diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-12-22 13:36:07 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-12-22 19:11:07 +0000 |
| commit | c8b2f3749e953b254b4d6ac1ea047451eb771953 (patch) | |
| tree | 55f6f0ca6c4222f224dcd6867b952dda824bed06 | |
| parent | 25fa08681506fa01e9e15406f9d35a853da19476 (diff) | |
| download | exim4-c8b2f3749e953b254b4d6ac1ea047451eb771953.tar.gz | |
DKIM: better debug for key/signature size mismatch
| -rw-r--r-- | src/src/pdkim/signing.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c index 2a086b1e2..a47f824b8 100644 --- a/src/src/pdkim/signing.c +++ b/src/src/pdkim/signing.c @@ -831,7 +831,6 @@ const uschar * exim_dkim_verify(ev_ctx * verify_ctx, hashmethod hash, blob * data, blob * sig) { const EVP_MD * md; -const uschar * where; switch (hash) { @@ -847,38 +846,39 @@ if (!md) { EVP_MD_CTX * ctx; - if ( (ctx = EVP_MD_CTX_new()) - && EVP_DigestVerifyInit(ctx, NULL, md, NULL, verify_ctx->key) > 0 - && EVP_DigestVerify(ctx, sig->data, sig->len, data->data, data->len) > 0 - ) - { EVP_MD_CTX_free(ctx); return NULL; } - - if (ctx) EVP_MD_CTX_free(ctx); + if ((ctx = EVP_MD_CTX_new())) + { + if ( EVP_DigestVerifyInit(ctx, NULL, md, NULL, verify_ctx->key) > 0 + && EVP_DigestVerify(ctx, sig->data, sig->len, data->data, data->len) > 0 + ) + { EVP_MD_CTX_free(ctx); return NULL; } + EVP_MD_CTX_free(ctx); + } } else #endif { EVP_PKEY_CTX * ctx; - if ((where = US"EVP_PKEY_CTX_new", - (ctx = EVP_PKEY_CTX_new(verify_ctx->key, NULL)))) + if ((ctx = EVP_PKEY_CTX_new(verify_ctx->key, NULL))) { - if ( (where = US"EVP_PKEY_verify_init", - EVP_PKEY_verify_init(ctx) > 0) - && (where = US"EVP_PKEY_CTX_set_rsa_padding", - EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) > 0) - && (where = US"EVP_PKEY_CTX_set_signature_md", - EVP_PKEY_CTX_set_signature_md(ctx, md) > 0) - && (where = US"EVP_PKEY_verify", - EVP_PKEY_verify(ctx, sig->data, sig->len, - data->data, data->len) == 1) + if ( EVP_PKEY_verify_init(ctx) > 0 + && EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) > 0 + && EVP_PKEY_CTX_set_signature_md(ctx, md) > 0 + && EVP_PKEY_verify(ctx, sig->data, sig->len, + data->data, data->len) == 1 ) { EVP_PKEY_CTX_free(ctx); return NULL; } - EVP_PKEY_CTX_free(ctx); + + DEBUG(D_tls) + if (Ustrcmp(ERR_reason_error_string(ERR_peek_error()), "wrong signature length") == 0) + debug_printf("sig len (from msg hdr): %d, expected (from dns pubkey) %d\n", + (int) sig->len, EVP_PKEY_size(verify_ctx->key)); } } -return string_sprintf("%s: %s", where, ERR_error_string(ERR_get_error(), NULL)); + +return US ERR_error_string(ERR_get_error(), NULL); } |