From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 26 May 2016 08:26:09 +0000 (+0100)
Subject: server/keyexch.c: Check that all of the algorithms match when setting up.
X-Git-Tag: 1.0.0pre19~30
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/0d9974ba1c7a707352f9d50f592b39b095de534d?ds=sidebyside;hp=cc3e30a46963d98f41567893de22916c1a587ff7

server/keyexch.c: Check that all of the algorithms match when setting up.

For some reason, we used only to check that the actual groups matched
and ignored the bulk crypto options.  Check everything now.
---

diff --git a/server/keyexch.c b/server/keyexch.c
index 8cc4ad69..34114b79 100644
--- a/server/keyexch.c
+++ b/server/keyexch.c
@@ -1479,7 +1479,7 @@ int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f)
 {
   if ((kx->kpriv = km_findpriv(p_privtag(p))) == 0) goto fail_0;
   if ((kx->kpub = km_findpub(p_tag(p))) == 0) goto fail_1;
-  if (!group_samep(kx->kpriv->g, kx->kpub->g)) {
+  if (!km_samealgsp(kx->kpriv, kx->kpub)) {
     a_warn("KX", "?PEER", p, "group-mismatch",
 	   "local-private-key", "%s", p_privtag(p),
 	   "peer-public-key", "%s", p_tag(p),