diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-02-15 22:31:33 +0100 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-02-18 07:53:23 +0100 |
| commit | 46cc58fe1a89903f4ef928caeee1bec96ab5967b (patch) | |
| tree | 36c5038ae64d5e89de627fd0ebfc338f126c5554 /src/irmd/oap/srv.c | |
| parent | 85cc8d28d263a8b8ff04d90622311f5d68e26e6f (diff) | |
| download | ouroboros-46cc58fe1a89903f4ef928caeee1bec96ab5967b.tar.gz ouroboros-46cc58fe1a89903f4ef928caeee1bec96ab5967b.zip | |
irmd: Fix client-side encryption request
When the server had no cipher configured, sk->nid was set to NID_undef
before negotiation and never updated, causing the response header to
encode NID_undef as the cipher — even though negotiate_kex() correctly
populated kcfg.c.nid from the client's request.
Adds a test for the KEM case where the client request encryption with
nothing specified server-side.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/oap/srv.c')
| -rw-r--r-- | src/irmd/oap/srv.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/src/irmd/oap/srv.c b/src/irmd/oap/srv.c index 93270c48..a356c62e 100644 --- a/src/irmd/oap/srv.c +++ b/src/irmd/oap/srv.c @@ -417,8 +417,6 @@ int oap_srv_process(const struct name_info * info, goto fail_kex; } - sk->nid = kcfg.c.nid; - /* Decode incoming header (NID_undef = request, no hash) */ if (oap_hdr_decode(&peer_hdr, req_buf, NID_undef) < 0) { log_err("Failed to decode OAP header."); @@ -444,7 +442,6 @@ int oap_srv_process(const struct name_info * info, if (do_server_kex(info, &peer_hdr, &kcfg, &local_hdr.kex, sk) < 0) goto fail_kex; - /* Update cipher NID after negotiation */ sk->nid = kcfg.c.nid; /* Build response header with hash of client request */ |