comparison common-kex.c @ 409:0e69e948caba

Add comments about requiring keysize <= 2*SHA1_HASH_SIZE
author Matt Johnston <matt@ucc.asn.au>
date Sun, 04 Feb 2007 10:31:48 +0000
parents 63601217f5ab
children b895f91c2ee6
comparison
equal deleted inserted replaced
408:28b10e93685c 409:0e69e948caba
215 215
216 /* Helper function for gen_new_keys, creates a hash. It makes a copy of the 216 /* Helper function for gen_new_keys, creates a hash. It makes a copy of the
217 * already initialised hash_state hs, which should already have processed 217 * already initialised hash_state hs, which should already have processed
218 * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc. 218 * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc.
219 * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated. 219 * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated.
220 * The output will only be expanded once, since that is all that is required 220 * The output will only be expanded once, as we are assured that
221 * (for 3DES and SHA, with 24 and 20 bytes respectively). 221 * outlen <= 2*SHA1_HASH_SIZE for all known hashes.
222 * 222 *
223 * See Section 5.2 of the IETF secsh Transport Draft for details */ 223 * See Section 7.2 of rfc4253 (ssh transport) for details */
224
225 /* Duplicated verbatim from kex.c --mihnea */
226 static void hashkeys(unsigned char *out, int outlen, 224 static void hashkeys(unsigned char *out, int outlen,
227 const hash_state * hs, const unsigned char X) { 225 const hash_state * hs, const unsigned char X) {
228 226
229 hash_state hs2; 227 hash_state hs2;
230 unsigned char k2[SHA1_HASH_SIZE]; /* used to extending */ 228 unsigned char k2[SHA1_HASH_SIZE]; /* used to extending */