1 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/dkim.c src/dkim.c
2 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/dkim.c 2009-11-16 20:50:36.000000000 +0100
3 +++ src/dkim.c 2009-12-17 12:17:01.778692630 +0100
5 -/* $Cambridge: exim/exim-src/src/dkim.c,v 1.10 2009/11/16 19:50:36 nm4 Exp $ */
6 +/* $Cambridge: exim/exim-src/src/dkim.c,v 1.11 2009/12/15 08:23:15 tom Exp $ */
8 /*************************************************
9 * Exim - an Internet mail transport agent *
12 pdkim_signature *signature;
22 - if (pdkim_feed_finish(ctx,&signature) != PDKIM_OK)
23 + pdkim_rc = pdkim_feed_finish(ctx,&signature);
24 + if (pdkim_rc != PDKIM_OK) {
25 + log_write(0, LOG_MAIN|LOG_PANIC, "DKIM: signing failed (RC %d)", pdkim_rc);
29 rc = store_get(strlen(signature->signature_header)+3);
30 Ustrcpy(rc,US signature->signature_header);
31 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/base64.c src/pdkim/base64.c
32 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/base64.c 2009-06-10 09:34:05.000000000 +0200
33 +++ src/pdkim/base64.c 2009-12-17 12:17:01.822130396 +0100
36 * RFC 1521 base64 encoding/decoding
38 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
39 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
40 + * All rights reserved.
42 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
43 + * Joined copyright on original XySSL code with: Christophe Devine
45 * This program is free software; you can redistribute it and/or modify
46 * it under the terms of the GNU General Public License as published by
48 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
51 -/* $Cambridge: exim/exim-src/src/pdkim/base64.c,v 1.2 2009/06/10 07:34:05 tom Exp $ */
52 +/* $Cambridge: exim/exim-src/src/pdkim/base64.c,v 1.3 2009/12/07 13:05:07 tom Exp $ */
56 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/base64.h src/pdkim/base64.h
57 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/base64.h 2009-06-10 09:34:05.000000000 +0200
58 +++ src/pdkim/base64.h 2009-12-17 12:17:01.822130396 +0100
63 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
64 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
65 + * All rights reserved.
67 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
68 + * Joined copyright on original XySSL code with: Christophe Devine
70 * This program is free software; you can redistribute it and/or modify
71 * it under the terms of the GNU General Public License as published by
73 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
76 -/* $Cambridge: exim/exim-src/src/pdkim/base64.h,v 1.2 2009/06/10 07:34:05 tom Exp $ */
77 +/* $Cambridge: exim/exim-src/src/pdkim/base64.h,v 1.3 2009/12/07 13:05:07 tom Exp $ */
79 #ifndef POLARSSL_BASE64_H
80 #define POLARSSL_BASE64_H
82 -#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x0010
83 -#define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x0012
84 +#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL 0x0010
85 +#define POLARSSL_ERR_BASE64_INVALID_CHARACTER 0x0012
89 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/bignum.c src/pdkim/bignum.c
90 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/bignum.c 2009-06-10 09:34:05.000000000 +0200
91 +++ src/pdkim/bignum.c 2009-12-17 12:17:01.824459747 +0100
94 * Multi-precision integer library
96 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
97 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
98 + * All rights reserved.
100 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
101 + * Joined copyright on original XySSL code with: Christophe Devine
103 * This program is free software; you can redistribute it and/or modify
104 * it under the terms of the GNU General Public License as published by
106 * http://math.libtomcrypt.com/files/tommath.pdf
109 -/* $Cambridge: exim/exim-src/src/pdkim/bignum.c,v 1.2 2009/06/10 07:34:05 tom Exp $ */
110 +/* $Cambridge: exim/exim-src/src/pdkim/bignum.c,v 1.3 2009/12/07 13:05:07 tom Exp $ */
117 MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
118 MPI_CHK( mpi_mul_int( &T, X, radix ) );
119 - MPI_CHK( mpi_add_int( X, &T, d ) );
123 + MPI_CHK( mpi_add_int( X, &T, d ) );
127 + MPI_CHK( mpi_sub_int( X, &T, d ) );
135 MPI_CHK( mpi_copy( &T, X ) );
140 MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
145 MPI_CHK( mpi_copy( X, A ) );
148 + * X should always be positive as a result of unsigned additions.
152 for( j = B->n - 1; j >= 0; j-- )
157 MPI_CHK( mpi_copy( X, A ) );
160 + * X should always be positive as a result of unsigned substractions.
166 for( n = B->n - 1; n >= 0; n-- )
167 @@ -1160,6 +1184,9 @@
171 + if( mpi_cmp_int( B, 0 ) < 0 )
172 + return POLARSSL_ERR_MPI_NEGATIVE_VALUE;
174 MPI_CHK( mpi_div_mpi( NULL, R, A, B ) );
176 while( mpi_cmp_int( R, 0 ) < 0 )
177 @@ -1185,7 +1212,7 @@
178 return( POLARSSL_ERR_MPI_DIVISION_BY_ZERO );
182 + return POLARSSL_ERR_MPI_NEGATIVE_VALUE;
185 * handle trivial cases
186 @@ -1218,6 +1245,13 @@
191 + * If A is negative, then the current y represents a negative value.
192 + * Flipping it to the positive side.
194 + if( A->s < 0 && y != 0 )
200 @@ -1474,21 +1508,29 @@
202 int mpi_gcd( mpi *G, mpi *A, mpi *B )
208 mpi_init( &TG, &TA, &TB, NULL );
210 - MPI_CHK( mpi_lset( &TG, 1 ) );
211 MPI_CHK( mpi_copy( &TA, A ) );
212 MPI_CHK( mpi_copy( &TB, B ) );
214 + lz = mpi_lsb( &TA );
215 + lzt = mpi_lsb( &TB );
220 + MPI_CHK( mpi_shift_r( &TA, lz ) );
221 + MPI_CHK( mpi_shift_r( &TB, lz ) );
225 while( mpi_cmp_int( &TA, 0 ) != 0 )
227 - while( ( TA.p[0] & 1 ) == 0 ) MPI_CHK( mpi_shift_r( &TA, 1 ) );
228 - while( ( TB.p[0] & 1 ) == 0 ) MPI_CHK( mpi_shift_r( &TB, 1 ) );
229 + MPI_CHK( mpi_shift_r( &TA, mpi_lsb( &TA ) ) );
230 + MPI_CHK( mpi_shift_r( &TB, mpi_lsb( &TB ) ) );
232 if( mpi_cmp_mpi( &TA, &TB ) >= 0 )
234 @@ -1502,7 +1544,8 @@
238 - MPI_CHK( mpi_mul_mpi( G, &TG, &TB ) );
239 + MPI_CHK( mpi_shift_l( &TB, lz ) );
240 + MPI_CHK( mpi_copy( G, &TB ) );
244 @@ -1511,6 +1554,8 @@
248 +#if defined(POLARSSL_GENPRIME)
251 * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
253 @@ -1638,7 +1683,11 @@
257 - if( mpi_cmp_int( X, 0 ) == 0 )
258 + if( mpi_cmp_int( X, 0 ) == 0 ||
259 + mpi_cmp_int( X, 1 ) == 0 )
260 + return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
262 + if( mpi_cmp_int( X, 2 ) == 0 )
265 mpi_init( &W, &R, &T, &A, &RR, NULL );
266 @@ -1811,3 +1860,5 @@
272 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/bignum.h src/pdkim/bignum.h
273 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/bignum.h 2009-06-10 09:34:05.000000000 +0200
274 +++ src/pdkim/bignum.h 2009-12-17 12:17:01.824459747 +0100
279 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
280 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
281 + * All rights reserved.
283 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
284 + * Joined copyright on original XySSL code with: Christophe Devine
286 * This program is free software; you can redistribute it and/or modify
287 * it under the terms of the GNU General Public License as published by
289 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
292 -/* $Cambridge: exim/exim-src/src/pdkim/bignum.h,v 1.2 2009/06/10 07:34:05 tom Exp $ */
293 +/* $Cambridge: exim/exim-src/src/pdkim/bignum.h,v 1.3 2009/12/07 13:05:07 tom Exp $ */
295 #ifndef POLARSSL_BIGNUM_H
296 #define POLARSSL_BIGNUM_H
300 -#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002
301 -#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004
302 -#define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006
303 -#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008
304 -#define POLARSSL_ERR_MPI_NEGATIVE_VALUE -0x000A
305 -#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO -0x000C
306 -#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE -0x000E
307 +#define POLARSSL_ERR_MPI_FILE_IO_ERROR 0x0002
308 +#define POLARSSL_ERR_MPI_BAD_INPUT_DATA 0x0004
309 +#define POLARSSL_ERR_MPI_INVALID_CHARACTER 0x0006
310 +#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL 0x0008
311 +#define POLARSSL_ERR_MPI_NEGATIVE_VALUE 0x000A
312 +#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO 0x000C
313 +#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE 0x000E
315 #define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup
318 defined(__ia64__) || defined(__alpha__)
319 typedef unsigned int t_dbl __attribute__((mode(TI)));
321 - typedef unsigned long long t_dbl;
322 + #if defined(POLARSSL_HAVE_LONGLONG)
323 + typedef unsigned long long t_dbl;
330 * \brief Enlarge to the specified number of limbs
332 + * \param X MPI to grow
333 + * \param nblimbs The target number of limbs
335 * \return 0 if successful,
336 * 1 if memory allocation failed
340 * \brief Copy the contents of Y into X
342 + * \param X Destination MPI
343 + * \param Y Source MPI
345 * \return 0 if successful,
346 * 1 if memory allocation failed
348 @@ -106,12 +115,18 @@
351 * \brief Swap the contents of X and Y
353 + * \param X First MPI value
354 + * \param Y Second MPI value
356 void mpi_swap( mpi *X, mpi *Y );
359 * \brief Set value from integer
361 + * \param X MPI to set
362 + * \param z Value to use
364 * \return 0 if successful,
365 * 1 if memory allocation failed
367 @@ -119,25 +134,31 @@
370 * \brief Return the number of least significant bits
372 + * \param X MPI to use
374 int mpi_lsb( mpi *X );
377 * \brief Return the number of most significant bits
379 + * \param X MPI to use
381 int mpi_msb( mpi *X );
384 * \brief Return the total size in bytes
386 + * \param X MPI to use
388 int mpi_size( mpi *X );
391 * \brief Import from an ASCII string
393 - * \param X destination mpi
394 - * \param radix input numeric base
395 - * \param s null-terminated string buffer
396 + * \param X Destination MPI
397 + * \param radix Input numeric base
398 + * \param s Null-terminated string buffer
400 * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
402 @@ -146,10 +167,10 @@
404 * \brief Export into an ASCII string
406 - * \param X source mpi
407 - * \param radix output numeric base
408 - * \param s string buffer
409 - * \param slen string buffer size
410 + * \param X Source MPI
411 + * \param radix Output numeric base
412 + * \param s String buffer
413 + * \param slen String buffer size
415 * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
417 @@ -161,21 +182,21 @@
419 * \brief Read X from an opened file
421 - * \param X destination mpi
422 - * \param radix input numeric base
423 - * \param fin input file handle
424 + * \param X Destination MPI
425 + * \param radix Input numeric base
426 + * \param fin Input file handle
428 * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
430 int mpi_read_file( mpi *X, int radix, FILE *fin );
433 - * \brief Write X into an opened file, or stdout
434 + * \brief Write X into an opened file, or stdout if fout is NULL
436 - * \param p prefix, can be NULL
437 - * \param X source mpi
438 - * \param radix output numeric base
439 - * \param fout output file handle
440 + * \param p Prefix, can be NULL
441 + * \param X Source MPI
442 + * \param radix Output numeric base
443 + * \param fout Output file handle (can be NULL)
445 * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
449 * \brief Import X from unsigned binary data, big endian
451 - * \param X destination mpi
452 - * \param buf input buffer
453 - * \param buflen input buffer size
454 + * \param X Destination MPI
455 + * \param buf Input buffer
456 + * \param buflen Input buffer size
458 * \return 0 if successful,
459 * 1 if memory allocation failed
460 @@ -198,21 +219,21 @@
462 * \brief Export X into unsigned binary data, big endian
464 - * \param X source mpi
465 - * \param buf output buffer
466 - * \param buflen output buffer size
467 + * \param X Source MPI
468 + * \param buf Output buffer
469 + * \param buflen Output buffer size
471 * \return 0 if successful,
472 * POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
474 - * \note Call this function with *buflen = 0 to obtain the
475 - * minimum required buffer size in *buflen.
477 int mpi_write_binary( mpi *X, unsigned char *buf, int buflen );
480 * \brief Left-shift: X <<= count
482 + * \param X MPI to shift
483 + * \param count Amount to shift
485 * \return 0 if successful,
486 * 1 if memory allocation failed
490 * \brief Right-shift: X >>= count
492 + * \param X MPI to shift
493 + * \param count Amount to shift
495 * \return 0 if successful,
496 * 1 if memory allocation failed
500 * \brief Compare unsigned values
502 + * \param X Left-hand MPI
503 + * \param Y Right-hand MPI
505 * \return 1 if |X| is greater than |Y|,
506 * -1 if |X| is lesser than |Y| or
507 * 0 if |X| is equal to |Y|
510 * \brief Compare signed values
512 + * \param X Left-hand MPI
513 + * \param Y Right-hand MPI
515 * \return 1 if X is greater than Y,
516 * -1 if X is lesser than Y or
517 * 0 if X is equal to Y
520 * \brief Compare signed values
522 + * \param X Left-hand MPI
523 + * \param z The integer value to compare to
525 * \return 1 if X is greater than z,
526 * -1 if X is lesser than z or
527 * 0 if X is equal to z
530 * \brief Unsigned addition: X = |A| + |B|
532 + * \param X Destination MPI
533 + * \param A Left-hand MPI
534 + * \param B Right-hand MPI
536 * \return 0 if successful,
537 * 1 if memory allocation failed
541 * \brief Unsigned substraction: X = |A| - |B|
543 + * \param X Destination MPI
544 + * \param A Left-hand MPI
545 + * \param B Right-hand MPI
547 * \return 0 if successful,
548 * POLARSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A
552 * \brief Signed addition: X = A + B
554 + * \param X Destination MPI
555 + * \param A Left-hand MPI
556 + * \param B Right-hand MPI
558 * \return 0 if successful,
559 * 1 if memory allocation failed
563 * \brief Signed substraction: X = A - B
565 + * \param X Destination MPI
566 + * \param A Left-hand MPI
567 + * \param B Right-hand MPI
569 * \return 0 if successful,
570 * 1 if memory allocation failed
574 * \brief Signed addition: X = A + b
576 + * \param X Destination MPI
577 + * \param A Left-hand MPI
578 + * \param b The integer value to add
580 * \return 0 if successful,
581 * 1 if memory allocation failed
585 * \brief Signed substraction: X = A - b
587 + * \param X Destination MPI
588 + * \param A Left-hand MPI
589 + * \param b The integer value to subtract
591 * \return 0 if successful,
592 * 1 if memory allocation failed
596 * \brief Baseline multiplication: X = A * B
598 + * \param X Destination MPI
599 + * \param A Left-hand MPI
600 + * \param B Right-hand MPI
602 * \return 0 if successful,
603 * 1 if memory allocation failed
608 * \brief Baseline multiplication: X = A * b
609 + * Note: b is an unsigned integer type, thus
610 + * Negative values of b are ignored.
612 + * \param X Destination MPI
613 + * \param A Left-hand MPI
614 + * \param b The integer value to multiply with
616 * \return 0 if successful,
617 * 1 if memory allocation failed
620 * \brief Division by mpi: A = Q * B + R
622 + * \param Q Destination MPI for the quotient
623 + * \param R Destination MPI for the rest value
624 + * \param A Left-hand MPI
625 + * \param B Right-hand MPI
627 * \return 0 if successful,
628 * 1 if memory allocation failed,
629 * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0
632 * \brief Division by int: A = Q * b + R
634 + * \param Q Destination MPI for the quotient
635 + * \param R Destination MPI for the rest value
636 + * \param A Left-hand MPI
637 + * \param b Integer to divide by
639 * \return 0 if successful,
640 * 1 if memory allocation failed,
641 * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
642 @@ -342,24 +419,40 @@
644 * \brief Modulo: R = A mod B
646 + * \param R Destination MPI for the rest value
647 + * \param A Left-hand MPI
648 + * \param B Right-hand MPI
650 * \return 0 if successful,
651 * 1 if memory allocation failed,
652 - * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0
653 + * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0,
654 + * POLARSSL_ERR_MPI_NEGATIVE_VALUE if B < 0
656 int mpi_mod_mpi( mpi *R, mpi *A, mpi *B );
659 * \brief Modulo: r = A mod b
661 + * \param a Destination t_int
662 + * \param A Left-hand MPI
663 + * \param b Integer to divide by
665 * \return 0 if successful,
666 * 1 if memory allocation failed,
667 - * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
668 + * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0,
669 + * POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0
671 int mpi_mod_int( t_int *r, mpi *A, int b );
674 * \brief Sliding-window exponentiation: X = A^E mod N
676 + * \param X Destination MPI
677 + * \param A Left-hand MPI
678 + * \param E Exponent MPI
679 + * \param N Modular MPI
680 + * \param _RR Speed-up MPI used for recalculations
682 * \return 0 if successful,
683 * 1 if memory allocation failed,
684 * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even
687 * \brief Greatest common divisor: G = gcd(A, B)
689 + * \param G Destination MPI
690 + * \param A Left-hand MPI
691 + * \param B Right-hand MPI
693 * \return 0 if successful,
694 * 1 if memory allocation failed
696 @@ -381,13 +478,46 @@
698 * \brief Modular inverse: X = A^-1 mod N
700 + * \param X Destination MPI
701 + * \param A Left-hand MPI
702 + * \param N Right-hand MPI
704 * \return 0 if successful,
705 * 1 if memory allocation failed,
706 * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
707 - * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
708 + POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
710 int mpi_inv_mod( mpi *X, mpi *A, mpi *N );
713 + * \brief Miller-Rabin primality test
715 + * \param X MPI to check
716 + * \param f_rng RNG function
717 + * \param p_rng RNG parameter
719 + * \return 0 if successful (probably prime),
720 + * 1 if memory allocation failed,
721 + * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime
723 +int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng );
726 + * \brief Prime number generation
728 + * \param X Destination MPI
729 + * \param nbits Required size of X in bits
730 + * \param dh_flag If 1, then (X-1)/2 will be prime too
731 + * \param f_rng RNG function
732 + * \param p_rng RNG parameter
734 + * \return 0 if successful (probably prime),
735 + * 1 if memory allocation failed,
736 + * POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
738 +int mpi_gen_prime( mpi *X, int nbits, int dh_flag,
739 + int (*f_rng)(void *), void *p_rng );
744 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/bn_mul.h src/pdkim/bn_mul.h
745 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/bn_mul.h 2009-06-10 09:34:05.000000000 +0200
746 +++ src/pdkim/bn_mul.h 2009-12-17 12:17:01.824459747 +0100
751 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
752 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
753 + * All rights reserved.
755 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
756 + * Joined copyright on original XySSL code with: Christophe Devine
758 * This program is free software; you can redistribute it and/or modify
759 * it under the terms of the GNU General Public License as published by
761 * . C, longlong . C, generic
764 -/* $Cambridge: exim/exim-src/src/pdkim/bn_mul.h,v 1.2 2009/06/10 07:34:05 tom Exp $ */
765 +/* $Cambridge: exim/exim-src/src/pdkim/bn_mul.h,v 1.3 2009/12/07 13:05:07 tom Exp $ */
767 #ifndef POLARSSL_BN_MUL_H
768 #define POLARSSL_BN_MUL_H
769 @@ -44,105 +45,120 @@
770 #if defined(__GNUC__)
771 #if defined(__i386__)
773 -#define MULADDC_INIT \
774 - asm( "movl %%ebx, %0 " : "=m" (t)); \
775 - asm( "movl %0, %%esi " :: "m" (s)); \
776 - asm( "movl %0, %%edi " :: "m" (d)); \
777 - asm( "movl %0, %%ecx " :: "m" (c)); \
778 - asm( "movl %0, %%ebx " :: "m" (b));
780 -#define MULADDC_CORE \
782 - asm( "mull %ebx " ); \
783 - asm( "addl %ecx, %eax " ); \
784 - asm( "adcl $0, %edx " ); \
785 - asm( "addl (%edi), %eax " ); \
786 - asm( "adcl $0, %edx " ); \
787 - asm( "movl %edx, %ecx " ); \
789 +#define MULADDC_INIT \
798 +#define MULADDC_CORE \
802 + addl %%ecx, %%eax; \
804 + addl (%%edi), %%eax; \
806 + movl %%edx, %%ecx; \
810 #if defined(POLARSSL_HAVE_SSE2)
812 -#define MULADDC_HUIT \
813 - asm( "movd %ecx, %mm1 " ); \
814 - asm( "movd %ebx, %mm0 " ); \
815 - asm( "movd (%edi), %mm3 " ); \
816 - asm( "paddq %mm3, %mm1 " ); \
817 - asm( "movd (%esi), %mm2 " ); \
818 - asm( "pmuludq %mm0, %mm2 " ); \
819 - asm( "movd 4(%esi), %mm4 " ); \
820 - asm( "pmuludq %mm0, %mm4 " ); \
821 - asm( "movd 8(%esi), %mm6 " ); \
822 - asm( "pmuludq %mm0, %mm6 " ); \
823 - asm( "movd 12(%esi), %mm7 " ); \
824 - asm( "pmuludq %mm0, %mm7 " ); \
825 - asm( "paddq %mm2, %mm1 " ); \
826 - asm( "movd 4(%edi), %mm3 " ); \
827 - asm( "paddq %mm4, %mm3 " ); \
828 - asm( "movd 8(%edi), %mm5 " ); \
829 - asm( "paddq %mm6, %mm5 " ); \
830 - asm( "movd 12(%edi), %mm4 " ); \
831 - asm( "paddq %mm4, %mm7 " ); \
832 - asm( "movd %mm1, (%edi) " ); \
833 - asm( "movd 16(%esi), %mm2 " ); \
834 - asm( "pmuludq %mm0, %mm2 " ); \
835 - asm( "psrlq $32, %mm1 " ); \
836 - asm( "movd 20(%esi), %mm4 " ); \
837 - asm( "pmuludq %mm0, %mm4 " ); \
838 - asm( "paddq %mm3, %mm1 " ); \
839 - asm( "movd 24(%esi), %mm6 " ); \
840 - asm( "pmuludq %mm0, %mm6 " ); \
841 - asm( "movd %mm1, 4(%edi) " ); \
842 - asm( "psrlq $32, %mm1 " ); \
843 - asm( "movd 28(%esi), %mm3 " ); \
844 - asm( "pmuludq %mm0, %mm3 " ); \
845 - asm( "paddq %mm5, %mm1 " ); \
846 - asm( "movd 16(%edi), %mm5 " ); \
847 - asm( "paddq %mm5, %mm2 " ); \
848 - asm( "movd %mm1, 8(%edi) " ); \
849 - asm( "psrlq $32, %mm1 " ); \
850 - asm( "paddq %mm7, %mm1 " ); \
851 - asm( "movd 20(%edi), %mm5 " ); \
852 - asm( "paddq %mm5, %mm4 " ); \
853 - asm( "movd %mm1, 12(%edi) " ); \
854 - asm( "psrlq $32, %mm1 " ); \
855 - asm( "paddq %mm2, %mm1 " ); \
856 - asm( "movd 24(%edi), %mm5 " ); \
857 - asm( "paddq %mm5, %mm6 " ); \
858 - asm( "movd %mm1, 16(%edi) " ); \
859 - asm( "psrlq $32, %mm1 " ); \
860 - asm( "paddq %mm4, %mm1 " ); \
861 - asm( "movd 28(%edi), %mm5 " ); \
862 - asm( "paddq %mm5, %mm3 " ); \
863 - asm( "movd %mm1, 20(%edi) " ); \
864 - asm( "psrlq $32, %mm1 " ); \
865 - asm( "paddq %mm6, %mm1 " ); \
866 - asm( "movd %mm1, 24(%edi) " ); \
867 - asm( "psrlq $32, %mm1 " ); \
868 - asm( "paddq %mm3, %mm1 " ); \
869 - asm( "movd %mm1, 28(%edi) " ); \
870 - asm( "addl $32, %edi " ); \
871 - asm( "addl $32, %esi " ); \
872 - asm( "psrlq $32, %mm1 " ); \
873 - asm( "movd %mm1, %ecx " );
875 -#define MULADDC_STOP \
877 - asm( "movl %0, %%ebx " :: "m" (t)); \
878 - asm( "movl %%ecx, %0 " : "=m" (c)); \
879 - asm( "movl %%edi, %0 " : "=m" (d)); \
880 - asm( "movl %%esi, %0 " : "=m" (s) :: \
881 - "eax", "ecx", "edx", "esi", "edi" );
882 +#define MULADDC_HUIT \
884 + movd %%ecx, %%mm1; \
885 + movd %%ebx, %%mm0; \
886 + movd (%%edi), %%mm3; \
887 + paddq %%mm3, %%mm1; \
888 + movd (%%esi), %%mm2; \
889 + pmuludq %%mm0, %%mm2; \
890 + movd 4(%%esi), %%mm4; \
891 + pmuludq %%mm0, %%mm4; \
892 + movd 8(%%esi), %%mm6; \
893 + pmuludq %%mm0, %%mm6; \
894 + movd 12(%%esi), %%mm7; \
895 + pmuludq %%mm0, %%mm7; \
896 + paddq %%mm2, %%mm1; \
897 + movd 4(%%edi), %%mm3; \
898 + paddq %%mm4, %%mm3; \
899 + movd 8(%%edi), %%mm5; \
900 + paddq %%mm6, %%mm5; \
901 + movd 12(%%edi), %%mm4; \
902 + paddq %%mm4, %%mm7; \
903 + movd %%mm1, (%%edi); \
904 + movd 16(%%esi), %%mm2; \
905 + pmuludq %%mm0, %%mm2; \
906 + psrlq $32, %%mm1; \
907 + movd 20(%%esi), %%mm4; \
908 + pmuludq %%mm0, %%mm4; \
909 + paddq %%mm3, %%mm1; \
910 + movd 24(%%esi), %%mm6; \
911 + pmuludq %%mm0, %%mm6; \
912 + movd %%mm1, 4(%%edi); \
913 + psrlq $32, %%mm1; \
914 + movd 28(%%esi), %%mm3; \
915 + pmuludq %%mm0, %%mm3; \
916 + paddq %%mm5, %%mm1; \
917 + movd 16(%%edi), %%mm5; \
918 + paddq %%mm5, %%mm2; \
919 + movd %%mm1, 8(%%edi); \
920 + psrlq $32, %%mm1; \
921 + paddq %%mm7, %%mm1; \
922 + movd 20(%%edi), %%mm5; \
923 + paddq %%mm5, %%mm4; \
924 + movd %%mm1, 12(%%edi); \
925 + psrlq $32, %%mm1; \
926 + paddq %%mm2, %%mm1; \
927 + movd 24(%%edi), %%mm5; \
928 + paddq %%mm5, %%mm6; \
929 + movd %%mm1, 16(%%edi); \
930 + psrlq $32, %%mm1; \
931 + paddq %%mm4, %%mm1; \
932 + movd 28(%%edi), %%mm5; \
933 + paddq %%mm5, %%mm3; \
934 + movd %%mm1, 20(%%edi); \
935 + psrlq $32, %%mm1; \
936 + paddq %%mm6, %%mm1; \
937 + movd %%mm1, 24(%%edi); \
938 + psrlq $32, %%mm1; \
939 + paddq %%mm3, %%mm1; \
940 + movd %%mm1, 28(%%edi); \
943 + psrlq $32, %%mm1; \
944 + movd %%mm1, %%ecx; \
947 +#define MULADDC_STOP \
955 + : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
956 + : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
957 + : "eax", "ecx", "edx", "esi", "edi" \
962 -#define MULADDC_STOP \
963 - asm( "movl %0, %%ebx " :: "m" (t)); \
964 - asm( "movl %%ecx, %0 " : "=m" (c)); \
965 - asm( "movl %%edi, %0 " : "=m" (d)); \
966 - asm( "movl %%esi, %0 " : "=m" (s) :: \
967 - "eax", "ecx", "edx", "esi", "edi" );
969 +#define MULADDC_STOP \
976 + : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
977 + : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
978 + : "eax", "ecx", "edx", "esi", "edi" \
983 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/pdkim.c src/pdkim/pdkim.c
984 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/pdkim.c 2009-11-23 13:34:51.000000000 +0100
985 +++ src/pdkim/pdkim.c 2009-12-17 12:17:01.824459747 +0100
987 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
990 -/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.11 2009/11/23 12:34:51 nm4 Exp $ */
991 +/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.12 2009/12/07 13:05:07 tom Exp $ */
996 pub->srvtype = strdup(cur_val->str);
999 - if (strchr(cur_val->str,'t') != NULL) pub->testing = 1;
1000 + if (strchr(cur_val->str,'y') != NULL) pub->testing = 1;
1001 if (strchr(cur_val->str,'s') != NULL) pub->no_subdomaining = 1;
1004 @@ -1304,7 +1304,7 @@
1006 if (ctx->debug_stream)
1007 fprintf(ctx->debug_stream,
1008 - "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1009 + "\nPDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
1013 @@ -1494,7 +1494,7 @@
1015 if (rsa_pkcs1_sign( &rsa, RSA_PRIVATE,
1016 ((sig->algo == PDKIM_ALGO_RSA_SHA1)?
1017 - RSA_SHA1:RSA_SHA256),
1018 + SIG_RSA_SHA1:SIG_RSA_SHA256),
1020 (unsigned char *)headerhash,
1021 (unsigned char *)sig->sigdata ) != 0) {
1022 @@ -1588,7 +1588,7 @@
1023 if (rsa_pkcs1_verify(&rsa,
1025 ((sig->algo == PDKIM_ALGO_RSA_SHA1)?
1026 - RSA_SHA1:RSA_SHA256),
1027 + SIG_RSA_SHA1:SIG_RSA_SHA256),
1029 (unsigned char *)headerhash,
1030 (unsigned char *)sig->sigdata) != 0) {
1031 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/rsa.c src/pdkim/rsa.c
1032 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/rsa.c 2009-06-10 09:34:05.000000000 +0200
1033 +++ src/pdkim/rsa.c 2009-12-17 12:17:01.824459747 +0100
1036 * The RSA public-key cryptosystem
1038 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
1039 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
1040 + * All rights reserved.
1042 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
1043 + * Joined copyright on original XySSL code with: Christophe Devine
1045 * This program is free software; you can redistribute it and/or modify
1046 * it under the terms of the GNU General Public License as published by
1048 * http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
1051 -/* $Cambridge: exim/exim-src/src/pdkim/rsa.c,v 1.2 2009/06/10 07:34:05 tom Exp $ */
1052 +/* $Cambridge: exim/exim-src/src/pdkim/rsa.c,v 1.3 2009/12/07 13:05:07 tom Exp $ */
1060 +/* *************** begin copy from x509parse.c ********************/
1062 * ASN.1 DER decoding routines
1068 +/* *************** end copy from x509parse.c ********************/
1075 int rsa_check_pubkey( rsa_context *ctx )
1077 + if( !ctx->N.p || !ctx->E.p )
1078 + return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
1080 if( ( ctx->N.p[0] & 1 ) == 0 ||
1081 ( ctx->E.p[0] & 1 ) == 0 )
1082 return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
1084 if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
1087 + if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
1088 + return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
1090 mpi_init( &PQ, &DE, &P1, &Q1, &H, &I, &G, NULL );
1092 MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
1093 @@ -355,11 +365,11 @@
1094 int mode, int *olen,
1095 unsigned char *input,
1096 unsigned char *output,
1097 - int output_max_len)
1098 + int output_max_len)
1102 - unsigned char buf[512];
1103 + unsigned char buf[1024];
1110 if (ilen - (int)(p - buf) > output_max_len)
1111 - return( POLARSSL_ERR_RSA_OUTPUT_TO_LARGE );
1112 + return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
1114 *olen = ilen - (int)(p - buf);
1115 memcpy( output, p, *olen );
1116 @@ -426,24 +436,37 @@
1122 nb_pad = olen - 3 - hashlen;
1128 - nb_pad = olen - 3 - 16 - 18;
1132 + nb_pad = olen - 3 - 34;
1135 + case SIG_RSA_SHA1:
1136 + nb_pad = olen - 3 - 35;
1139 + case SIG_RSA_SHA224:
1140 + nb_pad = olen - 3 - 47;
1144 - nb_pad = olen - 3 - 20 - 15;
1145 + case SIG_RSA_SHA256:
1146 + nb_pad = olen - 3 - 51;
1150 - nb_pad = olen - 3 - 32 - 19;
1151 + case SIG_RSA_SHA384:
1152 + nb_pad = olen - 3 - 67;
1155 + case SIG_RSA_SHA512:
1156 + nb_pad = olen - 3 - 83;
1161 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
1163 @@ -465,34 +488,49 @@
1169 memcpy( p, hash, hashlen );
1174 memcpy( p, ASN1_HASH_MDX, 18 );
1175 memcpy( p + 18, hash, 16 );
1180 memcpy( p, ASN1_HASH_MDX, 18 );
1181 memcpy( p + 18, hash, 16 );
1186 memcpy( p, ASN1_HASH_MDX, 18 );
1187 memcpy( p + 18, hash, 16 );
1191 + case SIG_RSA_SHA1:
1192 memcpy( p, ASN1_HASH_SHA1, 15 );
1193 memcpy( p + 15, hash, 20 );
1197 - memcpy( p, ASN1_HASH_SHA256, 19 );
1198 + case SIG_RSA_SHA224:
1199 + memcpy( p, ASN1_HASH_SHA2X, 19 );
1200 + memcpy( p + 19, hash, 28 );
1201 + p[1] += 28; p[14] = 4; p[18] += 28; break;
1203 + case SIG_RSA_SHA256:
1204 + memcpy( p, ASN1_HASH_SHA2X, 19 );
1205 memcpy( p + 19, hash, 32 );
1207 + p[1] += 32; p[14] = 1; p[18] += 32; break;
1209 + case SIG_RSA_SHA384:
1210 + memcpy( p, ASN1_HASH_SHA2X, 19 );
1211 + memcpy( p + 19, hash, 48 );
1212 + p[1] += 48; p[14] = 2; p[18] += 48; break;
1214 + case SIG_RSA_SHA512:
1215 + memcpy( p, ASN1_HASH_SHA2X, 19 );
1216 + memcpy( p + 19, hash, 64 );
1217 + p[1] += 64; p[14] = 3; p[18] += 64; break;
1220 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
1223 int ret, len, siglen;
1224 unsigned char *p, c;
1225 - unsigned char buf[512];
1226 + unsigned char buf[1024];
1231 if( memcmp( p, ASN1_HASH_MDX, 18 ) != 0 )
1232 return( POLARSSL_ERR_RSA_VERIFY_FAILED );
1234 - if( ( c == 2 && hash_id == RSA_MD2 ) ||
1235 - ( c == 4 && hash_id == RSA_MD4 ) ||
1236 - ( c == 5 && hash_id == RSA_MD5 ) )
1237 + if( ( c == 2 && hash_id == SIG_RSA_MD2 ) ||
1238 + ( c == 4 && hash_id == SIG_RSA_MD4 ) ||
1239 + ( c == 5 && hash_id == SIG_RSA_MD5 ) )
1241 if( memcmp( p + 18, hash, 16 ) == 0 )
1247 - if( len == 35 && hash_id == RSA_SHA1 )
1248 + if( len == 35 && hash_id == SIG_RSA_SHA1 )
1250 if( memcmp( p, ASN1_HASH_SHA1, 15 ) == 0 &&
1251 memcmp( p + 15, hash, 20 ) == 0 )
1252 @@ -581,17 +619,24 @@
1254 return( POLARSSL_ERR_RSA_VERIFY_FAILED );
1257 - if( len == 51 && hash_id == RSA_SHA256 )
1259 - if( memcmp( p, ASN1_HASH_SHA256, 19 ) == 0 &&
1260 - memcmp( p + 19, hash, 32 ) == 0 )
1261 + if( ( len == 19 + 28 && p[14] == 4 && hash_id == SIG_RSA_SHA224 ) ||
1262 + ( len == 19 + 32 && p[14] == 1 && hash_id == SIG_RSA_SHA256 ) ||
1263 + ( len == 19 + 48 && p[14] == 2 && hash_id == SIG_RSA_SHA384 ) ||
1264 + ( len == 19 + 64 && p[14] == 3 && hash_id == SIG_RSA_SHA512 ) )
1271 + memcmp( p, ASN1_HASH_SHA2X, 18 ) == 0 &&
1272 + memcmp( p + 19, hash, c ) == 0 )
1275 return( POLARSSL_ERR_RSA_VERIFY_FAILED );
1278 - if( len == hashlen && hash_id == RSA_RAW )
1279 + if( len == hashlen && hash_id == SIG_RSA_RAW )
1281 if( memcmp( p, hash, hashlen ) == 0 )
1284 &ctx->E, &ctx->N, NULL );
1289 * Parse a public RSA key
1291 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/rsa.h src/pdkim/rsa.h
1292 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/rsa.h 2009-06-10 09:34:05.000000000 +0200
1293 +++ src/pdkim/rsa.h 2009-12-17 12:17:01.824459747 +0100
1298 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
1299 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
1300 + * All rights reserved.
1302 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
1303 + * Joined copyright on original XySSL code with: Christophe Devine
1305 * This program is free software; you can redistribute it and/or modify
1306 * it under the terms of the GNU General Public License as published by
1308 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
1311 -/* $Cambridge: exim/exim-src/src/pdkim/rsa.h,v 1.2 2009/06/10 07:34:05 tom Exp $ */
1312 +/* $Cambridge: exim/exim-src/src/pdkim/rsa.h,v 1.3 2009/12/07 13:05:07 tom Exp $ */
1314 #ifndef POLARSSL_RSA_H
1315 #define POLARSSL_RSA_H
1322 #define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x0400
1323 #define POLARSSL_ERR_RSA_INVALID_PADDING -0x0410
1324 #define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x0420
1326 #define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x0440
1327 #define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x0450
1328 #define POLARSSL_ERR_RSA_VERIFY_FAILED -0x0460
1329 -#define POLARSSL_ERR_RSA_OUTPUT_TO_LARGE -0x0470
1330 +#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x0470
1332 -#define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0014
1333 -#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016
1334 -#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018
1335 -#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A
1336 -#define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C
1337 +/* *************** begin copy from x509.h ************************/
1339 + * ASN1 Error codes
1341 + * These error codes will be OR'ed to X509 error codes for
1342 + * higher error granularity.
1344 +#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014
1345 +#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016
1346 +#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018
1347 +#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A
1348 +#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C
1351 + * X509 Error codes
1353 #define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
1354 #define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040
1355 #define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
1356 @@ -90,15 +104,20 @@
1357 #define ASN1_CONSTRUCTED 0x20
1358 #define ASN1_CONTEXT_SPECIFIC 0x80
1360 +/* *************** end copy from x509.h ************************/
1370 -#define RSA_SHA256 6
1371 +#define SIG_RSA_RAW 0
1372 +#define SIG_RSA_MD2 2
1373 +#define SIG_RSA_MD4 3
1374 +#define SIG_RSA_MD5 4
1375 +#define SIG_RSA_SHA1 5
1376 +#define SIG_RSA_SHA224 14
1377 +#define SIG_RSA_SHA256 11
1378 +#define SIG_RSA_SHA384 12
1379 +#define SIG_RSA_SHA512 13
1381 #define RSA_PUBLIC 0
1382 #define RSA_PRIVATE 1
1383 @@ -109,6 +128,29 @@
1387 +#define ASN1_STR_CONSTRUCTED_SEQUENCE "\x30"
1388 +#define ASN1_STR_NULL "\x05"
1389 +#define ASN1_STR_OID "\x06"
1390 +#define ASN1_STR_OCTET_STRING "\x04"
1392 +#define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00"
1393 +#define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a"
1394 +#define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x00"
1396 +#define OID_ISO_MEMBER_BODIES "\x2a"
1397 +#define OID_ISO_IDENTIFIED_ORG "\x2b"
1400 + * ISO Member bodies OID parts
1402 +#define OID_COUNTRY_US "\x86\x48"
1403 +#define OID_RSA_DATA_SECURITY "\x86\xf7\x0d"
1406 + * ISO Identified organization OID parts
1408 +#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a"
1411 * DigestInfo ::= SEQUENCE {
1412 * digestAlgorithm DigestAlgorithmIdentifier,
1413 @@ -118,18 +160,31 @@
1415 * Digest ::= OCTET STRING
1417 -#define ASN1_HASH_MDX \
1418 - "\x30\x20\x30\x0C\x06\x08\x2A\x86\x48" \
1419 - "\x86\xF7\x0D\x02\x00\x05\x00\x04\x10"
1421 -#define ASN1_HASH_SHA1 \
1422 - "\x30\x21\x30\x09\x06\x05\x2B\x0E\x03" \
1423 - "\x02\x1A\x05\x00\x04\x14"
1425 -#define ASN1_HASH_SHA256 \
1426 - "\x30\x31\x30\x0d\x06\x09\x60\x86\x48" \
1427 - "\x01\x65\x03\x04\x02\x01\x05\x00\x04" \
1429 +#define ASN1_HASH_MDX \
1431 + ASN1_STR_CONSTRUCTED_SEQUENCE "\x20" \
1432 + ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C" \
1433 + ASN1_STR_OID "\x08" \
1434 + OID_DIGEST_ALG_MDX \
1435 + ASN1_STR_NULL "\x00" \
1436 + ASN1_STR_OCTET_STRING "\x10" \
1439 +#define ASN1_HASH_SHA1 \
1440 + ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \
1441 + ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \
1442 + ASN1_STR_OID "\x05" \
1443 + OID_HASH_ALG_SHA1 \
1444 + ASN1_STR_NULL "\x00" \
1445 + ASN1_STR_OCTET_STRING "\x14"
1447 +#define ASN1_HASH_SHA2X \
1448 + ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \
1449 + ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \
1450 + ASN1_STR_OID "\x09" \
1451 + OID_HASH_ALG_SHA2X \
1452 + ASN1_STR_NULL "\x00" \
1453 + ASN1_STR_OCTET_STRING "\x00"
1456 * \brief RSA context structure
1458 * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
1460 * \note This function does NOT take care of message
1461 - * padding. Also, be sure to set input[0] = 0.
1462 + * padding. Also, be sure to set input[0] = 0 or assure that
1463 + * input is smaller than N.
1465 * \note The input and output buffers must be large
1466 * enough (eg. 128 bytes if RSA-1024 is used).
1469 * \param ctx RSA context
1470 * \param mode RSA_PUBLIC or RSA_PRIVATE
1471 - * \param ilen contains the the plaintext length
1472 + * \param ilen contains the plaintext length
1473 * \param input buffer holding the data to be encrypted
1474 * \param output buffer that will hold the ciphertext
1477 * \param input buffer holding the encrypted data
1478 * \param output buffer that will hold the plaintext
1479 * \param olen will contain the plaintext length
1480 - * \param output_max_len maximum length of the output buffer
1481 + * \param output_max_len maximum length of the output buffer
1483 * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
1485 @@ -291,15 +347,15 @@
1486 int mode, int *olen,
1487 unsigned char *input,
1488 unsigned char *output,
1489 - int output_max_len);
1490 + int output_max_len );
1493 * \brief Do a private RSA to sign a message digest
1495 * \param ctx RSA context
1496 * \param mode RSA_PUBLIC or RSA_PRIVATE
1497 - * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256}
1498 - * \param hashlen message digest length (for RSA_RAW only)
1499 + * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512}
1500 + * \param hashlen message digest length (for SIG_RSA_RAW only)
1501 * \param hash buffer holding the message digest
1502 * \param sig buffer that will hold the ciphertext
1506 * \param ctx points to an RSA public key
1507 * \param mode RSA_PUBLIC or RSA_PRIVATE
1508 - * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256}
1509 - * \param hashlen message digest length (for RSA_RAW only)
1510 + * \param hash_id SIG_RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256}
1511 + * \param hashlen message digest length (for SIG_RSA_RAW only)
1512 * \param hash buffer holding the message digest
1513 * \param sig buffer holding the ciphertext
1518 * \brief Free the components of an RSA key
1520 + * \param ctx RSA Context to free
1522 void rsa_free( rsa_context *ctx );
1524 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/sha1.c src/pdkim/sha1.c
1525 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/sha1.c 2009-06-10 09:34:05.000000000 +0200
1526 +++ src/pdkim/sha1.c 2009-12-17 12:17:01.824459747 +0100
1529 * FIPS-180-1 compliant SHA-1 implementation
1531 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
1532 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
1533 + * All rights reserved.
1535 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
1536 + * Joined copyright on original XySSL code with: Christophe Devine
1538 * This program is free software; you can redistribute it and/or modify
1539 * it under the terms of the GNU General Public License as published by
1541 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
1544 -/* $Cambridge: exim/exim-src/src/pdkim/sha1.c,v 1.2 2009/06/10 07:34:05 tom Exp $ */
1545 +/* $Cambridge: exim/exim-src/src/pdkim/sha1.c,v 1.3 2009/12/07 13:05:07 tom Exp $ */
1551 * output = SHA-1( input buffer )
1553 -void sha1_oneshot( unsigned char *input, int ilen, unsigned char output[20] )
1554 +void sha1( unsigned char *input, int ilen, unsigned char output[20] )
1562 - sha1_oneshot( key, keylen, sum );
1563 + sha1( key, keylen, sum );
1567 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/sha1.h src/pdkim/sha1.h
1568 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/sha1.h 2009-06-10 09:34:05.000000000 +0200
1569 +++ src/pdkim/sha1.h 2009-12-17 12:17:01.824459747 +0100
1574 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
1575 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
1576 + * All rights reserved.
1578 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
1579 + * Joined copyright on original XySSL code with: Christophe Devine
1581 * This program is free software; you can redistribute it and/or modify
1582 * it under the terms of the GNU General Public License as published by
1584 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
1587 -/* $Cambridge: exim/exim-src/src/pdkim/sha1.h,v 1.2 2009/06/10 07:34:05 tom Exp $ */
1588 +/* $Cambridge: exim/exim-src/src/pdkim/sha1.h,v 1.3 2009/12/07 13:05:07 tom Exp $ */
1590 #ifndef POLARSSL_SHA1_H
1591 #define POLARSSL_SHA1_H
1594 * \brief SHA-1 context structure
1597 #ifndef HAVE_SHA1_CONTEXT
1598 #define HAVE_SHA1_CONTEXT
1599 typedef struct sha1_context sha1_context;
1601 unsigned char opad[64]; /*!< HMAC: outer padding */
1609 * \param ilen length of the input data
1610 * \param output SHA-1 checksum result
1612 -void sha1_oneshot( unsigned char *input, int ilen, unsigned char output[20] );
1613 +void sha1( unsigned char *input, int ilen, unsigned char output[20] );
1616 * \brief Output = SHA-1( file contents )
1617 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/sha2.c src/pdkim/sha2.c
1618 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/sha2.c 2009-06-10 09:34:05.000000000 +0200
1619 +++ src/pdkim/sha2.c 2009-12-17 12:17:01.824459747 +0100
1622 * FIPS-180-2 compliant SHA-256 implementation
1624 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
1625 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
1626 + * All rights reserved.
1628 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
1629 + * Joined copyright on original XySSL code with: Christophe Devine
1631 * This program is free software; you can redistribute it and/or modify
1632 * it under the terms of the GNU General Public License as published by
1634 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
1637 -/* $Cambridge: exim/exim-src/src/pdkim/sha2.c,v 1.2 2009/06/10 07:34:05 tom Exp $ */
1638 +/* $Cambridge: exim/exim-src/src/pdkim/sha2.c,v 1.3 2009/12/07 13:05:07 tom Exp $ */
1642 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/sha2.h src/pdkim/sha2.h
1643 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/pdkim/sha2.h 2009-06-10 09:34:05.000000000 +0200
1644 +++ src/pdkim/sha2.h 2009-12-17 12:17:01.824459747 +0100
1649 - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
1650 + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
1651 + * All rights reserved.
1653 - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
1654 + * Joined copyright on original XySSL code with: Christophe Devine
1656 * This program is free software; you can redistribute it and/or modify
1657 * it under the terms of the GNU General Public License as published by
1659 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
1662 -/* $Cambridge: exim/exim-src/src/pdkim/sha2.h,v 1.2 2009/06/10 07:34:05 tom Exp $ */
1663 +/* $Cambridge: exim/exim-src/src/pdkim/sha2.h,v 1.3 2009/12/07 13:05:07 tom Exp $ */
1665 #ifndef POLARSSL_SHA2_H
1666 #define POLARSSL_SHA2_H
1667 diff -ur /home/users/arekm/rpm/packages/exim/exim-4.71/src/transport.c src/transport.c
1668 --- /home/users/arekm/rpm/packages/exim/exim-4.71/src/transport.c 2009-11-16 20:50:37.000000000 +0100
1669 +++ src/transport.c 2009-12-17 12:17:01.902130465 +0100
1671 -/* $Cambridge: exim/exim-src/src/transport.c,v 1.25 2009/11/16 19:50:37 nm4 Exp $ */
1672 +/* $Cambridge: exim/exim-src/src/transport.c,v 1.26 2009/12/15 08:23:15 tom Exp $ */
1674 /*************************************************
1675 * Exim - an Internet mail transport agent *
1676 @@ -1034,7 +1034,9 @@
1677 if (dkim_strict_result != NULL) {
1678 if ( (strcmpic(dkim_strict,US"1") == 0) ||
1679 (strcmpic(dkim_strict,US"true") == 0) ) {
1680 - save_errno = errno;
1681 + /* Set errno to something halfway meaningful */
1682 + save_errno = EACCES;
1683 + log_write(0, LOG_MAIN, "DKIM: message could not be signed, and dkim_strict is set. Deferring message delivery.");