[CritFix] Check NM part of pubkey to match it with rotating keypairs

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-06-29 11:24:43 +0100
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-06-29 11:24:43 +0100
commit: c4ccac7afb09784d15a38a27ec1b4c167cb031c5 (patch)
tree: 6fed6fb64529498175c57190582c975a63d3ec6d /src/libcryptobox/keypair.c
parent: 53632b619666d67d14640b1dc0832b2ab6eb8aa8 (diff)
download: rspamd-c4ccac7afb09784d15a38a27ec1b4c167cb031c5.tar.gz
rspamd-c4ccac7afb09784d15a38a27ec1b4c167cb031c5.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c
index c8fa5633a..ee9fa4649 100644
--- a/src/libcryptobox/keypair.c
+++ b/src/libcryptobox/keypair.c
@@ -444,12 +444,19 @@ rspamd_pubkey_from_bin (const guchar *raw,
 
 
 const guchar *
-rspamd_pubkey_get_nm (struct rspamd_cryptobox_pubkey *p)
+rspamd_pubkey_get_nm (struct rspamd_cryptobox_pubkey *p,
+		struct rspamd_cryptobox_keypair *kp)
 {
 	g_assert (p != NULL);
 
 	if (p->nm) {
-		return p->nm->nm;
+		if (memcmp (kp->id, (const guchar *)&p->nm->sk_id, sizeof (guint64)) == 0) {
+			return p->nm->nm;
+		}
+
+		/* Wrong ID, need to recalculate */
+		REF_RELEASE (p->nm);
+		p->nm = NULL;
 	}
 
 	return NULL;
@@ -468,6 +475,7 @@ rspamd_pubkey_calculate_nm (struct rspamd_cryptobox_pubkey *p,
 			abort ();
 		}
 
+		memcpy (&p->nm->sk_id, kp->id, sizeof (guint64));
 		REF_INIT_RETAIN (p->nm, rspamd_cryptobox_nm_dtor);
 	}
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-06-29 11:24:43 +0100
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-06-29 11:24:43 +0100
commit	c4ccac7afb09784d15a38a27ec1b4c167cb031c5 (patch)
tree	6fed6fb64529498175c57190582c975a63d3ec6d /src/libcryptobox/keypair.c
parent	53632b619666d67d14640b1dc0832b2ab6eb8aa8 (diff)
download	rspamd-c4ccac7afb09784d15a38a27ec1b4c167cb031c5.tar.gz rspamd-c4ccac7afb09784d15a38a27ec1b4c167cb031c5.zip