From 4ecfed9e6dcd329c5d28c8cbd7adaf62c9b77420 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Sat, 27 May 2017 14:33:19 +0100
Subject: [PATCH] [Minor] Couple ARC fixes

---
 src/libserver/dkim.c | 63 ++++++++++++++++++++++++++------------------
 1 file changed, 37 insertions(+), 26 deletions(-)

diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index cbb687454..772760b52 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -633,7 +633,7 @@ rspamd_dkim_add_arc_seal_headers (rspamd_mempool_t *pool,
 		struct rspamd_dkim_common_ctx *ctx)
 {
 	struct rspamd_dkim_header *hdr;
-	guint count = ctx->idx + 1, i;
+	guint count = ctx->idx, i;
 
 	ctx->hlist = g_ptr_array_sized_new (count * 3 - 1);
 
@@ -641,20 +641,20 @@ rspamd_dkim_add_arc_seal_headers (rspamd_mempool_t *pool,
 		/* Authentication results */
 		hdr = rspamd_mempool_alloc (pool, sizeof (*hdr));
 		hdr->name = RSPAMD_DKIM_ARC_AUTHHEADER;
-		hdr->count = i + 1;
+		hdr->count = i;
 		g_ptr_array_add (ctx->hlist, hdr);
 
 		/* Arc signature */
 		hdr = rspamd_mempool_alloc (pool, sizeof (*hdr));
 		hdr->name = RSPAMD_DKIM_ARC_SIGNHEADER;
-		hdr->count = i + 1;
+		hdr->count = i;
 		g_ptr_array_add (ctx->hlist, hdr);
 
 		/* Arc seal (except last one) */
 		if (i != count - 1) {
 			hdr = rspamd_mempool_alloc (pool, sizeof (*hdr));
 			hdr->name = RSPAMD_DKIM_ARC_SEALHEADER;
-			hdr->count = i + 1;
+			hdr->count = i;
 			g_ptr_array_add (ctx->hlist, hdr);
 		}
 	}
@@ -699,8 +699,16 @@ rspamd_create_dkim_context (const gchar *sig,
 
 	ctx = rspamd_mempool_alloc0 (pool, sizeof (rspamd_dkim_context_t));
 	ctx->pool = pool;
-	ctx->common.header_canon_type = DKIM_CANON_DEFAULT;
-	ctx->common.body_canon_type = DKIM_CANON_DEFAULT;
+
+	if (type == RSPAMD_DKIM_ARC_SEAL) {
+		ctx->common.header_canon_type = DKIM_CANON_RELAXED;
+		ctx->common.body_canon_type = DKIM_CANON_RELAXED;
+	}
+	else {
+		ctx->common.header_canon_type = DKIM_CANON_DEFAULT;
+		ctx->common.body_canon_type = DKIM_CANON_DEFAULT;
+	}
+
 	ctx->sig_alg = DKIM_SIGN_UNKNOWN;
 	ctx->common.pool = pool;
 	ctx->common.type = type;
@@ -992,29 +1000,32 @@ rspamd_create_dkim_context (const gchar *sig,
 			"s parameter missing");
 		return NULL;
 	}
-	if (ctx->sig_alg == DKIM_SIGN_RSASHA1) {
-		/* Check bh length */
-		if (ctx->bhlen != (guint)EVP_MD_size (EVP_sha1 ())) {
-			g_set_error (err,
-				DKIM_ERROR,
-				DKIM_SIGERROR_BADSIG,
-				"signature has incorrect length: %zu",
-				ctx->bhlen);
-			return NULL;
-		}
 
-	}
-	else if (ctx->sig_alg == DKIM_SIGN_RSASHA256) {
-		if (ctx->bhlen !=
-			(guint)EVP_MD_size (EVP_sha256 ())) {
-			g_set_error (err,
-				DKIM_ERROR,
-				DKIM_SIGERROR_BADSIG,
-				"signature has incorrect length: %zu",
-				ctx->bhlen);
-			return NULL;
+	if (type != RSPAMD_DKIM_ARC_SEAL) {
+		if (ctx->sig_alg == DKIM_SIGN_RSASHA1) {
+			/* Check bh length */
+			if (ctx->bhlen != (guint) EVP_MD_size (EVP_sha1 ())) {
+				g_set_error (err,
+						DKIM_ERROR,
+						DKIM_SIGERROR_BADSIG,
+						"signature has incorrect length: %zu",
+						ctx->bhlen);
+				return NULL;
+			}
+
+		} else if (ctx->sig_alg == DKIM_SIGN_RSASHA256) {
+			if (ctx->bhlen !=
+					(guint) EVP_MD_size (EVP_sha256 ())) {
+				g_set_error (err,
+						DKIM_ERROR,
+						DKIM_SIGERROR_BADSIG,
+						"signature has incorrect length: %zu",
+						ctx->bhlen);
+				return NULL;
+			}
 		}
 	}
+
 	/* Check expiration */
 	now = time (NULL);
 	if (ctx->timestamp && now < ctx->timestamp && ctx->timestamp - now >
-- 
2.39.5