[exim-dev] [Bug 1781] New: DKIM: signing failed (RC -101) wi…

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMM 
admin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1781] New: DKIM: signing failed (RC -101) with certain private keys (base64 data ending in =)
https://bugs.exim.org/show_bug.cgi?id=1781 

            Bug ID: 1781
           Summary: DKIM: signing failed (RC -101) with certain private
                    keys (base64 data ending in =)
           Product: Exim
           Version: 4.86+ HEAD
          Hardware: x86-64
                OS: OpenBSD
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom@???
          Reporter: km@???
                CC: exim-dev@???


After putting RC3 in production yesterday, I noticed following in the panic
log:

2016-01-19 09:52:20 1aLS1T-0001rn-8S DKIM: signing failed (RC -101)
2016-01-19 19:37:59 1aLbAA-0003vd-Ol DKIM: signing failed (RC -101)
2016-01-19 20:16:15 1aLblG-0000Na-2I DKIM: signing failed (RC -101)
2016-01-21 17:59:45 1aMIaG-0001WD-E9 DKIM: signing failed (RC -101)
2016-01-21 21:04:24 1aMLSx-00071m-P8 DKIM: signing failed (RC -101)
2016-01-21 21:05:35 1aMLTh-0006yA-4x DKIM: signing failed (RC -101)
2016-01-21 21:07:36 1aMLVi-0003U2-0s DKIM: signing failed (RC -101)

This error doesn't happen on 4.86.

Test 4503 ran fine, no errors.

I traced the error to be related to the private key. If the DKIM key base64
encoded data end with = (one or ==), then DKIM signing panics. First, I copied
aux-fixed/dkim/dkim.private to my box and the panic disappeared. Then I
generated new key on my box and the panic came back. Then I compared the keys.

Then I generated a key with = at the end and re-run the test:

>>> The following tests require: support DKIM
Domain-Keys-Identified-Mail/4503 DKIM signing
Test 2
** spool/log/paniclog is not empty
Continue, Show, or Quit? [Q]

2016-01-21 22:58:24 1aMNFI-0002Ja-Ge DKIM: signing failed (RC -101)

The key used in the test looked like this:

-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCuE+HlrUoGET+blZGCkT4HHNCOm7qJPYAeXM5WtpLBP9UtWV+4
jjQJDB8CRTG79GxFizemk1dhgmbtO98LC9x2sq/M6m+jcjrUsZImk/eBTbuPQFvB
Ss6vZysacNHTatKyemjgC5VyyaVBraqEFAIcMxXQKV2mKaL7Y75C1bSuMwIDAQAB
AoGALArBu39VXCWfBzkXQIaIv/ntVjdWQYS61nO6jLvSc2w3/io/io0H40YazlM9
WwVjI1EuuklK8VOxwNHGA6BznXU8g8V3UuUKyHp+PZ6sDj+7RMlQH1GbBqvKCTs8
QElbgdsV1K91sIasmEV1rzOuhbM8cYSzcCvacOm1uX1nCKECQQDkr7c2l44xM/HC
Jn7wGFPGltUr3iY9Dl/xXqpFxHDNpVq6bPy1XNXkgHYWCfclsO5CBEuDh3d3+csz
rk1JEpYDAkEAwt51LgeZjFhWI7PY+GBcNFGZ4Ueav8bx7m5J48rNec8JL3IMijsF
iZYi7pEdyvMl2u0Zul8lnHQEyQ55UoLoEQJADj2G6iZb22KBrnZZNzg8l0QzOA0Y
Unr/rHcZoUiPQa8HTE6XGfAS/aymLc8nDbjLzV6ZGTKpVNZAOhKji2ZV4wJAANjw
z4Nu8oJL1ZnpnqLko8GbFrS2ApF96diG77upCxeQZalsTomVK5UAj+MHqyNFjd8s
FnhldHm4r5slgetZ0QJACAp2+nu3GI/poV7kcaoevvV9iUm5pbNaW0v/MNkuQ9PQ
gJK2TDNIQsirEEWLfHjfzcQj+9K7fDI8iN33jEFqSQ==
-----END RSA PRIVATE KEY-----

Once I created a key without =, the test ran fine again (apart from telling me
about the different output).

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] Cutthrough routing: data loss on client side error[exim-dev] [Bug 1781] DKIM: signing failed (RC -101) with certain private keys (base64 data ending in =)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)