lookup_dnssec_authenticated = NULL;
if (dns_lookup(&dnsa, US name, T_TXT, NULL) != DNS_SUCCEED)
lookup_dnssec_authenticated = NULL;
if (dns_lookup(&dnsa, US name, T_TXT, NULL) != DNS_SUCCEED)
{
/* There is a store-reset between header & body reception
so cannot use the main pool. Any allocs done by Exim
{
/* There is a store-reset between header & body reception
so cannot use the main pool. Any allocs done by Exim
- && pdkim_feed(dkim_verify_ctx, (char *)data, len) != PDKIM_OK)
+ && (rc = pdkim_feed(dkim_verify_ctx, CS data, len)) != PDKIM_OK)
+ {
+ log_write(0, LOG_MAIN,
+ "DKIM: validation error: %.100s", pdkim_errstr(rc));
-if (pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures) != PDKIM_OK)
+if ((rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures)) != PDKIM_OK)
+ {
+ log_write(0, LOG_MAIN,
+ "DKIM: validation error: %.100s", pdkim_errstr(rc));
-dkim_exim_sign(int dkim_fd, uschar * dkim_private_key,
- const uschar * dkim_domain, uschar * dkim_selector,
- uschar * dkim_canon, uschar * dkim_sign_headers)
+dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim)
{
/* expansion error, do not send message. */
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_domain: %s", expand_string_message);
{
/* expansion error, do not send message. */
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_domain: %s", expand_string_message);
{
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_selector: %s", expand_string_message);
{
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_selector: %s", expand_string_message);
if (!dkim_canon_expanded)
{
/* expansion error, do not send message. */
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_canon: %s", expand_string_message);
if (!dkim_canon_expanded)
{
/* expansion error, do not send message. */
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_canon: %s", expand_string_message);
{
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_sign_headers: %s", expand_string_message);
{
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_sign_headers: %s", expand_string_message);
}
/* else pass NULL, which means default header list */
/* Get private key to use. */
}
/* else pass NULL, which means default header list */
/* Get private key to use. */
{
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_private_key: %s", expand_string_message);
{
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_private_key: %s", expand_string_message);
/* Looks like a filename, load the private key. */
memset(big_buffer, 0, big_buffer_size);
/* Looks like a filename, load the private key. */
memset(big_buffer, 0, big_buffer_size);
{
log_write(0, LOG_MAIN | LOG_PANIC, "unable to open "
"private key file for reading: %s",
dkim_private_key_expanded);
{
log_write(0, LOG_MAIN | LOG_PANIC, "unable to open "
"private key file for reading: %s",
dkim_private_key_expanded);
}
if (read(privkey_fd, big_buffer, big_buffer_size - 2) < 0)
{
log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s",
dkim_private_key_expanded);
}
if (read(privkey_fd, big_buffer, big_buffer_size - 2) < 0)
{
log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s",
dkim_private_key_expanded);
- ctx = pdkim_init_sign( (char *) dkim_signing_domain,
- (char *) dkim_signing_selector,
- (char *) dkim_private_key_expanded,
- PDKIM_ALGO_RSA_SHA256);
+ ctx = pdkim_init_sign( CS dkim_signing_domain,
+ CS dkim_signing_selector,
+ CS dkim_private_key_expanded,
+ PDKIM_ALGO_RSA_SHA256,
+ dkim->dot_stuffed);
+ dkim_private_key_expanded[0] = '\0';
- while ((sread = read(dkim_fd, &buf, 4096)) > 0)
- if (pdkim_feed(ctx, buf, sread) != PDKIM_OK)
- {
- rc = NULL;
- goto CLEANUP;
- }
+ while ((sread = read(dkim_fd, &buf, sizeof(buf))) > 0)
+ if ((pdkim_rc = pdkim_feed(ctx, buf, sread)) != PDKIM_OK)
+ goto pk_bad;
sigbuf = string_append(sigbuf, &sigsize, &sigptr, 2,
US signature->signature_header, US"\r\n");
sigbuf = string_append(sigbuf, &sigsize, &sigptr, 2,
US signature->signature_header, US"\r\n");