Vsevolod Stakhov
9 years ago
3 changed files with 14 additions and 6 deletions
+ 1
- 1
src/libcryptobox/chacha20/chacha.c
View File
| @@ -170,7 +170,7 @@ chacha_update (chacha_state *S, const unsigned char *in, unsigned char *out, | |||
| size_t bytes; | |||
| /* enough for at least one block? */ | |||
| if ((state->leftover + inlen) >= CHACHA_BLOCKBYTES) { | |||
| while ((state->leftover + inlen) >= CHACHA_BLOCKBYTES) { | |||
| /* handle the previous data */ | |||
| if (state->leftover) { | |||
| bytes = (CHACHA_BLOCKBYTES - state->leftover); | |||
+ 11
- 3
src/libcryptobox/cryptobox.c
View File
| @@ -121,9 +121,17 @@ void | |||
| rspamd_cryptobox_nm (rspamd_nm_t nm, const rspamd_pk_t pk, const rspamd_sk_t sk) | |||
| { | |||
| guchar s[rspamd_cryptobox_PKBYTES]; | |||
| guchar e[rspamd_cryptobox_SKBYTES]; | |||
| curve25519 (s, sk, pk); | |||
| memcpy (e, sk, rspamd_cryptobox_SKBYTES); | |||
| e[0] &= 248; | |||
| e[31] &= 127; | |||
| e[31] |= 64; | |||
| curve25519 (s, e, pk); | |||
| hchacha (s, n0, nm, 20); | |||
| rspamd_explicit_memzero (e, rspamd_cryptobox_SKBYTES); | |||
| } | |||
| void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len, | |||
| @@ -131,7 +139,7 @@ void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len, | |||
| const rspamd_nm_t nm, rspamd_sig_t sig) | |||
| { | |||
| poly1305_context mac_ctx; | |||
| guchar subkey[32]; | |||
| guchar subkey[CHACHA_BLOCKBYTES]; | |||
| chacha_state s; | |||
| gsize r; | |||
| @@ -155,7 +163,7 @@ rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, | |||
| const rspamd_nonce_t nonce, const rspamd_nm_t nm, const rspamd_sig_t sig) | |||
| { | |||
| poly1305_context mac_ctx; | |||
| guchar subkey[32]; | |||
| guchar subkey[CHACHA_BLOCKBYTES]; | |||
| rspamd_sig_t mac; | |||
| chacha_state s; | |||
| gsize r; | |||
+ 2
- 2
src/libutil/http.c
View File
| @@ -617,14 +617,14 @@ rspamd_http_on_message_complete (http_parser * parser) | |||
| peer_key = (struct rspamd_http_keypair *)priv->msg->peer_key; | |||
| if (conn->cache) { | |||
| if (rspamd_cryptobox_decrypt_nm_inplace (m, dec_len, nonce, | |||
| if (!rspamd_cryptobox_decrypt_nm_inplace (m, dec_len, nonce, | |||
| peer_key->nm, m - rspamd_cryptobox_MACBYTES) != 0) { | |||
| msg_err ("cannot verify encrypted message"); | |||
| return -1; | |||
| } | |||
| } | |||
| else { | |||
| if (rspamd_cryptobox_decrypt_inplace (m, dec_len, nonce, | |||
| if (!rspamd_cryptobox_decrypt_inplace (m, dec_len, nonce, | |||
| peer_key->pk, priv->local_key->sk, | |||
| m - rspamd_cryptobox_MACBYTES) != 0) { | |||
| msg_err ("cannot verify encrypted message"); | |||
Loading…