Browse code
Fix logic error in checking early negotiation support check
We want to check if EARLY_NEG_START is set and reserve the other bits
for future expansions. Right now we also check if all reserved bits are
zero. oops.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221115122940.1947284-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25519.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe authored on 2022/11/15 21:29:40Showing 1 changed files
| ... | ... |
@@ -92,7 +92,7 @@ do_pre_decrypt_check(struct multi_context *m, |
| 92 | 92 |
ASSERT(packet_id_read(&pin, &tmp, true)); |
| 93 | 93 |
|
| 94 | 94 |
/* The most significant byte is 0x0f if early negotiation is supported */ |
| 95 |
- bool early_neg_support = (pin.id & EARLY_NEG_MASK) == EARLY_NEG_START; |
|
| 95 |
+ bool early_neg_support = ((pin.id & EARLY_NEG_MASK) & EARLY_NEG_START) == EARLY_NEG_START; |
|
| 96 | 96 |
|
| 97 | 97 |
/* All clients that support early negotiation and tls-crypt are assumed |
| 98 | 98 |
* to also support resending the WKc in the 2nd packet */ |