mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 10:23:17 +00:00
8d485b9bfd
Add X509 certificate chain based signing with PKCS7-PEM external signatures distributed alongside CVD's in a custom .cvd.sign format. This new signing and verification mechanism is primarily in support of FIPS compliance. Fixes: https://github.com/Cisco-Talos/clamav/issues/564 Add a Rust implementation for parsing, verifying, and unpacking CVD files. Now installs a 'certs' directory in the app config directory (e.g. <prefix>/etc/certs). The install location is configurable. The CMake option to configure the CVD certs directory is: `-D CVD_CERTS_DIRECTORY=PATH` New options to set an alternative CVD certs directory: - Commandline for freshclam, clamd, clamscan, and sigtool is: `--cvdcertsdir PATH` - Env variable for freshclam, clamd, clamscan, and sigtool is: `CVD_CERTS_DIR` - Config option for freshclam and clamd is: `CVDCertsDirectory PATH` Sigtool: - Add sign/verify commands. - Also verify CDIFF external digital signatures when applying CDIFFs. - Place commonly used commands at the top of --help string. - Fix up manpage. Freshclam: - Will try to download .sign files to verify CVDs and CDIFFs. - Fix an issue where making a CLD would only include the CFG file for daily and not if patching any other database. libclamav.so: - Bump version to 13:0:1 (aka 12.1.0). - Also remove libclamav.map versioning. Resolves: https://github.com/Cisco-Talos/clamav/issues/1304 - Add two new API's to the public clamav.h header: ```c extern cl_error_t cl_cvdverify_ex(const char *file, const char *certs_directory); extern cl_error_t cl_cvdunpack_ex(const char *file, const char *dir, bool dont_verify, const char *certs_directory); ``` The original `cl_cvdverify` and `cl_cvdunpack` are deprecated. - Add `cl_engine_field` enum option `CL_ENGINE_CVDCERTSDIR`. You may set this option with `cl_engine_set_str` and get it with `cl_engine_get_str`, to override the compiled in default CVD certs directory. libfreshclam.so: Bump version to 4:0:0 (aka 4.0.0). Add sigtool sign/verify tests and test certs. Make it so downloadFile doesn't throw a warning if the server doesn't have the .sign file. Replace use of md5-based FP signatures in the unit tests with sha256-based FP signatures because the md5 implementation used by Python may be disabled in FIPS mode. Fixes: https://github.com/Cisco-Talos/clamav/issues/1411 CMake: Add logic to enable the Rust openssl-sys / openssl-rs crates to build against the same OpenSSL library as is used for the C build. The Rust unit test application must also link directly with libcrypto and libssl. Fix some log messages with missing new lines. Fix missing environment variable notes in --help messages and manpages. Deconflict CONFDIR/DATADIR/CERTSDIR variable names that are defined in clamav-config.h.in for libclamav from variable that had the same name for use in clamav applications that use the optparser. The 'clamav-test' certs for the unit tests will live for 10 years. The 'clamav-beta.crt' public cert will only live for 120 days and will be replaced before the stable release with a production 'clamav.crt'.
147 lines
2.9 KiB
C
147 lines
2.9 KiB
C
#ifndef __PLATFORM_H
|
|
#define __PLATFORM_H
|
|
|
|
#ifdef _WIN32
|
|
#include <winsock2.h>
|
|
#include <windows.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <io.h>
|
|
#include <fcntl.h>
|
|
#include <direct.h>
|
|
#include <Ws2tcpip.h>
|
|
#include <process.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#include "gettimeofday.h"
|
|
#include "snprintf.h"
|
|
#include "net.h"
|
|
#include "w32_errno.h"
|
|
#include "w32_stat.h"
|
|
#include "random.h"
|
|
#include "utf8_util.h"
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#else
|
|
typedef unsigned short mode_t;
|
|
#endif
|
|
|
|
#define strcasecmp lstrcmpi
|
|
#define strncasecmp strnicmp
|
|
#define mkdir(path, mode) mkdir(path)
|
|
#define sleep(sex) Sleep(1000 * (sex))
|
|
#define getuid() 0
|
|
#define getgid() 0
|
|
|
|
char *strptime(const char *s, const char *format, struct tm *tm);
|
|
|
|
#define srand w32_srand
|
|
#define rand w32_rand
|
|
#define socket w32_socket
|
|
#define getsockopt w32_getsockopt
|
|
#define setsockopt w32_setsockopt
|
|
#define bind w32_bind
|
|
#define listen w32_listen
|
|
#define accept w32_accept
|
|
#define connect w32_connect
|
|
#define shutdown w32_shutdown
|
|
#define send w32_send
|
|
#define recv w32_recv
|
|
#define closesocket w32_closesocket
|
|
#define getservbyname w32_getservbyname
|
|
#define getaddrinfo w32_getaddrinfo
|
|
#ifdef gai_strerror
|
|
#undef gai_strerror
|
|
#endif
|
|
#define gai_strerror w32_strerror
|
|
#define freeaddrinfo w32_freeaddrinfo
|
|
#define inet_ntop w32_inet_ntop
|
|
#define inet_ntoa w32_inet_ntoa
|
|
#define getpeername w32_getpeername
|
|
#define select w32_select
|
|
#define poll w32_poll
|
|
#define strerror w32_strerror
|
|
#define strerror_r w32_strerror_r
|
|
#define ftruncate _chsize
|
|
#define getpid GetCurrentProcessId
|
|
|
|
#define PATH_MAX 32767
|
|
#define WORDS_BIGENDIAN 0
|
|
#define EAI_SYSTEM 0
|
|
|
|
#else
|
|
#define closesocket(s) close(s)
|
|
#define cli_to_utf8_maybe_alloc(x) (x)
|
|
#define cli_strdup_to_utf8(x) strdup(x)
|
|
#endif
|
|
|
|
#ifndef O_BINARY
|
|
#define O_BINARY 0
|
|
#endif
|
|
|
|
#ifndef FALSE
|
|
#define FALSE (0)
|
|
#endif
|
|
#ifndef TRUE
|
|
#define TRUE (1)
|
|
#endif
|
|
|
|
#ifndef MIN
|
|
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
|
|
#endif
|
|
#ifndef MAX
|
|
#define MAX(a,b) (((a) > (b)) ? (a) : (b))
|
|
#endif
|
|
|
|
#ifndef HAVE_IN_PORT_T
|
|
typedef unsigned short in_port_t;
|
|
#endif
|
|
|
|
#ifndef HAVE_IN_ADDR_T
|
|
typedef unsigned int in_addr_t;
|
|
#endif
|
|
|
|
#ifdef _WIN32
|
|
#define PATHSEP "\\"
|
|
#else
|
|
#define PATHSEP "/"
|
|
#endif
|
|
|
|
#ifndef WORDS_BIGENDIAN
|
|
#define WORDS_BIGENDIAN 0
|
|
#endif
|
|
|
|
#ifdef _WIN32
|
|
|
|
void w32_glob(int *argc_ptr, char ***argv_ptr);
|
|
|
|
#if !defined(THIS_IS_LIBCLAMAV) && defined(_MSC_VER)
|
|
#define LIBCLAMAV_EXPORT __declspec(dllimport)
|
|
#else
|
|
#define LIBCLAMAV_EXPORT
|
|
#endif
|
|
#undef HAVE_CONFIG_H
|
|
|
|
#ifdef OUT
|
|
#undef OUT
|
|
#endif
|
|
|
|
int real_main(int, char **);
|
|
#define main \
|
|
main(int argc, char **argv) \
|
|
{ \
|
|
_setmode(_fileno(stdin), _O_BINARY); \
|
|
w32_glob(&argc, &argv); \
|
|
return real_main(argc, argv); \
|
|
}; \
|
|
int real_main
|
|
|
|
#else
|
|
#define LIBCLAMAV_EXPORT
|
|
#endif
|
|
|
|
#endif /* __PLATFORM_H */
|