Fix cryptobox logic.

diff --git a/src/libcryptobox/chacha20/chacha.c b/src/libcryptobox/chacha20/chacha.c
index caeba8edcdf719aa8898e290494aab1105cc9ab0..a165bea635d9b7e8ec53a9206bc9a69c588bc539 100644 (file)
--- a/src/libcryptobox/chacha20/chacha.c
+++ b/src/libcryptobox/chacha20/chacha.c
@@ -170,7 +170,7 @@ chacha_update (chacha_state *S, const unsigned char *in, unsigned char *out,
        size_t bytes;
 
        /* enough for at least one block? */
-       if ((state->leftover + inlen) >= CHACHA_BLOCKBYTES) {
+       while ((state->leftover + inlen) >= CHACHA_BLOCKBYTES) {
                /* handle the previous data */
                if (state->leftover) {
                        bytes = (CHACHA_BLOCKBYTES - state->leftover);

diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index b2ec6aec8d4c86bf7ebdc22f5a4fba905ec58749..49364d0965be1dbbe0d22642c591c2ff38a38c04 100644 (file)
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -121,9 +121,17 @@ void
 rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_t sk)
 {
        guchar s[rspamd_cryptobox_PKBYTES];
+       guchar e[rspamd_cryptobox_SKBYTES];
 
-       curve25519 (s, sk, pk);
+       memcpy (e, sk, rspamd_cryptobox_SKBYTES);
+       e[0] &= 248;
+       e[31] &= 127;
+       e[31] |= 64;
+
+       curve25519 (s, e, pk);
        hchacha (s, n0, nm, 20);
+
+       rspamd_explicit_memzero (e, rspamd_cryptobox_SKBYTES);
 }
 
 void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len,
@@ -131,7 +139,7 @@ void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len,
                const rspamd_nm_t nm, rspamd_sig_t sig)
 {
        poly1305_context mac_ctx;
-       guchar subkey[32];
+       guchar subkey[CHACHA_BLOCKBYTES];
        chacha_state s;
        gsize r;
 
@@ -155,7 +163,7 @@ rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len,
                const rspamd_nonce_t nonce, const rspamd_nm_t nm, const rspamd_sig_t sig)
 {
        poly1305_context mac_ctx;
-       guchar subkey[32];
+       guchar subkey[CHACHA_BLOCKBYTES];
        rspamd_sig_t mac;
        chacha_state s;
        gsize r;

diff --git a/src/libutil/http.c b/src/libutil/http.c
index 8f9d42c2ae954dd9262a62f9d37dae2fb643aaf8..d66511fd546227469d7f724f2ec2d2e30b9e8b9c 100644 (file)
--- a/src/libutil/http.c
+++ b/src/libutil/http.c
@@ -617,14 +617,14 @@ rspamd_http_on_message_complete (http_parser * parser)
                        peer_key = (struct rspamd_http_keypair *)priv->msg->peer_key;
 
                        if (conn->cache) {
-                               if (rspamd_cryptobox_decrypt_nm_inplace (m, dec_len, nonce,
+                               if (!rspamd_cryptobox_decrypt_nm_inplace (m, dec_len, nonce,
                                                peer_key->nm, m - rspamd_cryptobox_MACBYTES) != 0) {
                                        msg_err ("cannot verify encrypted message");
                                        return -1;
                                }
                        }
                        else {
-                               if (rspamd_cryptobox_decrypt_inplace (m, dec_len, nonce,
+                               if (!rspamd_cryptobox_decrypt_inplace (m, dec_len, nonce,
                                                peer_key->pk, priv->local_key->sk,
                                                m - rspamd_cryptobox_MACBYTES) != 0) {
                                        msg_err ("cannot verify encrypted message");