DKIM: reduce memory usage (2nd go)

[exim.git] / src / src / pdkim / pdkim.c

diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
index 29277baeb60acb641b4c3e53aad128931031e4a9..bf2bbba6c2e393bc5d87ce831ae61ae8642a3c9f 100644 (file)
--- a/src/src/pdkim/pdkim.c
+++ b/src/src/pdkim/pdkim.c
@@ -115,26 +115,47 @@ pdkim_combined_canon_entry pdkim_combined_canons[] = {
 const char *
 pdkim_verify_status_str(int status)
 {
-  switch(status) {
-    case PDKIM_VERIFY_NONE:    return "PDKIM_VERIFY_NONE";
-    case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID";
-    case PDKIM_VERIFY_FAIL:    return "PDKIM_VERIFY_FAIL";
-    case PDKIM_VERIFY_PASS:    return "PDKIM_VERIFY_PASS";
-    default:                   return "PDKIM_VERIFY_UNKNOWN";
+switch(status)
+  {
+  case PDKIM_VERIFY_NONE:    return "PDKIM_VERIFY_NONE";
+  case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID";
+  case PDKIM_VERIFY_FAIL:    return "PDKIM_VERIFY_FAIL";
+  case PDKIM_VERIFY_PASS:    return "PDKIM_VERIFY_PASS";
+  default:                   return "PDKIM_VERIFY_UNKNOWN";
   }
 }
 
 const char *
 pdkim_verify_ext_status_str(int ext_status)
 {
-  switch(ext_status) {
-    case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY";
-    case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE";
-    case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE";
-    case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE";
-    case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD: return "PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD";
-    case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: return "PDKIM_VERIFY_INVALID_PUBKEY_IMPORT";
-    default: return "PDKIM_VERIFY_UNKNOWN";
+switch(ext_status)
+  {
+  case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY";
+  case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE";
+  case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE";
+  case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE";
+  case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD: return "PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD";
+  case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: return "PDKIM_VERIFY_INVALID_PUBKEY_IMPORT";
+  case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: return "PDKIM_VERIFY_INVALID_SIGNATURE_ERROR";
+  case PDKIM_VERIFY_INVALID_DKIM_VERSION: return "PDKIM_VERIFY_INVALID_DKIM_VERSION";
+  default: return "PDKIM_VERIFY_UNKNOWN";
+  }
+}
+
+const char *
+pdkim_errstr(int status)
+{
+switch(status)
+  {
+  case PDKIM_OK:               return "OK";
+  case PDKIM_FAIL:             return "FAIL";
+  case PDKIM_ERR_RSA_PRIVKEY:  return "RSA_PRIVKEY";
+  case PDKIM_ERR_RSA_SIGNING:  return "RSA SIGNING";
+  case PDKIM_ERR_LONG_LINE:    return "RSA_LONG_LINE";
+  case PDKIM_ERR_BUFFER_TOO_SMALL:     return "BUFFER_TOO_SMALL";
+  case PDKIM_SIGN_PRIVKEY_WRAP:        return "PRIVKEY_WRAP";
+  case PDKIM_SIGN_PRIVKEY_B64D:        return "PRIVKEY_B64D";
+  default: return "(unknown)";
   }
 }
 
@@ -407,6 +428,10 @@ sig = store_get(sizeof(pdkim_signature));
 memset(sig, 0, sizeof(pdkim_signature));
 sig->bodylength = -1;
 
+/* Set so invalid/missing data error display is accurate */
+sig->algo = -1;
+sig->version = 0;
+
 q = sig->rawsig_no_b_val = store_get(Ustrlen(raw_hdr)+1);
 
 for (p = raw_hdr; ; p++)
@@ -476,8 +501,8 @@ for (p = raw_hdr; ; p++)
          case 'v':
              /* We only support version 1, and that is currently the
                 only version there is. */
-           if (Ustrcmp(cur_val, PDKIM_SIGNATURE_VERSION) == 0)
-             sig->version = 1;
+           sig->version =
+             Ustrcmp(cur_val, PDKIM_SIGNATURE_VERSION) == 0 ? 1 : -1;
            break;
          case 'a':
            for (i = 0; pdkim_algos[i]; i++)
@@ -542,10 +567,6 @@ NEXT_CHAR:
     *q++ = c;
   }
 
-/* Make sure the most important bits are there. */
-if (!sig->version)
-  return NULL;
-
 *q = '\0';
 /* Chomp raw header. The final newline must not be added to the signature. */
 while (--q > sig->rawsig_no_b_val  && (*q == '\r' || *q == '\n'))
@@ -702,7 +723,12 @@ while (sig)
       const char *p;
       int q = 0;
 
-      relaxed_data = store_get(len+1);
+      /* We want to be able to free this else we allocate
+      for the entire message which could be many MB. Since
+      we don't know what allocations the SHA routines might
+      do, not safe to use store_get()/store_reset(). */
+
+      relaxed_data = malloc(len+1);
 
       for (p = data; *p; p++)
         {
@@ -746,6 +772,7 @@ while (sig)
   sig = sig->next;
   }
 
+if (relaxed_data) free(relaxed_data);
 return PDKIM_OK;
 }
 
@@ -773,7 +800,7 @@ for (sig = ctx->sig; sig; sig = sig->next)
     }
 
   /* SIGNING -------------------------------------------------------------- */
-  if (ctx->mode == PDKIM_MODE_SIGN)
+  if (ctx->flags & PDKIM_MODE_SIGN)
     {
     sig->bodyhash = bh;
 
@@ -809,8 +836,32 @@ for (sig = ctx->sig; sig; sig = sig->next)
 
 
 
+static int
+pdkim_body_complete(pdkim_ctx * ctx)
+{
+pdkim_signature * sig = ctx->sig;      /*XXX assumes only one sig */
+
+/* In simple body mode, if any empty lines were buffered,
+replace with one. rfc 4871 3.4.3 */
+/*XXX checking the signed-body-bytes is a gross hack; I think
+it indicates that all linebreaks should be buffered, including
+the one terminating a text line */
+
+if (  sig && sig->canon_body == PDKIM_CANON_SIMPLE
+   && sig->signed_body_bytes == 0
+   && ctx->num_buffered_crlf > 0
+   )
+  pdkim_update_bodyhash(ctx, "\r\n", 2);
+
+ctx->flags |= PDKIM_SEEN_EOD;
+ctx->linebuf_offset = 0;
+return PDKIM_OK;
+}
+
+
+
 /* -------------------------------------------------------------------------- */
-/* Callback from pdkim_feed below for processing complete body lines */
+/* Call from pdkim_feed below for processing complete body lines */
 
 static int
 pdkim_bodyline_complete(pdkim_ctx *ctx)
@@ -820,33 +871,23 @@ int   n = ctx->linebuf_offset;
 pdkim_signature *sig = ctx->sig;       /*XXX assumes only one sig */
 
 /* Ignore extra data if we've seen the end-of-data marker */
-if (ctx->seen_eod) goto BAIL;
+if (ctx->flags & PDKIM_SEEN_EOD) goto BAIL;
 
 /* We've always got one extra byte to stuff a zero ... */
 ctx->linebuf[ctx->linebuf_offset] = '\0';
 
 /* Terminate on EOD marker */
-if (memcmp(p, ".\r\n", 3) == 0)
+if (ctx->flags & PDKIM_DOT_TERM)
   {
-  /* In simple body mode, if any empty lines were buffered,
-  replace with one. rfc 4871 3.4.3 */
-  /*XXX checking the signed-body-bytes is a gross hack; I think
-  it indicates that all linebreaks should be buffered, including
-  the one terminating a text line */
-  if (  sig && sig->canon_body == PDKIM_CANON_SIMPLE
-     && sig->signed_body_bytes == 0
-     && ctx->num_buffered_crlf > 0
-     )
-    pdkim_update_bodyhash(ctx, "\r\n", 2);
+  if ( memcmp(p, ".\r\n", 3) == 0)
+    return pdkim_body_complete(ctx);
 
-  ctx->seen_eod = TRUE;
-  goto BAIL;
-  }
-/* Unstuff dots */
-if (memcmp(p, "..", 2) == 0)
-  {
-  p++;
-  n--;
+  /* Unstuff dots */
+  if (memcmp(p, "..", 2) == 0)
+    {
+    p++;
+    n--;
+    }
   }
 
 /* Empty lines need to be buffered until we find a non-empty line */
@@ -906,7 +947,7 @@ ctx->num_headers++;
 if (ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL;
 
 /* SIGNING -------------------------------------------------------------- */
-if (ctx->mode == PDKIM_MODE_SIGN)
+if (ctx->flags & PDKIM_MODE_SIGN)
   {
   pdkim_signature *sig;
 
@@ -919,7 +960,7 @@ if (ctx->mode == PDKIM_MODE_SIGN)
 
 /* VERIFICATION ----------------------------------------------------------- */
 /* DKIM-Signature: headers are added to the verification list */
-if (ctx->mode == PDKIM_MODE_VERIFY)
+else
   {
   if (strncasecmp(CCS ctx->cur_header,
                  DKIM_SIGNATURE_HEADERNAME,
@@ -969,11 +1010,15 @@ pdkim_feed(pdkim_ctx *ctx, char *data, int len)
 {
 int p;
 
+/* Alternate EOD signal, used in non-dotstuffing mode */
+if (!data)
+  pdkim_body_complete(ctx);
+
 for (p = 0; p<len; p++)
   {
   uschar c = data[p];
 
-  if (ctx->past_headers)
+  if (ctx->flags & PDKIM_PAST_HDRS)
     {
     /* Processing body byte */
     ctx->linebuf[ctx->linebuf_offset++] = c;
@@ -992,28 +1037,27 @@ for (p = 0; p<len; p++)
       {
       if (c == '\n')
         {
-       if (ctx->seen_lf)
+       if (ctx->flags & PDKIM_SEEN_LF)
          {
          int rc = pdkim_header_complete(ctx); /* Seen last header line */
          if (rc != PDKIM_OK) return rc;
 
-         ctx->past_headers = TRUE;
-         ctx->seen_lf = 0;
+         ctx->flags = ctx->flags & ~PDKIM_SEEN_LF | PDKIM_PAST_HDRS;
          DEBUG(D_acl) debug_printf(
              "PDKIM >> Body data for hash, canonicalized >>>>>>>>>>>>>>>>>>>>>>\n");
          continue;
          }
        else
-         ctx->seen_lf = TRUE;
+         ctx->flags |= PDKIM_SEEN_LF;
        }
-      else if (ctx->seen_lf)
+      else if (ctx->flags & PDKIM_SEEN_LF)
         {
        if (!(c == '\t' || c == ' '))
          {
          int rc = pdkim_header_complete(ctx); /* End of header */
          if (rc != PDKIM_OK) return rc;
          }
-       ctx->seen_lf = FALSE;
+       ctx->flags &= ~PDKIM_SEEN_LF;
        }
       }
 
@@ -1307,7 +1351,7 @@ while (sig)
      Then append to that list any remaining header names for which there was no
      header to sign. */
 
-  if (ctx->mode == PDKIM_MODE_SIGN)
+  if (ctx->flags & PDKIM_MODE_SIGN)
     {
     pdkim_stringlist *p;
     const uschar * l;
@@ -1428,11 +1472,11 @@ while (sig)
     }
 
   /* Remember headers block for signing (when the library cannot do incremental)  */
-  if (ctx->mode == PDKIM_MODE_SIGN)
+  if (ctx->flags & PDKIM_MODE_SIGN)
     (void) exim_rsa_data_append(&hdata, &hdata_alloc, US sig_hdr);
 
   /* SIGNING ---------------------------------------------------------------- */
-  if (ctx->mode == PDKIM_MODE_SIGN)
+  if (ctx->flags & PDKIM_MODE_SIGN)
     {
     es_ctx sctx;
     const uschar * errstr;
@@ -1475,6 +1519,37 @@ while (sig)
 
     uschar *dns_txt_name, *dns_txt_reply;
 
+    /* Make sure we have all required signature tags */
+    if (!(  sig->domain        && *sig->domain
+        && sig->selector      && *sig->selector
+        && sig->headernames   && *sig->headernames
+        && sig->bodyhash.data
+        && sig->sigdata.data
+        && sig->algo > -1
+        && sig->version
+       ) )
+      {
+      sig->verify_status     = PDKIM_VERIFY_INVALID;
+      sig->verify_ext_status = PDKIM_VERIFY_INVALID_SIGNATURE_ERROR;
+
+      DEBUG(D_acl) debug_printf(
+         " Error in DKIM-Signature header: tags missing or invalid\n"
+         "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+      goto NEXT_VERIFY;
+      }
+
+    /* Make sure sig uses supported DKIM version (only v1) */
+    if (sig->version != 1)
+      {
+      sig->verify_status     = PDKIM_VERIFY_INVALID;
+      sig->verify_ext_status = PDKIM_VERIFY_INVALID_DKIM_VERSION;
+
+      DEBUG(D_acl) debug_printf(
+          " Error in DKIM-Signature header: unsupported DKIM version\n"
+          "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+      goto NEXT_VERIFY;
+      }
+
     /* Fetch public key for signing domain, from DNS */
 
     dns_txt_name = string_sprintf("%s._domainkey.%s.",
@@ -1564,15 +1639,15 @@ return PDKIM_OK;
 /* -------------------------------------------------------------------------- */
 
 DLLEXPORT pdkim_ctx *
-pdkim_init_verify(int(*dns_txt_callback)(char *, char *))
+pdkim_init_verify(int(*dns_txt_callback)(char *, char *), BOOL dot_stuffing)
 {
 pdkim_ctx * ctx;
 
 ctx = store_get(sizeof(pdkim_ctx));
 memset(ctx, 0, sizeof(pdkim_ctx));
 
+if (dot_stuffing) ctx->flags = PDKIM_DOT_TERM;
 ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN);
-ctx->mode = PDKIM_MODE_VERIFY;
 ctx->dns_txt_callback = dns_txt_callback;
 
 return ctx;
@@ -1582,7 +1657,8 @@ return ctx;
 /* -------------------------------------------------------------------------- */
 
 DLLEXPORT pdkim_ctx *
-pdkim_init_sign(char *domain, char *selector, char *rsa_privkey, int algo)
+pdkim_init_sign(char *domain, char *selector, char *rsa_privkey, int algo,
+  BOOL dot_stuffed)
 {
 pdkim_ctx *ctx;
 pdkim_signature *sig;
@@ -1593,14 +1669,13 @@ if (!domain || !selector || !rsa_privkey)
 ctx = store_get(sizeof(pdkim_ctx));
 memset(ctx, 0, sizeof(pdkim_ctx));
 
+ctx->flags = dot_stuffed ? PDKIM_MODE_SIGN | PDKIM_DOT_TERM : PDKIM_MODE_SIGN;
 ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN);
 
 sig = store_get(sizeof(pdkim_signature));
 memset(sig, 0, sizeof(pdkim_signature));
 
 sig->bodylength = -1;
-
-ctx->mode = PDKIM_MODE_SIGN;
 ctx->sig = sig;
 
 sig->domain = string_copy(US domain);