[freenet-cvs] r16192 - trunk/freenet/src/freenet/node
nextgens at freenetproject.org
nextgens at freenetproject.org
Sat Dec 1 17:29:52 UTC 2007
Author: nextgens
Date: 2007-12-01 17:29:52 +0000 (Sat, 01 Dec 2007)
New Revision: 16192
Modified:
trunk/freenet/src/freenet/node/FNPPacketMangler.java
Log:
JFK: revert r16191 and r16189 : they are a few cases I can think of where we want to accept incoming handshakes even if we didn't send any out
Modified: trunk/freenet/src/freenet/node/FNPPacketMangler.java
===================================================================
--- trunk/freenet/src/freenet/node/FNPPacketMangler.java 2007-12-01 17:21:06 UTC (rev 16191)
+++ trunk/freenet/src/freenet/node/FNPPacketMangler.java 2007-12-01 17:29:52 UTC (rev 16192)
@@ -733,9 +733,7 @@
if(!mac.verify(getTransientKey(), assembleJFKAuthenticator(responderExponential, initiatorExponential, nonceResponder, nonceInitiator, replyTo.getAddress().getAddress()) , authenticator)) {
Logger.error(this, "The HMAC doesn't match; let's discard the packet (either we rekeyed or we are victim of forgery)");
return;
- } else if(pn.isConnected() && !pn.firstHandshake)
- return;
-
+ }
// Check try to find the authenticator in the cache.
// If authenticator is already present, indicates duplicate/replayed message3
// Now simply transmit the corresponding message4
@@ -898,9 +896,7 @@
if(!mac.verify(pn.jfkKa, decypheredPayload, hmac)) {
Logger.error(this, "The digest-HMAC doesn't match; let's discard the packet");
return;
- }else if(pn.isConnected() && !pn.firstHandshake)
- return;
-
+ }
// Get the IV
pk.reset(decypheredPayload, decypheredPayloadOffset);
decypheredPayloadOffset += ivLength;
More information about the cvs
mailing list