[Fix] Fix encrypted legacy reply in fuzzy storage

1 files changed, 19 insertions, 1 deletions

diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c
index 267ece156..7ef9daa07 100644
--- a/src/fuzzy_storage.c
+++ b/src/fuzzy_storage.c
@@ -711,6 +711,8 @@ rspamd_fuzzy_make_reply (struct rspamd_fuzzy_cmd *cmd,
 		struct fuzzy_session *session,
 		gboolean encrypted, gboolean is_shingle)
 {
+	gsize len;
+
 	if (cmd) {
 		result->v1.tag = cmd->tag;
 
@@ -729,8 +731,21 @@ rspamd_fuzzy_make_reply (struct rspamd_fuzzy_cmd *cmd,
 			/* We need also to encrypt reply */
 			ottery_rand_bytes (session->reply.hdr.nonce,
 					sizeof (session->reply.hdr.nonce));
+
+			/*
+			 * For old replies we need to encrypt just old part, otherwise
+			 * decryption would fail due to mac verification mistake
+			 */
+
+			if (session->epoch > RSPAMD_FUZZY_EPOCH10) {
+				len = sizeof (session->reply.rep);
+			}
+			else {
+				len = sizeof (session->reply.rep.v1);
+			}
+
 			rspamd_cryptobox_encrypt_nm_inplace ((guchar *)&session->reply.rep,
-					sizeof (session->reply.rep),
+					len,
 					session->reply.hdr.nonce,
 					session->nm,
 					session->reply.hdr.mac,
@@ -808,6 +823,9 @@ rspamd_fuzzy_process_command (struct fuzzy_session *session)
 		break;
 	}
 
+	memcpy (session->reply.rep.digest, cmd->digest,
+			sizeof (session->reply.rep.digest));
+
 	if (G_UNLIKELY (cmd == NULL || up_len == 0)) {
 		result.v1.value = 500;
 		result.v1.prob = 0.0;