Implement keysigning.

src/dkim.c

@@ -560,7 +560,7 @@ struct rspamd_dkim_key_cbdata {
 };
 
 static rspamd_dkim_key_t*
-rspamd_dkim_make_key (const gchar *keydata, guint keylen, GError *err)
+rspamd_dkim_make_key (const gchar *keydata, guint keylen, GError **err)
 {
 	rspamd_dkim_key_t							*key = NULL;
 
@@ -571,7 +571,7 @@ rspamd_dkim_make_key (const gchar *keydata, guint keylen, GError *err)
 	key->decoded_len = keylen + 1;
 	g_base64_decode_inplace (key->keydata, &key->decoded_len);
 #ifdef HAVE_OPENSSL
-	key->key_bio = BIO_new_mem_buf (key->keydata, decoded_len);
+	key->key_bio = BIO_new_mem_buf (key->keydata, key->decoded_len);
 	if (key->key_bio == NULL) {
 		g_set_error (err, DKIM_ERROR, DKIM_SIGERROR_KEYFAIL, "cannot make ssl bio from key");
 		rspamd_dkim_key_free (key);
@@ -874,8 +874,9 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, rspamd_dkim_key_t *key, struct wo
 	GList										*cur;
 	gchar										*digest;
 	gsize										 dlen;
+	gint										 res = DKIM_CONTINUE;
 #ifdef HAVE_OPENSSL
-	RSA											 *rsa;
+	gint										 nid;
 #endif
 
 	g_return_val_if_fail (ctx != NULL, DKIM_ERROR);
@@ -964,14 +965,21 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, rspamd_dkim_key_t *key, struct wo
 
 #ifdef HAVE_OPENSSL
 	/* Check headers signature */
-	rsa = RSA_new ();
-
-	rsa->rsa_rsa = key->rsa_key;
-	rsa->rsa_keysize = RSA_size (rsa->rsa_rsa);
-	rsa->rsa_pad = RSA_PKCS1_PADDING;
 
+	if (ctx->sig_alg == DKIM_SIGN_RSASHA1) {
+		nid = NID_sha1;
+	}
+	else if (ctx->sig_alg == DKIM_SIGN_RSASHA256) {
+		nid = NID_sha256;
+	}
+	else {
+		/* Not reached */
+		nid = NID_sha1;
+	}
 
-	RSA_free (rsa);
+	if (RSA_verify (nid, digest, dlen, ctx->b, ctx->blen, key->key_rsa) != 1) {
+		res = DKIM_ERROR;
+	}
 #endif
-	return DKIM_CONTINUE;
+	return res;
 }

src/dkim.h

@@ -156,7 +156,7 @@ typedef struct rspamd_dkim_key_s {
 	guint keylen;
 	gsize decoded_len;
 #ifdef HAVE_OPENSSL
-	RSA *rsa_key;
+	RSA *key_rsa;
 	BIO *key_bio;
 	EVP_PKEY *key_evp;
 #endif