diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-10-13 12:26:01 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-10-13 12:26:01 +0100 |
| commit | 16c229e069e0b28f463484b2e894471b95ccd3a6 (patch) | |
| tree | 80b6f1d9bfad91a5d32860c342b926fc38fdeee5 /src/libutil/http.c | |
| parent | 4b086742e69fdeb4d066521e4bf9f9ffd71c1eb0 (diff) | |
| download | rspamd-16c229e069e0b28f463484b2e894471b95ccd3a6.tar.gz rspamd-16c229e069e0b28f463484b2e894471b95ccd3a6.zip | |
Store NM between encrypt/decrypt.
Diffstat (limited to 'src/libutil/http.c')
| -rw-r--r-- | src/libutil/http.c | 40 |
1 files changed, 17 insertions, 23 deletions
diff --git a/src/libutil/http.c b/src/libutil/http.c index 612e898bb..2f618164a 100644 --- a/src/libutil/http.c +++ b/src/libutil/http.c @@ -441,7 +441,7 @@ rspamd_http_parse_key (rspamd_ftok_t *data, struct rspamd_http_connection *conn, key_len >= sizeof (kp->pk)) { if (memcmp (priv->local_key->id, decoded_id, RSPAMD_HTTP_KEY_ID_LEN) == 0) { - kp = g_slice_alloc (sizeof (*kp)); + kp = g_slice_alloc0 (sizeof (*kp)); REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor); memcpy (kp->pk, decoded_key, sizeof (kp->pk)); priv->msg->peer_key = kp; @@ -688,20 +688,16 @@ rspamd_http_decrypt_message (struct rspamd_http_connection *conn, dec_len = msg->body->len - rspamd_cryptobox_NONCEBYTES - rspamd_cryptobox_MACBYTES; - if (conn->cache) { - if (!rspamd_cryptobox_decrypt_nm_inplace (m, dec_len, nonce, - peer_key->nm, m - rspamd_cryptobox_MACBYTES)) { - msg_err ("cannot verify encrypted message"); - return -1; - } + if (!peer_key->has_nm) { + /* We still save NM for the following encryption */ + rspamd_cryptobox_nm (peer_key->nm, peer_key->pk, priv->local_key->sk); + peer_key->has_nm = TRUE; } - else { - if (!rspamd_cryptobox_decrypt_inplace (m, dec_len, nonce, - peer_key->pk, priv->local_key->sk, - m - rspamd_cryptobox_MACBYTES)) { - msg_err ("cannot verify encrypted message"); - return -1; - } + + if (!rspamd_cryptobox_decrypt_nm_inplace (m, dec_len, nonce, + peer_key->nm, m - rspamd_cryptobox_MACBYTES)) { + msg_err ("cannot verify encrypted message"); + return -1; } /* Cleanup message */ @@ -1229,17 +1225,15 @@ rspamd_http_connection_encrypt_message ( cnt = i; - if (conn->cache) { - rspamd_cryptobox_encryptv_nm_inplace (segments, + if (!peer_key->has_nm) { + rspamd_cryptobox_nm (peer_key->nm, peer_key->pk, priv->local_key->sk); + peer_key->has_nm = TRUE; + } + + rspamd_cryptobox_encryptv_nm_inplace (segments, cnt, np, peer_key->nm, mp); - } - else { - rspamd_cryptobox_encryptv_inplace (segments, - cnt, np, - peer_key->pk, priv->local_key->sk, mp); - } /* * iov[0] = base HTTP request @@ -2384,7 +2378,7 @@ rspamd_http_connection_make_peer_key (const gchar *key) pk_decoded = rspamd_decode_base32 (key, strlen (key), &dec_len); if (pk_decoded != NULL && dec_len == rspamd_cryptobox_PKBYTES) { - kp = g_slice_alloc (sizeof (*kp)); + kp = g_slice_alloc0 (sizeof (*kp)); REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor); memcpy (kp->pk, pk_decoded, sizeof (kp->pk)); blake2b (kp->id, kp->pk, NULL, sizeof (kp->id), sizeof (kp->pk), 0); |