Builtin macros for sha3-hash and ed25519-signing support

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index b5865e966fce06e1bf24e96309e5b7a378f54007..972cdc76e9d02c542221249cf59e634300e70d4a 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -10648,6 +10648,7 @@ The &%sha3%& expansion item is only supported if Exim has been
 compiled with GnuTLS 3.5.0 or later,
 .new
 or OpenSSL 1.1.1 or later.
+The macro "_CRYPTO_HASH_SHA3" will be defined if it is supported.
 .wen
 
 
@@ -38663,7 +38664,6 @@ for the former it is the base64 of the ASN.1 for the RSA public key
 (equivalent to the private-key .pem with the header/trailer stripped)
 but for EC keys it is the base64 of the pure key; no ASN.1 wrapping.
 .wen
-.wen
 
 Signing is enabled by setting private options on the SMTP transport.
 These options take (expandable) strings as arguments.
@@ -38710,6 +38710,7 @@ Note that RFC 8301 says:
 .code
 Signers MUST use RSA keys of at least 1024 bits for all keys.
 Signers SHOULD use RSA keys of at least 2048 bits.
+.endd
 
 Support for EC keys is being developed under
 &url(https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-crypto/).
@@ -38717,7 +38718,8 @@ They are considerably smaller than RSA keys for equivalent protection.
 As they are a recent development, users should consider dual-signing
 (by setting a list of selectors, and an expansion for this option)
 for some transition period.
-.endd
+The "_CRYPTO_SIGN_ED25519" macro will be defined if support is present
+for EC keys.
 .wen
 
 .option dkim_hash smtp string&!! sha256
@@ -38902,6 +38904,8 @@ The key record selector string.
 The algorithm used. One of 'rsa-sha1' or 'rsa-sha256'.
 .new
 If running under GnuTLS 3.6.0 or later, may also be 'ed25519-sha256'.
+The "_CRYPTO_SIGN_ED25519" macro will be defined if support is present
+for EC keys.
 .wen
 
 .new

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index ee40553a613d15c8bb998c144960e892b6b0f1c9..8464872b4bd505f29e4cddd53d234799a75672de 100644 (file)
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -36,6 +36,9 @@ Version 4.91
  9. DKIM operations can now use the Ed25519 algorithm in addition to RSA, under
     GnuTLS 3.6.0 or later.
 
+10. Builtin feature-macros _CRYPTO_HASH_SHA3 and _CRYPTO_SIGN_ED25519, library
+    version dependent.
+
 
 Version 4.90
 ------------

diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base
index c96f46f0edf3e8f4b4c4d1986b3282803a4edd08..11ba19e615d3c299c952a4a9703e7b2bb075aed0 100644 (file)
--- a/src/OS/Makefile-Base
+++ b/src/OS/Makefile-Base
@@ -134,8 +134,8 @@ OBJ_MACRO = macro_predef.o \
        macro-smtp.o macro-accept.o macro-dnslookup.o macro-ipliteral.o macro-iplookup.o \
        macro-manualroute.o macro-queryprogram.o macro-redirect.o \
        macro-auth-spa.o macro-cram_md5.o macro-cyrus_sasl.o macro-dovecot.o macro-gsasl_exim.o \
-       macro-heimdal_gssapi.o macro-plaintext.o macro-spa.o macro-tls.o\
-       macro-dkim.o macro-malware.o macro-macro.o macro-tree.o
+       macro-heimdal_gssapi.o macro-plaintext.o macro-spa.o macro-authtls.o \
+       macro-dkim.o macro-malware.o macro-macro.o macro-tree.o macro-signing.o
 
 $(OBJ_MACRO):  $(MACRO_HSRC)
 
@@ -220,7 +220,7 @@ macro-plaintext.o : auths/plaintext.c
 macro-spa.o :          auths/spa.c
        @echo "$(CC) -DMACRO_PREDEF auths/spa.c"
        $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/spa.c
-macro-tls.o:           auths/tls.c
+macro-authtls.o:       auths/tls.c
        @echo "$(CC) -DMACRO_PREDEF auths/tls.c"
        $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/tls.c
 macro-dkim.o:          dkim.c
@@ -235,6 +235,9 @@ macro-macro.o:      macro.c
 macro-tree.o:  tree.c
        @echo "$(CC) -DMACRO_PREDEF tree.c"
        $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ tree.c
+macro-signing.o:       pdkim/signing.c
+       @echo "$(CC) -DMACRO_PREDEF pdkim/signing.c"
+       $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ pdkim/signing.c
 
 macro_predef: $(OBJ_MACRO)
        @echo "$(LNCC) -o $@"

diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c
index b594d5bfd23e4f4ce54ab5e9c337e7633b694b1c..2485072f4edd3272be89612957fe4f70ff0def13 100644 (file)
--- a/src/src/macro_predef.c
+++ b/src/src/macro_predef.c
@@ -258,6 +258,8 @@ due to conflicts with other common macros. */
 #ifdef WITH_CONTENT_SCAN
 features_malware();
 #endif
+
+features_crypto();
 }
 
 

diff --git a/src/src/macro_predef.h b/src/src/macro_predef.h
index bfa20106862bf240b6a4c631fbaf0b7d2235a870..50b61a897a67ab873909ea22e29f06a0c3d3f047 100644 (file)
--- a/src/src/macro_predef.h
+++ b/src/src/macro_predef.h
@@ -13,6 +13,7 @@ extern void builtin_macro_create_var(const uschar *, const uschar *);
 extern void options_from_list(optionlist *, unsigned, const uschar *, uschar *);
 
 extern void features_malware(void);
+extern void features_crypto(void);
 extern void options_main(void);
 extern void options_routers(void);
 extern void options_transports(void);

diff --git a/src/src/pdkim/crypt_ver.h b/src/src/pdkim/crypt_ver.h
index 7b0ddf92a97045df109b9e08a8ddcb4440b39a7c..ad7db025ec1ec6d2e4cce710d2d3fe4cdb6a970a 100644 (file)
--- a/src/src/pdkim/crypt_ver.h
+++ b/src/src/pdkim/crypt_ver.h
@@ -17,7 +17,7 @@
 # if GNUTLS_VERSION_NUMBER >= 0x030000
 #  define SIGN_GNUTLS
 #  if GNUTLS_VERSION_NUMBER >= 0x030600
-#   define SIGN_HAVE_ED25519
+#   define SIGN_HAVE_ED25519           /*MMMM*/
 #  endif
 # else
 #  define SIGN_GCRYPT

diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c
index f73fa9cc8f00631f0cd158abd6a854877afd7ffb..b61b428327292cf6bad504a44bdf824b26e2245f 100644 (file)
--- a/src/src/pdkim/signing.c
+++ b/src/src/pdkim/signing.c
@@ -7,16 +7,31 @@
  */
 
 #include "../exim.h"
+#include "crypt_ver.h"
+#include "signing.h"
+
+
+#ifdef MACRO_PREDEF
+# include "../macro_predef.h"
+
+void
+features_crypto(void)
+{
+# ifdef SIGN_HAVE_ED25519
+  builtin_macro_create(US"_CRYPTO_SIGN_ED25519");
+# endif
+# ifdef EXIM_HAVE_SHA3
+  builtin_macro_create(US"_CRYPTO_HASH_SHA3");
+# endif
+}
+#else
 
-#ifndef DISABLE_DKIM   /* entire file */
+#ifndef DISABLE_DKIM   /* rest of file */
 
 #ifndef SUPPORT_TLS
 # error Need SUPPORT_TLS for DKIM
 #endif
 
-#include "crypt_ver.h"
-#include "signing.h"
-
 
 /******************************************************************************/
 #ifdef SIGN_GNUTLS
@@ -884,4 +899,5 @@ switch (hash)
 /******************************************************************************/
 
 #endif /*DISABLE_DKIM*/
+#endif /*MACRO_PREDEF*/
 /* End of File */

diff --git a/src/src/sha_ver.h b/src/src/sha_ver.h
index b86e9a831d4ac22827a76772107d5bc2c215d825..61408788b948d9c58ec03bcbc9e6d69920c0f1c7 100644 (file)
--- a/src/src/sha_ver.h
+++ b/src/src/sha_ver.h
@@ -26,7 +26,7 @@
 #  if GNUTLS_VERSION_NUMBER >= 0x020a00
 #   define SHA_GNUTLS
 #   if GNUTLS_VERSION_NUMBER >= 0x030500
-#    define EXIM_HAVE_SHA3
+#    define EXIM_HAVE_SHA3             /*MMMM*/
 #   endif
 #  else
 #   define SHA_GCRYPT

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index a542d4db06584aa732cd3f814ced7498cf0ccddb..00b5a7349668e21f21ec16a01be674ce551c82f0 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -51,7 +51,7 @@ functions from the OpenSSL library. */
 # define EXIM_HAVE_RAND_PSEUDO
 #endif
 #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
-# define EXIM_HAVE_SHA256
+# define EXIM_HAVE_SHA256      /*MMMM*/
 #endif
 
 /*
@@ -81,7 +81,7 @@ functions from the OpenSSL library. */
     || LIBRESSL_VERSION_NUMBER >= 0x20010000L
 # if !defined(OPENSSL_NO_ECDH)
 #  if OPENSSL_VERSION_NUMBER >= 0x0090800fL
-#   define EXIM_HAVE_ECDH
+#   define EXIM_HAVE_ECDH      /*MMMM*/
 #  endif
 #  if OPENSSL_VERSION_NUMBER >= 0x10002000L
 #   define EXIM_HAVE_OPENSSL_EC_NIST2NID