+ free(sig_hdr);
+
+ /* SIGNING ---------------------------------------------------------------- */
+ if (ctx->mode == PDKIM_MODE_SIGN) {
+ rsa_context rsa;
+
+ /* Perform private key operation */
+ if (rsa_parse_key(&rsa, (unsigned char *)sig->rsa_privkey,
+ strlen(sig->rsa_privkey), NULL, 0) != 0) {
+ return PDKIM_ERR_RSA_PRIVKEY;
+ }
+
+ sig->sigdata_len = mpi_size(&(rsa.N));
+ sig->sigdata = malloc(sig->sigdata_len);
+ if (sig->sigdata == NULL) return PDKIM_ERR_OOM;
+
+ if (rsa_pkcs1_sign( &rsa, RSA_PRIVATE,
+ ((sig->algo == PDKIM_ALGO_RSA_SHA1)?
+ RSA_SHA1:RSA_SHA256),
+ 0,
+ (unsigned char *)headerhash,
+ (unsigned char *)sig->sigdata ) != 0) {
+ return PDKIM_ERR_RSA_SIGNING;
+ }
+
+ rsa_free(&rsa);
+
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream) {
+ fprintf(ctx->debug_stream, "PDKIM [%s] b computed: ",
+ sig->domain);
+ pdkim_hexprint(ctx->debug_stream, sig->sigdata, sig->sigdata_len, 1);
+ }
+ #endif
+
+ /* Recreate signature header with b= included, return it to the caller */
+ if (signature != NULL) {
+ *signature = pdkim_create_header(ctx->sig,1);
+ if (*signature == NULL) return PDKIM_ERR_OOM;
+ }
+ }
+ /* VERIFICATION ----------------------------------------------------------- */
+ else {