From 0d9974ba1c7a707352f9d50f592b39b095de534d Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 26 May 2016 09:26:09 +0100
Subject: [PATCH] server/keyexch.c: Check that all of the algorithms match when
 setting up.

For some reason, we used only to check that the actual groups matched
and ignored the bulk crypto options.  Check everything now.
---
 server/keyexch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/keyexch.c b/server/keyexch.c
index 8cc4ad69..34114b79 100644
--- a/server/keyexch.c
+++ b/server/keyexch.c
@@ -1479,7 +1479,7 @@ int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f)
 {
   if ((kx->kpriv = km_findpriv(p_privtag(p))) == 0) goto fail_0;
   if ((kx->kpub = km_findpub(p_tag(p))) == 0) goto fail_1;
-  if (!group_samep(kx->kpriv->g, kx->kpub->g)) {
+  if (!km_samealgsp(kx->kpriv, kx->kpub)) {
     a_warn("KX", "?PEER", p, "group-mismatch",
 	   "local-private-key", "%s", p_privtag(p),
 	   "peer-public-key", "%s", p_tag(p),
-- 
2.11.0