summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--monitor.c7
-rw-r--r--opacket.h2
-rw-r--r--packet.c18
3 files changed, 12 insertions, 15 deletions
diff --git a/monitor.c b/monitor.c
index 689586c0f..e97b20ef0 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.142 2015/02/06 23:21:59 millert Exp $ */ 1/* $OpenBSD: monitor.c,v 1.143 2015/02/13 18:57:00 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1833,11 +1833,6 @@ monitor_apply_keystate(struct monitor *pmonitor)
1833 (ssh_packet_comp_alloc_func *)mm_zalloc, 1833 (ssh_packet_comp_alloc_func *)mm_zalloc,
1834 (ssh_packet_comp_free_func *)mm_zfree); 1834 (ssh_packet_comp_free_func *)mm_zfree);
1835 } 1835 }
1836
1837 if (options.rekey_limit || options.rekey_interval)
1838 ssh_packet_set_rekey_limits(ssh,
1839 (u_int32_t)options.rekey_limit,
1840 (time_t)options.rekey_interval);
1841} 1836}
1842 1837
1843/* This function requries careful sanity checking */ 1838/* This function requries careful sanity checking */
diff --git a/opacket.h b/opacket.h
index e563d8d3b..16fcb9e28 100644
--- a/opacket.h
+++ b/opacket.h
@@ -128,8 +128,6 @@ void packet_read_expect(int expected_type);
128 ssh_packet_send_ignore(active_state, (nbytes)) 128 ssh_packet_send_ignore(active_state, (nbytes))
129#define packet_need_rekeying() \ 129#define packet_need_rekeying() \
130 ssh_packet_need_rekeying(active_state) 130 ssh_packet_need_rekeying(active_state)
131#define packet_set_rekey_limit(bytes) \
132 ssh_packet_set_rekey_limit(active_state, (bytes))
133#define packet_set_server() \ 131#define packet_set_server() \
134 ssh_packet_set_server(active_state) 132 ssh_packet_set_server(active_state)
135#define packet_set_authenticated() \ 133#define packet_set_authenticated() \
diff --git a/packet.c b/packet.c
index 466773964..b29d875c0 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.207 2015/02/11 01:20:38 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.208 2015/02/13 18:57:00 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -185,7 +185,7 @@ struct session_state {
185 u_int32_t rekey_limit; 185 u_int32_t rekey_limit;
186 186
187 /* Time-based rekeying */ 187 /* Time-based rekeying */
188 time_t rekey_interval; /* how often in seconds */ 188 u_int32_t rekey_interval; /* how often in seconds */
189 time_t rekey_time; /* time of last rekeying */ 189 time_t rekey_time; /* time of last rekeying */
190 190
191 /* Session key for protocol v1 */ 191 /* Session key for protocol v1 */
@@ -2225,11 +2225,6 @@ ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds)
2225 (int)seconds); 2225 (int)seconds);
2226 ssh->state->rekey_limit = bytes; 2226 ssh->state->rekey_limit = bytes;
2227 ssh->state->rekey_interval = seconds; 2227 ssh->state->rekey_interval = seconds;
2228 /*
2229 * We set the time here so that in post-auth privsep slave we count
2230 * from the completion of the authentication.
2231 */
2232 ssh->state->rekey_time = monotime();
2233} 2228}
2234 2229
2235time_t 2230time_t
@@ -2437,6 +2432,8 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
2437 if ((r = kex_to_blob(m, ssh->kex)) != 0 || 2432 if ((r = kex_to_blob(m, ssh->kex)) != 0 ||
2438 (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || 2433 (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 ||
2439 (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || 2434 (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 ||
2435 (r = sshbuf_put_u32(m, state->rekey_limit)) != 0 ||
2436 (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 ||
2440 (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || 2437 (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 ||
2441 (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || 2438 (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 ||
2442 (r = sshbuf_put_u32(m, state->p_send.packets)) != 0 || 2439 (r = sshbuf_put_u32(m, state->p_send.packets)) != 0 ||
@@ -2624,6 +2621,8 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
2624 if ((r = kex_from_blob(m, &ssh->kex)) != 0 || 2621 if ((r = kex_from_blob(m, &ssh->kex)) != 0 ||
2625 (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || 2622 (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 ||
2626 (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || 2623 (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 ||
2624 (r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 ||
2625 (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 ||
2627 (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || 2626 (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 ||
2628 (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || 2627 (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 ||
2629 (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 || 2628 (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 ||
@@ -2633,6 +2632,11 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
2633 (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || 2632 (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 ||
2634 (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) 2633 (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0)
2635 return r; 2634 return r;
2635 /*
2636 * We set the time here so that in post-auth privsep slave we
2637 * count from the completion of the authentication.
2638 */
2639 state->rekey_time = monotime();
2636 /* XXX ssh_set_newkeys overrides p_read.packets? XXX */ 2640 /* XXX ssh_set_newkeys overrides p_read.packets? XXX */
2637 if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || 2641 if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 ||
2638 (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) 2642 (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:39:42 +0000