open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

is this faster?!

Browse Source
pull/25/head
aCaB 14 years ago
parent 09f20cb6cc
commit a8e79d931d
3 changed files with 17 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      libclamav/asn1.c
  2. 6
      libclamav/crtmgr.c
  3. 3
      libclamav/crtmgr.h

13
libclamav/asn1.c
Unescape View File

@ -493,6 +493,8 @@ static int asn1_get_x509(fmap_t *map, const void **asn1data, unsigned int *size,
if(asn1_expect_objtype(map, next, &tbs.size, &obj, 0x02)) /* serialNumber */
break;
if(map_sha1(map, obj.content, obj.size, x509.serial))
break;
if(asn1_expect_rsa(map, &obj.next, &tbs.size, &hashtype1)) /* algo = sha1WithRSAEncryption | md5WithRSAEncryption */
break;
@ -740,7 +742,7 @@ static int asn1_get_x509(fmap_t *map, const void **asn1data, unsigned int *size,
static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmgr *cmgr, int embedded, const void **hashes, unsigned int *hashes_size) {
struct cli_asn1 asn1, deep, deeper;
uint8_t sha1[SHA1_HASH_SIZE], issuer[SHA1_HASH_SIZE], md[SHA1_HASH_SIZE];
uint8_t sha1[SHA1_HASH_SIZE], issuer[SHA1_HASH_SIZE], md[SHA1_HASH_SIZE], serial[SHA1_HASH_SIZE];
const uint8_t *message, *attrs;
unsigned int dsize, message_size, attrs_size;
cli_crt_hashtype hashtype;
@ -887,6 +889,8 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg
if(asn1_expect_objtype(map, deep.next, &dsize, &deep, 0x02)) /* serial */
break;
if(map_sha1(map, deep.content, deep.size, serial))
break;
if(dsize) {
cli_dbgmsg("asn1_parse_mscat: extra data inside issuerAndSerialNumber\n");
break;
@ -1016,7 +1020,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg
cli_dbgmsg("asn1_parse_mscat: failed to read encryptedDigest\n");
break;
}
if(crtmgr_verify_pkcs7(cmgr, issuer, asn1.content, asn1.size, CLI_SHA1RSA, sha1, VRFY_CODE)) {
if(crtmgr_verify_pkcs7(cmgr, issuer, serial, asn1.content, asn1.size, CLI_SHA1RSA, sha1, VRFY_CODE)) {
cli_dbgmsg("asn1_parse_mscat: pkcs7 signature verification failed\n");
break;
}
@ -1077,6 +1081,9 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg
if(asn1_expect_objtype(map, deep.next, &asn1.size, &deep, 0x02)) /* serial */
break;
if(map_sha1(map, deep.content, deep.size, serial))
break;
if(asn1.size) {
cli_dbgmsg("asn1_parse_mscat: extra data inside countersignature issuer\n");
break;
@ -1257,7 +1264,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg
cli_dbgmsg("asn1_parse_mscat: failed to read countersignature encryptedDigest\n");
break;
}
if(crtmgr_verify_pkcs7(cmgr, issuer, asn1.content, asn1.size, hashtype, sha1, VRFY_TIME)) {
if(crtmgr_verify_pkcs7(cmgr, issuer, serial, asn1.content, asn1.size, hashtype, sha1, VRFY_TIME)) {
cli_dbgmsg("asn1_parse_mscat: pkcs7 countersignature verification failed\n");
break;
}

6
libclamav/crtmgr.c
Unescape View File

@ -50,6 +50,7 @@ cli_crt *crtmgr_lookup(crtmgr *m, cli_crt *x509) {
(i->codeSign | x509->codeSign) == i->codeSign &&
(i->timeSign | x509->timeSign) == i->timeSign &&
!memcmp(x509->subject, i->subject, sizeof(i->subject)) &&
!memcmp(x509->serial, i->serial, sizeof(i->subject)) &&
!mp_cmp(&x509->n, &i->n) &&
!mp_cmp(&x509->e, &i->e)) {
return i;
@ -64,6 +65,7 @@ int crtmgr_add(crtmgr *m, cli_crt *x509) {
for(i = m->crts; i; i = i->next) {
if(!memcmp(x509->subject, i->subject, sizeof(i->subject)) &&
!memcmp(x509->serial, i->subject, sizeof(i->serial)) &&
!mp_cmp(&x509->n, &i->n) &&
!mp_cmp(&x509->e, &i->e)) {
if(x509->not_before >= i->not_before && x509->not_after <= i->not_after) {
@ -104,6 +106,7 @@ int crtmgr_add(crtmgr *m, cli_crt *x509) {
return 1;
}
memcpy(i->subject, x509->subject, sizeof(i->subject));
memcpy(i->serial, x509->serial, sizeof(i->serial));
memcpy(i->issuer, x509->issuer, sizeof(i->issuer));
memcpy(i->tbshash, x509->tbshash, sizeof(i->tbshash));
i->not_before = x509->not_before;
@ -270,7 +273,7 @@ cli_crt *crtmgr_verify_crt(crtmgr *m, cli_crt *x509) {
return NULL;
}
int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const void *signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t *refhash, cli_vrfy_type vrfytype) {
int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const uint8_t *serial, const void *signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t *refhash, cli_vrfy_type vrfytype) {
cli_crt *i;
mp_int sig;
int ret;
@ -296,6 +299,7 @@ int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const void *signature,
if(vrfytype == VRFY_TIME && !i->timeSign)
continue;
if(!memcmp(i->issuer, issuer, sizeof(i->issuer)) &&
!memcmp(i->serial, serial, sizeof(i->serial)) &&
!crtmgr_rsa_verify(i, &sig, hashtype, refhash)) {
ret = 0;
break;

3
libclamav/crtmgr.h
Unescape View File

@ -33,6 +33,7 @@ typedef struct cli_crt_t {
uint8_t subject[SHA1_HASH_SIZE];
uint8_t issuer[SHA1_HASH_SIZE];
uint8_t tbshash[SHA1_HASH_SIZE];
uint8_t serial[SHA1_HASH_SIZE];
mp_int n;
mp_int e;
mp_int sig;
@ -60,7 +61,7 @@ int crtmgr_add(crtmgr *m, cli_crt *x509);
cli_crt *crtmgr_lookup(crtmgr *m, cli_crt *x509);
void crtmgr_del(crtmgr *m, cli_crt *x509);
cli_crt *crtmgr_verify_crt(crtmgr *m, cli_crt *x509);
int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const void *signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t *refhash, cli_vrfy_type vrfytype);
int crtmgr_verify_pkcs7(crtmgr *m, const uint8_t *issuer, const uint8_t *serial, const void *signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t *refhash, cli_vrfy_type vrfytype);
int crtmgr_add_roots(crtmgr *m);

Write Preview
Loading…
Cancel
Save