diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2016-01-29 02:54:45 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-01-30 11:19:13 +1100 |
| commit | 921ff00b0ac429666fb361d2d6cb1c8fff0006cb (patch) | |
| tree | 555f5a0348185ea84bdf43a298d8811390233cc7 /packet.c | |
| parent | c0060a65296f01d4634f274eee184c0e93ba0f23 (diff) | |
upstream commit
Allow RekeyLimits in excess of 4G up to 2**63 bits
(limited by the return type of scan_scaled). Part of bz#2521, ok djm.
Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
Diffstat (limited to 'packet.c')
| -rw-r--r-- | packet.c | 19 |
1 files changed, 11 insertions, 8 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: packet.c,v 1.223 2016/01/29 02:42:46 dtucker Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.224 2016/01/29 02:54:45 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -180,8 +180,7 @@ struct session_state { | |||
| 180 | struct packet_state p_read, p_send; | 180 | struct packet_state p_read, p_send; |
| 181 | 181 | ||
| 182 | /* Volume-based rekeying */ | 182 | /* Volume-based rekeying */ |
| 183 | u_int64_t max_blocks_in, max_blocks_out; | 183 | u_int64_t max_blocks_in, max_blocks_out, rekey_limit; |
| 184 | u_int32_t rekey_limit; | ||
| 185 | 184 | ||
| 186 | /* Time-based rekeying */ | 185 | /* Time-based rekeying */ |
| 187 | u_int32_t rekey_interval; /* how often in seconds */ | 186 | u_int32_t rekey_interval; /* how often in seconds */ |
| @@ -953,7 +952,10 @@ ssh_set_newkeys(struct ssh *ssh, int mode) | |||
| 953 | max_blocks = &state->max_blocks_in; | 952 | max_blocks = &state->max_blocks_in; |
| 954 | } | 953 | } |
| 955 | if (state->newkeys[mode] != NULL) { | 954 | if (state->newkeys[mode] != NULL) { |
| 956 | debug("set_newkeys: rekeying"); | 955 | debug("set_newkeys: rekeying, input %llu bytes %llu blocks, " |
| 956 | "output %llu bytes %llu blocks", | ||
| 957 | state->p_read.bytes, state->p_read.blocks, | ||
| 958 | state->p_send.bytes, state->p_send.blocks); | ||
| 957 | if ((r = cipher_cleanup(cc)) != 0) | 959 | if ((r = cipher_cleanup(cc)) != 0) |
| 958 | return r; | 960 | return r; |
| 959 | enc = &state->newkeys[mode]->enc; | 961 | enc = &state->newkeys[mode]->enc; |
| @@ -1021,6 +1023,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode) | |||
| 1021 | if (state->rekey_limit) | 1023 | if (state->rekey_limit) |
| 1022 | *max_blocks = MIN(*max_blocks, | 1024 | *max_blocks = MIN(*max_blocks, |
| 1023 | state->rekey_limit / enc->block_size); | 1025 | state->rekey_limit / enc->block_size); |
| 1026 | debug("rekey after %llu blocks", *max_blocks); | ||
| 1024 | return 0; | 1027 | return 0; |
| 1025 | } | 1028 | } |
| 1026 | 1029 | ||
| @@ -2271,9 +2274,9 @@ ssh_packet_need_rekeying(struct ssh *ssh) | |||
| 2271 | } | 2274 | } |
| 2272 | 2275 | ||
| 2273 | void | 2276 | void |
| 2274 | ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds) | 2277 | ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) |
| 2275 | { | 2278 | { |
| 2276 | debug3("rekey after %lld bytes, %d seconds", (long long)bytes, | 2279 | debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, |
| 2277 | (int)seconds); | 2280 | (int)seconds); |
| 2278 | ssh->state->rekey_limit = bytes; | 2281 | ssh->state->rekey_limit = bytes; |
| 2279 | ssh->state->rekey_interval = seconds; | 2282 | ssh->state->rekey_interval = seconds; |
| @@ -2431,7 +2434,7 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) | |||
| 2431 | if ((r = kex_to_blob(m, ssh->kex)) != 0 || | 2434 | if ((r = kex_to_blob(m, ssh->kex)) != 0 || |
| 2432 | (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || | 2435 | (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || |
| 2433 | (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || | 2436 | (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || |
| 2434 | (r = sshbuf_put_u32(m, state->rekey_limit)) != 0 || | 2437 | (r = sshbuf_put_u64(m, state->rekey_limit)) != 0 || |
| 2435 | (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || | 2438 | (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || |
| 2436 | (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || | 2439 | (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || |
| 2437 | (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || | 2440 | (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || |
| @@ -2610,7 +2613,7 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
| 2610 | if ((r = kex_from_blob(m, &ssh->kex)) != 0 || | 2613 | if ((r = kex_from_blob(m, &ssh->kex)) != 0 || |
| 2611 | (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || | 2614 | (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || |
| 2612 | (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || | 2615 | (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || |
| 2613 | (r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 || | 2616 | (r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 || |
| 2614 | (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || | 2617 | (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || |
| 2615 | (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || | 2618 | (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || |
| 2616 | (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || | 2619 | (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || |