diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-10-19 12:19:42 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-10-19 12:19:42 +0100 |
| commit | af5fd82514406b1c3d95ca353589798872062395 (patch) | |
| tree | f8d84b5bce237a0e03cd64e7ef169801b5aff59b /src | |
| parent | 6e96935b1399008099e388bfc29747da401e081c (diff) | |
| download | rspamd-af5fd82514406b1c3d95ca353589798872062395.tar.gz rspamd-af5fd82514406b1c3d95ca353589798872062395.zip | |
Fix nonces and pk sizes for openssl mode
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcryptobox/cryptobox.c | 6 | ||||
| -rw-r--r-- | src/libutil/http.c | 5 |
2 files changed, 6 insertions, 5 deletions
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c index 7978aa9a6..c3c0f3b35 100644 --- a/src/libcryptobox/cryptobox.c +++ b/src/libcryptobox/cryptobox.c @@ -391,7 +391,8 @@ rspamd_cryptobox_encrypt_init (void *enc_ctx, const rspamd_nonce_t nonce, s = cryptobox_align_ptr (enc_ctx, CRYPTOBOX_ALIGNMENT); memset (s, 0, sizeof (*s)); g_assert (EVP_EncryptInit_ex (s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1); - g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, 24, NULL) == 1); + g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, + rspamd_cryptobox_nonce_bytes (), NULL) == 1); g_assert (EVP_EncryptInit_ex (s, NULL, NULL, nm, nonce) == 1); return s; @@ -555,7 +556,8 @@ rspamd_cryptobox_decrypt_init (void *enc_ctx, const rspamd_nonce_t nonce, s = cryptobox_align_ptr (enc_ctx, CRYPTOBOX_ALIGNMENT); memset (s, 0, sizeof (*s)); g_assert (EVP_DecryptInit_ex(s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1); - g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, 24, NULL) == 1); + g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, + rspamd_cryptobox_nonce_bytes (), NULL) == 1); g_assert (EVP_DecryptInit_ex (s, NULL, NULL, nm, nonce) == 1); return s; diff --git a/src/libutil/http.c b/src/libutil/http.c index a225dd210..5b3c7d9be 100644 --- a/src/libutil/http.c +++ b/src/libutil/http.c @@ -438,12 +438,12 @@ rspamd_http_parse_key (rspamd_ftok_t *data, struct rspamd_http_connection *conn, eq_pos - 1, &key_len); if (decoded_id != NULL && decoded_key != NULL) { if (id_len >= RSPAMD_HTTP_KEY_ID_LEN && - key_len >= sizeof (kp->pk)) { + key_len >= rspamd_cryptobox_pk_bytes ()) { if (memcmp (priv->local_key->id, decoded_id, RSPAMD_HTTP_KEY_ID_LEN) == 0) { kp = g_slice_alloc0 (sizeof (*kp)); REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor); - memcpy (kp->pk, decoded_key, sizeof (kp->pk)); + memcpy (kp->pk, decoded_key, rspamd_cryptobox_pk_bytes ()); priv->msg->peer_key = kp; if (conn->cache && priv->msg->peer_key) { @@ -732,7 +732,6 @@ rspamd_http_decrypt_message (struct rspamd_http_connection *conn, dec_len) != (size_t)dec_len) { msg_err ("HTTP parser error: %s when parsing encrypted request", http_errno_description (decrypted_parser.http_errno)); - return -1; } |