diff common-kex.c @ 409:0e69e948caba

Add comments about requiring keysize <= 2*SHA1_HASH_SIZE
author Matt Johnston <matt@ucc.asn.au>
date Sun, 04 Feb 2007 10:31:48 +0000
parents 63601217f5ab
children b895f91c2ee6
line wrap: on
line diff
--- a/common-kex.c	Sat Feb 03 13:57:35 2007 +0000
+++ b/common-kex.c	Sun Feb 04 10:31:48 2007 +0000
@@ -217,12 +217,10 @@
  * already initialised hash_state hs, which should already have processed
  * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc.
  * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated.
- * The output will only be expanded once, since that is all that is required
- * (for 3DES and SHA, with 24 and 20 bytes respectively). 
+ * The output will only be expanded once, as we are assured that
+ * outlen <= 2*SHA1_HASH_SIZE for all known hashes.
  *
- * See Section 5.2 of the IETF secsh Transport Draft for details */
-
-/* Duplicated verbatim from kex.c --mihnea */
+ * See Section 7.2 of rfc4253 (ssh transport) for details */
 static void hashkeys(unsigned char *out, int outlen, 
 		const hash_state * hs, const unsigned char X) {