diff --git a/etc/example.conf b/etc/example.conf index ac8902b..9ed92b3 100644 --- a/etc/example.conf +++ b/etc/example.conf @@ -25,6 +25,9 @@ ; this is a 16 character long vector iv=**************** +; whether to encrypt messages (1) or not (0). +encrypt_messages=1 + ; number of worker processes, ie. the number of simultaneous smtp connections to piler. number_of_worker_processes=10 diff --git a/src/archive.c b/src/archive.c index c770780..2cbadc0 100644 --- a/src/archive.c +++ b/src/archive.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include #include @@ -132,7 +133,7 @@ int retrieve_file_from_archive(char *filename, int mode, char **buffer, FILE *dest, struct __config *cfg){ int rc=0, n, olen, tlen, len, fd=-1; - unsigned char *s=NULL, inbuf[REALLYBIGBUFSIZE]; + unsigned char *s=NULL, *addr=NULL, inbuf[REALLYBIGBUFSIZE]; struct stat st; EVP_CIPHER_CTX ctx; @@ -154,49 +155,55 @@ } - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv); + if(cfg->encrypt_messages == 1){ + EVP_CIPHER_CTX_init(&ctx); + EVP_DecryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv); - len = st.st_size+EVP_MAX_BLOCK_LENGTH; + len = st.st_size+EVP_MAX_BLOCK_LENGTH; - s = malloc(len); + s = malloc(len); - if(!s){ - printf("malloc()\n"); - goto CLEANUP; - } - - - tlen = 0; - - while((n = read(fd, inbuf, sizeof(inbuf)))){ - - if(!EVP_DecryptUpdate(&ctx, s+tlen, &olen, inbuf, n)){ - syslog(LOG_PRIORITY, "%s: EVP_DecryptUpdate()", filename); + if(!s){ + printf("malloc()\n"); goto CLEANUP; } + tlen = 0; + + while((n = read(fd, inbuf, sizeof(inbuf)))){ + + if(!EVP_DecryptUpdate(&ctx, s+tlen, &olen, inbuf, n)){ + syslog(LOG_PRIORITY, "%s: EVP_DecryptUpdate()", filename); + goto CLEANUP; + } + + tlen += olen; + } + + + if(EVP_DecryptFinal(&ctx, s + tlen, &olen) != 1){ + syslog(LOG_PRIORITY, "%s: EVP_DecryptFinal()", filename); + goto CLEANUP; + } + + tlen += olen; + rc = inf(s, tlen, mode, buffer, dest); + } + else { + addr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + rc = inf(addr, st.st_size, mode, buffer, dest); + munmap(addr, st.st_size); } - if(EVP_DecryptFinal(&ctx, s + tlen, &olen) != 1){ - syslog(LOG_PRIORITY, "%s: EVP_DecryptFinal()", filename); - goto CLEANUP; - } - - - tlen += olen; - - - rc = inf(s, tlen, mode, buffer, dest); if(rc != Z_OK) zerr(rc); CLEANUP: if(fd != -1) close(fd); if(s) free(s); - EVP_CIPHER_CTX_cleanup(&ctx); + if(cfg->encrypt_messages == 1) EVP_CIPHER_CTX_cleanup(&ctx); return 0; } diff --git a/src/cfg.c b/src/cfg.c index 6876154..7f4a5b4 100644 --- a/src/cfg.c +++ b/src/cfg.c @@ -67,6 +67,7 @@ { "clamd_socket", "string", (void*) string_parser, offsetof(struct __config, clamd_socket), CLAMD_SOCKET, MAXVAL-1}, { "debug", "integer", (void*) int_parser, offsetof(struct __config, debug), "0", sizeof(int)}, { "default_retention_days", "integer", (void*) int_parser, offsetof(struct __config, default_retention_days), "2557", sizeof(int)}, + { "encrypt_messages", "integer", (void*) int_parser, offsetof(struct __config, encrypt_messages), "1", sizeof(int)}, { "extra_to_field", "string", (void*) string_parser, offsetof(struct __config, extra_to_field), "", MAXVAL-1}, { "hostid", "string", (void*) string_parser, offsetof(struct __config, hostid), HOSTID, MAXVAL-1}, { "iv", "string", (void*) string_parser, offsetof(struct __config, iv), "", MAXVAL-1}, diff --git a/src/cfg.h b/src/cfg.h index f77b988..c74baf7 100644 --- a/src/cfg.h +++ b/src/cfg.h @@ -21,6 +21,8 @@ int clamd_port; char clamd_socket[MAXVAL]; + int encrypt_messages; + int tls_enable; char pemfile[MAXVAL]; char cipher_list[MAXVAL]; diff --git a/src/config.h b/src/config.h index e46aad5..39014d9 100644 --- a/src/config.h +++ b/src/config.h @@ -13,7 +13,7 @@ #define VERSION "0.1.23-master-branch" -#define BUILD 751 +#define BUILD 752 #define HOSTID "mailarchiver" diff --git a/src/store.c b/src/store.c index a9457f7..a0691f4 100644 --- a/src/store.c +++ b/src/store.c @@ -48,7 +48,7 @@ EVP_CIPHER_CTX ctx; unsigned char *outbuf=NULL; - int outlen, tmplen; + int outlen, writelen, tmplen; struct timezone tz; struct timeval tv1, tv2; @@ -91,22 +91,23 @@ if(rc != Z_OK) goto ENDE; - gettimeofday(&tv1, &tz); + if(cfg->encrypt_messages == 1){ + gettimeofday(&tv1, &tz); - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv); + EVP_CIPHER_CTX_init(&ctx); + EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv); - outbuf = malloc(dstlen + EVP_MAX_BLOCK_LENGTH); - if(outbuf == NULL) goto ENDE; + outbuf = malloc(dstlen + EVP_MAX_BLOCK_LENGTH); + if(outbuf == NULL) goto ENDE; - if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, z, dstlen)) goto ENDE; - if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) goto ENDE; - outlen += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); + if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, z, dstlen)) goto ENDE; + if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) goto ENDE; + outlen += tmplen; + EVP_CIPHER_CTX_cleanup(&ctx); - gettimeofday(&tv2, &tz); - sdata->__encrypt += tvdiff(tv2, tv1); - + gettimeofday(&tv2, &tz); + sdata->__encrypt += tvdiff(tv2, tv1); + } /* create a filename in the store based on piler_id */ @@ -146,14 +147,21 @@ } - n = write(fd, outbuf, outlen); - - if(n == outlen){ - ret = 1; - if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: stored '%s' %d/%d bytes", sdata->ttmpfile, filename, len, outlen); + if(cfg->encrypt_messages == 1){ + n = write(fd, outbuf, outlen); + writelen = outlen; } else { - syslog(LOG_PRIORITY, "%s: cannot write %d bytes (only %d)", sdata->ttmpfile, outlen, n); + n = write(fd, z, dstlen); + writelen = dstlen; + } + + if(n == writelen){ + ret = 1; + if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: stored '%s' %d/%d bytes", sdata->ttmpfile, filename, len, writelen); + } + else { + syslog(LOG_PRIORITY, "%s: cannot write %d bytes (only %d)", sdata->ttmpfile, writelen, n); } fsync(fd);