[Forensics-changes] [yara] 206/407: Remove "hash" function from "rich_signature"
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:26 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit 86c4afb6f0bd405957df6c89a4d574f995c32c41
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Fri Nov 7 15:05:50 2014 +0100
Remove "hash" function from "rich_signature"
Now we can do the same with hash.sha256(pe.rich_signature.clear_data).
---
libyara/modules/pe.c | 35 -----------------------------------
1 file changed, 35 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 24ebbb4..4b70e1b 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1287,38 +1287,6 @@ define_function(imphash)
return_string(digest_ascii);
}
-
-//
-// Nothing fancy here. Just a sha256 of the clear data.
-//
-
-define_function(richhash)
-{
- YR_OBJECT* parent = parent();
- SHA256_CTX ctx;
-
- unsigned char digest[SHA256_DIGEST_LENGTH];
- char digest_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
-
- SIZED_STRING *clear_data = get_string(parent, "clear_data");
-
- if (!clear_data)
- return_string(UNDEFINED);
-
- SHA256_Init(&ctx);
- SHA256_Update(&ctx, clear_data->c_string, clear_data->length);
- SHA256_Final(digest, &ctx);
-
- for (int i = 0; i < SHA256_DIGEST_LENGTH; i++)
- {
- sprintf(digest_ascii + (i * 2), "%02x", digest[i]);
- }
-
- digest_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
-
- return_string(digest_ascii);
-}
-
#endif // defined(HAVE_LIBCRYPTO)
@@ -1520,9 +1488,6 @@ begin_declarations;
declare_integer("key");
declare_string("raw_data");
declare_string("clear_data");
- #if defined(HAVE_LIBCRYPTO)
- declare_function("hash", "", "s", richhash);
- #endif
end_struct("rich_signature");
#if defined(HAVE_LIBCRYPTO)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list