# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1152264512 0
# Node ID 3e098639b05fa67a89a6dcb6b5dd3eed921950e5
# Parent  2eb5a85149058b2c44d701b1eb51e70318667cf7
From Erik Hovland
- Check for valid cipher independently to starting encryption
- Use failure-checking m_mp_init for initialising mpint value

diff -r 2eb5a8514905 -r 3e098639b05f common-kex.c
--- a/common-kex.c	Fri Jul 07 09:18:05 2006 +0000
+++ b/common-kex.c	Fri Jul 07 09:28:32 2006 +0000
@@ -262,6 +262,7 @@
 	hash_state hs;
 	unsigned int C2S_keysize, S2C_keysize;
 	char mactransletter, macrecvletter; /* Client or server specific */
+	int recv_cipher = 0, trans_cipher = 0;
 
 	TRACE(("enter gen_new_keys"))
 	/* the dh_K and hash are the start of all hashes, we make use of that */
@@ -298,17 +299,20 @@
 	hashkeys(C2S_key, C2S_keysize, &hs, 'C');
 	hashkeys(S2C_key, S2C_keysize, &hs, 'D');
 
-	if (cbc_start(
-		find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name),
-			recv_IV, recv_key, 
+	recv_cipher = find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name);
+	if (recv_cipher < 0)
+	    dropbear_exit("crypto error");
+		
+	if (cbc_start(recv_cipher, recv_IV, recv_key, 
 			ses.newkeys->recv_algo_crypt->keysize, 0, 
 			&ses.newkeys->recv_symmetric_struct) != CRYPT_OK) {
 		dropbear_exit("crypto error");
 	}
-
-	if (cbc_start(
-		find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name),
-			trans_IV, trans_key, 
+	trans_cipher = find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name);
+	if (trans_cipher < 0)
+	    dropbear_exit("crypto error");
+		
+	if (cbc_start(trans_cipher, trans_IV, trans_key, 
 			ses.newkeys->trans_algo_crypt->keysize, 0, 
 			&ses.newkeys->trans_symmetric_struct) != CRYPT_OK) {
 		dropbear_exit("crypto error");
@@ -517,7 +521,7 @@
 	hash_state hs;
 
 	/* read the prime and generator*/
-	mp_init(&dh_p);
+	m_mp_init(&dh_p);
 	bytes_to_mp(&dh_p, dh_p_val, DH_P_LEN);
 
 	/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */
diff -r 2eb5a8514905 -r 3e098639b05f options.h
--- a/options.h	Fri Jul 07 09:18:05 2006 +0000
+++ b/options.h	Fri Jul 07 09:28:32 2006 +0000
@@ -127,8 +127,8 @@
  * but there's an interface via a PAM module - don't bother using it otherwise.
  * You can't enable both PASSWORD and PAM. */
 
-#define ENABLE_SVR_PASSWORD_AUTH
-/* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
+/*#define ENABLE_SVR_PASSWORD_AUTH*/
+#define ENABLE_SVR_PAM_AUTH 
 #define ENABLE_SVR_PUBKEY_AUTH
 
 #define ENABLE_CLI_PASSWORD_AUTH