Add comments about requiring keysize <= 2*SHA1_HASH_SIZE

--HG-- extra : convert_revision : bcb33fce2fad01a7626598209d43af3571bd86f0
author: Matt Johnston <matt@ucc.asn.au> 2007-02-04 10:31:48 +0000
committer: Matt Johnston <matt@ucc.asn.au> 2007-02-04 10:31:48 +0000
commit: 60d4cd599621a843095a0948c58c40b0ba286de2 (patch)
tree: 5dbbf70c60dab2c8bdeaa8f419986fe541e44257 /common-kex.c
parent: 16517e67603787b9c11c6feeb779b3edb0597ed2 (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/common-kex.c b/common-kex.c
index 5db8e52..5a48758 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -217,12 +217,10 @@ static void kexinitialise() {
  * already initialised hash_state hs, which should already have processed
  * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc.
  * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated.
- * The output will only be expanded once, since that is all that is required
- * (for 3DES and SHA, with 24 and 20 bytes respectively). 
+ * The output will only be expanded once, as we are assured that
+ * outlen <= 2*SHA1_HASH_SIZE for all known hashes.
  *
- * See Section 5.2 of the IETF secsh Transport Draft for details */
-
-/* Duplicated verbatim from kex.c --mihnea */
+ * See Section 7.2 of rfc4253 (ssh transport) for details */
 static void hashkeys(unsigned char *out, int outlen, 
 		const hash_state * hs, const unsigned char X) {
author	Matt Johnston <matt@ucc.asn.au>	2007-02-04 10:31:48 +0000
committer	Matt Johnston <matt@ucc.asn.au>	2007-02-04 10:31:48 +0000
commit	60d4cd599621a843095a0948c58c40b0ba286de2 (patch)
tree	5dbbf70c60dab2c8bdeaa8f419986fe541e44257 /common-kex.c
parent	16517e67603787b9c11c6feeb779b3edb0597ed2 (diff)