set(prefix "${CMAKE_INSTALL_PREFIX}")
set(exec_prefix "\${prefix}")
set(bindir "\${exec_prefix}/bin")
-set(libdir "\${prefix}/${CMAKE_INSTALL_LIBDIR}")
+set(libdir "${CMAKE_INSTALL_FULL_LIBDIR}")
set(includedir "\${prefix}/include")
set(datarootdir "\${prefix}/share")
set(datadir "\${datarootdir}")
#include "file_lib.h"
-#include <openssl/sha.h>
+#include <openssl/evp.h>
#include <iostream>
#include <iomanip>
FileContext::~FileContext ()
{
if (file_signature_context)
- snort_free(file_signature_context);
+ EVP_MD_CTX_free((EVP_MD_CTX*)file_signature_context);
if (file_capture)
stop_file_capture();
switch (position)
{
case SNORT_FILE_START:
+ {
if (!file_signature_context)
- file_signature_context = snort_calloc(sizeof(SHA256_CTX));
- SHA256_Init((SHA256_CTX*)file_signature_context);
- SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
+ file_signature_context = EVP_MD_CTX_new();
+
+ EVP_MD_CTX* ctx = (EVP_MD_CTX*)file_signature_context;
+ EVP_DigestInit_ex(ctx, EVP_sha256(), nullptr);
+ EVP_DigestUpdate(ctx, file_data, data_size);
FILE_DEBUG(file_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL, GET_CURRENT_PACKET,
"position is start of file\n");
if (file_state.sig_state == FILE_SIG_FLUSH)
{
- static uint8_t file_signature_context_backup[sizeof(SHA256_CTX)];
- sha256 = (uint8_t*)snort_alloc(SHA256_HASH_SIZE);
- memcpy(file_signature_context_backup, file_signature_context, sizeof(SHA256_CTX));
-
- SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
- memcpy(file_signature_context, file_signature_context_backup, sizeof(SHA256_CTX));
+ if (!sha256)
+ sha256 = (uint8_t*)snort_alloc(SHA256_HASH_SIZE);
+ EVP_MD_CTX* tmp = EVP_MD_CTX_new();
+ if (tmp && EVP_MD_CTX_copy_ex(tmp, ctx) == 1)
+ {
+ unsigned int out_len = 0;
+ EVP_DigestFinal_ex(tmp, sha256, &out_len);
+ }
+ if (tmp)
+ EVP_MD_CTX_free(tmp);
}
break;
+ }
case SNORT_FILE_MIDDLE:
+ {
if (!file_signature_context)
return;
- SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
+ EVP_MD_CTX* ctx = (EVP_MD_CTX*)file_signature_context;
+ EVP_DigestUpdate(ctx, file_data, data_size);
FILE_DEBUG(file_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL, GET_CURRENT_PACKET,
"position is middle of the file\n");
if (file_state.sig_state == FILE_SIG_FLUSH)
{
- static uint8_t file_signature_context_backup[sizeof(SHA256_CTX)];
- if ( !sha256 )
+ if (!sha256)
sha256 = (uint8_t*)snort_alloc(SHA256_HASH_SIZE);
- memcpy(file_signature_context_backup, file_signature_context, sizeof(SHA256_CTX));
-
- SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
- memcpy(file_signature_context, file_signature_context_backup, sizeof(SHA256_CTX));
+ EVP_MD_CTX* tmp = EVP_MD_CTX_new();
+ if (tmp && EVP_MD_CTX_copy_ex(tmp, ctx) == 1)
+ {
+ unsigned int out_len = 0;
+ EVP_DigestFinal_ex(tmp, sha256, &out_len);
+ }
+ if (tmp)
+ EVP_MD_CTX_free(tmp);
}
-
break;
+ }
case SNORT_FILE_END:
+ {
if (!file_signature_context)
return;
- SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
+ EVP_MD_CTX* ctx = (EVP_MD_CTX*)file_signature_context;
+ EVP_DigestUpdate(ctx, file_data, data_size);
sha256 = new uint8_t[SHA256_HASH_SIZE];
- SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
+ unsigned int out_len = 0;
+ EVP_DigestFinal_ex(ctx, sha256, &out_len);
file_state.sig_state = FILE_SIG_DONE;
FILE_DEBUG(file_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL, GET_CURRENT_PACKET,
"position is end of the file\n");
break;
+ }
case SNORT_FILE_FULL:
+ {
if (!file_signature_context)
- file_signature_context = snort_calloc(sizeof (SHA256_CTX));
- SHA256_Init((SHA256_CTX*)file_signature_context);
- SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
+ file_signature_context = EVP_MD_CTX_new();
+ EVP_MD_CTX* ctx = (EVP_MD_CTX*)file_signature_context;
+ EVP_DigestInit_ex(ctx, EVP_sha256(), nullptr);
+ EVP_DigestUpdate(ctx, file_data, data_size);
sha256 = new uint8_t[SHA256_HASH_SIZE];
- SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
+ unsigned int out_len = 0;
+ EVP_DigestFinal_ex(ctx, sha256, &out_len);
file_state.sig_state = FILE_SIG_DONE;
FILE_DEBUG(file_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL, GET_CURRENT_PACKET,
"position is full file\n");
break;
+ }
default:
break;
#include "hashes.h"
-#include <openssl/md5.h>
-#include <openssl/sha.h>
+#include <openssl/evp.h>
namespace snort
{
void sha256(const unsigned char* data, size_t size, unsigned char* digest)
{
- SHA256_CTX c;
- SHA256_Init(&c);
- SHA256_Update(&c, data, size);
- SHA256_Final(digest, &c);
+ EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+
+ if (!ctx)
+ return;
+
+ if (EVP_DigestInit_ex(ctx, EVP_sha256(), nullptr) == 1)
+ {
+ EVP_DigestUpdate(ctx, data, size);
+ unsigned int out_len = 0;
+ EVP_DigestFinal_ex(ctx, digest, &out_len);
+ }
+ EVP_MD_CTX_free(ctx);
}
void sha512(const unsigned char* data, size_t size, unsigned char* digest)
{
- SHA512_CTX c;
- SHA512_Init(&c);
- SHA512_Update(&c, data, size);
- SHA512_Final(digest, &c);
+ EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+
+ if (!ctx)
+ return;
+
+ if (EVP_DigestInit_ex(ctx, EVP_sha512(), nullptr) == 1)
+ {
+ EVP_DigestUpdate(ctx, data, size);
+ unsigned int out_len = 0;
+ EVP_DigestFinal_ex(ctx, digest, &out_len);
+ }
+ EVP_MD_CTX_free(ctx);
}
void md5(const unsigned char* data, size_t size, unsigned char* digest)
{
- MD5_CTX c;
- MD5_Init(&c);
- MD5_Update(&c, data, size);
- MD5_Final(digest, &c);
+ EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+ if (!ctx)
+ return;
+
+ if (EVP_DigestInit_ex(ctx, EVP_md5(), nullptr) == 1)
+ {
+ EVP_DigestUpdate(ctx, data, size);
+ unsigned int out_len = 0;
+ EVP_DigestFinal_ex(ctx, digest, &out_len);
+ }
+ EVP_MD_CTX_free(ctx);
}
}
#define FAST_BUF (4*K_BYTES)
static THREAD_LOCAL TextLog* fast_log = nullptr;
-static once_flag init_flag;
+static std::once_flag init_flag;
#define S_NAME "alert_fast"
#define F_NAME S_NAME ".txt"
const BufferIds& FastLogger::get_buffer_ids(Inspector* gadget, Packet* p)
{
// lazy init required because loggers don't have a configure (yet)
- call_once(init_flag, set_buffer_ids, gadget);
+ std::call_once(init_flag, set_buffer_ids, gadget);
InspectionBuffer buf;
const std::vector<unsigned>& idv =
#include "helpers/base64_encoder.h"
#include "log/log_text.h"
#include "log/text_log.h"
+#include "network_inspectors/appid/appid_api.h"
#include "packet_io/active.h"
#include "packet_io/sfdaq.h"
#include "protocols/cisco_meta_data.h"
return true;
}
+static bool ff_app_id(const Args& a)
+{
+ if ( a.pkt->flow )
+ {
+ const char* app_name = appid_api.get_application_name(*a.pkt->flow, a.pkt->is_from_client());
+
+ if ( app_name )
+ {
+ print_label(a, "app_id");
+ TextLog_Quote(json_log, app_name);
+ return true;
+ }
+ }
+ return false;
+}
+
static bool ff_class(const Args& a)
{
const char* cls = a.event.get_class_type();
static const JsonFunc json_func[] =
{
- ff_action, ff_class, ff_b64_data, ff_client_bytes, ff_client_pkts, ff_dir,
+ ff_action, ff_app_id,ff_class, ff_b64_data, ff_client_bytes, ff_client_pkts, ff_dir,
ff_dst_addr, ff_dst_ap, ff_dst_port, ff_eth_dst, ff_eth_len, ff_eth_src,
ff_eth_type, ff_flowstart_time, ff_geneve_vni, ff_gid, ff_icmp_code, ff_icmp_id, ff_icmp_seq,
ff_icmp_type, ff_iface, ff_ip_id, ff_ip_len, ff_msg, ff_mpls, ff_pkt_gen, ff_pkt_len,
};
#define json_range \
- "action | class | b64_data | client_bytes | client_pkts | dir | " \
+ "action | app_id | class | b64_data | client_bytes | client_pkts | dir | " \
"dst_addr | dst_ap | dst_port | eth_dst | eth_len | eth_src | " \
"eth_type | flowstart_time | geneve_vni | gid | icmp_code | icmp_id | icmp_seq | " \
"icmp_type | iface | ip_id | ip_len | msg | mpls | pkt_gen | pkt_len | " \
projects / thirdparty / snort3.git / commitdiff
