From fa714063ea46ef6dd92dbef3525781d85513394b Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 13 Apr 2022 15:37:56 +0100 Subject: [PATCH] Add string-hashing interface --- src/src/arc.c | 2 +- src/src/expand.c | 4 ++-- src/src/hash.c | 18 ++++++++++++++---- src/src/hash.h | 1 + src/src/pdkim/pdkim.c | 6 +++--- src/src/tls.c | 18 +++++++----------- 6 files changed, 28 insertions(+), 21 deletions(-) diff --git a/src/src/arc.c b/src/src/arc.c index a9523890d..6c7891a6d 100644 --- a/src/src/arc.c +++ b/src/src/arc.c @@ -569,7 +569,7 @@ while ((hn = string_nextinlist(&headernames, &sep, NULL, 0))) len = Ustrlen(s); DEBUG(D_acl) pdkim_quoteprint(s, len); - exim_sha_update(&hhash_ctx, s, Ustrlen(s)); + exim_sha_update_string(&hhash_ctx, s); r->used = TRUE; break; } diff --git a/src/src/expand.c b/src/src/expand.c index 12edd195c..1f6b933bf 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -7273,7 +7273,7 @@ NOT_ITEM: ; goto EXPAND_FAILED; } - exim_sha_update(&h, sub, Ustrlen(sub)); + exim_sha_update_string(&h, sub); exim_sha_finish(&h, &b); while (b.len-- > 0) yield = string_fmt_append(yield, "%02X", *b.data++); @@ -7301,7 +7301,7 @@ NOT_ITEM: ; goto EXPAND_FAILED; } - exim_sha_update(&h, sub, Ustrlen(sub)); + exim_sha_update_string(&h, sub); exim_sha_finish(&h, &b); while (b.len-- > 0) yield = string_fmt_append(yield, "%02X", *b.data++); diff --git a/src/src/hash.c b/src/src/hash.c index b5323b69c..85e10d5d5 100644 --- a/src/src/hash.c +++ b/src/src/hash.c @@ -29,6 +29,7 @@ sha1; /******************************************************************************/ #ifdef SHA_OPENSSL +# define HAVE_PARTIAL_SHA BOOL exim_sha_init(hctx * h, hashmethod m) @@ -146,6 +147,7 @@ EVP_MD_CTX_free(h->u.mctx); #elif defined(SHA_GNUTLS) +# define HAVE_PARTIAL_SHA /******************************************************************************/ BOOL @@ -186,6 +188,7 @@ gnutls_hash_output(h->sha, b->data); #elif defined(SHA_GCRYPT) +# define HAVE_PARTIAL_SHA /******************************************************************************/ BOOL @@ -224,6 +227,7 @@ memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen); #elif defined(SHA_POLARSSL) +# define HAVE_PARTIAL_SHA /******************************************************************************/ BOOL @@ -432,9 +436,7 @@ if (length > 55) memset(work, 0, 56); } else - { memset(work+length+1, 0, 55-length); - } /* The final 8 bytes of the final chunk are a 64-bit representation of the length of the input string *bits*, before padding, high order word first, and @@ -556,6 +558,14 @@ memcpy(digest, b.data, 20); +#ifdef HAVE_PARTIAL_SHA +# undef HAVE_PARTIAL_SHA +void +exim_sha_update_string(hctx * h, const uschar * s) +{ +if (s) exim_sha_update(h, s, Ustrlen(s)); +} +#endif @@ -565,7 +575,7 @@ memcpy(digest, b.data, 20); ************************************************** *************************************************/ -# ifdef STAND_ALONE +#ifdef STAND_ALONE /* Test values. The first 128 may contain binary zeros and have increasing length. */ @@ -880,6 +890,6 @@ printf("Computed: %s\n", s); if (strcmp(s, atest) != 0) printf("*** No match ***\n"); } -# endif /*STAND_ALONE*/ +#endif /*STAND_ALONE*/ /* End of File */ diff --git a/src/src/hash.h b/src/src/hash.h index 5bd47acd1..57ef3da82 100644 --- a/src/src/hash.h +++ b/src/src/hash.h @@ -77,6 +77,7 @@ typedef struct { extern BOOL exim_sha_init(hctx *, hashmethod); extern void exim_sha_update(hctx *, const uschar *a, int); +extern void exim_sha_update_string(hctx *, const uschar *a); extern void exim_sha_finish(hctx *, blob *); #endif diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index c368be438..4d77233b6 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -1613,7 +1613,7 @@ for (pdkim_signature * sig = ctx->sig; sig; sig = sig->next) rh = pdkim_relax_header(rh, TRUE); /* cook header for relaxed canon */ /* Feed header to the hash algorithm */ - exim_sha_update(&hhash_ctx, CUS rh, Ustrlen(rh)); + exim_sha_update_string(&hhash_ctx, CUS rh); /* Remember headers block for signing (when the library cannot do incremental) */ /*XXX we could avoid doing this for all but the GnuTLS/RSA case */ @@ -1674,7 +1674,7 @@ for (pdkim_signature * sig = ctx->sig; sig; sig = sig->next) : string_copy(CUS hdrs->value); /* Feed header to the hash algorithm */ - exim_sha_update(&hhash_ctx, CUS rh, Ustrlen(rh)); + exim_sha_update_string(&hhash_ctx, CUS rh); DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh)); hdrs->tag = 1; @@ -1715,7 +1715,7 @@ for (pdkim_signature * sig = ctx->sig; sig; sig = sig->next) } /* Finalize header hash */ - exim_sha_update(&hhash_ctx, CUS sig_hdr, Ustrlen(sig_hdr)); + exim_sha_update_string(&hhash_ctx, CUS sig_hdr); exim_sha_finish(&hhash_ctx, &hhash); DEBUG(D_acl) diff --git a/src/src/tls.c b/src/src/tls.c index a988c7505..c9bc556fc 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -813,19 +813,15 @@ exim_sha_init(h, HASH_SHA1); // TODO: word from server EHLO resp /* how, fer gossakes? Add item to conn_args or tls_support? */ if (conn_args->dane) - exim_sha_update(h, CUS &conn_args->tlsa_dnsa, sizeof(dns_answer)); -exim_sha_update(h, conn_args->host->address, Ustrlen(conn_args->host->address)); + exim_sha_update(h, CUS &conn_args->tlsa_dnsa, sizeof(dns_answer)); +exim_sha_update_string(h, conn_args->host->address); exim_sha_update(h, CUS &conn_args->host->port, sizeof(conn_args->host->port)); -exim_sha_update(h, conn_args->sending_ip_address, Ustrlen(conn_args->sending_ip_address)); -if (openssl_options) - exim_sha_update(h, openssl_options, Ustrlen(openssl_options)); -if (ob->tls_require_ciphers) - exim_sha_update(h, ob->tls_require_ciphers, Ustrlen(ob->tls_require_ciphers)); -if (tlsp->sni) - exim_sha_update(h, tlsp->sni, Ustrlen(tlsp->sni)); +exim_sha_update_string(h, conn_args->sending_ip_address); +exim_sha_update_string(h, openssl_options); +exim_sha_update_string(h, ob->tls_require_ciphers); +exim_sha_update_string(h, tlsp->sni); #ifdef EXIM_HAVE_ALPN -if (ob->tls_alpn) - exim_sha_update(h, ob->tls_alpn, Ustrlen(ob->tls_alpn)); +exim_sha_update_string(h, ob->tls_alpn); #endif exim_sha_finish(h, &b); for (g = string_get(b.len*2+1); b.len-- > 0; ) -- 2.30.2