diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-29 11:24:43 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-29 11:24:43 +0100 |
| commit | c4ccac7afb09784d15a38a27ec1b4c167cb031c5 (patch) | |
| tree | 6fed6fb64529498175c57190582c975a63d3ec6d /src/libutil | |
| parent | 53632b619666d67d14640b1dc0832b2ab6eb8aa8 (diff) | |
| download | rspamd-c4ccac7afb09784d15a38a27ec1b4c167cb031c5.tar.gz rspamd-c4ccac7afb09784d15a38a27ec1b4c167cb031c5.zip | |
[CritFix] Check NM part of pubkey to match it with rotating keypairs
Diffstat (limited to 'src/libutil')
| -rw-r--r-- | src/libutil/http.c | 4 | ||||
| -rw-r--r-- | src/libutil/logger.c | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/src/libutil/http.c b/src/libutil/http.c index fea3cadb4..2f78def47 100644 --- a/src/libutil/http.c +++ b/src/libutil/http.c @@ -844,7 +844,7 @@ rspamd_http_decrypt_message (struct rspamd_http_connection *conn, dec_len = msg->body_buf.len - rspamd_cryptobox_nonce_bytes (mode) - rspamd_cryptobox_mac_bytes (mode); - if ((nm = rspamd_pubkey_get_nm (peer_key)) == NULL) { + if ((nm = rspamd_pubkey_get_nm (peer_key, priv->local_key)) == NULL) { nm = rspamd_pubkey_calculate_nm (peer_key, priv->local_key); } @@ -1703,7 +1703,7 @@ rspamd_http_connection_encrypt_message ( cnt = i; - if ((nm = rspamd_pubkey_get_nm (peer_key)) == NULL) { + if ((nm = rspamd_pubkey_get_nm (peer_key, priv->local_key)) == NULL) { nm = rspamd_pubkey_calculate_nm (peer_key, priv->local_key); } diff --git a/src/libutil/logger.c b/src/libutil/logger.c index 99c22390f..bbdc69e97 100644 --- a/src/libutil/logger.c +++ b/src/libutil/logger.c @@ -584,7 +584,7 @@ rspamd_log_encrypt_message (const gchar *begin, const gchar *end, mac = p; p += rspamd_cryptobox_mac_bytes (RSPAMD_CRYPTOBOX_MODE_25519); memcpy (p, begin, end - begin); - comp = rspamd_pubkey_get_nm (rspamd_log->pk); + comp = rspamd_pubkey_get_nm (rspamd_log->pk, rspamd_log->keypair); g_assert (comp != NULL); rspamd_cryptobox_encrypt_nm_inplace (p, end - begin, nonce, comp, mac, RSPAMD_CRYPTOBOX_MODE_25519); |