diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-02 22:56:42 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-02 22:56:42 +0000 |
| commit | 8175d374dfcc50db6b19ecee6634378ece8996c5 (patch) | |
| tree | 1a069ba911944f00c152afda30352adce6aae48c /src/libutil | |
| parent | fec4b654dbc8e4fc98984a669b5ff88be5ed0976 (diff) | |
| download | rspamd-8175d374dfcc50db6b19ecee6634378ece8996c5.tar.gz rspamd-8175d374dfcc50db6b19ecee6634378ece8996c5.zip | |
Use keys cache in encrypt/decrypt operations.
Diffstat (limited to 'src/libutil')
| -rw-r--r-- | src/libutil/http.c | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/src/libutil/http.c b/src/libutil/http.c index 6852e7232..6ddeb2518 100644 --- a/src/libutil/http.c +++ b/src/libutil/http.c @@ -612,10 +612,19 @@ rspamd_http_on_message_complete (http_parser * parser) dec_len = priv->msg->body->len - crypto_box_NONCEBYTES; peer_key = (struct rspamd_http_keypair *)priv->msg->peer_key; - if (crypto_box_open (m, m, dec_len, nonce, - peer_key->pk, priv->local_key->sk) != 0) { - msg_err ("cannot verify encrypted message"); - return -1; + if (conn->cache) { + if (crypto_box_open_afternm (m, m, dec_len, nonce, + peer_key->nm) != 0) { + msg_err ("cannot verify encrypted message"); + return -1; + } + } + else { + if (crypto_box_open (m, m, dec_len, nonce, + peer_key->pk, priv->local_key->sk) != 0) { + msg_err ("cannot verify encrypted message"); + return -1; + } } m += crypto_box_ZEROBYTES; dec_len -= crypto_box_ZEROBYTES; @@ -1181,9 +1190,16 @@ rspamd_http_connection_write_message (struct rspamd_http_connection *conn, } if (msg->body != NULL) { if (encrypted && peer_key != NULL) { - crypto_box_detached (pbody, pbody, - bodylen - sizeof (nonce) - sizeof (mac), np, - peer_key->pk, priv->local_key->sk, mp); + if (conn->cache) { + crypto_box_afternm_detached (pbody, pbody, + bodylen - sizeof (nonce) - sizeof (mac), np, + peer_key->nm, mp); + } + else { + crypto_box_detached (pbody, pbody, + bodylen - sizeof (nonce) - sizeof (mac), np, + peer_key->pk, priv->local_key->sk, mp); + } priv->out[i].iov_base = np; priv->out[i++].iov_len = sizeof (nonce); priv->out[i].iov_base = mp; |