filestore: use Rust bindings for sha256/sha1/md5

diff --git a/src/util-file.c b/src/util-file.c
index ce7958dd37137caf80324881f4d17eae1b942e5e..fa3e40a0824bd39fe00e383d9495cec4fc9add99 100644 (file)
--- a/src/util-file.c
+++ b/src/util-file.c
@@ -36,6 +36,7 @@
 #include "util-print.h"
 #include "app-layer-parser.h"
 #include "util-validate.h"
+#include "rust.h"
 
 extern int g_detect_disabled;
 
@@ -527,11 +528,11 @@ static void FileFree(File *ff)
 
 #ifdef HAVE_NSS
     if (ff->md5_ctx)
-        HASH_Destroy(ff->md5_ctx);
+        SCMd5Free(ff->md5_ctx);
     if (ff->sha1_ctx)
-        HASH_Destroy(ff->sha1_ctx);
+        SCSha1Free(ff->sha1_ctx);
     if (ff->sha256_ctx)
-        HASH_Destroy(ff->sha256_ctx);
+        SCSha256Free(ff->sha256_ctx);
 #endif
     SCFree(ff);
 }
@@ -613,13 +614,13 @@ static int AppendData(File *file, const uint8_t *data, uint32_t data_len)
 
 #ifdef HAVE_NSS
     if (file->md5_ctx) {
-        HASH_Update(file->md5_ctx, data, data_len);
+        SCMd5Update(file->md5_ctx, data, data_len);
     }
     if (file->sha1_ctx) {
-        HASH_Update(file->sha1_ctx, data, data_len);
+        SCSha1Update(file->sha1_ctx, data, data_len);
     }
     if (file->sha256_ctx) {
-        HASH_Update(file->sha256_ctx, data, data_len);
+        SCSha256Update(file->sha256_ctx, data, data_len);
     }
 #endif
     SCReturnInt(0);
@@ -673,15 +674,15 @@ static int FileAppendDataDo(File *ff, const uint8_t *data, uint32_t data_len)
         int hash_done = 0;
         /* no storage but forced hashing */
         if (ff->md5_ctx) {
-            HASH_Update(ff->md5_ctx, data, data_len);
+            SCMd5Update(ff->md5_ctx, data, data_len);
             hash_done = 1;
         }
         if (ff->sha1_ctx) {
-            HASH_Update(ff->sha1_ctx, data, data_len);
+            SCSha1Update(ff->sha1_ctx, data, data_len);
             hash_done = 1;
         }
         if (ff->sha256_ctx) {
-            HASH_Update(ff->sha256_ctx, data, data_len);
+            SCSha256Update(ff->sha256_ctx, data, data_len);
             hash_done = 1;
         }
 
@@ -887,22 +888,13 @@ static File *FileOpenFile(FileContainer *ffc, const StreamingBufferConfig *sbcfg
 
 #ifdef HAVE_NSS
     if (!(ff->flags & FILE_NOMD5) || g_file_force_md5) {
-        ff->md5_ctx = HASH_Create(HASH_AlgMD5);
-        if (ff->md5_ctx != NULL) {
-            HASH_Begin(ff->md5_ctx);
-        }
+        ff->md5_ctx = SCMd5New();
     }
     if (!(ff->flags & FILE_NOSHA1) || g_file_force_sha1) {
-        ff->sha1_ctx = HASH_Create(HASH_AlgSHA1);
-        if (ff->sha1_ctx != NULL) {
-            HASH_Begin(ff->sha1_ctx);
-        }
+        ff->sha1_ctx = SCSha1New();
     }
     if (!(ff->flags & FILE_NOSHA256) || g_file_force_sha256) {
-        ff->sha256_ctx = HASH_Create(HASH_AlgSHA256);
-        if (ff->sha256_ctx != NULL) {
-            HASH_Begin(ff->sha256_ctx);
-        }
+        ff->sha256_ctx = SCSha256New();
     }
 #endif
 
@@ -961,11 +953,11 @@ int FileCloseFilePtr(File *ff, const uint8_t *data,
 #ifdef HAVE_NSS
             /* no storage but hashing */
             if (ff->md5_ctx)
-                HASH_Update(ff->md5_ctx, data, data_len);
+                SCMd5Update(ff->md5_ctx, data, data_len);
             if (ff->sha1_ctx)
-                HASH_Update(ff->sha1_ctx, data, data_len);
+                SCSha1Update(ff->sha1_ctx, data, data_len);
             if (ff->sha256_ctx)
-                HASH_Update(ff->sha256_ctx, data, data_len);
+                SCSha256Update(ff->sha256_ctx, data, data_len);
 #endif
         } else {
             if (AppendData(ff, data, data_len) != 0) {
@@ -995,13 +987,13 @@ int FileCloseFilePtr(File *ff, const uint8_t *data,
 
 #ifdef HAVE_NSS
         if (ff->md5_ctx) {
-            unsigned int len = 0;
-            HASH_End(ff->md5_ctx, ff->md5, &len, sizeof(ff->md5));
+            SCMd5Finalize(ff->md5_ctx, ff->md5, sizeof(ff->md5));
+            ff->md5_ctx = NULL;
             ff->flags |= FILE_MD5;
         }
         if (ff->sha1_ctx) {
-            unsigned int len = 0;
-            HASH_End(ff->sha1_ctx, ff->sha1, &len, sizeof(ff->sha1));
+            SCSha1Finalize(ff->sha1_ctx, ff->sha1, sizeof(ff->sha1));
+            ff->sha1_ctx = NULL;
             ff->flags |= FILE_SHA1;
         }
         if (ff->sha256_ctx) {
@@ -1111,19 +1103,19 @@ void FileUpdateFlowFileFlags(Flow *f, uint16_t set_file_flags, uint8_t direction
                 if ((per_file_flags & FILE_NOSHA256) &&
                         ptr->sha256_ctx != NULL)
                 {
-                    HASH_Destroy(ptr->sha256_ctx);
+                    SCSha256Free(ptr->sha256_ctx);
                     ptr->sha256_ctx = NULL;
                 }
                 if ((per_file_flags & FILE_NOSHA1) &&
                     ptr->sha1_ctx != NULL)
                 {
-                    HASH_Destroy(ptr->sha1_ctx);
+                    SCSha1Free(ptr->sha1_ctx);
                     ptr->sha1_ctx = NULL;
                 }
                 if ((per_file_flags & FILE_NOMD5) &&
                         ptr->md5_ctx != NULL)
                 {
-                    HASH_Destroy(ptr->md5_ctx);
+                    SCMd5Free(ptr->md5_ctx);
                     ptr->md5_ctx = NULL;
                 }
 #endif
@@ -1262,8 +1254,8 @@ void FileTruncateAllOpenFiles(FileContainer *fc)
 static void FileEndSha256(File *ff)
 {
     if (!(ff->flags & FILE_SHA256) && ff->sha256_ctx) {
-        unsigned int len = 0;
-        HASH_End(ff->sha256_ctx, ff->sha256, &len, sizeof(ff->sha256));
+        SCSha256Finalize(ff->sha256_ctx, ff->sha256, sizeof(ff->sha256));
+        ff->sha256_ctx = NULL;
         ff->flags |= FILE_SHA256;
     }
 }

diff --git a/src/util-file.h b/src/util-file.h
index a4e3c6a10ee9b4550c20aefe2ad082ad7bf991ac..f084f71461af0a266b42c49d761e93f2c61e41d7 100644 (file)
--- a/src/util-file.h
+++ b/src/util-file.h
@@ -33,6 +33,19 @@
 
 #include "util-streaming-buffer.h"
 
+/* Hack: Pulling rust.h to get the SCSha256 causes all sorts of problems with
+ *   header include orders, which is something we'll have to resolve as we provide
+ *   more functionality via Rust. But this lets me continue with replacing nss
+ *   without fighting the headers at this time. */
+typedef struct SCSha256 SCSha256;
+#define SC_SHA256_LEN 32
+
+typedef struct SCSha1 SCSha1;
+#define SC_SHA1_LEN 20
+
+typedef struct SCMd5 SCMd5;
+#define SC_MD5_LEN 16
+
 #define FILE_TRUNCATED  BIT_U16(0)
 #define FILE_NOMAGIC    BIT_U16(1)
 #define FILE_NOMD5      BIT_U16(2)
@@ -76,12 +89,12 @@ typedef struct File_ {
 #endif
     struct File_ *next;
 #ifdef HAVE_NSS
-    HASHContext *md5_ctx;
-    uint8_t md5[MD5_LENGTH];
-    HASHContext *sha1_ctx;
-    uint8_t sha1[SHA1_LENGTH];
-    HASHContext *sha256_ctx;
-    uint8_t sha256[SHA256_LENGTH];
+    SCMd5 *md5_ctx;
+    uint8_t md5[SC_MD5_LEN];
+    SCSha1 *sha1_ctx;
+    uint8_t sha1[SC_SHA1_LEN];
+    SCSha256 *sha256_ctx;
+    uint8_t sha256[SC_SHA256_LEN];
 #endif
     uint64_t content_inspected;     /**< used in pruning if FILE_USE_DETECT
                                      *   flag is set */