From: Jeremy Harris Date: Wed, 23 Oct 2019 12:27:06 +0000 (+0100) Subject: DKIM: disallow default acceptance of sha1 for verify X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/6ce1ece9cb2b13fdc4d235146fa98835811570bd DKIM: disallow default acceptance of sha1 for verify --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index bb19e3915..c8b999c9f 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -15113,15 +15113,20 @@ to handle IPv6 literal addresses. .new -.option dkim_verify_hashes main "string list" "sha256 : sha512 : sha1" +.option dkim_verify_hashes main "string list" "sha256 : sha512" .cindex DKIM "selecting signature algorithms" This option gives a list of hash types which are acceptable in signatures, and an order of processing. Signatures with algorithms not in the list will be ignored. -Note that the presence of sha1 violates RFC 8301. -Signatures using the rsa-sha1 are however (as of writing) still common. -The default inclusion of sha1 may be dropped in a future release. +Acceptable values include: +.code +sha1 +sha256 +sha512 +.endd + +Note that the acceptance of sha1 violates RFC 8301. .option dkim_verify_keytypes main "string list" "ed25519 : rsa" This option gives a list of key types which are acceptable in signatures, diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 079b5a1ee..45d126ccd 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -14,6 +14,10 @@ JH/01 Avoid costly startup code when not strictly needed. This reduces time JH/02 Early-pipelining support code is now included unless disabled in Makefile. +JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to + RFC 8301. They can still be enabled, using the dkim_verify_hashes main + option. + Exim version 4.93 ----------------- diff --git a/src/src/globals.c b/src/src/globals.c index 87ff2e65f..b874c4669 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -831,7 +831,7 @@ void *dkim_signatures = NULL; uschar *dkim_signers = NULL; uschar *dkim_signing_domain = NULL; uschar *dkim_signing_selector = NULL; -uschar *dkim_verify_hashes = US"sha256:sha512:sha1"; +uschar *dkim_verify_hashes = US"sha256:sha512"; uschar *dkim_verify_keytypes = US"ed25519:rsa"; BOOL dkim_verify_minimal = FALSE; uschar *dkim_verify_overall = NULL; diff --git a/test/confs/4500 b/test/confs/4500 index 502de4a19..c7335327e 100644 --- a/test/confs/4500 +++ b/test/confs/4500 @@ -13,6 +13,7 @@ acl_smtp_dkim = check_dkim acl_smtp_data = check_data log_selector = +dkim_verbose +dkim_verify_hashes = sha256 : sha512 : sha1 queue_only queue_run_in_order diff --git a/test/stderr/4507 b/test/stderr/4507 index 48d4d9fa9..1c45d0955 100644 --- a/test/stderr/4507 +++ b/test/stderr/4507 @@ -9,22 +9,22 @@ >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) >>> xxx in helo_lookup_domains? no (end of list) ->>> processing "accept" (TESTSUITE/test-config 43) +>>> processing "accept" (TESTSUITE/test-config 44) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_dkim" ->>> processing "warn" (TESTSUITE/test-config 34) +>>> processing "warn" (TESTSUITE/test-config 35) >>> check logwrite = signer: $dkim_cur_signer bits: $dkim_key_length >>> = signer: test.ex bits: 1024 LOG: 10HmaX-0005vi-00 signer: test.ex bits: 1024 >>> warn: condition test succeeded in ACL "check_dkim" ->>> processing "accept" (TESTSUITE/test-config 37) +>>> processing "accept" (TESTSUITE/test-config 38) >>> accept: condition test succeeded in ACL "check_dkim" >>> end of ACL "check_dkim": ACCEPT LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] >>> using ACL "check_data" ->>> processing "accept" (TESTSUITE/test-config 41) +>>> processing "accept" (TESTSUITE/test-config 42) >>> check logwrite = ${authresults {$primary_hostname}} >>> = Authentication-Results: myhost.test.ex; >>> dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1