@@ -1,3 +1,7 @@

+Thu Oct 18 14:54:20 EDT 2007 (tk)

+---------------------------------

+  * libclamav: move RSASSA-PSS code to shared/cdiff.c

+

 Wed Oct 17 11:40:05 BST 2007 (trog)

 -----------------------------------

   * libclamav/unrar: remove RARv3 support.

@@ -30,6 +30,7 @@ freshclam_SOURCES = \

     $(top_srcdir)/shared/misc.h \

     $(top_srcdir)/shared/options.c \

     $(top_srcdir)/shared/options.h \

+    $(top_srcdir)/shared/sha256.c \

     $(top_srcdir)/shared/cdiff.c \

     $(top_srcdir)/shared/cdiff.h \

     freshclam.c \

@@ -72,9 +72,9 @@ binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)

 PROGRAMS = $(bin_PROGRAMS)

 am_freshclam_OBJECTS = output.$(OBJEXT) cfgparser.$(OBJEXT) \

 	getopt.$(OBJEXT) misc.$(OBJEXT) options.$(OBJEXT) \

-	cdiff.$(OBJEXT) freshclam.$(OBJEXT) manager.$(OBJEXT) \

-	notify.$(OBJEXT) dns.$(OBJEXT) execute.$(OBJEXT) \

-	nonblock.$(OBJEXT) mirman.$(OBJEXT)

+	sha256.$(OBJEXT) cdiff.$(OBJEXT) freshclam.$(OBJEXT) \

+	manager.$(OBJEXT) notify.$(OBJEXT) dns.$(OBJEXT) \

+	execute.$(OBJEXT) nonblock.$(OBJEXT) mirman.$(OBJEXT)

 freshclam_OBJECTS = $(am_freshclam_OBJECTS)

 freshclam_LDADD = $(LDADD)

 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)

@@ -230,6 +230,7 @@ freshclam_SOURCES = \

     $(top_srcdir)/shared/misc.h \

     $(top_srcdir)/shared/options.c \

     $(top_srcdir)/shared/options.h \

+    $(top_srcdir)/shared/sha256.c \

     $(top_srcdir)/shared/cdiff.c \

     $(top_srcdir)/shared/cdiff.h \

     freshclam.c \

@@ -331,6 +332,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/options.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/output.Po@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256.Po@am__quote@

 .c.o:

 @am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \

@@ -423,6 +425,20 @@ options.obj: $(top_srcdir)/shared/options.c

 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

 @am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o options.obj `if test -f '$(top_srcdir)/shared/options.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/options.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/options.c'; fi`

+sha256.o: $(top_srcdir)/shared/sha256.c

+@am__fastdepCC_TRUE@	if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha256.o -MD -MP -MF "$(DEPDIR)/sha256.Tpo" -c -o sha256.o `test -f '$(top_srcdir)/shared/sha256.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/sha256.c; \

+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/sha256.Tpo" "$(DEPDIR)/sha256.Po"; else rm -f "$(DEPDIR)/sha256.Tpo"; exit 1; fi

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$(top_srcdir)/shared/sha256.c' object='sha256.o' libtool=no @AMDEPBACKSLASH@

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

+@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha256.o `test -f '$(top_srcdir)/shared/sha256.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/sha256.c

+

+sha256.obj: $(top_srcdir)/shared/sha256.c

+@am__fastdepCC_TRUE@	if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha256.obj -MD -MP -MF "$(DEPDIR)/sha256.Tpo" -c -o sha256.obj `if test -f '$(top_srcdir)/shared/sha256.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/sha256.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/sha256.c'; fi`; \

+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/sha256.Tpo" "$(DEPDIR)/sha256.Po"; else rm -f "$(DEPDIR)/sha256.Tpo"; exit 1; fi

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$(top_srcdir)/shared/sha256.c' object='sha256.obj' libtool=no @AMDEPBACKSLASH@

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

+@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha256.obj `if test -f '$(top_srcdir)/shared/sha256.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/sha256.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/sha256.c'; fi`

+

 cdiff.o: $(top_srcdir)/shared/cdiff.c

 @am__fastdepCC_TRUE@	if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cdiff.o -MD -MP -MF "$(DEPDIR)/cdiff.Tpo" -c -o cdiff.o `test -f '$(top_srcdir)/shared/cdiff.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/cdiff.c; \

 @am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/cdiff.Tpo" "$(DEPDIR)/cdiff.Po"; else rm -f "$(DEPDIR)/cdiff.Tpo"; exit 1; fi

@@ -164,8 +164,6 @@ libclamav_la_SOURCES = \

 	iana_tld.h \

 	regex_list.c \

 	regex_list.h \

-	sha256.c \

-	sha256.h \

 	mspack.c \

 	mspack.h \

 	cab.c \

@@ -89,8 +89,7 @@ am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher.lo \

 	LZMADecode.lo bzlib.lo infblock.lo nulsft.lo pdf.lo spin.lo \

 	yc.lo elf.lo sis.lo uuencode.lo pst.lo phishcheck.lo \

 	phish_domaincheck_db.lo phish_whitelist.lo regex_list.lo \

-	sha256.lo mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo \

-	lockdb.lo

+	mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo lockdb.lo

 libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)

 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)

 depcomp = $(SHELL) $(top_srcdir)/depcomp

@@ -149,6 +148,7 @@ F77 = @F77@

 FFLAGS = @FFLAGS@

 FRESHCLAM_LIBS = @FRESHCLAM_LIBS@

 GETENT = @GETENT@

+GREP = @GREP@

 HAVE_MILTER_FALSE = @HAVE_MILTER_FALSE@

 HAVE_MILTER_TRUE = @HAVE_MILTER_TRUE@

 INSTALL_DATA = @INSTALL_DATA@

@@ -183,12 +183,9 @@ STRIP = @STRIP@

 THREAD_LIBS = @THREAD_LIBS@

 TH_SAFE = @TH_SAFE@

 VERSION = @VERSION@

-ac_ct_AR = @ac_ct_AR@

 ac_ct_CC = @ac_ct_CC@

 ac_ct_CXX = @ac_ct_CXX@

 ac_ct_F77 = @ac_ct_F77@

-ac_ct_RANLIB = @ac_ct_RANLIB@

-ac_ct_STRIP = @ac_ct_STRIP@

 am__fastdepCC_FALSE = @am__fastdepCC_FALSE@

 am__fastdepCC_TRUE = @am__fastdepCC_TRUE@

 am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@

@@ -205,23 +202,30 @@ build_cpu = @build_cpu@

 build_os = @build_os@

 build_vendor = @build_vendor@

 datadir = @datadir@

+datarootdir = @datarootdir@

+docdir = @docdir@

+dvidir = @dvidir@

 exec_prefix = @exec_prefix@

 host = @host@

 host_alias = @host_alias@

 host_cpu = @host_cpu@

 host_os = @host_os@

 host_vendor = @host_vendor@

+htmldir = @htmldir@

 includedir = @includedir@

 infodir = @infodir@

 install_sh = @install_sh@

 libdir = @libdir@

 libexecdir = @libexecdir@

+localedir = @localedir@

 localstatedir = @localstatedir@

 mandir = @mandir@

 mkdir_p = @mkdir_p@

 oldincludedir = @oldincludedir@

+pdfdir = @pdfdir@

 prefix = @prefix@

 program_transform_name = @program_transform_name@

+psdir = @psdir@

 sbindir = @sbindir@

 sendmailprog = @sendmailprog@

 sharedstatedir = @sharedstatedir@

@@ -373,8 +377,6 @@ libclamav_la_SOURCES = \

 	iana_tld.h \

 	regex_list.c \

 	regex_list.h \

-	sha256.c \

-	sha256.h \

 	mspack.c \

 	mspack.h \

 	cab.c \

@@ -510,7 +512,6 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/regfree.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rtf.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scanners.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sis.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/snprintf.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/special.Plo@am__quote@

@@ -1,7 +1,5 @@

 /*

  *  Copyright (C) 2003 - 2006 Tomasz Kojm <tkojm@clamav.net>

- *  RSASSA-PSS code (C) Sensory Networks, Inc.

- *  Written by Tomasz Kojm

  *

  *  Number encoding rutines are based on yyyRSA by Erik Thiele

  *

@@ -36,23 +34,14 @@

 #include "others.h"

 #include "dsig.h"

 #include "str.h"

-#include "sha256.h"

 #define CLI_NSTR "118640995551645342603070001658453189751527774412027743746599405743243142607464144767361060640655844749760788890022283424922762488917565551002467771109669598189410434699034532232228621591089508178591428456220796841621637175567590476666928698770143328137383952820383197532047771780196576957695822641224262693037"

 #define CLI_ESTR "100001027"

-#define CLI_NSTRPSS "14783905874077467090262228516557917570254599638376203532031989214105552847269687489771975792123442185817287694951949800908791527542017115600501303394778618535864845235700041590056318230102449612217458549016089313306591388590790796515819654102320725712300822356348724011232654837503241736177907784198700834440681124727060540035754699658105895050096576226753008596881698828185652424901921668758326578462003247906470982092298106789657211905488986281078346361469524484829559560886227198091995498440676639639830463593211386055065360288422394053998134458623712540683294034953818412458362198117811990006021989844180721010947"

-

-#define CLI_ESTRPSS "100002053"

-

-#define PSS_NBITS 2048

-#define PSS_DIGEST_LENGTH 32

-

-

-static char cli_ndecode(char value)

+static unsigned char cli_ndecode(unsigned char value)

 {

-	int i;

+	unsigned int i;

 	char ncodec[] = {

 	    'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 

 	    'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 

@@ -73,17 +62,17 @@ static char cli_ndecode(char value)

     return -1;

 }

-static unsigned char *cli_decodesig(const char *sig, int plainlen, mpz_t e, mpz_t n)

+unsigned char *cli_decodesig(const char *sig, unsigned int plen, mpz_t e, mpz_t n)

 {

-	int i, siglen = strlen(sig), dec;

-	unsigned char *decoded;

+	unsigned int i, slen = strlen(sig), dec;

+	unsigned char *plain;

 	mpz_t r, p, c;

     mpz_init(r);

     mpz_init(c);

-    for(i = 0; i < siglen; i++) {

+    for(i = 0; i < slen; i++) {

 	if((dec = cli_ndecode(sig[i])) < 0) {

 	    mpz_clear(r);

 	    mpz_clear(c);

@@ -95,9 +84,9 @@ static unsigned char *cli_decodesig(const char *sig, int plainlen, mpz_t e, mpz_

 	mpz_add(c, c, r);

     }

-    decoded = (unsigned char *) cli_calloc(plainlen + 1, sizeof(unsigned char));

-    if(!decoded) {

-	cli_errmsg("cli_decodesig: Can't allocate memory\n");

+    plain = (unsigned char *) cli_calloc(plen + 1, sizeof(unsigned char));

+    if(!plain) {

+	cli_errmsg("cli_decodesig: Can't allocate memory for 'plain'\n");

 	mpz_clear(r);

 	mpz_clear(c);

 	return NULL;

@@ -107,113 +96,15 @@ static unsigned char *cli_decodesig(const char *sig, int plainlen, mpz_t e, mpz_

     mpz_powm(p, c, e, n); /* plain = cipher^e mod n */

     mpz_clear(c);

-    for(i = plainlen - 1; i >= 0; i--) { /* reverse */

+    for(i = plen - 1; i >= 0; i--) { /* reverse */

 	mpz_tdiv_qr_ui(p, r, p, 256);

-	decoded[i] = mpz_get_ui(r);

+	plain[i] = mpz_get_ui(r);

     }

     mpz_clear(p);

     mpz_clear(r);

-    return decoded;

-}

-static void cli_mgf(unsigned char *in, unsigned int inlen, unsigned char *out, unsigned int outlen)

-{

-	SHA256_CTX ctx;

-	unsigned int i, laps;

-	unsigned char cnt[4], digest[PSS_DIGEST_LENGTH];

-

-

-    laps = (outlen + PSS_DIGEST_LENGTH - 1) / PSS_DIGEST_LENGTH;

-

-    for(i = 0; i < laps; i++) {

-	cnt[0] = (unsigned char) 0;

-	cnt[1] = (unsigned char) 0;

-	cnt[2] = (unsigned char) (i / 256);

-	cnt[3] = (unsigned char) i;

-

-	sha256_init(&ctx);

-	sha256_update(&ctx, in, inlen);

-	sha256_update(&ctx, cnt, sizeof(cnt));

-	sha256_final(&ctx);

-	sha256_digest(&ctx, digest);

-

-	if(i != laps - 1)

-	    memcpy(&out[i * PSS_DIGEST_LENGTH], digest, PSS_DIGEST_LENGTH);

-	else

-	    memcpy(&out[i * PSS_DIGEST_LENGTH], digest, outlen - i * PSS_DIGEST_LENGTH);

-    }

-}

-

-int cli_versigpss(const unsigned char *sha256, const char *dsig)

-{

-	mpz_t n, e;

-	SHA256_CTX ctx;

-	unsigned char *pt, digest1[PSS_DIGEST_LENGTH], digest2[PSS_DIGEST_LENGTH], *salt;

-	unsigned int plen = PSS_NBITS / 8, hlen, slen, i;

-	unsigned char dblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];

-	unsigned char mblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];

-	unsigned char fblock[8 + 2 * PSS_DIGEST_LENGTH];

-

-

-    hlen = slen = PSS_DIGEST_LENGTH;

-    mpz_init_set_str(n, CLI_NSTRPSS, 10);

-    mpz_init_set_str(e, CLI_ESTRPSS, 10);

-

-    if(!(pt = cli_decodesig(dsig, plen, e, n))) {

-	mpz_clear(n);

-	mpz_clear(e);

-	return CL_EDSIG;

-    }

-

-    mpz_clear(n);

-    mpz_clear(e);

-

-    if(pt[plen - 1] != 0xbc) {

-	cli_dbgmsg("cli_versigpss: Incorrect signature syntax (0xbc)\n");

-	free(pt);

-	return CL_EDSIG;

-    }

-

-    memcpy(mblock, pt, plen - hlen - 1);

-    memcpy(digest2, &pt[plen - hlen - 1], hlen);

-    free(pt);

-

-    cli_mgf(digest2, hlen, dblock, plen - hlen - 1);

-

-    for(i = 0; i < plen - hlen - 1; i++)

-	dblock[i] ^= mblock[i];

-

-    dblock[0] &= (0xff >> 1);

-

-    salt = memchr(dblock, 0x01, sizeof(dblock));

-    if(!salt) {

-	cli_dbgmsg("cli_versigpss: Can't find salt\n");

-	return CL_EDSIG;

-    }

-    salt++;

-

-    if((unsigned int) (dblock + sizeof(dblock) - salt) != slen) {

-	cli_dbgmsg("cli_versigpss: Bad salt size\n");

-	return CL_EDSIG;

-    }

-

-    memset(fblock, 0, 8);

-    memcpy(&fblock[8], sha256, hlen);

-    memcpy(&fblock[8 + hlen], salt, slen);

-

-    sha256_init(&ctx);

-    sha256_update(&ctx, fblock, sizeof(fblock));

-    sha256_final(&ctx);

-    sha256_digest(&ctx, digest1);

-

-    if(memcmp(digest1, digest2, hlen)) {

-	cli_dbgmsg("cli_versigpss: Signature doesn't match.\n");

-	return CL_EDSIG;

-    }

-

-    cli_dbgmsg("cli_versigpss: Digital signature is correct.\n");

-    return CL_SUCCESS;

+    return plain;

 }

 int cli_versig(const char *md5, const char *dsig)

@@ -19,7 +19,15 @@

 #ifndef __DSIG_H

 #define __DSIG_H

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#ifdef HAVE_GMP

+#include <gmp.h>

+

 int cli_versig(const char *md5, const char *dsig);

-int cli_versigpss(const unsigned char *sha256, const char *dsig);

+unsigned char *cli_decodesig(const char *sig, unsigned int plen, mpz_t e, mpz_t n);

+#endif /* HAVE_GMP */

 #endif

deleted file mode 100644

@@ -1,281 +0,0 @@

-/*

- * Copyright (C) 2001 Niels Moller

- *  

- * This program is free software; you can redistribute it and/or

- * modify it under the terms of the GNU General Public License as

- * published by the Free Software Foundation; either version 2 of the

- * License, or (at your option) any later version.

- *

- * The nettle library is distributed in the hope that it will be useful, but

- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public

- * License for more details.

- * 

- * You should have received a copy of the GNU Lesser General Public License

- * along with the nettle library; see the file COPYING.LIB.  If not, write to

- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,

- * MA 02111-1307, USA.

- */

-

-/* Modelled after the sha1.c code by Peter Gutmann. */

-

-#include <stdio.h>

-#include <string.h>

-

-#include "cltypes.h"

-#include "sha256.h"

-

-/* A block, treated as a sequence of 32-bit words. */

-#define SHA256_DATA_LENGTH 16

-

-#define ROTR(n,x) ((x)>>(n) | ((x)<<(32-(n))))

-#define SHR(n,x) ((x)>>(n))

-

-#define Choice(x,y,z)   ( (z) ^ ( (x) & ( (y) ^ (z) ) ) )

-#define Majority(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) )

-

-#define S0(x) (ROTR(2,(x)) ^ ROTR(13,(x)) ^ ROTR(22,(x)))

-#define S1(x) (ROTR(6,(x)) ^ ROTR(11,(x)) ^ ROTR(25,(x)))

-

-#define s0(x) (ROTR(7,(x)) ^ ROTR(18,(x)) ^ SHR(3,(x)))

-#define s1(x) (ROTR(17,(x)) ^ ROTR(19,(x)) ^ SHR(10,(x)))

-

-static const uint32_t K[64] = {

-	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,

-	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,

-	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,

-	0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,

-	0xe49b69c1UL, 0xefbe4786UL, 0xfc19dc6UL, 0x240ca1ccUL,

-	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,

-	0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,

-	0xc6e00bf3UL, 0xd5a79147UL, 0x6ca6351UL, 0x14292967UL,

-	0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,

-	0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,

-	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,

-	0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,

-	0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,

-	0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,

-	0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,

-	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,

-};

-

-#define EXPAND(W,i) \

-( W[(i) & 15 ] += (s1(W[((i)-2) & 15]) + W[((i)-7) & 15] + s0(W[((i)-15) & 15])) )

-

-#define ROUND(a,b,c,d,e,f,g,h,k,data) do {		\

-  uint32_t T1 = h + S1(e) + Choice(e,f,g) + k + data;	\

-  uint32_t T2 = S0(a) + Majority(a,b,c);		\

-  d += T1;						\

-  h = T1 + T2;						\

-} while (0)

-

-#ifndef EXTRACT_UCHAR

-#define EXTRACT_UCHAR(p)  (*(const unsigned char *)(p))

-#endif

-

-#define STRING2INT(s) ((((((EXTRACT_UCHAR(s) << 8)    \

-			 | EXTRACT_UCHAR(s+1)) << 8)  \

-			 | EXTRACT_UCHAR(s+2)) << 8)  \

-			 | EXTRACT_UCHAR(s+3))

-

-#ifndef EXTRACT_UCHAR

-#define EXTRACT_UCHAR(p)  (*(const mutils_word8 *)(p))

-#endif

-

-#define STRING2INT(s) ((((((EXTRACT_UCHAR(s) << 8)    \

-			 | EXTRACT_UCHAR(s+1)) << 8)  \

-			 | EXTRACT_UCHAR(s+2)) << 8)  \

-			 | EXTRACT_UCHAR(s+3))

-

-/* Initialize the SHA values */

-

-void sha256_init(struct sha256_ctx *ctx)

-{

-	/* Initial values, also generated by the shadata program. */

-	static const uint32_t H0[_SHA256_DIGEST_LENGTH] = {

-		0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL, 0xa54ff53aUL,

-		0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL, 0x5be0cd19UL,

-	};

-

-	memcpy(ctx->state, H0, sizeof(H0));

-

-	/* Initialize bit count */

-	ctx->count_low = ctx->count_high = 0;

-

-	/* Initialize buffer */

-	ctx->index = 0;

-}

-

-/* Perform the SHA transformation.  Note that this code, like MD5, seems to

-   break some optimizing compilers due to the complexity of the expressions

-   and the size of the basic block.  It may be necessary to split it into

-   sections, e.g. based on the four subrounds

-

-   Note that this function destroys the data area */

-

-static void sha256_transform(uint32_t *state, uint32_t *data)

-{

-	uint32_t A, B, C, D, E, F, G, H;	/* Local vars */

-	unsigned char i;

-	const uint32_t *k;

-	uint32_t *d;

-

-	/* Set up first buffer and local data buffer */

-	A = state[0];

-	B = state[1];

-	C = state[2];

-	D = state[3];

-	E = state[4];

-	F = state[5];

-	G = state[6];

-	H = state[7];

-

-	/* Heavy mangling */

-	/* First 16 subrounds that act on the original data */

-

-	for (i = 0, k = K, d = data; i < 16; i += 8, k += 8, d += 8) {

-		ROUND(A, B, C, D, E, F, G, H, k[0], d[0]);

-		ROUND(H, A, B, C, D, E, F, G, k[1], d[1]);

-		ROUND(G, H, A, B, C, D, E, F, k[2], d[2]);

-		ROUND(F, G, H, A, B, C, D, E, k[3], d[3]);

-		ROUND(E, F, G, H, A, B, C, D, k[4], d[4]);

-		ROUND(D, E, F, G, H, A, B, C, k[5], d[5]);

-		ROUND(C, D, E, F, G, H, A, B, k[6], d[6]);

-		ROUND(B, C, D, E, F, G, H, A, k[7], d[7]);

-	}

-

-	for (; i < 64; i += 16, k += 16) {

-		ROUND(A, B, C, D, E, F, G, H, k[0], EXPAND(data, 0));

-		ROUND(H, A, B, C, D, E, F, G, k[1], EXPAND(data, 1));

-		ROUND(G, H, A, B, C, D, E, F, k[2], EXPAND(data, 2));

-		ROUND(F, G, H, A, B, C, D, E, k[3], EXPAND(data, 3));

-		ROUND(E, F, G, H, A, B, C, D, k[4], EXPAND(data, 4));

-		ROUND(D, E, F, G, H, A, B, C, k[5], EXPAND(data, 5));

-		ROUND(C, D, E, F, G, H, A, B, k[6], EXPAND(data, 6));

-		ROUND(B, C, D, E, F, G, H, A, k[7], EXPAND(data, 7));

-		ROUND(A, B, C, D, E, F, G, H, k[8], EXPAND(data, 8));

-		ROUND(H, A, B, C, D, E, F, G, k[9], EXPAND(data, 9));

-		ROUND(G, H, A, B, C, D, E, F, k[10], EXPAND(data, 10));

-		ROUND(F, G, H, A, B, C, D, E, k[11], EXPAND(data, 11));

-		ROUND(E, F, G, H, A, B, C, D, k[12], EXPAND(data, 12));

-		ROUND(D, E, F, G, H, A, B, C, k[13], EXPAND(data, 13));

-		ROUND(C, D, E, F, G, H, A, B, k[14], EXPAND(data, 14));

-		ROUND(B, C, D, E, F, G, H, A, k[15], EXPAND(data, 15));

-	}

-

-	/* Update state */

-	state[0] += A;

-	state[1] += B;

-	state[2] += C;

-	state[3] += D;

-	state[4] += E;

-	state[5] += F;

-	state[6] += G;

-	state[7] += H;

-}

-

-static void sha256_block(struct sha256_ctx *ctx, const unsigned char *block)

-{

-	uint32_t data[SHA256_DATA_LENGTH];

-	uint16_t i;

-

-	/* Update block count */

-	if (!++ctx->count_low)

-		++ctx->count_high;

-

-	/* Endian independent conversion */

-	for (i = 0; i < SHA256_DATA_LENGTH; i++, block += 4)

-		data[i] = STRING2INT(block);

-

-	sha256_transform(ctx->state, data);

-}

-

-void

-sha256_update(struct sha256_ctx *ctx, const unsigned char *buffer, uint32_t length)

-{

-	uint32_t left;

-

-	if (ctx->index) {	/* Try to fill partial block */

-		left = SHA256_DATA_SIZE - ctx->index;

-		if (length < left) {

-			memcpy(ctx->block + ctx->index, buffer, length);

-			ctx->index += length;

-			return;	/* Finished */

-		} else {

-			memcpy(ctx->block + ctx->index, buffer, left);

-			sha256_block(ctx, ctx->block);

-			buffer += left;

-			length -= left;

-		}

-	}

-	while (length >= SHA256_DATA_SIZE) {

-		sha256_block(ctx, buffer);

-		buffer += SHA256_DATA_SIZE;

-		length -= SHA256_DATA_SIZE;

-	}

-	/* Buffer leftovers */

-	/* NOTE: The corresponding sha1 code checks for the special case length == 0.

-	 * That seems supoptimal, as I suspect it increases the number of branches. */

-

-	memcpy(ctx->block, buffer, length);

-	ctx->index = length;

-}

-

-/* Final wrapup - pad to SHA1_DATA_SIZE-byte boundary with the bit pattern

-   1 0* (64-bit count of bits processed, MSB-first) */

-

-void sha256_final(struct sha256_ctx *ctx)

-{

-	uint32_t data[SHA256_DATA_LENGTH];

-	uint32_t i;

-	uint32_t words;

-

-	i = ctx->index;

-

-	/* Set the first char of padding to 0x80.  This is safe since there is

-	   always at least one byte free */

-

-/*  assert(i < SHA256_DATA_SIZE);

- */

-	ctx->block[i++] = 0x80;

-

-	/* Fill rest of word */

-	for (; i & 3; i++)

-		ctx->block[i] = 0;

-

-	/* i is now a multiple of the word size 4 */

-	words = i >> 2;

-	for (i = 0; i < words; i++)

-		data[i] = STRING2INT(ctx->block + 4 * i);

-

-	if (words > (SHA256_DATA_LENGTH - 2)) {	/* No room for length in this block. Process it and

-						 * pad with another one */

-		for (i = words; i < SHA256_DATA_LENGTH; i++)

-			data[i] = 0;

-		sha256_transform(ctx->state, data);

-		for (i = 0; i < (SHA256_DATA_LENGTH - 2); i++)

-			data[i] = 0;

-	} else

-		for (i = words; i < SHA256_DATA_LENGTH - 2; i++)

-			data[i] = 0;

-

-	/* There are 512 = 2^9 bits in one block */

-	data[SHA256_DATA_LENGTH - 2] =

-	    (ctx->count_high << 9) | (ctx->count_low >> 23);

-	data[SHA256_DATA_LENGTH - 1] =

-	    (ctx->count_low << 9) | (ctx->index << 3);

-	sha256_transform(ctx->state, data);

-}

-

-void sha256_digest(const struct sha256_ctx *ctx, unsigned char *s)

-{

-	uint32_t i;

-

-	if (s!=NULL)

-		for (i = 0; i < _SHA256_DIGEST_LENGTH; i++) {

-			*s++ = ctx->state[i] >> 24;

-			*s++ = 0xff & (ctx->state[i] >> 16);

-			*s++ = 0xff & (ctx->state[i] >> 8);

-			*s++ = 0xff & ctx->state[i];

-		}

-}

deleted file mode 100644

@@ -1,51 +0,0 @@

-/*

- * Copyright (C) 2001 Niels Moller

- *  

- * The nettle library is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as published by

- * the Free Software Foundation; either version 2.1 of the License, or (at your

- * option) any later version.

- * 

- * The nettle library is distributed in the hope that it will be useful, but

- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public

- * License for more details.

- * 

- * You should have received a copy of the GNU Lesser General Public License

- * along with the nettle library; see the file COPYING.LIB.  If not, write to

- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,

- * MA 02111-1307, USA.

- */

- 

-#ifndef __SHA256_H

-#define __SHA256_H

-

-#include "cltypes.h"

-

-#define SHA256_DIGEST_SIZE 32

-#define SHA256_DATA_SIZE 64

-

-/* Digest is kept internally as 8 32-bit words. */

-#define _SHA256_DIGEST_LENGTH 8

-

-typedef struct sha256_ctx

-{

-  uint32_t state[_SHA256_DIGEST_LENGTH];    /* State variables */

-  uint32_t count_low, count_high;           /* 64-bit block count */

-  unsigned char block[SHA256_DATA_SIZE];          /* SHA256 data buffer */

-  uint32_t index;                       /* index into buffer */

-} SHA256_CTX;

-

-void

-sha256_init(struct sha256_ctx *ctx);

-

-void

-sha256_update(struct sha256_ctx *ctx, const unsigned char *data, uint32_t length);

-

-void

-sha256_final(struct sha256_ctx *ctx);

-

-void

-sha256_digest(const struct sha256_ctx *ctx, unsigned char *digest);

-

-#endif

@@ -35,17 +35,22 @@

 #include "shared/misc.h"

 #include "shared/output.h"

 #include "shared/cdiff.h"

+#include "shared/sha256.h"

 #include "libclamav/str.h"

 #include "libclamav/others.h"

 #include "libclamav/cvd.h"

-#include "libclamav/sha256.h"

+

+#include "zlib.h"

 #ifdef HAVE_GMP

 #include "libclamav/dsig.h"

-#endif

-#include "zlib.h"

+#define PSS_NSTR "14783905874077467090262228516557917570254599638376203532031989214105552847269687489771975792123442185817287694951949800908791527542017115600501303394778618535864845235700041590056318230102449612217458549016089313306591388590790796515819654102320725712300822356348724011232654837503241736177907784198700834440681124727060540035754699658105895050096576226753008596881698828185652424901921668758326578462003247906470982092298106789657211905488986281078346361469524484829559560886227198091995498440676639639830463593211386055065360288422394053998134458623712540683294034953818412458362198117811990006021989844180721010947"

+#define PSS_ESTR "100002053"

+#define PSS_NBITS 2048

+#define PSS_DIGEST_LENGTH 32

+#endif /* HAVE_GMP */

 struct cdiff_node {

     unsigned int lineno;

@@ -761,6 +766,106 @@ static int cdiff_execute(const char *cmdstr, struct cdiff_ctx *ctx)

     return 0;

 }

+#ifdef HAVE_GMP

+static void pss_mgf(unsigned char *in, unsigned int inlen, unsigned char *out, unsigned int outlen)

+{

+	SHA256_CTX ctx;

+	unsigned int i, laps;

+	unsigned char cnt[4], digest[PSS_DIGEST_LENGTH];

+

+

+    laps = (outlen + PSS_DIGEST_LENGTH - 1) / PSS_DIGEST_LENGTH;

+

+    for(i = 0; i < laps; i++) {

+	cnt[0] = (unsigned char) 0;

+	cnt[1] = (unsigned char) 0;

+	cnt[2] = (unsigned char) (i / 256);

+	cnt[3] = (unsigned char) i;

+

+	sha256_init(&ctx);

+	sha256_update(&ctx, in, inlen);

+	sha256_update(&ctx, cnt, sizeof(cnt));

+	sha256_final(&ctx);

+	sha256_digest(&ctx, digest);

+

+	if(i != laps - 1)

+	    memcpy(&out[i * PSS_DIGEST_LENGTH], digest, PSS_DIGEST_LENGTH);

+	else

+	    memcpy(&out[i * PSS_DIGEST_LENGTH], digest, outlen - i * PSS_DIGEST_LENGTH);

+    }

+}

+

+static int pss_versig(const unsigned char *sha256, const char *dsig)

+{

+	mpz_t n, e;

+	SHA256_CTX ctx;

+	unsigned char *pt, digest1[PSS_DIGEST_LENGTH], digest2[PSS_DIGEST_LENGTH], *salt;

+	unsigned int plen = PSS_NBITS / 8, hlen, slen, i;

+	unsigned char dblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];

+	unsigned char mblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];

+	unsigned char fblock[8 + 2 * PSS_DIGEST_LENGTH];

+

+

+    hlen = slen = PSS_DIGEST_LENGTH;

+    mpz_init_set_str(n, PSS_NSTR, 10);

+    mpz_init_set_str(e, PSS_ESTR, 10);

+

+    if(!(pt = cli_decodesig(dsig, plen, e, n))) {

+	mpz_clear(n);

+	mpz_clear(e);

+	return -1;

+    }

+

+    mpz_clear(n);

+    mpz_clear(e);

+

+    if(pt[plen - 1] != 0xbc) {

+	/* cli_dbgmsg("cli_versigpss: Incorrect signature syntax (0xbc)\n"); */

+	free(pt);

+	return -1;

+    }

+

+    memcpy(mblock, pt, plen - hlen - 1);

+    memcpy(digest2, &pt[plen - hlen - 1], hlen);

+    free(pt);

+

+    pss_mgf(digest2, hlen, dblock, plen - hlen - 1);

+

+    for(i = 0; i < plen - hlen - 1; i++)

+	dblock[i] ^= mblock[i];

+

+    dblock[0] &= (0xff >> 1);

+

+    salt = memchr(dblock, 0x01, sizeof(dblock));

+    if(!salt) {

+	/* cli_dbgmsg("cli_versigpss: Can't find salt\n"); */

+	return -1;

+    }

+    salt++;

+

+    if((unsigned int) (dblock + sizeof(dblock) - salt) != slen) {

+	/* cli_dbgmsg("cli_versigpss: Bad salt size\n"); */

+	return -1;

+    }

+

+    memset(fblock, 0, 8);

+    memcpy(&fblock[8], sha256, hlen);

+    memcpy(&fblock[8 + hlen], salt, slen);

+

+    sha256_init(&ctx);

+    sha256_update(&ctx, fblock, sizeof(fblock));

+    sha256_final(&ctx);

+    sha256_digest(&ctx, digest1);

+

+    if(memcmp(digest1, digest2, hlen)) {

+	/* cli_dbgmsg("cli_versigpss: Signature doesn't match.\n"); */

+	return -1;

+    }

+

+    return 0;

+}

+#endif /* HAVE_GMP */

+

 int cdiff_apply(int fd, unsigned short mode)

 {

 	struct cdiff_ctx ctx;

@@ -848,7 +953,7 @@ int cdiff_apply(int fd, unsigned short mode)

 	sha256_final(&sha256ctx);

 	sha256_digest(&sha256ctx, digest);

-	if(cli_versigpss(digest, dsig)) {

+	if(pss_versig(digest, dsig)) {

 	    logg("!cdiff_apply: Incorrect digital signature\n");

 	    close(desc);

 	    return -1;

new file mode 100644

@@ -0,0 +1,281 @@

+/*

+ * Copyright (C) 2001 Niels Moller

+ *  

+ * This program is free software; you can redistribute it and/or

+ * modify it under the terms of the GNU General Public License as

+ * published by the Free Software Foundation; either version 2 of the

+ * License, or (at your option) any later version.

+ *

+ * The nettle library is distributed in the hope that it will be useful, but

+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public

+ * License for more details.

+ * 

+ * You should have received a copy of the GNU Lesser General Public License

+ * along with the nettle library; see the file COPYING.LIB.  If not, write to

+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,

+ * MA 02111-1307, USA.

+ */

+

+/* Modelled after the sha1.c code by Peter Gutmann. */

+

+#include <stdio.h>

+#include <string.h>

+

+#include "cltypes.h"

+#include "sha256.h"

+

+/* A block, treated as a sequence of 32-bit words. */

+#define SHA256_DATA_LENGTH 16

+

+#define ROTR(n,x) ((x)>>(n) | ((x)<<(32-(n))))

+#define SHR(n,x) ((x)>>(n))

+

+#define Choice(x,y,z)   ( (z) ^ ( (x) & ( (y) ^ (z) ) ) )

+#define Majority(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) )