X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fdkim.c;h=92adb35897665f650653de3622c639f72800361f;hb=2130e492c2cda886d74abbb77df4493f151e0a44;hp=9c8458b878920e518c93ed5372029ff45829a3dc;hpb=a841a6eca79ff08b36f2225dcf89c1c162bb8777;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/dkim.c b/src/src/dkim.c
index 9c8458b87..92adb3589 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -3,6 +3,7 @@
 *************************************************/
 
 /* Copyright (c) University of Cambridge, 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Code for DKIM support. Other DKIM relevant code is in
@@ -268,6 +269,11 @@ else
 		"(headers probably modified in transit)]");
 	  break;
 
+	case PDKIM_VERIFY_INVALID_PUBKEY_KEYSIZE:
+	  logmsg = string_cat(logmsg,
+		US"signature invalid (key too short)]");
+	  break;
+
 	default:
 	  logmsg = string_cat(logmsg, US"unspecified reason]");
 	}
@@ -560,6 +566,7 @@ switch (what)
 						return US"pubkey_unavailable";
       case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD:return US"pubkey_dns_syntax";
       case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT:	return US"pubkey_der_syntax";
+      case PDKIM_VERIFY_INVALID_PUBKEY_KEYSIZE:	return US"pubkey_too_short";
       case PDKIM_VERIFY_FAIL_BODY:		return US"bodyhash_mismatch";
       case PDKIM_VERIFY_FAIL_MESSAGE:		return US"signature_incorrect";
       }
@@ -854,6 +861,9 @@ for (pdkim_signature * sig = dkim_signatures; sig; sig = sig->next)
           g = string_cat(g,
 	    US"fail (signature did not verify; headers probably modified in transit)\n\t\t");
 	  break;
+        case PDKIM_VERIFY_INVALID_PUBKEY_KEYSIZE:	/* should this really be "polcy"? */
+          g = string_fmt_append(g, "fail (public key too short: %u bits)\n\t\t", sig->keybits);
+          break;
         default:
           g = string_cat(g, US"fail (unspecified reason)\n\t\t");
 	  break;