transform-sha1: use Rust sha1 bindings

Removes dependence on NSS.

diff --git a/src/detect-transform-sha1.c b/src/detect-transform-sha1.c
index 8de1cb3896b8a7f5c221ed982ad9aa62af451ab2..3f6e85ca568885f096d1b38c14a88d16903b2651 100644 (file)
--- a/src/detect-transform-sha1.c
+++ b/src/detect-transform-sha1.c
@@ -34,17 +34,13 @@
 #include "util-unittest.h"
 #include "util-print.h"
 
-#ifdef HAVE_NSS
-#include <sechash.h>
-#endif
+#include "rust.h"
 
 static int DetectTransformToSha1Setup (DetectEngineCtx *, Signature *, const char *);
-#ifdef HAVE_NSS
 #ifdef UNITTESTS
 static void DetectTransformToSha1RegisterTests(void);
 #endif
 static void TransformToSha1(InspectionBuffer *buffer, void *options);
-#endif
 
 void DetectTransformSha1Register(void)
 {
@@ -55,25 +51,15 @@ void DetectTransformSha1Register(void)
         "/rules/transforms.html#to-sha1";
     sigmatch_table[DETECT_TRANSFORM_SHA1].Setup =
         DetectTransformToSha1Setup;
-#ifdef HAVE_NSS
     sigmatch_table[DETECT_TRANSFORM_SHA1].Transform =
         TransformToSha1;
 #ifdef UNITTESTS
     sigmatch_table[DETECT_TRANSFORM_SHA1].RegisterTests =
         DetectTransformToSha1RegisterTests;
-#endif
 #endif
     sigmatch_table[DETECT_TRANSFORM_SHA1].flags |= SIGMATCH_NOOPT;
 }
 
-#ifndef HAVE_NSS
-static int DetectTransformToSha1Setup (DetectEngineCtx *de_ctx, Signature *s, const char *nullstr)
-{
-    SCLogError(SC_ERR_NO_SHA1_SUPPORT, "no SHA-1 calculation support built in, "
-            "needed for to_sha1 keyword");
-    return -1;
-}
-#else
 /**
  *  \internal
  *  \brief Apply the nocase keyword to the last pattern match, either content or uricontent
@@ -86,6 +72,11 @@ static int DetectTransformToSha1Setup (DetectEngineCtx *de_ctx, Signature *s, co
 static int DetectTransformToSha1Setup (DetectEngineCtx *de_ctx, Signature *s, const char *nullstr)
 {
     SCEnter();
+    if (g_disable_hashing) {
+        SCLogError(SC_ERR_HASHING_DISABLED, "SHA1 hashing has been disabled, "
+                                            "needed for to_sha1 keyword");
+        SCReturnInt(-1);
+    }
     int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_SHA1, NULL);
     SCReturnInt(r);
 }
@@ -94,20 +85,11 @@ static void TransformToSha1(InspectionBuffer *buffer, void *options)
 {
     const uint8_t *input = buffer->inspect;
     const uint32_t input_len = buffer->inspect_len;
-    uint8_t output[SHA1_LENGTH];
+    uint8_t output[SC_SHA1_LEN];
 
     //PrintRawDataFp(stdout, input, input_len);
-
-    HASHContext *sha1_ctx = HASH_Create(HASH_AlgSHA1);
-    if (sha1_ctx) {
-        HASH_Begin(sha1_ctx);
-        HASH_Update(sha1_ctx, input, input_len);
-        unsigned int len = 0;
-        HASH_End(sha1_ctx, output, &len, sizeof(output));
-        HASH_Destroy(sha1_ctx);
-
-        InspectionBufferCopy(buffer, output, sizeof(output));
-    }
+    SCSha1HashBuffer(input, input_len, output, sizeof(output));
+    InspectionBufferCopy(buffer, output, sizeof(output));
 }
 
 #ifdef UNITTESTS
@@ -132,4 +114,3 @@ static void DetectTransformToSha1RegisterTests(void)
             DetectTransformToSha1Test01);
 }
 #endif
-#endif
\ No newline at end of file

diff --git a/src/rust.h b/src/rust.h
index 394dc22ee5bdb844b9534b0594dfcd517d6e4dd8..c4c52d4e220a095106c1b1202e13ae935ae983c8 100644 (file)
--- a/src/rust.h
+++ b/src/rust.h
@@ -23,7 +23,8 @@
 
 /* Some manual exports from Rust as we are not yet exporting constants with
  * cbindgen. */
-#define SC_MD5_LEN 16
+#define SC_MD5_LEN  16
+#define SC_SHA1_LEN 20
 
 #define JB_SET_STRING(jb, key, val) jb_set_formatted((jb), "\"" key "\":\"" val "\"")
 #define JB_SET_TRUE(jb, key) jb_set_formatted((jb), "\"" key "\":true")