X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/1f6756f54d456e1049ad8b4efe18c2d63cbbb366..6d2c02560e5c0aa7cef83d02b26f193135b93e21:/src/src/hash.c

diff --git a/src/src/hash.c b/src/src/hash.c
index c50c49aad..51bcd4604 100644
--- a/src/src/hash.c
+++ b/src/src/hash.c
@@ -1,7 +1,7 @@
 /*
  *  Exim - an Internet mail transport agent
  *
- *  Copyright (C) 2010 - 2018  Exim maintainers
+ *  Copyright (c) The Exim Maintainers 2010 - 2022
  *  Copyright (c) University of Cambridge 1995 - 2009
  *
  *  Hash interface functions
@@ -29,6 +29,7 @@ sha1;
 
 /******************************************************************************/
 #ifdef SHA_OPENSSL
+# define HAVE_PARTIAL_SHA
 
 BOOL
 exim_sha_init(hctx * h, hashmethod m)
@@ -116,7 +117,7 @@ void
 exim_sha_finish(hctx * h, blob * b)
 {
 /* Hashing is sufficient to purify any tainted input */
-b->data = store_get(b->len = h->hashlen, FALSE);
+b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
 
 # if OPENSSL_VERSION_NUMBER < 0x30000000L
 switch (h->method)
@@ -146,6 +147,7 @@ EVP_MD_CTX_free(h->u.mctx);
 
 
 #elif defined(SHA_GNUTLS)
+# define HAVE_PARTIAL_SHA
 /******************************************************************************/
 
 BOOL
@@ -179,13 +181,14 @@ gnutls_hash(h->sha, data, len);
 void
 exim_sha_finish(hctx * h, blob * b)
 {
-b->data = store_get(b->len = h->hashlen, FALSE);
+b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
 gnutls_hash_output(h->sha, b->data);
 }
 
 
 
 #elif defined(SHA_GCRYPT)
+# define HAVE_PARTIAL_SHA
 /******************************************************************************/
 
 BOOL
@@ -216,7 +219,7 @@ gcry_md_write(h->sha, data, len);
 void
 exim_sha_finish(hctx * h, blob * b)
 {
-b->data = store_get(b->len = h->hashlen, FALSE);
+b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
 memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen);
 }
 
@@ -224,6 +227,7 @@ memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen);
 
 
 #elif defined(SHA_POLARSSL)
+# define HAVE_PARTIAL_SHA
 /******************************************************************************/
 
 BOOL
@@ -254,7 +258,7 @@ switch (h->method)
 void
 exim_sha_finish(hctx * h, blob * b)
 {
-b->data = store_get(b->len = h->hashlen, FALSE);
+b->data = store_get(b->len = h->hashlen, GET_INTAINTED);
 switch (h->method)
   {
   case HASH_SHA1:   sha1_finish(h->u.sha1, b->data); break;
@@ -432,9 +436,7 @@ if (length > 55)
   memset(work, 0, 56);
   }
 else
-  {
   memset(work+length+1, 0, 55-length);
-  }
 
 /* The final 8 bytes of the final chunk are a 64-bit representation of the
 length of the input string *bits*, before padding, high order word first, and
@@ -492,7 +494,7 @@ native_sha1_mid(&h->sha1, US data);	/* implicit size always 64 */
 void
 exim_sha_finish(hctx * h, blob * b)
 {
-b->data = store_get(b->len = h->hashlen, FALSE);
+b->data = store_get(b->len = h->hashlen, GET_UNTAINTED);
 
 native_sha1_end(&h->sha1, NULL, 0, b->data);
 }
@@ -556,6 +558,14 @@ memcpy(digest, b.data, 20);
 
 
 
+#ifdef HAVE_PARTIAL_SHA
+# undef HAVE_PARTIAL_SHA
+void
+exim_sha_update_string(hctx * h, const uschar * s)
+{
+if (s) exim_sha_update(h, s, Ustrlen(s));
+}
+#endif
 
 
 
@@ -565,7 +575,7 @@ memcpy(digest, b.data, 20);
 **************************************************
 *************************************************/
 
-# ifdef STAND_ALONE
+#ifdef STAND_ALONE
 
 /* Test values. The first 128 may contain binary zeros and have increasing
 length. */
@@ -880,6 +890,6 @@ printf("Computed:  %s\n", s);
 if (strcmp(s, atest) != 0) printf("*** No match ***\n");
 
 }
-# endif	/*STAND_ALONE*/
+#endif	/*STAND_ALONE*/
 
 /* End of File */