file extract: force sha256 even if truncated

Even if a file is truncated, force the SHA256 if force sha256
is set to yes.

The new file store requires the sha256 regardless of the file
state if it is to be logged, as the filename is based on the
sha256.

diff --git a/src/util-file.c b/src/util-file.c
index 56d9bd7a3202e6c1d17ff09b3b90513b64a933ce..9797e824b85b215615edcfd9226cade2e97e69f8 100644 (file)
--- a/src/util-file.c
+++ b/src/util-file.c
@@ -79,6 +79,9 @@ static uint32_t g_file_store_reassembly_depth = 0;
 
 /* prototypes */
 static void FileFree(File *);
+#ifdef HAVE_NSS
+static void FileEndSha256(File *ff);
+#endif
 
 void FileForceFilestoreEnable(void)
 {
@@ -879,6 +882,12 @@ static int FileCloseFilePtr(File *ff, const uint8_t *data,
         if (flags & FILE_NOSTORE) {
             SCLogDebug("not storing this file");
             ff->flags |= FILE_NOSTORE;
+        } else {
+#ifdef HAVE_NSS
+            if (g_file_force_sha256 && ff->sha256_ctx) {
+                FileEndSha256(ff);
+            }
+#endif
         }
     } else {
         ff->state = FILE_STATE_CLOSED;
@@ -896,9 +905,7 @@ static int FileCloseFilePtr(File *ff, const uint8_t *data,
             ff->flags |= FILE_SHA1;
         }
         if (ff->sha256_ctx) {
-            unsigned int len = 0;
-            HASH_End(ff->sha256_ctx, ff->sha256, &len, sizeof(ff->sha256));
-            ff->flags |= FILE_SHA256;
+            FileEndSha256(ff);
         }
 #endif
     }
@@ -1285,3 +1292,17 @@ void FileTruncateAllOpenFiles(FileContainer *fc)
         }
     }
 }
+
+/**
+ * \brief Finish the SHA256 calculation.
+ */
+#ifdef HAVE_NSS
+static void FileEndSha256(File *ff)
+{
+    if (!(ff->flags & FILE_SHA256) && ff->sha256_ctx) {
+        unsigned int len = 0;
+        HASH_End(ff->sha256_ctx, ff->sha256, &len, sizeof(ff->sha256));
+        ff->flags |= FILE_SHA256;
+    }
+}
+#endif