Add support of encryption to the worker.

3 files changed, 39 insertions, 3 deletions

diff --git a/src/libserver/cfg_rcl.c b/src/libserver/cfg_rcl.c
index b16c24846..959d22cd3 100644
--- a/src/libserver/cfg_rcl.c
+++ b/src/libserver/cfg_rcl.c
@@ -1793,22 +1793,37 @@ rspamd_rcl_parse_struct_keypair (struct rspamd_config *cfg,
 				*target = key;
 				return TRUE;
 			}
-
+			g_set_error (err,
+					CFG_RCL_ERROR,
+					EINVAL,
+					"invalid string with keypair content");
 			return FALSE;
 		}
 	}
 	else if (obj->type == UCL_OBJECT) {
 		elt = ucl_object_find_key (obj, "pubkey");
 		if (elt == NULL || !ucl_object_tostring_safe (elt, &pk)) {
+			g_set_error (err,
+					CFG_RCL_ERROR,
+					EINVAL,
+					"no sane pubkey found in the keypair");
 			return FALSE;
 		}
 		elt = ucl_object_find_key (obj, "privkey");
 		if (elt == NULL || !ucl_object_tostring_safe (elt, &sk)) {
+			g_set_error (err,
+					CFG_RCL_ERROR,
+					EINVAL,
+					"no sane privkey found in the keypair");
 			return FALSE;
 		}
 	}
 
 	if (sk == NULL || pk == NULL) {
+		g_set_error (err,
+				CFG_RCL_ERROR,
+				EINVAL,
+				"no sane pubkey or privkey found in the keypair");
 		return FALSE;
 	}
 
@@ -1819,13 +1834,17 @@ rspamd_rcl_parse_struct_keypair (struct rspamd_config *cfg,
 		rspamd_snprintf (keybuf, sizeof (keybuf), "%*s%s", sem - sk, sk, pk);
 	}
 
-	key = rspamd_http_connection_make_key (keybuf, strlen (val));
+	key = rspamd_http_connection_make_key (keybuf, strlen (keybuf));
 	if (key != NULL) {
 		/* XXX: clean buffer after usage */
 		*target = key;
 		return TRUE;
 	}
 
+	g_set_error (err,
+			CFG_RCL_ERROR,
+			EINVAL,
+			"cannot load the keypair specified");
 	return FALSE;
 }
 
diff --git a/src/libutil/util.c b/src/libutil/util.c
index ada373eb1..e690812d6 100644
--- a/src/libutil/util.c
+++ b/src/libutil/util.c
@@ -2186,7 +2186,7 @@ rspamd_decode_base32 (gchar *in, gsize inlen, gsize *outlen)
 		res[olen++] = (acc & 0xFF);
 	}
 
-	*outlen = olen;
+	*outlen = olen > 0 ? olen - 1 : 0;
 
 	return res;
 }
diff --git a/src/worker.c b/src/worker.c
index 62a129235..0a6ce4a5e 100644
--- a/src/worker.c
+++ b/src/worker.c
@@ -86,6 +86,8 @@ struct rspamd_worker_ctx {
 	GThreadPool *classify_pool;
 	/* Events base */
 	struct event_base *ev_base;
+	/* Encryption key */
+	gpointer key;
 };
 
 /*
@@ -243,6 +245,10 @@ accept_socket (gint fd, short what, void *arg)
 
 	new_task->classify_pool = ctx->classify_pool;
 
+	if (ctx->key) {
+		rspamd_http_connection_set_key (new_task->http_conn, ctx->key);
+	}
+
 	rspamd_http_connection_read_message (new_task->http_conn,
 		new_task,
 		nfd,
@@ -295,6 +301,12 @@ init_worker (struct rspamd_config *cfg)
 		G_STRUCT_OFFSET (struct rspamd_worker_ctx,
 		classify_threads), RSPAMD_CL_FLAG_INT_32);
 
+
+	rspamd_rcl_register_worker_option (cfg, type, "keypair",
+		rspamd_rcl_parse_struct_keypair, ctx,
+		G_STRUCT_OFFSET (struct rspamd_worker_ctx,
+		key), 0);
+
 	return ctx;
 }
 
@@ -340,6 +352,11 @@ start_worker (struct rspamd_worker *worker)
 
 	g_mime_shutdown ();
 	rspamd_log_close (rspamd_main->logger);
+
+	if (ctx->key) {
+		rspamd_http_connection_key_destroy (ctx->key);
+	}
+
 	exit (EXIT_SUCCESS);
 }