Add minimal support for parsing MD2RSA, RSA, and SHA512RSA certs

pull/51/head
Andrew 7 years ago committed by Micah Snyder
parent 4cd3d28491
commit 144148f1d2
  1. 31
      libclamav/asn1.c
  2. 2
      libclamav/crtmgr.h

@ -273,19 +273,24 @@ static int asn1_expect_rsa(fmap_t *map, const void **asn1data, unsigned int *asn
struct cli_asn1 obj;
unsigned int avail;
int ret;
if((ret = asn1_expect_objtype(map, *asn1data, asn1len, &obj, ASN1_TYPE_SEQUENCE))) /* SEQUENCE */
if((ret = asn1_expect_objtype(map, *asn1data, asn1len, &obj, ASN1_TYPE_SEQUENCE))) { /* SEQUENCE */
cli_dbgmsg("asn1_expect_rsa: expecting SEQUENCE at the start of the RSA algo\n");
return ret;
}
avail = obj.size;
*asn1data = obj.next;
if(asn1_expect_objtype(map, obj.content, &avail, &obj, ASN1_TYPE_OBJECT_ID))
if(asn1_expect_objtype(map, obj.content, &avail, &obj, ASN1_TYPE_OBJECT_ID)) {
cli_dbgmsg("asn1_expect_rsa: expected OID in RSA algo\n");
return 1;
}
// Two cases to check for:
// obj.size == 5:
// - OID_sha1WithRSA
//
// obj.size == 9:
// - OID_rsaEncryption
// - OID_md2WithRSAEncryption
// - OID_md5WithRSAEncryption
// - OID_sha1WithRSAEncryption
@ -302,8 +307,13 @@ static int asn1_expect_rsa(fmap_t *map, const void **asn1data, unsigned int *asn
}
if(obj.size == lenof(OID_sha1WithRSA)) {
if(!memcmp(obj.content, OID_sha1WithRSA, lenof(OID_sha1WithRSA)))
if(!memcmp(obj.content, OID_sha1WithRSA, lenof(OID_sha1WithRSA))) {
*hashtype = CLI_SHA1RSA; /* Obsolete sha1rsa 1.3.14.3.2.29 */
}
else {
cli_dbgmsg("asn1_expect_rsa: unknown OID (length 5)\n");
return 1;
}
} else if (obj.size == lenof(OID_sha1WithRSAEncryption)) {
@ -313,9 +323,11 @@ static int asn1_expect_rsa(fmap_t *map, const void **asn1data, unsigned int *asn
else if(!memcmp(obj.content, OID_md5WithRSAEncryption, lenof(OID_md5WithRSAEncryption)))
*hashtype = CLI_MD5RSA; /* md5withRSAEncryption 1.2.840.113549.1.1.4 */
else if(!memcmp(obj.content, OID_rsaEncryption, lenof(OID_rsaEncryption)))
*hashtype = CLI_RSA; /* rsaEncryption 1.2.840.113549.1.1.1 */
else if(!memcmp(obj.content, OID_md2WithRSAEncryption, lenof(OID_md2WithRSAEncryption))) {
cli_dbgmsg("asn1_expect_rsa: MD2 with RSA (not yet supported)\n");
return 1;
*hashtype = CLI_MD2RSA; /* md2withRSAEncryption 1.2.840.113549.1.1.2 */
}
else if(!memcmp(obj.content, OID_sha256WithRSAEncryption, lenof(OID_sha256WithRSAEncryption))) {
*hashtype = CLI_SHA256RSA; /* sha256WithRSAEncryption 1.2.840.113549.1.1.11 */
@ -324,7 +336,10 @@ static int asn1_expect_rsa(fmap_t *map, const void **asn1data, unsigned int *asn
*hashtype = CLI_SHA384RSA; /* sha384WithRSAEncryption 1.2.840.113549.1.1.12 */
}
else if(!memcmp(obj.content, OID_sha512WithRSAEncryption, lenof(OID_sha512WithRSAEncryption))) {
cli_dbgmsg("asn1_expect_rsa: SHA512 with RSA (not yet supported)\n");
*hashtype = CLI_SHA512RSA; /* sha512WithRSAEncryption 1.2.840.113549.1.1.13 */
}
else {
cli_dbgmsg("asn1_expect_rsa: unknown OID (length 9)\n");
return 1;
}
}
@ -332,8 +347,10 @@ static int asn1_expect_rsa(fmap_t *map, const void **asn1data, unsigned int *asn
cli_dbgmsg("asn1_expect_rsa: OID mismatch (size %u)\n", obj.size);
return 1;
}
if((ret = asn1_expect_obj(map, &obj.next, &avail, ASN1_TYPE_NULL, 0, NULL))) /* NULL */
if((ret = asn1_expect_obj(map, &obj.next, &avail, ASN1_TYPE_NULL, 0, NULL))) { /* NULL */
cli_dbgmsg("asn1_expect_rsa: expected NULL following RSA OID\n");
return ret;
}
if(avail) {
cli_dbgmsg("asn1_expect_rsa: extra data found in SEQUENCE\n");
return 1;

@ -26,7 +26,7 @@
#include "bignum.h"
typedef enum { CLI_SHA1RSA, CLI_MD5RSA, CLI_SHA256RSA, CLI_SHA384RSA } cli_crt_hashtype;
typedef enum {CLI_SHA1RSA, CLI_MD5RSA, CLI_MD2RSA, CLI_RSA, CLI_SHA256RSA, CLI_SHA384RSA, CLI_SHA512RSA } cli_crt_hashtype;
typedef enum {VRFY_CODE, VRFY_TIME} cli_vrfy_type;
#define CRT_RAWMAXLEN 64

Loading…
Cancel
Save