SECURITY: DKIM DNS buffer overflow protection

[exim.git] / src / src / pdkim / sha1.c

diff --git a/src/src/pdkim/sha1.c b/src/src/pdkim/sha1.c
index 8cb9d00d75ba560905ec934969afb071833b286e..81b862f8f9e4f883f9910f104383117af7e09598 100644 (file)
--- a/src/src/pdkim/sha1.c
+++ b/src/src/pdkim/sha1.c
@@ -1,10 +1,12 @@
 /*
  *  FIPS-180-1 compliant SHA-1 implementation
  *
- *  Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
- *  All rights reserved.
+ *  Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
  *
- *  Joined copyright on original XySSL code with: Christophe Devine
+ *  All rights reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -26,8 +28,6 @@
  *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
  */
 
-/* $Cambridge: exim/src/src/pdkim/sha1.c,v 1.3 2009/12/07 13:05:07 tom Exp $ */
-
 #include "sha1.h"
 
 #include <string.h>
@@ -71,7 +71,7 @@ void sha1_starts( sha1_context *ctx )
     ctx->state[4] = 0xC3D2E1F0;
 }
 
-static void sha1_process( sha1_context *ctx, unsigned char data[64] )
+static void sha1_process( sha1_context *ctx, const unsigned char data[64] )
 {
     unsigned long temp, W[16], A, B, C, D, E;
 
@@ -230,7 +230,7 @@ static void sha1_process( sha1_context *ctx, unsigned char data[64] )
 /*
  * SHA-1 process buffer
  */
-void sha1_update( sha1_context *ctx, unsigned char *input, int ilen )
+void sha1_update( sha1_context *ctx, const unsigned char *input, int ilen )
 {
     int fill;
     unsigned long left;
@@ -311,7 +311,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] )
 /*
  * output = SHA-1( input buffer )
  */
-void sha1( unsigned char *input, int ilen, unsigned char output[20] )
+void sha1( const unsigned char *input, int ilen, unsigned char output[20] )
 {
     sha1_context ctx;
 
@@ -325,7 +325,7 @@ void sha1( unsigned char *input, int ilen, unsigned char output[20] )
 /*
  * output = SHA-1( file contents )
  */
-int sha1_file( char *path, unsigned char output[20] )
+int sha1_file( const char *path, unsigned char output[20] )
 {
     FILE *f;
     size_t n;
@@ -357,7 +357,7 @@ int sha1_file( char *path, unsigned char output[20] )
 /*
  * SHA-1 HMAC context setup
  */
-void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen )
+void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, int keylen )
 {
     int i;
     unsigned char sum[20];
@@ -387,7 +387,7 @@ void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen )
 /*
  * SHA-1 HMAC process buffer
  */
-void sha1_hmac_update( sha1_context *ctx, unsigned char *input, int ilen )
+void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, int ilen )
 {
     sha1_update( ctx, input, ilen );
 }
@@ -408,11 +408,20 @@ void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
     memset( tmpbuf, 0, sizeof( tmpbuf ) );
 }
 
+/*
+ * SHA1 HMAC context reset
+ */
+void sha1_hmac_reset( sha1_context *ctx )
+{
+    sha1_starts( ctx );
+    sha1_update( ctx, ctx->ipad, 64 );
+}
+
 /*
  * output = HMAC-SHA-1( hmac key, input buffer )
  */
-void sha1_hmac( unsigned char *key, int keylen,
-                unsigned char *input, int ilen,
+void sha1_hmac( const unsigned char *key, int keylen,
+                const unsigned char *input, int ilen,
                 unsigned char output[20] )
 {
     sha1_context ctx;