OrcLib: FuzzyHash: add preprocessor ORC_BUILD_TLSH

Maintainer choosed to restrict Windows support to mingw and the tlsh
feature is not being used. So it will be disable by default and removed
on any breaking change.

CMakeLists.txt

@@ -9,6 +9,7 @@ option(ORC_BUILD_COMMAND    "Build any OrcCommand based command" ON)
 option(ORC_BUILD_FASTFIND   "Build FastFind binary" ON)
 option(ORC_BUILD_ORC        "Build Orc binary" ON)
 option(ORC_BUILD_PARQUET    "Build Parquet module" OFF)
+option(ORC_BUILD_TLSH       "Build with tlsh support" OFF)
 option(ORC_BUILD_SSDEEP     "Build with ssdeep support" OFF)
 option(ORC_BUILD_JSON       "Build with JSON StructuredOutput enabled" ON)
 option(ORC_BUILD_BOOST_STACKTRACE  "Build with stack backtrace enabled" ON)
@@ -83,7 +84,6 @@ if(ORC_VCPKG_ROOT)
         boost-scope-exit
         fmt
         spdlog
-        tlsh
         yara
         rapidjson
     )
@@ -98,6 +98,11 @@ if(ORC_VCPKG_ROOT)
         list(APPEND _PACKAGES boost-stacktrace)
     endif()
 
+    if(ORC_BUILD_TLSH)
+        add_definitions(-DORC_BUILD_TLSH)
+        list(APPEND _PACKAGES tlsh)
+    endif()
+
     if(ORC_BUILD_APACHE_ORC)
         if("${CMAKE_GENERATOR_TOOLSET}" STREQUAL "v141_xp")
             message(FATAL_ERROR "Apache Orc requires Seven or later")

README.md

@@ -57,6 +57,7 @@ cmake --build . --config MinSizeRel -- -maxcpucount
 | ORC_BUILD_ORC        | ON                    | Build Orc binary                 |
 | ORC_BUILD_PARQUET    | OFF                   | Build Parquet module (x64)       |
 | ORC_BUILD_SSDEEP     | OFF                   | Build with ssdeep support        |
+| ORC_BUILD_TLSH       | OFF                   | Build with tslh support          |
 | ORC_BUILD_JSON       | ON                    | Build with JSON enabled          |
 | ORC_USE_STATIC_CRT   | ON                    | Use static runtime               |
 | ORC_VCPKG_ROOT       | ${ORC}/external/vcpkg | VCPKG root directory             |

src/OrcLib/CMakeLists.txt

@@ -13,7 +13,6 @@ orc_add_compile_options()
 find_package(7zip CONFIG REQUIRED)
 find_package(Boost REQUIRED)
 find_package(fmt REQUIRED)
-find_package(tlsh CONFIG REQUIRED)
 find_package(VisualStudio REQUIRED)
 find_package(Yara REQUIRED)
 
@@ -864,7 +863,6 @@ target_link_libraries(OrcLib
         Wintrust.lib
         Crypt32.lib
         fmt::fmt-header-only
-        tlsh::tlsh
         VisualStudio::CppUnitTest
         yara::yara
         ws2_32.lib
@@ -874,6 +872,11 @@ target_link_libraries(OrcLib
 find_package(RapidJSON CONFIG REQUIRED)
 target_include_directories(OrcLib PRIVATE ${RAPIDJSON_INCLUDE_DIRS})
 
+if(ORC_BUILD_TLSH)
+    find_package(tlsh CONFIG REQUIRED)
+    target_link_libraries(OrcLib PUBLIC tlsh::tlsh)
+endif()
+
 if(ORC_BUILD_SSDEEP)
     find_package(ssdeep CONFIG REQUIRED)
     target_link_libraries(OrcLib PUBLIC ssdeep::fuzzy)

src/OrcLib/FuzzyHashStream.cpp

@@ -11,7 +11,9 @@
 #include "WideAnsi.h"
 #include "BinaryBuffer.h"
 
-#include "tlsh/tlsh.h"
+#ifdef ORC_BUILD_TLSH
+#    include "tlsh/tlsh.h"
+#endif  // ORC_BUILD_TLSH
 
 #ifdef ORC_BUILD_SSDEEP
 #    include "ssdeep/fuzzy.h"
@@ -27,10 +29,14 @@ FuzzyHashStream::Algorithm FuzzyHashStream::GetSupportedAlgorithm(LPCWSTR szAlgo
         return Algorithm::SSDeep;
     }
 #endif  // ORC_BUILD_SSDEEP
+
+#ifdef ORC_BUILD_TSLH
     if (!_wcsnicmp(szAlgo, L"tlsh", wcslen(L"tlsh")))
     {
         return Algorithm::TLSH;
     }
+#endif  // ORC_BUILD_TLSH
+
     return Algorithm::Undefined;
 }
 
@@ -46,13 +52,17 @@ std::wstring FuzzyHashStream::GetSupportedAlgorithm(Algorithm algs)
         retval.append(L"SSDeep");
     }
 #endif  // ORC_BUILD_SSDEEP
+
+#ifdef ORC_BUILD_TLSH
     if (HasFlag(algs, FuzzyHashStream::Algorithm::TLSH))
     {
         if (retval.empty())
             retval.append(L"TLSH");
         else
             retval.append(L",TLSH");
     }
+#endif  // ORC_BUILD_TLSH
+
     return retval;
 }
 
@@ -100,21 +110,18 @@ HRESULT FuzzyHashStream::OpenToWrite(FuzzyHashStream::Algorithm algs, const std:
 
 STDMETHODIMP FuzzyHashStream::Close()
 {
+#ifdef ORC_BUILD_TLSH
     if (m_tlsh)
     {
         m_tlsh->final();
     }
+#endif  // ORC_BUILD_TLSH
 
     return HashStream::Close();
 }
 
 HRESULT FuzzyHashStream::ResetHash(bool bContinue)
 {
-    if (m_tlsh)
-    {
-        m_tlsh->reset();
-    }
-
 #ifdef ORC_BUILD_SSDEEP
     if (m_ssdeep)
     {
@@ -128,20 +135,30 @@ HRESULT FuzzyHashStream::ResetHash(bool bContinue)
     }
 #endif  // ORC_BUILD_SSDEEP
 
+#ifdef ORC_BUILD_TLSH
+    if (m_tlsh)
+    {
+        m_tlsh->reset();
+    }
+
     if (HasFlag(m_Algorithms, FuzzyHashStream::Algorithm::TLSH))
     {
         m_tlsh = std::make_unique<Tlsh>();
     }
+#endif  // ORC_BUILD_TLSH
+
     m_bHashIsValid = true;
     return S_OK;
 }
 
 HRESULT FuzzyHashStream::HashData(LPBYTE pBuffer, DWORD dwBytesToHash)
 {
+#ifdef ORC_BUILD_TLSH
     if (m_tlsh)
     {
         m_tlsh->update(pBuffer, dwBytesToHash);
     }
+#endif  // ORC_BUILD_TLSH
 
 #ifdef ORC_BUILD_SSDEEP
     if (m_ssdeep)
@@ -173,6 +190,7 @@ HRESULT FuzzyHashStream::GetHash(FuzzyHashStream::Algorithm alg, CBinaryBuffer&
 #endif  // ORC_BUILD_SSDEEP
                 break;
             case FuzzyHashStream::Algorithm::TLSH:
+#ifdef ORC_BUILD_TLSH
                 if (HasFlag(m_Algorithms, FuzzyHashStream::Algorithm::TLSH) && m_tlsh)
                 {
                     if (!m_tlsh->isValid())
@@ -187,6 +205,7 @@ HRESULT FuzzyHashStream::GetHash(FuzzyHashStream::Algorithm alg, CBinaryBuffer&
                     }
                     return S_OK;
                 }
+#endif  // ORC_BUILD_TLSH
                 break;
             default:
                 return E_INVALIDARG;
@@ -222,5 +241,7 @@ FuzzyHashStream::~FuzzyHashStream()
     }
 #endif  // ORC_BUILD_SSDEEP
 
+#ifdef ORC_BUILD_TLSH
     m_tlsh.reset();
+#endif
 }

src/OrcLib/FuzzyHashStream.h

@@ -50,7 +50,11 @@ class FuzzyHashStream : public HashStream
 
 protected:
     Algorithm m_Algorithms = Algorithm::Undefined;
+
+#ifdef ORC_BUILD_TLSH
     std::unique_ptr<Tlsh> m_tlsh;
+#endif  // ORC_BUILD_TLSH
+
     struct fuzzy_state* m_ssdeep = nullptr;
 };