This avoids the dependency on having to fetch sha2.h from OpenSSH's OpenBSD-compat archive. Since this filter already uses OpenSSL/LibreSSL for RSA, using it for SHA256 adds no overhead. Additionally, the API is more or less the same, so this change is fairly trivial. --- .../filter-dkim-signer/filter_dkim_signer.c | 26 +++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c index f2c3f11..2eeb801 100644 --- a/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c +++ b/extras/wip/filters/filter-dkim-signer/filter_dkim_signer.c @@ -18,13 +18,13 @@ #include <sys/queue.h> #include <inttypes.h> -#include <sha2.h> #include <stdio.h> #include <string.h> #include <unistd.h> #include <openssl/pem.h> #include <openssl/rsa.h> +#include <openssl/sha.h> #include "smtpd-defines.h" #include "smtpd-api.h" @@ -48,14 +48,14 @@ struct entry { struct signer { SIMPLEQ_HEAD(, entry) lines; - SHA2_CTX hdr_ctx; - SHA2_CTX body_ctx; + SHA256_CTX hdr_ctx; + SHA256_CTX body_ctx; char b64_rsa_sig[BUFSIZ]; char b64_body_hash[BUFSIZ]; char hdrs_list[BUFSIZ]; char hdr_hash[SHA256_DIGEST_LENGTH]; char body_hash[SHA256_DIGEST_LENGTH]; - SHA2_CTX *ctx; + SHA256_CTX *ctx; size_t nlines; size_t emptylines; }; @@ -95,8 +95,8 @@ on_data(uint64_t id) s = xmalloc(sizeof *s, "dkim_signer: on_data"); SIMPLEQ_INIT(&s->lines); - SHA256Init(&s->hdr_ctx); - SHA256Init(&s->body_ctx); + SHA256_Init(&s->hdr_ctx); + SHA256_Init(&s->body_ctx); s->ctx = &s->hdr_ctx; s->nlines = 0; s->emptylines = 0; @@ -163,15 +163,15 @@ on_dataline(uint64_t id, const char *line) return; } else { while (s->emptylines--) - SHA256Update(s->ctx, CRLF, CRLF_LEN); + SHA256_Update(s->ctx, CRLF, CRLF_LEN); s->emptylines = 0; } } - SHA256Update(s->ctx, line, strlen(line)); + SHA256_Update(s->ctx, line, strlen(line)); /* explicitly terminate with a CRLF */ - SHA256Update(s->ctx, CRLF, CRLF_LEN); + SHA256_Update(s->ctx, CRLF, CRLF_LEN); } static int @@ -185,9 +185,9 @@ on_eom(uint64_t id, size_t size) s = filter_api_get_udata(id); /* empty body should be treated as a single CRLF */ if (s->nlines == 0) - SHA256Update(&s->body_ctx, CRLF, CRLF_LEN); + SHA256_Update(&s->body_ctx, CRLF, CRLF_LEN); - SHA256Final(s->body_hash, &s->body_ctx); + SHA256_Final(s->body_hash, &s->body_ctx); if (base64_encode(s->body_hash, sizeof(s->body_hash), s->b64_body_hash, sizeof(s->b64_body_hash)) == -1) { log_warnx("warn: dkim_signer: on_eom: __b64_ntop failed"); @@ -203,8 +203,8 @@ on_eom(uint64_t id, size_t size) return filter_api_reject(id, FILTER_FAIL); } - SHA256Update(&s->hdr_ctx, dkim_sig, dkim_sig_len); - SHA256Final(s->hdr_hash, &s->hdr_ctx); + SHA256_Update(&s->hdr_ctx, dkim_sig, dkim_sig_len); + SHA256_Final(s->hdr_hash, &s->hdr_ctx); rsa_sig = xmalloc(RSA_size(rsa), "dkim_signer: on_eom"); if (RSA_sign(NID_sha256, s->hdr_hash, sizeof(s->hdr_hash), -- 2.4.2 -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org