From d756bb92ed52d5b1ecdd42af32f11f733db64d91 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 18 Mar 2012 17:46:30 +0100 Subject: [PATCH] Don't send an ACK message after the first key exchange in the SPTPS protocol. --- src/sptps.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/sptps.c b/src/sptps.c index fa1594db..2449e7bc 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -301,7 +301,7 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) { s->hiskex = NULL; // Send cipher change record - if(!send_ack(s)) + if(s->outstate && !send_ack(s)) return false; // TODO: only set new keys after ACK has been set/received @@ -319,8 +319,6 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) { return false; } - s->outstate = true; - return true; } @@ -352,7 +350,16 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) { // If we already sent our secondary public ECDH key, we expect the peer to send his. if(!receive_sig(s, data, len)) return false; - s->state = SPTPS_ACK; + if(s->outstate) + s->state = SPTPS_ACK; + else { + s->outstate = true; + if(!receive_ack(s, NULL, 0)) + return false; + s->receive_record(s->handle, SPTPS_HANDSHAKE, NULL, 0); + s->state = SPTPS_SECONDARY_KEX; + } + return true; case SPTPS_ACK: // We expect a handshake message to indicate transition to the new keys. -- 2.39.5