From 6fd6e28daccafaa35f02741036abe64534c361a1 Mon Sep 17 00:00:00 2001
From: "dtucker@openbsd.org" <dtucker@openbsd.org>
Date: Fri, 29 Jan 2016 03:31:03 +0000
Subject: upstream commit

Revert "account for packets buffered but not yet
 processed" change as it breaks for very small RekeyLimit values due to
 continuous rekeying.  ok djm@

Upstream-ID: 7e03f636cb45ab60db18850236ccf19079182a19
---
 packet.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/packet.c b/packet.c
index f61b32b80..216b06bc7 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.224 2016/01/29 02:54:45 dtucker Exp $ */
+/* $OpenBSD: packet.c,v 1.225 2016/01/29 03:31:03 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2254,21 +2254,16 @@ int
 ssh_packet_need_rekeying(struct ssh *ssh)
 {
 	struct session_state *state = ssh->state;
-	u_int32_t buf_in, buf_out;
 
 	if (ssh->compat & SSH_BUG_NOREKEY)
 		return 0;
-	buf_in = roundup(sshbuf_len(state->input),
-	    state->newkeys[MODE_IN]->enc.block_size);
-	buf_out = roundup(sshbuf_len(state->output),
-	    state->newkeys[MODE_OUT]->enc.block_size);
 	return
 	    (state->p_send.packets > MAX_PACKETS) ||
 	    (state->p_read.packets > MAX_PACKETS) ||
 	    (state->max_blocks_out &&
-	        (state->p_send.blocks + buf_out > state->max_blocks_out)) ||
+	        (state->p_send.blocks > state->max_blocks_out)) ||
 	    (state->max_blocks_in &&
-	        (state->p_read.blocks + buf_in > state->max_blocks_in)) ||
+	        (state->p_read.blocks > state->max_blocks_in)) ||
 	    (state->rekey_interval != 0 && state->rekey_time +
 		 state->rekey_interval <= monotime());
 }
-- 
cgit v1.2.3