From 2343f5329c0d5e7d8073810e56577d944b7c518e Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 28 Aug 2013 19:54:11 +0200
Subject: ec25519: ensure old sessions are invalidated quickly after a new one
 has been established

---
 src/protocol_ec25519_fhmqvc.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'src/protocol_ec25519_fhmqvc.c')

diff --git a/src/protocol_ec25519_fhmqvc.c b/src/protocol_ec25519_fhmqvc.c
index 889793b..fd9c6a4 100644
--- a/src/protocol_ec25519_fhmqvc.c
+++ b/src/protocol_ec25519_fhmqvc.c
@@ -408,10 +408,15 @@ static bool establish(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_meth
 			peer->protocol_state->session.method->session_free(ctx, peer->protocol_state->session.method_state);
 	}
 
-	if (peer->protocol_state->old_session.method && peer->protocol_state->old_session.method != method) {
-		pr_debug(ctx, "method of %P[%I] has changed, terminating old session", peer, remote_addr);
-		peer->protocol_state->old_session.method->session_free(ctx, peer->protocol_state->old_session.method_state);
-		peer->protocol_state->old_session = (protocol_session_t){};
+	if (peer->protocol_state->old_session.method) {
+		if (peer->protocol_state->old_session.method != method) {
+			pr_debug(ctx, "method of %P[%I] has changed, terminating old session", peer, remote_addr);
+			peer->protocol_state->old_session.method->session_free(ctx, peer->protocol_state->old_session.method_state);
+			peer->protocol_state->old_session = (protocol_session_t){};
+		}
+		else {
+			peer->protocol_state->old_session.method->session_superseded(ctx, peer->protocol_state->old_session.method_state);
+		}
 	}
 
 	fastd_sha256_t hash;
@@ -782,7 +787,7 @@ static void protocol_handle_recv(fastd_context_t *ctx, fastd_peer_t *peer, fastd
 		if (peer->protocol_state->session.method->decrypt(ctx, peer, peer->protocol_state->session.method_state, &recv_buffer, buffer)) {
 			ok = true;
 
-			if (peer->protocol_state->old_session.method_state) {
+			if (peer->protocol_state->old_session.method) {
 				pr_debug(ctx, "invalidating old session with %P", peer);
 				peer->protocol_state->old_session.method->session_free(ctx, peer->protocol_state->old_session.method_state);
 				peer->protocol_state->old_session = (protocol_session_t){};
-- 
cgit v1.2.3