From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Sun, 5 Oct 2025 14:57:35 +0000 (+0100)
Subject: [Fix] Add fallback when only one specific encryption key is set
X-Git-Tag: 3.13.2~1^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9b7b4e7595ca7a2798f48555d78f7242c42fde55;p=thirdparty%2Frspamd.git

[Fix] Add fallback when only one specific encryption key is set

When only read_encryption_key or write_encryption_key is configured without
a general encryption_key, the unspecified operation type was left with NULL
keys. Now if only one specific key is set, it's used for both read and write
operations as a fallback, ensuring encryption works in all configurations.
---

diff --git a/src/plugins/fuzzy_check.c b/src/plugins/fuzzy_check.c
index f924ac8716..b5fcd5b4cd 100644
--- a/src/plugins/fuzzy_check.c
+++ b/src/plugins/fuzzy_check.c
@@ -687,6 +687,20 @@ fuzzy_parse_rule(struct rspamd_config *cfg, const ucl_object_t *obj,
 		rule->write_local_key = rspamd_keypair_ref(rule->local_key);
 	}
 
+	/* Fallback: if only one specific key is set, use it for both operations */
+	if (!rule->read_peer_key && rule->write_peer_key) {
+		/* No read key, but write key exists - use write key for read */
+		rule->read_peer_key = rspamd_pubkey_ref(rule->write_peer_key);
+		rule->read_local_key = rspamd_keypair_ref(rule->write_local_key);
+		msg_info_config("using write encryption key for read operations in rule %s", name);
+	}
+	if (!rule->write_peer_key && rule->read_peer_key) {
+		/* No write key, but read key exists - use read key for write */
+		rule->write_peer_key = rspamd_pubkey_ref(rule->read_peer_key);
+		rule->write_local_key = rspamd_keypair_ref(rule->read_local_key);
+		msg_info_config("using read encryption key for write operations in rule %s", name);
+	}
+
 	if ((value = ucl_object_lookup(obj, "learn_condition")) != NULL) {
 		lua_script = ucl_object_tostring(value);