server/keyexch.c: Check that all of the algorithms match when setting up.

For some reason, we used only to check that the actual groups matched
and ignored the bulk crypto options.  Check everything now.

diff --git a/server/keyexch.c b/server/keyexch.c
index 8cc4ad6953abdaa46ff44ea36cb61e129225676b..34114b79c655515dad889eb0aa0b763841853f8b 100644 (file)
--- a/server/keyexch.c
+++ b/server/keyexch.c
@@ -1479,7 +1479,7 @@ int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f)
 {
   if ((kx->kpriv = km_findpriv(p_privtag(p))) == 0) goto fail_0;
   if ((kx->kpub = km_findpub(p_tag(p))) == 0) goto fail_1;
 {
   if ((kx->kpriv = km_findpriv(p_privtag(p))) == 0) goto fail_0;
   if ((kx->kpub = km_findpub(p_tag(p))) == 0) goto fail_1;

-  if (!group_samep(kx->kpriv->g, kx->kpub->g)) {
+  if (!km_samealgsp(kx->kpriv, kx->kpub)) {

     a_warn("KX", "?PEER", p, "group-mismatch",
           "local-private-key", "%s", p_privtag(p),
           "peer-public-key", "%s", p_tag(p),
     a_warn("KX", "?PEER", p, "group-mismatch",
           "local-private-key", "%s", p_privtag(p),
           "peer-public-key", "%s", p_tag(p),