X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/803628d5b0b175dfa78f0b19b35213ace01207b1..1137f3a6938882cc81a1fcd7dc15530e8fae9e32:/src/src/dkim.c

diff --git a/src/src/dkim.c b/src/src/dkim.c
index e027a23b3..3573e45e6 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -18,6 +18,7 @@ int dkim_verify_oldpool;
 pdkim_ctx *dkim_verify_ctx = NULL;
 pdkim_signature *dkim_signatures = NULL;
 pdkim_signature *dkim_cur_sig = NULL;
+static BOOL dkim_collect_error = FALSE;
 
 static int
 dkim_exim_query_dns_txt(char *name, char *answer)
@@ -69,7 +70,7 @@ pdkim_init();
 
 
 void
-dkim_exim_verify_init(void)
+dkim_exim_verify_init(BOOL dot_stuffing)
 {
 /* There is a store-reset between header & body reception
 so cannot use the main pool. Any allocs done by Exim
@@ -85,8 +86,12 @@ if (dkim_verify_ctx)
 
 /* Create new context */
 
-dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt);
+dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
 dkim_collect_input = !!dkim_verify_ctx;
+dkim_collect_error = FALSE;
+
+/* Start feed up with any cached data */
+receive_get_cache();
 
 store_pool = dkim_verify_oldpool;
 }
@@ -99,10 +104,11 @@ int rc;
 
 store_pool = POOL_PERM;
 if (  dkim_collect_input
-   && (rc = pdkim_feed(dkim_verify_ctx, (char *)data, len)) != PDKIM_OK)
+   && (rc = pdkim_feed(dkim_verify_ctx, CS data, len)) != PDKIM_OK)
   {
   log_write(0, LOG_MAIN,
 	     "DKIM: validation error: %.100s", pdkim_errstr(rc));
+  dkim_collect_error = TRUE;
   dkim_collect_input = FALSE;
   }
 store_pool = dkim_verify_oldpool;
@@ -124,11 +130,7 @@ store_pool = POOL_PERM;
 
 dkim_signatures = NULL;
 
-/* If we have arrived here with dkim_collect_input == FALSE, it
-means there was a processing error somewhere along the way.
-Log the incident and disable futher verification. */
-
-if (!dkim_collect_input)
+if (dkim_collect_error)
   {
   log_write(0, LOG_MAIN,
 	     "DKIM: Error while running this message through validation,"
@@ -457,10 +459,9 @@ switch (what)
 
 
 uschar *
-dkim_exim_sign(int dkim_fd, uschar * dkim_private_key,
-		const uschar * dkim_domain, uschar * dkim_selector,
-		uschar * dkim_canon, uschar * dkim_sign_headers)
+dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim)
 {
+const uschar * dkim_domain;
 int sep = 0;
 uschar *seen_items = NULL;
 int seen_items_size = 0;
@@ -484,7 +485,7 @@ int old_pool = store_pool;
 
 store_pool = POOL_MAIN;
 
-if (!(dkim_domain = expand_cstring(dkim_domain)))
+if (!(dkim_domain = expand_cstring(dkim->dkim_domain)))
   {
   /* expansion error, do not send message. */
   log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
@@ -522,7 +523,7 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep,
 
   /* Set up $dkim_selector expansion variable. */
 
-  if (!(dkim_signing_selector = expand_string(dkim_selector)))
+  if (!(dkim_signing_selector = expand_string(dkim->dkim_selector)))
     {
     log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
 	       "dkim_selector: %s", expand_string_message);
@@ -531,7 +532,8 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep,
 
   /* Get canonicalization to use */
 
-  dkim_canon_expanded = dkim_canon ? expand_string(dkim_canon) : US"relaxed";
+  dkim_canon_expanded = dkim->dkim_canon
+    ? expand_string(dkim->dkim_canon) : US"relaxed";
   if (!dkim_canon_expanded)
     {
     /* expansion error, do not send message. */
@@ -553,8 +555,8 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep,
     }
 
   dkim_sign_headers_expanded = NULL;
-  if (dkim_sign_headers)
-    if (!(dkim_sign_headers_expanded = expand_string(dkim_sign_headers)))
+  if (dkim->dkim_sign_headers)
+    if (!(dkim_sign_headers_expanded = expand_string(dkim->dkim_sign_headers)))
       {
       log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
 		 "dkim_sign_headers: %s", expand_string_message);
@@ -564,7 +566,7 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep,
 
   /* Get private key to use. */
 
-  if (!(dkim_private_key_expanded = expand_string(dkim_private_key)))
+  if (!(dkim_private_key_expanded = expand_string(dkim->dkim_private_key)))
     {
     log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand "
 	       "dkim_private_key: %s", expand_string_message);
@@ -584,8 +586,8 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep,
     /* Looks like a filename, load the private key. */
 
     memset(big_buffer, 0, big_buffer_size);
-    privkey_fd = open(CS dkim_private_key_expanded, O_RDONLY);
-    if (privkey_fd < 0)
+
+    if ((privkey_fd = open(CS dkim_private_key_expanded, O_RDONLY)) < 0)
       {
       log_write(0, LOG_MAIN | LOG_PANIC, "unable to open "
 		 "private key file for reading: %s",
@@ -604,19 +606,23 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep,
     dkim_private_key_expanded = big_buffer;
     }
 
-  ctx = pdkim_init_sign( CS dkim_signing_domain,
-			 CS dkim_signing_selector,
-			 CS dkim_private_key_expanded,
-			 PDKIM_ALGO_RSA_SHA256);
+  ctx = pdkim_init_sign(CS dkim_signing_domain,
+			CS dkim_signing_selector,
+			CS dkim_private_key_expanded,
+			PDKIM_ALGO_RSA_SHA256,
+			dkim->dot_stuffed,
+			&dkim_exim_query_dns_txt
+			);
+  dkim_private_key_expanded[0] = '\0';
   pdkim_set_optional(ctx,
-		      (char *) dkim_sign_headers_expanded,
+		      CS dkim_sign_headers_expanded,
 		      NULL,
 		      pdkim_canon,
 		      pdkim_canon, -1, 0, 0);
 
   lseek(dkim_fd, 0, SEEK_SET);
 
-  while ((sread = read(dkim_fd, &buf, 4096)) > 0)
+  while ((sread = read(dkim_fd, &buf, sizeof(buf))) > 0)
     if ((pdkim_rc = pdkim_feed(ctx, buf, sread)) != PDKIM_OK)
       goto pk_bad;