Report public key too small only when message otherwise passes.

dkim/__init__.py

@@ -545,8 +545,6 @@ class DKIM(object):
     try:
         pk = parse_public_key(base64.b64decode(pub[b'p']))
         self.keysize = bitsize(pk['modulus'])
-        if self.keysize < self.minkey:
-          raise KeyFormatError("public key too small: %d" % self.keysize)
     except KeyError:
         raise KeyFormatError("incomplete public key: %s" % s)
     except (TypeError,UnparsableKeyError) as e:
@@ -564,7 +562,10 @@ class DKIM(object):
         h, canon_policy, headers, include_headers, sigheaders[idx], sig)
     try:
         signature = base64.b64decode(re.sub(br"\s+", b"", sig[b'b']))
-        return RSASSA_PKCS1_v1_5_verify(h, signature, pk)
+        res = RSASSA_PKCS1_v1_5_verify(h, signature, pk)
+        if res and self.keysize < self.minkey:
+          raise KeyFormatError("public key too small: %d" % self.keysize)
+        return res
     except (TypeError,DigestTooLargeError) as e:
         raise KeyFormatError("digest too large for modulus: %s"%e)
 

packaging/pydkim.spec

@@ -45,7 +45,8 @@ rm -rf $RPM_BUILD_ROOT
 
 %changelog
 * Sat Apr 21 2012 Stuart Gathman <stuart@bmsi.com> 0.5.3-1
-- Raise KeyFormatError when public key less than 1024 bits
+- Raise KeyFormatError when public key less than 1024 bits by default
+- Fix TAB in FWS bug
 
 * Sat Apr 21 2012 Stuart Gathman <stuart@bmsi.com> 0.5.2-1
 - Fix sha1 hash, Bug #969206