diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2003-07-14 17:31:06 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2003-07-14 17:31:06 +1000 |
| commit | 81a0b371f4872b99001e3eb20b0a154714801d15 (patch) | |
| tree | d5603b27410fd005a1e1fb785d809cb5eada9e32 | |
| parent | 29588616c214e411e1823b2949e5fa9d6a49d75f (diff) | |
- markus@cvs.openbsd.org 2003/07/10 14:42:28
[packet.c]
the 2^(blocksize*2) rekeying limit is too expensive for 3DES,
blowfish, etc, so enforce a 1GB limit for small blocksizes.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | packet.c | 11 |
2 files changed, 14 insertions, 3 deletions
| @@ -13,6 +13,10 @@ | |||
| 13 | minor tweak: when generating the hex fingerprint, give strlcat the full | 13 | minor tweak: when generating the hex fingerprint, give strlcat the full |
| 14 | bound to the buffer, and add a comment below explaining why the | 14 | bound to the buffer, and add a comment below explaining why the |
| 15 | zero-termination is one less than the bound. markus@ ok | 15 | zero-termination is one less than the bound. markus@ ok |
| 16 | - markus@cvs.openbsd.org 2003/07/10 14:42:28 | ||
| 17 | [packet.c] | ||
| 18 | the 2^(blocksize*2) rekeying limit is too expensive for 3DES, | ||
| 19 | blowfish, etc, so enforce a 1GB limit for small blocksizes. | ||
| 16 | 20 | ||
| 17 | 20030708 | 21 | 20030708 |
| 18 | - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] | 22 | - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] |
| @@ -686,4 +690,4 @@ | |||
| 686 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 690 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
| 687 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 691 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
| 688 | 692 | ||
| 689 | $Id: ChangeLog,v 1.2854 2003/07/14 07:28:34 dtucker Exp $ | 693 | $Id: ChangeLog,v 1.2855 2003/07/14 07:31:06 dtucker Exp $ |
| @@ -37,7 +37,7 @@ | |||
| 37 | */ | 37 | */ |
| 38 | 38 | ||
| 39 | #include "includes.h" | 39 | #include "includes.h" |
| 40 | RCSID("$OpenBSD: packet.c,v 1.108 2003/06/24 08:23:46 markus Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.109 2003/07/10 14:42:28 markus Exp $"); |
| 41 | 41 | ||
| 42 | #include "openbsd-compat/sys-queue.h" | 42 | #include "openbsd-compat/sys-queue.h" |
| 43 | 43 | ||
| @@ -635,7 +635,14 @@ set_newkeys(int mode) | |||
| 635 | buffer_compress_init_recv(); | 635 | buffer_compress_init_recv(); |
| 636 | comp->enabled = 1; | 636 | comp->enabled = 1; |
| 637 | } | 637 | } |
| 638 | *max_blocks = ((u_int64_t)1 << (enc->block_size*2)); | 638 | /* |
| 639 | * The 2^(blocksize*2) limit is too expensive for 3DES, | ||
| 640 | * blowfish, etc, so enforce a 1GB limit for small blocksizes. | ||
| 641 | */ | ||
| 642 | if (enc->block_size >= 16) | ||
| 643 | *max_blocks = (u_int64_t)1 << (enc->block_size*2); | ||
| 644 | else | ||
| 645 | *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; | ||
| 639 | if (rekey_limit) | 646 | if (rekey_limit) |
| 640 | *max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size); | 647 | *max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size); |
| 641 | } | 648 | } |