@@ -114,7 +114,7 @@ int main(int argc, char **argv)

 	int ret, tcpsock = 0, localsock = 0, i, min_port, max_port;

 	unsigned int sigs = 0;

 	int lsockets[2], nlsockets = 0;

-	unsigned int dboptions = CL_DB_CVDNOTMP;

+	unsigned int dboptions = 0;

 #ifdef C_LINUX

 	struct stat sb;

 #endif

@@ -314,7 +314,7 @@ int scanmanager(const struct optstruct *opts)

 {

 	mode_t fmode;

 	int ret = 0, fmodeint, i;

-	unsigned int options = 0, dboptions = CL_DB_CVDNOTMP;

+	unsigned int options = 0, dboptions = 0;

 	struct cl_engine *engine;

 	struct stat sb;

 	char *file, cwd[1024], *pua_cats = NULL;

@@ -867,9 +867,6 @@ N * * * *	/usr/local/bin/freshclam --quiet

 	Initialize the phishing detection module and load .wdb and .pdb files.

 	\item \textbf{CL\_DB\_PUA}\\

 	Load signatures for Potentially Unwanted Applications.

-	\item \textbf{CL\_DB\_CVDNOTMP}\\

-	Load CVD files directly without unpacking them into a temporary

-	directory.

     \end{itemize}

     \verb+cl_load()+ returns \verb+CL_SUCCESS+ on success and another code on

     failure.

@@ -73,7 +73,7 @@ typedef enum {

 #define CL_DB_PHISHING	    0x2

 #define CL_DB_PHISHING_URLS 0x8

 #define CL_DB_PUA	    0x10

-#define CL_DB_CVDNOTMP	    0x20

+#define CL_DB_CVDNOTMP	    0x20    /* obsolete */

 #define CL_DB_OFFICIAL	    0x40    /* internal */

 #define CL_DB_PUA_MODE	    0x80

 #define CL_DB_PUA_INCLUDE   0x100

@@ -84,7 +84,7 @@ typedef enum {

 #define CL_DB_BYTECODE      0x2000

 /* recommended db settings */

-#define CL_DB_STDOPT	    (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_CVDNOTMP | CL_DB_BYTECODE)

+#define CL_DB_STDOPT	    (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_BYTECODE)

 /* scan options */

 #define CL_SCAN_RAW			0x0

@@ -575,35 +575,7 @@ int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigne

 	engine->dbversion[1] = cvd.stime;

     }

-    if(options & CL_DB_CVDNOTMP) {

-

-	return cli_tgzload(cfd, engine, signo, options | CL_DB_OFFICIAL);

-

-    } else {

-

-	if(!(dir = cli_gentemp(engine->tmpdir)))

-	    return CL_EMEM;

-

-	if(mkdir(dir, 0700)) {

-	    cli_errmsg("cli_cvdload(): Can't create temporary directory %s\n", dir);

-	    free(dir);

-	    return CL_ETMPDIR;

-	}

-

-	if(cli_untgz(cfd, dir)) {

-	    cli_errmsg("cli_cvdload(): Can't unpack CVD file.\n");

-	    free(dir);

-	    return CL_ECVD;

-	}

-

-	/* load extracted directory */

-	ret = cl_load(dir, engine, signo, options | CL_DB_OFFICIAL);

-

-	cli_rmdirs(dir);

-	free(dir);

-

-	return ret;

-    }

+    return cli_tgzload(cfd, engine, signo, options | CL_DB_OFFICIAL);

 }

 int cli_cvdunpack(const char *file, const char *dir)

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2007-2009 Sourcefire, Inc.

+ *  Copyright (C) 2007-2010 Sourcefire, Inc.

  *

  *  Authors: Tomasz Kojm

  *

@@ -32,6 +32,7 @@

 #include "dsig.h"

 #include "str.h"

 #include "bignum.h"

+#include "sha256.h"

 #define CLI_NSTR "118640995551645342603070001658453189751527774412027743746599405743243142607464144767361060640655844749760788890022283424922762488917565551002467771109669598189410434699034532232228621591089508178591428456220796841621637175567590476666928698770143328137383952820383197532047771780196576957695822641224262693037"

@@ -145,3 +146,72 @@ int cli_versig(const char *md5, const char *dsig)

     cli_dbgmsg("cli_versig: Digital signature is correct.\n");

     return CL_SUCCESS;

 }

+

+#define HASH_LEN    32

+#define SALT_LEN    32

+#define PAD_LEN	    (2048 / 8)

+#define BLK_LEN	    (PAD_LEN - HASH_LEN - 1)

+int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n_str, const char *e_str)

+{

+	unsigned char *decoded, digest1[HASH_LEN], digest2[HASH_LEN], digest3[HASH_LEN], *salt;

+	unsigned char mask[BLK_LEN], data[BLK_LEN], final[8 + 2 * HASH_LEN], c[4];

+	unsigned int i, rounds;

+	SHA256_CTX ctx;

+	mp_int n, e;

+

+    mp_init(&e);

+    mp_read_radix(&e, e_str, 10);

+    mp_init(&n);

+    mp_read_radix(&n, n_str, 10);

+

+    decoded = cli_decodesig(dsig_str, PAD_LEN, e, n);

+    mp_clear(&n);

+    mp_clear(&e);

+    if(!decoded)

+	return CL_EVERIFY;

+

+    if(decoded[PAD_LEN - 1] != 0xbc) {

+	free(decoded);

+	return CL_EVERIFY;

+    }

+

+    memcpy(mask, decoded, BLK_LEN);

+    memcpy(digest2, &decoded[BLK_LEN], HASH_LEN);

+    free(decoded);

+

+    c[0] = c[1] = 0;

+    rounds = (BLK_LEN + HASH_LEN - 1) / HASH_LEN;

+    for(i = 0; i < rounds; i++) {

+	c[2] = (unsigned char) (i / 256);

+	c[3] = (unsigned char) i;

+	sha256_init(&ctx);

+	sha256_update(&ctx, digest2, HASH_LEN);

+	sha256_update(&ctx, c, 4);

+	sha256_final(&ctx, digest3);

+	if(i + 1 == rounds)

+            memcpy(&data[i * 32], digest3, BLK_LEN - i * HASH_LEN);

+	else

+	    memcpy(&data[i * 32], digest3, HASH_LEN);

+    }

+

+    for(i = 0; i < BLK_LEN; i++)

+	data[i] ^= mask[i];

+    data[0] &= (0xff >> 1);

+

+    if(!(salt = memchr(data, 0x01, BLK_LEN)))

+	return CL_EVERIFY;

+    salt++;

+

+    if(data + BLK_LEN - salt != SALT_LEN)

+	return CL_EVERIFY;

+

+    memset(final, 0, 8);

+    memcpy(&final[8], sha256, HASH_LEN);

+    memcpy(&final[8 + HASH_LEN], salt, SALT_LEN);

+

+    sha256_init(&ctx);

+    sha256_update(&ctx, final, sizeof(final));

+    sha256_final(&ctx, digest1);

+

+    return memcmp(digest1, digest2, HASH_LEN) ? CL_EVERIFY : CL_SUCCESS;

+}

@@ -25,9 +25,7 @@

 #include "clamav-config.h"

 #endif

-#include "bignum.h"

-

 int cli_versig(const char *md5, const char *dsig);

-unsigned char *cli_decodesig(const char *sig, unsigned int plen, mp_int e, mp_int n);

+int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n_str, const char *e_str);

 #endif

@@ -133,6 +133,7 @@ CLAMAV_PRIVATE {

     mp_read_radix;

     mp_clear;

     cli_versig;

+    cli_versig2;

     cli_filecopy;

     cli_ftw;

     cli_unlink;

@@ -2086,7 +2086,7 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo

 	ret = cli_cvdload(fs, engine, signo, !strcmp(dbname, "daily.cvd"), options, 0);

     } else if(cli_strbcasestr(dbname, ".cld")) {

-	ret = cli_cvdload(fs, engine, signo, !strcmp(dbname, "daily.cld"), options | CL_DB_CVDNOTMP, 1);

+	ret = cli_cvdload(fs, engine, signo, !strcmp(dbname, "daily.cld"), options, 1);

     } else if(cli_strbcasestr(dbname, ".hdb")) {

 	ret = cli_loadmd5(fs, engine, signo, MD5_HDB, options, dbio, dbname);

@@ -773,102 +773,6 @@ static int cdiff_execute(const char *cmdstr, struct cdiff_ctx *ctx, char *lbuf,

     return 0;

 }

-static void pss_mgf(unsigned char *in, unsigned int inlen, unsigned char *out, unsigned int outlen)

-{

-	SHA256_CTX ctx;

-	unsigned int i, laps;

-	unsigned char cnt[4], digest[PSS_DIGEST_LENGTH];

-

-

-    laps = (outlen + PSS_DIGEST_LENGTH - 1) / PSS_DIGEST_LENGTH;

-

-    for(i = 0; i < laps; i++) {

-	cnt[0] = (unsigned char) 0;

-	cnt[1] = (unsigned char) 0;

-	cnt[2] = (unsigned char) (i / 256);

-	cnt[3] = (unsigned char) i;

-

-	sha256_init(&ctx);

-	sha256_update(&ctx, in, inlen);

-	sha256_update(&ctx, cnt, sizeof(cnt));

-	sha256_final(&ctx, digest);

-

-	if(i != laps - 1)

-	    memcpy(&out[i * PSS_DIGEST_LENGTH], digest, PSS_DIGEST_LENGTH);

-	else

-	    memcpy(&out[i * PSS_DIGEST_LENGTH], digest, outlen - i * PSS_DIGEST_LENGTH);

-    }

-}

-

-static int pss_versig(const unsigned char *sha256, const char *dsig)

-{

-	mp_int n, e;

-	SHA256_CTX ctx;

-	unsigned char *pt, digest1[PSS_DIGEST_LENGTH], digest2[PSS_DIGEST_LENGTH], *salt;

-	unsigned int plen = PSS_NBITS / 8, hlen, slen, i;

-	unsigned char dblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];

-	unsigned char mblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];

-	unsigned char fblock[8 + 2 * PSS_DIGEST_LENGTH];

-

-

-    hlen = slen = PSS_DIGEST_LENGTH;

-    mp_init(&n);

-    mp_read_radix(&n, PSS_NSTR, 10);

-    mp_init(&e);

-    mp_read_radix(&e, PSS_ESTR, 10);

-    if(!(pt = cli_decodesig(dsig, plen, e, n))) {

-	mp_clear(&n);

-	mp_clear(&e);

-	return -1;

-    }

-    mp_clear(&n);

-    mp_clear(&e);

-

-    if(pt[plen - 1] != 0xbc) {

-	/* cli_dbgmsg("cli_versigpss: Incorrect signature syntax (0xbc)\n"); */

-	free(pt);

-	return -1;

-    }

-

-    memcpy(mblock, pt, plen - hlen - 1);

-    memcpy(digest2, &pt[plen - hlen - 1], hlen);

-    free(pt);

-

-    pss_mgf(digest2, hlen, dblock, plen - hlen - 1);

-

-    for(i = 0; i < plen - hlen - 1; i++)

-	dblock[i] ^= mblock[i];

-

-    dblock[0] &= (0xff >> 1);

-

-    salt = memchr(dblock, 0x01, sizeof(dblock));

-    if(!salt) {

-	/* cli_dbgmsg("cli_versigpss: Can't find salt\n"); */

-	return -1;

-    }

-    salt++;

-

-    if((unsigned int) (dblock + sizeof(dblock) - salt) != slen) {

-	/* cli_dbgmsg("cli_versigpss: Bad salt size\n"); */

-	return -1;

-    }

-

-    memset(fblock, 0, 8);

-    memcpy(&fblock[8], sha256, hlen);

-    memcpy(&fblock[8 + hlen], salt, slen);

-

-    sha256_init(&ctx);

-    sha256_update(&ctx, fblock, sizeof(fblock));

-    sha256_final(&ctx, digest1);

-

-    if(memcmp(digest1, digest2, hlen)) {

-	/* cli_dbgmsg("cli_versigpss: Signature doesn't match.\n"); */

-	return -1;

-    }

-

-    return 0;

-}

-

 int cdiff_apply(int fd, unsigned short mode)

 {

 	struct cdiff_ctx ctx;

@@ -977,7 +881,7 @@ int cdiff_apply(int fd, unsigned short mode)

 	}

 	sha256_final(&sha256ctx, digest);

-	if(pss_versig(digest, dsig)) {

+	if(cli_versig2(digest, dsig, PSS_NSTR, PSS_ESTR) != CL_SUCCESS) {

 	    logg("!cdiff_apply: Incorrect digital signature\n");

 	    close(desc);

 	    free(line);