From: Jeremy Harris Date: Sat, 25 Apr 2020 20:03:51 +0000 (+0100) Subject: DKIM: fix $dkim_key_length in verify X-Git-Tag: exim-4_94_RC0~6 X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=commitdiff_plain;h=a841a6eca79ff08b36f2225dcf89c1c162bb8777;ds=sidebyside DKIM: fix $dkim_key_length in verify --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 3fb7ed8a9..99ad7d1a5 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -172,6 +172,10 @@ JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE ignored, and only the check_spool_space option value for the required leeway checked. +JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present + the size of the signing public-key. Previously it was instead giving + the size of the signature hash. + Exim version 4.93 ----------------- diff --git a/src/src/arc.c b/src/src/arc.c index b453e171c..578c95c89 100644 --- a/src/src/arc.c +++ b/src/src/arc.c @@ -735,7 +735,7 @@ arc_get_verify_hhash(ctx, ams, &hhash); /* Setup the interface to the signing library */ -if ((errstr = exim_dkim_verify_init(&p->key, KEYFMT_DER, &vctx))) +if ((errstr = exim_dkim_verify_init(&p->key, KEYFMT_DER, &vctx, NULL))) { DEBUG(D_acl) debug_printf("ARC verify init: %s\n", errstr); as->ams_verify_done = arc_state_reason = US"internal sigverify init error"; @@ -964,7 +964,7 @@ if (!(p = arc_line_to_pubkey(hdr_as))) /* We know the b-tag blob is of a nul-term string, so safe as a string */ pdkim_decode_base64(hdr_as->b.data, &sighash); -if ((errstr = exim_dkim_verify_init(&p->key, KEYFMT_DER, &vctx))) +if ((errstr = exim_dkim_verify_init(&p->key, KEYFMT_DER, &vctx, NULL))) { DEBUG(D_acl) debug_printf("ARC verify init: %s\n", errstr); return US"fail"; diff --git a/src/src/dkim.c b/src/src/dkim.c index 031372720..9c8458b87 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -406,7 +406,7 @@ for (pdkim_signature * sig = dkim_signatures; sig; sig = sig->next) dkim_cur_sig = sig; dkim_signing_domain = US sig->domain; dkim_signing_selector = US sig->selector; - dkim_key_length = sig->sighash.len * 8; + dkim_key_length = sig->keybits; /* These two return static strings, so we can compare the addr later to see if the ACL overwrote them. Check that when logging */ diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 7fcfbc76a..0d2674f50 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -1430,7 +1430,7 @@ if (sig->keytype == KEYTYPE_ED25519) if ((*errstr = exim_dkim_verify_init(&p->key, sig->keytype == KEYTYPE_ED25519 ? KEYFMT_ED25519_BARE : KEYFMT_DER, - vctx))) + vctx, &sig->keybits))) { DEBUG(D_acl) debug_printf("verify_init: %s\n", *errstr); sig->verify_status = PDKIM_VERIFY_INVALID; diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index 5ae0f7f45..0b21df8ab 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -149,8 +149,9 @@ typedef struct pdkim_signature { int version; /* (a=) The signature algorithm. */ - int keytype; /* pdkim_keytypes index */ - int hashtype; /* pdkim_hashes index */ + int keytype; /* pdkim_keytypes index */ + unsigned keybits; /* size of the key */ + int hashtype; /* pdkim_hashes index */ /* (c=x/) Header canonicalization method. Either PDKIM_CANON_SIMPLE or PDKIM_CANON_RELAXED */ diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c index 102e7bf51..b55bd9f5f 100644 --- a/src/src/pdkim/signing.c +++ b/src/src/pdkim/signing.c @@ -155,7 +155,8 @@ return NULL; Return: NULL for success, or an error string */ const uschar * -exim_dkim_verify_init(blob * pubkey, keyformat fmt, ev_ctx * verify_ctx) +exim_dkim_verify_init(blob * pubkey, keyformat fmt, ev_ctx * verify_ctx, + unsigned * bits) { gnutls_datum_t k; int rc; @@ -182,6 +183,7 @@ switch(fmt) ret = US"pubkey format not handled"; break; } +if (!ret && bits) gnutls_pubkey_get_pk_algorithm(verify_ctx->key, bits); return ret; } @@ -552,7 +554,8 @@ return NULL; Return: NULL for success, or an error string */ const uschar * -exim_dkim_verify_init(blob * pubkey, keyformat fmt, ev_ctx * verify_ctx) +exim_dkim_verify_init(blob * pubkey, keyformat fmt, ev_ctx * verify_ctx, + unsigned * bits) { /* in code sequence per b81207d2bfa92 rsa_parse_public_key() and asn1_get_mpi() @@ -560,6 +563,7 @@ in code sequence per b81207d2bfa92 rsa_parse_public_key() and asn1_get_mpi() uschar tag_class; int taglen; long alen; +unsigned nbits; int rc; uschar * errstr; gcry_error_t gerr; @@ -608,10 +612,10 @@ if ((rc = as_tag(pubkey, ASN1_CLASS_STRUCTURED, ASN1_TAG_SEQUENCE, NULL)) /* read two integers */ DEBUG(D_acl) stage = US"MPI"; -if ( (errstr = as_mpi(pubkey, &verify_ctx->n)) - || (errstr = as_mpi(pubkey, &verify_ctx->e)) - ) - return errstr; +nbits = pubkey->len; +if ((errstr = as_mpi(pubkey, &verify_ctx->n))) return errstr; +nbits = (nbits - pubkey->len) * 8; +if ((errstr = as_mpi(pubkey, &verify_ctx->e))) return errstr; #ifdef extreme_debug DEBUG(D_acl) debug_printf_indent("rsa_verify_init:\n"); @@ -624,6 +628,7 @@ DEBUG(D_acl) debug_printf_indent("rsa_verify_init:\n"); } #endif +if (bits) *bits = nbits; return NULL; asn_err: @@ -794,7 +799,8 @@ return US ERR_error_string(ERR_get_error(), NULL); Return: NULL for success, or an error string */ const uschar * -exim_dkim_verify_init(blob * pubkey, keyformat fmt, ev_ctx * verify_ctx) +exim_dkim_verify_init(blob * pubkey, keyformat fmt, ev_ctx * verify_ctx, + unsigned * bits) { const uschar * s = pubkey->data; uschar * ret = NULL; @@ -818,6 +824,7 @@ switch(fmt) break; } +if (!ret && bits) *bits = EVP_PKEY_bits(verify_ctx->key); return ret; } diff --git a/src/src/pdkim/signing.h b/src/src/pdkim/signing.h index 96a0720fd..6ecde7537 100644 --- a/src/src/pdkim/signing.h +++ b/src/src/pdkim/signing.h @@ -90,7 +90,7 @@ extern gstring * exim_dkim_data_append(gstring *, uschar *); extern const uschar * exim_dkim_signing_init(const uschar *, es_ctx *); extern const uschar * exim_dkim_sign(es_ctx *, hashmethod, blob *, blob *); -extern const uschar * exim_dkim_verify_init(blob *, keyformat, ev_ctx *); +extern const uschar * exim_dkim_verify_init(blob *, keyformat, ev_ctx *, unsigned *); extern const uschar * exim_dkim_verify(ev_ctx *, hashmethod, blob *, blob *); #endif /*DISABLE_DKIM*/ diff --git a/test/log/4501 b/test/log/4501 index 77354cacb..2ab144416 100644 --- a/test/log/4501 +++ b/test/log/4501 @@ -5,7 +5,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaX-0005vi-00 <= pass@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 0 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit)\n header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaY-0005vi-00 <= fail@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4502 b/test/log/4502 index 3dd9f2b6e..ed74d275c 100644 --- a/test/log/4502 +++ b/test/log/4502 @@ -14,7 +14,7 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel_bad [failed key import] -1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 0 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha1 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (public key record import problem)\n header.d=test.ex header.s=sel_bad header.a=rsa-sha1 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=564CFC9B.1040905@yahoo.com diff --git a/test/log/4506 b/test/log/4506 index 2046780e9..9aa3604c0 100644 --- a/test/log/4506 +++ b/test/log/4506 @@ -5,11 +5,11 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] 1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid)\n header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 0 1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit)\n header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net -1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 0 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] 1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=fail (body hash mismatch; body probably modified in transit)\n header.d=test.ex header.s=sel header.a=rsa-sha1 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4520 b/test/log/4520 index 610738e21..4ed718225 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -80,7 +80,7 @@ 1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbL-0005vi-00 DKIM: d=test.ex s=sel_bad [failed key import] -1999-03-02 09:44:33 10HmbL-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbL-0005vi-00 dkim_acl: signer: test.ex bits: 0 h=From 1999-03-02 09:44:33 10HmbL-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbL-0005vi-00 data acl: dkim status invalid 1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbK-0005vi-00@myhost.test.ex for d@test.ex diff --git a/test/log/4540 b/test/log/4540 index d5642e4e2..9724325ee 100644 --- a/test/log/4540 +++ b/test/log/4540 @@ -1,17 +1,17 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 512 +1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 253 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sed header.a=ed25519-sha256 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=E10HmaY-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 512 +1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 253 1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sedw c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sedw header.a=ed25519-sha256 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=E10HmaY-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 signer: kitterman.org bits: 512 +1999-03-02 09:44:33 10HmbA-0005vi-00 signer: kitterman.org bits: 253 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded] -1999-03-02 09:44:33 10HmbA-0005vi-00 signer: @kitterman.org bits: 512 +1999-03-02 09:44:33 10HmbA-0005vi-00 signer: @kitterman.org bits: 253 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=kitterman.org s=ed25519 c=relaxed/simple a=ed25519-sha256 b=512 i=@kitterman.org t=1517847601 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=kitterman.org header.i=@kitterman.org header.s=ed25519 header.a=ed25519-sha256 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=kitterman.org id=example@example.com diff --git a/test/log/4541 b/test/log/4541 index b8a5f3347..40d9fd8e3 100644 --- a/test/log/4541 +++ b/test/log/4541 @@ -8,7 +8,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From +1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 253 h=From 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] @@ -18,9 +18,9 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From +1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 253 h=From 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] -1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 0 h=From 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [not verified] 1999-03-02 09:44:33 10HmbA-0005vi-00 data acl: dkim status pass:none 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for b@test.ex diff --git a/test/log/4545 b/test/log/4545 index ed6890091..000c10916 100644 --- a/test/log/4545 +++ b/test/log/4545 @@ -8,14 +8,14 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From:To:Subject +1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 253 h=From:To:Subject 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 data acl: dkim status pass 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex for a@test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => a R=server_store T=file 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From +1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 253 h=From 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sed c=relaxed/relaxed a=ed25519-sha256 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] diff --git a/test/runtest b/test/runtest index f90249fb8..c7ba26ac9 100755 --- a/test/runtest +++ b/test/runtest @@ -1424,6 +1424,9 @@ RESET_AFTER_EXTRA_LINE_READ: my ($prefix, $t_diff) = ($1, $3 - $2); s/DKIM: d=.* t=[0-9]* x=[0-9]* /${prefix} t=T x=T+${t_diff} /; } + # GnuTLS reports a different keysize vs. OpenSSL, for ed25519 keys + s/signer: [^ ]* bits:\K 256/ 253/; + s/public key too short:\K 256 bits/ 253 bits/; # port numbers s/(?:\[[^\]]*\]:|port )\K$parm_port_d/PORT_D/;