From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 26 May 2016 08:26:09 +0000 (+0100)
Subject: server/keyexch.c: Check that all of the algorithms match when setting up.
X-Git-Tag: 1.0.0pre19~30
X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/commitdiff_plain/0d9974ba1c7a707352f9d50f592b39b095de534d

server/keyexch.c: Check that all of the algorithms match when setting up.

For some reason, we used only to check that the actual groups matched
and ignored the bulk crypto options.  Check everything now.
---

diff --git a/server/keyexch.c b/server/keyexch.c
index 8cc4ad69..34114b79 100644
--- a/server/keyexch.c
+++ b/server/keyexch.c
@@ -1479,7 +1479,7 @@ int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f)
 {
   if ((kx->kpriv = km_findpriv(p_privtag(p))) == 0) goto fail_0;
   if ((kx->kpub = km_findpub(p_tag(p))) == 0) goto fail_1;
-  if (!group_samep(kx->kpriv->g, kx->kpub->g)) {
+  if (!km_samealgsp(kx->kpriv, kx->kpub)) {
     a_warn("KX", "?PEER", p, "group-mismatch",
 	   "local-private-key", "%s", p_privtag(p),
 	   "peer-public-key", "%s", p_tag(p),