- #ifdef PDKIM_DEBUG
- if (ctx->debug_stream) {
- fprintf(ctx->debug_stream,
- "PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>\n");
- pdkim_quoteprint(ctx->debug_stream, sig_hdr, strlen(sig_hdr), 1);
- fprintf(ctx->debug_stream,
- "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ /* SIGNING ---------------------------------------------------------------- */
+ /* When signing, walk through our header list and add them to the hash. As we
+ go, construct a list of the header's names to use for the h= parameter.
+ Then append to that list any remaining header names for which there was no
+ header to sign. */
+
+ if (ctx->flags & PDKIM_MODE_SIGN)
+ {
+ uschar * headernames = NULL; /* Collected signed header names */
+ int hs = 0, hl = 0;
+ pdkim_stringlist *p;
+ const uschar * l;
+ uschar * s;
+ int sep = 0;
+
+ for (p = sig->headers; p; p = p->next)
+ if (header_name_match(p->value, sig->sign_headers) == PDKIM_OK)
+ {
+ uschar * rh;
+ /* Collect header names (Note: colon presence is guaranteed here) */
+ uschar * q = Ustrchr(p->value, ':');
+
+ headernames = string_catn(headernames, &hs, &hl,
+ p->value, (q - US p->value) + (p->next ? 1 : 0));
+
+ rh = sig->canon_headers == PDKIM_CANON_RELAXED
+ ? pdkim_relax_header(p->value, 1) /* cook header for relaxed canon */
+ : string_copy(CUS p->value); /* just copy it for simple canon */
+
+ /* Feed header to the hash algorithm */
+ exim_sha_update(&hhash_ctx, CUS rh, Ustrlen(rh));
+
+ /* Remember headers block for signing (when the library cannot do incremental) */
+ (void) exim_rsa_data_append(&hdata, &hdata_alloc, rh);
+
+ DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh));
+ }
+
+ l = sig->sign_headers;
+ while((s = string_nextinlist(&l, &sep, NULL, 0)))
+ if (*s != '_')
+ { /*SSS string_append_listele() */
+ if (hl > 0 && headernames[hl-1] != ':')
+ headernames = string_catn(headernames, &hs, &hl, US":", 1);
+
+ headernames = string_cat(headernames, &hs, &hl, s);
+ }
+ headernames[hl] = '\0';
+
+ /* Copy headernames to signature struct */
+ sig->headernames = headernames;
+
+ /* Create signature header with b= omitted */
+ sig_hdr = pdkim_create_header(sig, FALSE);