/*
* Exim - an Internet mail transport agent
*
- * Copyright (C) 2016 Exim maintainers
- * Copyright (c) University of Cambridge 1995 - 2016
+ * Copyright (C) 2010 - 2018 Exim maintainers
+ * Copyright (c) University of Cambridge 1995 - 2009
*
* Hash interface functions
*/
sha1;
#endif /*STAND_ALONE*/
+#include <assert.h>
+/******************************************************************************/
+#ifdef SHA_OPENSSL
-#ifndef SUPPORT_TLS
-# error Need SUPPORT_TLS for DKIM
-#endif
+BOOL
+exim_sha_init(hctx * h, hashmethod m)
+{
+# if OPENSSL_VERSION_NUMBER < 0x30000000L
+switch (h->method = m)
+ {
+ case HASH_SHA1: h->hashlen = 20; SHA1_Init (&h->u.sha1); break;
+ case HASH_SHA2_256: h->hashlen = 32; SHA256_Init(&h->u.sha2_256); break;
+ case HASH_SHA2_384: h->hashlen = 48; SHA384_Init(&h->u.sha2_512); break;
+ case HASH_SHA2_512: h->hashlen = 64; SHA512_Init(&h->u.sha2_512); break;
+# ifdef EXIM_HAVE_SHA3
+ case HASH_SHA3_224: h->hashlen = 28;
+ EVP_DigestInit(h->u.mctx = EVP_MD_CTX_new(), EVP_sha3_224());
+ break;
+ case HASH_SHA3_256: h->hashlen = 32;
+ EVP_DigestInit(h->u.mctx = EVP_MD_CTX_new(), EVP_sha3_256());
+ break;
+ case HASH_SHA3_384: h->hashlen = 48;
+ EVP_DigestInit(h->u.mctx = EVP_MD_CTX_new(), EVP_sha3_384());
+ break;
+ case HASH_SHA3_512: h->hashlen = 64;
+ EVP_DigestInit(h->u.mctx = EVP_MD_CTX_new(), EVP_sha3_512());
+ break;
+# endif
+ default: h->hashlen = 0; return FALSE;
+ }
+return TRUE;
+# else
+EVP_MD * md;
+h->hashlen = 0;
+if (!(h->u.mctx = EVP_MD_CTX_new())) return FALSE;
+switch (h->method = m)
+ {
+ case HASH_SHA1: h->hashlen = 20; md = EVP_MD_fetch(NULL, "SHA1", NULL); break;
+ case HASH_SHA2_256: h->hashlen = 32; md = EVP_MD_fetch(NULL, "SHA2-256", NULL); break;
+ case HASH_SHA2_384: h->hashlen = 48; md = EVP_MD_fetch(NULL, "SHA2-384", NULL); break;
+ case HASH_SHA2_512: h->hashlen = 64; md = EVP_MD_fetch(NULL, "SHA2-512", NULL); break;
+ case HASH_SHA3_224: h->hashlen = 28; md = EVP_MD_fetch(NULL, "SHA3-224", NULL); break;
+ case HASH_SHA3_256: h->hashlen = 32; md = EVP_MD_fetch(NULL, "SHA3-256", NULL); break;
+ case HASH_SHA3_384: h->hashlen = 48; md = EVP_MD_fetch(NULL, "SHA3-384", NULL); break;
+ case HASH_SHA3_512: h->hashlen = 64; md = EVP_MD_fetch(NULL, "SHA3-512", NULL); break;
+ default: return FALSE;
+ }
+if (md && EVP_DigestInit_ex(h->u.mctx, md, NULL))
+ return TRUE;
-#ifdef notdef
-#ifdef RSA_OPENSSL
-# include <openssl/rsa.h>
-# include <openssl/ssl.h>
-# include <openssl/err.h>
-#elif defined(RSA_GNUTLS)
-# include <gnutls/gnutls.h>
-# include <gnutls/x509.h>
-# ifdef RSA_VERIFY_GNUTLS
-# include <gnutls/abstract.h>
+h->hashlen = 0;
+return FALSE;
# endif
-#endif
-#endif
-
-
-/******************************************************************************/
-#ifdef SHA_OPENSSL
-
-void
-exim_sha_init(hctx * h, BOOL is_sha1)
-{
-h->is_sha1 = is_sha1;
-h->hashlen = is_sha1 ? 20 : 32;
-if (h->is_sha1)
- SHA1_Init (&h->u.sha1);
-else
- SHA256_Init(&h->u.sha2);
}
void
exim_sha_update(hctx * h, const uschar * data, int len)
{
-if (h->is_sha1)
- SHA1_Update (&h->u.sha1, data, len);
-else
- SHA256_Update(&h->u.sha2, data, len);
+# if OPENSSL_VERSION_NUMBER < 0x30000000L
+switch (h->method)
+ {
+ case HASH_SHA1: SHA1_Update (&h->u.sha1, data, len); break;
+ case HASH_SHA2_256: SHA256_Update(&h->u.sha2_256, data, len); break;
+ case HASH_SHA2_384: SHA384_Update(&h->u.sha2_512, data, len); break;
+ case HASH_SHA2_512: SHA512_Update(&h->u.sha2_512, data, len); break;
+# ifdef EXIM_HAVE_SHA3
+ case HASH_SHA3_224:
+ case HASH_SHA3_256:
+ case HASH_SHA3_384:
+ case HASH_SHA3_512: EVP_DigestUpdate(h->u.mctx, data, len); break;
+# endif
+ /* should be blocked by init not handling these, but be explicit to
+ guard against accidents later (and hush up clang -Wswitch) */
+ default: assert(0);
+ }
+
+# else
+
+EVP_DigestUpdate(h->u.mctx, data, len);
+# endif
}
void
exim_sha_finish(hctx * h, blob * b)
{
-b->data = store_get(b->len = h->hashlen);
+/* Hashing is sufficient to purify any tainted input */
+b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
-if (h->is_sha1)
- SHA1_Final (b->data, &h->u.sha1);
-else
- SHA256_Final(b->data, &h->u.sha2);
+# if OPENSSL_VERSION_NUMBER < 0x30000000L
+switch (h->method)
+ {
+ case HASH_SHA1: SHA1_Final (b->data, &h->u.sha1); break;
+ case HASH_SHA2_256: SHA256_Final(b->data, &h->u.sha2_256); break;
+ case HASH_SHA2_384: SHA384_Final(b->data, &h->u.sha2_512); break;
+ case HASH_SHA2_512: SHA512_Final(b->data, &h->u.sha2_512); break;
+# ifdef EXIM_HAVE_SHA3
+ case HASH_SHA3_224:
+ case HASH_SHA3_256:
+ case HASH_SHA3_384:
+ case HASH_SHA3_512: EVP_DigestFinal(h->u.mctx, b->data, NULL); break;
+# endif
+ default: assert(0);
+ }
+
+# else
+
+EVP_DigestFinal_ex(h->u.mctx, b->data, NULL);
+EVP_MD_free((EVP_MD *) EVP_MD_CTX_get0_md(h->u.mctx));
+EVP_MD_CTX_free(h->u.mctx);
+
+# endif
}
#elif defined(SHA_GNUTLS)
/******************************************************************************/
-void
-exim_sha_init(hctx * h, BOOL is_sha1)
+BOOL
+exim_sha_init(hctx * h, hashmethod m)
{
-h->is_sha1 = is_sha1;
-h->hashlen = is_sha1 ? 20 : 32;
-gnutls_hash_init(&h->sha, is_sha1 ? GNUTLS_DIG_SHA1 : GNUTLS_DIG_SHA256);
+switch (h->method = m)
+ {
+ case HASH_SHA1: h->hashlen = 20; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA1); break;
+ case HASH_SHA2_256: h->hashlen = 32; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA256); break;
+ case HASH_SHA2_384: h->hashlen = 48; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA384); break;
+ case HASH_SHA2_512: h->hashlen = 64; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA512); break;
+#ifdef EXIM_HAVE_SHA3
+ case HASH_SHA3_224: h->hashlen = 28; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA3_224); break;
+ case HASH_SHA3_256: h->hashlen = 32; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA3_256); break;
+ case HASH_SHA3_384: h->hashlen = 48; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA3_384); break;
+ case HASH_SHA3_512: h->hashlen = 64; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA3_512); break;
+#endif
+ default: h->hashlen = 0; return FALSE;
+ }
+return TRUE;
}
void
exim_sha_finish(hctx * h, blob * b)
{
-b->data = store_get(b->len = h->hashlen);
+b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
gnutls_hash_output(h->sha, b->data);
}
#elif defined(SHA_GCRYPT)
/******************************************************************************/
-void
-exim_sha_init(hctx * h, BOOL is_sha1)
+BOOL
+exim_sha_init(hctx * h, hashmethod m)
{
-h->is_sha1 = is_sha1;
-h->hashlen = is_sha1 ? 20 : 32;
-gcry_md_open(&h->sha, is_sha1 ? GCRY_MD_SHA1 : GCRY_MD_SHA256, 0);
+switch (h->method = m)
+ {
+ case HASH_SHA1: h->hashlen = 20; gcry_md_open(&h->sha, GCRY_MD_SHA1, 0); break;
+ case HASH_SHA2_256: h->hashlen = 32; gcry_md_open(&h->sha, GCRY_MD_SHA256, 0); break;
+ case HASH_SHA2_384: h->hashlen = 48; gcry_md_open(&h->sha, GCRY_MD_SHA384, 0); break;
+ case HASH_SHA2_512: h->hashlen = 64; gcry_md_open(&h->sha, GCRY_MD_SHA512, 0); break;
+ case HASH_SHA3_256: h->hashlen = 32; gcry_md_open(&h->sha, GCRY_MD_SHA3_256, 0); break;
+ case HASH_SHA3_384: h->hashlen = 48; gcry_md_open(&h->sha, GCRY_MD_SHA3_384, 0); break;
+ case HASH_SHA3_512: h->hashlen = 64; gcry_md_open(&h->sha, GCRY_MD_SHA3_512, 0); break;
+ default: h->hashlen = 0; return FALSE;
+ }
+return TRUE;
}
void
exim_sha_finish(hctx * h, blob * b)
{
-b->data = store_get(b->len = h->hashlen);
+b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen);
}
#elif defined(SHA_POLARSSL)
/******************************************************************************/
-void
-exim_sha_init(hctx * h, BOOL is_sha1)
+BOOL
+exim_sha_init(hctx * h, hashmethod m)
{
-h->is_sha1 = is_sha1;
-h->hashlen = is_sha1 ? 20 : 32;
-if (h->is_sha1)
- sha1_starts(&h->u.sha1);
-else
- sha2_starts(&h->u.sha2, 0);
+/*XXX extend for sha512 */
+switch (h->method = m)
+ {
+ case HASH_SHA1: h->hashlen = 20; sha1_starts(&h->u.sha1); break;
+ case HASH_SHA2_256: h->hashlen = 32; sha2_starts(&h->u.sha2, 0); break;
+ default: h->hashlen = 0; return FALSE;
+ }
+return TRUE;
}
void
exim_sha_update(hctx * h, const uschar * data, int len)
{
-if (h->is_sha1)
- sha1_update(h->u.sha1, US data, len);
-else
- sha2_update(h->u.sha2, US data, len);
+switch (h->method)
+ {
+ case HASH_SHA1: sha1_update(h->u.sha1, US data, len); break;
+ case HASH_SHA2_256: sha2_update(h->u.sha2, US data, len); break;
+ }
}
void
exim_sha_finish(hctx * h, blob * b)
{
-b->data = store_get(b->len = h->hashlen);
-
-if (h->is_sha1)
- sha1_finish(h->u.sha1, b->data);
-else
- sha2_finish(h->u.sha2, b->data);
+b->data = store_get(b->len = h->hashlen, GET_INTAINTED);
+switch (h->method)
+ {
+ case HASH_SHA1: sha1_finish(h->u.sha1, b->data); break;
+ case HASH_SHA2_256: sha2_finish(h->u.sha2, b->data); break;
+ }
}
static void
native_sha1_mid(sha1 *base, const uschar *text)
{
-int i;
uint A, B, C, D, E;
uint W[80];
base->length += 64;
-for (i = 0; i < 16; i++)
+for (int i = 0; i < 16; i++)
{
W[i] = ((uint)text[0] << 24) | (text[1] << 16) | (text[2] << 8) | text[3];
text += 4;
}
-for (i = 16; i < 80; i++)
+for (int i = 16; i < 80; i++)
{
register unsigned int x = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16];
W[i] = (x << 1) | (x >> 31);
D = base->H[3];
E = base->H[4];
-for (i = 0; i < 20; i++)
+for (int i = 0; i < 20; i++)
{
unsigned int T;
T = ((A << 5) | (A >> 27)) + ((B & C) | ((~B) & D)) + E + W[i] + 0x5a827999;
A = T;
}
-for (i = 20; i < 40; i++)
+for (int i = 20; i < 40; i++)
{
unsigned int T;
T = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W[i] + 0x6ed9eba1;
A = T;
}
-for (i = 40; i < 60; i++)
+for (int i = 40; i < 60; i++)
{
unsigned int T;
T = ((A << 5) | (A >> 27)) + ((B & C) | (B & D) | (C & D)) + E + W[i] +
A = T;
}
-for (i = 60; i < 80; i++)
+for (int i = 60; i < 80; i++)
{
unsigned int T;
T = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W[i] + 0xca62c1d6;
static void
native_sha1_end(sha1 *base, const uschar *text, int length, uschar *digest)
{
-int i;
uschar work[64];
/* Process in chunks of 64 until we have less than 64 bytes left. */
/* Pass back the result, high-order byte first in each word. */
-for (i = 0; i < 5; i++)
+for (int i = 0; i < 5; i++)
{
register int x = base->H[i];
*digest++ = (x >> 24) & 0xff;
# ifdef notdef
-void
-exim_sha_init(hctx * h, BOOL is_sha1)
+BOOL
+exim_sha_init(hctx * h, hashmethod m)
{
h->hashlen = 20;
native_sha1_start(&h->sha1);
+return TRUE;
}
void
exim_sha_finish(hctx * h, blob * b)
{
-b->data = store_get(b->len = h->hashlen);
+b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
native_sha1_end(&h->sha1, NULL, 0, b->data);
}
#endif
-/******************************************************************************/
-
-/* Common to all library versions */
-int
-exim_sha_hashlen(hctx * h)
-{
-return h->is_sha1 ? 20 : 32;
-}
/******************************************************************************/
void
sha1_start(hctx * h)
{
-exim_sha_init(h, TRUE);
+(void) exim_sha_init(h, HASH_SHA1);
}
void
sha1 base;
int j;
int i = 0x01020304;
-uschar *ctest = (uschar *)(&i);
+uschar *ctest = US (&i);
uschar buffer[256];
uschar digest[20];
uschar s[41];