From: Jason Ish Date: Tue, 22 Dec 2020 22:44:42 +0000 (-0600) Subject: ja3: remove requirement on NSS X-Git-Tag: suricata-7.0.0-beta1~1903 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5bf748c9049068cd7e8ba83776f61b934f47389;p=thirdparty%2Fsuricata.git ja3: remove requirement on NSS --- diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index bc012e3a4f..abdefdbc45 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -3026,18 +3026,9 @@ void RegisterSSLParsers(void) } SC_ATOMIC_SET(ssl_config.enable_ja3, enable_ja3); -#ifndef HAVE_NSS - if (SC_ATOMIC_GET(ssl_config.enable_ja3)) { - SCLogWarning(SC_WARN_NO_JA3_SUPPORT, - "no MD5 calculation support built in (LibNSS), disabling JA3"); - SC_ATOMIC_SET(ssl_config.enable_ja3, 0); - } -#else if (RunmodeIsUnittests()) { SC_ATOMIC_SET(ssl_config.enable_ja3, 1); } -#endif - } else { SCLogConfig("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); @@ -3057,7 +3048,6 @@ void RegisterSSLParsers(void) */ void SSLEnableJA3(void) { -#ifdef HAVE_NSS if (ssl_config.disable_ja3) { return; } @@ -3065,16 +3055,13 @@ void SSLEnableJA3(void) return; } SC_ATOMIC_SET(ssl_config.enable_ja3, 1); -#endif } bool SSLJA3IsEnabled(void) { -#ifdef HAVE_NSS if (SC_ATOMIC_GET(ssl_config.enable_ja3)) { return true; } -#endif return false; } diff --git a/src/tests/detect-tls-ja3-hash.c b/src/tests/detect-tls-ja3-hash.c index 8919815ad5..a7929df6fe 100644 --- a/src/tests/detect-tls-ja3-hash.c +++ b/src/tests/detect-tls-ja3-hash.c @@ -22,15 +22,6 @@ * */ -#ifndef HAVE_NSS - -static void DetectTlsJa3HashRegisterTests(void) -{ - /* Don't register any tests */ -} - -#else /* HAVE_NSS */ - /** * \test Test matching on a simple client hello packet */ @@ -224,5 +215,3 @@ static void DetectTlsJa3HashRegisterTests(void) UtRegisterTest("DetectTlsJa3HashTest01", DetectTlsJa3HashTest01); UtRegisterTest("DetectTlsJa3HashTest02", DetectTlsJa3HashTest02); } - -#endif /* HAVE_NSS */ diff --git a/src/tests/detect-tls-ja3-string.c b/src/tests/detect-tls-ja3-string.c index 09115cd089..f245c02cdb 100644 --- a/src/tests/detect-tls-ja3-string.c +++ b/src/tests/detect-tls-ja3-string.c @@ -22,15 +22,6 @@ * */ -#ifndef HAVE_NSS - -static void DetectTlsJa3StringRegisterTests(void) -{ - /* Don't register any tests */ -} - -#else /* HAVE_NSS */ - /** * \test Test matching on a simple client hello packet */ @@ -127,5 +118,3 @@ static void DetectTlsJa3StringRegisterTests(void) { UtRegisterTest("DetectTlsJa3StringTest01", DetectTlsJa3StringTest01); } - -#endif /* HAVE_NSS */ diff --git a/src/tests/detect-tls-ja3s-hash.c b/src/tests/detect-tls-ja3s-hash.c index a8b21c8237..571668c537 100644 --- a/src/tests/detect-tls-ja3s-hash.c +++ b/src/tests/detect-tls-ja3s-hash.c @@ -22,15 +22,6 @@ * */ -#ifndef HAVE_NSS - -static void DetectTlsJa3SHashRegisterTests(void) -{ - /* Don't register any tests */ -} - -#else /* HAVE_NSS */ - /** * \test Test matching on a JA3S hash from a ServerHello record */ @@ -173,5 +164,3 @@ void DetectTlsJa3SHashRegisterTests(void) { UtRegisterTest("DetectTlsJa3SHashTest01", DetectTlsJa3SHashTest01); } - -#endif /* HAVE_NSS */ diff --git a/src/tests/detect-tls-ja3s-string.c b/src/tests/detect-tls-ja3s-string.c index 1ca93bbb74..54841e0001 100644 --- a/src/tests/detect-tls-ja3s-string.c +++ b/src/tests/detect-tls-ja3s-string.c @@ -15,15 +15,6 @@ * 02110-1301, USA. */ -#ifndef HAVE_NSS - -static void DetectTlsJa3SStringRegisterTests(void) -{ - /* Don't register any tests */ -} - -#else /* HAVE_NSS */ - /** * \test Test matching on a simple client hello packet */ @@ -166,5 +157,3 @@ static void DetectTlsJa3SStringRegisterTests(void) { UtRegisterTest("DetectTlsJa3SStringTest01", DetectTlsJa3SStringTest01); } - -#endif /* HAVE_NSS */ diff --git a/src/util-ja3.c b/src/util-ja3.c index 743ec97bd0..24e8bf3064 100644 --- a/src/util-ja3.c +++ b/src/util-ja3.c @@ -28,10 +28,6 @@ #include "util-validate.h" #include "util-ja3.h" -#ifdef HAVE_NSS -#include -#endif - #define MD5_STRING_LENGTH 33 /** @@ -220,8 +216,6 @@ int Ja3BufferAddValue(JA3Buffer **buffer, uint32_t value) */ char *Ja3GenerateHash(JA3Buffer *buffer) { - -#ifdef HAVE_NSS if (buffer == NULL) { SCLogError(SC_ERR_INVALID_ARGUMENT, "Buffer should not be NULL"); return NULL; @@ -239,19 +233,15 @@ char *Ja3GenerateHash(JA3Buffer *buffer) return NULL; } - unsigned char md5[MD5_LENGTH]; - HASH_HashBuf(HASH_AlgMD5, md5, (unsigned char *)buffer->data, buffer->used); + unsigned char md5[SC_MD5_LEN]; + SCMd5HashBuffer((unsigned char *)buffer->data, buffer->used, md5, sizeof(md5)); int i, x; - for (i = 0, x = 0; x < MD5_LENGTH; x++) { + for (i = 0, x = 0; x < SC_MD5_LEN; x++) { i += snprintf(ja3_hash + i, MD5_STRING_LENGTH - i, "%02x", md5[x]); } return ja3_hash; -#else - return NULL; -#endif /* HAVE_NSS */ - } /** @@ -275,16 +265,5 @@ int Ja3IsDisabled(const char *type) return 1; } -#ifndef HAVE_NSS - else { - if (strcmp(type, "rule") != 0) { - SCLogWarning(SC_WARN_NO_JA3_SUPPORT, - "no MD5 calculation support built in (LibNSS), skipping %s", - type); - } - return 1; - } -#endif /* HAVE_NSS */ - return 0; }