From af5fd82514406b1c3d95ca353589798872062395 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 19 Oct 2015 12:19:42 +0100
Subject: [PATCH] Fix nonces and pk sizes for openssl mode

---
 src/libcryptobox/cryptobox.c | 6 ++++--
 src/libutil/http.c           | 5 ++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index 7978aa9a6..c3c0f3b35 100644
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -391,7 +391,8 @@ rspamd_cryptobox_encrypt_init (void *enc_ctx, const rspamd_nonce_t nonce,
 		s = cryptobox_align_ptr (enc_ctx, CRYPTOBOX_ALIGNMENT);
 		memset (s, 0, sizeof (*s));
 		g_assert (EVP_EncryptInit_ex (s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1);
-		g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, 24, NULL) == 1);
+		g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN,
+				rspamd_cryptobox_nonce_bytes (), NULL) == 1);
 		g_assert (EVP_EncryptInit_ex (s, NULL, NULL, nm, nonce) == 1);
 
 		return s;
@@ -555,7 +556,8 @@ rspamd_cryptobox_decrypt_init (void *enc_ctx, const rspamd_nonce_t nonce,
 		s = cryptobox_align_ptr (enc_ctx, CRYPTOBOX_ALIGNMENT);
 		memset (s, 0, sizeof (*s));
 		g_assert (EVP_DecryptInit_ex(s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1);
-		g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, 24, NULL) == 1);
+		g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN,
+				rspamd_cryptobox_nonce_bytes (), NULL) == 1);
 		g_assert (EVP_DecryptInit_ex (s, NULL, NULL, nm, nonce) == 1);
 
 		return s;
diff --git a/src/libutil/http.c b/src/libutil/http.c
index a225dd210..5b3c7d9be 100644
--- a/src/libutil/http.c
+++ b/src/libutil/http.c
@@ -438,12 +438,12 @@ rspamd_http_parse_key (rspamd_ftok_t *data, struct rspamd_http_connection *conn,
 					eq_pos - 1, &key_len);
 			if (decoded_id != NULL && decoded_key != NULL) {
 				if (id_len >= RSPAMD_HTTP_KEY_ID_LEN  &&
-						key_len >= sizeof (kp->pk)) {
+						key_len >= rspamd_cryptobox_pk_bytes ()) {
 					if (memcmp (priv->local_key->id, decoded_id,
 							RSPAMD_HTTP_KEY_ID_LEN) == 0) {
 						kp = g_slice_alloc0 (sizeof (*kp));
 						REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor);
-						memcpy (kp->pk, decoded_key, sizeof (kp->pk));
+						memcpy (kp->pk, decoded_key, rspamd_cryptobox_pk_bytes ());
 						priv->msg->peer_key = kp;
 
 						if (conn->cache && priv->msg->peer_key) {
@@ -732,7 +732,6 @@ rspamd_http_decrypt_message (struct rspamd_http_connection *conn,
 			dec_len) != (size_t)dec_len) {
 		msg_err ("HTTP parser error: %s when parsing encrypted request",
 				http_errno_description (decrypted_parser.http_errno));
-
 		return -1;
 	}
 
-- 
2.39.5