diff options
| -rw-r--r-- | src/fuzzy_storage.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c index 267ece156..7ef9daa07 100644 --- a/src/fuzzy_storage.c +++ b/src/fuzzy_storage.c @@ -711,6 +711,8 @@ rspamd_fuzzy_make_reply (struct rspamd_fuzzy_cmd *cmd, struct fuzzy_session *session, gboolean encrypted, gboolean is_shingle) { + gsize len; + if (cmd) { result->v1.tag = cmd->tag; @@ -729,8 +731,21 @@ rspamd_fuzzy_make_reply (struct rspamd_fuzzy_cmd *cmd, /* We need also to encrypt reply */ ottery_rand_bytes (session->reply.hdr.nonce, sizeof (session->reply.hdr.nonce)); + + /* + * For old replies we need to encrypt just old part, otherwise + * decryption would fail due to mac verification mistake + */ + + if (session->epoch > RSPAMD_FUZZY_EPOCH10) { + len = sizeof (session->reply.rep); + } + else { + len = sizeof (session->reply.rep.v1); + } + rspamd_cryptobox_encrypt_nm_inplace ((guchar *)&session->reply.rep, - sizeof (session->reply.rep), + len, session->reply.hdr.nonce, session->nm, session->reply.hdr.mac, @@ -808,6 +823,9 @@ rspamd_fuzzy_process_command (struct fuzzy_session *session) break; } + memcpy (session->reply.rep.digest, cmd->digest, + sizeof (session->reply.rep.digest)); + if (G_UNLIKELY (cmd == NULL || up_len == 0)) { result.v1.value = 500; result.v1.prob = 0.0; |