#include "flow-private.h"
#include "util-validate.h"
+#ifdef HAVE_NSS
+#include <sechash.h>
+#endif
+
SCEnumCharMap tls_decoder_event_table[ ] = {
/* TLS protocol messages */
{ "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
#include "app-layer-htp.h"
-#ifdef HAVE_NSS
-
/**
* \brief Read the bytes of a hash from an hexadecimal string
*
SCFree(filehash);
}
}
-
-#endif /* HAVE_NSS */
#include "detect-filemd5.h"
-#ifndef HAVE_NSS
-
-static int DetectFileMd5SetupNoSupport (DetectEngineCtx *a, Signature *b, const char *c)
-{
- SCLogError(SC_ERR_NO_MD5_SUPPORT, "no MD5 calculation support built in, needed for filemd5 keyword");
- return -1;
-}
-
-/**
- * \brief Registration function for keyword: filemd5
- */
-void DetectFileMd5Register(void)
-{
- sigmatch_table[DETECT_FILEMD5].name = "filemd5";
- sigmatch_table[DETECT_FILEMD5].Setup = DetectFileMd5SetupNoSupport;
- sigmatch_table[DETECT_FILEMD5].flags = SIGMATCH_NOT_BUILT;
-
- SCLogDebug("registering filemd5 rule option");
- return;
-}
-
-#else /* HAVE_NSS */
-
static int g_file_match_list_id = 0;
static int DetectFileMd5Setup (DetectEngineCtx *, Signature *, const char *);
UtRegisterTest("MD5MatchTest01", MD5MatchTest01);
}
#endif
-
-#endif /* HAVE_NSS */
-
#include "detect-filesha1.h"
-#ifndef HAVE_NSS
-
-static int DetectFileSha1SetupNoSupport (DetectEngineCtx *a, Signature *b, const char *c)
-{
- SCLogError(SC_ERR_NO_SHA1_SUPPORT, "no SHA-1 calculation support built in, needed for filesha1 keyword");
- return -1;
-}
-
-/**
- * \brief Registration function for keyword: filesha1
- */
-void DetectFileSha1Register(void)
-{
- sigmatch_table[DETECT_FILESHA1].name = "filesha1";
- sigmatch_table[DETECT_FILESHA1].Setup = DetectFileSha1SetupNoSupport;
- sigmatch_table[DETECT_FILESHA1].flags = SIGMATCH_NOT_BUILT;
-
- SCLogDebug("registering filesha1 rule option");
- return;
-}
-
-#else /* HAVE_NSS */
-
static int DetectFileSha1Setup (DetectEngineCtx *, Signature *, const char *);
#ifdef UNITTESTS
static void DetectFileSha1RegisterTests(void);
UtRegisterTest("SHA1MatchTest01", SHA1MatchTest01);
}
#endif
-#endif /* HAVE_NSS */
#include "detect-filesha256.h"
-#ifndef HAVE_NSS
-
-static int DetectFileSha256SetupNoSupport (DetectEngineCtx *a, Signature *b, const char *c)
-{
- SCLogError(SC_ERR_NO_SHA256_SUPPORT, "no SHA-256 calculation support built in, needed for filesha256 keyword");
- return -1;
-}
-
-/**
- * \brief Registration function for keyword: filesha256
- */
-void DetectFileSha256Register(void)
-{
- sigmatch_table[DETECT_FILESHA256].name = "filesha256";
- sigmatch_table[DETECT_FILESHA256].Setup = DetectFileSha256SetupNoSupport;
- sigmatch_table[DETECT_FILESHA256].flags = SIGMATCH_NOT_BUILT;
-
- SCLogDebug("registering filesha256 rule option");
- return;
-}
-
-#else /* HAVE_NSS */
-
static int DetectFileSha256Setup (DetectEngineCtx *, Signature *, const char *);
#ifdef UNITTESTS
static void DetectFileSha256RegisterTests(void);
UtRegisterTest("SHA256MatchTest01", SHA256MatchTest01);
}
#endif
-#endif /* HAVE_NSS */
#include "util-unittest.h"
#include "util-print.h"
+#ifdef HAVE_NSS
+#include <sechash.h>
+#endif
+
static int DetectTransformToMd5Setup (DetectEngineCtx *, Signature *, const char *);
#ifdef HAVE_NSS
#ifdef UNITTESTS
#include "util-unittest.h"
#include "util-print.h"
+#ifdef HAVE_NSS
+#include <sechash.h>
+#endif
+
static int DetectTransformToSha1Setup (DetectEngineCtx *, Signature *, const char *);
#ifdef HAVE_NSS
#ifdef UNITTESTS
#include "util-unittest.h"
#include "util-print.h"
+#ifdef HAVE_NSS
+#include <sechash.h>
+#endif
+
static int DetectTransformToSha256Setup (DetectEngineCtx *, Signature *, const char *);
#ifdef HAVE_NSS
#ifdef UNITTESTS
#include "util-print.h"
#include "util-misc.h"
-#ifdef HAVE_NSS
-
#define MODULE_NAME "OutputFilestore"
/* Create a filestore specific PATH_MAX that is less than the system
* PATH_MAX to prevent newer gcc truncation warnings with snprint. */
-#define SHA256_STRING_LEN (SHA256_LENGTH * 2)
+#define SHA256_STRING_LEN (SC_SHA256_LEN * 2)
#define LEAF_DIR_MAX_LEN 4
#define FILESTORE_PREFIX_MAX (PATH_MAX - SHA256_STRING_LEN - LEAF_DIR_MAX_LEN)
const Packet *p, File *ff, uint8_t dir) {
/* Stringify the SHA256 which will be used in the final
* filename. */
- char sha256string[(SHA256_LENGTH * 2) + 1];
+ char sha256string[(SC_SHA256_LEN * 2) + 1];
PrintHexString(sha256string, sizeof(sha256string), ff->sha256,
sizeof(ff->sha256));
SCReturnCT(result, "OutputInitResult");
}
-#endif /* HAVE_NSS */
-
void OutputFilestoreRegister(void)
{
-#ifdef HAVE_NSS
OutputRegisterFiledataModule(LOGGER_FILE_STORE, MODULE_NAME, "file-store",
OutputFilestoreLogInitCtx, OutputFilestoreLogger,
OutputFilestoreLogThreadInit, OutputFilestoreLogThreadDeinit,
SC_ATOMIC_INIT(filestore_open_file_cnt);
SC_ATOMIC_SET(filestore_open_file_cnt, 0);
-#endif
}
switch (ff->state) {
case FILE_STATE_CLOSED:
JB_SET_STRING(jb, "state", "CLOSED");
-#ifdef HAVE_NSS
if (ff->flags & FILE_MD5) {
size_t x;
int i;
}
jb_set_string(jb, "sha1", str);
}
-#endif
break;
case FILE_STATE_TRUNCATED:
JB_SET_STRING(jb, "state", "TRUNCATED");
break;
}
-#ifdef HAVE_NSS
if (ff->flags & FILE_SHA256) {
size_t x;
int i;
}
jb_set_string(jb, "sha256", str);
}
-#endif
if (stored) {
JB_SET_TRUE(jb, "stored");
#ifndef MIME_DECODE_H_
#define MIME_DECODE_H_
+#ifdef HAVE_NSS
+#include <sechash.h>
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
/* prototypes */
static void FileFree(File *);
-#ifdef HAVE_NSS
static void FileEndSha256(File *ff);
-#endif
void FileForceFilestoreEnable(void)
{
"found. Please use 'force-hash: [md5]' instead");
if (ConfValIsTrue(force_md5)) {
-#ifdef HAVE_NSS
FileForceMd5Enable();
SCLogInfo("forcing md5 calculation for logged files");
-#else
- SCLogInfo("md5 calculation requires linking against libnss");
-#endif
}
}
TAILQ_FOREACH(field, &forcehash_node->head, next) {
if (strcasecmp("md5", field->val) == 0) {
-#ifdef HAVE_NSS
FileForceMd5Enable();
SCLogConfig("forcing md5 calculation for logged or stored files");
-#else
- SCLogInfo("md5 calculation requires linking against libnss");
-#endif
}
if (strcasecmp("sha1", field->val) == 0) {
-#ifdef HAVE_NSS
FileForceSha1Enable();
SCLogConfig("forcing sha1 calculation for logged or stored files");
-#else
- SCLogInfo("sha1 calculation requires linking against libnss");
-#endif
}
if (strcasecmp("sha256", field->val) == 0) {
-#ifdef HAVE_NSS
FileForceSha256Enable();
SCLogConfig("forcing sha256 calculation for logged or stored files");
-#else
- SCLogInfo("sha256 calculation requires linking against libnss");
-#endif
}
}
}
StreamingBufferFree(ff->sb);
}
-#ifdef HAVE_NSS
if (ff->md5_ctx)
SCMd5Free(ff->md5_ctx);
if (ff->sha1_ctx)
SCSha1Free(ff->sha1_ctx);
if (ff->sha256_ctx)
SCSha256Free(ff->sha256_ctx);
-#endif
SCFree(ff);
}
SCReturnInt(-1);
}
-#ifdef HAVE_NSS
if (file->md5_ctx) {
SCMd5Update(file->md5_ctx, data, data_len);
}
if (file->sha256_ctx) {
SCSha256Update(file->sha256_ctx, data, data_len);
}
-#endif
SCReturnInt(0);
}
if ((ff->flags & FILE_USE_DETECT) == 0 &&
FileStoreNoStoreCheck(ff) == 1) {
-#ifdef HAVE_NSS
int hash_done = 0;
/* no storage but forced hashing */
if (ff->md5_ctx) {
if (hash_done)
SCReturnInt(0);
-#endif
+
if (g_file_force_tracking || (!(ff->flags & FILE_NOTRACK)))
SCReturnInt(0);
ff->flags |= FILE_USE_DETECT;
}
-#ifdef HAVE_NSS
if (!(ff->flags & FILE_NOMD5) || g_file_force_md5) {
ff->md5_ctx = SCMd5New();
}
if (!(ff->flags & FILE_NOSHA256) || g_file_force_sha256) {
ff->sha256_ctx = SCSha256New();
}
-#endif
ff->state = FILE_STATE_OPENED;
SCLogDebug("flowfile state transitioned to FILE_STATE_OPENED");
if (data != NULL) {
ff->size += data_len;
if (ff->flags & FILE_NOSTORE) {
-#ifdef HAVE_NSS
/* no storage but hashing */
if (ff->md5_ctx)
SCMd5Update(ff->md5_ctx, data, data_len);
SCSha1Update(ff->sha1_ctx, data, data_len);
if (ff->sha256_ctx)
SCSha256Update(ff->sha256_ctx, data, data_len);
-#endif
} else {
if (AppendData(ff, data, data_len) != 0) {
ff->state = FILE_STATE_ERROR;
SCLogDebug("not storing this file");
ff->flags |= FILE_NOSTORE;
} else {
-#ifdef HAVE_NSS
if (g_file_force_sha256 && ff->sha256_ctx) {
FileEndSha256(ff);
}
-#endif
}
} else {
ff->state = FILE_STATE_CLOSED;
SCLogDebug("flowfile state transitioned to FILE_STATE_CLOSED");
-#ifdef HAVE_NSS
if (ff->md5_ctx) {
SCMd5Finalize(ff->md5_ctx, ff->md5, sizeof(ff->md5));
ff->md5_ctx = NULL;
if (ff->sha256_ctx) {
FileEndSha256(ff);
}
-#endif
}
SCReturnInt(0);
if (set_file_flags & (FLOWFILE_NO_MAGIC_TS|FLOWFILE_NO_MAGIC_TC))
per_file_flags |= FILE_NOMAGIC;
#endif
-#ifdef HAVE_NSS
if (set_file_flags & (FLOWFILE_NO_MD5_TS|FLOWFILE_NO_MD5_TC))
per_file_flags |= FILE_NOMD5;
if (set_file_flags & (FLOWFILE_NO_SHA1_TS|FLOWFILE_NO_SHA1_TC))
per_file_flags |= FILE_NOSHA1;
if (set_file_flags & (FLOWFILE_NO_SHA256_TS|FLOWFILE_NO_SHA256_TC))
per_file_flags |= FILE_NOSHA256;
-#endif
if (set_file_flags & (FLOWFILE_NO_SIZE_TS|FLOWFILE_NO_SIZE_TC))
per_file_flags |= FILE_NOTRACK;
if (set_file_flags & (FLOWFILE_NO_STORE_TS|FLOWFILE_NO_STORE_TC))
for (File *ptr = ffc->head; ptr != NULL; ptr = ptr->next) {
ptr->flags |= per_file_flags;
-#ifdef HAVE_NSS
/* destroy any ctx we may have so far */
if ((per_file_flags & FILE_NOSHA256) &&
ptr->sha256_ctx != NULL)
SCMd5Free(ptr->md5_ctx);
ptr->md5_ctx = NULL;
}
-#endif
}
}
}
/**
* \brief Finish the SHA256 calculation.
*/
-#ifdef HAVE_NSS
static void FileEndSha256(File *ff)
{
if (!(ff->flags & FILE_SHA256) && ff->sha256_ctx) {
ff->flags |= FILE_SHA256;
}
}
-#endif
#ifndef __UTIL_FILE_H__
#define __UTIL_FILE_H__
-#ifdef HAVE_NSS
-#include <sechash.h>
-#endif
-
#include "conf.h"
#include "util-streaming-buffer.h"
char *magic;
#endif
struct File_ *next;
-#ifdef HAVE_NSS
SCMd5 *md5_ctx;
uint8_t md5[SC_MD5_LEN];
SCSha1 *sha1_ctx;
uint8_t sha1[SC_SHA1_LEN];
SCSha256 *sha256_ctx;
uint8_t sha256[SC_SHA256_LEN];
-#endif
uint64_t content_inspected; /**< used in pruning if FILE_USE_DETECT
* flag is set */
uint64_t content_stored;
#include "util-validate.h"
#include "util-ja3.h"
+#ifdef HAVE_NSS
+#include <sechash.h>
+#endif
+
#define MD5_STRING_LENGTH 33
/**
projects / thirdparty / suricata.git / commitdiff
