clamav

Commit Graph

Author	SHA1	Message	Date
RainRat	caf324e544	Fix typos (no functional changes)	2 years ago
Micah Snyder	8e360f93ca	Coverity-405733, 405732: Add missing variable initializers	2 years ago
Sebastian Andrzej Siewior	12f4d18ce0	libclamav: Use OpenSSL' BN instead tomfastmath. Use OpenSSL's big number/ multiprecision integer arithmetics functionality to replace tomfastmath. This is a first shot at doing just this. Further improvement could be use more RSA-signature verification from OpenSSL in crtmgr_rsa_verify() and less self parsing. _padding_check_PKCS1_type_1() has been borrowed from OpenSSL to make further replacments easier. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>	2 years ago
Micah Snyder	6eebecc303	Bump copyright for 2023	2 years ago
Micah Snyder	375ecf678c	Update vendored TomsFastMath code to 0.13.1 Update the vendored TomsFastMath (TFM) library to v0.13.1. Resolves: https://bugzilla.clamav.net/show_bug.cgi?id=11992 I removed compatibility macro's from when libTomMath was used. This required removing a bunch of faux-error handling because the fast-math equivalent functions return void, and cannot fail. The previous version used had named the header "bignum_fast.h" instead of "tfm.h" and had customizations in that header to enable TFM_CHECK all the time, and also TFM_NO_ASM if __GNUC__ not defined or if the system isn't 64bit architecture. This update uses tfm.h as-is, and has CMake define TFM_CHECK and TFM_NO_ASM as needed. I've kept bignum.h as an interface to including tfm.h so that in the future we can more easily add support for system-installed TomsFastMath instead of the vendored one, taking inspiration from Debian's patch to support system-TomsFastMath. See: https://salsa.debian.org/clamav-team/clamav/-/blob/unstable/debian/patches/add-support-for-system-tomsfastmath.patch	3 years ago
micasnyd	140c88aa4e	Bump copyright for 2022 Includes minor format corrections.	3 years ago
Micah Snyder	0255f29a72	Blacklist & Whitelist verbiage Improvements to use modern block list and allow list verbiage. blacklist -> block list whitelist -> allow listed blacklisted -> blocked whitelisted -> allowed In the case of certificate verification, use "trust" or "verify" when something is allowed. Also changed domainlist -> domain list (or DomainList) to match.	4 years ago
Micah Snyder (micasnyd)	b9ca6ea103	Update copyright dates for 2021 Also fixes up clang-format.	4 years ago
Micah Snyder	898c08f08b	Formatting touch-up	5 years ago
Micah Snyder	206dbaefe8	Update copyright dates for 2020	5 years ago
Andrew	21588dc980	Ignore e for whitelist CRBs, allow blank serials The previous commit allowed a CRB cert's exponent to be ignored when evaluating blacklist rules, but this commit also allows the exponent to be ignored for whitelist rules as well. Also, previous versions of ClamAV allowed the serial number hash field in a CRB rule to be blank, effectively wildcarding the serial number. This functionality broke with some of the changes introduced in 0.102.0, so this commit addresses that.	6 years ago
Andrew	67f3d97d97	Fix blacklist CRB rules not working against certs using e!=65537 CRB rules allow the exponent to be specified, but currently this value gets ignored and hardcoded to 65537. It turns out that most certs I tested against (12,000 from VT) use e==65537, but a handful don't.	6 years ago
Andrew	d74d0386e4	Replacing cli_crt member initialization with memset (per CR feedback)	6 years ago
Andrew	a0980389a7	Fix uninitialized memory usage in PE cert parsing Fixes: ==123806== Conditional jump or move depends on uninitialised value(s) ==123806== at 0x50C4A65: crtmgr_whitelist_lookup (crtmgr.c:107) ==123806== by 0x50C4F36: crtmgr_lookup (crtmgr.c:161) ==123806== by 0x50CC003: asn1_get_x509 (asn1.c:1053) ... ==123806== Uninitialised value was created by a stack allocation ==123806== at 0x50CA335: asn1_get_x509 (asn1.c:723) hashtype and issuer were not getting set prior to the check for duplicates when processing embedded certs, which means some certs that were actually duplicates could have been added multiple times to the list of trusted certs based on the contents of the unitialized memory backing those (harmless, but not as efficient).	6 years ago
Andrew	3cf1b1c58d	Add ability to whitelist leaf certificates	6 years ago
Andrew	92088f91f1	Add support for cert blacklisting and whitelisting upfront Instead of checking the Authenticode header as an FP prevention mechanism, we now check it in the beginning if it exists. Also, we can now do actual blacklisting with .crb rules (previously, a blacklist rule just let you override a whitelist rule).	6 years ago
Micah Snyder	52cddcbcfd	Updating and cleaning up copyright notices.	6 years ago
Micah Snyder	72fd33c8b2	clang-format'd using new .clang-format rules.	6 years ago
Andrew	50d1a0b6e9	Make --dumpcerts be more consistent, improve cert processing This commit makes the following changes: - --dumpcerts will print certificates even if they already exist in any .crb files loaded - --dumpcerts will print certificates only once - Having a whitelist CRB rule on a leaf certificate should no longer prevent signature verification from happening. NOTE, this doesn't mean that you can have whitelist rules for leaf certificates and have that result in a trusted signature - that doesn't work yet - Determining whether a certificate is blacklisted now includes comparing the public key data (modulus and exponent) in addition to the subject and serial hashes - If a blacklisted certificate is detected, the code will return immediately instead of continuing on to parse the rest of the signature	7 years ago
Andrew	0973eb97be	Add more support for SHA384/SHA512 I think SHA384/SHA512 hashes are supported in all parts of the authenticode signature now	7 years ago
Andrew	a2bb4cdf28	Add support for signatures without unauthAttr section and add more dbg msgs If no unauthenticatedAttributes sections exist, the code will now judge validity based on whether the code signing certificate is valid at the time of the scan.	7 years ago
Andrew	d3440d856b	Add more support for SHA384-based certificates	7 years ago
Andrew	50873c8a58	Replace tabs with spaces in pe.c and crtmgr.c, move debug message	7 years ago
Andrew	1b5c9f72e3	[WIP] Add support for SHA256 signatures Everything should be working, but I'm having a hard time finding a binary to test with that doesn't encounter other parsing issues (no countersignature, extra data in the unauthenticatedAttributes section, etc.)	7 years ago
Kevin Lin	616c0259c4	libclamav: prints raw certificate metadata	9 years ago
Mickey Sola	46a35abe56	mass update of copyright headers	10 years ago
Shawn Webb	cd94be7a52	Silence a bunch of compiler warnings in libclamav	11 years ago
Shawn Webb	60d8d2c352	Move all the crypto API to clamav.h	11 years ago
Shawn Webb	b2e7c931d0	Use OpenSSL for hashing.	11 years ago
Shawn Webb	721921fb1c	Free the name if it's been allocated	12 years ago
Shawn Webb	0f418a13cc	Print name of authenticode certificate revocation entry when in debug mode	12 years ago
Shawn Webb	7209997f5b	bb5638 Add dumpcerts command-line option for clamscan. Only show certs in the PE file, not certs loaded by the certs db.	13 years ago
Shawn Webb	703e583ad1	Remove extra debugging statement	13 years ago
Shawn Webb	81b740ad08	Fix debug output of authenticode certs	13 years ago
Shawn Webb	729f973756	Change debugging output when outputting authenticode signatures to make machine parsing easier	13 years ago
Shawn Webb	5cc4cb86c7	bb5638 - Add ability to completely disable PE authenticode verification.	13 years ago
Shawn Webb	6202315633	bb5638 - fix logic surrounding revoked certs	13 years ago
Shawn Webb	2c2e89e107	bb5638. Check if cert already exists in cache.	13 years ago
Shawn Webb	d12f1646f2	bb5638. Parse the new cert db file.	13 years ago
Shawn Webb	56b4f4b0b9	Change the cert management code to cache the trusted/revoked root certs in the engine struct	13 years ago
Shawn webb	b01b78d190	Fix checking the revoked certs	13 years ago
Shawn webb	278b2b286d	Rudimentary blacklisting	13 years ago
David Raynor	429771f8d9	bb#5700: implement and use fp_toradix_n()	13 years ago
David Raynor	9ff16d142c	Stub mp_to_radixn calls	13 years ago
aCaB	f5092717cd	few fixmes on cat manager	14 years ago
Török Edvin	549903ecf7	memset	14 years ago
Török Edvin	a4c8b3fde0	fix valgrind warn	14 years ago
aCaB	a8e79d931d	is this faster?!	14 years ago
aCaB	2501f747c3	Restrict child cert key usages to those of the parent	14 years ago
aCaB	01e4650b04	check ext key usage	14 years ago

1 2

64 Commits (e389c3edac9c51d00fd60615c7670262751acb7e)