diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/src/expand.c | 38 | ||||
-rw-r--r-- | src/src/hash.c | 30 | ||||
-rw-r--r-- | src/src/hash.h | 6 | ||||
-rw-r--r-- | src/src/sha_ver.h | 3 |
4 files changed, 51 insertions, 26 deletions
diff --git a/src/src/expand.c b/src/src/expand.c index d23e15fa7..1484a3027 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -231,6 +231,7 @@ static uschar *op_table_main[] = { US"s", US"sha1", US"sha256", + US"sha3", US"stat", US"str2b64", US"strlen", @@ -273,6 +274,7 @@ enum { EOP_S, EOP_SHA1, EOP_SHA256, + EOP_SHA3, EOP_STAT, EOP_STR2B64, EOP_STRLEN, @@ -6367,7 +6369,7 @@ while (*s != 0) continue; case EOP_SHA256: -#ifdef SUPPORT_TLS +#ifdef EXIM_HAVE_SHA2 if (vp && *(void **)vp->value) { uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value); @@ -6393,6 +6395,40 @@ while (*s != 0) #endif continue; + case EOP_SHA3: +#ifdef EXIM_HAVE_SHA3 + { + hctx h; + blob b; + char st[3]; + hashmethod m = !arg ? HASH_SHA3_256 + : Ustrcmp(arg, "224") == 0 ? HASH_SHA3_224 + : Ustrcmp(arg, "256") == 0 ? HASH_SHA3_256 + : Ustrcmp(arg, "384") == 0 ? HASH_SHA3_384 + : Ustrcmp(arg, "512") == 0 ? HASH_SHA3_512 + : HASH_BADTYPE; + + if (m == HASH_BADTYPE) + { + expand_string_message = US"unrecognised sha3 variant"; + goto EXPAND_FAILED; + } + + exim_sha_init(&h, m); + exim_sha_update(&h, sub, Ustrlen(sub)); + exim_sha_finish(&h, &b); + while (b.len-- > 0) + { + sprintf(st, "%02X", *b.data++); + yield = string_catn(yield, &size, &ptr, US st, 2); + } + } + continue; +#else + expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 +"; + goto EXPAND_FAILED; +#endif + /* Convert hex encoding to base64 encoding */ case EOP_HEX2B64: diff --git a/src/src/hash.c b/src/src/hash.c index a0d69c2f0..c2be85d17 100644 --- a/src/src/hash.c +++ b/src/src/hash.c @@ -27,27 +27,6 @@ sha1; -#ifndef SUPPORT_TLS -# error Need SUPPORT_TLS for DKIM -#endif - - - -#ifdef notdef -#ifdef RSA_OPENSSL -# include <openssl/rsa.h> -# include <openssl/ssl.h> -# include <openssl/err.h> -#elif defined(RSA_GNUTLS) -# include <gnutls/gnutls.h> -# include <gnutls/x509.h> -# ifdef RSA_VERIFY_GNUTLS -# include <gnutls/abstract.h> -# endif -#endif -#endif - - /******************************************************************************/ #ifdef SHA_OPENSSL @@ -95,9 +74,12 @@ exim_sha_init(hctx * h, hashmethod m) { switch (h->method = m) { - case HASH_SHA1: h->hashlen = 20; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA1); break; - case HASH_SHA256: h->hashlen = 32; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA256); break; - default: h->hashlen = 0; break; + case HASH_SHA1: h->hashlen = 20; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA1); break; + case HASH_SHA256: h->hashlen = 32; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA256); break; +#ifdef EXIM_HAVE_SHA3 + case HASH_SHA3_256: h->hashlen = 32; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA3_256); break; +#endif + default: h->hashlen = 0; break; } } diff --git a/src/src/hash.h b/src/src/hash.h index f1ebac467..9e91f1aad 100644 --- a/src/src/hash.h +++ b/src/src/hash.h @@ -30,9 +30,13 @@ /* Hash context for the exim_sha_* routines */ typedef enum hashmethod { + HASH_BADTYPE, HASH_SHA1, HASH_SHA256, - HASH_SHA3 + HASH_SHA3_224, + HASH_SHA3_256, + HASH_SHA3_384, + HASH_SHA3_512, } hashmethod; typedef struct { diff --git a/src/src/sha_ver.h b/src/src/sha_ver.h index 630c78d41..fd1a4d083 100644 --- a/src/src/sha_ver.h +++ b/src/src/sha_ver.h @@ -18,6 +18,9 @@ # if GNUTLS_VERSION_NUMBER >= 0x020a00 # define SHA_GNUTLS +# if GNUTLS_VERSION_NUMBER >= 0x030500 +# define EXIM_HAVE_SHA3 +# endif # else # define SHA_GCRYPT # endif |