diff options
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.95 2014/01/12 08:13:13 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.96 2014/01/25 10:12:50 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -458,7 +458,7 @@ kex_choose_conf(Kex *kex) | |||
458 | char **my, **peer; | 458 | char **my, **peer; |
459 | char **cprop, **sprop; | 459 | char **cprop, **sprop; |
460 | int nenc, nmac, ncomp; | 460 | int nenc, nmac, ncomp; |
461 | u_int mode, ctos, need, authlen; | 461 | u_int mode, ctos, need, dh_need, authlen; |
462 | int first_kex_follows, type; | 462 | int first_kex_follows, type; |
463 | 463 | ||
464 | my = kex_buf2prop(&kex->my, NULL); | 464 | my = kex_buf2prop(&kex->my, NULL); |
@@ -506,7 +506,7 @@ kex_choose_conf(Kex *kex) | |||
506 | choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); | 506 | choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); |
507 | choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], | 507 | choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], |
508 | sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]); | 508 | sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]); |
509 | need = 0; | 509 | need = dh_need = 0; |
510 | for (mode = 0; mode < MODE_MAX; mode++) { | 510 | for (mode = 0; mode < MODE_MAX; mode++) { |
511 | newkeys = kex->newkeys[mode]; | 511 | newkeys = kex->newkeys[mode]; |
512 | if (need < newkeys->enc.key_len) | 512 | if (need < newkeys->enc.key_len) |
@@ -517,9 +517,12 @@ kex_choose_conf(Kex *kex) | |||
517 | need = newkeys->enc.iv_len; | 517 | need = newkeys->enc.iv_len; |
518 | if (need < newkeys->mac.key_len) | 518 | if (need < newkeys->mac.key_len) |
519 | need = newkeys->mac.key_len; | 519 | need = newkeys->mac.key_len; |
520 | if (dh_need < cipher_seclen(newkeys->enc.cipher)) | ||
521 | dh_need = cipher_seclen(newkeys->enc.cipher); | ||
520 | } | 522 | } |
521 | /* XXX need runden? */ | 523 | /* XXX need runden? */ |
522 | kex->we_need = need; | 524 | kex->we_need = need; |
525 | kex->dh_need = dh_need; | ||
523 | 526 | ||
524 | /* ignore the next message if the proposals do not match */ | 527 | /* ignore the next message if the proposals do not match */ |
525 | if (first_kex_follows && !proposals_match(my, peer) && | 528 | if (first_kex_follows && !proposals_match(my, peer) && |