diff options
| author | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2012-05-28 23:37:58 +0400 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2012-05-28 23:37:58 +0400 |
| commit | d0779b60585cde616c53d6639e87cdb968ccb29c (patch) | |
| tree | b3ee12aadb2f87915e1e0b0ed946d3d5e87b3fe8 /src | |
| parent | eccece67e64096eb77f743a96c3b98405874bb5c (diff) | |
| download | rspamd-d0779b60585cde616c53d6639e87cdb968ccb29c.tar.gz rspamd-d0779b60585cde616c53d6639e87cdb968ccb29c.zip | |
Implement keysigning.
Diffstat (limited to 'src')
| -rw-r--r-- | src/dkim.c | 28 | ||||
| -rw-r--r-- | src/dkim.h | 2 |
2 files changed, 19 insertions, 11 deletions
diff --git a/src/dkim.c b/src/dkim.c index 4c597ec40..e1115a318 100644 --- a/src/dkim.c +++ b/src/dkim.c @@ -560,7 +560,7 @@ struct rspamd_dkim_key_cbdata { }; static rspamd_dkim_key_t* -rspamd_dkim_make_key (const gchar *keydata, guint keylen, GError *err) +rspamd_dkim_make_key (const gchar *keydata, guint keylen, GError **err) { rspamd_dkim_key_t *key = NULL; @@ -571,7 +571,7 @@ rspamd_dkim_make_key (const gchar *keydata, guint keylen, GError *err) key->decoded_len = keylen + 1; g_base64_decode_inplace (key->keydata, &key->decoded_len); #ifdef HAVE_OPENSSL - key->key_bio = BIO_new_mem_buf (key->keydata, decoded_len); + key->key_bio = BIO_new_mem_buf (key->keydata, key->decoded_len); if (key->key_bio == NULL) { g_set_error (err, DKIM_ERROR, DKIM_SIGERROR_KEYFAIL, "cannot make ssl bio from key"); rspamd_dkim_key_free (key); @@ -874,8 +874,9 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, rspamd_dkim_key_t *key, struct wo GList *cur; gchar *digest; gsize dlen; + gint res = DKIM_CONTINUE; #ifdef HAVE_OPENSSL - RSA *rsa; + gint nid; #endif g_return_val_if_fail (ctx != NULL, DKIM_ERROR); @@ -964,14 +965,21 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, rspamd_dkim_key_t *key, struct wo #ifdef HAVE_OPENSSL /* Check headers signature */ - rsa = RSA_new (); - - rsa->rsa_rsa = key->rsa_key; - rsa->rsa_keysize = RSA_size (rsa->rsa_rsa); - rsa->rsa_pad = RSA_PKCS1_PADDING; + if (ctx->sig_alg == DKIM_SIGN_RSASHA1) { + nid = NID_sha1; + } + else if (ctx->sig_alg == DKIM_SIGN_RSASHA256) { + nid = NID_sha256; + } + else { + /* Not reached */ + nid = NID_sha1; + } - RSA_free (rsa); + if (RSA_verify (nid, digest, dlen, ctx->b, ctx->blen, key->key_rsa) != 1) { + res = DKIM_ERROR; + } #endif - return DKIM_CONTINUE; + return res; } diff --git a/src/dkim.h b/src/dkim.h index bea6f4042..60d982ed2 100644 --- a/src/dkim.h +++ b/src/dkim.h @@ -156,7 +156,7 @@ typedef struct rspamd_dkim_key_s { guint keylen; gsize decoded_len; #ifdef HAVE_OPENSSL - RSA *rsa_key; + RSA *key_rsa; BIO *key_bio; EVP_PKEY *key_evp; #endif |