Issue #183: opendkim-testkey: Allow testing ed25519 keys

RELEASE_NOTES

@@ -13,6 +13,8 @@ release, and a summary of the changes in that release.
 	Make odkim.internal_ip() available to all Lua hooks.  Problem noted
 		by Iosif Fettich.
 	Make bind code DNSSEC-aware.  Patch from Jack Bates.
+	Extend KeyTable to specify signing algorithm.
+		Patch from Yasuhito Futatsuki.
 	Fix dkimf_db_nextpunct() so it doesn't incorrectly identify an encoded
 		hex digit as a value delimiter.
 	Fix issue #8: The password file critical section isn't big enough.
@@ -49,8 +51,16 @@ release, and a summary of the changes in that release.
 		oversized input lines.  Reported by Mars Peng.
 	LIBOPENDKIM: Fix parsing bug in dkim_mail_parse_multi(), where quotes
 		were not being properly handled.
+	LIBOPENDKIM: Expose conversion table between internal code already
+		provided as DKIM_ macros and their literal name in C string.
+	LIBOPENDKIM: Extend dkim_test_key() to allow testing a ed25519 key,
+		as dkim_test_key2(). For API compatibility, function interface
+		of dkim_test_key() is not changed, but it only calls
+		dkim_test_key2(). Patch from Yasuhito Futatsuki.
 	TOOLS: Feature requrest #187: Add option to match subdomains when
 		generating zone files.  Patch from Andreas Schulze.
+	TOOLS: issue #183: On opendkim-testkey, add support for ed25519 keys.
+		Patch from Yasuhito Futatsuki.
 
 2.10.3		2015/05/12
 	LIBOPENDKIM: Make strict header checking non-destructive.  The last

libopendkim/Makefile.am

@@ -8,7 +8,7 @@ endif
 LDADD = ./libopendkim.la
 
 lib_LTLIBRARIES = libopendkim.la
-libopendkim_la_SOURCES = base32.c base64.c dkim-atps.c dkim-cache.c dkim-canon.c dkim-dns.c dkim-keys.c dkim-mailparse.c dkim-report.c dkim-tables.c dkim-test.c dkim-util.c dkim.c util.c base64.h dkim-cache.h dkim-canon.h dkim-dns.h dkim-internal.h dkim-keys.h dkim-mailparse.h dkim-report.h dkim-tables.h dkim-test.h dkim-types.h dkim-util.h dkim.h util.h
+libopendkim_la_SOURCES = base32.c base64.c dkim-atps.c dkim-cache.c dkim-canon.c dkim-dns.c dkim-keys.c dkim-mailparse.c dkim-report.c dkim-tables.c dkim-test.c dkim-util.c dkim.c util.c base64.h dkim-cache.h dkim-canon.h dkim-dns.h dkim-internal.h dkim-keys.h dkim-mailparse.h dkim-report.h dkim-test.h dkim-types.h dkim-util.h dkim.h util.h
 libopendkim_la_CPPFLAGS = $(LIBCRYPTO_CPPFLAGS)
 libopendkim_la_CFLAGS = $(LIBCRYPTO_INCDIRS) $(LIBOPENDKIM_INC) $(COV_CFLAGS)
 libopendkim_la_LDFLAGS = -no-undefined  $(LIBCRYPTO_LIBDIRS) $(COV_LDFLAGS) -version-info $(LIBOPENDKIM_VERSION_INFO)

libopendkim/base32.c

@@ -158,22 +158,21 @@ dkim_base32_encode(char *buf, size_t *buflen, const void *data, size_t size)
 
 #ifdef TEST
 #include <openssl/sha.h>
+#include <openssl/evp.h>
 
 int
 main(int argc, char **argv)
 {
 	int x;
 	size_t buflen;
-	SHA_CTX sha;
 	char buf[128];
 	unsigned char shaout[SHA_DIGEST_LENGTH];
 
 	memset(buf, '\0', sizeof buf);
 	buflen = sizeof buf;
 
-	SHA1_Init(&sha);
-	SHA1_Update(&sha, argv[1], strlen(argv[1]));
-	SHA1_Final(shaout, &sha);
+	(void) EVP_Digest(argv[1], strlen(argv[1]), shaout, NULL, EVP_sha1(),
+	                  NULL);
 
 	x = dkim_base32_encode(buf, &buflen, shaout, SHA_DIGEST_LENGTH);
 

libopendkim/dkim-atps.c

@@ -21,7 +21,6 @@
 #include "dkim.h"
 #include "dkim-internal.h"
 #include "dkim-types.h"
-#include "dkim-tables.h"
 #include "util.h"
 
 #ifdef USE_GNUTLS
@@ -37,6 +36,7 @@
 #else /* USE_GNUTLS */
 /* openssl includes */
 # include <openssl/sha.h>
+# include <openssl/evp.h>
 #endif /* USE_GNUTLS */
 
 /* prototypes */
@@ -113,11 +113,6 @@ dkim_atps_check(DKIM *dkim, DKIM_SIGINFO *sig, struct timeval *timeout,
 	u_char *eom;
 #ifdef USE_GNUTLS
 	gnutls_hash_hd_t ctx;
-#else /* USE_GNUTLS */
-        SHA_CTX ctx;
-# ifdef HAVE_SHA256
-	SHA256_CTX ctx2;
-# endif /* HAVE_SHA256 */
 #endif /* USE_GNUTLS */
 	struct timeval to;
 	HEADER hdr;
@@ -146,7 +141,7 @@ dkim_atps_check(DKIM *dkim, DKIM_SIGINFO *sig, struct timeval *timeout,
 	/* confirm it requested a hash we know how to do */
 	if (strcasecmp(ahash, "none") != 0)
 	{
-		hash = dkim_name_to_code(hashes, ahash);
+		hash = dkim_name_to_code(dkim_table_hashes, ahash);
 		if (hash == -1)
 			return DKIM_STAT_INVALID;
 	}
@@ -198,16 +193,14 @@ dkim_atps_check(DKIM *dkim, DKIM_SIGINFO *sig, struct timeval *timeout,
 		switch (hash)
 		{
 		  case DKIM_HASHTYPE_SHA1:
-			SHA1_Init(&ctx);
-			SHA1_Update(&ctx, sdomain, strlen(sdomain));
-			SHA1_Final(digest, &ctx);
+			(void) EVP_Digest(sdomain, strlen(sdomain), digest,
+			                  NULL, EVP_sha1(), NULL);
 			break;
 
 #  ifdef HAVE_SHA256
 		  case DKIM_HASHTYPE_SHA256:
-			SHA256_Init(&ctx2);
-			SHA256_Update(&ctx2, sdomain, strlen(sdomain));
-			SHA256_Final(digest, &ctx2);
+			(void) EVP_Digest(sdomain, strlen(sdomain), digest,
+			                  NULL, EVP_sha256(), NULL);
 			break;
 #  endif /* HAVE_SHA256 */