===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/kex.c,v
retrieving revision 1.51.2.3
retrieving revision 1.52
diff -u -r1.51.2.3 -r1.52
--- src/usr.bin/ssh/kex.c	2003/09/16 21:20:25	1.51.2.3
+++ src/usr.bin/ssh/kex.c	2002/11/21 22:45:31	1.52
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.51.2.3 2003/09/16 21:20:25 brad Exp $");
+RCSID("$OpenBSD: kex.c,v 1.52 2002/11/21 22:45:31 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -44,6 +44,11 @@
 
 #define KEX_COOKIE_LEN	16
 
+/* Use privilege separation for sshd */
+int use_privsep;
+struct monitor *pmonitor;
+
+
 /* prototype */
 static void kex_kexinit_finish(Kex *);
 static void kex_choose_conf(Kex *);
@@ -69,7 +74,7 @@
 
 /* parse buffer and return algorithm proposal */
 static char **
-kex_buf2prop(Buffer *raw, int *first_kex_follows)
+kex_buf2prop(Buffer *raw)
 {
 	Buffer b;
 	int i;
@@ -89,8 +94,6 @@
 	}
 	/* first kex follows / reserved */
 	i = buffer_get_char(&b);
-	if (first_kex_follows != NULL)
-		*first_kex_follows = i;
 	debug2("kex_parse_kexinit: first_kex_follows %d ", i);
 	i = buffer_get_int(&b);
 	debug2("kex_parse_kexinit: reserved %d ", i);
@@ -232,10 +235,14 @@
 
 	kex_choose_conf(kex);
 
-	if (kex->kex_type >= 0 && kex->kex_type < KEX_MAX &&
-	    kex->kex[kex->kex_type] != NULL) {
-		(kex->kex[kex->kex_type])(kex);
-	} else {
+	switch (kex->kex_type) {
+	case DH_GRP1_SHA1:
+		kexdh(kex);
+		break;
+	case DH_GEX_SHA1:
+		kexgex(kex);
+		break;
+	default:
 		fatal("Unsupported key exchange %d", kex->kex_type);
 	}
 }
@@ -292,9 +299,9 @@
 	if (k->name == NULL)
 		fatal("no kex alg");
 	if (strcmp(k->name, KEX_DH1) == 0) {
-		k->kex_type = KEX_DH_GRP1_SHA1;
+		k->kex_type = DH_GRP1_SHA1;
 	} else if (strcmp(k->name, KEX_DHGEX) == 0) {
-		k->kex_type = KEX_DH_GEX_SHA1;
+		k->kex_type = DH_GEX_SHA1;
 	} else
 		fatal("bad kex alg %s", k->name);
 }
@@ -310,30 +317,6 @@
 	xfree(hostkeyalg);
 }
 
-static int 
-proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
-{
-	static int check[] = {
-		PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1
-	};
-	int *idx;
-	char *p;
-
-	for (idx = &check[0]; *idx != -1; idx++) {
-		if ((p = strchr(my[*idx], ',')) != NULL)
-			*p = '\0';
-		if ((p = strchr(peer[*idx], ',')) != NULL)
-			*p = '\0';
-		if (strcmp(my[*idx], peer[*idx]) != 0) {
-			debug2("proposal mismatch: my %s peer %s",
-			    my[*idx], peer[*idx]);
-			return (0);
-		}
-	}
-	debug2("proposals match");
-	return (1);
-}
-
 static void
 kex_choose_conf(Kex *kex)
 {
@@ -344,10 +327,9 @@
 	int mode;
 	int ctos;				/* direction: if true client-to-server */
 	int need;
-	int first_kex_follows, type;
 
-	my   = kex_buf2prop(&kex->my, NULL);
-	peer = kex_buf2prop(&kex->peer, &first_kex_follows);
+	my   = kex_buf2prop(&kex->my);
+	peer = kex_buf2prop(&kex->peer);
 
 	if (kex->server) {
 		cprop=peer;
@@ -390,13 +372,6 @@
 	}
 	/* XXX need runden? */
 	kex->we_need = need;
-
-	/* ignore the next message if the proposals do not match */
-	if (first_kex_follows && !proposals_match(my, peer) && 
-	   !(datafellows & SSH_BUG_FIRSTKEX)) {
-		type = packet_read();
-		debug2("skipping next packet (type %u)", type);
-	}
 
 	kex_prop_free(my);
 	kex_prop_free(peer);