* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.9 2009/11/19 18:52:48 nm4 Exp $ */
+/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.14 2010/05/29 19:14:06 nm4 Exp $ */
#include <stdlib.h>
#include <stdio.h>
};
+char *pdkim_verify_status_str(int status) {
+ switch(status) {
+ case PDKIM_VERIFY_NONE: return "PDKIM_VERIFY_NONE";
+ case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID";
+ case PDKIM_VERIFY_FAIL: return "PDKIM_VERIFY_FAIL";
+ case PDKIM_VERIFY_PASS: return "PDKIM_VERIFY_PASS";
+ default: return "PDKIM_VERIFY_UNKNOWN";
+ }
+}
+char *pdkim_verify_ext_status_str(int ext_status) {
+ switch(ext_status) {
+ case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY";
+ case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE";
+ case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE";
+ case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE";
+ case PDKIM_VERIFY_INVALID_PUBKEY_PARSING: return "PDKIM_VERIFY_INVALID_PUBKEY_PARSING";
+ default: return "PDKIM_VERIFY_UNKNOWN";
+ }
+}
+
+
/* -------------------------------------------------------------------------- */
/* Print debugging functions */
#ifdef PDKIM_DEBUG
p->allocated=(len+1);
p->len=len;
if (cstr) strcpy(p->str,cstr);
+ else p->str[p->len] = '\0';
return p;
}
char *pdkim_strncat(pdkim_str *str, char *data, int len) {
pub->srvtype = strdup(cur_val->str);
break;
case 't':
- if (strchr(cur_val->str,'t') != NULL) pub->testing = 1;
+ if (strchr(cur_val->str,'y') != NULL) pub->testing = 1;
if (strchr(cur_val->str,'s') != NULL) pub->no_subdomaining = 1;
break;
default:
if (rsa_pkcs1_sign( &rsa, RSA_PRIVATE,
((sig->algo == PDKIM_ALGO_RSA_SHA1)?
- RSA_SHA1:RSA_SHA256),
+ SIG_RSA_SHA1:SIG_RSA_SHA256),
0,
(unsigned char *)headerhash,
(unsigned char *)sig->sigdata ) != 0) {
if (rsa_pkcs1_verify(&rsa,
RSA_PUBLIC,
((sig->algo == PDKIM_ALGO_RSA_SHA1)?
- RSA_SHA1:RSA_SHA256),
+ SIG_RSA_SHA1:SIG_RSA_SHA256),
0,
(unsigned char *)headerhash,
(unsigned char *)sig->sigdata) != 0) {
sig->verify_status = PDKIM_VERIFY_FAIL;
sig->verify_ext_status = PDKIM_VERIFY_FAIL_MESSAGE;
- #ifdef PDKIM_DEBUG
- if (ctx->debug_stream) {
- fprintf(ctx->debug_stream, "PDKIM [%s] signature did NOT verify OK\n",
- sig->domain);
- }
- #endif
goto NEXT_VERIFY;
}
- /* We have a winner! */
- sig->verify_status = PDKIM_VERIFY_PASS;
+ /* We have a winner! (if bodydhash was correct earlier) */
+ if (sig->verify_status == PDKIM_VERIFY_NONE) {
+ sig->verify_status = PDKIM_VERIFY_PASS;
+ }
+
+ NEXT_VERIFY:
#ifdef PDKIM_DEBUG
if (ctx->debug_stream) {
- fprintf(ctx->debug_stream, "PDKIM [%s] signature verified OK\n",
- sig->domain);
+ fprintf(ctx->debug_stream, "PDKIM [%s] signature status: %s",
+ sig->domain, pdkim_verify_status_str(sig->verify_status));
+ if (sig->verify_ext_status > 0) {
+ fprintf(ctx->debug_stream, " (%s)\n",
+ pdkim_verify_ext_status_str(sig->verify_ext_status));
+ }
+ else {
+ fprintf(ctx->debug_stream, "\n");
+ }
}
#endif
- NEXT_VERIFY:
rsa_free(&rsa);
free(dns_txt_name);
free(dns_txt_reply);