... | ... |
@@ -706,6 +706,7 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen, |
706 | 706 |
p->indexPos = p->indexPreSize; |
707 | 707 |
p->indexSize += p->indexPreSize; |
708 | 708 |
EVP_DigestFinal(&p->sha, p->shaDigest, NULL); |
709 |
+ EVP_MD_CTX_cleanup(&p->sha); |
|
709 | 710 |
EVP_DigestInit(&p->sha, EVP_sha256()); |
710 | 711 |
p->crc = CrcUpdate(CRC_INIT_VAL, p->buf, p->indexPreSize); |
711 | 712 |
p->state = XZ_STATE_STREAM_INDEX; |
... | ... |
@@ -806,6 +807,7 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen, |
806 | 806 |
p->indexSize += 4; |
807 | 807 |
p->pos = 0; |
808 | 808 |
EVP_DigestFinal(&p->sha, digest, NULL); |
809 |
+ EVP_MD_CTX_cleanup(&p->sha); |
|
809 | 810 |
if (memcmp(digest, p->shaDigest, SHA256_DIGEST_SIZE) != 0) |
810 | 811 |
return SZ_ERROR_CRC; |
811 | 812 |
} |
... | ... |
@@ -1025,6 +1025,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
1025 | 1025 |
EVP_DigestUpdate(&ctx, "\x31", 1); |
1026 | 1026 |
EVP_DigestUpdate(&ctx, attrs + 1, attrs_size - 1); |
1027 | 1027 |
EVP_DigestFinal(&ctx, sha1, NULL); |
1028 |
+ EVP_MD_CTX_cleanup(&ctx); |
|
1028 | 1029 |
|
1029 | 1030 |
if(!fmap_need_ptr_once(map, asn1.content, asn1.size)) { |
1030 | 1031 |
cli_dbgmsg("asn1_parse_mscat: failed to read encryptedDigest\n"); |
... | ... |
@@ -1266,11 +1267,13 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg |
1266 | 1266 |
EVP_DigestUpdate(&ctx, "\x31", 1); |
1267 | 1267 |
EVP_DigestUpdate(&ctx, attrs + 1, attrs_size - 1); |
1268 | 1268 |
EVP_DigestFinal(&ctx, sha1, NULL); |
1269 |
+ EVP_MD_CTX_cleanup(&ctx); |
|
1269 | 1270 |
} else { |
1270 | 1271 |
EVP_DigestInit(&ctx, EVP_md5()); |
1271 | 1272 |
EVP_DigestUpdate(&ctx, "\x31", 1); |
1272 | 1273 |
EVP_DigestUpdate(&ctx, attrs + 1, attrs_size - 1); |
1273 | 1274 |
EVP_DigestFinal(&ctx, sha1, NULL); |
1275 |
+ EVP_MD_CTX_cleanup(&ctx); |
|
1274 | 1276 |
} |
1275 | 1277 |
|
1276 | 1278 |
if(!fmap_need_ptr_once(map, asn1.content, asn1.size)) { |
... | ... |
@@ -938,6 +938,7 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) { |
938 | 938 |
} |
939 | 939 |
|
940 | 940 |
EVP_DigestFinal(&hashctx, hash, NULL); |
941 |
+ EVP_MD_CTX_cleanup(&hashctx); |
|
941 | 942 |
|
942 | 943 |
ret = cache_lookup_hash(hash, map->len, ctx->engine->cache, ctx->recursion); |
943 | 944 |
cli_dbgmsg("cache_check: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x is %s\n", hash[0], hash[1], hash[2], hash[3], hash[4], hash[5], hash[6], hash[7], hash[8], hash[9], hash[10], hash[11], hash[12], hash[13], hash[14], hash[15], (ret == CL_VIRUS) ? "negative" : "positive"); |
... | ... |
@@ -131,6 +131,8 @@ unsigned char *cl_hash_data(char *alg, const void *buf, size_t len, unsigned cha |
131 | 131 |
return NULL; |
132 | 132 |
} |
133 | 133 |
|
134 |
+ EVP_MD_CTX_cleanup(&ctx); |
|
135 |
+ |
|
134 | 136 |
if ((olen)) |
135 | 137 |
*olen = i; |
136 | 138 |
|
... | ... |
@@ -215,6 +217,8 @@ unsigned char *cl_hash_file_fd_ctx(EVP_MD_CTX *ctx, int fd, unsigned int *olen) |
215 | 215 |
return NULL; |
216 | 216 |
} |
217 | 217 |
|
218 |
+ EVP_MD_CTX_cleanup(&ctx); |
|
219 |
+ |
|
218 | 220 |
if ((olen)) |
219 | 221 |
*olen = hashlen; |
220 | 222 |
|
... | ... |
@@ -197,6 +197,11 @@ static void cli_tgzload_cleanup(int comp, struct cli_dbio *dbio, int fdd) |
197 | 197 |
free(dbio->buf); |
198 | 198 |
dbio->buf = NULL; |
199 | 199 |
} |
200 |
+ |
|
201 |
+ if (dbio->hashctx) { |
|
202 |
+ EVP_MD_CTX_destroy(dbio->hashctx); |
|
203 |
+ dbio->hashctx = NULL; |
|
204 |
+ } |
|
200 | 205 |
} |
201 | 206 |
|
202 | 207 |
static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio, struct cli_dbinfo *dbinfo) |
... | ... |
@@ -315,7 +320,14 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un |
315 | 315 |
dbio->readsize = dbio->size < dbio->bufsize ? dbio->size : dbio->bufsize - 1; |
316 | 316 |
dbio->bufpt = NULL; |
317 | 317 |
dbio->readpt = dbio->buf; |
318 |
- EVP_DigestInit(&(dbio->hashctx), EVP_sha256()); |
|
318 |
+ if (!(dbio->hashctx)) { |
|
319 |
+ dbio->hashctx = EVP_MD_CTX_create(); |
|
320 |
+ if (!(dbio->hashctx)) { |
|
321 |
+ cli_tgzload_cleanup(compr, dbio, fdd); |
|
322 |
+ return CL_EMALFDB; |
|
323 |
+ } |
|
324 |
+ EVP_DigestInit(dbio->hashctx, EVP_sha256()); |
|
325 |
+ } |
|
319 | 326 |
dbio->bread = 0; |
320 | 327 |
|
321 | 328 |
/* cli_dbgmsg("cli_tgzload: Loading %s, size: %u\n", name, size); */ |
... | ... |
@@ -349,7 +361,8 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un |
349 | 349 |
cli_tgzload_cleanup(compr, dbio, fdd); |
350 | 350 |
return CL_EMALFDB; |
351 | 351 |
} |
352 |
- EVP_DigestFinal(&(dbio->hashctx), hash, NULL); |
|
352 |
+ EVP_DigestFinal(dbio->hashctx, hash, NULL); |
|
353 |
+ EVP_DigestInit(dbio->hashctx, EVP_sha256()); |
|
353 | 354 |
if(memcmp(db->hash, hash, 32)) { |
354 | 355 |
cli_errmsg("cli_tgzload: Invalid checksum for file %s\n", name); |
355 | 356 |
cli_tgzload_cleanup(compr, dbio, fdd); |
... | ... |
@@ -590,6 +603,8 @@ int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigne |
590 | 590 |
struct cli_dbinfo *dbinfo = NULL; |
591 | 591 |
char *dupname; |
592 | 592 |
|
593 |
+ dbio.hashctx = NULL; |
|
594 |
+ |
|
593 | 595 |
cli_dbgmsg("in cli_cvdload()\n"); |
594 | 596 |
|
595 | 597 |
/* verify */ |
... | ... |
@@ -32,7 +32,7 @@ struct cli_dbio { |
32 | 32 |
char *buf, *bufpt, *readpt; |
33 | 33 |
unsigned int usebuf, bufsize, readsize; |
34 | 34 |
unsigned int chkonly; |
35 |
- EVP_MD_CTX hashctx; |
|
35 |
+ EVP_MD_CTX *hashctx; |
|
36 | 36 |
}; |
37 | 37 |
|
38 | 38 |
int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, unsigned int dbtype, const char *filename, unsigned int chkonly); |
... | ... |
@@ -191,6 +191,7 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n |
191 | 191 |
EVP_DigestUpdate(&ctx, digest2, HASH_LEN); |
192 | 192 |
EVP_DigestUpdate(&ctx, c, 4); |
193 | 193 |
EVP_DigestFinal(&ctx, digest3, NULL); |
194 |
+ EVP_MD_CTX_cleanup(&ctx); |
|
194 | 195 |
if(i + 1 == rounds) |
195 | 196 |
memcpy(&data[i * 32], digest3, BLK_LEN - i * HASH_LEN); |
196 | 197 |
else |
... | ... |
@@ -215,6 +216,7 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n |
215 | 215 |
EVP_DigestInit(&ctx, EVP_sha256()); |
216 | 216 |
EVP_DigestUpdate(&ctx, final, sizeof(final)); |
217 | 217 |
EVP_DigestFinal(&ctx, digest1, NULL); |
218 |
+ EVP_MD_CTX_cleanup(&ctx); |
|
218 | 219 |
|
219 | 220 |
return memcmp(digest1, digest2, HASH_LEN) ? CL_EVERIFY : CL_SUCCESS; |
220 | 221 |
} |
... | ... |
@@ -264,6 +264,7 @@ char *internal_get_host_id(void) |
264 | 264 |
EVP_DigestUpdate(&ctx, devices[i].mac, sizeof(devices[i].mac)); |
265 | 265 |
|
266 | 266 |
EVP_DigestFinal(&ctx, raw_md5, NULL); |
267 |
+ EVP_MD_CTX_cleanup(&ctx); |
|
267 | 268 |
|
268 | 269 |
for (i=0; devices[i].name != NULL; i++) |
269 | 270 |
free(devices[i].name); |
... | ... |
@@ -750,8 +750,12 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
750 | 750 |
} |
751 | 751 |
|
752 | 752 |
if(ftonly) { |
753 |
- if(!troot) |
|
753 |
+ if(!troot) { |
|
754 |
+ EVP_MD_CTX_cleanup(&md5ctx); |
|
755 |
+ EVP_MD_CTX_cleanup(&sha1ctx); |
|
756 |
+ EVP_MD_CTX_cleanup(&sha256ctx); |
|
754 | 757 |
return CL_CLEAN; |
758 |
+ } |
|
755 | 759 |
|
756 | 760 |
maxpatlen = troot->maxpatlen; |
757 | 761 |
} else { |
... | ... |
@@ -769,6 +773,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
769 | 769 |
free(info.exeinfo.section); |
770 | 770 |
|
771 | 771 |
cli_hashset_destroy(&info.exeinfo.vinfo); |
772 |
+ EVP_MD_CTX_cleanup(&md5ctx); |
|
773 |
+ EVP_MD_CTX_cleanup(&sha1ctx); |
|
774 |
+ EVP_MD_CTX_cleanup(&sha256ctx); |
|
772 | 775 |
return ret; |
773 | 776 |
} |
774 | 777 |
} |
... | ... |
@@ -781,6 +788,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
781 | 781 |
free(info.exeinfo.section); |
782 | 782 |
|
783 | 783 |
cli_hashset_destroy(&info.exeinfo.vinfo); |
784 |
+ EVP_MD_CTX_cleanup(&md5ctx); |
|
785 |
+ EVP_MD_CTX_cleanup(&sha1ctx); |
|
786 |
+ EVP_MD_CTX_cleanup(&sha256ctx); |
|
784 | 787 |
return ret; |
785 | 788 |
} |
786 | 789 |
if(troot->bm_offmode) { |
... | ... |
@@ -794,6 +804,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
794 | 794 |
free(info.exeinfo.section); |
795 | 795 |
|
796 | 796 |
cli_hashset_destroy(&info.exeinfo.vinfo); |
797 |
+ EVP_MD_CTX_cleanup(&md5ctx); |
|
798 |
+ EVP_MD_CTX_cleanup(&sha1ctx); |
|
799 |
+ EVP_MD_CTX_cleanup(&sha256ctx); |
|
797 | 800 |
return ret; |
798 | 801 |
} |
799 | 802 |
|
... | ... |
@@ -860,6 +873,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
860 | 860 |
free(info.exeinfo.section); |
861 | 861 |
|
862 | 862 |
cli_hashset_destroy(&info.exeinfo.vinfo); |
863 |
+ EVP_MD_CTX_cleanup(&md5ctx); |
|
864 |
+ EVP_MD_CTX_cleanup(&sha1ctx); |
|
865 |
+ EVP_MD_CTX_cleanup(&sha256ctx); |
|
863 | 866 |
return ret; |
864 | 867 |
} |
865 | 868 |
} |
... | ... |
@@ -918,14 +934,17 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
918 | 918 |
if(!ftonly && hdb) { |
919 | 919 |
enum CLI_HASH_TYPE hashtype, hashtype2; |
920 | 920 |
|
921 |
- if(compute_hash[CLI_HASH_MD5]) |
|
921 |
+ if(compute_hash[CLI_HASH_MD5]) { |
|
922 | 922 |
EVP_DigestFinal(&md5ctx, digest[CLI_HASH_MD5], NULL); |
923 |
+ } |
|
923 | 924 |
if(refhash) |
924 | 925 |
compute_hash[CLI_HASH_MD5] = 1; |
925 |
- if(compute_hash[CLI_HASH_SHA1]) |
|
926 |
+ if(compute_hash[CLI_HASH_SHA1]) { |
|
926 | 927 |
EVP_DigestFinal(&sha1ctx, digest[CLI_HASH_SHA1], NULL); |
927 |
- if(compute_hash[CLI_HASH_SHA256]) |
|
928 |
+ } |
|
929 |
+ if(compute_hash[CLI_HASH_SHA256]) { |
|
928 | 930 |
EVP_DigestFinal(&sha256ctx, digest[CLI_HASH_SHA256], NULL); |
931 |
+ } |
|
929 | 932 |
|
930 | 933 |
virname = NULL; |
931 | 934 |
for(hashtype = CLI_HASH_MD5; hashtype < CLI_HASH_AVAIL_TYPES; hashtype++) { |
... | ... |
@@ -982,6 +1001,10 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
982 | 982 |
} |
983 | 983 |
} |
984 | 984 |
|
985 |
+ EVP_MD_CTX_cleanup(&md5ctx); |
|
986 |
+ EVP_MD_CTX_cleanup(&sha1ctx); |
|
987 |
+ EVP_MD_CTX_cleanup(&sha256ctx); |
|
988 |
+ |
|
985 | 989 |
if(troot) { |
986 | 990 |
if(ret != CL_VIRUS || SCAN_ALL) |
987 | 991 |
ret = cli_lsig_eval(ctx, troot, &tdata, &info, refhash); |
... | ... |
@@ -877,6 +877,7 @@ char *cli_hashstream(FILE *fs, unsigned char *digcpy, int type) |
877 | 877 |
EVP_DigestUpdate(&ctx, buff, bytes); |
878 | 878 |
|
879 | 879 |
EVP_DigestFinal(&ctx, digest, &size); |
880 |
+ EVP_MD_CTX_cleanup(&ctx); |
|
880 | 881 |
|
881 | 882 |
if(!(hashstr = (char *) cli_calloc(size*2 + 1, sizeof(char)))) |
882 | 883 |
return NULL; |
... | ... |
@@ -2927,6 +2927,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin |
2927 | 2927 |
} |
2928 | 2928 |
|
2929 | 2929 |
cli_qsort(exe_sections, nsections, sizeof(*exe_sections), sort_sects); |
2930 |
+ EVP_DigestInit(&hashctx, EVP_sha1()); |
|
2930 | 2931 |
|
2931 | 2932 |
if (flags & CL_CHECKFP_PE_FLAG_AUTHENTICODE) { |
2932 | 2933 |
/* Check to see if we have a security section. */ |
... | ... |
@@ -2935,11 +2936,10 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin |
2935 | 2935 |
/* If stats is enabled, continue parsing the sample */ |
2936 | 2936 |
flags ^= CL_CHECKFP_PE_FLAG_AUTHENTICODE; |
2937 | 2937 |
} else { |
2938 |
+ EVP_MD_CTX_cleanup(&hashctx); |
|
2938 | 2939 |
return CL_BREAK; |
2939 | 2940 |
} |
2940 | 2941 |
} |
2941 |
- |
|
2942 |
- EVP_DigestInit(&hashctx, EVP_sha1()); |
|
2943 | 2942 |
} |
2944 | 2943 |
|
2945 | 2944 |
#define hash_chunk(where, size, isStatAble, section) \ |
... | ... |
@@ -2957,6 +2957,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin |
2957 | 2957 |
EVP_DigestInit(&md5ctx, EVP_md5()); \ |
2958 | 2958 |
EVP_DigestUpdate(&md5ctx, hptr, size); \ |
2959 | 2959 |
EVP_DigestFinal(&md5ctx, hashes->sections[section].md5, NULL); \ |
2960 |
+ EVP_MD_CTX_cleanup(&md5ctx); \ |
|
2960 | 2961 |
} \ |
2961 | 2962 |
} while(0) |
2962 | 2963 |
|
... | ... |
@@ -2981,6 +2982,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin |
2981 | 2981 |
break; |
2982 | 2982 |
} else { |
2983 | 2983 |
free(exe_sections); |
2984 |
+ EVP_MD_CTX_cleanup(&hashctx); |
|
2984 | 2985 |
return CL_EFORMAT; |
2985 | 2986 |
} |
2986 | 2987 |
} |
... | ... |
@@ -3012,6 +3014,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin |
3012 | 3012 |
break; |
3013 | 3013 |
} else { |
3014 | 3014 |
free(exe_sections); |
3015 |
+ EVP_MD_CTX_cleanup(&hashctx); |
|
3015 | 3016 |
return CL_EFORMAT; |
3016 | 3017 |
} |
3017 | 3018 |
} |
... | ... |
@@ -3042,8 +3045,10 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin |
3042 | 3042 |
|
3043 | 3043 |
hlen -= 8; |
3044 | 3044 |
|
3045 |
+ EVP_MD_CTX_cleanup(&hashctx); |
|
3045 | 3046 |
return asn1_check_mscat((struct cl_engine *)(ctx->engine), map, at + 8, hlen, authsha1); |
3046 | 3047 |
} else { |
3048 |
+ EVP_MD_CTX_cleanup(&hashctx); |
|
3047 | 3049 |
return CL_VIRUS; |
3048 | 3050 |
} |
3049 | 3051 |
} |
... | ... |
@@ -1208,6 +1208,7 @@ static int hash_match(const struct regex_matcher *rlist, const char *host, size_ |
1208 | 1208 |
EVP_DigestUpdate(&sha256, host, hlen); |
1209 | 1209 |
EVP_DigestUpdate(&sha256, path, plen); |
1210 | 1210 |
EVP_DigestFinal(&sha256, sha256_dig, NULL); |
1211 |
+ EVP_MD_CTX_cleanup(&sha256); |
|
1211 | 1212 |
|
1212 | 1213 |
for(i=0;i<32;i++) { |
1213 | 1214 |
h[2*i] = hexchars[sha256_dig[i]>>4]; |
... | ... |
@@ -420,7 +420,8 @@ char *cli_dbgets(char *buff, unsigned int size, FILE *fs, struct cli_dbio *dbio) |
420 | 420 |
dbio->bufpt = dbio->buf; |
421 | 421 |
dbio->size -= bread; |
422 | 422 |
dbio->bread += bread; |
423 |
- EVP_DigestUpdate(&(dbio->hashctx), dbio->readpt, bread); |
|
423 |
+ if (dbio->hashctx) |
|
424 |
+ EVP_DigestUpdate(dbio->hashctx, dbio->readpt, bread); |
|
424 | 425 |
} |
425 | 426 |
if(dbio->chkonly && dbio->bufpt) { |
426 | 427 |
dbio->bufpt = NULL; |
... | ... |
@@ -477,7 +478,8 @@ char *cli_dbgets(char *buff, unsigned int size, FILE *fs, struct cli_dbio *dbio) |
477 | 477 |
bs = strlen(buff); |
478 | 478 |
dbio->size -= bs; |
479 | 479 |
dbio->bread += bs; |
480 |
- EVP_DigestUpdate(&(dbio->hashctx), buff, bs); |
|
480 |
+ if (dbio->hashctx) |
|
481 |
+ EVP_DigestUpdate(dbio->hashctx, buff, bs); |
|
481 | 482 |
return pt; |
482 | 483 |
} |
483 | 484 |
} |
... | ... |
@@ -370,6 +370,7 @@ static void xar_hash_final(EVP_MD_CTX * hash_ctx, void * result, int hash) |
370 | 370 |
} |
371 | 371 |
|
372 | 372 |
EVP_DigestFinal(hash_ctx, result, NULL); |
373 |
+ EVP_MD_CTX_cleanup(hash_ctx); |
|
373 | 374 |
} |
374 | 375 |
|
375 | 376 |
static int xar_hash_check(int hash, const void * result, const void * expected) |