From: Michael Matirko (mmatirko) <mmatirko@cisco.com>
Date: Wed, 10 Dec 2025 20:20:52 +0000 (+0000)
Subject: Pull request #5024: Opensource PRs
X-Git-Tag: 3.10.1.0~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11f1158eb0a90220cf5bd36850f7066aa8cc27fe;p=thirdparty%2Fsnort3.git

Pull request #5024: Opensource PRs

Merge in SNORT/snort3 from ~MMATIRKO/snort3:opensource_PRs-12-2-25 to master

Squashed commit of the following:

commit dc343859ef082303a8dcb44574cf0f59d382b827
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Thu Dec 4 09:50:26 2025 -0500

    file: use new EVP functions rather than deprecated SHA functions

commit eb29d47a8d58aa9d5891cb3cd8be7716a7694329
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Dec 2 11:01:03 2025 -0500

    alert_fast: ensure call_once definition doesn't collide in std vs glibc, thanks to krag on GitHub for suggesting this fix

commit b94f8da944edab611bdd5ac0613ea5c584a75e9e
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Dec 2 10:54:03 2025 -0500

    cmake: fix pkg-config path for libdir, thanks to brianmcgillion on GitHub for submitting a similar fix

commit a96ce2c7dc6dcfc4b207aa1fe71f9c31a4cdde42
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Dec 2 10:25:06 2025 -0500

    alert_json: add support for logging appid, thanks to ssam18 on GitHub for suggesting this change

commit 2e45e88d7d31c7fd55a9ce2f246e3b7983ffe714
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Tue Dec 2 10:20:18 2025 -0500

    hash: update hashes to use new EVP functions, thanks to
    Bl4omArchie on GitHub for suggesting a similar change
---

diff --git a/cmake/create_pkg_config.cmake b/cmake/create_pkg_config.cmake
index 300350cbd..98a617064 100644
--- a/cmake/create_pkg_config.cmake
+++ b/cmake/create_pkg_config.cmake
@@ -5,7 +5,7 @@
 set(prefix "${CMAKE_INSTALL_PREFIX}")
 set(exec_prefix "\${prefix}")
 set(bindir "\${exec_prefix}/bin")
-set(libdir "\${prefix}/${CMAKE_INSTALL_LIBDIR}")
+set(libdir "${CMAKE_INSTALL_FULL_LIBDIR}")
 set(includedir "\${prefix}/include")
 set(datarootdir "\${prefix}/share")
 set(datadir "\${datarootdir}")
diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 289566a96..2c701da80 100644
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -29,7 +29,7 @@
 
 #include "file_lib.h"
 
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #include <iostream>
 #include <iomanip>
@@ -512,7 +512,7 @@ FileContext::FileContext ()
 FileContext::~FileContext ()
 {
     if (file_signature_context)
-        snort_free(file_signature_context);
+        EVP_MD_CTX_free((EVP_MD_CTX*)file_signature_context);
 
     if (file_capture)
         stop_file_capture();
@@ -932,64 +932,85 @@ void FileContext::process_file_signature_sha256(const uint8_t* file_data, int da
     switch (position)
     {
     case SNORT_FILE_START:
+    {
         if (!file_signature_context)
-            file_signature_context = snort_calloc(sizeof(SHA256_CTX));
-        SHA256_Init((SHA256_CTX*)file_signature_context);
-        SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
+            file_signature_context = EVP_MD_CTX_new();
+
+        EVP_MD_CTX* ctx = (EVP_MD_CTX*)file_signature_context;
+        EVP_DigestInit_ex(ctx, EVP_sha256(), nullptr);
+        EVP_DigestUpdate(ctx, file_data, data_size);
         FILE_DEBUG(file_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL, GET_CURRENT_PACKET,
             "position is start of file\n");
         if (file_state.sig_state == FILE_SIG_FLUSH)
         {
-            static uint8_t file_signature_context_backup[sizeof(SHA256_CTX)];
-            sha256 = (uint8_t*)snort_alloc(SHA256_HASH_SIZE);
-            memcpy(file_signature_context_backup, file_signature_context, sizeof(SHA256_CTX));
-
-            SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
-            memcpy(file_signature_context, file_signature_context_backup, sizeof(SHA256_CTX));
+            if (!sha256)
+                sha256 = (uint8_t*)snort_alloc(SHA256_HASH_SIZE);
+            EVP_MD_CTX* tmp = EVP_MD_CTX_new();
+            if (tmp && EVP_MD_CTX_copy_ex(tmp, ctx) == 1)
+            {
+                unsigned int out_len = 0;
+                EVP_DigestFinal_ex(tmp, sha256, &out_len);
+            }
+            if (tmp)
+                EVP_MD_CTX_free(tmp);
         }
         break;
+    }
 
     case SNORT_FILE_MIDDLE:
+    {
         if (!file_signature_context)
             return;
-        SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
+        EVP_MD_CTX* ctx = (EVP_MD_CTX*)file_signature_context;
+        EVP_DigestUpdate(ctx, file_data, data_size);
         FILE_DEBUG(file_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL, GET_CURRENT_PACKET,
             "position is middle of the file\n");
         if (file_state.sig_state == FILE_SIG_FLUSH)
         {
-            static uint8_t file_signature_context_backup[sizeof(SHA256_CTX)];
-            if ( !sha256 )
+            if (!sha256)
                 sha256 = (uint8_t*)snort_alloc(SHA256_HASH_SIZE);
-            memcpy(file_signature_context_backup, file_signature_context, sizeof(SHA256_CTX));
-
-            SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
-            memcpy(file_signature_context, file_signature_context_backup, sizeof(SHA256_CTX));
+            EVP_MD_CTX* tmp = EVP_MD_CTX_new();
+            if (tmp && EVP_MD_CTX_copy_ex(tmp, ctx) == 1)
+            {
+                unsigned int out_len = 0;
+                EVP_DigestFinal_ex(tmp, sha256, &out_len);
+            }
+            if (tmp)
+                EVP_MD_CTX_free(tmp);
         }
-
         break;
+    }
 
     case SNORT_FILE_END:
+    {
         if (!file_signature_context)
             return;
-        SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
+        EVP_MD_CTX* ctx = (EVP_MD_CTX*)file_signature_context;
+        EVP_DigestUpdate(ctx, file_data, data_size);
         sha256 = new uint8_t[SHA256_HASH_SIZE];
-        SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
+        unsigned int out_len = 0;
+        EVP_DigestFinal_ex(ctx, sha256, &out_len);
         file_state.sig_state = FILE_SIG_DONE;
         FILE_DEBUG(file_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL, GET_CURRENT_PACKET,
             "position is end of the file\n");
         break;
+    }
 
     case SNORT_FILE_FULL:
+    {
         if (!file_signature_context)
-            file_signature_context = snort_calloc(sizeof (SHA256_CTX));
-        SHA256_Init((SHA256_CTX*)file_signature_context);
-        SHA256_Update((SHA256_CTX*)file_signature_context, file_data, data_size);
+            file_signature_context = EVP_MD_CTX_new();
+        EVP_MD_CTX* ctx = (EVP_MD_CTX*)file_signature_context;
+        EVP_DigestInit_ex(ctx, EVP_sha256(), nullptr);
+        EVP_DigestUpdate(ctx, file_data, data_size);
         sha256 = new uint8_t[SHA256_HASH_SIZE];
-        SHA256_Final(sha256, (SHA256_CTX*)file_signature_context);
+        unsigned int out_len = 0;
+        EVP_DigestFinal_ex(ctx, sha256, &out_len);
         file_state.sig_state = FILE_SIG_DONE;
         FILE_DEBUG(file_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL, GET_CURRENT_PACKET,
             "position is full file\n");
         break;
+    }
 
     default:
         break;
diff --git a/src/hash/hashes.cc b/src/hash/hashes.cc
index c2785b313..f6c1501cf 100644
--- a/src/hash/hashes.cc
+++ b/src/hash/hashes.cc
@@ -23,33 +23,55 @@
 
 #include "hashes.h"
 
-#include <openssl/md5.h>
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 namespace snort
 {
 void sha256(const unsigned char* data, size_t size, unsigned char* digest)
 {
-    SHA256_CTX c;
-    SHA256_Init(&c);
-    SHA256_Update(&c, data, size);
-    SHA256_Final(digest, &c);
+    EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+
+    if (!ctx)
+        return;
+
+    if (EVP_DigestInit_ex(ctx, EVP_sha256(), nullptr) == 1)
+    {
+        EVP_DigestUpdate(ctx, data, size);
+        unsigned int out_len = 0;
+        EVP_DigestFinal_ex(ctx, digest, &out_len);
+    }
+    EVP_MD_CTX_free(ctx);
 }
 
 void sha512(const unsigned char* data, size_t size, unsigned char* digest)
 {
-    SHA512_CTX c;
-    SHA512_Init(&c);
-    SHA512_Update(&c, data, size);
-    SHA512_Final(digest, &c);
+    EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+
+    if (!ctx)
+        return;
+
+    if (EVP_DigestInit_ex(ctx, EVP_sha512(), nullptr) == 1)
+    {
+        EVP_DigestUpdate(ctx, data, size);
+        unsigned int out_len = 0;
+        EVP_DigestFinal_ex(ctx, digest, &out_len);
+    }
+    EVP_MD_CTX_free(ctx);
 }
 
 void md5(const unsigned char* data, size_t size, unsigned char* digest)
 {
-    MD5_CTX c;
-    MD5_Init(&c);
-    MD5_Update(&c, data, size);
-    MD5_Final(digest, &c);
+    EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+    if (!ctx)
+        return;
+
+    if (EVP_DigestInit_ex(ctx, EVP_md5(), nullptr) == 1)
+    {
+        EVP_DigestUpdate(ctx, data, size);
+        unsigned int out_len = 0;
+        EVP_DigestFinal_ex(ctx, digest, &out_len);
+    }
+    EVP_MD_CTX_free(ctx);
 }
 
 }
diff --git a/src/loggers/alert_fast.cc b/src/loggers/alert_fast.cc
index 7b5deab27..3f88bff6b 100644
--- a/src/loggers/alert_fast.cc
+++ b/src/loggers/alert_fast.cc
@@ -53,7 +53,7 @@ using namespace std;
 #define FAST_BUF (4*K_BYTES)
 
 static THREAD_LOCAL TextLog* fast_log = nullptr;
-static once_flag init_flag;
+static std::once_flag init_flag;
 
 #define S_NAME "alert_fast"
 #define F_NAME S_NAME ".txt"
@@ -319,7 +319,7 @@ void FastLogger::set_buffer_ids(Inspector* gadget)
 const BufferIds& FastLogger::get_buffer_ids(Inspector* gadget, Packet* p)
 {
     // lazy init required because loggers don't have a configure (yet)
-    call_once(init_flag, set_buffer_ids, gadget);
+    std::call_once(init_flag, set_buffer_ids, gadget);
 
     InspectionBuffer buf;
     const std::vector<unsigned>& idv =
diff --git a/src/loggers/alert_json.cc b/src/loggers/alert_json.cc
index 9667da832..185e50a84 100644
--- a/src/loggers/alert_json.cc
+++ b/src/loggers/alert_json.cc
@@ -38,6 +38,7 @@
 #include "helpers/base64_encoder.h"
 #include "log/log_text.h"
 #include "log/text_log.h"
+#include "network_inspectors/appid/appid_api.h"
 #include "packet_io/active.h"
 #include "packet_io/sfdaq.h"
 #include "protocols/cisco_meta_data.h"
@@ -87,6 +88,22 @@ static bool ff_action(const Args& a)
     return true;
 }
 
+static bool ff_app_id(const Args& a)
+{
+    if ( a.pkt->flow )
+    {
+        const char* app_name = appid_api.get_application_name(*a.pkt->flow, a.pkt->is_from_client());
+
+        if ( app_name )
+        {
+            print_label(a, "app_id");
+            TextLog_Quote(json_log, app_name);
+            return true;
+        }
+    }
+    return false;
+}
+
 static bool ff_class(const Args& a)
 {
     const char* cls = a.event.get_class_type();
@@ -672,7 +689,7 @@ typedef bool (*JsonFunc)(const Args&);
 
 static const JsonFunc json_func[] =
 {
-    ff_action, ff_class, ff_b64_data, ff_client_bytes, ff_client_pkts, ff_dir,
+    ff_action, ff_app_id,ff_class, ff_b64_data, ff_client_bytes, ff_client_pkts, ff_dir,
     ff_dst_addr, ff_dst_ap, ff_dst_port, ff_eth_dst, ff_eth_len, ff_eth_src,
     ff_eth_type, ff_flowstart_time, ff_geneve_vni, ff_gid, ff_icmp_code, ff_icmp_id, ff_icmp_seq,
     ff_icmp_type, ff_iface, ff_ip_id, ff_ip_len, ff_msg, ff_mpls, ff_pkt_gen, ff_pkt_len,
@@ -683,7 +700,7 @@ static const JsonFunc json_func[] =
 };
 
 #define json_range \
-    "action | class | b64_data | client_bytes | client_pkts | dir | " \
+    "action | app_id | class | b64_data | client_bytes | client_pkts | dir | " \
     "dst_addr | dst_ap | dst_port | eth_dst | eth_len | eth_src | " \
     "eth_type | flowstart_time | geneve_vni | gid | icmp_code | icmp_id | icmp_seq | " \
     "icmp_type | iface | ip_id | ip_len | msg | mpls | pkt_gen | pkt_len | " \