Copyright year bumps for substantive changes 2017

[exim.git] / src / src / dkim.c

diff --git a/src/src/dkim.c b/src/src/dkim.c
index 3fa11c80075b8a23b4d25892fe5f5045b807b31c..55a52c2c657f945ed636b4fac7448bb57176c85d 100644 (file)
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge, 1995 - 2016 */
+/* Copyright (c) University of Cambridge, 1995 - 2017 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Code for DKIM support. Other DKIM relevant code is in
@@ -18,6 +18,7 @@ int dkim_verify_oldpool;
 pdkim_ctx *dkim_verify_ctx = NULL;
 pdkim_signature *dkim_signatures = NULL;
 pdkim_signature *dkim_cur_sig = NULL;
+static BOOL dkim_collect_error = FALSE;
 
 static int
 dkim_exim_query_dns_txt(char *name, char *answer)
@@ -87,6 +88,7 @@ if (dkim_verify_ctx)
 
 dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
 dkim_collect_input = !!dkim_verify_ctx;
+dkim_collect_error = FALSE;
 
 /* Start feed up with any cached data */
 receive_get_cache();
@@ -106,6 +108,7 @@ if (  dkim_collect_input
   {
   log_write(0, LOG_MAIN,
             "DKIM: validation error: %.100s", pdkim_errstr(rc));
+  dkim_collect_error = TRUE;
   dkim_collect_input = FALSE;
   }
 store_pool = dkim_verify_oldpool;
@@ -127,11 +130,7 @@ store_pool = POOL_PERM;
 
 dkim_signatures = NULL;
 
-/* If we have arrived here with dkim_collect_input == FALSE, it
-means there was a processing error somewhere along the way.
-Log the incident and disable futher verification. */
-
-if (!dkim_collect_input)
+if (dkim_collect_error)
   {
   log_write(0, LOG_MAIN,
             "DKIM: Error while running this message through validation,"
@@ -167,7 +166,7 @@ for (sig = dkim_signatures; sig; sig = sig->next)
              sig->algo == PDKIM_ALGO_RSA_SHA256
              ? "rsa-sha256"
              : sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err",
-             (int)sig->sigdata.len > -1 ? sig->sigdata.len * 8 : 0
+             (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0
              ),
 
        sig->identity ? string_sprintf("i=%s ", sig->identity) : US"",
@@ -306,7 +305,7 @@ for (sig = dkim_signatures; sig; sig = sig->next)
 
     dkim_signing_domain = US sig->domain;
     dkim_signing_selector = US sig->selector;
-    dkim_key_length = sig->sigdata.len * 8;
+    dkim_key_length = sig->sighash.len * 8;
     return;
     }
 }
@@ -607,11 +606,14 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep,
     dkim_private_key_expanded = big_buffer;
     }
 
-  ctx = pdkim_init_sign( CS dkim_signing_domain,
-                        CS dkim_signing_selector,
-                        CS dkim_private_key_expanded,
-                        PDKIM_ALGO_RSA_SHA256,
-                        dkim->dot_stuffed);
+  ctx = pdkim_init_sign(CS dkim_signing_domain,
+                       CS dkim_signing_selector,
+                       CS dkim_private_key_expanded,
+                       PDKIM_ALGO_RSA_SHA256,
+                       dkim->dot_stuffed,
+                       &dkim_exim_query_dns_txt
+                       );
+  dkim_private_key_expanded[0] = '\0';
   pdkim_set_optional(ctx,
                      CS dkim_sign_headers_expanded,
                      NULL,