X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/1f6756f54d456e1049ad8b4efe18c2d63cbbb366..107077d7fd6736711bf5cd980221723401d37c51:/src/src/hash.c diff --git a/src/src/hash.c b/src/src/hash.c index c50c49aad..17a52fe43 100644 --- a/src/src/hash.c +++ b/src/src/hash.c @@ -1,8 +1,9 @@ /* * Exim - an Internet mail transport agent * - * Copyright (C) 2010 - 2018 Exim maintainers + * Copyright (c) The Exim Maintainers 2010 - 2023 * Copyright (c) University of Cambridge 1995 - 2009 + * SPDX-License-Identifier: GPL-2.0-or-later * * Hash interface functions */ @@ -29,6 +30,7 @@ sha1; /******************************************************************************/ #ifdef SHA_OPENSSL +# define HAVE_PARTIAL_SHA BOOL exim_sha_init(hctx * h, hashmethod m) @@ -116,7 +118,7 @@ void exim_sha_finish(hctx * h, blob * b) { /* Hashing is sufficient to purify any tainted input */ -b->data = store_get(b->len = h->hashlen, FALSE); +b->data = store_get(b->len = h->hashlen, GET_UNTAINTED); # if OPENSSL_VERSION_NUMBER < 0x30000000L switch (h->method) @@ -146,6 +148,7 @@ EVP_MD_CTX_free(h->u.mctx); #elif defined(SHA_GNUTLS) +# define HAVE_PARTIAL_SHA /******************************************************************************/ BOOL @@ -179,13 +182,14 @@ gnutls_hash(h->sha, data, len); void exim_sha_finish(hctx * h, blob * b) { -b->data = store_get(b->len = h->hashlen, FALSE); +b->data = store_get(b->len = h->hashlen, GET_UNTAINTED); gnutls_hash_output(h->sha, b->data); } #elif defined(SHA_GCRYPT) +# define HAVE_PARTIAL_SHA /******************************************************************************/ BOOL @@ -216,7 +220,7 @@ gcry_md_write(h->sha, data, len); void exim_sha_finish(hctx * h, blob * b) { -b->data = store_get(b->len = h->hashlen, FALSE); +b->data = store_get(b->len = h->hashlen, GET_UNTAINTED); memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen); } @@ -224,6 +228,7 @@ memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen); #elif defined(SHA_POLARSSL) +# define HAVE_PARTIAL_SHA /******************************************************************************/ BOOL @@ -254,7 +259,7 @@ switch (h->method) void exim_sha_finish(hctx * h, blob * b) { -b->data = store_get(b->len = h->hashlen, FALSE); +b->data = store_get(b->len = h->hashlen, GET_INTAINTED); switch (h->method) { case HASH_SHA1: sha1_finish(h->u.sha1, b->data); break; @@ -403,7 +408,7 @@ Returns: nothing */ static void -native_sha1_end(sha1 *base, const uschar *text, int length, uschar *digest) +native_sha1_end(sha1 * base, const uschar * text, int length, uschar * digest) { uschar work[64]; @@ -421,7 +426,7 @@ out to 64, process it, and then set up the final chunk as 56 bytes of padding. If it has less than 56 bytes, we pad it out to 56 bytes as the final chunk. */ -memcpy(work, text, length); +if (length) memcpy(work, text, length); work[length] = 0x80; if (length > 55) @@ -432,9 +437,7 @@ if (length > 55) memset(work, 0, 56); } else - { memset(work+length+1, 0, 55-length); - } /* The final 8 bytes of the final chunk are a 64-bit representation of the length of the input string *bits*, before padding, high order word first, and @@ -492,7 +495,7 @@ native_sha1_mid(&h->sha1, US data); /* implicit size always 64 */ void exim_sha_finish(hctx * h, blob * b) { -b->data = store_get(b->len = h->hashlen, FALSE); +b->data = store_get(b->len = h->hashlen, GET_UNTAINTED); native_sha1_end(&h->sha1, NULL, 0, b->data); } @@ -556,6 +559,14 @@ memcpy(digest, b.data, 20); +#ifdef HAVE_PARTIAL_SHA +# undef HAVE_PARTIAL_SHA +void +exim_sha_update_string(hctx * h, const uschar * s) +{ +if (s) exim_sha_update(h, s, Ustrlen(s)); +} +#endif @@ -565,7 +576,7 @@ memcpy(digest, b.data, 20); ************************************************** *************************************************/ -# ifdef STAND_ALONE +#ifdef STAND_ALONE /* Test values. The first 128 may contain binary zeros and have increasing length. */ @@ -880,6 +891,6 @@ printf("Computed: %s\n", s); if (strcmp(s, atest) != 0) printf("*** No match ***\n"); } -# endif /*STAND_ALONE*/ +#endif /*STAND_ALONE*/ /* End of File */