git.ipfire.org Git - thirdparty/rspamd.git/commit

author	Vsevolod Stakhov <vsevolod@rspamd.com>
	Sat, 4 Oct 2025 14:06:27 +0000 (15:06 +0100)
committer	Vsevolod Stakhov <vsevolod@rspamd.com>
	Sat, 4 Oct 2025 14:06:27 +0000 (15:06 +0100)
commit	9e45beec7cd3bff905ba207a8b4e2a4ff5f22ca7
tree	051b0d74b80c8c60b72a288bd81c547fad1b9ca5	tree \| snapshot
parent	0da40ce40b4f302bf23dab2a47400781017ad8b6	commit \| diff

[Feature] Add ED25519 support for DKIM signing with OpenSSL version checks

This commit adds support for ED25519 DKIM signatures when OpenSSL 1.1.1+ is available.
Key changes:

- Added HAVE_ED25519 detection in CMake to check for EVP_PKEY_ED25519 support
- All ED25519-specific code is conditionally compiled based on HAVE_ED25519
- When ED25519 is not supported, informative error messages are returned
- ED25519 keys loaded from PEM files are extracted and converted to libsodium format
- Fixed union handling to prevent double-free issues
- Updated tests to dynamically select key type based on request header
- Removed unused dkim-ed25519-pem.conf (cannot be passed via rspamc)

The implementation gracefully degrades on older OpenSSL versions while maintaining
full functionality when ED25519 support is available.

cmake/CheckSystemFeatures.cmake		diff \| blob \| blame \| history
config.h.in		diff \| blob \| blame \| history
src/libserver/dkim.c		diff \| blob \| blame \| history
test/functional/cases/116_dkim.robot		diff \| blob \| blame \| history
test/functional/configs/dkim-ed25519-pem.conf	[deleted file]	blob \| blame \| history
test/functional/configs/dkim.conf		diff \| blob \| blame \| history