diff options
author | markus@openbsd.org <markus@openbsd.org> | 2015-02-13 18:57:00 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-02-17 09:32:30 +1100 |
commit | 02db468bf7e3281a8e3c058ced571b38b6407c34 (patch) | |
tree | eb6b4701a2c1cd917bc719256b3762ba8d31d690 /packet.c | |
parent | 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8 (diff) |
upstream commit
make rekey_limit for sshd w/privsep work; ok djm@
dtucker@
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 18 |
1 files changed, 11 insertions, 7 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.207 2015/02/11 01:20:38 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.208 2015/02/13 18:57:00 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -185,7 +185,7 @@ struct session_state { | |||
185 | u_int32_t rekey_limit; | 185 | u_int32_t rekey_limit; |
186 | 186 | ||
187 | /* Time-based rekeying */ | 187 | /* Time-based rekeying */ |
188 | time_t rekey_interval; /* how often in seconds */ | 188 | u_int32_t rekey_interval; /* how often in seconds */ |
189 | time_t rekey_time; /* time of last rekeying */ | 189 | time_t rekey_time; /* time of last rekeying */ |
190 | 190 | ||
191 | /* Session key for protocol v1 */ | 191 | /* Session key for protocol v1 */ |
@@ -2225,11 +2225,6 @@ ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds) | |||
2225 | (int)seconds); | 2225 | (int)seconds); |
2226 | ssh->state->rekey_limit = bytes; | 2226 | ssh->state->rekey_limit = bytes; |
2227 | ssh->state->rekey_interval = seconds; | 2227 | ssh->state->rekey_interval = seconds; |
2228 | /* | ||
2229 | * We set the time here so that in post-auth privsep slave we count | ||
2230 | * from the completion of the authentication. | ||
2231 | */ | ||
2232 | ssh->state->rekey_time = monotime(); | ||
2233 | } | 2228 | } |
2234 | 2229 | ||
2235 | time_t | 2230 | time_t |
@@ -2437,6 +2432,8 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) | |||
2437 | if ((r = kex_to_blob(m, ssh->kex)) != 0 || | 2432 | if ((r = kex_to_blob(m, ssh->kex)) != 0 || |
2438 | (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || | 2433 | (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || |
2439 | (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || | 2434 | (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || |
2435 | (r = sshbuf_put_u32(m, state->rekey_limit)) != 0 || | ||
2436 | (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || | ||
2440 | (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || | 2437 | (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || |
2441 | (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || | 2438 | (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || |
2442 | (r = sshbuf_put_u32(m, state->p_send.packets)) != 0 || | 2439 | (r = sshbuf_put_u32(m, state->p_send.packets)) != 0 || |
@@ -2624,6 +2621,8 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
2624 | if ((r = kex_from_blob(m, &ssh->kex)) != 0 || | 2621 | if ((r = kex_from_blob(m, &ssh->kex)) != 0 || |
2625 | (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || | 2622 | (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || |
2626 | (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || | 2623 | (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || |
2624 | (r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 || | ||
2625 | (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || | ||
2627 | (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || | 2626 | (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || |
2628 | (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || | 2627 | (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || |
2629 | (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 || | 2628 | (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 || |
@@ -2633,6 +2632,11 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
2633 | (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || | 2632 | (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || |
2634 | (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) | 2633 | (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) |
2635 | return r; | 2634 | return r; |
2635 | /* | ||
2636 | * We set the time here so that in post-auth privsep slave we | ||
2637 | * count from the completion of the authentication. | ||
2638 | */ | ||
2639 | state->rekey_time = monotime(); | ||
2636 | /* XXX ssh_set_newkeys overrides p_read.packets? XXX */ | 2640 | /* XXX ssh_set_newkeys overrides p_read.packets? XXX */ |
2637 | if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || | 2641 | if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || |
2638 | (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) | 2642 | (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) |