===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/kex.c,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- src/usr.bin/ssh/kex.c	2012/08/17 01:22:56	1.87
+++ src/usr.bin/ssh/kex.c	2013/01/08 18:49:04	1.88
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.87 2012/08/17 01:22:56 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.88 2013/01/08 18:49:04 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -293,6 +293,7 @@
 	enc->name = name;
 	enc->enabled = 0;
 	enc->iv = NULL;
+	enc->iv_len = cipher_ivlen(enc->cipher);
 	enc->key = NULL;
 	enc->key_len = cipher_keylen(enc->cipher);
 	enc->block_size = cipher_blocksize(enc->cipher);
@@ -402,7 +403,7 @@
 	char **my, **peer;
 	char **cprop, **sprop;
 	int nenc, nmac, ncomp;
-	u_int mode, ctos, need;
+	u_int mode, ctos, need, authlen;
 	int first_kex_follows, type;
 
 	my   = kex_buf2prop(&kex->my, NULL);
@@ -435,13 +436,16 @@
 		nenc  = ctos ? PROPOSAL_ENC_ALGS_CTOS  : PROPOSAL_ENC_ALGS_STOC;
 		nmac  = ctos ? PROPOSAL_MAC_ALGS_CTOS  : PROPOSAL_MAC_ALGS_STOC;
 		ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;
-		choose_enc (&newkeys->enc,  cprop[nenc],  sprop[nenc]);
-		choose_mac (&newkeys->mac,  cprop[nmac],  sprop[nmac]);
+		choose_enc(&newkeys->enc, cprop[nenc], sprop[nenc]);
+		/* ignore mac for authenticated encryption */
+		authlen = cipher_authlen(newkeys->enc.cipher);
+		if (authlen == 0)
+			choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
 		choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
 		debug("kex: %s %s %s %s",
 		    ctos ? "client->server" : "server->client",
 		    newkeys->enc.name,
-		    newkeys->mac.name,
+		    authlen == 0 ? newkeys->mac.name : "<implicit>",
 		    newkeys->comp.name);
 	}
 	choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
@@ -454,6 +458,8 @@
 			need = newkeys->enc.key_len;
 		if (need < newkeys->enc.block_size)
 			need = newkeys->enc.block_size;
+		if (need < newkeys->enc.iv_len)
+			need = newkeys->enc.iv_len;
 		if (need < newkeys->mac.key_len)
 			need = newkeys->mac.key_len;
 	}