From 3eea12e5f9af7739d5d009c6888b65bd4875a554 Mon Sep 17 00:00:00 2001
From: Alon Bar-Lev <alon.barlev@gmail.com>
Date: Sat, 4 Mar 2017 00:41:35 +0200
Subject: [PATCH] crypto: support gnutls-3.4

https://sourceforge.net/p/opendkim/patches/36/

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
---
 libopendkim/dkim.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/libopendkim/dkim.c b/libopendkim/dkim.c
index d0d75a5..0c2278e 100644
--- a/libopendkim/dkim.c
+++ b/libopendkim/dkim.c
@@ -5301,6 +5301,8 @@ dkim_sig_process(DKIM *dkim, DKIM_SIGINFO *sig)
 	size_t diglen = 0;
 #ifdef USE_GNUTLS
 	gnutls_datum_t key;
+	gnutls_digest_algorithm_t hash;
+	gnutls_sign_algorithm_t sign_algo;
 #else /* USE_GNUTLS */
 	BIO *key;
 #endif /* USE_GNUTLS */
@@ -5442,7 +5444,22 @@ dkim_sig_process(DKIM *dkim, DKIM_SIGINFO *sig)
 			return DKIM_STAT_OK;
 		}
 
-		rsastat = gnutls_pubkey_verify_hash(rsa->rsa_pubkey, 0,
+		hash = GNUTLS_DIG_SHA1;
+
+		if (dkim_libfeature(dkim->dkim_libhandle,
+		                    DKIM_FEATURE_SHA256) &&
+		    sig->sig_hashtype == DKIM_HASHTYPE_SHA256)
+			hash = GNUTLS_DIG_SHA256;
+
+		sign_algo = gnutls_pk_to_sign(GNUTLS_PK_RSA, hash);
+		if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+		{
+			assert(0);
+			/* NOTREACHED */
+		}
+
+		rsastat = gnutls_pubkey_verify_hash2(rsa->rsa_pubkey,
+		                                    sign_algo, 0,
 		                                    &rsa->rsa_digest,
 		                                    &rsa->rsa_sig);
 		if (rsastat < 0)
-- 
2.10.2