Fix nonces and pk sizes for openssl mode

diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index 7978aa9a6b9777e91a37a7a40adb1e2e7e714b25..c3c0f3b3581c43fe6ead8f36e76d91df2059bdd1 100644 (file)
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -391,7 +391,8 @@ rspamd_cryptobox_encrypt_init (void *enc_ctx, const rspamd_nonce_t nonce,
                s = cryptobox_align_ptr (enc_ctx, CRYPTOBOX_ALIGNMENT);
                memset (s, 0, sizeof (*s));
                g_assert (EVP_EncryptInit_ex (s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1);
-               g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, 24, NULL) == 1);
+               g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN,
+                               rspamd_cryptobox_nonce_bytes (), NULL) == 1);
                g_assert (EVP_EncryptInit_ex (s, NULL, NULL, nm, nonce) == 1);
 
                return s;
@@ -555,7 +556,8 @@ rspamd_cryptobox_decrypt_init (void *enc_ctx, const rspamd_nonce_t nonce,
                s = cryptobox_align_ptr (enc_ctx, CRYPTOBOX_ALIGNMENT);
                memset (s, 0, sizeof (*s));
                g_assert (EVP_DecryptInit_ex(s, EVP_aes_256_gcm (), NULL, NULL, NULL) == 1);
-               g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN, 24, NULL) == 1);
+               g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_SET_IVLEN,
+                               rspamd_cryptobox_nonce_bytes (), NULL) == 1);
                g_assert (EVP_DecryptInit_ex (s, NULL, NULL, nm, nonce) == 1);
 
                return s;

diff --git a/src/libutil/http.c b/src/libutil/http.c
index a225dd210d03782c325665fa1cb3c4d23f7b3b86..5b3c7d9be489e9ca05b57197bb19acc5a5dcef89 100644 (file)
--- a/src/libutil/http.c
+++ b/src/libutil/http.c
@@ -438,12 +438,12 @@ rspamd_http_parse_key (rspamd_ftok_t *data, struct rspamd_http_connection *conn,
                                        eq_pos - 1, &key_len);
                        if (decoded_id != NULL && decoded_key != NULL) {
                                if (id_len >= RSPAMD_HTTP_KEY_ID_LEN  &&
-                                               key_len >= sizeof (kp->pk)) {
+                                               key_len >= rspamd_cryptobox_pk_bytes ()) {
                                        if (memcmp (priv->local_key->id, decoded_id,
                                                        RSPAMD_HTTP_KEY_ID_LEN) == 0) {
                                                kp = g_slice_alloc0 (sizeof (*kp));
                                                REF_INIT_RETAIN (kp, rspamd_http_keypair_dtor);
-                                               memcpy (kp->pk, decoded_key, sizeof (kp->pk));
+                                               memcpy (kp->pk, decoded_key, rspamd_cryptobox_pk_bytes ());
                                                priv->msg->peer_key = kp;
 
                                                if (conn->cache && priv->msg->peer_key) {
@@ -732,7 +732,6 @@ rspamd_http_decrypt_message (struct rspamd_http_connection *conn,
                        dec_len) != (size_t)dec_len) {
                msg_err ("HTTP parser error: %s when parsing encrypted request",
                                http_errno_description (decrypted_parser.http_errno));
-
                return -1;
        }