t input_len)
743 {
744  uint8_t *input = (uint8_t *)initial_input;
745 
746  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_VERSION_LEN))) {
747  SCLogDebug("TLS handshake invalid length");
748  SSLSetEvent(ssl_state,
749  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
750  return -1;
751  }
752 
753  uint16_t version = (uint16_t)(*input << 8) | *(input + 1);
754  ssl_state->curr_connp->version = version;
755 
756  if (ssl_state->curr_connp->ja4 != NULL &&
757  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
758  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, version);
759  }
760 
761  /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
762  versions, instead of using the supported versions extension. */
763  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
764  ((ssl_state->curr_connp->version == TLS_VERSION_13) ||
765  (((ssl_state->curr_connp->version >> 8) & 0xff) == 0x7f))) {
766  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
767  }
768 
769  /* Catch some early TLSv1.3 draft implementations that does not conform
770  to the draft version. */
771  if ((ssl_state->curr_connp->version >= 0x7f01) &&
772  (ssl_state->curr_connp->version < 0x7f10)) {
773  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
774  }
775 
776  /* TLSv1.3 drafts from draft1 to draft15 use 0x0304 (TLSv1.3) as the
777  version number, which makes it hard to accurately pinpoint the
778  exact draft version. */
779  else if (ssl_state->curr_connp->version == TLS_VERSION_13) {
780  ssl_state->curr_connp->version = TLS_VERSION_13_PRE_DRAFT16;
781  }
782 
783  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_str == NULL) {
784  ssl_state->curr_connp->ja3_str = Ja3BufferInit();
785  if (ssl_state->curr_connp->ja3_str == NULL)
786  return -1;
787 
788  int rc = Ja3BufferAddValue(&ssl_state->curr_connp->ja3_str, version);
789  if (rc != 0)
790  return -1;
791  }
792 
793  input += SSLV3_CLIENT_HELLO_VERSION_LEN;
794 
795  return (int)(input - initial_input);
796 }
797 
798 static inline int TLSDecodeHSHelloRandom(SSLState *ssl_state,
799  const uint8_t * const initial_input,
800  const uint32_t input_len)
801 {
802  uint8_t *input = (uint8_t *)initial_input;
803 
804  if (!(HAS_SPACE(SSLV3_CLIENT_HELLO_RANDOM_LEN))) {
805  SCLogDebug("TLS handshake invalid length");
806  SSLSetEvent(ssl_state,
807  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
808  return -1;
809  }
810 
811  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
812  memcpy(ssl_state->server_connp.random, input, TLS_RANDOM_LEN);
813  ssl_state->flags |= TLS_TS_RANDOM_SET;
814  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
815  memcpy(ssl_state->client_connp.random, input, TLS_RANDOM_LEN);
816  ssl_state->flags |= TLS_TC_RANDOM_SET;
817  }
818 
819  /* Skip random */
820  input += SSLV3_CLIENT_HELLO_RANDOM_LEN;
821 
822  return (int)(input - initial_input);
823 }
824 
825 static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
826  const uint8_t * const initial_input,
827  const uint32_t input_len)
828 {
829  uint8_t *input = (uint8_t *)initial_input;
830 
831  if (!(HAS_SPACE(1)))
832  goto invalid_length;
833 
834  uint8_t session_id_length = *input;
835  input += 1;
836 
837  if (!(HAS_SPACE(session_id_length)))
838  goto invalid_length;
839 
840  if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
841  ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
842 
843  if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
844  return -1;
845  }
846 
847  if (SafeMemcpy(ssl_state->curr_connp->session_id, 0, session_id_length,
848  input, 0, input_len, session_id_length) != 0) {
849  return -1;
850  }
851  ssl_state->curr_connp->session_id_length = session_id_length;
852 
853  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
854  ssl_state->client_connp.session_id != NULL &&
855  ssl_state->server_connp.session_id != NULL) {
856  if ((ssl_state->client_connp.session_id_length ==
857  ssl_state->server_connp.session_id_length) &&
858  (memcmp(ssl_state->server_connp.session_id,
859  ssl_state->client_connp.session_id, session_id_length) == 0)) {
860  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
861  }
862  }
863  }
864 
865  input += session_id_length;
866 
867  return (int)(input - initial_input);
868 
869 invalid_length:
870  SCLogDebug("TLS handshake invalid length");
871  SSLSetEvent(ssl_state,
872  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
873  return -1;
874 }
875 
876 static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
877  const uint8_t * const initial_input,
878  const uint32_t input_len)
879 {
880  const uint8_t *input = initial_input;
881 
882  if (!(HAS_SPACE(2)))
883  goto invalid_length;
884 
885  uint16_t cipher_suites_length;
886 
887  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
888  cipher_suites_length = 2;
889  } else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
890  cipher_suites_length = (uint16_t)(*input << 8) | *(input + 1);
891  input += 2;
892  } else {
893  return -1;
894  }
895 
896  if (!(HAS_SPACE(cipher_suites_length)))
897  goto invalid_length;
898 
899  /* Cipher suites length should always be divisible by 2 */
900  if ((cipher_suites_length % 2) != 0) {
901  goto invalid_length;
902  }
903 
904  const bool enable_ja3 =
905  SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL;
906 
907  if (enable_ja3 || SC_ATOMIC_GET(ssl_config.enable_ja4)) {
908  JA3Buffer *ja3_cipher_suites = NULL;
909 
910  if (enable_ja3) {
911  ja3_cipher_suites = Ja3BufferInit();
912  if (ja3_cipher_suites == NULL)
913  return -1;
914  }
915 
916  uint16_t processed_len = 0;
917  /* coverity[tainted_data] */
918  while (processed_len < cipher_suites_length)
919  {
920  if (!(HAS_SPACE(2))) {
921  if (enable_ja3) {
922  Ja3BufferFree(&ja3_cipher_suites);
923  }
924  goto invalid_length;
925  }
926 
927  uint16_t cipher_suite = (uint16_t)(*input << 8) | *(input + 1);
928  input += 2;
929 
930  if (TLSDecodeValueIsGREASE(cipher_suite) != 1) {
931  if (ssl_state->curr_connp->ja4 != NULL &&
932  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
933  SCJA4AddCipher(ssl_state->curr_connp->ja4, cipher_suite);
934  }
935  if (enable_ja3) {
936  int rc = Ja3BufferAddValue(&ja3_cipher_suites, cipher_suite);
937  if (rc != 0) {
938  return -1;
939  }
940  }
941  }
942  processed_len += 2;
943  }
944 
945  if (enable_ja3) {
946  int rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str, &ja3_cipher_suites);
947  if (rc == -1) {
948  return -1;
949  }
950  }
951 
952  } else {
953  /* Skip cipher suites */
954  input += cipher_suites_length;
955  }
956 
957  return (int)(input - initial_input);
958 
959 invalid_length:
960  SCLogDebug("TLS handshake invalid length");
961  SSLSetEvent(ssl_state,
962  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
963  return -1;
964 }
965 
966 static inline int TLSDecodeHSHelloCompressionMethods(SSLState *ssl_state,
967  const uint8_t * const initial_input,
968  const uint32_t input_len)
969 {
970  const uint8_t *input = initial_input;
971 
972  if (!(HAS_SPACE(1)))
973  goto invalid_length;
974 
975  /* Skip compression methods */
976  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
977  input += 1;
978  } else {
979  uint8_t compression_methods_length = *input;
980  input += 1;
981 
982  if (!(HAS_SPACE(compression_methods_length)))
983  goto invalid_length;
984 
985  input += compression_methods_length;
986  }
987 
988  return (int)(input - initial_input);
989 
990 invalid_length:
991  SCLogDebug("TLS handshake invalid_length");
992  SSLSetEvent(ssl_state,
993  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
994  return -1;
995 }
996 
997 static inline int TLSDecodeHSHelloExtensionSni(SSLState *ssl_state,
998  const uint8_t * const initial_input,
999  const uint32_t input_len)
1000 {
1001  uint8_t *input = (uint8_t *)initial_input;
1002 
1003  /* Empty extension */
1004  if (input_len == 0)
1005  return 0;
1006 
1007  if (!(HAS_SPACE(2)))
1008  goto invalid_length;
1009 
1010  /* Skip sni_list_length */
1011  input += 2;
1012 
1013  if (!(HAS_SPACE(1)))
1014  goto invalid_length;
1015 
1016  uint8_t sni_type = *input;
1017  input += 1;
1018 
1019  /* Currently the only type allowed is host_name
1020  (RFC6066 section 3). */
1021  if (sni_type != SSL_SNI_TYPE_HOST_NAME) {
1022  SCLogDebug("Unknown SNI type");
1023  SSLSetEvent(ssl_state,
1024  TLS_DECODER_EVENT_INVALID_SNI_TYPE);
1025  return -1;
1026  }
1027 
1028  if (!(HAS_SPACE(2)))
1029  goto invalid_length;
1030 
1031  uint16_t sni_len = (uint16_t)(*input << 8) | *(input + 1);
1032  input += 2;
1033 
1034  /* host_name contains the fully qualified domain name,
1035  and should therefore be limited by the maximum domain
1036  name length. */
1037  if (!(HAS_SPACE(sni_len)) || sni_len > 255 || sni_len == 0) {
1038  SSLSetEvent(ssl_state,
1039  TLS_DECODER_EVENT_INVALID_SNI_LENGTH);
1040  return -1;
1041  }
1042 
1043  /* There must not be more than one extension of the same
1044  type (RFC5246 section 7.4.1.4). */
1045  if (ssl_state->curr_connp->sni) {
1046  SCLogDebug("Multiple SNI extensions");
1047  SSLSetEvent(ssl_state,
1048  TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS);
1049  input += sni_len;
1050  return (int)(input - initial_input);
1051  }
1052 
1053  const size_t sni_strlen = sni_len + 1;
1054  ssl_state->curr_connp->sni = SCMalloc(sni_strlen);
1055  if (unlikely(ssl_state->curr_connp->sni == NULL))
1056  return -1;
1057 
1058  const size_t consumed = input - initial_input;
1059  if (SafeMemcpy(ssl_state->curr_connp->sni, 0, sni_strlen,
1060  initial_input, consumed, input_len, sni_len) != 0) {
1061  SCFree(ssl_state->curr_connp->sni);
1062  ssl_state->curr_connp->sni = NULL;
1063  return -1;
1064  }
1065  ssl_state->curr_connp->sni[sni_strlen-1] = 0;
1066 
1067  input += sni_len;
1068 
1069  return (int)(input - initial_input);
1070 
1071 invalid_length:
1072  SCLogDebug("TLS handshake invalid length");
1073  SSLSetEvent(ssl_state,
1074  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1075 
1076 
1077  return -1;
1078 }
1079 
1080 static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state,
1081  const uint8_t * const initial_input,
1082  const uint32_t input_len)
1083 {
1084  const uint8_t *input = initial_input;
1085 
1086  /* Empty extension */
1087  if (input_len == 0)
1088  return 0;
1089 
1090  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1091  if (!(HAS_SPACE(1)))
1092  goto invalid_length;
1093 
1094  uint8_t supported_ver_len = *input;
1095  input += 1;
1096 
1097  if (supported_ver_len < 2)
1098  goto invalid_length;
1099 
1100  if (!(HAS_SPACE(supported_ver_len)))
1101  goto invalid_length;
1102 
1103  /* Use the first (and preferred) valid version as client version,
1104  * skip over GREASE and other possible noise. */
1105  uint16_t i = 0;
1106  while (i + 1 < (uint16_t)supported_ver_len) {
1107  uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
1108  if (TLSVersionValid(ver)) {
1109  ssl_state->curr_connp->version = ver;
1110  if (ssl_state->curr_connp->ja4 != NULL &&
1111  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1112  SCJA4SetTLSVersion(ssl_state->curr_connp->ja4, ver);
1113  }
1114  break;
1115  }
1116  i += 2;
1117  }
1118 
1119  /* Set a flag to indicate that we have seen this extension */
1120  ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;
1121 
1122  input += supported_ver_len;
1123  }
1124  else if (ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) {
1125  if (!(HAS_SPACE(2)))
1126  goto invalid_length;
1127 
1128  uint16_t ver = (uint16_t)(*input << 8) | *(input + 1);
1129 
1130  if ((ssl_state->flags & SSL_AL_FLAG_CH_VERSION_EXTENSION) &&
1131  (ver > TLS_VERSION_12)) {
1132  ssl_state->flags |= SSL_AL_FLAG_LOG_WITHOUT_CERT;
1133  }
1134 
1135  ssl_state->curr_connp->version = ver;
1136  input += 2;
1137  }
1138 
1139  return (int)(input - initial_input);
1140 
1141 invalid_length:
1142  SCLogDebug("TLS handshake invalid length");
1143  SSLSetEvent(ssl_state,
1144  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1145 
1146  return -1;
1147 }
1148 
1149 static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
1150  const uint8_t * const initial_input,
1151  const uint32_t input_len,
1152  JA3Buffer *ja3_elliptic_curves)
1153 {
1154  const uint8_t *input = initial_input;
1155 
1156  /* Empty extension */
1157  if (input_len == 0)
1158  return 0;
1159 
1160  if (!(HAS_SPACE(2)))
1161  goto invalid_length;
1162 
1163  uint16_t elliptic_curves_len = (uint16_t)(*input << 8) | *(input + 1);
1164  input += 2;
1165 
1166  if (!(HAS_SPACE(elliptic_curves_len)))
1167  goto invalid_length;
1168 
1169  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves) {
1170  uint16_t ec_processed_len = 0;
1171  /* coverity[tainted_data] */
1172  while (ec_processed_len < elliptic_curves_len)
1173  {
1174  if (!(HAS_SPACE(2)))
1175  goto invalid_length;
1176 
1177  uint16_t elliptic_curve = (uint16_t)(*input << 8) | *(input + 1);
1178  input += 2;
1179 
1180  if (TLSDecodeValueIsGREASE(elliptic_curve) != 1) {
1181  int rc = Ja3BufferAddValue(&ja3_elliptic_curves,
1182  elliptic_curve);
1183  if (rc != 0)
1184  return -1;
1185  }
1186 
1187  ec_processed_len += 2;
1188  }
1189 
1190  } else {
1191  /* Skip elliptic curves */
1192  input += elliptic_curves_len;
1193  }
1194 
1195  return (int)(input - initial_input);
1196 
1197 invalid_length:
1198  SCLogDebug("TLS handshake invalid length");
1199  SSLSetEvent(ssl_state,
1200  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1201 
1202  return -1;
1203 }
1204 
1205 static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
1206  const uint8_t * const initial_input,
1207  const uint32_t input_len,
1208  JA3Buffer *ja3_elliptic_curves_pf)
1209 {
1210  const uint8_t *input = initial_input;
1211 
1212  /* Empty extension */
1213  if (input_len == 0)
1214  return 0;
1215 
1216  if (!(HAS_SPACE(1)))
1217  goto invalid_length;
1218 
1219  uint8_t ec_pf_len = *input;
1220  input += 1;
1221 
1222  if (!(HAS_SPACE(ec_pf_len)))
1223  goto invalid_length;
1224 
1225  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves_pf) {
1226  uint8_t ec_pf_processed_len = 0;
1227  /* coverity[tainted_data] */
1228  while (ec_pf_processed_len < ec_pf_len)
1229  {
1230  uint8_t elliptic_curve_pf = *input;
1231  input += 1;
1232 
1233  if (TLSDecodeValueIsGREASE(elliptic_curve_pf) != 1) {
1234  int rc = Ja3BufferAddValue(&ja3_elliptic_curves_pf,
1235  elliptic_curve_pf);
1236  if (rc != 0)
1237  return -1;
1238  }
1239 
1240  ec_pf_processed_len += 1;
1241  }
1242 
1243  } else {
1244  /* Skip elliptic curve point formats */
1245  input += ec_pf_len;
1246  }
1247 
1248  return (int)(input - initial_input);
1249 
1250 invalid_length:
1251  SCLogDebug("TLS handshake invalid length");
1252  SSLSetEvent(ssl_state,
1253  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1254 
1255  return -1;
1256 }
1257 
1258 static inline int TLSDecodeHSHelloExtensionSigAlgorithms(
1259  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1260 {
1261  const uint8_t *input = initial_input;
1262 
1263  /* Empty extension */
1264  if (input_len == 0)
1265  return 0;
1266 
1267  if (!(HAS_SPACE(2)))
1268  goto invalid_length;
1269 
1270  uint16_t sigalgo_len = (uint16_t)(*input << 8) | *(input + 1);
1271  input += 2;
1272 
1273  /* Signature algorithms length should always be divisible by 2 */
1274  if ((sigalgo_len % 2) != 0) {
1275  goto invalid_length;
1276  }
1277 
1278  if (!(HAS_SPACE(sigalgo_len)))
1279  goto invalid_length;
1280 
1281  if (ssl_state->curr_connp->ja4 != NULL &&
1282  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1283  uint16_t sigalgo_processed_len = 0;
1284  while (sigalgo_processed_len < sigalgo_len) {
1285  uint16_t sigalgo = (uint16_t)(*input << 8) | *(input + 1);
1286  input += 2;
1287  sigalgo_processed_len += 2;
1288 
1289  SCJA4AddSigAlgo(ssl_state->curr_connp->ja4, sigalgo);
1290  }
1291  } else {
1292  /* Skip signature algorithms */
1293  input += sigalgo_len;
1294  }
1295 
1296  return (int)(input - initial_input);
1297 
1298 invalid_length:
1299  SCLogDebug("Signature algorithm list invalid length");
1300  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1301 
1302  return -1;
1303 }
1304 
1305 static void StoreALPN(SSLStateConnp *connp, const uint8_t *alpn, const uint32_t size)
1306 {
1307  if (size > 0) {
1308  SSLAlpns *a = SCCalloc(1, sizeof(*a) + size);
1309  if (a != NULL) {
1310  memcpy(a->alpn, alpn, size);
1311  a->size = size;
1312  TAILQ_INSERT_TAIL(&connp->alpns, a, next);
1313  }
1314  }
1315 }
1316 
1317 static inline int TLSDecodeHSHelloExtensionALPN(
1318  SSLState *ssl_state, const uint8_t *const initial_input, const uint32_t input_len)
1319 {
1320  const uint8_t *input = initial_input;
1321 
1322  /* Empty extension */
1323  if (input_len == 0)
1324  return 0;
1325 
1326  if (!(HAS_SPACE(2)))
1327  goto invalid_length;
1328 
1329  uint16_t alpn_len = (uint16_t)(*input << 8) | *(input + 1);
1330  input += 2;
1331 
1332  if (!(HAS_SPACE(alpn_len)))
1333  goto invalid_length;
1334 
1335  /* We use 32 bits here to avoid potentially overflowing a value that
1336  needs to be compared to an unsigned 16-bit value. */
1337  uint32_t alpn_processed_len = 0;
1338  while (alpn_processed_len < alpn_len) {
1339  uint8_t protolen = *input;
1340  input += 1;
1341  alpn_processed_len += 1;
1342 
1343  if (!(HAS_SPACE(protolen)))
1344  goto invalid_length;
1345 
1346  /* Check if reading another protolen bytes would exceed the
1347  overall ALPN length; if so, skip and continue */
1348  if (alpn_processed_len + protolen > ((uint32_t)alpn_len)) {
1349  input += alpn_len - alpn_processed_len;
1350  break;
1351  }
1352 
1353  /* Only record the first value for JA4 */
1354  if (ssl_state->curr_connp->ja4 != NULL &&
1355  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1356  if (alpn_processed_len == 1) {
1357  SCJA4SetALPN(ssl_state->curr_connp->ja4, (const char *)input, protolen);
1358  }
1359  }
1360  StoreALPN(ssl_state->curr_connp, input, protolen);
1361 
1362  alpn_processed_len += protolen;
1363  input += protolen;
1364  }
1365 
1366  return (int)(input - initial_input);
1367 
1368 invalid_length:
1369  SCLogDebug("ALPN list invalid length");
1370  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1371 
1372  return -1;
1373 }
1374 
1375 static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
1376  const uint8_t * const initial_input,
1377  const uint32_t input_len)
1378 {
1379  const uint8_t *input = initial_input;
1380 
1381  int ret;
1382  int rc;
1383  // if ja3_hash is already computed, do not use new hello to augment ja3_str
1384  const bool ja3 =
1385  (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1) && ssl_state->curr_connp->ja3_hash == NULL;
1386 
1387  JA3Buffer *ja3_extensions = NULL;
1388  JA3Buffer *ja3_elliptic_curves = NULL;
1389  JA3Buffer *ja3_elliptic_curves_pf = NULL;
1390 
1391  if (ja3) {
1392  ja3_extensions = Ja3BufferInit();
1393  if (ja3_extensions == NULL)
1394  goto error;
1395 
1396  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1397  ja3_elliptic_curves = Ja3BufferInit();
1398  if (ja3_elliptic_curves == NULL)
1399  goto error;
1400 
1401  ja3_elliptic_curves_pf = Ja3BufferInit();
1402  if (ja3_elliptic_curves_pf == NULL)
1403  goto error;
1404  }
1405  }
1406 
1407  /* Extensions are optional (RFC5246 section 7.4.1.2) */
1408  if (!(HAS_SPACE(2)))
1409  goto end;
1410 
1411  uint16_t extensions_len = (uint16_t)(*input << 8) | *(input + 1);
1412  input += 2;
1413 
1414  if (!(HAS_SPACE(extensions_len)))
1415  goto invalid_length;
1416 
1417  uint16_t processed_len = 0;
1418  /* coverity[tainted_data] */
1419  while (processed_len < extensions_len)
1420  {
1421  if (!(HAS_SPACE(2)))
1422  goto invalid_length;
1423 
1424  uint16_t ext_type = (uint16_t)(*input << 8) | *(input + 1);
1425  input += 2;
1426 
1427  if (!(HAS_SPACE(2)))
1428  goto invalid_length;
1429 
1430  uint16_t ext_len = (uint16_t)(*input << 8) | *(input + 1);
1431  input += 2;
1432 
1433  if (!(HAS_SPACE(ext_len)))
1434  goto invalid_length;
1435 
1436  switch (ext_type) {
1437  case SSL_EXTENSION_SNI:
1438  {
1439  /* coverity[tainted_data] */
1440  ret = TLSDecodeHSHelloExtensionSni(ssl_state, input,
1441  ext_len);
1442  if (ret < 0)
1443  goto end;
1444 
1445  input += ret;
1446 
1447  break;
1448  }
1449 
1450  case SSL_EXTENSION_ELLIPTIC_CURVES:
1451  {
1452  /* coverity[tainted_data] */
1453  ret = TLSDecodeHSHelloExtensionEllipticCurves(ssl_state, input,
1454  ext_len,
1455  ja3_elliptic_curves);
1456  if (ret < 0)
1457  goto end;
1458 
1459  input += ret;
1460 
1461  break;
1462  }
1463 
1464  case SSL_EXTENSION_EC_POINT_FORMATS:
1465  {
1466  /* coverity[tainted_data] */
1467  ret = TLSDecodeHSHelloExtensionEllipticCurvePF(ssl_state, input,
1468  ext_len,
1469  ja3_elliptic_curves_pf);
1470  if (ret < 0)
1471  goto end;
1472 
1473  input += ret;
1474 
1475  break;
1476  }
1477 
1478  case SSL_EXTENSION_SIGNATURE_ALGORITHMS: {
1479  /* coverity[tainted_data] */
1480  ret = TLSDecodeHSHelloExtensionSigAlgorithms(ssl_state, input, ext_len);
1481  if (ret < 0)
1482  goto end;
1483 
1484  input += ret;
1485 
1486  break;
1487  }
1488 
1489  case SSL_EXTENSION_ALPN: {
1490  /* coverity[tainted_data] */
1491  ret = TLSDecodeHSHelloExtensionALPN(ssl_state, input, ext_len);
1492  if (ret < 0)
1493  goto end;
1494 
1495  input += ext_len;
1496 
1497  break;
1498  }
1499 
1500  case SSL_EXTENSION_EARLY_DATA:
1501  {
1502  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1503  /* Used by 0-RTT to indicate that encrypted data will
1504  be sent right after the ClientHello record. */
1505  ssl_state->flags |= SSL_AL_FLAG_EARLY_DATA;
1506  }
1507 
1508  input += ext_len;
1509 
1510  break;
1511  }
1512 
1513  case SSL_EXTENSION_SUPPORTED_VERSIONS:
1514  {
1515  ret = TLSDecodeHSHelloExtensionSupportedVersions(ssl_state, input,
1516  ext_len);
1517  if (ret < 0)
1518  goto end;
1519 
1520  input += ret;
1521 
1522  break;
1523  }
1524 
1525  case SSL_EXTENSION_SESSION_TICKET:
1526  {
1527  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1528  /* This has to be verified later on by checking if a
1529  certificate record has been sent by the server. */
1530  ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
1531  }
1532 
1533  input += ext_len;
1534 
1535  break;
1536  }
1537 
1538  default:
1539  {
1540  input += ext_len;
1541  break;
1542  }
1543  }
1544 
1545  if (ja3) {
1546  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1547  rc = Ja3BufferAddValue(&ja3_extensions, ext_type);
1548  if (rc != 0)
1549  goto error;
1550  }
1551  }
1552 
1553  if (ssl_state->curr_connp->ja4 != NULL &&
1554  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1555  if (TLSDecodeValueIsGREASE(ext_type) != 1) {
1556  SCJA4AddExtension(ssl_state->curr_connp->ja4, ext_type);
1557  }
1558  }
1559 
1560  processed_len += ext_len + 4;
1561  }
1562 
1563 end:
1564  if (ja3) {
1565  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1566  &ja3_extensions);
1567  if (rc == -1)
1568  goto error;
1569 
1570  if (ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) {
1571  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1572  &ja3_elliptic_curves);
1573  if (rc == -1)
1574  goto error;
1575 
1576  rc = Ja3BufferAppendBuffer(&ssl_state->curr_connp->ja3_str,
1577  &ja3_elliptic_curves_pf);
1578  if (rc == -1)
1579  goto error;
1580  }
1581  }
1582 
1583  return (int)(input - initial_input);
1584 
1585 invalid_length:
1586  SCLogDebug("TLS handshake invalid length");
1587  SSLSetEvent(ssl_state,
1588  TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH);
1589 
1590 error:
1591  if (ja3_extensions != NULL)
1592  Ja3BufferFree(&ja3_extensions);
1593  if (ja3_elliptic_curves != NULL)
1594  Ja3BufferFree(&ja3_elliptic_curves);
1595  if (ja3_elliptic_curves_pf != NULL)
1596  Ja3BufferFree(&ja3_elliptic_curves_pf);
1597 
1598  return -1;
1599 }
1600 
1601 static int TLSDecodeHandshakeHello(SSLState *ssl_state,
1602  const uint8_t * const input,
1603  const uint32_t input_len)
1604 {
1605  int ret;
1606  uint32_t parsed = 0;
1607 
1608  /* Ensure that we have a JA4 state defined by now if we have JA4 enabled,
1609  we are in a client hello and we don't have such a state yet (to avoid
1610  leaking memory in case this function is entered more than once). */
1611  if (SC_ATOMIC_GET(ssl_config.enable_ja4) &&
1612  ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO &&
1613  ssl_state->curr_connp->ja4 == NULL) {
1614  ssl_state->curr_connp->ja4 = SCJA4New();
1615  }
1616 
1617  ret = TLSDecodeHSHelloVersion(ssl_state, input, input_len);
1618  if (ret < 0)
1619  goto end;
1620 
1621  parsed += ret;
1622 
1623  ret = TLSDecodeHSHelloRandom(ssl_state, input + parsed, input_len - parsed);
1624  if (ret < 0)
1625  goto end;
1626 
1627  parsed += ret;
1628 
1629  /* The session id field in the server hello record was removed in
1630  TLSv1.3 draft1, but was readded in draft22. */
1631  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1632  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1633  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1634  ret = TLSDecodeHSHelloSessionID(ssl_state, input + parsed,
1635  input_len - parsed);
1636  if (ret < 0)
1637  goto end;
1638 
1639  parsed += ret;
1640  }
1641 
1642  ret = TLSDecodeHSHelloCipherSuites(ssl_state, input + parsed,
1643  input_len - parsed);
1644  if (ret < 0)
1645  goto end;
1646 
1647  parsed += ret;
1648 
1649  /* The compression methods field in the server hello record was
1650  removed in TLSv1.3 draft1, but was readded in draft22. */
1651  if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) ||
1652  ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
1653  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0))) {
1654  ret = TLSDecodeHSHelloCompressionMethods(ssl_state, input + parsed,
1655  input_len - parsed);
1656  if (ret < 0)
1657  goto end;
1658 
1659  parsed += ret;
1660  }
1661 
1662  ret = TLSDecodeHSHelloExtensions(ssl_state, input + parsed,
1663  input_len - parsed);
1664  if (ret < 0)
1665  goto end;
1666 
1667  if (SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL) {
1668  ssl_state->curr_connp->ja3_hash = Ja3GenerateHash(ssl_state->curr_connp->ja3_str);
1669  }
1670 
1671  if (ssl_state->curr_connp == &ssl_state->client_connp) {
1672  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
1673  } else {
1674  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
1675  }
1676 end:
1677  return 0;
1678 }
1679 
1680 #ifdef DEBUG_VALIDATION
1681 static inline bool
1682 RecordAlreadyProcessed(const SSLStateConnp *curr_connp)
1683 {
1684  return ((curr_connp->record_length + SSLV3_RECORD_HDR_LEN) <
1685  curr_connp->bytes_processed);
1686 }
1687 #endif
1688 
1689 static inline int SSLv3ParseHandshakeTypeCertificate(SSLState *ssl_state, SSLStateConnp *connp,
1690  const uint8_t *const initial_input, const uint32_t input_len)
1691 {
1692  int rc = TlsDecodeHSCertificates(ssl_state, connp, initial_input, input_len);
1693  SCLogDebug("rc %d", rc);
1694  if (rc > 0) {
1695  DEBUG_VALIDATE_BUG_ON(rc > (int)input_len);
1696  SSLParserHSReset(connp);
1697  } else if (rc < 0) {
1698  SCLogDebug("error parsing cert, reset state");
1699  SSLParserHSReset(connp);
1700  /* fall through to still consume the cert bytes */
1701  }
1702  if (connp == &ssl_state->client_connp) {
1703  UpdateClientState(ssl_state, TLS_STATE_CLIENT_CERT_DONE);
1704  } else {
1705  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
1706  }
1707  return input_len;
1708 }
1709 
1710 static int SupportedHandshakeType(const uint8_t type)
1711 {
1712  switch (type) {
1713  case SSLV3_HS_CLIENT_HELLO:
1714  case SSLV3_HS_SERVER_HELLO:
1715  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1716  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1717  case SSLV3_HS_CERTIFICATE:
1718  case SSLV3_HS_HELLO_REQUEST:
1719  case SSLV3_HS_CERTIFICATE_REQUEST:
1720  case SSLV3_HS_CERTIFICATE_VERIFY:
1721  case SSLV3_HS_FINISHED:
1722  case SSLV3_HS_CERTIFICATE_URL:
1723  case SSLV3_HS_CERTIFICATE_STATUS:
1724  case SSLV3_HS_NEW_SESSION_TICKET:
1725  case SSLV3_HS_SERVER_HELLO_DONE:
1726  return true;
1727  break;
1728 
1729  default:
1730  return false;
1731  break;
1732  }
1733 }
1734 
1735 /**
1736  * \param input_len length of bytes after record header. Can be 0 (e.g. for server hello done).
1737  * \retval parsed number of consumed bytes
1738  * \retval < 0 error
1739  */
1740 static int SSLv3ParseHandshakeType(SSLState *ssl_state, const uint8_t *input,
1741  uint32_t input_len, uint8_t direction)
1742 {
1743  const uint8_t *initial_input = input;
1744  int rc;
1745 
1746  DEBUG_VALIDATE_BUG_ON(RecordAlreadyProcessed(ssl_state->curr_connp));
1747 
1748  switch (ssl_state->curr_connp->handshake_type) {
1749  case SSLV3_HS_CLIENT_HELLO:
1750  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
1751 
1752  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1753  if (rc < 0)
1754  return rc;
1755  break;
1756 
1757  case SSLV3_HS_SERVER_HELLO:
1758  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
1759 
1760  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->message_length != input_len);
1761  rc = TLSDecodeHandshakeHello(ssl_state, input, input_len);
1762  if (rc < 0)
1763  return rc;
1764  break;
1765 
1766  case SSLV3_HS_SERVER_KEY_EXCHANGE:
1767  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_KEYX;
1768  break;
1769 
1770  case SSLV3_HS_CLIENT_KEY_EXCHANGE:
1771  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
1772  break;
1773 
1774  case SSLV3_HS_CERTIFICATE:
1775  rc = SSLv3ParseHandshakeTypeCertificate(ssl_state,
1776  direction ? &ssl_state->server_connp : &ssl_state->client_connp, initial_input,
1777  input_len);
1778  if (rc < 0)
1779  return rc;
1780  break;
1781 
1782  case SSLV3_HS_HELLO_REQUEST:
1783  break;
1784  case SSLV3_HS_CERTIFICATE_REQUEST:
1785  if (direction) {
1786  ssl_state->current_flags = SSL_AL_FLAG_NEED_CLIENT_CERT;
1787  }
1788  break;
1789  case SSLV3_HS_CERTIFICATE_VERIFY:
1790  case SSLV3_HS_FINISHED:
1791  case SSLV3_HS_CERTIFICATE_URL:
1792  case SSLV3_HS_CERTIFICATE_STATUS:
1793  break;
1794  case SSLV3_HS_NEW_SESSION_TICKET:
1795  SCLogDebug("new session ticket");
1796  break;
1797  case SSLV3_HS_SERVER_HELLO_DONE:
1798  if (direction) {
1799  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO_DONE);
1800  }
1801  break;
1802  default:
1803  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1804  return -1;
1805  }
1806 
1807  ssl_state->flags |= ssl_state->current_flags;
1808 
1809  SCLogDebug("message: length %u", ssl_state->curr_connp->message_length);
1810  SCLogDebug("input_len %u ssl_state->curr_connp->bytes_processed %u", input_len, ssl_state->curr_connp->bytes_processed);
1811 
1812  return input_len;
1813 }
1814 
1815 static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input,
1816  uint32_t input_len, uint8_t direction)
1817 {
1818  const uint8_t *initial_input = input;
1819 
1820  if (input_len == 0 || ssl_state->curr_connp->bytes_processed ==
1821  (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)) {
1822  SCReturnInt(0);
1823  }
1824 
1825  while (input_len) {
1826  SCLogDebug("input_len %u", input_len);
1827 
1828  if (ssl_state->curr_connp->hs_buffer != NULL) {
1829  SCLogDebug("partial handshake record in place");
1830  const uint32_t need = ssl_state->curr_connp->hs_buffer_message_size -
1831  ssl_state->curr_connp->hs_buffer_offset;
1832  const uint32_t add = MIN(need, input_len);
1833 
1834  /* grow buffer to next multiple of 4k that fits all data we have */
1835  if (ssl_state->curr_connp->hs_buffer_offset + add >
1836  ssl_state->curr_connp->hs_buffer_size) {
1837  const uint32_t avail = ssl_state->curr_connp->hs_buffer_offset + add;
1838  const uint32_t new_size = avail + (4096 - (avail % 4096));
1839  SCLogDebug("new_size %u, avail %u", new_size, avail);
1840  void *ptr = SCRealloc(ssl_state->curr_connp->hs_buffer, new_size);
1841  if (ptr == NULL)
1842  return -1;
1843  ssl_state->curr_connp->hs_buffer = ptr;
1844  ssl_state->curr_connp->hs_buffer_size = new_size;
1845  }
1846 
1847  SCLogDebug("ssl_state->curr_connp->hs_buffer_offset %u "
1848  "ssl_state->curr_connp->hs_buffer_size %u",
1849  ssl_state->curr_connp->hs_buffer_offset, ssl_state->curr_connp->hs_buffer_size);
1850  SCLogDebug("to add %u total %u", add, ssl_state->curr_connp->hs_buffer_offset + add);
1851 
1852  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer,
1853  ssl_state->curr_connp->hs_buffer_offset,
1854  ssl_state->curr_connp->hs_buffer_size, input, 0, add, add) != 0) {
1855  SCLogDebug("copy failed");
1856  return -1;
1857  }
1858  ssl_state->curr_connp->hs_buffer_offset += add;
1859 
1860  if (ssl_state->curr_connp->hs_buffer_message_size <=
1861  ssl_state->curr_connp->hs_buffer_offset) {
1862  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->hs_buffer_message_size !=
1863  ssl_state->curr_connp->hs_buffer_offset);
1864 
1865  ssl_state->curr_connp->handshake_type =
1866  ssl_state->curr_connp->hs_buffer_message_type;
1867  ssl_state->curr_connp->message_length =
1868  ssl_state->curr_connp->hs_buffer_message_size;
1869 
1870  SCLogDebug("got all data now: handshake_type %u message_length %u",
1871  ssl_state->curr_connp->handshake_type,
1872  ssl_state->curr_connp->message_length);
1873 
1874  int retval = SSLv3ParseHandshakeType(ssl_state, ssl_state->curr_connp->hs_buffer,
1875  ssl_state->curr_connp->hs_buffer_offset, direction);
1876  if (retval < 0) {
1877  SSLParserHSReset(ssl_state->curr_connp);
1878  return (retval);
1879  }
1880  SCLogDebug("retval %d", retval);
1881 
1882  /* data processed, reset buffer */
1883  SCFree(ssl_state->curr_connp->hs_buffer);
1884  ssl_state->curr_connp->hs_buffer = NULL;
1885  ssl_state->curr_connp->hs_buffer_size = 0;
1886  ssl_state->curr_connp->hs_buffer_message_size = 0;
1887  ssl_state->curr_connp->hs_buffer_message_type = 0;
1888  ssl_state->curr_connp->hs_buffer_offset = 0;
1889  } else {
1890  SCLogDebug("partial data");
1891  }
1892 
1893  input += add;
1894  input_len -= add;
1895  SCLogDebug("input_len %u", input_len);
1896  SSLParserHSReset(ssl_state->curr_connp);
1897  continue;
1898  }
1899 
1900  SCLogDebug("bytes_processed %u", ssl_state->curr_connp->bytes_processed);
1901  SCLogDebug("input %p input_len %u", input, input_len);
1902 
1903  if (input_len < 4) {
1904  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
1905  SCReturnInt(-1);
1906  }
1907 
1908  ssl_state->curr_connp->handshake_type = input[0];
1909  ssl_state->curr_connp->message_length = input[1] << 16 | input[2] << 8 | input[3];
1910  SCLogDebug("handshake_type %u message len %u input %p input_len %u",
1911  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->message_length, input,
1912  input_len);
1913  input += 4;
1914  input_len -= 4;
1915 
1916  const uint32_t record_len = ssl_state->curr_connp->message_length;
1917  /* see if we support this type. We check here to not use the fragment
1918  * handling on things we don't support. */
1919  const bool supported_type = SupportedHandshakeType(ssl_state->curr_connp->handshake_type);
1920  SCLogDebug("supported_type %s handshake_type %u/%02x", supported_type ? "true" : "false",
1921  ssl_state->curr_connp->handshake_type, ssl_state->curr_connp->handshake_type);
1922  if (!supported_type) {
1923  uint32_t avail_record_len = MIN(input_len, record_len);
1924  input += avail_record_len;
1925  input_len -= avail_record_len;
1926 
1927  SSLParserHSReset(ssl_state->curr_connp);
1928 
1929  if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
1930  (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
1931  // after Change Cipher Spec we get Encrypted Handshake Messages
1932  } else {
1933  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
1934  }
1935  continue;
1936  }
1937 
1938  /* if the message length exceeds our input_len, we have a tls fragment. */
1939  if (record_len > input_len) {
1940  const uint32_t avail = input_len;
1941  const uint32_t size = avail + (4096 - (avail % 4096));
1942  SCLogDebug("initial buffer size %u, based on input %u", size, avail);
1943  ssl_state->curr_connp->hs_buffer = SCCalloc(1, size);
1944  if (ssl_state->curr_connp->hs_buffer == NULL) {
1945  return -1;
1946  }
1947  ssl_state->curr_connp->hs_buffer_size = size;
1948  ssl_state->curr_connp->hs_buffer_message_size = record_len;
1949  ssl_state->curr_connp->hs_buffer_message_type = ssl_state->curr_connp->handshake_type;
1950 
1951  if (input_len > 0) {
1952  if (SafeMemcpy(ssl_state->curr_connp->hs_buffer, 0,
1953  ssl_state->curr_connp->hs_buffer_size, input, 0, input_len,
1954  input_len) != 0) {
1955  return -1;
1956  }
1957  ssl_state->curr_connp->hs_buffer_offset = input_len;
1958  }
1959  SCLogDebug("opened record buffer %p size %u offset %u type %u msg_size %u",
1960  ssl_state->curr_connp->hs_buffer, ssl_state->curr_connp->hs_buffer_size,
1961  ssl_state->curr_connp->hs_buffer_offset,
1962  ssl_state->curr_connp->hs_buffer_message_type,
1963  ssl_state->curr_connp->hs_buffer_message_size);
1964  input += input_len;
1965  SSLParserHSReset(ssl_state->curr_connp);
1966  return (int)(input - initial_input);
1967 
1968  } else {
1969  /* full record, parse it now */
1970  int retval = SSLv3ParseHandshakeType(
1971  ssl_state, input, ssl_state->curr_connp->message_length, direction);
1972  if (retval < 0 || retval > (int)input_len) {
1973  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
1974  return (retval);
1975  }
1976  SCLogDebug("retval %d input_len %u", retval, input_len);
1977  input += retval;
1978  input_len -= retval;
1979 
1980  SSLParserHSReset(ssl_state->curr_connp);
1981  }
1982  SCLogDebug("input_len left %u", input_len);
1983  }
1984  return (int)(input - initial_input);
1985 }
1986 
1987 /**
1988  * \internal
1989  * \brief TLS Alert parser
1990  *
1991  * \param sslstate Pointer to the SSL state.
1992  * \param input Pointer to the received input data.
1993  * \param input_len Length in bytes of the received data.
1994  * \param direction 1 toclient, 0 toserver
1995  *
1996  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
1997  */
1998 static int SSLv3ParseAlertProtocol(
1999  SSLState *ssl_state, const uint8_t *input, uint32_t input_len, uint8_t direction)
2000 {
2001  if (input_len < 2) {
2002  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_ALERT);
2003  return -1;
2004  }
2005 
2006  /* assume a record > 2 to be an encrypted alert record */
2007  if (input_len == 2) {
2008  uint8_t level = input[0];
2009  // uint8_t desc = input[1];
2010 
2011  /* if level Fatal, we consider the tx finished */
2012  if (level == 2) {
2013  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2014  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2015  }
2016  }
2017  return 0;
2018 }
2019 
2020 /**
2021  * \internal
2022  * \brief TLS Heartbeat parser (see RFC 6520)
2023  *
2024  * \param sslstate Pointer to the SSL state.
2025  * \param input Pointer to the received input data.
2026  * \param input_len Length in bytes of the received data.
2027  * \param direction 1 toclient, 0 toserver
2028  *
2029  * \retval The number of bytes parsed on success, 0 if nothing parsed, -1 on failure.
2030  */
2031 static int SSLv3ParseHeartbeatProtocol(SSLState *ssl_state, const uint8_t *input,
2032  uint32_t input_len, uint8_t direction)
2033 {
2034  uint8_t hb_type;
2035  uint16_t payload_len;
2036  uint32_t padding_len;
2037 
2038  /* expect at least 3 bytes: heartbeat type (1) + length (2) */
2039  if (input_len < 3) {
2040  return 0;
2041  }
2042 
2043  hb_type = *input++;
2044 
2045  if (!(ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)) {
2046  if (!(hb_type == TLS_HB_REQUEST || hb_type == TLS_HB_RESPONSE)) {
2047  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2048  return -1;
2049  }
2050  }
2051 
2052  if ((ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) == 0) {
2053  ssl_state->flags |= SSL_AL_FLAG_HB_INFLIGHT;
2054 
2055  if (direction) {
2056  SCLogDebug("HeartBeat Record type sent in the toclient direction!");
2057  ssl_state->flags |= SSL_AL_FLAG_HB_SERVER_INIT;
2058  } else {
2059  SCLogDebug("HeartBeat Record type sent in the toserver direction!");
2060  ssl_state->flags |= SSL_AL_FLAG_HB_CLIENT_INIT;
2061  }
2062 
2063  /* if we reach this point, then we can assume that the HB request
2064  is encrypted. If so, let's set the HB record length */
2065  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2066  ssl_state->hb_record_len = ssl_state->curr_connp->record_length;
2067  SCLogDebug("Encrypted HeartBeat Request In-flight. Storing len %u",
2068  ssl_state->hb_record_len);
2069  return (ssl_state->curr_connp->record_length - 3);
2070  }
2071 
2072  payload_len = (uint16_t)(*input << 8) | *(input + 1);
2073 
2074  /* check that the requested payload length is really present in
2075  the record (CVE-2014-0160) */
2076  if ((uint32_t)(payload_len+3) > ssl_state->curr_connp->record_length) {
2077  SCLogDebug("We have a short record in HeartBeat Request");
2078  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT);
2079  return -1;
2080  }
2081 
2082  /* check the padding length. It must be at least 16 bytes
2083  (RFC 6520, section 4) */
2084  padding_len = ssl_state->curr_connp->record_length - payload_len - 3;
2085  if (padding_len < 16) {
2086  SCLogDebug("We have a short record in HeartBeat Request");
2087  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2088  return -1;
2089  }
2090 
2091  /* we don't have the payload */
2092  if (input_len < payload_len + padding_len) {
2093  return 0;
2094  }
2095 
2096  /* OpenSSL still seems to discard multiple in-flight
2097  heartbeats although some tools send multiple at once */
2098  } else if (direction == 1 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
2099  (ssl_state->flags & SSL_AL_FLAG_HB_SERVER_INIT)) {
2100  SCLogDebug("Multiple in-flight server initiated HeartBeats");
2101  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2102  return -1;
2103 
2104  } else if (direction == 0 && (ssl_state->flags & SSL_AL_FLAG_HB_INFLIGHT) &&
2105  (ssl_state->flags & SSL_AL_FLAG_HB_CLIENT_INIT)) {
2106  SCLogDebug("Multiple in-flight client initiated HeartBeats");
2107  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HEARTBEAT);
2108  return -1;
2109 
2110  } else {
2111  /* we have a HB record in the opposite direction of the request,
2112  let's reset our flags */
2113  ssl_state->flags &= ~SSL_AL_FLAG_HB_INFLIGHT;
2114  ssl_state->flags &= ~SSL_AL_FLAG_HB_SERVER_INIT;
2115  ssl_state->flags &= ~SSL_AL_FLAG_HB_CLIENT_INIT;
2116 
2117  /* if we reach this point, then we can assume that the HB request
2118  is encrypted. If so, let's set the HB record length */
2119  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2120  /* check to see if the encrypted response is longer than the
2121  encrypted request */
2122  if (ssl_state->hb_record_len > 0 && ssl_state->hb_record_len <
2123  ssl_state->curr_connp->record_length) {
2124  SCLogDebug("My heart is bleeding.. OpenSSL HeartBleed response (%u)",
2125  ssl_state->hb_record_len);
2126  SSLSetEvent(ssl_state,
2127  TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH);
2128  ssl_state->hb_record_len = 0;
2129  return -1;
2130  }
2131  }
2132 
2133  /* reset the HB record length in case we have a legit HB followed
2134  by a bad one */
2135  ssl_state->hb_record_len = 0;
2136  }
2137 
2138  /* skip the HeartBeat, 3 bytes were already parsed,
2139  e.g |18 03 02| for TLS 1.2 */
2140  return (ssl_state->curr_connp->record_length - 3);
2141 }
2142 
2143 static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
2144  const uint8_t *input, uint32_t input_len)
2145 {
2146  const uint8_t *initial_input = input;
2147 
2148  if (input_len == 0) {
2149  return 0;
2150  }
2151 
2152  uint8_t skip_version = 0;
2153 
2154  /* Only set SSL/TLS version here if it has not already been set in
2155  client/server hello. */
2156  if (direction == 0) {
2157  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2158  (ssl_state->client_connp.version != TLS_VERSION_UNKNOWN)) {
2159  skip_version = 1;
2160  }
2161  } else {
2162  if ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
2163  (ssl_state->server_connp.version != TLS_VERSION_UNKNOWN)) {
2164  skip_version = 1;
2165  }
2166  }
2167 
2168  switch (ssl_state->curr_connp->bytes_processed) {
2169  case 0:
2170  if (input_len >= 5) {
2171  ssl_state->curr_connp->content_type = input[0];
2172  if (!skip_version) {
2173  ssl_state->curr_connp->version = (uint16_t)(input[1] << 8) | input[2];
2174  }
2175  ssl_state->curr_connp->record_length = input[3] << 8;
2176  ssl_state->curr_connp->record_length |= input[4];
2177  ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_HDR_LEN;
2178  return SSLV3_RECORD_HDR_LEN;
2179  } else {
2180  ssl_state->curr_connp->content_type = *(input++);
2181  if (--input_len == 0)
2182  break;
2183  }
2184 
2185  /* fall through */
2186  case 1:
2187  if (!skip_version) {
2188  ssl_state->curr_connp->version = (uint16_t)(*(input++) << 8);
2189  } else {
2190  input++;
2191  }
2192  if (--input_len == 0)
2193  break;
2194 
2195  /* fall through */
2196  case 2:
2197  if (!skip_version) {
2198  ssl_state->curr_connp->version |= *(input++);
2199  } else {
2200  input++;
2201  }
2202  if (--input_len == 0)
2203  break;
2204 
2205  /* fall through */
2206  case 3:
2207  ssl_state->curr_connp->record_length = *(input++) << 8;
2208  if (--input_len == 0)
2209  break;
2210 
2211  /* fall through */
2212  case 4:
2213  ssl_state->curr_connp->record_length |= *(input++);
2214  if (--input_len == 0)
2215  break;
2216 
2217  /* fall through */
2218  }
2219 
2220  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2221 
2222  return (int)(input - initial_input);
2223 }
2224 
2225 static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state,
2226  const uint8_t *input, uint32_t input_len)
2227 {
2228  const uint8_t *initial_input = input;
2229 
2230  if (input_len == 0) {
2231  return 0;
2232  }
2233 
2234  if (ssl_state->curr_connp->record_lengths_length == 2) {
2235  switch (ssl_state->curr_connp->bytes_processed) {
2236  case 0:
2237  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2238  ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
2239  ssl_state->curr_connp->content_type = input[2];
2240  ssl_state->curr_connp->version = SSL_VERSION_2;
2241  ssl_state->curr_connp->bytes_processed += 3;
2242  return 3;
2243  } else {
2244  ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
2245  if (--input_len == 0)
2246  break;
2247  }
2248 
2249  /* fall through */
2250  case 1:
2251  ssl_state->curr_connp->record_length |= *(input++);
2252  if (--input_len == 0)
2253  break;
2254 
2255  /* fall through */
2256  case 2:
2257  ssl_state->curr_connp->content_type = *(input++);
2258  ssl_state->curr_connp->version = SSL_VERSION_2;
2259  if (--input_len == 0)
2260  break;
2261 
2262  /* fall through */
2263  }
2264 
2265  } else {
2266  switch (ssl_state->curr_connp->bytes_processed) {
2267  case 0:
2268  if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
2269  ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
2270  ssl_state->curr_connp->content_type = input[3];
2271  ssl_state->curr_connp->version = SSL_VERSION_2;
2272  ssl_state->curr_connp->bytes_processed += 4;
2273  return 4;
2274  } else {
2275  ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
2276  if (--input_len == 0)
2277  break;
2278  }
2279 
2280  /* fall through */
2281  case 1:
2282  ssl_state->curr_connp->record_length |= *(input++);
2283  if (--input_len == 0)
2284  break;
2285 
2286  /* fall through */
2287  case 2:
2288  /* padding */
2289  input++;
2290  if (--input_len == 0)
2291  break;
2292 
2293  /* fall through */
2294  case 3:
2295  ssl_state->curr_connp->content_type = *(input++);
2296  ssl_state->curr_connp->version = SSL_VERSION_2;
2297  if (--input_len == 0)
2298  break;
2299 
2300  /* fall through */
2301  }
2302  }
2303 
2304  ssl_state->curr_connp->bytes_processed += (input - initial_input);
2305 
2306  return (int)(input - initial_input);
2307 }
2308 
2309 static struct SSLDecoderResult SSLv2Decode(uint8_t direction, SSLState *ssl_state,
2310  AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len,
2311  const StreamSlice stream_slice)
2312 {
2313  const uint8_t *initial_input = input;
2314 
2315  if (ssl_state->curr_connp->bytes_processed == 0) {
2316  if (input[0] & 0x80) {
2317  ssl_state->curr_connp->record_lengths_length = 2;
2318  } else {
2319  ssl_state->curr_connp->record_lengths_length = 3;
2320  }
2321 
2322  SCLogDebug("record start: ssl2.hdr frame");
2323  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2324  ssl_state->curr_connp->record_lengths_length + 1, direction, TLS_FRAME_SSLV2_HDR);
2325  }
2326 
2327  SCLogDebug("direction %u ssl_state->curr_connp->record_lengths_length + 1 %u, "
2328  "ssl_state->curr_connp->bytes_processed %u",
2329  direction, ssl_state->curr_connp->record_lengths_length + 1,
2330  ssl_state->curr_connp->bytes_processed);
2331  /* the +1 is because we read one extra byte inside SSLv2ParseRecord
2332  to read the msg_type */
2333  if (ssl_state->curr_connp->bytes_processed <
2334  (ssl_state->curr_connp->record_lengths_length + 1)) {
2335  const int retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
2336  SCLogDebug("retval %d ssl_state->curr_connp->record_length %u", retval,
2337  ssl_state->curr_connp->record_length);
2338  if (retval < 0 || retval > (int)input_len) {
2339  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2340  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2341  return SSL_DECODER_ERROR(-1);
2342  }
2343 
2344  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2345  ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length,
2346  direction, TLS_FRAME_SSLV2_PDU);
2347  SCLogDebug("record start: ssl2.pdu frame");
2348 
2349  input += retval;
2350  input_len -= retval;
2351  }
2352 
2353  /* if we don't have the full record, we return incomplete */
2354  if (ssl_state->curr_connp->record_lengths_length + ssl_state->curr_connp->record_length >
2355  input_len + ssl_state->curr_connp->bytes_processed) {
2356  uint32_t needed = ssl_state->curr_connp->record_length;
2357  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2358  ssl_state->curr_connp->record_length, input_len, (uint32_t)(input - initial_input),
2359  needed);
2360  return SSL_DECODER_INCOMPLETE((input - initial_input), needed);
2361  }
2362 
2363  if (input_len == 0) {
2364  return SSL_DECODER_OK((input - initial_input));
2365  }
2366 
2367  /* record_length should never be zero */
2368  if (ssl_state->curr_connp->record_length == 0) {
2369  SCLogDebug("SSLv2 record length is zero");
2370  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2371  return SSL_DECODER_ERROR(-1);
2372  }
2373 
2374  /* record_lengths_length should never be zero */
2375  if (ssl_state->curr_connp->record_lengths_length == 0) {
2376  SCLogDebug("SSLv2 record lengths length is zero");
2377  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
2378  return SSL_DECODER_ERROR(-1);
2379  }
2380 
2381  switch (ssl_state->curr_connp->content_type) {
2382  case SSLV2_MT_ERROR:
2383  SCLogDebug("SSLV2_MT_ERROR msg_type received. Error encountered "
2384  "in establishing the sslv2 session, may be version");
2385  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED);
2386 
2387  break;
2388 
2389  case SSLV2_MT_CLIENT_HELLO:
2390  if (input_len < 6) {
2391  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2392  return SSL_DECODER_ERROR(-1);
2393  }
2394 
2395  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_HELLO;
2396  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
2397  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HELLO_DONE);
2398 
2399  const uint16_t version = (uint16_t)(input[0] << 8) | input[1];
2400  SCLogDebug("SSLv2: version %04x", version);
2401  ssl_state->curr_connp->version = version;
2402  uint16_t session_id_length = (input[5]) | (uint16_t)(input[4] << 8);
2403  input += 6;
2404  input_len -= 6;
2405  ssl_state->curr_connp->bytes_processed += 6;
2406  if (session_id_length == 0) {
2407  ssl_state->current_flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
2408  }
2409  break;
2410 
2411  case SSLV2_MT_CLIENT_MASTER_KEY:
2412  if (!(ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS)) {
2413  SCLogDebug("Client hello is not seen before master key "
2414  "message!");
2415  }
2416  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY;
2417 
2418  break;
2419 
2420  case SSLV2_MT_CLIENT_CERTIFICATE:
2421  if (direction == 1) {
2422  SCLogDebug("Incorrect SSL Record type sent in the toclient "
2423  "direction!");
2424  } else {
2425  ssl_state->current_flags = SSL_AL_FLAG_STATE_CLIENT_KEYX;
2426  }
2427  UpdateServerState(ssl_state, TLS_STATE_SERVER_CERT_DONE);
2428 
2429  /* fall through */
2430  case SSLV2_MT_SERVER_VERIFY:
2431  case SSLV2_MT_SERVER_FINISHED:
2432  if (direction == 0 &&
2433  !(ssl_state->curr_connp->content_type &
2434  SSLV2_MT_CLIENT_CERTIFICATE)) {
2435  SCLogDebug("Incorrect SSL Record type sent in the toserver "
2436  "direction!");
2437  }
2438 
2439  /* fall through */
2440  case SSLV2_MT_CLIENT_FINISHED:
2441  case SSLV2_MT_REQUEST_CERTIFICATE:
2442  /* both client hello and server hello must be seen */
2443  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_HS) &&
2444  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_HS)) {
2445 
2446  if (direction == 0) {
2447  if (ssl_state->flags & SSL_AL_FLAG_SSL_NO_SESSION_ID) {
2448  ssl_state->current_flags |= SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2449  SCLogDebug("SSLv2 client side has started the encryption");
2450  } else if (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY) {
2451  ssl_state->current_flags = SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED;
2452  SCLogDebug("SSLv2 client side has started the encryption");
2453  }
2454  } else {
2455  ssl_state->current_flags = SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED;
2456  SCLogDebug("SSLv2 Server side has started the encryption");
2457  }
2458 
2459  if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
2460  (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED))
2461  {
2462  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2463  AppLayerParserStateSetFlag(pstate,
2464  APP_LAYER_PARSER_NO_INSPECTION);
2465  }
2466 
2467  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2468  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
2469  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_BYPASS_READY);
2470  }
2471  SCLogDebug("SSLv2 No reassembly & inspection has been set");
2472  }
2473  }
2474 
2475  break;
2476 
2477  case SSLV2_MT_SERVER_HELLO:
2478  ssl_state->current_flags = SSL_AL_FLAG_STATE_SERVER_HELLO;
2479  ssl_state->current_flags |= SSL_AL_FLAG_SSL_SERVER_HS;
2480  UpdateServerState(ssl_state, TLS_STATE_SERVER_HELLO);
2481 
2482  break;
2483  }
2484 
2485  ssl_state->flags |= ssl_state->current_flags;
2486 
2487  if (input_len + ssl_state->curr_connp->bytes_processed >=
2488  (ssl_state->curr_connp->record_length +
2489  ssl_state->curr_connp->record_lengths_length)) {
2490 
2491  /* looks like we have another record after this */
2492  uint32_t diff = ssl_state->curr_connp->record_length +
2493  ssl_state->curr_connp->record_lengths_length + -
2494  ssl_state->curr_connp->bytes_processed;
2495  input += diff;
2496  SSLParserReset(ssl_state);
2497 
2498  /* we still don't have the entire record for the one we are
2499  currently parsing */
2500  } else {
2501  input += input_len;
2502  ssl_state->curr_connp->bytes_processed += input_len;
2503  }
2504  return SSL_DECODER_OK((input - initial_input));
2505 }
2506 
2507 static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_state,
2508  AppLayerParserState *pstate, const uint8_t *input, const uint32_t input_len,
2509  const StreamSlice stream_slice)
2510 {
2511  uint32_t parsed = 0;
2512  uint32_t record_len; /* slice of input_len for the current record */
2513  const bool first_call = (ssl_state->curr_connp->bytes_processed == 0);
2514 
2515  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2516  const uint16_t prev_version = ssl_state->curr_connp->version;
2517 
2518  int retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
2519  if (retval < 0 || retval > (int)input_len) {
2520  DEBUG_VALIDATE_BUG_ON(retval > (int)input_len);
2521  SCLogDebug("SSLv3ParseRecord returned %d", retval);
2522  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
2523  return SSL_DECODER_ERROR(-1);
2524  }
2525  parsed = retval;
2526 
2527  SCLogDebug("%s input %p record_length %u", (direction == 0) ? "toserver" : "toclient",
2528  input, ssl_state->curr_connp->record_length);
2529 
2530  /* first the hdr frame at our first chance */
2531  if (first_call) {
2532  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input, SSLV3_RECORD_HDR_LEN,
2533  direction, TLS_FRAME_HDR);
2534  }
2535 
2536  /* parser is streaming for the initial header, then switches to incomplete
2537  * API: so if we don't have the hdr yet, return consumed bytes and wait
2538  * until we are called again with new data. */
2539  if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_HDR_LEN) {
2540  SCLogDebug(
2541  "incomplete header, return %u bytes consumed and wait for more data", parsed);
2542  return SSL_DECODER_OK(parsed);
2543  }
2544 
2545  /* pdu frame needs record length, so only create it when hdr fully parsed. */
2546  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input,
2547  ssl_state->curr_connp->record_length + retval, direction, TLS_FRAME_PDU);
2548  record_len = MIN(input_len - parsed, ssl_state->curr_connp->record_length);
2549  SCLogDebug(
2550  "record_len %u (input_len %u, parsed %u, ssl_state->curr_connp->record_length %u)",
2551  record_len, input_len, parsed, ssl_state->curr_connp->record_length);
2552 
2553  bool unknown_record = false;
2554  switch (ssl_state->curr_connp->content_type) {
2555  case SSLV3_CHANGE_CIPHER_SPEC:
2556  case SSLV3_ALERT_PROTOCOL:
2557  case SSLV3_HANDSHAKE_PROTOCOL:
2558  case SSLV3_APPLICATION_PROTOCOL:
2559  case SSLV3_HEARTBEAT_PROTOCOL:
2560  break;
2561  default:
2562  unknown_record = true;
2563  break;
2564  }
2565 
2566  /* unknown record type. For TLS 1.0, 1.1 and 1.2 this is ok. For the rest it is fatal. Based
2567  * on Wireshark logic. */
2568  if (prev_version == TLS_VERSION_10 || prev_version == TLS_VERSION_11) {
2569  if (unknown_record) {
2570  SCLogDebug("unknown record, ignore it");
2571  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2572 
2573  ssl_state->curr_connp->bytes_processed = 0; // TODO review this reset logic
2574  ssl_state->curr_connp->content_type = 0;
2575  ssl_state->curr_connp->record_length = 0;
2576  // restore last good version
2577  ssl_state->curr_connp->version = prev_version;
2578  return SSL_DECODER_OK(input_len); // consume everything
2579  }
2580  } else {
2581  if (unknown_record) {
2582  SCLogDebug("unknown record, fatal");
2583  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
2584  return SSL_DECODER_ERROR(-1);
2585  }
2586  }
2587 
2588  /* record_length should never be zero */
2589  if (ssl_state->curr_connp->record_length == 0) {
2590  SCLogDebug("SSLv3 Record length is 0");
2591  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2592  return SSL_DECODER_ERROR(-1);
2593  }
2594 
2595  if (!TLSVersionValid(ssl_state->curr_connp->version)) {
2596  SCLogDebug("ssl_state->curr_connp->version %04x", ssl_state->curr_connp->version);
2597  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_VERSION);
2598  return SSL_DECODER_ERROR(-1);
2599  }
2600 
2601  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN &&
2602  ssl_state->curr_connp->record_length > SSLV3_RECORD_MAX_LEN) {
2603  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_RECORD_LENGTH);
2604  return SSL_DECODER_ERROR(-1);
2605  }
2606  DEBUG_VALIDATE_BUG_ON(ssl_state->curr_connp->bytes_processed > SSLV3_RECORD_HDR_LEN);
2607  } else {
2608  ValidateRecordState(ssl_state->curr_connp);
2609 
2610  record_len = (ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN)- ssl_state->curr_connp->bytes_processed;
2611  record_len = MIN(input_len, record_len);
2612  }
2613  SCLogDebug("record length %u processed %u got %u",
2614  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
2615 
2616  /* if we don't have the full record, we return incomplete */
2617  if (ssl_state->curr_connp->record_length > input_len - parsed) {
2618  /* no need to use incomplete api buffering for application
2619  * records that we'll not use anyway. */
2620  if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
2621  SCLogDebug("application record");
2622  } else {
2623  uint32_t needed = ssl_state->curr_connp->record_length;
2624  SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
2625  ssl_state->curr_connp->record_length, input_len, parsed, needed);
2626  DEBUG_VALIDATE_BUG_ON(needed > SSLV3_RECORD_MAX_LEN);
2627  return SSL_DECODER_INCOMPLETE(parsed, needed);
2628  }
2629  }
2630 
2631  if (record_len == 0) {
2632  return SSL_DECODER_OK(parsed);
2633  }
2634 
2635  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2636  ssl_state->curr_connp->record_length, direction, TLS_FRAME_DATA);
2637 
2638  switch (ssl_state->curr_connp->content_type) {
2639  /* we don't need any data from these types */
2640  case SSLV3_CHANGE_CIPHER_SPEC:
2641  ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
2642 
2643  if (direction) {
2644  ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
2645  } else {
2646  ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
2647 
2648  // TODO TLS 1.3
2649  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2650  }
2651  break;
2652 
2653  case SSLV3_ALERT_PROTOCOL: {
2654  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2655  ssl_state->curr_connp->record_length, direction, TLS_FRAME_ALERT_DATA);
2656 
2657  int retval = SSLv3ParseAlertProtocol(ssl_state, input + parsed, record_len, direction);
2658  if (retval < 0) {
2659  SCLogDebug("SSLv3ParseAlertProtocol returned %d", retval);
2660  return SSL_DECODER_ERROR(-1);
2661  }
2662  break;
2663  }
2664  case SSLV3_APPLICATION_PROTOCOL:
2665  /* In TLSv1.3 early data (0-RTT) could be sent before the
2666  handshake is complete (rfc8446, section 2.3). We should
2667  therefore not mark the handshake as done before we have
2668  seen the ServerHello record. */
2669  if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) &&
2670  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0))
2671  break;
2672 
2673  /* if we see (encrypted) application data, then this means the
2674  handshake must be done */
2675  if (ssl_state->curr_connp == &ssl_state->client_connp) {
2676  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2677  } else {
2678  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2679  }
2680 
2681  if (ssl_config.encrypt_mode != SSL_CNF_ENC_HANDLE_FULL) {
2682  SCLogDebug("setting APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD");
2683  AppLayerParserStateSetFlag(pstate,
2684  APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD);
2685  }
2686 
2687  /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
2688  * heartbeat lke inspection to be able to be able to bypass the flow */
2689  if (ssl_config.encrypt_mode == SSL_CNF_ENC_HANDLE_BYPASS) {
2690  SCLogDebug("setting APP_LAYER_PARSER_NO_REASSEMBLY");
2691  AppLayerParserStateSetFlag(pstate,
2692  APP_LAYER_PARSER_NO_REASSEMBLY);
2693  AppLayerParserStateSetFlag(pstate,
2694  APP_LAYER_PARSER_NO_INSPECTION);
2695  AppLayerParserStateSetFlag(pstate,
2696  APP_LAYER_PARSER_BYPASS_READY);
2697  }
2698  break;
2699 
2700  case SSLV3_HANDSHAKE_PROTOCOL: {
2701  if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) {
2702  /* In TLSv1.3, ChangeCipherSpec is only used for middlebox
2703  compatibility (rfc8446, appendix D.4). */
2704  // Client hello flags is needed to have a valid version
2705  if ((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
2706  (ssl_state->client_connp.version > TLS_VERSION_12) &&
2707  ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) {
2708  /* do nothing */
2709  } else {
2710  // if we started parsing this, we must stop
2711  break;
2712  }
2713  }
2714 
2715  if (ssl_state->curr_connp->record_length < 4) {
2716  SSLParserReset(ssl_state);
2717  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2718  SCLogDebug("record len < 4 => %u", ssl_state->curr_connp->record_length);
2719  return SSL_DECODER_ERROR(-1);
2720  }
2721 
2722  int retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed,
2723  record_len, direction);
2724  SCLogDebug("retval %d", retval);
2725  if (retval < 0 || retval > (int)record_len) {
2726  DEBUG_VALIDATE_BUG_ON(retval > (int)record_len);
2727  SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
2728  SCLogDebug("SSLv3ParseHandshakeProtocol returned %d", retval);
2729  return SSL_DECODER_ERROR(-1);
2730  }
2731  ValidateRecordState(ssl_state->curr_connp);
2732  break;
2733  }
2734  case SSLV3_HEARTBEAT_PROTOCOL: {
2735  AppLayerFrameNewByPointer(ssl_state->f, &stream_slice, input + parsed,
2736  ssl_state->curr_connp->record_length, direction, TLS_FRAME_HB_DATA);
2737  int retval = SSLv3ParseHeartbeatProtocol(ssl_state, input + parsed,
2738  record_len, direction);
2739  if (retval < 0) {
2740  SCLogDebug("SSLv3ParseHeartbeatProtocol returned %d", retval);
2741  return SSL_DECODER_ERROR(-1);
2742  }
2743  break;
2744  }
2745  default:
2746  // should be unreachable now that we check after header parsing
2747  DEBUG_VALIDATE_BUG_ON(1);
2748  SCLogDebug("unsupported record type");
2749  return SSL_DECODER_ERROR(-1);
2750  }
2751 
2752  parsed += record_len;
2753  ssl_state->curr_connp->bytes_processed += record_len;
2754 
2755  if (ssl_state->curr_connp->bytes_processed >=
2756  ssl_state->curr_connp->record_length + SSLV3_RECORD_HDR_LEN) {
2757  SCLogDebug("record complete, trigger RAW");
2758  AppLayerParserTriggerRawStreamReassembly(
2759  ssl_state->f, direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
2760  SSLParserReset(ssl_state);
2761  ValidateRecordState(ssl_state->curr_connp);
2762  return SSL_DECODER_OK(parsed);
2763 
2764  } else {
2765  /* we still don't have the entire record for the one we are
2766  currently parsing */
2767  ValidateRecordState(ssl_state->curr_connp);
2768  return SSL_DECODER_OK(parsed);
2769  }
2770 }
2771 
2772 /**
2773  * \internal
2774  * \brief SSLv2, SSLv23, SSLv3, TLSv1.1, TLSv1.2, TLSv1.3 parser.
2775  *
2776  * On parsing error, this should be the only function that should reset
2777  * the parser state, to avoid multiple functions in the chain resetting
2778  * the parser state.
2779  *
2780  * \param direction 0 for toserver, 1 for toclient.
2781  * \param alstate Pointer to the state.
2782  * \param pstate Application layer parser state for this session.
2783  * \param output Pointer to the list of parsed output elements.
2784  *
2785  * \todo On reaching an inconsistent state, check if the input has
2786  * another new record, instead of just returning after the reset
2787  *
2788  * \retval >=0 On success.
2789  */
2790 static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate,
2791  AppLayerParserState *pstate, StreamSlice stream_slice)
2792 {
2793  SSLState *ssl_state = (SSLState *)alstate;
2794  ssl_state->tx_data.updated_tc = true;
2795  ssl_state->tx_data.updated_ts = true;
2796  uint32_t counter = 0;
2797  ssl_state->f = f;
2798  const uint8_t *input = StreamSliceGetData(&stream_slice);
2799  const uint8_t *init_input = input;
2800  int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
2801 
2802  if ((input == NULL || input_len == 0) &&
2803  ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
2804  (direction == 1 &&
2805  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
2806  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2807  if (direction == 0)
2808  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2809  else
2810  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2811  SCReturnStruct(APP_LAYER_OK);
2812  } else if (input == NULL || input_len == 0) {
2813  SCReturnStruct(APP_LAYER_ERROR);
2814  }
2815 
2816  if (direction == 0)
2817  ssl_state->curr_connp = &ssl_state->client_connp;
2818  else
2819  ssl_state->curr_connp = &ssl_state->server_connp;
2820 
2821  /* If entering on a new record, reset the current flags. */
2822  if (ssl_state->curr_connp->bytes_processed == 0) {
2823  ssl_state->current_flags = 0;
2824  }
2825 
2826  /* if we have more than one record */
2827  uint32_t max_records = MAX((input_len / SSL_RECORD_MINIMUM_LENGTH),1);
2828  while (input_len > 0) {
2829  if (counter > max_records) {
2830  SCLogDebug("Looks like we have looped quite a bit. Reset state "
2831  "and get out of here");
2832  SSLParserReset(ssl_state);
2833  SSLSetEvent(ssl_state,
2834  TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET);
2835  return APP_LAYER_ERROR;
2836  }
2837 
2838  /* ssl_state->bytes_processed is zero for a fresh record or
2839  positive to indicate a record currently being parsed */
2840 
2841  if (ssl_state->curr_connp->bytes_processed == 0) {
2842  if ((input[0] & 0x80) || (input[0] & 0x40)) {
2843  /* only SSLv2, has one of the top 2 bits set */
2844  ssl_state->curr_connp->version = SSL_VERSION_2;
2845  SCLogDebug("SSLv2 detected");
2846  } else if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2847  ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
2848  SCLogDebug("SSL/TLS version reset");
2849  }
2850  }
2851  SCLogDebug("record %u: bytes_processed %u, version %02X, input_len %u", counter,
2852  ssl_state->curr_connp->bytes_processed, ssl_state->curr_connp->version, input_len);
2853 
2854  if (ssl_state->curr_connp->version == SSL_VERSION_2) {
2855  if (ssl_state->curr_connp->bytes_processed == 0) {
2856  SCLogDebug("New SSLv2 record parsing");
2857  } else {
2858  SCLogDebug("Continuing parsing SSLv2 record");
2859  }
2860  struct SSLDecoderResult r =
2861  SSLv2Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2862  if (r.retval < 0 || r.retval > input_len) {
2863  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2864  SCLogDebug("Error parsing SSLv2. Resetting parser "
2865  "state. Let's get outta here");
2866  SSLParserReset(ssl_state);
2867  SSLSetEvent(ssl_state,
2868  TLS_DECODER_EVENT_INVALID_SSL_RECORD);
2869  return APP_LAYER_ERROR;
2870  } else if (r.needed) {
2871  input += r.retval;
2872  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2873  (uintmax_t)(input - init_input), r.needed);
2874  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2875  }
2876  input_len -= r.retval;
2877  input += r.retval;
2878  SCLogDebug("SSLv2 decoder consumed %d bytes: %u left", r.retval, input_len);
2879  } else {
2880  if (ssl_state->curr_connp->bytes_processed == 0) {
2881  SCLogDebug("New TLS record: record_length %u",
2882  ssl_state->curr_connp->record_length);
2883  } else {
2884  SCLogDebug("Continuing parsing TLS record: record_length %u, bytes_processed %u",
2885  ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed);
2886  }
2887  struct SSLDecoderResult r =
2888  SSLv3Decode(direction, ssl_state, pstate, input, input_len, stream_slice);
2889  if (r.retval < 0 || r.retval > input_len) {
2890  DEBUG_VALIDATE_BUG_ON(r.retval > input_len);
2891  SCLogDebug("Error parsing TLS. Resetting parser "
2892  "state. Let's get outta here");
2893  SSLParserReset(ssl_state);
2894  return APP_LAYER_ERROR;
2895  } else if (r.needed) {
2896  input += r.retval;
2897  SCLogDebug("returning consumed %" PRIuMAX " needed %u",
2898  (uintmax_t)(input - init_input), r.needed);
2899  SCReturnStruct(APP_LAYER_INCOMPLETE((uint32_t)(input - init_input), r.needed));
2900  }
2901  input_len -= r.retval;
2902  input += r.retval;
2903  SCLogDebug("TLS decoder consumed %d bytes: %u left", r.retval, input_len);
2904 
2905  if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_HDR_LEN
2906  && ssl_state->curr_connp->record_length == 0) {
2907  SCLogDebug("TLS empty record");
2908  /* empty record */
2909  SSLParserReset(ssl_state);
2910  }
2911  }
2912  counter++;
2913  } /* while (input_len) */
2914 
2915  /* mark handshake as done if we have subject and issuer */
2916  if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) &&
2917  ssl_state->client_connp.cert0_subject && ssl_state->client_connp.cert0_issuerdn) {
2918  /* update both sides to keep existing behavior */
2919  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2920  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2921  } else if ((ssl_state->flags & SSL_AL_FLAG_NEED_CLIENT_CERT) == 0 &&
2922  ssl_state->server_connp.cert0_subject && ssl_state->server_connp.cert0_issuerdn) {
2923  /* update both sides to keep existing behavior */
2924  UpdateClientState(ssl_state, TLS_STATE_CLIENT_HANDSHAKE_DONE);
2925  UpdateServerState(ssl_state, TLS_STATE_SERVER_HANDSHAKE_DONE);
2926  }
2927 
2928  /* flag session as finished if APP_LAYER_PARSER_EOF is set */
2929  if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
2930  AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
2931  /* update both sides to keep existing behavior */
2932  UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
2933  UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
2934  }
2935 
2936  return APP_LAYER_OK;
2937 }
2938 
2939 static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2940  StreamSlice stream_slice, void *local_data)
2941 {
2942  return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice);
2943 }
2944 
2945 static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
2946  StreamSlice stream_slice, void *local_data)
2947 {
2948  return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice);
2949 }
2950 
2951 /**
2952  * \internal
2953  * \brief Function to allocate the SSL state memory.
2954  */
2955 static void *SSLStateAlloc(void *orig_state, AppProto proto_orig)
2956 {
2957  SSLState *ssl_state = SCCalloc(1, sizeof(SSLState));
2958  if (unlikely(ssl_state == NULL))
2959  return NULL;
2960  ssl_state->client_connp.cert_log_flag = 0;
2961  ssl_state->server_connp.cert_log_flag = 0;
2962  memset(ssl_state->client_connp.random, 0, TLS_RANDOM_LEN);
2963  memset(ssl_state->server_connp.random, 0, TLS_RANDOM_LEN);
2964  TAILQ_INIT(&ssl_state->server_connp.certs);
2965  TAILQ_INIT(&ssl_state->server_connp.alpns);
2966  TAILQ_INIT(&ssl_state->client_connp.certs);
2967  TAILQ_INIT(&ssl_state->client_connp.alpns);
2968 
2969  return (void *)ssl_state;
2970 }
2971 
2972 static void SSLStateCertSANFree(SSLStateConnp *connp)
2973 {
2974  if (connp->cert0_sans) {
2975  for (uint16_t i = 0; i < connp->cert0_sans_len; i++) {
2976  rs_cstring_free(connp->cert0_sans[i]);
2977  }
2978  SCFree(connp->cert0_sans);
2979  }
2980 }
2981 
2982 /**
2983  * \internal
2984  * \brief Function to free the SSL state memory.
2985  */
2986 static void SSLStateFree(void *p)
2987 {
2988  SSLState *ssl_state = (SSLState *)p;
2989  SSLCertsChain *item;
2990 
2991  if (ssl_state->client_connp.cert0_subject)
2992  rs_cstring_free(ssl_state->client_connp.cert0_subject);
2993  if (ssl_state->client_connp.cert0_issuerdn)
2994  rs_cstring_free(ssl_state->client_connp.cert0_issuerdn);
2995  if (ssl_state->client_connp.cert0_serial)
2996  rs_cstring_free(ssl_state->client_connp.cert0_serial);
2997  if (ssl_state->client_connp.cert0_fingerprint)
2998  SCFree(ssl_state->client_connp.cert0_fingerprint);
2999  if (ssl_state->client_connp.sni)
3000  SCFree(ssl_state->client_connp.sni);
3001  if (ssl_state->client_connp.session_id)
3002  SCFree(ssl_state->client_connp.session_id);
3003  if (ssl_state->client_connp.hs_buffer)
3004  SCFree(ssl_state->client_connp.hs_buffer);
3005 
3006  if (ssl_state->server_connp.cert0_subject)
3007  rs_cstring_free(ssl_state->server_connp.cert0_subject);
3008  if (ssl_state->server_connp.cert0_issuerdn)
3009  rs_cstring_free(ssl_state->server_connp.cert0_issuerdn);
3010  if (ssl_state->server_connp.cert0_serial)
3011  rs_cstring_free(ssl_state->server_connp.cert0_serial);
3012  if (ssl_state->server_connp.cert0_fingerprint)
3013  SCFree(ssl_state->server_connp.cert0_fingerprint);
3014  if (ssl_state->server_connp.sni)
3015  SCFree(ssl_state->server_connp.sni);
3016  if (ssl_state->server_connp.session_id)
3017  SCFree(ssl_state->server_connp.session_id);
3018 
3019  if (ssl_state->client_connp.ja4)
3020  SCJA4Free(ssl_state->client_connp.ja4);
3021  if (ssl_state->client_connp.ja3_str)
3022  Ja3BufferFree(&ssl_state->client_connp.ja3_str);
3023  if (ssl_state->client_connp.ja3_hash)
3024  SCFree(ssl_state->client_connp.ja3_hash);
3025  if (ssl_state->server_connp.ja3_str)
3026  Ja3BufferFree(&ssl_state->server_connp.ja3_str);
3027  if (ssl_state->server_connp.ja3_hash)
3028  SCFree(ssl_state->server_connp.ja3_hash);
3029  if (ssl_state->server_connp.hs_buffer)
3030  SCFree(ssl_state->server_connp.hs_buffer);
3031 
3032  SSLStateCertSANFree(&ssl_state->server_connp);
3033  SSLStateCertSANFree(&ssl_state->client_connp);
3034 
3035  SCAppLayerTxDataCleanup(&ssl_state->tx_data);
3036 
3037  /* Free certificate chain */
3038  if (ssl_state->server_connp.certs_buffer)
3039  SCFree(ssl_state->server_connp.certs_buffer);
3040  while ((item = TAILQ_FIRST(&ssl_state->server_connp.certs))) {
3041  TAILQ_REMOVE(&ssl_state->server_connp.certs, item, next);
3042  SCFree(item);
3043  }
3044  TAILQ_INIT(&ssl_state->server_connp.certs);
3045  /* Free certificate chain */
3046  if (ssl_state->client_connp.certs_buffer)
3047  SCFree(ssl_state->client_connp.certs_buffer);
3048  while ((item = TAILQ_FIRST(&ssl_state->client_connp.certs))) {
3049  TAILQ_REMOVE(&ssl_state->client_connp.certs, item, next);
3050  SCFree(item);
3051  }
3052  TAILQ_INIT(&ssl_state->client_connp.certs);
3053 
3054  SSLAlpns *a;
3055  while ((a = TAILQ_FIRST(&ssl_state->server_connp.alpns))) {
3056  TAILQ_REMOVE(&ssl_state->server_connp.alpns, a, next);
3057  SCFree(a);
3058  }
3059  TAILQ_INIT(&ssl_state->server_connp.alpns);
3060  while ((a = TAILQ_FIRST(&ssl_state->client_connp.alpns))) {
3061  TAILQ_REMOVE(&ssl_state->client_connp.alpns, a, next);
3062  SCFree(a);
3063  }
3064  TAILQ_INIT(&ssl_state->client_connp.alpns);
3065 
3066  SCFree(ssl_state);
3067 }
3068 
3069 static void SSLStateTransactionFree(void *state, uint64_t tx_id)
3070 {
3071  /* do nothing */
3072 }
3073 
3074 static AppProto SSLProbingParser(Flow *f, uint8_t direction,
3075  const uint8_t *input, uint32_t ilen, uint8_t *rdir)
3076 {
3077  /* probably a rst/fin sending an eof */
3078  if (ilen < 3)
3079  return ALPROTO_UNKNOWN;
3080 
3081  /* for now just the 3 byte header ones */
3082  /* \todo Detect the 2 byte ones */
3083  if ((input[0] & 0x80) && (input[2] == 0x01)) {
3084  return ALPROTO_TLS;
3085  }
3086 
3087  return ALPROTO_FAILED;
3088 }
3089 
3090 static int SSLStateGetStateIdByName(const char *name, const uint8_t direction)
3091 {
3092  SCEnumCharMap *map =
3093  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
3094 
3095  int id = SCMapEnumNameToValue(name, map);
3096  if (id < 0) {
3097  return -1;
3098  }
3099  return id;
3100 }
3101 
3102 static const char *SSLStateGetStateNameById(const int id, const uint8_t direction)
3103 {
3104  SCEnumCharMap *map =
3105  direction == STREAM_TOSERVER ? tls_state_client_table : tls_state_server_table;
3106  const char *name = SCMapEnumValueToName(id, map);
3107  return name;
3108 }
3109 
3110 static int SSLStateGetFrameIdByName(const char *frame_name)
3111 {
3112  int id = SCMapEnumNameToValue(frame_name, tls_frame_table);
3113  if (id < 0) {
3114  return -1;
3115  }
3116  return id;
3117 }
3118 
3119 static const char *SSLStateGetFrameNameById(const uint8_t frame_id)
3120 {
3121  const char *name = SCMapEnumValueToName(frame_id, tls_frame_table);
3122  return name;
3123 }
3124 
3125 static int SSLStateGetEventInfo(
3126  const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
3127 {
3128  if (SCAppLayerGetEventIdByName(event_name, tls_decoder_event_table, event_id) == 0) {
3129  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3130  return 0;
3131  }
3132  return -1;
3133 }
3134 
3135 static int SSLStateGetEventInfoById(
3136  uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
3137 {
3138  *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
3139  if (*event_name == NULL) {
3140  SCLogError("event \"%d\" not present in "
3141  "ssl's enum map table.",
3142  event_id);
3143  /* yes this is fatal */
3144  return -1;
3145  }
3146 
3147  *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
3148 
3149  return 0;
3150 }
3151 
3152 static int SSLRegisterPatternsForProtocolDetection(void)
3153 {
3154  if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
3155  STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
3156  return -1;
3157  }
3158 
3159  /** SSLv3 */
3160  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3161  "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3162  {
3163  return -1;
3164  }
3165  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3166  "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
3167  {
3168  return -1;
3169  }
3170 
3171  /** TLSv1 */
3172  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3173  "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3174  {
3175  return -1;
3176  }
3177  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3178  "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
3179  {
3180  return -1;
3181  }
3182 
3183  /** TLSv1.1 */
3184  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3185  "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3186  {
3187  return -1;
3188  }
3189  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3190  "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
3191  {
3192  return -1;
3193  }
3194 
3195  /** TLSv1.2 */
3196  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3197  "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3198  {
3199  return -1;
3200  }
3201  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3202  "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
3203  {
3204  return -1;
3205  }
3206 
3207  /***** toclient direction *****/
3208 
3209  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3210  "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3211  {
3212  return -1;
3213  }
3214  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3215  "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3216  {
3217  return -1;
3218  }
3219  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3220  "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
3221  {
3222  return -1;
3223  }
3224 
3225  /** TLSv1 */
3226  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3227  "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3228  {
3229  return -1;
3230  }
3231  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3232  "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3233  {
3234  return -1;
3235  }
3236  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3237  "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
3238  {
3239  return -1;
3240  }
3241 
3242  /** TLSv1.1 */
3243  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3244  "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3245  {
3246  return -1;
3247  }
3248  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3249  "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3250  {
3251  return -1;
3252  }
3253  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3254  "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
3255  {
3256  return -1;
3257  }
3258 
3259  /** TLSv1.2 */
3260  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3261  "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3262  {
3263  return -1;
3264  }
3265  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3266  "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3267  {
3268  return -1;
3269  }
3270  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3271  "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
3272  {
3273  return -1;
3274  }
3275 
3276  /* Subsection - SSLv2 style record by client, but informing the server
3277  * the max version it supports.
3278  * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
3279  * it after some tests */
3280 #if 0
3281  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3282  "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
3283  {
3284  return -1;
3285  }
3286  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
3287  "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
3288  {
3289  return -1;
3290  }
3291 #endif
3292 
3293  return 0;
3294 }
3295 
3296 #ifdef HAVE_JA3
3297 static void CheckJA3Enabled(void)
3298 {
3299  const char *strval = NULL;
3300  /* Check if we should generate JA3 fingerprints */
3301  int enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3302  if (SCConfGet("app-layer.protocols.tls.ja3-fingerprints", &strval) != 1) {
3303  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3304  } else if (strcmp(strval, "auto") == 0) {
3305  enable_ja3 = SSL_CONFIG_DEFAULT_JA3;
3306  } else if (SCConfValIsFalse(strval)) {
3307  enable_ja3 = 0;
3308  ssl_config.disable_ja3 = true;
3309  } else if (SCConfValIsTrue(strval)) {
3310  enable_ja3 = true;
3311  }
3312  SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3);
3313  if (!ssl_config.disable_ja3 && !g_disable_hashing) {
3314  /* The feature is available, i.e. _could_ be activated by a rule or
3315  even is enabled in the configuration. */
3316  ProvidesFeature(FEATURE_JA3);
3317  }
3318 }
3319 #endif /* HAVE_JA3 */
3320 
3321 #ifdef HAVE_JA4
3322 static void CheckJA4Enabled(void)
3323 {
3324  const char *strval = NULL;
3325  /* Check if we should generate JA4 fingerprints */
3326  int enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3327  if (SCConfGet("app-layer.protocols.tls.ja4-fingerprints", &strval) != 1) {
3328  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3329  } else if (strcmp(strval, "auto") == 0) {
3330  enable_ja4 = SSL_CONFIG_DEFAULT_JA4;
3331  } else if (SCConfValIsFalse(strval)) {
3332  enable_ja4 = 0;
3333  ssl_config.disable_ja4 = true;
3334  } else if (SCConfValIsTrue(strval)) {
3335  enable_ja4 = true;
3336  }
3337  SC_ATOMIC_SET(ssl_config.enable_ja4, enable_ja4);
3338  if (!ssl_config.disable_ja4 && !g_disable_hashing) {
3339  /* The feature is available, i.e. _could_ be activated by a rule or
3340  even is enabled in the configuration. */
3341  ProvidesFeature(FEATURE_JA4);
3342  }
3343 }
3344 #endif /* HAVE_JA4 */
3345 
3346 /**
3347  * \brief Function to register the SSL protocol parser and other functions
3348  */
3349 void RegisterSSLParsers(void)
3350 {
3351  const char *proto_name = "tls";
3352 
3353  SC_ATOMIC_INIT(ssl_config.enable_ja3);
3354 
3355  /** SSLv2 and SSLv23*/
3356  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
3357  AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
3358 
3359  if (SSLRegisterPatternsForProtocolDetection() < 0)
3360  return;
3361 
3362  if (RunmodeIsUnittests()) {
3363  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3364  "443",
3365  ALPROTO_TLS,
3366  0, 3,
3367  STREAM_TOSERVER,
3368  SSLProbingParser, NULL);
3369  } else {
3370  if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
3371  proto_name, ALPROTO_TLS,
3372  0, 3,
3373  SSLProbingParser, NULL) == 0) {
3374  SCLogConfig("no TLS config found, "
3375  "enabling TLS detection on port 443.");
3376  AppLayerProtoDetectPPRegister(IPPROTO_TCP,
3377  "443",
3378  ALPROTO_TLS,
3379  0, 3,
3380  STREAM_TOSERVER,
3381  SSLProbingParser, NULL);
3382  }
3383  }
3384  } else {
3385  SCLogConfig("Protocol detection and parser disabled for %s protocol",
3386  proto_name);
3387  return;
3388  }
3389 
3390  if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
3391  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
3392  SSLParseClientRecord);
3393 
3394  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
3395  SSLParseServerRecord);
3396  AppLayerParserRegisterGetStateFuncs(
3397  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetStateIdByName, SSLStateGetStateNameById);
3398  AppLayerParserRegisterGetFrameFuncs(
3399  IPPROTO_TCP, ALPROTO_TLS, SSLStateGetFrameIdByName, SSLStateGetFrameNameById);
3400  AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
3401  AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById);
3402 
3403  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
3404 
3405  AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER);
3406 
3407  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
3408 
3409  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
3410  AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
3411  AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
3412 
3413  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
3414 
3415  AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetAlstateProgress);
3416 
3417  AppLayerParserRegisterStateProgressCompletionStatus(
3418  ALPROTO_TLS, TLS_STATE_CLIENT_FINISHED, TLS_STATE_SERVER_FINISHED);
3419 
3420  SCConfNode *enc_handle = SCConfGetNode("app-layer.protocols.tls.encryption-handling");
3421  if (enc_handle != NULL && enc_handle->val != NULL) {
3422  SCLogDebug("have app-layer.protocols.tls.encryption-handling = %s", enc_handle->val);
3423  if (strcmp(enc_handle->val, "full") == 0) {
3424  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_FULL;
3425  } else if (strcmp(enc_handle->val, "bypass") == 0) {
3426  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3427  } else if (strcmp(enc_handle->val, "track-only") == 0) {
3428  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3429  } else if (strcmp(enc_handle->val, "default") == 0) {
3430  SCLogWarning("app-layer.protocols.tls.encryption-handling = default is deprecated "
3431  "and will be removed in Suricata 9, use \"track-only\" instead, "
3432  "(see ticket #7642)");
3433  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3434  } else {
3435  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_TRACK_ONLY;
3436  }
3437  } else {
3438  /* Get the value of no reassembly option from the config file */
3439  if (SCConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
3440  int value = 0;
3441  if (SCConfGetBool("tls.no-reassemble", &value) == 1 && value == 1)
3442  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3443  } else {
3444  int value = 0;
3445  if (SCConfGetBool("app-layer.protocols.tls.no-reassemble", &value) == 1 &&
3446  value == 1)
3447  ssl_config.encrypt_mode = SSL_CNF_ENC_HANDLE_BYPASS;
3448  }
3449  }
3450  SCLogDebug("ssl_config.encrypt_mode %u", ssl_config.encrypt_mode);
3451 
3452 #ifdef HAVE_JA3
3453  CheckJA3Enabled();
3454 #endif /* HAVE_JA3 */
3455 #ifdef HAVE_JA4
3456  CheckJA4Enabled();
3457 #endif /* HAVE_JA4 */
3458 
3459  if (g_disable_hashing) {
3460  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3461  SCLogWarning("MD5 calculation has been disabled, disabling JA3");
3462  SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
3463  }
3464  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3465  SCLogWarning("Hashing has been disabled, disabling JA4");
3466  SC_ATOMIC_SET(ssl_config.enable_ja4, 0);
3467  }
3468  } else {
3469  if (RunmodeIsUnittests()) {
3470 #ifdef HAVE_JA3
3471  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3472 #endif /* HAVE_JA3 */
3473 #ifdef HAVE_JA4
3474  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3475 #endif /* HAVE_JA4 */
3476  }
3477  }
3478  } else {
3479  SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.", proto_name);
3480  }
3481 }
3482 
3483 /**
3484  * \brief if not explicitly disabled in config, enable ja3 support
3485  *
3486  * Implemented using atomic to allow rule reloads to do this at
3487  * runtime.
3488  */
3489 void SSLEnableJA3(void)
3490 {
3491  if (g_disable_hashing || ssl_config.disable_ja3) {
3492  return;
3493  }
3494  if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
3495  return;
3496  }
3497  SC_ATOMIC_SET(ssl_config.enable_ja3, 1);
3498 }
3499 
3500 /**
3501  * \brief if not explicitly disabled in config, enable ja4 support
3502  *
3503  * Implemented using atomic to allow rule reloads to do this at
3504  * runtime.
3505  */
3506 void SSLEnableJA4(void)
3507 {
3508  if (g_disable_hashing || ssl_config.disable_ja4) {
3509  return;
3510  }
3511  if (SC_ATOMIC_GET(ssl_config.enable_ja4)) {
3512  return;
3513  }
3514  SC_ATOMIC_SET(ssl_config.enable_ja4, 1);
3515 }
3516 
3517 /**
3518  * \brief return whether ja3 is effectively enabled
3519  *
3520  * This means that it either has been enabled explicitly or has been
3521  * enabled by having loaded a rule while not being explicitly disabled.
3522  *
3523  * \retval true if enabled, false otherwise
3524  */
3525 bool SSLJA3IsEnabled(void)
3526 {
3527  return SC_ATOMIC_GET(ssl_config.enable_ja3);
3528 }
3529 
3530 /**
3531  * \brief return whether ja4 is effectively enabled
3532  *
3533  * This means that it either has been enabled explicitly or has been
3534  * enabled by having loaded a rule while not being explicitly disabled.
3535  *
3536  * \retval true if enabled, false otherwise
3537  */
3538 bool SSLJA4IsEnabled(void)
3539 {
3540  return SC_ATOMIC_GET(ssl_config.enable_ja4);
3541 }
SSLV3_CHANGE_CIPHER_SPEC
#define SSLV3_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.c:210
ERR_INVALID_SERIAL
@ ERR_INVALID_SERIAL
Definition: app-layer-ssl.c:174
tls_frame_table
SCEnumCharMap tls_frame_table[]
Definition: app-layer-ssl.c:98
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:71
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:260
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:499
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:301
SslConfig_::disable_ja3
bool disable_ja3
Definition: app-layer-ssl.c:202
SSL_EXTENSION_EC_POINT_FORMATS
#define SSL_EXTENSION_EC_POINT_FORMATS
Definition: app-layer-ssl.h:148
AppLayerProtoDetectPPParseConfPorts
int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
Definition: app-layer-detect-proto.c:1567
TLS_VERSION_12
@ TLS_VERSION_12
Definition: app-layer-ssl.h:172
SCConfValIsTrue
int SCConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:551
JA3Buffer_
Definition: util-ja3.h:31
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:230
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
TLS_HB_RESPONSE
#define TLS_HB_RESPONSE
Definition: app-layer-ssl.c:251
SHA1_STRING_LENGTH
#define SHA1_STRING_LENGTH
Definition: app-layer-ssl.c:255
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
TLS_VERSION_10
@ TLS_VERSION_10
Definition: app-layer-ssl.h:170
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:73
ERR_EXTRACT_SUBJECT
@ ERR_EXTRACT_SUBJECT
Definition: app-layer-ssl.c:182
SSLV3_HS_FINISHED
#define SSLV3_HS_FINISHED
Definition: app-layer-ssl.c:227
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:311
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSL_EXTENSION_ELLIPTIC_CURVES
#define SSL_EXTENSION_ELLIPTIC_CURVES
Definition: app-layer-ssl.h:147
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:247
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:322
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:39
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3506
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
SSL_AL_FLAG_EARLY_DATA
#define SSL_AL_FLAG_EARLY_DATA
Definition: app-layer-ssl.h:132
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:255
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:38
TLS_VERSION_13_DRAFT19
@ TLS_VERSION_13_DRAFT19
Definition: app-layer-ssl.h:183
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLV2_MT_SERVER_FINISHED
#define SSLV2_MT_SERVER_FINISHED
Definition: app-layer-ssl.c:238
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:323
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:263
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:121
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:85
ValidateRecordState
#define ValidateRecordState(...)
Definition: app-layer-ssl.c:306
SSLStateConnp_
Definition: app-layer-ssl.h:240
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:343
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1566
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:283
SSL_CONFIG_DEFAULT_JA3
#define SSL_CONFIG_DEFAULT_JA3
Definition: app-layer-ssl.c:188
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:257
tls_decoder_event_table
SCEnumCharMap tls_decoder_event_table[]
Definition: app-layer-ssl.c:130
Flow_
Flow data structure.
Definition: flow.h:356
SSL_EXTENSION_SUPPORTED_VERSIONS
#define SSL_EXTENSION_SUPPORTED_VERSIONS
Definition: app-layer-ssl.h:153
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:302
SSL_VERSION_2
@ SSL_VERSION_2
Definition: app-layer-ssl.h:168
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:110
SC_SHA1_LEN
#define SC_SHA1_LEN
Definition: util-file.h:40
SSLV3_HS_SERVER_HELLO
#define SSLV3_HS_SERVER_HELLO
Definition: app-layer-ssl.c:219
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:547
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:413
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:350
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:305
SSLParserHSReset
#define SSLParserHSReset(connp)
Definition: app-layer-ssl.c:309
SSLV3_HS_CERTIFICATE
#define SSLV3_HS_CERTIFICATE
Definition: app-layer-ssl.c:221
ERR_INVALID_X509NAME
@ ERR_INVALID_X509NAME
Definition: app-layer-ssl.c:176
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:509
SSLV3_HEARTBEAT_PROTOCOL
#define SSLV3_HEARTBEAT_PROTOCOL
Definition: app-layer-ssl.c:214
SSLV2_MT_SERVER_HELLO
#define SSLV2_MT_SERVER_HELLO
Definition: app-layer-ssl.c:236
SSLAlpns_::size
uint32_t size
Definition: app-layer-ssl.h:236
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:317
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value)
Definition: util-ja3.c:314
SSLV3_HS_CERTIFICATE_URL
#define SSLV3_HS_CERTIFICATE_URL
Definition: app-layer-ssl.c:228
TLS_STATE_SERVER_HELLO_DONE
@ TLS_STATE_SERVER_HELLO_DONE
Definition: app-layer-ssl.h:89
MIN
#define MIN(x, y)
Definition: suricata-common.h:400
SSLAlpns_
Definition: app-layer-ssl.h:234
SCConfGetBool
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:497
AppLayerParserRegisterGetStateFuncs
void AppLayerParserRegisterGetStateFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetStateIdByNameFn GetIdByNameFunc, AppLayerParserGetStateNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:574
util-ja3.h
SCConfValIsFalse
int SCConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:576
ERR_INVALID_ALGORITHMIDENTIFIER
@ ERR_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.c:175
SSL_AL_FLAG_STATE_SERVER_KEYX
#define SSL_AL_FLAG_STATE_SERVER_KEYX
Definition: app-layer-ssl.h:112
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:304
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:270
SSLStateConnp_::ja4
JA4 * ja4
Definition: app-layer-ssl.h:285
TLS_VERSION_11
@ TLS_VERSION_11
Definition: app-layer-ssl.h:171
SSLV3_HS_CERTIFICATE_VERIFY
#define SSLV3_HS_CERTIFICATE_VERIFY
Definition: app-layer-ssl.c:225
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
SSL_CNF_ENC_HANDLE_TRACK_ONLY
@ SSL_CNF_ENC_HANDLE_TRACK_ONLY
Definition: app-layer-ssl.c:192
MAX
#define MAX(x, y)
Definition: suricata-common.h:404
TLS_VERSION_13_DRAFT26_FB
@ TLS_VERSION_13_DRAFT26_FB
Definition: app-layer-ssl.h:192
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:290
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:39
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:74
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
TLS_VERSION_13_DRAFT25
@ TLS_VERSION_13_DRAFT25
Definition: app-layer-ssl.h:177
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:244
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSL_AL_FLAG_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:98
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:261
ERR_INVALID_DATE
@ ERR_INVALID_DATE
Definition: app-layer-ssl.c:177
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:292
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:69
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:62
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
#define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY
Definition: app-layer-ssl.h:103
SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED
Definition: app-layer-ssl.h:104
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:264
ERR_INVALID_LENGTH
@ ERR_INVALID_LENGTH
Definition: app-layer-ssl.c:172
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:315
AppLayerProtoDetectPPRegister
void AppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
Definition: app-layer-detect-proto.c:1527
SSL_AL_FLAG_HB_SERVER_INIT
#define SSL_AL_FLAG_HB_SERVER_INIT
Definition: app-layer-ssl.h:118
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:72
SSLV2_MT_SERVER_VERIFY
#define SSLV2_MT_SERVER_VERIFY
Definition: app-layer-ssl.c:237
app-layer-detect-proto.h
SSLDecoderResult::needed
uint32_t needed
Definition: app-layer-ssl.c:261
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
APP_LAYER_INCOMPLETE
#define APP_LAYER_INCOMPLETE(c, n)
Definition: app-layer-parser.h:75
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **buffer)
Free allocated buffer.
Definition: util-ja3.c:54
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
feature.h
decode.h
TLS_VERSION_13_DRAFT28
@ TLS_VERSION_13_DRAFT28
Definition: app-layer-ssl.h:174
util-debug.h
TLS_STATE_CLIENT_HANDSHAKE_DONE
@ TLS_STATE_CLIENT_HANDSHAKE_DONE
Definition: app-layer-ssl.h:81
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
AppLayerParserState_
Definition: app-layer-parser.c:133
TLS_HB_REQUEST
#define TLS_HB_REQUEST
Definition: app-layer-ssl.c:250
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3525
TLS_TC_RANDOM_SET
#define TLS_TC_RANDOM_SET
Definition: app-layer-ssl.h:138
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
ERR_INVALID_CERTIFICATE
@ ERR_INVALID_CERTIFICATE
Definition: app-layer-ssl.c:171
SSLState_::client_state
enum TlsStateClient client_state
Definition: app-layer-ssl.h:319
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **buffer1, JA3Buffer **buffer2)
Definition: util-ja3.c:309
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:252
SSLV2_MT_REQUEST_CERTIFICATE
#define SSLV2_MT_REQUEST_CERTIFICATE
Definition: app-layer-ssl.c:239
SSLDecoderResult::retval
int retval
Definition: app-layer-ssl.c:260
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:293
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:277
TLS_STATE_CLIENT_HELLO_DONE
@ TLS_STATE_CLIENT_HELLO_DONE
Definition: app-layer-ssl.h:79
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
TlsStateServer
TlsStateServer
Definition: app-layer-ssl.h:85
TLS_VERSION_13_DRAFT17
@ TLS_VERSION_13_DRAFT17
Definition: app-layer-ssl.h:185
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:67
SSLCertsChain_
Definition: app-layer-ssl.h:228
TLS_VERSION_13_DRAFT21_FB
@ TLS_VERSION_13_DRAFT21_FB
Definition: app-layer-ssl.h:189
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:584
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:64
SSLParserReset
#define SSLParserReset(state)
Definition: app-layer-ssl.c:315
TlsStateClient
TlsStateClient
Definition: app-layer-ssl.h:77
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:70
TLS_TS_RANDOM_SET
#define TLS_TS_RANDOM_SET
Definition: app-layer-ssl.h:135
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:434
AppLayerProtoDetectPMRegisterPatternCSwPP
int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction, ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
Definition: app-layer-detect-proto.c:1654
SSLVersionToString
void SSLVersionToString(uint16_t version, char *buffer)
Definition: app-layer-ssl.c:391
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:36
SSL_AL_FLAG_STATE_CLIENT_HELLO
#define SSL_AL_FLAG_STATE_CLIENT_HELLO
Definition: app-layer-ssl.h:109
TLS_STATE_SERVER_FINISHED
@ TLS_STATE_SERVER_FINISHED
Definition: app-layer-ssl.h:91
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:162
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja3)
app-layer-parser.h
TLS_STATE_CLIENT_IN_PROGRESS
@ TLS_STATE_CLIENT_IN_PROGRESS
Definition: app-layer-ssl.h:78
TLS_VERSION_13_DRAFT24
@ TLS_VERSION_13_DRAFT24
Definition: app-layer-ssl.h:178
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
TLS_VERSION_UNKNOWN
@ TLS_VERSION_UNKNOWN
Definition: app-layer-ssl.h:167
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:594
SslConfigEncryptHandling
SslConfigEncryptHandling
Definition: app-layer-ssl.c:191
SSL_AL_FLAG_HB_CLIENT_INIT
#define SSL_AL_FLAG_HB_CLIENT_INIT
Definition: app-layer-ssl.h:117
SSL_AL_FLAG_STATE_CLIENT_KEYX
#define SSL_AL_FLAG_STATE_CLIENT_KEYX
Definition: app-layer-ssl.h:111
SSLV3_RECORD_HDR_LEN
#define SSLV3_RECORD_HDR_LEN
Definition: app-layer-ssl.c:242
SSLV2_MT_CLIENT_MASTER_KEY
#define SSLV2_MT_CLIENT_MASTER_KEY
Definition: app-layer-ssl.c:234
SSL_EXTENSION_ALPN
#define SSL_EXTENSION_ALPN
Definition: app-layer-ssl.h:150
type
uint16_t type
Definition: decode-vlan.c:106
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:40
conf.h
ERR_EXTRACT_ISSUER
@ ERR_EXTRACT_ISSUER
Definition: app-layer-ssl.c:183
SSL_CONFIG_DEFAULT_JA4
#define SSL_CONFIG_DEFAULT_JA4
Definition: app-layer-ssl.c:189
SSL_AL_FLAG_CH_VERSION_EXTENSION
#define SSL_AL_FLAG_CH_VERSION_EXTENSION
Definition: app-layer-ssl.h:124
SSLState_::server_state
enum TlsStateServer server_state
Definition: app-layer-ssl.h:320
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3489
TLS_VERSION_13_DRAFT20_FB
@ TLS_VERSION_13_DRAFT20_FB
Definition: app-layer-ssl.h:188
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:242
SslConfig_
Definition: app-layer-ssl.c:197
name
const char * name
Definition: tm-threads.c:2135
SSLV2_MT_CLIENT_HELLO
#define SSLV2_MT_CLIENT_HELLO
Definition: app-layer-ssl.c:233
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1763
TLS_VERSION_13_DRAFT22
@ TLS_VERSION_13_DRAFT22
Definition: app-layer-ssl.h:180
TLS_STATE_SERVER_CERT_DONE
@ TLS_STATE_SERVER_CERT_DONE
Definition: app-layer-ssl.h:88
SSLV3_APPLICATION_PROTOCOL
#define SSLV3_APPLICATION_PROTOCOL
Definition: app-layer-ssl.c:213
SSLV3_ALERT_PROTOCOL
#define SSLV3_ALERT_PROTOCOL
Definition: app-layer-ssl.c:211
SSLV2_MT_CLIENT_CERTIFICATE
#define SSLV2_MT_CLIENT_CERTIFICATE
Definition: app-layer-ssl.c:240
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:229
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:257
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:278
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:35
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:401
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
TLS_VERSION_13_DRAFT23_FB
@ TLS_VERSION_13_DRAFT23_FB
Definition: app-layer-ssl.h:191
SSL_AL_FLAG_NEED_CLIENT_CERT
#define SSL_AL_FLAG_NEED_CLIENT_CERT
Definition: app-layer-ssl.h:140
SSLV3_HS_CLIENT_KEY_EXCHANGE
#define SSLV3_HS_CLIENT_KEY_EXCHANGE
Definition: app-layer-ssl.c:226
SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:95
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
HAS_SPACE
#define HAS_SPACE(n)
Definition: app-layer-ssl.c:257
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:529
SSL_VERSION_3
@ SSL_VERSION_3
Definition: app-layer-ssl.h:169
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1830
SSLDecoderResult
Definition: app-layer-ssl.c:259
APP_LAYER_OK
#define APP_LAYER_OK
Definition: app-layer-parser.h:63
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1466
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:63
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:259
SSLV3_RECORD_MAX_LEN
#define SSLV3_RECORD_MAX_LEN
Definition: app-layer-ssl.c:244
app-layer-frames.h
SSL_DECODER_ERROR
#define SSL_DECODER_ERROR(e)
Definition: app-layer-ssl.c:263
SSL_AL_FLAG_SSL_CLIENT_HS
#define SSL_AL_FLAG_SSL_CLIENT_HS
Definition: app-layer-ssl.h:101
SCMapEnumValueToName
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:68
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:291
ERR_EXTRACT_VALIDITY
@ ERR_EXTRACT_VALIDITY
Definition: app-layer-ssl.c:184
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:61
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3349
SSLV3_CLIENT_HELLO_VERSION_LEN
#define SSLV3_CLIENT_HELLO_VERSION_LEN
Definition: app-layer-ssl.c:246
SCMapEnumNameToValue
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:40
SSL_DECODER_OK
#define SSL_DECODER_OK(c)
Definition: app-layer-ssl.c:268
suricata-common.h
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSL_EXTENSION_SESSION_TICKET
#define SSL_EXTENSION_SESSION_TICKET
Definition: app-layer-ssl.h:151
SSL_EXTENSION_SIGNATURE_ALGORITHMS
#define SSL_EXTENSION_SIGNATURE_ALGORITHMS
Definition: app-layer-ssl.h:149
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *buffer)
Definition: util-ja3.c:319
SSL_EXTENSION_EARLY_DATA
#define SSL_EXTENSION_EARLY_DATA
Definition: app-layer-ssl.h:152
SCEnumCharMap_
Definition: util-enum.h:27
SSLAlpns_::alpn
uint8_t alpn[]
Definition: app-layer-ssl.h:237
TLS_VERSION_13_DRAFT27
@ TLS_VERSION_13_DRAFT27
Definition: app-layer-ssl.h:175
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:250
SSLSetEvent
#define SSLSetEvent(ssl_state, event)
Definition: app-layer-ssl.c:322
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:615
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:291
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:65
SSL_DECODER_INCOMPLETE
#define SSL_DECODER_INCOMPLETE(c, n)
Definition: app-layer-ssl.c:273
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:605
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition: app-layer-frames.c:457
FEATURE_JA4
#define FEATURE_JA4
Definition: feature.h:30
SslConfig_::encrypt_mode
enum SslConfigEncryptHandling encrypt_mode
Definition: app-layer-ssl.c:198
TLS_STATE_CLIENT_CERT_DONE
@ TLS_STATE_CLIENT_CERT_DONE
Definition: app-layer-ssl.h:80
SSLV3_HS_HELLO_REQUEST
#define SSLV3_HS_HELLO_REQUEST
Definition: app-layer-ssl.c:217
SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
#define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC
Definition: app-layer-ssl.h:97
SSLV3_HS_CERTIFICATE_REQUEST
#define SSLV3_HS_CERTIFICATE_REQUEST
Definition: app-layer-ssl.c:223
util-validate.h
SSL_SNI_TYPE_HOST_NAME
#define SSL_SNI_TYPE_HOST_NAME
Definition: app-layer-ssl.h:156
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SSLV2_MT_CLIENT_FINISHED
#define SSLV2_MT_CLIENT_FINISHED
Definition: app-layer-ssl.c:235
TLS_VERSION_13_PRE_DRAFT16
@ TLS_VERSION_13_PRE_DRAFT16
Definition: app-layer-ssl.h:187
ssl_config
SslConfig ssl_config
Definition: app-layer-ssl.c:207
str
#define str(s)
Definition: suricata-common.h:300
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
TLS_STATE_SERVER_IN_PROGRESS
@ TLS_STATE_SERVER_IN_PROGRESS
Definition: app-layer-ssl.h:86
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:66
src
uint16_t src
Definition: app-layer-dnp3.h:5
TLS_VERSION_13_DRAFT20
@ TLS_VERSION_13_DRAFT20
Definition: app-layer-ssl.h:182
payload_len
uint16_t payload_len
Definition: stream-tcp-private.h:1
SSLV2_MT_ERROR
#define SSLV2_MT_ERROR
Definition: app-layer-ssl.c:232
TLS_VERSION_13_DRAFT22_FB
@ TLS_VERSION_13_DRAFT22_FB
Definition: app-layer-ssl.h:190
SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
#define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED
Definition: app-layer-ssl.h:105
SSLV3_HANDSHAKE_PROTOCOL
#define SSLV3_HANDSHAKE_PROTOCOL
Definition: app-layer-ssl.c:212
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3538
SSLStateConnp_::cert0_sans_len
uint16_t cert0_sans_len
Definition: app-layer-ssl.h:268
SslConfig_::disable_ja4
bool disable_ja4
Definition: app-layer-ssl.c:204
TLS_VERSION_13_DRAFT23
@ TLS_VERSION_13_DRAFT23
Definition: app-layer-ssl.h:179
TLS_VERSION_13
@ TLS_VERSION_13
Definition: app-layer-ssl.h:173
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
ALPROTO_FAILED
@ ALPROTO_FAILED
Definition: app-layer-protos.h:33
SSLV3_HS_CLIENT_HELLO
#define SSLV3_HS_CLIENT_HELLO
Definition: app-layer-ssl.c:218
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:280
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:68
SSLV3_CLIENT_HELLO_RANDOM_LEN
#define SSLV3_CLIENT_HELLO_RANDOM_LEN
Definition: app-layer-ssl.c:247
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:111
SslConfig_::SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, enable_ja4)
app-layer-protos.h
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
ERR_INVALID_DER
@ ERR_INVALID_DER
Definition: app-layer-ssl.c:179
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:519
SSL_CNF_ENC_HANDLE_BYPASS
@ SSL_CNF_ENC_HANDLE_BYPASS
Definition: app-layer-ssl.c:193
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:67
SslConfig
struct SslConfig_ SslConfig
FEATURE_JA3
#define FEATURE_JA3
Definition: feature.h:29
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:562
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
SSL_AL_FLAG_SSL_NO_SESSION_ID
#define SSL_AL_FLAG_SSL_NO_SESSION_ID
Definition: app-layer-ssl.h:106
id
uint32_t id
Definition: detect-flowbits.c:933
TLS_STATE_SERVER_HELLO
@ TLS_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:87
TLS_VERSION_13_DRAFT21
@ TLS_VERSION_13_DRAFT21
Definition: app-layer-ssl.h:181
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1641
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:37
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:272
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
TLS_DECODER_EVENT_INVALID_ALERT
@ TLS_DECODER_EVENT_INVALID_ALERT
Definition: app-layer-ssl.h:59
SSL_EXTENSION_SNI
#define SSL_EXTENSION_SNI
Definition: app-layer-ssl.h:146
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:265
TLS_VERSION_13_DRAFT16
@ TLS_VERSION_13_DRAFT16
Definition: app-layer-ssl.h:186
SSL_RECORD_MINIMUM_LENGTH
#define SSL_RECORD_MINIMUM_LENGTH
Definition: app-layer-ssl.c:253
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:282
TLS_STATE_SERVER_HANDSHAKE_DONE
@ TLS_STATE_SERVER_HANDSHAKE_DONE
Definition: app-layer-ssl.h:90
AppLayerParserStateIssetFlag
uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1838
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
ERR_INVALID_EXTENSIONS
@ ERR_INVALID_EXTENSIONS
Definition: app-layer-ssl.c:178
SSLV3_HS_SERVER_HELLO_DONE
#define SSLV3_HS_SERVER_HELLO_DONE
Definition: app-layer-ssl.c:224
util-enum.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
SCConfNode_
Definition: conf.h:32
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:289
SCConfNode_::val
char * val
Definition: conf.h:34
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1964
ERR_INVALID_VERSION
@ ERR_INVALID_VERSION
Definition: app-layer-ssl.c:173
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:262
TLS_STATE_CLIENT_FINISHED
@ TLS_STATE_CLIENT_FINISHED
Definition: app-layer-ssl.h:82
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
app-layer-ssl.h
TLS_VERSION_13_DRAFT18
@ TLS_VERSION_13_DRAFT18
Definition: app-layer-ssl.h:184
SSLV3_HS_NEW_SESSION_TICKET
#define SSLV3_HS_NEW_SESSION_TICKET
Definition: app-layer-ssl.c:220
SCAppLayerGetEventIdByName
int SCAppLayerGetEventIdByName(const char *event_name, SCEnumCharMap *table, uint8_t *event_id)
Definition: app-layer-events.c:28
WARN_UNUSED
#define WARN_UNUSED
Definition: suricata-common.h:412
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:128
SSLV3_HS_CERTIFICATE_STATUS
#define SSLV3_HS_CERTIFICATE_STATUS
Definition: app-layer-ssl.c:229
SSL_AL_FLAG_HB_INFLIGHT
#define SSL_AL_FLAG_HB_INFLIGHT
Definition: app-layer-ssl.h:116
SSL_AL_FLAG_SSL_SERVER_HS
#define SSL_AL_FLAG_SSL_SERVER_HS
Definition: app-layer-ssl.h:102
app-layer.h
TLS_VERSION_13_DRAFT26
@ TLS_VERSION_13_DRAFT26
Definition: app-layer-ssl.h:176
SSL_CNF_ENC_HANDLE_FULL
@ SSL_CNF_ENC_HANDLE_FULL
Definition: app-layer-ssl.c:194
SSLStateConnp_::cert0_sans
char ** cert0_sans
Definition: app-layer-ssl.h:267
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:308
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:249
SSLV3_HS_SERVER_KEY_EXCHANGE
#define SSLV3_HS_SERVER_KEY_EXCHANGE
Definition: app-layer-ssl.c:222
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:213