From: Guus Sliepen Date: Sun, 18 Mar 2012 16:46:30 +0000 (+0100) Subject: Don't send an ACK message after the first key exchange in the SPTPS protocol. X-Git-Tag: release-1.1pre3~138 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d756bb92ed52d5b1ecdd42af32f11f733db64d91;p=oweals%2Ftinc.git Don't send an ACK message after the first key exchange in the SPTPS protocol. --- diff --git a/src/sptps.c b/src/sptps.c index fa1594d..2449e7b 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -301,7 +301,7 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) { s->hiskex = NULL; // Send cipher change record - if(!send_ack(s)) + if(s->outstate && !send_ack(s)) return false; // TODO: only set new keys after ACK has been set/received @@ -319,8 +319,6 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) { return false; } - s->outstate = true; - return true; } @@ -352,7 +350,16 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) { // If we already sent our secondary public ECDH key, we expect the peer to send his. if(!receive_sig(s, data, len)) return false; - s->state = SPTPS_ACK; + if(s->outstate) + s->state = SPTPS_ACK; + else { + s->outstate = true; + if(!receive_ack(s, NULL, 0)) + return false; + s->receive_record(s->handle, SPTPS_HANDSHAKE, NULL, 0); + s->state = SPTPS_SECONDARY_KEX; + } + return true; case SPTPS_ACK: // We expect a handshake message to indicate transition to the new keys.