From 671a6231c6920a443c82e8940c77ddaa3f5c05d8 Mon Sep 17 00:00:00 2001
From: Paul Arthur <paul.arthur@flowerysong.com>
Date: Thu, 3 Oct 2024 04:33:18 +0000
Subject: [PATCH] SHA256 isn't optional

It's been a required part of DKIM since 2007, and there's no reason to
allow people to compile OpenARC without it.
---
 configure.ac           | 11 +----------
 libopenarc/arc-canon.c | 23 ++---------------------
 libopenarc/arc-types.h |  2 --
 libopenarc/arc.c       |  2 --
 4 files changed, 3 insertions(+), 35 deletions(-)

diff --git a/configure.ac b/configure.ac
index 1133599..8d4e8df 100644
--- a/configure.ac
+++ b/configure.ac
@@ -552,7 +552,7 @@ openssl_found="no"
 
 if test \( "$sslpath" = "auto" -o x"$sslpath" = x"yes" \) -a x"$PKG_CONFIG" != x""
 then
-	PKG_CHECK_MODULES([LIBCRYPTO], [openssl >= 0.9.7],
+	PKG_CHECK_MODULES([LIBCRYPTO], [openssl >= 0.9.8],
 	                  [openssl_found="yes"],
 	                  [openssl_found="no"
 	                   AC_MSG_WARN([pkg-config for openssl not found, trying manual search...])
@@ -651,15 +651,6 @@ then
 		]
 	)
 
-	AC_CHECK_DECL([SHA256_DIGEST_LENGTH],
-                      AC_DEFINE([HAVE_SHA256], 1,
- 	                        [Define to 1 if your crypto library has SHA256 support]),
-	              AC_MSG_WARN([SHA256 is required for DKIM but is not
-	                           supported with your version of OpenSSL]),
-	              [
-#include <sys/types.h>
-#include <openssl/sha.h>])
-
 	CFLAGS="$saved_CFLAGS"
 	CPPFLAGS="$saved_CPPFLAGS"
 	LDFLAGS="$saved_LDFLAGS"
diff --git a/libopenarc/arc-canon.c b/libopenarc/arc-canon.c
index e76c01f..9cc3c2c 100644
--- a/libopenarc/arc-canon.c
+++ b/libopenarc/arc-canon.c
@@ -92,7 +92,6 @@ arc_canon_free(ARC_MESSAGE *msg, ARC_CANON *canon)
 			break;
 		  }
 
-#ifdef HAVE_SHA256
 		  case ARC_HASHTYPE_SHA256:
 		  {
 			struct arc_sha256 *sha256;
@@ -108,7 +107,6 @@ arc_canon_free(ARC_MESSAGE *msg, ARC_CANON *canon)
 
 			break;
 		  }
-#endif /* HAVE_SHA256 */
 
 		  default:
 			assert(0);
@@ -169,7 +167,6 @@ arc_canon_write(ARC_CANON *canon, u_char *buf, size_t buflen)
 		break;
 	  }
 
-#ifdef HAVE_SHA256
 	  case ARC_HASHTYPE_SHA256:
 	  {
 		struct arc_sha256 *sha256;
@@ -182,7 +179,6 @@ arc_canon_write(ARC_CANON *canon, u_char *buf, size_t buflen)
 
 		break;
 	  }
-#endif /* HAVE_SHA256 */
 	}
 
 	if (canon->canon_remain != (ssize_t) -1)
@@ -617,7 +613,6 @@ arc_canon_init(ARC_MESSAGE *msg, _Bool tmp, _Bool keep)
 		  	break;
 		  }
 
-#ifdef HAVE_SHA256
 		  case ARC_HASHTYPE_SHA256:
 		  {
 			struct arc_sha256 *sha256;
@@ -651,7 +646,6 @@ arc_canon_init(ARC_MESSAGE *msg, _Bool tmp, _Bool keep)
 
 		  	break;
 		  }
-#endif /* HAVE_SHA256 */
 
 		  default:
 			assert(0);
@@ -726,15 +720,8 @@ arc_add_canon(ARC_MESSAGE *msg, int type, arc_canon_t canon, int hashtype,
 	assert(msg != NULL);
 	assert(canon == ARC_CANON_SIMPLE || canon == ARC_CANON_RELAXED);
 
-	if (arc_libfeature(msg->arc_library, ARC_FEATURE_SHA256))
-	{
-		assert(hashtype == ARC_HASHTYPE_SHA1 ||
-		       hashtype == ARC_HASHTYPE_SHA256);
-	}
-	else
-	{
-		assert(hashtype == ARC_HASHTYPE_SHA1);
-	}
+	assert(hashtype == ARC_HASHTYPE_SHA1 ||
+	       hashtype == ARC_HASHTYPE_SHA256);
 
 	if (type == ARC_CANONTYPE_HEADER)
 	{
@@ -1087,7 +1074,6 @@ arc_canon_finalize(ARC_CANON *canon)
 		break;
 	  }
 
-#ifdef HAVE_SHA256
 	  case ARC_HASHTYPE_SHA256:
 	  {
 		struct arc_sha256 *sha256;
@@ -1100,7 +1086,6 @@ arc_canon_finalize(ARC_CANON *canon)
 
 		break;
 	  }
-#endif /* HAVE_SHA256 */
 
 	  default:
 		assert(0);
@@ -1922,7 +1907,6 @@ arc_canon_closebody(ARC_MESSAGE *msg)
 			break;
 		  }
 
-#ifdef HAVE_SHA256
 		  case ARC_HASHTYPE_SHA256:
 		  {
 			struct arc_sha256 *sha256;
@@ -1935,7 +1919,6 @@ arc_canon_closebody(ARC_MESSAGE *msg)
 
 			break;
 		  }
-#endif /* HAVE_SHA256 */
 
 		  default:
 			assert(0);
@@ -1983,7 +1966,6 @@ arc_canon_getfinal(ARC_CANON *canon, u_char **digest, size_t *dlen)
 		return ARC_STAT_OK;
 	  }
 
-#ifdef HAVE_SHA256
 	  case ARC_HASHTYPE_SHA256:
 	  {
 		struct arc_sha256 *sha256;
@@ -1994,7 +1976,6 @@ arc_canon_getfinal(ARC_CANON *canon, u_char **digest, size_t *dlen)
 
 		return ARC_STAT_OK;
 	  }
-#endif /* HAVE_SHA256 */
 
 	  default:
 		assert(0);
diff --git a/libopenarc/arc-types.h b/libopenarc/arc-types.h
index 7b7da76..a588d9d 100644
--- a/libopenarc/arc-types.h
+++ b/libopenarc/arc-types.h
@@ -34,7 +34,6 @@ struct arc_sha1
 	u_char			sha1_out[SHA_DIGEST_LENGTH];
 };
 
-#ifdef HAVE_SHA256
 /* struct arc_sha256 -- stuff needed to do a sha256 hash */
 struct arc_sha256
 {
@@ -43,7 +42,6 @@ struct arc_sha256
 	SHA256_CTX		sha256_ctx;
 	u_char			sha256_out[SHA256_DIGEST_LENGTH];
 };
-#endif /* HAVE_SHA256 */
 
 /* struct arc_qmethod -- signature query method */
 struct arc_qmethod
diff --git a/libopenarc/arc.c b/libopenarc/arc.c
index 53aec4b..7332027 100644
--- a/libopenarc/arc.c
+++ b/libopenarc/arc.c
@@ -865,9 +865,7 @@ arc_init(void)
 	lib->arcl_dns_waitreply = arc_res_waitreply;
 	strncpy(lib->arcl_tmpdir, DEFTMPDIR, sizeof lib->arcl_tmpdir - 1);
 
-#ifdef HAVE_SHA256
 	FEATURE_ADD(lib, ARC_FEATURE_SHA256);
-#endif /* HAVE_SHA256 */
 
 	return lib;
 }