diff options
-rw-r--r-- | monitor.c | 7 | ||||
-rw-r--r-- | opacket.h | 2 | ||||
-rw-r--r-- | packet.c | 18 |
3 files changed, 12 insertions, 15 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.142 2015/02/06 23:21:59 millert Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.143 2015/02/13 18:57:00 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -1833,11 +1833,6 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1833 | (ssh_packet_comp_alloc_func *)mm_zalloc, | 1833 | (ssh_packet_comp_alloc_func *)mm_zalloc, |
1834 | (ssh_packet_comp_free_func *)mm_zfree); | 1834 | (ssh_packet_comp_free_func *)mm_zfree); |
1835 | } | 1835 | } |
1836 | |||
1837 | if (options.rekey_limit || options.rekey_interval) | ||
1838 | ssh_packet_set_rekey_limits(ssh, | ||
1839 | (u_int32_t)options.rekey_limit, | ||
1840 | (time_t)options.rekey_interval); | ||
1841 | } | 1836 | } |
1842 | 1837 | ||
1843 | /* This function requries careful sanity checking */ | 1838 | /* This function requries careful sanity checking */ |
@@ -128,8 +128,6 @@ void packet_read_expect(int expected_type); | |||
128 | ssh_packet_send_ignore(active_state, (nbytes)) | 128 | ssh_packet_send_ignore(active_state, (nbytes)) |
129 | #define packet_need_rekeying() \ | 129 | #define packet_need_rekeying() \ |
130 | ssh_packet_need_rekeying(active_state) | 130 | ssh_packet_need_rekeying(active_state) |
131 | #define packet_set_rekey_limit(bytes) \ | ||
132 | ssh_packet_set_rekey_limit(active_state, (bytes)) | ||
133 | #define packet_set_server() \ | 131 | #define packet_set_server() \ |
134 | ssh_packet_set_server(active_state) | 132 | ssh_packet_set_server(active_state) |
135 | #define packet_set_authenticated() \ | 133 | #define packet_set_authenticated() \ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.207 2015/02/11 01:20:38 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.208 2015/02/13 18:57:00 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -185,7 +185,7 @@ struct session_state { | |||
185 | u_int32_t rekey_limit; | 185 | u_int32_t rekey_limit; |
186 | 186 | ||
187 | /* Time-based rekeying */ | 187 | /* Time-based rekeying */ |
188 | time_t rekey_interval; /* how often in seconds */ | 188 | u_int32_t rekey_interval; /* how often in seconds */ |
189 | time_t rekey_time; /* time of last rekeying */ | 189 | time_t rekey_time; /* time of last rekeying */ |
190 | 190 | ||
191 | /* Session key for protocol v1 */ | 191 | /* Session key for protocol v1 */ |
@@ -2225,11 +2225,6 @@ ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds) | |||
2225 | (int)seconds); | 2225 | (int)seconds); |
2226 | ssh->state->rekey_limit = bytes; | 2226 | ssh->state->rekey_limit = bytes; |
2227 | ssh->state->rekey_interval = seconds; | 2227 | ssh->state->rekey_interval = seconds; |
2228 | /* | ||
2229 | * We set the time here so that in post-auth privsep slave we count | ||
2230 | * from the completion of the authentication. | ||
2231 | */ | ||
2232 | ssh->state->rekey_time = monotime(); | ||
2233 | } | 2228 | } |
2234 | 2229 | ||
2235 | time_t | 2230 | time_t |
@@ -2437,6 +2432,8 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) | |||
2437 | if ((r = kex_to_blob(m, ssh->kex)) != 0 || | 2432 | if ((r = kex_to_blob(m, ssh->kex)) != 0 || |
2438 | (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || | 2433 | (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || |
2439 | (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || | 2434 | (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || |
2435 | (r = sshbuf_put_u32(m, state->rekey_limit)) != 0 || | ||
2436 | (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || | ||
2440 | (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || | 2437 | (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || |
2441 | (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || | 2438 | (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || |
2442 | (r = sshbuf_put_u32(m, state->p_send.packets)) != 0 || | 2439 | (r = sshbuf_put_u32(m, state->p_send.packets)) != 0 || |
@@ -2624,6 +2621,8 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
2624 | if ((r = kex_from_blob(m, &ssh->kex)) != 0 || | 2621 | if ((r = kex_from_blob(m, &ssh->kex)) != 0 || |
2625 | (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || | 2622 | (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || |
2626 | (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || | 2623 | (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || |
2624 | (r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 || | ||
2625 | (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || | ||
2627 | (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || | 2626 | (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || |
2628 | (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || | 2627 | (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || |
2629 | (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 || | 2628 | (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 || |
@@ -2633,6 +2632,11 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
2633 | (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || | 2632 | (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || |
2634 | (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) | 2633 | (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) |
2635 | return r; | 2634 | return r; |
2635 | /* | ||
2636 | * We set the time here so that in post-auth privsep slave we | ||
2637 | * count from the completion of the authentication. | ||
2638 | */ | ||
2639 | state->rekey_time = monotime(); | ||
2636 | /* XXX ssh_set_newkeys overrides p_read.packets? XXX */ | 2640 | /* XXX ssh_set_newkeys overrides p_read.packets? XXX */ |
2637 | if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || | 2641 | if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || |
2638 | (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) | 2642 | (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) |