diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-12-02 19:56:38 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-12-04 12:41:49 +0000 |
| commit | 0d04a285084bbd7a8246198fc3d8bcb268d3d22a (patch) | |
| tree | a5719ff08a2d845fc6e3d3810d866101157d3efe | |
| parent | 7b56f8c7a414645e9b6a2b9deb9938c5123292fb (diff) | |
DKIM: replace pdkim module debugging trace facility with Exim standard
| -rw-r--r-- | src/src/dkim.c | 12 | ||||
| -rw-r--r-- | src/src/pdkim/pdkim.c | 317 | ||||
| -rw-r--r-- | src/src/pdkim/pdkim.h | 32 | ||||
| -rw-r--r-- | src/src/pdkim/polarssl/sha1.h | 2 | ||||
| -rw-r--r-- | src/src/pdkim/rsa.c | 2 | ||||
| -rw-r--r-- | src/src/pdkim/sha1.c | 4 | ||||
| -rw-r--r-- | test/stderr/2201 | 1 |
7 files changed, 118 insertions, 252 deletions
diff --git a/src/src/dkim.c b/src/src/dkim.c index 2d4af50ca..3fa43fc3d 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -69,12 +69,8 @@ if (dkim_verify_ctx) /* Create new context */ -dkim_verify_ctx = pdkim_init_verify(PDKIM_INPUT_SMTP, &dkim_exim_query_dns_txt); +dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt); dkim_collect_input = !!dkim_verify_ctx; -#ifdef PDKIM_DEBUG -if (dkim_collect_input) - pdkim_set_debug_stream(dkim_verify_ctx, debug_file); -#endif } @@ -565,13 +561,9 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, dkim_private_key_expanded = big_buffer; } - ctx = pdkim_init_sign(PDKIM_INPUT_SMTP, - (char *) dkim_signing_domain, + ctx = pdkim_init_sign( (char *) dkim_signing_domain, (char *) dkim_signing_selector, (char *) dkim_private_key_expanded); -#ifdef PDKIM_DEBUG - pdkim_set_debug_stream(ctx, debug_file); -#endif pdkim_set_optional(ctx, (char *) dkim_sign_headers_expanded, NULL, diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 90a0584fa..1a7e3d41f 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -20,12 +20,7 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <ctype.h> - -#include "../mytypes.h" +#include "../exim.h" #include "pdkim.h" #include "pdkim-rsa.h" @@ -129,51 +124,46 @@ const char *pdkim_verify_ext_status_str(int ext_status) { /* -------------------------------------------------------------------------- */ /* Print debugging functions */ -#ifdef PDKIM_DEBUG void -pdkim_quoteprint(FILE *stream, const char *data, int len, int lf) +pdkim_quoteprint(const char *data, int len, int lf) { int i; const unsigned char *p = (const unsigned char *)data; -for (i = 0; i<len; i++) +for (i = 0; i < len; i++) { const int c = p[i]; switch (c) { - case ' ' : fprintf(stream, "{SP}"); break; - case '\t': fprintf(stream, "{TB}"); break; - case '\r': fprintf(stream, "{CR}"); break; - case '\n': fprintf(stream, "{LF}"); break; - case '{' : fprintf(stream, "{BO}"); break; - case '}' : fprintf(stream, "{BC}"); break; + case ' ' : debug_printf("{SP}"); break; + case '\t': debug_printf("{TB}"); break; + case '\r': debug_printf("{CR}"); break; + case '\n': debug_printf("{LF}"); break; + case '{' : debug_printf("{BO}"); break; + case '}' : debug_printf("{BC}"); break; default: if ( (c < 32) || (c > 127) ) - fprintf(stream, "{%02x}", c); + debug_printf("{%02x}", c); else - fputc(c, stream); + debug_printf("%c", c); break; } } if (lf) - fputc('\n', stream); + debug_printf("\n"); } void -pdkim_hexprint(FILE *stream, const char *data, int len, int lf) +pdkim_hexprint(const char *data, int len, int lf) { int i; const unsigned char *p = (const unsigned char *)data; -for (i =0 ; i<len; i++) - { - const int c = p[i]; - fprintf(stream, "%02x", c); - } +for (i = 0 ; i < len; i++) + debug_printf("%02x", p[i]); if (lf) - fputc('\n', stream); + debug_printf("\n"); } -#endif /* -------------------------------------------------------------------------- */ @@ -692,10 +682,7 @@ for (p = raw_hdr; ; p++) { pdkim_strtrim(cur_val); -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str); -#endif + DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag->str, cur_val->str); switch (cur_tag->str[0]) { @@ -755,10 +742,7 @@ for (p = raw_hdr; ; p++) case 'z': sig->copiedheaders = pdkim_decode_qp(cur_val->str); break; default: -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, " Unknown tag encountered\n"); -#endif + DEBUG(D_acl) debug_printf(" Unknown tag encountered\n"); break; } } @@ -797,20 +781,16 @@ q--; while (q > sig->rawsig_no_b_val && (*q == '\r' || *q == '\n')) *q = '\0'; q--; /*XXX questionable code layout; possible bug */ -#ifdef PDKIM_DEBUG -if (ctx->debug_stream) +DEBUG(D_acl) { - fprintf(ctx->debug_stream, + debug_printf( "PDKIM >> Raw signature w/o b= tag value >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); - pdkim_quoteprint(ctx->debug_stream, - sig->rawsig_no_b_val, - strlen(sig->rawsig_no_b_val), 1); - fprintf(ctx->debug_stream, + pdkim_quoteprint(sig->rawsig_no_b_val, strlen(sig->rawsig_no_b_val), 1); + debug_printf( "PDKIM >> Sig size: %4d bits\n", sig->sigdata_len*8); - fprintf(ctx->debug_stream, + debug_printf( "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); } -#endif if ( !(sig->sha1_body = malloc(sizeof(sha1_context))) || !(sig->sha2_body = malloc(sizeof(sha2_context))) @@ -886,10 +866,7 @@ for (p = raw_record; ; p++) if (cur_tag->len > 0) { pdkim_strtrim(cur_val); -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str); -#endif + DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag->str, cur_val->str); switch (cur_tag->str[0]) { @@ -916,10 +893,7 @@ for (p = raw_record; ; p++) if (strchr(cur_val->str, 's') != NULL) pub->no_subdomaining = 1; break; default: -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, " Unknown tag encountered\n"); -#endif + DEBUG(D_acl) debug_printf(" Unknown tag encountered\n"); break; } } @@ -1019,10 +993,7 @@ while (sig) sha2_update(sig->sha2_body, (unsigned char *)canon_data, canon_len); sig->signed_body_bytes += canon_len; -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - pdkim_quoteprint(ctx->debug_stream, canon_data, canon_len, 1); -#endif + DEBUG(D_acl) pdkim_quoteprint(canon_data, canon_len, 1); } sig = sig->next; @@ -1050,16 +1021,13 @@ while (sig) else sha2_finish(sig->sha2_body, bh); -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) + DEBUG(D_acl) { - fprintf(ctx->debug_stream, "PDKIM [%s] Body bytes hashed: %lu\n", - sig->domain, sig->signed_body_bytes); - fprintf(ctx->debug_stream, "PDKIM [%s] bh computed: ", sig->domain); - pdkim_hexprint(ctx->debug_stream, (char *)bh, - (sig->algo == PDKIM_ALGO_RSA_SHA1)?20:32, 1); + debug_printf("PDKIM [%s] Body bytes hashed: %lu\n" + "PDKIM [%s] bh computed: ", + sig->domain, sig->signed_body_bytes, sig->domain); + pdkim_hexprint((char *)bh, sig->algo == PDKIM_ALGO_RSA_SHA1 ? 20 : 32, 1); } -#endif /* SIGNING -------------------------------------------------------------- */ if (ctx->mode == PDKIM_MODE_SIGN) @@ -1083,24 +1051,17 @@ while (sig) if (memcmp(bh, sig->bodyhash, (sig->algo == PDKIM_ALGO_RSA_SHA1)?20:32) == 0) { -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, "PDKIM [%s] Body hash verified OK\n", - sig->domain); -#endif + DEBUG(D_acl) debug_printf("PDKIM [%s] Body hash verified OK\n", sig->domain); } else { -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) + DEBUG(D_acl) { - fprintf(ctx->debug_stream, "PDKIM [%s] bh signature: ", sig->domain); - pdkim_hexprint(ctx->debug_stream, sig->bodyhash, - (sig->algo == PDKIM_ALGO_RSA_SHA1)?20:32, 1); - fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n", - sig->domain); + debug_printf("PDKIM [%s] bh signature: ", sig->domain); + pdkim_hexprint(sig->bodyhash, + sig->algo == PDKIM_ALGO_RSA_SHA1 ? 20 : 32, 1); + debug_printf("PDKIM [%s] Body hash did NOT verify\n", sig->domain); } -#endif sig->verify_status = PDKIM_VERIFY_FAIL; sig->verify_ext_status = PDKIM_VERIFY_FAIL_BODY; } @@ -1117,7 +1078,7 @@ return PDKIM_OK; /* -------------------------------------------------------------------------- */ /* Callback from pdkim_feed below for processing complete body lines */ -int +static int pdkim_bodyline_complete(pdkim_ctx *ctx) { char *p = ctx->linebuf; @@ -1128,30 +1089,30 @@ pdkim_signature *sig = ctx->sig; /*XXX assumes only one sig */ if (ctx->seen_eod) goto BAIL; /* We've always got one extra byte to stuff a zero ... */ -ctx->linebuf[(ctx->linebuf_offset)] = '\0'; +ctx->linebuf[ctx->linebuf_offset] = '\0'; -if (ctx->input_mode == PDKIM_INPUT_SMTP) +/* Terminate on EOD marker */ +if (memcmp(p, ".\r\n", 3) == 0) { - /* Terminate on EOD marker */ - if (memcmp(p, ".\r\n", 3) == 0) - { - /* In simple body mode, if any empty lines were buffered, - replace with one. rfc 4871 3.4.3 */ - if ( sig && sig->canon_body == PDKIM_CANON_SIMPLE - && sig->signed_body_bytes == 0 - && ctx->num_buffered_crlf > 0 - ) - pdkim_update_bodyhash(ctx, "\r\n", 2); - - ctx->seen_eod = 1; - goto BAIL; - } - /* Unstuff dots */ - if (memcmp(p, "..", 2) == 0) - { - p++; - n--; - } + /* In simple body mode, if any empty lines were buffered, + replace with one. rfc 4871 3.4.3 */ + /*XXX checking the signed-body-bytes is a gross hack; I think + it indicates that all linebreaks should be buffered, including + the one terminating a text line */ + if ( sig && sig->canon_body == PDKIM_CANON_SIMPLE + && sig->signed_body_bytes == 0 + && ctx->num_buffered_crlf > 0 + ) + pdkim_update_bodyhash(ctx, "\r\n", 2); + + ctx->seen_eod = TRUE; + goto BAIL; + } +/* Unstuff dots */ +if (memcmp(p, "..", 2) == 0) + { + p++; + n--; } /* Empty lines need to be buffered until we find a non-empty line */ @@ -1201,8 +1162,6 @@ return PDKIM_OK; int pdkim_header_complete(pdkim_ctx *ctx) { -pdkim_signature *sig = ctx->sig; - /* Special case: The last header can have an extra \r appended */ if ( (ctx->cur_header->len > 1) && (ctx->cur_header->str[(ctx->cur_header->len)-1] == '\r') ) @@ -1216,7 +1175,10 @@ if (ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL; /* SIGNING -------------------------------------------------------------- */ if (ctx->mode == PDKIM_MODE_SIGN) - for ( ; sig; sig = sig->next) /* Traverse all signatures */ + { + pdkim_signature *sig; + + for (sig = ctx->sig; sig; sig = sig->next) /* Traverse all signatures */ if (header_name_match(ctx->cur_header->str, sig->sign_headers? sig->sign_headers: @@ -1230,7 +1192,9 @@ if (ctx->mode == PDKIM_MODE_SIGN) return PDKIM_ERR_OOM; sig->headers = list; } + } +/* VERIFICATION ----------------------------------------------------------- */ /* DKIM-Signature: headers are added to the verification list */ if (ctx->mode == PDKIM_MODE_VERIFY) { @@ -1241,11 +1205,8 @@ if (ctx->mode == PDKIM_MODE_VERIFY) pdkim_signature *new_sig; /* Create and chain new signature block */ -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, + DEBUG(D_acl) debug_printf( "PDKIM >> Found sig, trying to parse >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); -#endif if ((new_sig = pdkim_parse_sig_header(ctx, ctx->cur_header->str))) { @@ -1258,15 +1219,10 @@ if (ctx->mode == PDKIM_MODE_VERIFY) last_sig->next = new_sig; } } -#ifdef PDKIM_DEBUG else - if (ctx->debug_stream) - { - fprintf(ctx->debug_stream, "Error while parsing signature header\n"); - fprintf(ctx->debug_stream, + DEBUG(D_acl) debug_printf( + "Error while parsing signature header\n" "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); - } -#endif } /* every other header is stored for signature verification */ @@ -1302,7 +1258,7 @@ for (p = 0; p<len; p++) if (ctx->past_headers) { /* Processing body byte */ - ctx->linebuf[(ctx->linebuf_offset)++] = c; + ctx->linebuf[ctx->linebuf_offset++] = c; if (c == '\n') { int rc = pdkim_bodyline_complete(ctx); /* End of line */ @@ -1323,17 +1279,14 @@ for (p = 0; p<len; p++) int rc = pdkim_header_complete(ctx); /* Seen last header line */ if (rc != PDKIM_OK) return rc; - ctx->past_headers = 1; + ctx->past_headers = TRUE; ctx->seen_lf = 0; -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, + DEBUG(D_acl) debug_printf( "PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); -#endif continue; } else - ctx->seen_lf = 1; + ctx->seen_lf = TRUE; } else if (ctx->seen_lf) { @@ -1342,7 +1295,7 @@ for (p = 0; p<len; p++) int rc = pdkim_header_complete(ctx); /* End of header */ if (rc != PDKIM_OK) return rc; } - ctx->seen_lf = 0; + ctx->seen_lf = FALSE; } } @@ -1631,21 +1584,8 @@ if (ctx->cur_header && ctx->cur_header->len) pdkim_update_bodyhash(ctx, "\r\n", 2); } else - { - /* For non-smtp input, check if there's an unfinished line in the - body line buffer. If that is the case, we must add a CRLF to the - hash to properly terminate the message. */ - if ((ctx->input_mode == PDKIM_INPUT_NORMAL) && ctx->linebuf_offset) - { - pdkim_update_bodyhash(ctx, ctx->linebuf, ctx->linebuf_offset); - pdkim_update_bodyhash(ctx, "\r\n", 2); - } -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, + DEBUG(D_acl) debug_printf( "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); -#endif - } /* Build (and/or evaluate) body hash */ if (pdkim_finish_bodyhash(ctx) != PDKIM_OK) @@ -1669,11 +1609,8 @@ while (sig) else sha2_starts(&sha2_headers, 0); -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, - "PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>\n"); -#endif + DEBUG(D_acl) debug_printf( + "PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>\n"); /* SIGNING ---------------------------------------------------------------- */ /* When signing, walk through our header list and add them to the hash. As we @@ -1705,10 +1642,7 @@ while (sig) else sha2_update(&(sha2_headers), (unsigned char *)rh, strlen(rh)); -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - pdkim_quoteprint(ctx->debug_stream, rh, strlen(rh), 1); -#endif + DEBUG(D_acl) pdkim_quoteprint(rh, strlen(rh), 1); free(rh); } } @@ -1754,10 +1688,7 @@ while (sig) else sha2_update(&sha2_headers, (unsigned char *)rh, strlen(rh)); -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - pdkim_quoteprint(ctx->debug_stream, rh, strlen(rh), 1); -#endif + DEBUG(D_acl) pdkim_quoteprint(rh, strlen(rh), 1); free(rh); hdrs->tag = 1; break; @@ -1769,11 +1700,8 @@ while (sig) free(b); } -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, + DEBUG(D_acl) debug_printf( "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); -#endif /* SIGNING ---------------------------------------------------------------- */ if (ctx->mode == PDKIM_MODE_SIGN) @@ -1805,16 +1733,14 @@ while (sig) sig_hdr = relaxed_hdr; } -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) + DEBUG(D_acl) { - fprintf(ctx->debug_stream, + debug_printf( "PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>\n"); - pdkim_quoteprint(ctx->debug_stream, sig_hdr, strlen(sig_hdr), 1); - fprintf(ctx->debug_stream, + pdkim_quoteprint(sig_hdr, strlen(sig_hdr), 1); + debug_printf( "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); } -#endif /* Finalize header hash */ if (sig->algo == PDKIM_ALGO_RSA_SHA1) @@ -1822,26 +1748,22 @@ while (sig) sha1_update(&sha1_headers, (unsigned char *)sig_hdr, strlen(sig_hdr)); sha1_finish(&sha1_headers, (unsigned char *)headerhash); -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) + DEBUG(D_acl) { - fprintf(ctx->debug_stream, "PDKIM [%s] hh computed: ", sig->domain); - pdkim_hexprint(ctx->debug_stream, headerhash, 20, 1); + debug_printf( "PDKIM [%s] hh computed: ", sig->domain); + pdkim_hexprint(headerhash, 20, 1); } -#endif } else { sha2_update(&sha2_headers, (unsigned char *)sig_hdr, strlen(sig_hdr)); sha2_finish(&sha2_headers, (unsigned char *)headerhash); -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) + DEBUG(D_acl) { - fprintf(ctx->debug_stream, "PDKIM [%s] hh computed: ", sig->domain); - pdkim_hexprint(ctx->debug_stream, headerhash, 32, 1); + debug_printf("PDKIM [%s] hh computed: ", sig->domain); + pdkim_hexprint(headerhash, 32, 1); } -#endif } free(sig_hdr); @@ -1872,13 +1794,11 @@ while (sig) rsa_free(&rsa); -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) + DEBUG(D_acl) { - fprintf(ctx->debug_stream, "PDKIM [%s] b computed: ", sig->domain); - pdkim_hexprint(ctx->debug_stream, sig->sigdata, sig->sigdata_len, 1); + debug_printf( "PDKIM [%s] b computed: ", sig->domain); + pdkim_hexprint(sig->sigdata, sig->sigdata_len, 1); } -#endif if (!(sig->signature_header = pdkim_create_header(ctx->sig, 1))) return PDKIM_ERR_OOM; @@ -1921,37 +1841,27 @@ while (sig) goto NEXT_VERIFY; } -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) + DEBUG(D_acl) { - fprintf(ctx->debug_stream, - "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); - fprintf(ctx->debug_stream, " Raw record: "); - pdkim_quoteprint(ctx->debug_stream, dns_txt_reply, strlen(dns_txt_reply), 1); + debug_printf( + "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n" + " Raw record: "); + pdkim_quoteprint(dns_txt_reply, strlen(dns_txt_reply), 1); } -#endif if (!(sig->pubkey = pdkim_parse_pubkey_record(ctx, dns_txt_reply))) { sig->verify_status = PDKIM_VERIFY_INVALID; sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_PARSING; -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - { - fprintf(ctx->debug_stream, " Error while parsing public key record\n"); - fprintf(ctx->debug_stream, + DEBUG(D_acl) debug_printf( + " Error while parsing public key record\n" "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); - } -#endif goto NEXT_VERIFY; } -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) - fprintf(ctx->debug_stream, + DEBUG(D_acl) debug_printf( "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); -#endif if (rsa_parse_public_key(&rsa, (unsigned char *)sig->pubkey->key, @@ -1982,18 +1892,16 @@ while (sig) NEXT_VERIFY: -#ifdef PDKIM_DEBUG - if (ctx->debug_stream) + DEBUG(D_acl) { - fprintf(ctx->debug_stream, "PDKIM [%s] signature status: %s", + debug_printf("PDKIM [%s] signature status: %s", sig->domain, pdkim_verify_status_str(sig->verify_status)); if (sig->verify_ext_status > 0) - fprintf(ctx->debug_stream, " (%s)\n", + debug_printf(" (%s)\n", pdkim_verify_ext_status_str(sig->verify_ext_status)); else - fprintf(ctx->debug_stream, "\n"); + debug_printf("\n"); } -#endif rsa_free(&rsa); free(dns_txt_name); @@ -2014,7 +1922,7 @@ return PDKIM_OK; /* -------------------------------------------------------------------------- */ DLLEXPORT pdkim_ctx * -pdkim_init_verify(int input_mode, int(*dns_txt_callback)(char *, char *)) +pdkim_init_verify(int(*dns_txt_callback)(char *, char *)) { pdkim_ctx *ctx = malloc(sizeof(pdkim_ctx)); @@ -2029,7 +1937,6 @@ if (!(ctx->linebuf = malloc(PDKIM_MAX_BODY_LINE_LEN))) } ctx->mode = PDKIM_MODE_VERIFY; -ctx->input_mode = input_mode; ctx->dns_txt_callback = dns_txt_callback; return ctx; @@ -2039,7 +1946,7 @@ return ctx; /* -------------------------------------------------------------------------- */ DLLEXPORT pdkim_ctx * -pdkim_init_sign(int input_mode, char *domain, char *selector, char *rsa_privkey) +pdkim_init_sign(char *domain, char *selector, char *rsa_privkey) { pdkim_ctx *ctx; pdkim_signature *sig; @@ -2068,7 +1975,6 @@ memset(sig, 0, sizeof(pdkim_signature)); sig->bodylength = -1; ctx->mode = PDKIM_MODE_SIGN; -ctx->input_mode = input_mode; ctx->sig = sig; ctx->sig->domain = strdup(domain); @@ -2125,13 +2031,4 @@ ctx->sig->expires = expires; return PDKIM_OK; } -/* -------------------------------------------------------------------------- */ - -#ifdef PDKIM_DEBUG -DLLEXPORT void -pdkim_set_debug_stream(pdkim_ctx *ctx, FILE *debug_stream) -{ -ctx->debug_stream = debug_stream; -} -#endif diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index 1d364a3c9..4a7498db9 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -21,11 +21,6 @@ */ /* -------------------------------------------------------------------------- */ -/* Debugging. This can also be enabled/disabled at run-time. I recommend to - leave it defined. */ -#define PDKIM_DEBUG - -/* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt callback function. This should match the maximum RDLENGTH from DNS. */ #define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16) @@ -245,16 +240,11 @@ typedef struct pdkim_signature { /* Context to keep state between all operations. */ #define PDKIM_MODE_SIGN 0 #define PDKIM_MODE_VERIFY 1 -#define PDKIM_INPUT_NORMAL 0 -#define PDKIM_INPUT_SMTP 1 typedef struct pdkim_ctx { /* PDKIM_MODE_VERIFY or PDKIM_MODE_SIGN */ int mode; - /* PDKIM_INPUT_SMTP or PDKIM_INPUT_NORMAL */ - int input_mode; - /* One (signing) or several chained (verification) signatures */ pdkim_signature *sig; @@ -265,19 +255,12 @@ typedef struct pdkim_ctx { pdkim_str *cur_header; char *linebuf; int linebuf_offset; - int seen_lf; - int seen_eod; - int past_headers; + BOOL seen_lf; + BOOL seen_eod; + BOOL past_headers; int num_buffered_crlf; int num_headers; pdkim_stringlist *headers; /* Raw headers for verification */ - -#ifdef PDKIM_DEBUG - /* A FILE pointer. When not NULL, debug output will be generated - and sent to this stream */ - FILE *debug_stream; -#endif - } pdkim_ctx; @@ -291,10 +274,10 @@ extern "C" { #endif DLLEXPORT -pdkim_ctx *pdkim_init_sign (int, char *, char *, char *); +pdkim_ctx *pdkim_init_sign (char *, char *, char *); DLLEXPORT -pdkim_ctx *pdkim_init_verify (int, int(*)(char *, char *)); +pdkim_ctx *pdkim_init_verify (int(*)(char *, char *)); DLLEXPORT int pdkim_set_optional (pdkim_ctx *, char *, char *,int, int, @@ -310,11 +293,6 @@ int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **); DLLEXPORT void pdkim_free_ctx (pdkim_ctx *); -#ifdef PDKIM_DEBUG -DLLEXPORT -void pdkim_set_debug_stream(pdkim_ctx *, FILE *); -#endif - #ifdef __cplusplus } #endif diff --git a/src/src/pdkim/polarssl/sha1.h b/src/src/pdkim/polarssl/sha1.h index bb94a03fa..98e8cc45e 100644 --- a/src/src/pdkim/polarssl/sha1.h +++ b/src/src/pdkim/polarssl/sha1.h @@ -77,7 +77,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] ); * \param ilen length of the input data * \param output SHA-1 checksum result */ -void sha1( const unsigned char *input, int ilen, unsigned char output[20] ); +void polarssl_sha1( const unsigned char *input, int ilen, unsigned char output[20] ); /** * \brief Output = SHA-1( file contents ) diff --git a/src/src/pdkim/rsa.c b/src/src/pdkim/rsa.c index 726e65a51..86d9f2ffe 100644 --- a/src/src/pdkim/rsa.c +++ b/src/src/pdkim/rsa.c @@ -787,7 +787,7 @@ int rsa_self_test( int verbose ) if( verbose != 0 ) printf( "passed\n PKCS#1 data sign : " ); - sha1( rsa_plaintext, PT_LEN, sha1sum ); + polarssl_sha1( rsa_plaintext, PT_LEN, sha1sum ); if( rsa_pkcs1_sign( &rsa, RSA_PRIVATE, SIG_RSA_SHA1, 20, sha1sum, rsa_ciphertext ) != 0 ) diff --git a/src/src/pdkim/sha1.c b/src/src/pdkim/sha1.c index cbdadafeb..820488843 100644 --- a/src/src/pdkim/sha1.c +++ b/src/src/pdkim/sha1.c @@ -315,7 +315,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] ) /* * output = SHA-1( input buffer ) */ -void sha1( const unsigned char *input, int ilen, unsigned char output[20] ) +void polarssl_sha1( const unsigned char *input, int ilen, unsigned char output[20] ) { sha1_context ctx; @@ -368,7 +368,7 @@ void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, int keylen ) if( keylen > 64 ) { - sha1( key, keylen, sum ); + polarssl_sha1( key, keylen, sum ); keylen = 20; key = sum; } diff --git a/test/stderr/2201 b/test/stderr/2201 index bcc44338c..8dd7b2fb8 100644 --- a/test/stderr/2201 +++ b/test/stderr/2201 @@ -215,7 +215,6 @@ ppppp DNS list check: rbl.test.ex/V4NET.11.12.14 ppppp cached data found but past valid time; new DNS lookup for 14.12.11.V4NET.rbl.test.ex ppppp DNS lookup for 14.12.11.V4NET.rbl.test.ex succeeded (yielding 127.0.0.2) ppppp => that means V4NET.11.12.14 is listed at rbl.test.ex -PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>> ppppp LOG: MAIN ppppp <= a@shorthost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex ppppp Process ppppp is ready for new message |