* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge, 1995 - 2016 */
+/* Copyright (c) University of Cambridge, 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Code for DKIM support. Other DKIM relevant code is in
pdkim_ctx *dkim_verify_ctx = NULL;
pdkim_signature *dkim_signatures = NULL;
pdkim_signature *dkim_cur_sig = NULL;
+static BOOL dkim_collect_error = FALSE;
static int
dkim_exim_query_dns_txt(char *name, char *answer)
void
-dkim_exim_verify_init(void)
+dkim_exim_verify_init(BOOL dot_stuffing)
{
/* There is a store-reset between header & body reception
so cannot use the main pool. Any allocs done by Exim
/* Create new context */
-dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt);
+dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
dkim_collect_input = !!dkim_verify_ctx;
+dkim_collect_error = FALSE;
+
+/* Start feed up with any cached data */
+receive_get_cache();
store_pool = dkim_verify_oldpool;
}
store_pool = POOL_PERM;
if ( dkim_collect_input
- && (rc = pdkim_feed(dkim_verify_ctx, (char *)data, len)) != PDKIM_OK)
+ && (rc = pdkim_feed(dkim_verify_ctx, CS data, len)) != PDKIM_OK)
{
log_write(0, LOG_MAIN,
"DKIM: validation error: %.100s", pdkim_errstr(rc));
+ dkim_collect_error = TRUE;
dkim_collect_input = FALSE;
}
store_pool = dkim_verify_oldpool;
dkim_signatures = NULL;
-/* If we have arrived here with dkim_collect_input == FALSE, it
-means there was a processing error somewhere along the way.
-Log the incident and disable futher verification. */
-
-if (!dkim_collect_input)
+if (dkim_collect_error)
{
log_write(0, LOG_MAIN,
"DKIM: Error while running this message through validation,"
sig->algo == PDKIM_ALGO_RSA_SHA256
? "rsa-sha256"
: sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err",
- (int)sig->sigdata.len > -1 ? sig->sigdata.len * 8 : 0
+ (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0
),
sig->identity ? string_sprintf("i=%s ", sig->identity) : US"",
dkim_signing_domain = US sig->domain;
dkim_signing_selector = US sig->selector;
- dkim_key_length = sig->sigdata.len * 8;
+ dkim_key_length = sig->sighash.len * 8;
return;
}
}
uschar *
-dkim_exim_sign(int dkim_fd, uschar * dkim_private_key,
- const uschar * dkim_domain, uschar * dkim_selector,
- uschar * dkim_canon, uschar * dkim_sign_headers)
+dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim)
{
+const uschar * dkim_domain;
int sep = 0;
uschar *seen_items = NULL;
int seen_items_size = 0;
store_pool = POOL_MAIN;
-if (!(dkim_domain = expand_cstring(dkim_domain)))
+if (!(dkim_domain = expand_cstring(dkim->dkim_domain)))
{
/* expansion error, do not send message. */
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
/* Set up $dkim_selector expansion variable. */
- if (!(dkim_signing_selector = expand_string(dkim_selector)))
+ if (!(dkim_signing_selector = expand_string(dkim->dkim_selector)))
{
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_selector: %s", expand_string_message);
/* Get canonicalization to use */
- dkim_canon_expanded = dkim_canon ? expand_string(dkim_canon) : US"relaxed";
+ dkim_canon_expanded = dkim->dkim_canon
+ ? expand_string(dkim->dkim_canon) : US"relaxed";
if (!dkim_canon_expanded)
{
/* expansion error, do not send message. */
}
dkim_sign_headers_expanded = NULL;
- if (dkim_sign_headers)
- if (!(dkim_sign_headers_expanded = expand_string(dkim_sign_headers)))
+ if (dkim->dkim_sign_headers)
+ if (!(dkim_sign_headers_expanded = expand_string(dkim->dkim_sign_headers)))
{
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_sign_headers: %s", expand_string_message);
/* Get private key to use. */
- if (!(dkim_private_key_expanded = expand_string(dkim_private_key)))
+ if (!(dkim_private_key_expanded = expand_string(dkim->dkim_private_key)))
{
log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
"dkim_private_key: %s", expand_string_message);
/* Looks like a filename, load the private key. */
memset(big_buffer, 0, big_buffer_size);
- privkey_fd = open(CS dkim_private_key_expanded, O_RDONLY);
- if (privkey_fd < 0)
+
+ if ((privkey_fd = open(CS dkim_private_key_expanded, O_RDONLY)) < 0)
{
log_write(0, LOG_MAIN | LOG_PANIC, "unable to open "
"private key file for reading: %s",
dkim_private_key_expanded = big_buffer;
}
- ctx = pdkim_init_sign( CS dkim_signing_domain,
- CS dkim_signing_selector,
- CS dkim_private_key_expanded,
- PDKIM_ALGO_RSA_SHA256);
+ ctx = pdkim_init_sign(CS dkim_signing_domain,
+ CS dkim_signing_selector,
+ CS dkim_private_key_expanded,
+ PDKIM_ALGO_RSA_SHA256,
+ dkim->dot_stuffed,
+ &dkim_exim_query_dns_txt
+ );
+ dkim_private_key_expanded[0] = '\0';
pdkim_set_optional(ctx,
- (char *) dkim_sign_headers_expanded,
+ CS dkim_sign_headers_expanded,
NULL,
pdkim_canon,
pdkim_canon, -1, 0, 0);
lseek(dkim_fd, 0, SEEK_SET);
- while ((sread = read(dkim_fd, &buf, 4096)) > 0)
+ while ((sread = read(dkim_fd, &buf, sizeof(buf))) > 0)
if ((pdkim_rc = pdkim_feed(ctx, buf, sread)) != PDKIM_OK)
goto pk_bad;