X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/6ab02e3ff7ada14165079ae4d2213e13d32bfad6..1ba28e2b955b005ce4825fec792df17f75a8de1e:/src/src/pdkim/pdkim.c diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index d875e1f89..b0430ea45 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -20,7 +20,7 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.7 2009/11/09 14:19:48 tom Exp $ */ +/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.14 2010/05/29 19:14:06 nm4 Exp $ */ #include #include @@ -65,32 +65,32 @@ struct pdkim_str { /* -------------------------------------------------------------------------- */ /* A bunch of list constants */ -char *pdkim_querymethods[] = { +const char *pdkim_querymethods[] = { "dns/txt", NULL }; -char *pdkim_algos[] = { +const char *pdkim_algos[] = { "rsa-sha256", "rsa-sha1", NULL }; -char *pdkim_canons[] = { +const char *pdkim_canons[] = { "simple", "relaxed", NULL }; -char *pdkim_hashes[] = { +const char *pdkim_hashes[] = { "sha256", "sha1", NULL }; -char *pdkim_keytypes[] = { +const char *pdkim_keytypes[] = { "rsa", NULL }; typedef struct pdkim_combined_canon_entry { - char *str; + const char *str; int canon_headers; int canon_body; } pdkim_combined_canon_entry; @@ -105,15 +105,36 @@ pdkim_combined_canon_entry pdkim_combined_canons[] = { }; +const char *pdkim_verify_status_str(int status) { + switch(status) { + case PDKIM_VERIFY_NONE: return "PDKIM_VERIFY_NONE"; + case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID"; + case PDKIM_VERIFY_FAIL: return "PDKIM_VERIFY_FAIL"; + case PDKIM_VERIFY_PASS: return "PDKIM_VERIFY_PASS"; + default: return "PDKIM_VERIFY_UNKNOWN"; + } +} +const char *pdkim_verify_ext_status_str(int ext_status) { + switch(ext_status) { + case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY"; + case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE"; + case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE"; + case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE"; + case PDKIM_VERIFY_INVALID_PUBKEY_PARSING: return "PDKIM_VERIFY_INVALID_PUBKEY_PARSING"; + default: return "PDKIM_VERIFY_UNKNOWN"; + } +} + + /* -------------------------------------------------------------------------- */ /* Print debugging functions */ #ifdef PDKIM_DEBUG -void pdkim_quoteprint(FILE *stream, char *data, int len, int lf) { +void pdkim_quoteprint(FILE *stream, const char *data, int len, int lf) { int i; - unsigned char *p = (unsigned char *)data; + const unsigned char *p = (const unsigned char *)data; for (i=0;iallocated=(len+1); p->len=len; if (cstr) strcpy(p->str,cstr); + else p->str[p->len] = '\0'; return p; } -char *pdkim_strncat(pdkim_str *str, char *data, int len) { +char *pdkim_strncat(pdkim_str *str, const char *data, int len) { if ((str->allocated - str->len) < (len+1)) { /* Extend the buffer */ int num_frags = ((len+1)/PDKIM_STR_ALLOC_FRAG)+1; @@ -207,7 +229,7 @@ char *pdkim_strncat(pdkim_str *str, char *data, int len) { str->str[str->len] = '\0'; return str->str; } -char *pdkim_strcat(pdkim_str *str, char *cstr) { +char *pdkim_strcat(pdkim_str *str, const char *cstr) { return pdkim_strncat(str, cstr, strlen(cstr)); } char *pdkim_numcat(pdkim_str *str, unsigned long num) { @@ -306,9 +328,9 @@ DLLEXPORT void pdkim_free_ctx(pdkim_ctx *ctx) { the passed colon-separated "list", starting at entry "start". Returns the position of the header name in the list. */ -int header_name_match(char *header, - char *tick, - int do_tick) { +int header_name_match(const char *header, + char *tick, + int do_tick) { char *hname; char *lcopy; char *p; @@ -398,6 +420,7 @@ char *pdkim_relax_header (char *header, int crlf) { p++; q++; } + if (seen_wsp) q--; *q = '\0'; if (crlf) strcat(relaxed,"\r\n"); return relaxed; @@ -801,7 +824,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) { pub->srvtype = strdup(cur_val->str); break; case 't': - if (strchr(cur_val->str,'t') != NULL) pub->testing = 1; + if (strchr(cur_val->str,'y') != NULL) pub->testing = 1; if (strchr(cur_val->str,'s') != NULL) pub->no_subdomaining = 1; break; default: @@ -842,7 +865,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) { /* -------------------------------------------------------------------------- */ -int pdkim_update_bodyhash(pdkim_ctx *ctx, char *data, int len) { +int pdkim_update_bodyhash(pdkim_ctx *ctx, const char *data, int len) { pdkim_signature *sig = ctx->sig; /* Cache relaxed version of data */ char *relaxed_data = NULL; @@ -851,14 +874,14 @@ int pdkim_update_bodyhash(pdkim_ctx *ctx, char *data, int len) { /* Traverse all signatures, updating their hashes. */ while (sig != NULL) { /* Defaults to simple canon (no further treatment necessary) */ - char *canon_data = data; - int canon_len = len; + const char *canon_data = data; + int canon_len = len; if (sig->canon_body == PDKIM_CANON_RELAXED) { /* Relax the line if not done already */ if (relaxed_data == NULL) { int seen_wsp = 0; - char *p = data; + const char *p = data; int q = 0; relaxed_data = malloc(len+1); if (relaxed_data == NULL) return PDKIM_ERR_OOM; @@ -1267,7 +1290,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu /* Check if we must still flush a (partial) header. If that is the case, the message has no body, and we must compute a body hash out of '' */ - if (ctx->cur_header->len) { + if (ctx->cur_header && ctx->cur_header->len) { int rc = pdkim_header_complete(ctx); if (rc != PDKIM_OK) return rc; pdkim_update_bodyhash(ctx,"\r\n",2); @@ -1283,7 +1306,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu #ifdef PDKIM_DEBUG if (ctx->debug_stream) fprintf(ctx->debug_stream, - "\nPDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); + "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); #endif } @@ -1473,7 +1496,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu if (rsa_pkcs1_sign( &rsa, RSA_PRIVATE, ((sig->algo == PDKIM_ALGO_RSA_SHA1)? - RSA_SHA1:RSA_SHA256), + SIG_RSA_SHA1:SIG_RSA_SHA256), 0, (unsigned char *)headerhash, (unsigned char *)sig->sigdata ) != 0) { @@ -1567,32 +1590,36 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu if (rsa_pkcs1_verify(&rsa, RSA_PUBLIC, ((sig->algo == PDKIM_ALGO_RSA_SHA1)? - RSA_SHA1:RSA_SHA256), + SIG_RSA_SHA1:SIG_RSA_SHA256), 0, (unsigned char *)headerhash, (unsigned char *)sig->sigdata) != 0) { sig->verify_status = PDKIM_VERIFY_FAIL; sig->verify_ext_status = PDKIM_VERIFY_FAIL_MESSAGE; - #ifdef PDKIM_DEBUG - if (ctx->debug_stream) { - fprintf(ctx->debug_stream, "PDKIM [%s] signature did NOT verify OK\n", - sig->domain); - } - #endif goto NEXT_VERIFY; } - /* We have a winner! */ - sig->verify_status = PDKIM_VERIFY_PASS; + /* We have a winner! (if bodydhash was correct earlier) */ + if (sig->verify_status == PDKIM_VERIFY_NONE) { + sig->verify_status = PDKIM_VERIFY_PASS; + } + + NEXT_VERIFY: #ifdef PDKIM_DEBUG if (ctx->debug_stream) { - fprintf(ctx->debug_stream, "PDKIM [%s] signature verified OK\n", - sig->domain); + fprintf(ctx->debug_stream, "PDKIM [%s] signature status: %s", + sig->domain, pdkim_verify_status_str(sig->verify_status)); + if (sig->verify_ext_status > 0) { + fprintf(ctx->debug_stream, " (%s)\n", + pdkim_verify_ext_status_str(sig->verify_ext_status)); + } + else { + fprintf(ctx->debug_stream, "\n"); + } } #endif - NEXT_VERIFY: rsa_free(&rsa); free(dns_txt_name); free(dns_txt_reply);