diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-07-02 01:06:33 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-07-08 11:02:23 +0200 |
| commit | 4c836008dcac27e0a8258b07270a8a529b2d9167 (patch) | |
| tree | 5c6580802c62a68f5cfb75859451bce0e6f2cb94 /src/irmd/oap/srv.c | |
| parent | a16482e4d85394314553c27afcc37c0036b6d506 (diff) | |
| download | ouroboros-4c836008dcac27e0a8258b07270a8a529b2d9167.tar.gz ouroboros-4c836008dcac27e0a8258b07270a8a529b2d9167.zip | |
irmd: Fix OAP re-key header encode
The oap_hdr_encode() function validated its own output by re-decoding
with rekey hardcoded false. The case where the client signs a re-key
failed its own self-check because the cert is not sent again. Now uses
a flag on the encode() to signal the signed re-key without
certificate.
Also fixes a double free after a failed self-decode check.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/oap/srv.c')
| -rw-r--r-- | src/irmd/oap/srv.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/irmd/oap/srv.c b/src/irmd/oap/srv.c index 5d631618..cc3dec5b 100644 --- a/src/irmd/oap/srv.c +++ b/src/irmd/oap/srv.c @@ -400,6 +400,7 @@ int oap_srv_process(const struct name_info * info, void * pkp = NULL; void * crt = NULL; int req_md_nid; + int enc_flags = 0; int ret; assert(info != NULL); @@ -426,6 +427,9 @@ int oap_srv_process(const struct name_info * info, crt = NULL; } + if (rekey) + enc_flags = OAP_ENC_REKEY; + if (load_srv_sec_config(info, &scfg) < 0) { log_err("Failed to load security config for %s.", info->name); goto fail_kex; @@ -535,7 +539,7 @@ int oap_srv_process(const struct name_info * info, } ret = oap_hdr_encode(&local_hdr, pkp, crt, &scfg, - rsp_tag, req_md_nid, seal_key); + rsp_tag, req_md_nid, seal_key, enc_flags); crypt_secure_clear(hs_key, SYMMKEYSZ); |
