From: Jeremy Harris Date: Tue, 21 May 2019 18:10:48 +0000 (+0100) Subject: Expansions: ${sha2_N} X-Git-Tag: exim-4.93-RC0~190 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/12e9bb25fcee27771fb96bda05aa796591f4e4bf Expansions: ${sha2_N} --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 48237e4ea..d78378c9b 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -10958,10 +10958,14 @@ returns the SHA-1 hash fingerprint of the certificate. .vitem &*${sha256:*&<&'string'&>&*}*& +.vitem &*${sha2:*&<&'string'&>&*}*& &&& + &*${sha2_:*&<&'string'&>&*}*& .cindex "SHA-256 hash" +.cindex "SHA-2 hash" .cindex certificate fingerprint .cindex "expansion" "SHA-256 hashing" .cindex "&%sha256%& expansion item" +.cindex "&%sha2%& expansion item" The &%sha256%& operator computes the SHA-256 hash value of the string and returns it as a 64-digit hexadecimal number, in which any letters are in upper case. @@ -10969,6 +10973,15 @@ it as a 64-digit hexadecimal number, in which any letters are in upper case. If the string is a single variable of type certificate, returns the SHA-256 hash fingerprint of the certificate. +.new +The operator can also be spelled &%sha2%& and does the same as &%sha256%& +(except for certificates, which are not supported). +Finally, if an underbar +and a number is appended it specifies the output length, selecting a +member of the SHA-2 family of hash functions. +Values of 256, 384 and 512 are accepted, with 256 being the default. +.wen + .vitem &*${sha3:*&<&'string'&>&*}*& &&& &*${sha3_:*&<&'string'&>&*}*& diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index f6044b6c6..b0ae9c132 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -26,6 +26,8 @@ Version 4.93 7. A main option exim_version to override the version Exim reports in verious places ($exim_version, $version_number). + 8. Expansion operator ${sha2_N:} for N=256, 384, 512. + Version 4.92 -------------- @@ -178,7 +180,7 @@ Version 4.89 2. A main-section config option "debug_store" to control the checks on variable locations during store-reset. Normally false but can be enabled - when a memory corrution issue is suspected on a production system. + when a memory corruption issue is suspected on a production system. Version 4.88 diff --git a/src/src/expand.c b/src/src/expand.c index d8ea87dee..41eadefd0 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -235,6 +235,7 @@ static uschar *op_table_main[] = { US"rxquote", US"s", US"sha1", + US"sha2", US"sha256", US"sha3", US"stat", @@ -281,6 +282,7 @@ enum { EOP_RXQUOTE, EOP_S, EOP_SHA1, + EOP_SHA2, EOP_SHA256, EOP_SHA3, EOP_STAT, @@ -6797,23 +6799,35 @@ while (*s != 0) } continue; + case EOP_SHA2: case EOP_SHA256: #ifdef EXIM_HAVE_SHA2 if (vp && *(void **)vp->value) { - uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value); - yield = string_cat(yield, cp); + if (c == EOP_SHA256) + { + uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value); + yield = string_cat(yield, cp); + } + else + expand_string_message = US"sha2_N not supported with certificates"; } else { hctx h; blob b; + hashmethod m = !arg ? HASH_SHA2_256 + : Ustrcmp(arg, "256") == 0 ? HASH_SHA2_256 + : Ustrcmp(arg, "384") == 0 ? HASH_SHA2_384 + : Ustrcmp(arg, "512") == 0 ? HASH_SHA2_512 + : HASH_BADTYPE; - if (!exim_sha_init(&h, HASH_SHA2_256)) + if (m == HASH_BADTYPE || !exim_sha_init(&h, m)) { - expand_string_message = US"unrecognised sha256 variant"; + expand_string_message = US"unrecognised sha2 variant"; goto EXPAND_FAILED; } + exim_sha_update(&h, sub, Ustrlen(sub)); exim_sha_finish(&h, &b); while (b.len-- > 0) diff --git a/src/src/hash.c b/src/src/hash.c index eea2cb8a3..1bdeaef5f 100644 --- a/src/src/hash.c +++ b/src/src/hash.c @@ -33,7 +33,6 @@ sha1; BOOL exim_sha_init(hctx * h, hashmethod m) { -/*XXX extend for sha512 */ switch (h->method = m) { case HASH_SHA1: h->hashlen = 20; SHA1_Init (&h->u.sha1); break; @@ -110,7 +109,6 @@ switch (h->method) BOOL exim_sha_init(hctx * h, hashmethod m) { -/*XXX extend for sha512 */ switch (h->method = m) { case HASH_SHA1: h->hashlen = 20; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA1); break; @@ -151,7 +149,6 @@ gnutls_hash_output(h->sha, b->data); BOOL exim_sha_init(hctx * h, hashmethod m) { -/*XXX extend for sha512 */ switch (h->method = m) { case HASH_SHA1: h->hashlen = 20; gcry_md_open(&h->sha, GCRY_MD_SHA1, 0); break; diff --git a/test/scripts/2990-sha3/2990 b/test/scripts/2990-sha3/2990 index e0d4aaf46..9f73664fb 100644 --- a/test/scripts/2990-sha3/2990 +++ b/test/scripts/2990-sha3/2990 @@ -1,13 +1,25 @@ # sha3 expansions # exim -be -sha256: ${sha256:} -sha256: ${sha256:abc} +sha256: ${sha256:} +sha256:abc ${sha256:abc} +sha2: ${sha2:} +sha2:abc ${sha2:abc} +sha2_256: ${sha2_256:} +sha2_256:abc ${sha2_256:abc} +sha2_384: ${sha2_384:} +sha2_384:abc ${sha2_384:abc} +sha2_512: ${sha2_512:} +sha2_512:abc ${sha3_512:abc} -sha3: ${sha3:} -sha3: ${sha3:abc} -sha3_256: ${sha3_256:} -sha3_256: ${sha3_256:abc} -sha3_512: ${sha3_512:} -sha3_512: ${sha3_512:abc} +sha3: ${sha3:} +sha3:abc ${sha3:abc} +sha3_224: ${sha3_224:} +sha3_224:abc ${sha3_224:abc} +sha3_256: ${sha3_256:} +sha3_256:abc ${sha3_256:abc} +sha3_384: ${sha3_384:} +sha3_384:abc ${sha3_384:abc} +sha3_512: ${sha3_512:} +sha3_512:abc ${sha3_512:abc} **** diff --git a/test/stdout/2990 b/test/stdout/2990 index 203cef932..21d706bdd 100644 --- a/test/stdout/2990 +++ b/test/stdout/2990 @@ -1,10 +1,22 @@ -> sha256: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 -> sha256: BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD +> sha256: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 +> sha256:abc BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD +> sha2: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 +> sha2:abc BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD +> sha2_256: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 +> sha2_256:abc BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD +> sha2_384: 38B060A751AC96384CD9327EB1B1E36A21FDB71114BE07434C0CC7BF63F6E1DA274EDEBFE76F65FBD51AD2F14898B95B +> sha2_384:abc CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7 +> sha2_512: CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E +> sha2_512:abc B751850B1A57168A5693CD924B6B096E08F621827444F70D884F5D0240D2712E10E116E9192AF3C91A7EC57647E3934057340B4CF408D5A56592F8274EEC53F0 > -> sha3: A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A -> sha3: 3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532 -> sha3_256: A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A -> sha3_256: 3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532 -> sha3_512: A69F73CCA23A9AC5C8B567DC185A756E97C982164FE25859E0D1DCC1475C80A615B2123AF1F5F94C11E3E9402C3AC558F500199D95B6D3E301758586281DCD26 -> sha3_512: B751850B1A57168A5693CD924B6B096E08F621827444F70D884F5D0240D2712E10E116E9192AF3C91A7EC57647E3934057340B4CF408D5A56592F8274EEC53F0 +> sha3: A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A +> sha3:abc 3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532 +> sha3_224: 6B4E03423667DBB73B6E15454F0EB1ABD4597F9A1B078E3F5B5A6BC7 +> sha3_224:abc E642824C3F8CF24AD09234EE7D3C766FC9A3A5168D0C94AD73B46FDF +> sha3_256: A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A +> sha3_256:abc 3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532 +> sha3_384: 0C63A75B845E4F7D01107D852E4C2485C51A50AAAA94FC61995E71BBEE983A2AC3713831264ADB47FB6BD1E058D5F004 +> sha3_384:abc EC01498288516FC926459F58E2C6AD8DF9B473CB0FC08C2596DA7CF0E49BE4B298D88CEA927AC7F539F1EDF228376D25 +> sha3_512: A69F73CCA23A9AC5C8B567DC185A756E97C982164FE25859E0D1DCC1475C80A615B2123AF1F5F94C11E3E9402C3AC558F500199D95B6D3E301758586281DCD26 +> sha3_512:abc B751850B1A57168A5693CD924B6B096E08F621827444F70D884F5D0240D2712E10E116E9192AF3C91A7EC57647E3934057340B4CF408D5A56592F8274EEC53F0 >