upstream commit

refactor activation of rekeying This makes automatic rekeying internal to the packet code (previously the server and client loops needed to assist). In doing to it makes application of rekey limits more accurate by accounting for packets about to be sent as well as packets queued during rekeying events themselves. Based on a patch from dtucker@ which was in turn based on a patch Aleksander Adamowski in bz#2521; ok markus@ Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
author: djm@openbsd.org <djm@openbsd.org> 2016-02-08 10:57:07 +0000
committer: Damien Miller <djm@mindrot.org> 2016-02-08 21:58:32 +1100
commit: 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a (patch)
tree: a87286b290fcd540635890856fbcafef74341ec0 /kex.c
parent: 603ba41179e4b53951c7b90ee95b6ef3faa3f15d (diff)
1 files changed, 20 insertions, 1 deletions
diff --git a/kex.c b/kex.c
index 335b789fc..d371f47c4 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.116 2016/01/14 16:17:39 markus Exp $ */
+/* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 *
@@ -606,6 +606,25 @@ kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX])
        return 0;
 }
+/*
+ * Request key re-exchange, returns 0 on success or a ssherr.h error
+ * code otherwise. Must not be called if KEX is incomplete or in-progress.
+ */
+int
+kex_start_rekex(struct ssh *ssh)
+{
+        if (ssh->kex == NULL) {
+                error("%s: no kex", __func__);
+                return SSH_ERR_INTERNAL_ERROR;
+        }
+        if (ssh->kex->done == 0) {
+                error("%s: requested twice", __func__);
+                return SSH_ERR_INTERNAL_ERROR;
+        }
+        ssh->kex->done = 0;
+        return kex_send_kexinit(ssh);
+}
 static int
 choose_enc(struct sshenc *enc, char *client, char *server)
 {
author	djm@openbsd.org <djm@openbsd.org>	2016-02-08 10:57:07 +0000
committer	Damien Miller <djm@mindrot.org>	2016-02-08 21:58:32 +1100
commit	19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a (patch)
tree	a87286b290fcd540635890856fbcafef74341ec0 /kex.c
parent	603ba41179e4b53951c7b90ee95b6ef3faa3f15d (diff)

diff --git a/kex.c b/kex.c index 335b789fc..d371f47c4 100644 --- a/kex.c +++ b/kex.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kex.c,v 1.116 2016/01/14 16:17:39 markus Exp $ */	1	/* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4	*	4	*
@@ -606,6 +606,25 @@ kex_setup(struct ssh ssh, char proposal[PROPOSAL_MAX])
606	return 0;	606	return 0;
607	}	607	}
608		608
		609	/*
		610	* Request key re-exchange, returns 0 on success or a ssherr.h error
		611	* code otherwise. Must not be called if KEX is incomplete or in-progress.
		612	*/
		613	int
		614	kex_start_rekex(struct ssh *ssh)
		615	{
		616	if (ssh->kex == NULL) {
		617	error("%s: no kex", __func__);
		618	return SSH_ERR_INTERNAL_ERROR;
		619	}
		620	if (ssh->kex->done == 0) {
		621	error("%s: requested twice", __func__);
		622	return SSH_ERR_INTERNAL_ERROR;
		623	}
		624	ssh->kex->done = 0;
		625	return kex_send_kexinit(ssh);
		626	}
		627
609	static int	628	static int
610	choose_enc(struct sshenc enc, char client, char *server)	629	choose_enc(struct sshenc enc, char client, char *server)
611	{	630	{