Don't send an ACK message after the first key exchange in the SPTPS protocol.
This commit is contained in:
Guus Sliepen
parent
c970ecdd75
commit
d756bb92ed
1 changed files with 11 additions and 4 deletions
15
src/sptps.c
15
src/sptps.c
|
|
@ -301,7 +301,7 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) {
|
|||
s->hiskex = NULL;
|
||||
|
||||
// Send cipher change record
|
||||
if(!send_ack(s))
|
||||
if(s->outstate && !send_ack(s))
|
||||
return false;
|
||||
|
||||
// TODO: only set new keys after ACK has been set/received
|
||||
|
|
@ -319,8 +319,6 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) {
|
|||
return false;
|
||||
}
|
||||
|
||||
s->outstate = true;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -352,7 +350,16 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) {
|
|||
// If we already sent our secondary public ECDH key, we expect the peer to send his.
|
||||
if(!receive_sig(s, data, len))
|
||||
return false;
|
||||
s->state = SPTPS_ACK;
|
||||
if(s->outstate)
|
||||
s->state = SPTPS_ACK;
|
||||
else {
|
||||
s->outstate = true;
|
||||
if(!receive_ack(s, NULL, 0))
|
||||
return false;
|
||||
s->receive_record(s->handle, SPTPS_HANDSHAKE, NULL, 0);
|
||||
s->state = SPTPS_SECONDARY_KEX;
|
||||
}
|
||||
|
||||
return true;
|
||||
case SPTPS_ACK:
|
||||
// We expect a handshake message to indicate transition to the new keys.
|
||||
|
|
|
|||
Loading…
Reference in a new issue