From dba817c84f3dab4f7cd4a449ab16fed4d3cc1fa8 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sun, 1 Apr 2012 04:31:32 +0200
Subject: Don't refresh a session before old handshakes are cleaned up

---
 src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c b/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c
index 886a372..0376239 100644
--- a/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c
+++ b/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c
@@ -674,8 +674,6 @@ static void protocol_handle_recv(fastd_context *ctx, fastd_peer *peer, fastd_buf
 		goto end;
 	}
 
-	check_session_refresh(ctx, peer);
-
 	uint8_t nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES];
 	memcpy(nonce, buffer.data, NONCEBYTES);
 	memset(nonce+NONCEBYTES, 0, crypto_secretbox_xsalsa20poly1305_NONCEBYTES-NONCEBYTES);
@@ -716,6 +714,8 @@ static void protocol_handle_recv(fastd_context *ctx, fastd_peer *peer, fastd_buf
 				pr_debug(ctx, "invalidating old session with %P", peer);
 				memset(&peer->protocol_state->old_session, 0, sizeof(protocol_session));
 			}
+
+			check_session_refresh(ctx, peer);
 		}
 		else {
 			pr_debug(ctx, "verification failed for packet received from %P", peer);
-- 
cgit v1.2.3