Gitweb:
https://git.exim.org/exim.git/commitdiff/12e9bb25fcee27771fb96bda05aa796591f4e4bf
Commit: 12e9bb25fcee27771fb96bda05aa796591f4e4bf
Parent: 96eb7d2a5b86afec3b66a61a1ba8af82ab0c6d41
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Tue May 21 19:10:48 2019 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Tue May 21 19:14:19 2019 +0100
Expansions: ${sha2_N}
---
doc/doc-docbook/spec.xfpt | 13 +++++++++++++
doc/doc-txt/NewStuff | 4 +++-
src/src/expand.c | 22 ++++++++++++++++++----
src/src/hash.c | 3 ---
test/scripts/2990-sha3/2990 | 28 ++++++++++++++++++++--------
test/stdout/2990 | 28 ++++++++++++++++++++--------
6 files changed, 74 insertions(+), 24 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 48237e4..d78378c 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -10958,10 +10958,14 @@ returns the SHA-1 hash fingerprint of the certificate.
.vitem &*${sha256:*&<&'string'&>&*}*&
+.vitem &*${sha2:*&<&'string'&>&*}*& &&&
+ &*${sha2_<n>:*&<&'string'&>&*}*&
.cindex "SHA-256 hash"
+.cindex "SHA-2 hash"
.cindex certificate fingerprint
.cindex "expansion" "SHA-256 hashing"
.cindex "&%sha256%& expansion item"
+.cindex "&%sha2%& expansion item"
The &%sha256%& operator computes the SHA-256 hash value of the string
and returns
it as a 64-digit hexadecimal number, in which any letters are in upper case.
@@ -10969,6 +10973,15 @@ it as a 64-digit hexadecimal number, in which any letters are in upper case.
If the string is a single variable of type certificate,
returns the SHA-256 hash fingerprint of the certificate.
+.new
+The operator can also be spelled &%sha2%& and does the same as &%sha256%&
+(except for certificates, which are not supported).
+Finally, if an underbar
+and a number is appended it specifies the output length, selecting a
+member of the SHA-2 family of hash functions.
+Values of 256, 384 and 512 are accepted, with 256 being the default.
+.wen
+
.vitem &*${sha3:*&<&'string'&>&*}*& &&&
&*${sha3_<n>:*&<&'string'&>&*}*&
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index f6044b6..b0ae9c1 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -26,6 +26,8 @@ Version 4.93
7. A main option exim_version to override the version Exim
reports in verious places ($exim_version, $version_number).
+ 8. Expansion operator ${sha2_N:} for N=256, 384, 512.
+
Version 4.92
--------------
@@ -178,7 +180,7 @@ Version 4.89
2. A main-section config option "debug_store" to control the checks on
variable locations during store-reset. Normally false but can be enabled
- when a memory corrution issue is suspected on a production system.
+ when a memory corruption issue is suspected on a production system.
Version 4.88
diff --git a/src/src/expand.c b/src/src/expand.c
index d8ea87d..41eadef 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -235,6 +235,7 @@ static uschar *op_table_main[] = {
US"rxquote",
US"s",
US"sha1",
+ US"sha2",
US"sha256",
US"sha3",
US"stat",
@@ -281,6 +282,7 @@ enum {
EOP_RXQUOTE,
EOP_S,
EOP_SHA1,
+ EOP_SHA2,
EOP_SHA256,
EOP_SHA3,
EOP_STAT,
@@ -6797,23 +6799,35 @@ while (*s != 0)
}
continue;
+ case EOP_SHA2:
case EOP_SHA256:
#ifdef EXIM_HAVE_SHA2
if (vp && *(void **)vp->value)
{
- uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
- yield = string_cat(yield, cp);
+ if (c == EOP_SHA256)
+ {
+ uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
+ yield = string_cat(yield, cp);
+ }
+ else
+ expand_string_message = US"sha2_N not supported with certificates";
}
else
{
hctx h;
blob b;
+ hashmethod m = !arg ? HASH_SHA2_256
+ : Ustrcmp(arg, "256") == 0 ? HASH_SHA2_256
+ : Ustrcmp(arg, "384") == 0 ? HASH_SHA2_384
+ : Ustrcmp(arg, "512") == 0 ? HASH_SHA2_512
+ : HASH_BADTYPE;
- if (!exim_sha_init(&h, HASH_SHA2_256))
+ if (m == HASH_BADTYPE || !exim_sha_init(&h, m))
{
- expand_string_message = US"unrecognised sha256 variant";
+ expand_string_message = US"unrecognised sha2 variant";
goto EXPAND_FAILED;
}
+
exim_sha_update(&h, sub, Ustrlen(sub));
exim_sha_finish(&h, &b);
while (b.len-- > 0)
diff --git a/src/src/hash.c b/src/src/hash.c
index eea2cb8..1bdeaef 100644
--- a/src/src/hash.c
+++ b/src/src/hash.c
@@ -33,7 +33,6 @@ sha1;
BOOL
exim_sha_init(hctx * h, hashmethod m)
{
-/*XXX extend for sha512 */
switch (h->method = m)
{
case HASH_SHA1: h->hashlen = 20; SHA1_Init (&h->u.sha1); break;
@@ -110,7 +109,6 @@ switch (h->method)
BOOL
exim_sha_init(hctx * h, hashmethod m)
{
-/*XXX extend for sha512 */
switch (h->method = m)
{
case HASH_SHA1: h->hashlen = 20; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA1); break;
@@ -151,7 +149,6 @@ gnutls_hash_output(h->sha, b->data);
BOOL
exim_sha_init(hctx * h, hashmethod m)
{
-/*XXX extend for sha512 */
switch (h->method = m)
{
case HASH_SHA1: h->hashlen = 20; gcry_md_open(&h->sha, GCRY_MD_SHA1, 0); break;
diff --git a/test/scripts/2990-sha3/2990 b/test/scripts/2990-sha3/2990
index e0d4aaf..9f73664 100644
--- a/test/scripts/2990-sha3/2990
+++ b/test/scripts/2990-sha3/2990
@@ -1,13 +1,25 @@
# sha3 expansions
#
exim -be
-sha256: ${sha256:}
-sha256: ${sha256:abc}
+sha256: ${sha256:}
+sha256:abc ${sha256:abc}
+sha2: ${sha2:}
+sha2:abc ${sha2:abc}
+sha2_256: ${sha2_256:}
+sha2_256:abc ${sha2_256:abc}
+sha2_384: ${sha2_384:}
+sha2_384:abc ${sha2_384:abc}
+sha2_512: ${sha2_512:}
+sha2_512:abc ${sha3_512:abc}
-sha3: ${sha3:}
-sha3: ${sha3:abc}
-sha3_256: ${sha3_256:}
-sha3_256: ${sha3_256:abc}
-sha3_512: ${sha3_512:}
-sha3_512: ${sha3_512:abc}
+sha3: ${sha3:}
+sha3:abc ${sha3:abc}
+sha3_224: ${sha3_224:}
+sha3_224:abc ${sha3_224:abc}
+sha3_256: ${sha3_256:}
+sha3_256:abc ${sha3_256:abc}
+sha3_384: ${sha3_384:}
+sha3_384:abc ${sha3_384:abc}
+sha3_512: ${sha3_512:}
+sha3_512:abc ${sha3_512:abc}
****
diff --git a/test/stdout/2990 b/test/stdout/2990
index 203cef9..21d706b 100644
--- a/test/stdout/2990
+++ b/test/stdout/2990
@@ -1,10 +1,22 @@
-> sha256: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
-> sha256: BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD
+> sha256: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
+> sha256:abc BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD
+> sha2: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
+> sha2:abc BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD
+> sha2_256: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
+> sha2_256:abc BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD
+> sha2_384: 38B060A751AC96384CD9327EB1B1E36A21FDB71114BE07434C0CC7BF63F6E1DA274EDEBFE76F65FBD51AD2F14898B95B
+> sha2_384:abc CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7
+> sha2_512: CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
+> sha2_512:abc B751850B1A57168A5693CD924B6B096E08F621827444F70D884F5D0240D2712E10E116E9192AF3C91A7EC57647E3934057340B4CF408D5A56592F8274EEC53F0
>
-> sha3: A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A
-> sha3: 3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532
-> sha3_256: A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A
-> sha3_256: 3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532
-> sha3_512: A69F73CCA23A9AC5C8B567DC185A756E97C982164FE25859E0D1DCC1475C80A615B2123AF1F5F94C11E3E9402C3AC558F500199D95B6D3E301758586281DCD26
-> sha3_512: B751850B1A57168A5693CD924B6B096E08F621827444F70D884F5D0240D2712E10E116E9192AF3C91A7EC57647E3934057340B4CF408D5A56592F8274EEC53F0
+> sha3: A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A
+> sha3:abc 3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532
+> sha3_224: 6B4E03423667DBB73B6E15454F0EB1ABD4597F9A1B078E3F5B5A6BC7
+> sha3_224:abc E642824C3F8CF24AD09234EE7D3C766FC9A3A5168D0C94AD73B46FDF
+> sha3_256: A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A
+> sha3_256:abc 3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532
+> sha3_384: 0C63A75B845E4F7D01107D852E4C2485C51A50AAAA94FC61995E71BBEE983A2AC3713831264ADB47FB6BD1E058D5F004
+> sha3_384:abc EC01498288516FC926459F58E2C6AD8DF9B473CB0FC08C2596DA7CF0E49BE4B298D88CEA927AC7F539F1EDF228376D25
+> sha3_512: A69F73CCA23A9AC5C8B567DC185A756E97C982164FE25859E0D1DCC1475C80A615B2123AF1F5F94C11E3E9402C3AC558F500199D95B6D3E301758586281DCD26
+> sha3_512:abc B751850B1A57168A5693CD924B6B096E08F621827444F70D884F5D0240D2712E10E116E9192AF3C91A7EC57647E3934057340B4CF408D5A56592F8274EEC53F0
>
