version 1.95, 2014/01/12 08:13:13 |
version 1.96, 2014/01/25 10:12:50 |
|
|
char **my, **peer; |
char **my, **peer; |
char **cprop, **sprop; |
char **cprop, **sprop; |
int nenc, nmac, ncomp; |
int nenc, nmac, ncomp; |
u_int mode, ctos, need, authlen; |
u_int mode, ctos, need, dh_need, authlen; |
int first_kex_follows, type; |
int first_kex_follows, type; |
|
|
my = kex_buf2prop(&kex->my, NULL); |
my = kex_buf2prop(&kex->my, NULL); |
|
|
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); |
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); |
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], |
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], |
sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]); |
sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]); |
need = 0; |
need = dh_need = 0; |
for (mode = 0; mode < MODE_MAX; mode++) { |
for (mode = 0; mode < MODE_MAX; mode++) { |
newkeys = kex->newkeys[mode]; |
newkeys = kex->newkeys[mode]; |
if (need < newkeys->enc.key_len) |
if (need < newkeys->enc.key_len) |
|
|
need = newkeys->enc.iv_len; |
need = newkeys->enc.iv_len; |
if (need < newkeys->mac.key_len) |
if (need < newkeys->mac.key_len) |
need = newkeys->mac.key_len; |
need = newkeys->mac.key_len; |
|
if (dh_need < cipher_seclen(newkeys->enc.cipher)) |
|
dh_need = cipher_seclen(newkeys->enc.cipher); |
} |
} |
/* XXX need runden? */ |
/* XXX need runden? */ |
kex->we_need = need; |
kex->we_need = need; |
|
kex->dh_need = dh_need; |
|
|
/* ignore the next message if the proposals do not match */ |
/* ignore the next message if the proposals do not match */ |
if (first_kex_follows && !proposals_match(my, peer) && |
if (first_kex_follows && !proposals_match(my, peer) && |