summaryrefslogtreecommitdiffstats
path: root/src/method_xsalsa20_poly1305.c
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2012-04-19 17:42:56 +0200
committerMatthias Schiffer <mschiffer@universe-factory.net>2012-04-19 17:42:56 +0200
commit8c91443808ce376947ff387eaffca6e8cfbe9251 (patch)
tree227a4367a2c013bbee40dc99c8abafc52da5ee2e /src/method_xsalsa20_poly1305.c
parentc5b12202c834fe484634131ee9a91465b9e6e7bc (diff)
downloadfastd-8c91443808ce376947ff387eaffca6e8cfbe9251.tar
fastd-8c91443808ce376947ff387eaffca6e8cfbe9251.zip
Don't regenerate session handshake keypair for every handshake so a global state can be used; remove the concept of temporary peers
These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs are removed completely.
Diffstat (limited to 'src/method_xsalsa20_poly1305.c')
-rw-r--r--src/method_xsalsa20_poly1305.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/method_xsalsa20_poly1305.c b/src/method_xsalsa20_poly1305.c
index 5194a4d..9331265 100644
--- a/src/method_xsalsa20_poly1305.c
+++ b/src/method_xsalsa20_poly1305.c
@@ -118,7 +118,7 @@ static bool method_session_is_initiator(fastd_context *ctx, fastd_method_session
}
static bool method_session_want_refresh(fastd_context *ctx, fastd_method_session_state *session) {
- return (method_session_is_initiator(ctx, session) && timespec_after(&ctx->now, &session->refresh_after));
+ return timespec_after(&ctx->now, &session->refresh_after);
}
static void method_session_free(fastd_context *ctx, fastd_method_session_state *session) {