Expansions: ${sha2_N}

[exim.git] / src / src / expand.c

diff --git a/src/src/expand.c b/src/src/expand.c
index ff1b72615150da75033ab136f2812d6377644436..41eadefd00f13a6abce0ca2b7e4c22185015cd9a 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -235,6 +235,7 @@ static uschar *op_table_main[] = {
   US"rxquote",
   US"s",
   US"sha1",
+  US"sha2",
   US"sha256",
   US"sha3",
   US"stat",
@@ -281,6 +282,7 @@ enum {
   EOP_RXQUOTE,
   EOP_S,
   EOP_SHA1,
+  EOP_SHA2,
   EOP_SHA256,
   EOP_SHA3,
   EOP_STAT,
@@ -751,6 +753,9 @@ static var_entry var_table[] = {
   { "tls_in_ourcert",      vtype_cert,        &tls_in.ourcert },
   { "tls_in_peercert",     vtype_cert,        &tls_in.peercert },
   { "tls_in_peerdn",       vtype_stringptr,   &tls_in.peerdn },
+#ifdef EXPERIMENTAL_TLS_RESUME
+  { "tls_in_resumption",   vtype_int,         &tls_in.resumption },
+#endif
 #if defined(SUPPORT_TLS)
   { "tls_in_sni",          vtype_stringptr,   &tls_in.sni },
 #endif
@@ -765,6 +770,9 @@ static var_entry var_table[] = {
   { "tls_out_ourcert",     vtype_cert,        &tls_out.ourcert },
   { "tls_out_peercert",    vtype_cert,        &tls_out.peercert },
   { "tls_out_peerdn",      vtype_stringptr,   &tls_out.peerdn },
+#ifdef EXPERIMENTAL_TLS_RESUME
+  { "tls_out_resumption",  vtype_int,         &tls_out.resumption },
+#endif
 #if defined(SUPPORT_TLS)
   { "tls_out_sni",         vtype_stringptr,   &tls_out.sni },
 #endif
@@ -5039,7 +5047,7 @@ while (*s != 0)
             port = ntohs(service_info->s_port);
             }
 
-         /*XXX we trust that the request is idempotent.  Hmm. */
+         /*XXX we trust that the request is idempotent for TFO.  Hmm. */
          cctx.sock = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
                  timeout, &host, &expand_string_message,
                  do_tls ? NULL : &reqstr);
@@ -6791,23 +6799,35 @@ while (*s != 0)
          }
         continue;
 
+      case EOP_SHA2:
       case EOP_SHA256:
 #ifdef EXIM_HAVE_SHA2
        if (vp && *(void **)vp->value)
          {
-         uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
-         yield = string_cat(yield, cp);
+         if (c == EOP_SHA256)
+           {
+           uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
+           yield = string_cat(yield, cp);
+           }
+         else
+           expand_string_message = US"sha2_N not supported with certificates";
          }
        else
          {
          hctx h;
          blob b;
+         hashmethod m = !arg ? HASH_SHA2_256
+           : Ustrcmp(arg, "256") == 0 ? HASH_SHA2_256
+           : Ustrcmp(arg, "384") == 0 ? HASH_SHA2_384
+           : Ustrcmp(arg, "512") == 0 ? HASH_SHA2_512
+           : HASH_BADTYPE;
 
-         if (!exim_sha_init(&h, HASH_SHA2_256))
+         if (m == HASH_BADTYPE || !exim_sha_init(&h, m))
            {
-           expand_string_message = US"unrecognised sha256 variant";
+           expand_string_message = US"unrecognised sha2 variant";
            goto EXPAND_FAILED;
            }
+
          exim_sha_update(&h, sub, Ustrlen(sub));
          exim_sha_finish(&h, &b);
          while (b.len-- > 0)