upstream commit

refactor activation of rekeying This makes automatic rekeying internal to the packet code (previously the server and client loops needed to assist). In doing to it makes application of rekey limits more accurate by accounting for packets about to be sent as well as packets queued during rekeying events themselves. Based on a patch from dtucker@ which was in turn based on a patch Aleksander Adamowski in bz#2521; ok markus@ Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
author: djm@openbsd.org <djm@openbsd.org> 2016-02-08 10:57:07 +0000
committer: Damien Miller <djm@mindrot.org> 2016-02-08 21:58:32 +1100
commit: 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a (patch)
tree: a87286b290fcd540635890856fbcafef74341ec0 /serverloop.c
parent: 603ba41179e4b53951c7b90ee95b6ef3faa3f15d (diff)
1 files changed, 7 insertions, 13 deletions
diff --git a/serverloop.c b/serverloop.c
index 47bc168b2..80d1db549 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.181 2016/01/14 16:17:40 markus Exp $ */
+/* $OpenBSD: serverloop.c,v 1.182 2016/02/08 10:57:07 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -820,7 +820,7 @@ void
 server_loop2(Authctxt *authctxt)
 {
        fd_set *readset = NULL, *writeset = NULL;
-        int rekeying = 0, max_fd;
+        int max_fd;
        u_int nalloc = 0;
        u_int64_t rekey_timeout_ms = 0;
@@ -847,11 +847,11 @@ server_loop2(Authctxt *authctxt)
        for (;;) {
                process_buffered_input_packets();
-                rekeying = (active_state->kex != NULL && !active_state->kex->done);
+                if (!ssh_packet_is_rekeying(active_state) &&
+                    packet_not_very_much_data_to_write())
-                if (!rekeying && packet_not_very_much_data_to_write())
                        channel_output_poll();
-                if (options.rekey_interval > 0 && compat20 && !rekeying)
+                if (options.rekey_interval > 0 && compat20 &&
+                    !ssh_packet_is_rekeying(active_state))
                        rekey_timeout_ms = packet_get_rekey_timeout() * 1000;
                else
                        rekey_timeout_ms = 0;
@@ -866,14 +866,8 @@ server_loop2(Authctxt *authctxt)
                }
                collect_children();
-                if (!rekeying) {
+                if (!ssh_packet_is_rekeying(active_state))
                        channel_after_select(readset, writeset);
-                        if (packet_need_rekeying()) {
-                                debug("need rekeying");
-                                active_state->kex->done = 0;
-                                kex_send_kexinit(active_state);
-                        }
-                }
                process_input(readset);
                if (connection_closed)
                        break;
author	djm@openbsd.org <djm@openbsd.org>	2016-02-08 10:57:07 +0000
committer	Damien Miller <djm@mindrot.org>	2016-02-08 21:58:32 +1100
commit	19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a (patch)
tree	a87286b290fcd540635890856fbcafef74341ec0 /serverloop.c
parent	603ba41179e4b53951c7b90ee95b6ef3faa3f15d (diff)

diff --git a/serverloop.c b/serverloop.c index 47bc168b2..80d1db549 100644 --- a/serverloop.c +++ b/serverloop.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: serverloop.c,v 1.181 2016/01/14 16:17:40 markus Exp $ */	1	/* $OpenBSD: serverloop.c,v 1.182 2016/02/08 10:57:07 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -820,7 +820,7 @@ void
820	server_loop2(Authctxt *authctxt)	820	server_loop2(Authctxt *authctxt)
821	{	821	{
822	fd_set readset = NULL, writeset = NULL;	822	fd_set readset = NULL, writeset = NULL;
823	int rekeying = 0, max_fd;	823	int max_fd;
824	u_int nalloc = 0;	824	u_int nalloc = 0;
825	u_int64_t rekey_timeout_ms = 0;	825	u_int64_t rekey_timeout_ms = 0;
826		826
@@ -847,11 +847,11 @@ server_loop2(Authctxt *authctxt)
847	for (;;) {	847	for (;;) {
848	process_buffered_input_packets();	848	process_buffered_input_packets();
849		849
850	rekeying = (active_state->kex != NULL && !active_state->kex->done);	850	if (!ssh_packet_is_rekeying(active_state) &&
851		851	packet_not_very_much_data_to_write())
852	if (!rekeying && packet_not_very_much_data_to_write())
853	channel_output_poll();	852	channel_output_poll();
854	if (options.rekey_interval > 0 && compat20 && !rekeying)	853	if (options.rekey_interval > 0 && compat20 &&
		854	!ssh_packet_is_rekeying(active_state))
855	rekey_timeout_ms = packet_get_rekey_timeout() * 1000;	855	rekey_timeout_ms = packet_get_rekey_timeout() * 1000;
856	else	856	else
857	rekey_timeout_ms = 0;	857	rekey_timeout_ms = 0;
@@ -866,14 +866,8 @@ server_loop2(Authctxt *authctxt)
866	}	866	}
867		867
868	collect_children();	868	collect_children();
869	if (!rekeying) {	869	if (!ssh_packet_is_rekeying(active_state))
870	channel_after_select(readset, writeset);	870	channel_after_select(readset, writeset);
871	if (packet_need_rekeying()) {
872	debug("need rekeying");
873	active_state->kex->done = 0;
874	kex_send_kexinit(active_state);
875	}
876	}
877	process_input(readset);	871	process_input(readset);
878	if (connection_closed)	872	if (connection_closed)
879	break;	873	break;