Commit Diff


commit - 645116d4e692f0696f0918e705c80a8e0e2e35da
commit + c45570465634b62926ee7e196568b1c801c1d771
blob - 1c32695a9a8eaba8f30225133c48ddfdf0ca268e
blob + c7af2ef576381355cc60edf461252b87b32a5771
--- main.c
+++ main.c
@@ -48,19 +48,19 @@
  * Use RFC8601 (Authentication-Results) codes instead of RFC6376 codes,
  * since they're more expressive.
  */
-enum dkim_state {
-	DKIM_UNKNOWN,
-	DKIM_PASS,
-	DKIM_FAIL,
-	DKIM_POLICY,
-	DKIM_NEUTRAL,
-	DKIM_TEMPERROR,
-	DKIM_PERMERROR
+enum ar_state {
+	AR_UNKNOWN,
+	AR_PASS,
+	AR_FAIL,
+	AR_POLICY,
+	AR_NEUTRAL,
+	AR_TEMPERROR,
+	AR_PERMERROR
 };
 
-struct dkim_signature {
+struct ar_signature {
 	struct header *header;
-	enum dkim_state state;
+	enum ar_state state;
 	const char *state_reason;
 	int v;
 	const char *a;
@@ -102,7 +102,7 @@ struct dkim_signature {
 	struct event_asr *query;
 	EVP_PKEY *p;
 	/* RFC 6376 doesn't care about CNAME, use simalr with SPF limit */
-#define DKIM_LOOKUP_LOOKUP_LIMIT 11
+#define AR_LOOKUP_LOOKUP_LIMIT 11
 	int nqueries;
 };
 
@@ -169,7 +169,7 @@ struct header {
 	uint8_t parsed;
 	char *buf;
 	size_t buflen;
-	struct dkim_signature *sig;
+	struct ar_signature *sig;
 };
 
 #define AUTHENTICATION_RESULTS_LINELEN 78
@@ -209,31 +209,31 @@ void *auth_session_new(struct osmtpd_ctx *);
 void auth_session_free(struct osmtpd_ctx *, void *);
 void *auth_message_new(struct osmtpd_ctx *);
 void auth_message_free(struct osmtpd_ctx *, void *);
-void dkim_header_add(struct osmtpd_ctx *, const char *);
-void dkim_signature_parse(struct header *);
-void dkim_signature_parse_v(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_a(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_b(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_bh(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_c(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_d(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_h(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_i(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_l(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_q(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_s(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_t(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_x(struct dkim_signature *, const char *, const char *);
-void dkim_signature_parse_z(struct dkim_signature *, const char *, const char *);
-void dkim_lookup_record(struct dkim_signature *sig, const char *domain);
-void dkim_signature_verify(struct dkim_signature *);
-void dkim_signature_header(EVP_MD_CTX *, struct dkim_signature *, struct header *);
-void dkim_signature_state(struct dkim_signature *, enum dkim_state, const char *);
-const char *dkim_state2str(enum dkim_state);
-void dkim_header_cat(struct osmtpd_ctx *, const char *);
-void dkim_body_parse(struct message *, const char *);
-void dkim_body_verify(struct dkim_signature *);
-void dkim_rr_resolve(struct asr_result *, void *);
+void ar_header_add(struct osmtpd_ctx *, const char *);
+void ar_signature_parse(struct header *);
+void ar_signature_parse_v(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_a(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_b(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_bh(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_c(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_d(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_h(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_i(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_l(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_q(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_s(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_t(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_x(struct ar_signature *, const char *, const char *);
+void ar_signature_parse_z(struct ar_signature *, const char *, const char *);
+void ar_lookup_record(struct ar_signature *sig, const char *);
+void ar_signature_verify(struct ar_signature *);
+void ar_signature_header(EVP_MD_CTX *, struct ar_signature *, struct header *);
+void ar_signature_state(struct ar_signature *, enum ar_state, const char *);
+const char *ar_state2str(enum ar_state);
+void ar_header_cat(struct osmtpd_ctx *, const char *);
+void ar_body_parse(struct message *, const char *);
+void ar_body_verify(struct ar_signature *);
+void ar_rr_resolve(struct asr_result *, void *);
 const char *iprev_state2str(enum iprev_state);
 char *spf_evaluate_domain(struct spf_record *, const char *);
 void spf_lookup_record(struct spf_record *, const char *, int,
@@ -256,8 +256,9 @@ void auth_ar_create(struct osmtpd_ctx *);
 ssize_t auth_ar_cat(char **ar, size_t *n, size_t aroff, const char *fmt, ...)
     __attribute__((__format__ (printf, 4, 5)));
 int auth_ar_print(struct osmtpd_ctx *, const char *);
-int dkim_key_text_parse(struct dkim_signature *, const char *);
+int ar_key_text_parse(struct ar_signature *, const char *);
 
+
 char *authservid;
 EVP_ENCODE_CTX *ectx = NULL;
 
@@ -386,27 +387,27 @@ auth_dataline(struct osmtpd_ctx *ctx, const char *line
 			for (i = 0; i < msg->nheaders; i++) {
 				if (msg->header[i].sig == NULL)
 					continue;
-				dkim_body_verify(msg->header[i].sig);
+				ar_body_verify(msg->header[i].sig);
 			}
 			auth_message_verify(msg);
 			return;
 		}
 	}
 	if (msg->parsing_headers) {
-		dkim_header_add(ctx, line);
+		ar_header_add(ctx, line);
 		if (line[0] == '\0') {
 			msg->parsing_headers = 0;
 			for (i = 0; i < msg->nheaders; i++) {
 				if (msg->header[i].sig == NULL)
 					continue;
 				if (msg->header[i].sig->query == NULL)
-					dkim_signature_verify(
+					ar_signature_verify(
 					    msg->header[i].sig);
 			}
 		}
 		return;
 	} else {
-		dkim_body_parse(msg, line);
+		ar_body_parse(msg, line);
 	}
 }
 
@@ -574,7 +575,7 @@ auth_message_free(struct osmtpd_ctx *ctx, void *data)
 }
 
 void
-dkim_header_add(struct osmtpd_ctx *ctx, const char *line)
+ar_header_add(struct osmtpd_ctx *ctx, const char *line)
 {
 	struct message *msg = ctx->local_message;
 	const char *start, *end, *verify;
@@ -594,12 +595,12 @@ dkim_header_add(struct osmtpd_ctx *ctx, const char *li
 			    strncasecmp(
 			    start, "DKIM-Signature", end - start) == 0 &&
 			    verify[0] == ':')
-				dkim_signature_parse(
+				ar_signature_parse(
 				    &msg->header[msg->nheaders - 1]);
 			if (line[0] == '\0')
 				return;
 		} else {
-			dkim_header_cat(ctx, line);
+			ar_header_cat(ctx, line);
 			return;
 		}
 	}
@@ -616,11 +617,11 @@ dkim_header_add(struct osmtpd_ctx *ctx, const char *li
 	}
 	msg->header[msg->nheaders].msg = msg;
 	msg->nheaders++;
-	dkim_header_cat(ctx, line);
+	ar_header_cat(ctx, line);
 }
 
 void
-dkim_header_cat(struct osmtpd_ctx *ctx, const char *line)
+ar_header_cat(struct osmtpd_ctx *ctx, const char *line)
 {
 	struct message *msg = ctx->local_message;
 	struct header *header = &msg->header[msg->nheaders - 1];
@@ -640,15 +641,15 @@ dkim_header_cat(struct osmtpd_ctx *ctx, const char *li
 }
 
 void
-dkim_signature_parse(struct header *header)
+ar_signature_parse(struct header *header)
 {
-	struct dkim_signature *sig;
+	struct ar_signature *sig;
 	const char *buf, *i, *end;
 	char tagname[3];
 	char subdomain[HOST_NAME_MAX + 1];
 	size_t ilen, dlen;
 
-	/* Format checked by dkim_header_add */
+	/* Format checked by ar_header_add */
 	buf = osmtpd_ltok_skip_field_name(header->buf, 0);
 	buf = osmtpd_ltok_skip_wsp(buf, 1) + 1;
 
@@ -662,7 +663,7 @@ dkim_signature_parse(struct header *header)
 
 	end = osmtpd_ltok_skip_tag_list(buf, 0);
 	if (end == NULL || end[0] != '\0') {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid tag-list");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid tag-list");
 		return;
 	}
 
@@ -680,61 +681,61 @@ dkim_signature_parse(struct header *header)
 		buf = osmtpd_ltok_skip_fws(buf + 1, 1);
 		end = osmtpd_ltok_skip_tag_value(buf, 1);
 		if (strcmp(tagname, "v") == 0)
-			dkim_signature_parse_v(sig, buf, end);
+			ar_signature_parse_v(sig, buf, end);
 		else if (strcmp(tagname, "a") == 0)
-			dkim_signature_parse_a(sig, buf, end);
+			ar_signature_parse_a(sig, buf, end);
 		else if (strcmp(tagname, "b") == 0)
-			dkim_signature_parse_b(sig, buf, end);
+			ar_signature_parse_b(sig, buf, end);
 		else if (strcmp(tagname, "bh") == 0)
-			dkim_signature_parse_bh(sig, buf, end);
+			ar_signature_parse_bh(sig, buf, end);
 		else if (strcmp(tagname, "c") == 0)
-			dkim_signature_parse_c(sig, buf, end);
+			ar_signature_parse_c(sig, buf, end);
 		else if (strcmp(tagname, "d") == 0)
-			dkim_signature_parse_d(sig, buf, end);
+			ar_signature_parse_d(sig, buf, end);
 		else if (strcmp(tagname, "h") == 0)
-			dkim_signature_parse_h(sig, buf, end);
+			ar_signature_parse_h(sig, buf, end);
 		else if (strcmp(tagname, "i") == 0)
-			dkim_signature_parse_i(sig, buf, end);
+			ar_signature_parse_i(sig, buf, end);
 		else if (strcmp(tagname, "l") == 0)
-			dkim_signature_parse_l(sig, buf, end);
-		else if (strcmp(tagname, "q") == 0)
-			dkim_signature_parse_q(sig, buf, end);
+			ar_signature_parse_l(sig, buf, end);
+		else if (strcmp(tagname, "q") == 0)
+			ar_signature_parse_q(sig, buf, end);
 		else if (strcmp(tagname, "s") == 0)
-			dkim_signature_parse_s(sig, buf, end);
+			ar_signature_parse_s(sig, buf, end);
 		else if (strcmp(tagname, "t") == 0)
-			dkim_signature_parse_t(sig, buf, end);
+			ar_signature_parse_t(sig, buf, end);
 		else if (strcmp(tagname, "x") == 0)
-			dkim_signature_parse_x(sig, buf, end);
+			ar_signature_parse_x(sig, buf, end);
 		else if (strcmp(tagname, "z") == 0)
-			dkim_signature_parse_z(sig, buf, end);
+			ar_signature_parse_z(sig, buf, end);
 
 		buf = osmtpd_ltok_skip_fws(end, 1);
 		if (buf[0] == ';')
 			buf++;
 		else if (buf[0] != '\0') {
-			dkim_signature_state(sig, DKIM_PERMERROR,
+			ar_signature_state(sig, AR_PERMERROR,
 			    "Invalid tag-list");
 			return;
 		}
 	}
-	if (sig->state != DKIM_UNKNOWN)
+	if (sig->state != AR_UNKNOWN)
 		return;
 
 	if (sig->v != 1)
-		dkim_signature_state(sig, DKIM_PERMERROR, "Missing v tag");
+		ar_signature_state(sig, AR_PERMERROR, "Missing v tag");
 	else if (sig->ah == NULL)
-		dkim_signature_state(sig, DKIM_PERMERROR, "Missing a tag");
+		ar_signature_state(sig, AR_PERMERROR, "Missing a tag");
 	else if (sig->b == NULL)
-		dkim_signature_state(sig, DKIM_PERMERROR, "Missing b tag");
+		ar_signature_state(sig, AR_PERMERROR, "Missing b tag");
 	else if (sig->bhsz == 0)
-		dkim_signature_state(sig, DKIM_PERMERROR, "Missing bh tag");
+		ar_signature_state(sig, AR_PERMERROR, "Missing bh tag");
 	else if (sig->d[0] == '\0')
-		dkim_signature_state(sig, DKIM_PERMERROR, "Missing d tag");
+		ar_signature_state(sig, AR_PERMERROR, "Missing d tag");
 	else if (sig->h == NULL)
-		dkim_signature_state(sig, DKIM_PERMERROR, "Missing h tag");
+		ar_signature_state(sig, AR_PERMERROR, "Missing h tag");
 	else if (sig->s[0] == '\0')
-		dkim_signature_state(sig, DKIM_PERMERROR, "Missing s tag");
-	if (sig->state != DKIM_UNKNOWN)
+		ar_signature_state(sig, AR_PERMERROR, "Missing s tag");
+	if (sig->state != AR_UNKNOWN)
 		return;
 
 	if (sig->i != NULL) {
@@ -742,39 +743,39 @@ dkim_signature_parse(struct header *header)
 		ilen = sig->isz - (size_t)(i - sig->i);
 		dlen = strlen(sig->d);
 		if (ilen < dlen) {
-			dkim_signature_state(sig, DKIM_PERMERROR,
+			ar_signature_state(sig, AR_PERMERROR,
 			    "i tag not subdomain of d");
 			return;
 		}
 		i += ilen - dlen;
 		if ((i[-1] != '.' && i[-1] != '@') ||
 		    strncasecmp(i, sig->d, dlen) != 0) {
-			dkim_signature_state(sig, DKIM_PERMERROR,
+			ar_signature_state(sig, AR_PERMERROR,
 			    "i tag not subdomain of d");
 			return;
 		}
 	}
 	if (sig->t != -1 && sig->x != -1 && sig->t > sig->x) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "t tag after x tag");
+		ar_signature_state(sig, AR_PERMERROR, "t tag after x tag");
 		return;
 	}
 
 	if ((size_t)snprintf(subdomain, sizeof(subdomain), "%s._domainkey.%s",
 	    sig->s, sig->d) >= sizeof(subdomain)) {
-		dkim_signature_state(sig, DKIM_PERMERROR,
+		ar_signature_state(sig, AR_PERMERROR,
 		    "dns/txt query too long");
 		return;
 	}
 
-	dkim_lookup_record(sig, subdomain);
+	ar_lookup_record(sig, subdomain);
 }
 
 void
-dkim_lookup_record(struct dkim_signature *sig, const char *domain)
+ar_lookup_record(struct ar_signature *sig, const char *domain)
 {
 	struct asr_query *query;
 
-	if (sig->state != DKIM_UNKNOWN)
+	if (sig->state != AR_UNKNOWN)
 		return;
 
 	sig->nqueries++;
@@ -784,41 +785,42 @@ dkim_lookup_record(struct dkim_signature *sig, const c
 		sig->query = NULL;
 		sig->header->msg->nqueries--;
 	}
+
 	if ((query = res_query_async(domain, C_IN, T_TXT, NULL)) == NULL)
 		osmtpd_err(1, "res_query_async");
 
-	if ((sig->query = event_asr_run(query, dkim_rr_resolve, sig)) == NULL)
+	if ((sig->query = event_asr_run(query, ar_rr_resolve, sig)) == NULL)
 		osmtpd_err(1, "res_query_async");
 
 	sig->header->msg->nqueries++;
 }
 
 void
-dkim_signature_parse_v(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_v(struct ar_signature *sig, const char *start, const char *end)
 {
 	if (sig->v != 0) {	/* Duplicate tag */
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate v tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate v tag");
 		return;
 	}
 	/* Unsupported version */
 	if (start[0] != '1' || start + 1 != end)
-		dkim_signature_state(sig, DKIM_NEUTRAL, "Unsupported v tag");
+		ar_signature_state(sig, AR_NEUTRAL, "Unsupported v tag");
 	else
 		sig->v = 1;
 }
 
 void
-dkim_signature_parse_a(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_a(struct ar_signature *sig, const char *start, const char *end)
 {
 	char ah[sizeof("sha256")];
 
 	if (sig->ah != NULL) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate a tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate a tag");
 		return;
 	}
 
 	if (osmtpd_ltok_skip_sig_a_tag_alg(start, 0) != end) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid a tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid a tag");
 		return;
 	}
 	sig->a = start;
@@ -834,36 +836,36 @@ dkim_signature_parse_a(struct dkim_signature *sig, con
 		sig->sephash = 1;
 #endif
 	} else {
-		dkim_signature_state(sig, DKIM_NEUTRAL, "Unsuppored a tag k");
+		ar_signature_state(sig, AR_NEUTRAL, "Unsuppored a tag k");
 		return;
 	}
 	if ((size_t)(end - start) >= sizeof(ah)) {
-		dkim_signature_state(sig, DKIM_NEUTRAL, "Unsuppored a tag h");
+		ar_signature_state(sig, AR_NEUTRAL, "Unsuppored a tag h");
 		return;
 	}
 	strlcpy(ah, start, sizeof(ah));
 	ah[end - start] = '\0';
 	if ((sig->ah = EVP_get_digestbyname(ah)) == NULL) {
-		dkim_signature_state(sig, DKIM_NEUTRAL, "Unsuppored a tag h");
+		ar_signature_state(sig, AR_NEUTRAL, "Unsuppored a tag h");
 		return;
 	}
 	if ((sig->bhctx = EVP_MD_CTX_new()) == NULL)
 		osmtpd_err(1, "EVP_MD_CTX_new");
 
 	if (EVP_DigestInit_ex(sig->bhctx, sig->ah, NULL) <= 0) {
-		dkim_signature_state(sig, DKIM_FAIL, "Unsuppored a tag ah");
+		ar_signature_state(sig, AR_FAIL, "Unsuppored a tag ah");
 		return;
 	}
 }
 
 void
-dkim_signature_parse_b(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_b(struct ar_signature *sig, const char *start, const char *end)
 {
 	int decodesz;
 	size_t i, j;
 
 	if (sig->b != NULL) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate b tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate b tag");
 		return;
 	}
 	sig->bheader = start;
@@ -872,15 +874,15 @@ dkim_signature_parse_b(struct dkim_signature *sig, con
 		osmtpd_err(1, "%s: malloc", __func__);
 	/* EVP_DecodeBlock doesn't handle internal whitespace */
 	EVP_DecodeInit(ectx);
-	if (EVP_DecodeUpdate(ectx, sig->b, &decodesz, sig->bheader,
-	    (int) sig->bheadersz) == -1) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid b tag");
+	if (EVP_DecodeUpdate(ectx, sig->b, &decodesz, start,
+	    (int)(end - start)) == -1) {
+		ar_signature_state(sig, AR_PERMERROR, "Invalid b tag");
 		return;
 	}
 	sig->bsz = decodesz;
 	if (EVP_DecodeFinal(ectx, sig->b + sig->bsz,
 	    &decodesz) == -1) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid b tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid b tag");
 		return;
 	}
 	sig->bsz += decodesz;
@@ -894,14 +896,14 @@ dkim_signature_parse_b(struct dkim_signature *sig, con
 }
 
 void
-dkim_signature_parse_bh(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_bh(struct ar_signature *sig, const char *start, const char *end)
 {
 	const char *b64;
 	size_t n;
 	int decodesz;
 
 	if (sig->bhsz != 0) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate bh tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate bh tag");
 		return;
 	}
 	/*
@@ -927,7 +929,7 @@ dkim_signature_parse_bh(struct dkim_signature *sig, co
 	}
 	/* Invalid tag value */
 	if (b64 != end || n % 4 != 0 || (n / 4) * 3 > sizeof(sig->bh)) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid bh tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid bh tag");
 		return;
 	}
 	/* EVP_DecodeBlock doesn't handle internal whitespace */
@@ -935,23 +937,23 @@ dkim_signature_parse_bh(struct dkim_signature *sig, co
 	if (EVP_DecodeUpdate(ectx, sig->bh, &decodesz, start,
 	    (int)(end - start)) == -1) {
 		/* Paranoia check */
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid bh tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid bh tag");
 		return;
 	}
 	sig->bhsz = decodesz;
 	if (EVP_DecodeFinal(ectx, sig->bh + sig->bhsz, &decodesz) == -1) {
 		/* Paranoia check */
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid bh tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid bh tag");
 		return;
 	}
 	sig->bhsz += decodesz;
 }
 
 void
-dkim_signature_parse_c(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_c(struct ar_signature *sig, const char *start, const char *end)
 {
 	if (sig->c != 0) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate c tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate c tag");
 		return;
 	}
 	if (strncmp(start, "simple", 6) == 0) {
@@ -961,7 +963,7 @@ dkim_signature_parse_c(struct dkim_signature *sig, con
 		sig->c = CANON_HEADER_RELAXED;
 		start += 7;
 	} else {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid c tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid c tag");
 		return;
 	}
 	if (start[0] == '/') {
@@ -973,52 +975,52 @@ dkim_signature_parse_c(struct dkim_signature *sig, con
 			sig->c |= CANON_BODY_RELAXED;
 			start += 7;
 		} else {
-			dkim_signature_state(sig, DKIM_PERMERROR,
+			ar_signature_state(sig, AR_PERMERROR,
 			    "Invalid c tag");
 			return;
 		}
 	}
 
 	if (start != end) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid c tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid c tag");
 		return;
 	}
 	sig->c |= CANON_DONE;
 }
 
 void
-dkim_signature_parse_d(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_d(struct ar_signature *sig, const char *start, const char *end)
 {
 	if (sig->d[0] != '\0') {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate d tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate d tag");
 		return;
 	}
 	if (osmtpd_ltok_skip_sig_d_tag_value(start, 0) != end ||
 	    (size_t)(end - start) >= sizeof(sig->d)) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid d tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid d tag");
 		return;
 	}
 	strlcpy(sig->d, start, end - start + 1);
 }
 
 void
-dkim_signature_parse_h(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_h(struct ar_signature *sig, const char *start, const char *end)
 {
 	const char *h;
 	size_t n = 0;
 
 	if (sig->h != NULL) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate h tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate h tag");
 		return;
 	}
 	if (osmtpd_ltok_skip_sig_h_tag_value(start, 0) < end) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid h tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid h tag");
 		return;
 	}
 	h = start;
 	while (1) {
 		if ((h = osmtpd_ltok_skip_hdr_name(h, 0)) == NULL) {
-			dkim_signature_state(sig, DKIM_PERMERROR,
+			ar_signature_state(sig, AR_PERMERROR,
 			    "Invalid h tag");
 			return;
 		}
@@ -1054,14 +1056,14 @@ dkim_signature_parse_h(struct dkim_signature *sig, con
 }
 
 void
-dkim_signature_parse_i(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_i(struct ar_signature *sig, const char *start, const char *end)
 {
 	if (sig->i != NULL) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate i tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate i tag");
 		return;
 	}
 	if (osmtpd_ltok_skip_sig_i_tag_value(start, 0) != end) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid i tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid i tag");
 		return;
 	}
 	sig->i = start;
@@ -1069,13 +1071,13 @@ dkim_signature_parse_i(struct dkim_signature *sig, con
 }
 
 void
-dkim_signature_parse_l(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_l(struct ar_signature *sig, const char *start, const char *end)
 {
 	long long l;
 	char *lend;
 
 	if (sig->l != -1) {	/* Duplicate tag */
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate l tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate l tag");
 		return;
 	}
 	errno = 0;
@@ -1083,23 +1085,23 @@ dkim_signature_parse_l(struct dkim_signature *sig, con
 	/* > 76 digits in stroll is an overflow */
 	if (osmtpd_ltok_skip_digit(start, 0) == NULL ||
 	    lend != end || errno != 0) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid l tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid l tag");
 		return;
 	}
 	if (l > SSIZE_MAX) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "l tag too large");
+		ar_signature_state(sig, AR_PERMERROR, "l tag too large");
 		return;
 	}
 	sig->l = (ssize_t)l;
 }
 
 void
-dkim_signature_parse_q(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_q(struct ar_signature *sig, const char *start, const char *end)
 {
 	const char *qend;
 
 	if (sig->q != 0) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate q tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate q tag");
 		return;
 	}
 
@@ -1107,7 +1109,7 @@ dkim_signature_parse_q(struct dkim_signature *sig, con
 		start = osmtpd_ltok_skip_fws(start, 1);
 		qend = osmtpd_ltok_skip_sig_q_tag_method(start, 0);
 		if (qend == NULL) {
-			dkim_signature_state(sig, DKIM_PERMERROR, "Invalid q tag");
+			ar_signature_state(sig, AR_PERMERROR, "Invalid q tag");
 			return;
 		}
 		if (strncmp(start, "dns/txt", qend - start) == 0)
@@ -1117,83 +1119,83 @@ dkim_signature_parse_q(struct dkim_signature *sig, con
 			break;
 	}
 	if (start != end) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid q tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid q tag");
 		return;
 	}
 	if (sig->q != 1) {
 		sig->q = 1;
-		dkim_signature_state(sig, DKIM_NEUTRAL, "No useable q found");
+		ar_signature_state(sig, AR_NEUTRAL, "No useable q found");
 		return;
 	}
 }
 
 void
-dkim_signature_parse_s(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_s(struct ar_signature *sig, const char *start, const char *end)
 {
 	if (sig->s[0] != '\0') {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate s tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate s tag");
 		return;
 	}
 	if (osmtpd_ltok_skip_selector(start, 0) != end) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid s tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid s tag");
 		return;
 	}
 	strlcpy(sig->s, start, end - start + 1);
 }
 
 void
-dkim_signature_parse_t(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_t(struct ar_signature *sig, const char *start, const char *end)
 {
 	char *tend;
 
 	if (sig->t != -1) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate t tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate t tag");
 		return;
 	}
 	errno = 0;
 	sig->t = strtoll(start, &tend, 10);
 	if (osmtpd_ltok_skip_digit(start, 0) == NULL || tend != end ||
 	    tend - start > 12 || errno != 0) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid t tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid t tag");
 		return;
 	}
 }
 
 void
-dkim_signature_parse_x(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_x(struct ar_signature *sig, const char *start, const char *end)
 {
 	char *xend;
 
 	if (sig->x != -1) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate x tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate x tag");
 		return;
 	}
 	errno = 0;
 	sig->x = strtoll(start, &xend, 10);
 	if (osmtpd_ltok_skip_digit(start, 0) == NULL || xend != end ||
 	    xend - start > 12 || errno != 0) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid x tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid x tag");
 		return;
 	}
 }
 
 void
-dkim_signature_parse_z(struct dkim_signature *sig, const char *start, const char *end)
+ar_signature_parse_z(struct ar_signature *sig, const char *start, const char *end)
 {
 	if (sig->z != 0) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Duplicate z tag");
+		ar_signature_state(sig, AR_PERMERROR, "Duplicate z tag");
 		return;
 	}
 
 	sig->z = 1;
 	if (osmtpd_ltok_skip_sig_z_tag_value(start, 0) != end) {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Invalid z tag");
+		ar_signature_state(sig, AR_PERMERROR, "Invalid z tag");
 		return;
 	}
 }
 
 void
-dkim_signature_verify(struct dkim_signature *sig)
+ar_signature_verify(struct ar_signature *sig)
 {
 	struct message *msg = sig->header->msg;
 	static EVP_MD_CTX *bctx = NULL;
@@ -1202,7 +1204,7 @@ dkim_signature_verify(struct dkim_signature *sig)
 	const char *end;
 	size_t i, header;
 
-	if (sig->state != DKIM_UNKNOWN)
+	if (sig->state != AR_UNKNOWN)
 		return;
 
 	if (bctx == NULL) {
@@ -1213,12 +1215,12 @@ dkim_signature_verify(struct dkim_signature *sig)
 	if (!sig->sephash) {
 		if (EVP_DigestVerifyInit(bctx, NULL, sig->ah, NULL,
 			sig->p) != 1) {
-			dkim_signature_state(sig, DKIM_FAIL, "ah tag");
+			ar_signature_state(sig, AR_FAIL, "ah tag");
 			return;
 		}
 	} else {
 		if (EVP_DigestInit_ex(bctx, sig->ah, NULL) != 1) {
-			dkim_signature_state(sig, DKIM_FAIL, "ah tag");
+			ar_signature_state(sig, AR_FAIL, "ah tag");
 			return;
 		}
 	}
@@ -1238,15 +1240,15 @@ dkim_signature_verify(struct dkim_signature *sig)
 			    msg->header[i].buf + strlen(sig->h[header]), 1);
 			if (end[0] != ':')
 				continue;
-			dkim_signature_header(bctx, sig, &(msg->header[i]));
+			ar_signature_header(bctx, sig, &(msg->header[i]));
 			msg->header[i].parsed = 1;
 			break;
 		}
 	}
-	dkim_signature_header(bctx, sig, sig->header);
+	ar_signature_header(bctx, sig, sig->header);
 	if (!sig->sephash) {
 		if (EVP_DigestVerifyFinal(bctx, sig->b, sig->bsz) != 1)
-			dkim_signature_state(sig, DKIM_FAIL, "b mismatch");
+			ar_signature_state(sig, AR_FAIL, "b mismatch");
 	} else {
 		if (EVP_DigestFinal_ex(bctx, digest, &digestsz) == 0)
 			osmtpd_err(1, "EVP_DigestFinal_ex");
@@ -1259,7 +1261,7 @@ dkim_signature_verify(struct dkim_signature *sig)
 		case 1:
 			break;
 		case 0:
-			dkim_signature_state(sig, DKIM_FAIL, "b mismatch");
+			ar_signature_state(sig, AR_FAIL, "b mismatch");
 			break;
 		default:
 			osmtpd_err(1, "EVP_DigestVerify");
@@ -1268,12 +1270,12 @@ dkim_signature_verify(struct dkim_signature *sig)
 }
 
 /* EVP_DigestVerifyUpdate is a macro, so we can't alias this on a variable */
-#define dkim_b_digest_update(a, b, c)					\
+#define ar_b_digest_update(a, b, c)					\
 	(sig->sephash ? EVP_DigestUpdate((a), (b), (c)) :\
 	    EVP_DigestVerifyUpdate((a), (b), (c)))
 
 void
-dkim_signature_header(EVP_MD_CTX *bctx, struct dkim_signature *sig,
+ar_signature_header(EVP_MD_CTX *bctx, struct ar_signature *sig,
     struct header *header)
 {
 	char c;
@@ -1294,8 +1296,8 @@ dkim_signature_header(EVP_MD_CTX *bctx, struct dkim_si
 					ptr = osmtpd_ltok_skip_fws(
 					    ptr + 1, 1) - 1;
 			}
-			if (dkim_b_digest_update(bctx, &c, 1) == 0)
-				osmtpd_errx(1, "dkim_b_digest_update");
+			if (ar_b_digest_update(bctx, &c, 1) == 0)
+				osmtpd_errx(1, "ar_b_digest_update");
 			continue;
 		}
 		end = osmtpd_ltok_skip_fws(ptr, 1);
@@ -1305,31 +1307,31 @@ dkim_signature_header(EVP_MD_CTX *bctx, struct dkim_si
 				    ptr, 0) - 1;
 				continue;
 			}
-			if (dkim_b_digest_update(bctx, ptr, 1) == 0)
-				osmtpd_errx(1, "dkim_b_digest_update");
+			if (ar_b_digest_update(bctx, ptr, 1) == 0)
+				osmtpd_errx(1, "ar_b_digest_update");
 		} else {
 			if (canon == CANON_HEADER_RELAXED) {
 				if (end[0] == '\0')
 					continue;
-				if (dkim_b_digest_update(bctx, " ", 1) == 0)
-					osmtpd_errx(1, "dkim_b_digest_update");
+				if (ar_b_digest_update(bctx, " ", 1) == 0)
+					osmtpd_errx(1, "ar_b_digest_update");
 			} else {
-				if (dkim_b_digest_update(bctx, ptr,
+				if (ar_b_digest_update(bctx, ptr,
 				    end - ptr) == 0)
-					osmtpd_errx(1, "dkim_b_digest_update");
+					osmtpd_errx(1, "ar_b_digest_update");
 			}
 			ptr = end - 1;
 		}
 			
 	}
 	if (sig->header != header) {
-		if (dkim_b_digest_update(bctx, "\r\n", 2) == 0)
-			osmtpd_errx(1, "dkim_b_digest_update");
+		if (ar_b_digest_update(bctx, "\r\n", 2) == 0)
+			osmtpd_errx(1, "ar_b_digest_update");
 	}
 }
 
 void
-dkim_signature_state(struct dkim_signature *sig, enum dkim_state state,
+ar_signature_state(struct ar_signature *sig, enum ar_state state,
     const char *reason)
 {
 	if (sig->query != NULL) {
@@ -1338,26 +1340,26 @@ dkim_signature_state(struct dkim_signature *sig, enum 
 		sig->header->msg->nqueries--;
 	}
 	switch (sig->state) {
-	case DKIM_UNKNOWN:
+	case AR_UNKNOWN:
 		break;
-	case DKIM_PASS:
-	case DKIM_FAIL:
-		osmtpd_errx(1, "Unexpected transition");
-	case DKIM_POLICY:
-		if (state == DKIM_PASS)
+	case AR_PASS:
+	case AR_FAIL:
+		osmtpd_errx(1, "Unexpected transition");
+	case AR_POLICY:
+		if (state == AR_PASS)
 			return;
 		break;
-	case DKIM_NEUTRAL:
-		if (state == DKIM_PASS)
+	case AR_NEUTRAL:
+		if (state == AR_PASS)
 			return;
-		if (state == DKIM_TEMPERROR || state == DKIM_PERMERROR)
+		if (state == AR_TEMPERROR || state == AR_PERMERROR)
 			break;
 		osmtpd_errx(1, "Unexpected transition");
-	case DKIM_TEMPERROR:
-		if (state == DKIM_PERMERROR)
+	case AR_TEMPERROR:
+		if (state == AR_PERMERROR)
 			break;
 		return;
-	case DKIM_PERMERROR:
+	case AR_PERMERROR:
 		return;
 	}
 	sig->state = state;
@@ -1365,31 +1367,31 @@ dkim_signature_state(struct dkim_signature *sig, enum 
 }
 
 const char *
-dkim_state2str(enum dkim_state state)
+ar_state2str(enum ar_state state)
 {
 	switch (state)
 	{
-	case DKIM_UNKNOWN:
+	case AR_UNKNOWN:
 		return "unknown";
-	case DKIM_PASS:
+	case AR_PASS:
 		return "pass";
-	case DKIM_FAIL:
+	case AR_FAIL:
 		return "fail";
-	case DKIM_POLICY:
+	case AR_POLICY:
 		return "policy";
-	case DKIM_NEUTRAL:
+	case AR_NEUTRAL:
 		return "neutral";
-	case DKIM_TEMPERROR:
+	case AR_TEMPERROR:
 		return "temperror";
-	case DKIM_PERMERROR:
+	case AR_PERMERROR:
 		return "permerror";
 	}
 }
 
 void
-dkim_rr_resolve(struct asr_result *ar, void *arg)
+ar_rr_resolve(struct asr_result *ar, void *arg)
 {
-	struct dkim_signature *sig = arg;
+	struct ar_signature *sig = arg;
 	char key[UINT16_MAX + 1];
 	const char *rr_txt;
 	size_t keylen, cstrlen;
@@ -1402,16 +1404,16 @@ dkim_rr_resolve(struct asr_result *ar, void *arg)
 	sig->query = NULL;
 	sig->header->msg->nqueries--;
 
-	if (sig->state != DKIM_UNKNOWN)
+	if (sig->state != AR_UNKNOWN)
 		goto verify;
 
 	if (ar->ar_h_errno == TRY_AGAIN || ar->ar_h_errno == NO_RECOVERY) {
-		dkim_signature_state(sig, DKIM_TEMPERROR,
+		ar_signature_state(sig, AR_TEMPERROR,
 		    hstrerror(ar->ar_h_errno));
 		goto verify;
 	}
 	if (ar->ar_h_errno == HOST_NOT_FOUND) {
-		dkim_signature_state(sig, DKIM_PERMERROR,
+		ar_signature_state(sig, AR_PERMERROR,
 		    hstrerror(ar->ar_h_errno));
 		goto verify;
 	}
@@ -1423,7 +1425,7 @@ dkim_rr_resolve(struct asr_result *ar, void *arg)
 		    "Mallformed DKIM DNS response for domain %s: %s",
 		    print_dname(q.q_dname, buf, sizeof(buf)),
 		    pack.err);
-		dkim_signature_state(sig, DKIM_PERMERROR, pack.err);
+		ar_signature_state(sig, AR_PERMERROR, pack.err);
 		goto verify;
 	}
 
@@ -1438,9 +1440,9 @@ dkim_rr_resolve(struct asr_result *ar, void *arg)
 
 		/* If we below limit, follow CNAME*/
 		if (rr.rr_type == T_CNAME &&
-		    sig->nqueries < DKIM_LOOKUP_LOOKUP_LIMIT ) {
+		    sig->nqueries < AR_LOOKUP_LOOKUP_LIMIT ) {
 			print_dname(rr.rr.cname.cname, buf, sizeof(buf));
-			dkim_lookup_record(sig, buf);
+			ar_lookup_record(sig, buf);
 			free(ar->ar_data);
 			return;
 		}
@@ -1473,17 +1475,17 @@ dkim_rr_resolve(struct asr_result *ar, void *arg)
 		if (rr.rr.other.rdlen > 0)	/* Invalid TXT RDATA */
 			continue;
 
-		if (dkim_key_text_parse(sig, key))
+		if (ar_key_text_parse(sig, key))
 			break;
 	}
 
 	if (h.ancount == 0) {
-		dkim_signature_state(sig, DKIM_PERMERROR,
+		ar_signature_state(sig, AR_PERMERROR,
 		    "No matching key found");
 	} else {
 		/* Only verify if all headers have been read */
 		if (!sig->header->msg->parsing_headers)
-			dkim_signature_verify(sig);
+			ar_signature_verify(sig);
 	}
  verify:
 	free(ar->ar_data);
@@ -1491,7 +1493,7 @@ dkim_rr_resolve(struct asr_result *ar, void *arg)
 }
 
 int
-dkim_key_text_parse(struct dkim_signature *sig, const char *key)
+ar_key_text_parse(struct ar_signature *sig, const char *key)
 {
 	char tagname, *hashname;
 	const char *end, *tagvend;
@@ -1682,7 +1684,7 @@ dkim_key_text_parse(struct dkim_signature *sig, const 
 		return 0;
 
 	if (pkraw[0] == '\0') {
-		dkim_signature_state(sig, DKIM_PERMERROR, "Key is revoked");
+		ar_signature_state(sig, AR_PERMERROR, "Key is revoked");
 		return 1;
 	}
 
@@ -1739,9 +1741,9 @@ dkim_key_text_parse(struct dkim_signature *sig, const 
 }
 
 void
-dkim_body_parse(struct message *msg, const char *line)
+ar_body_parse(struct message *msg, const char *line)
 {
-	struct dkim_signature *sig;
+	struct ar_signature *sig;
 	const char *end = line, *hash, *prev;
 	size_t hashn, len, i;
 	int wsp, ret;
@@ -1754,7 +1756,7 @@ dkim_body_parse(struct message *msg, const char *line)
 	while (msg->body_whitelines-- > 0) {
 		for (i = 0; i < msg->nheaders; i++) {
 			if ((sig = msg->header[i].sig) == NULL ||
-			    sig->state != DKIM_UNKNOWN)
+			    sig->state != AR_UNKNOWN)
 				continue;
 			hashn = sig->l == -1 ? 2 : MIN(2, sig->l);
 			sig->l -= sig->l == -1 ? 0 : hashn;
@@ -1780,7 +1782,7 @@ dkim_body_parse(struct message *msg, const char *line)
 		}
 		for (i = 0; i < msg->nheaders; i++) {
 			sig = msg->header[i].sig;
-			if (sig == NULL || sig->state != DKIM_UNKNOWN)
+			if (sig == NULL || sig->state != AR_UNKNOWN)
 				continue;
 			if (wsp &&
 			    (sig->c & CANON_BODY) == CANON_BODY_RELAXED) {
@@ -1800,7 +1802,7 @@ dkim_body_parse(struct message *msg, const char *line)
 	}
 	for (i = 0; i < msg->nheaders; i++) {
 		sig = msg->header[i].sig;
-		if (sig == NULL || sig->state != DKIM_UNKNOWN)
+		if (sig == NULL || sig->state != AR_UNKNOWN)
 			continue;
 		hashn = sig->l == -1 ? 2 : MIN(2, sig->l);
 		sig->l -= sig->l == -1 ? 0 : hashn;
@@ -1811,12 +1813,12 @@ dkim_body_parse(struct message *msg, const char *line)
 }
 
 void
-dkim_body_verify(struct dkim_signature *sig)
+ar_body_verify(struct ar_signature *sig)
 {
 	unsigned char digest[EVP_MAX_MD_SIZE];
 	unsigned int digestsz;
 
-	if (sig->state != DKIM_UNKNOWN)
+	if (sig->state != AR_UNKNOWN)
 		return;
 
 	if ((sig->c & CANON_BODY) == CANON_BODY_SIMPLE &&
@@ -1826,7 +1828,7 @@ dkim_body_verify(struct dkim_signature *sig)
 			osmtpd_errx(1, "EVP_DigestUpdate");
 	}
 	if (sig->l > 0) {
-		dkim_signature_state(sig, DKIM_PERMERROR,
+		ar_signature_state(sig, AR_PERMERROR,
 		    "l tag larger than body");
 		return;
 	}
@@ -1835,7 +1837,7 @@ dkim_body_verify(struct dkim_signature *sig)
 		osmtpd_err(1, "EVP_DigestFinal_ex");
 
 	if (digestsz != sig->bhsz || memcmp(digest, sig->bh, digestsz) != 0)
-		dkim_signature_state(sig, DKIM_FAIL, "bh mismatch");
+		ar_signature_state(sig, AR_FAIL, "bh mismatch");
 }
 
 const char *
@@ -2637,9 +2639,9 @@ auth_message_verify(struct message *msg)
 			continue;
 		if (msg->header[i].sig->query != NULL)
 			return;
-		if (msg->header[i].sig->state != DKIM_UNKNOWN)
+		if (msg->header[i].sig->state != AR_UNKNOWN)
 			continue;
-		dkim_signature_state(msg->header[i].sig, DKIM_PASS, NULL);
+		ar_signature_state(msg->header[i].sig, AR_PASS, NULL);
 	}
 
 	auth_ar_create(msg->ctx);
@@ -2648,7 +2650,7 @@ auth_message_verify(struct message *msg)
 void
 auth_ar_create(struct osmtpd_ctx *ctx)
 {
-	struct dkim_signature *sig;
+	struct ar_signature *sig;
 	size_t i;
 	ssize_t n, aroff = 0;
 	int found = 0;
@@ -2666,7 +2668,7 @@ auth_ar_create(struct osmtpd_ctx *ctx)
 			continue;
 		found = 1;
 		if ((aroff = auth_ar_cat(&line, &linelen, aroff, "; dkim=%s",
-		    dkim_state2str(sig->state))) == -1)
+		    ar_state2str(sig->state))) == -1)
 			osmtpd_err(1, "%s: malloc", __func__);
 		if (sig->state_reason != NULL) {
 			if ((aroff = auth_ar_cat(&line, &linelen, aroff,