mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-02-16 13:56:52 +00:00
upstream commit
Allow RekeyLimits in excess of 4G up to 2**63 bits (limited by the return type of scan_scaled). Part of bz#2521, ok djm. Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
This commit is contained in:
dtucker@openbsd.org
Damien Miller
parent
c0060a6529
commit
921ff00b0a
19
packet.c
19
packet.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: packet.c,v 1.223 2016/01/29 02:42:46 dtucker Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.224 2016/01/29 02:54:45 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -180,8 +180,7 @@ struct session_state {
|
||||
struct packet_state p_read, p_send;
|
||||
|
||||
/* Volume-based rekeying */
|
||||
u_int64_t max_blocks_in, max_blocks_out;
|
||||
u_int32_t rekey_limit;
|
||||
u_int64_t max_blocks_in, max_blocks_out, rekey_limit;
|
||||
|
||||
/* Time-based rekeying */
|
||||
u_int32_t rekey_interval; /* how often in seconds */
|
||||
@ -953,7 +952,10 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
|
||||
max_blocks = &state->max_blocks_in;
|
||||
}
|
||||
if (state->newkeys[mode] != NULL) {
|
||||
debug("set_newkeys: rekeying");
|
||||
debug("set_newkeys: rekeying, input %llu bytes %llu blocks, "
|
||||
"output %llu bytes %llu blocks",
|
||||
state->p_read.bytes, state->p_read.blocks,
|
||||
state->p_send.bytes, state->p_send.blocks);
|
||||
if ((r = cipher_cleanup(cc)) != 0)
|
||||
return r;
|
||||
enc = &state->newkeys[mode]->enc;
|
||||
@ -1021,6 +1023,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
|
||||
if (state->rekey_limit)
|
||||
*max_blocks = MIN(*max_blocks,
|
||||
state->rekey_limit / enc->block_size);
|
||||
debug("rekey after %llu blocks", *max_blocks);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -2271,9 +2274,9 @@ ssh_packet_need_rekeying(struct ssh *ssh)
|
||||
}
|
||||
|
||||
void
|
||||
ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds)
|
||||
ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds)
|
||||
{
|
||||
debug3("rekey after %lld bytes, %d seconds", (long long)bytes,
|
||||
debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes,
|
||||
(int)seconds);
|
||||
ssh->state->rekey_limit = bytes;
|
||||
ssh->state->rekey_interval = seconds;
|
||||
@ -2431,7 +2434,7 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
|
||||
if ((r = kex_to_blob(m, ssh->kex)) != 0 ||
|
||||
(r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 ||
|
||||
(r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 ||
|
||||
(r = sshbuf_put_u32(m, state->rekey_limit)) != 0 ||
|
||||
(r = sshbuf_put_u64(m, state->rekey_limit)) != 0 ||
|
||||
(r = sshbuf_put_u32(m, state->rekey_interval)) != 0 ||
|
||||
(r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 ||
|
||||
(r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 ||
|
||||
@ -2610,7 +2613,7 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
|
||||
if ((r = kex_from_blob(m, &ssh->kex)) != 0 ||
|
||||
(r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 ||
|
||||
(r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 ||
|
||||
(r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 ||
|
||||
(r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 ||
|
||||
(r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 ||
|
||||
(r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 ||
|
||||
(r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 ||
|
||||
|
||||
4
packet.h
4
packet.h
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: packet.h,v 1.68 2016/01/14 16:17:40 markus Exp $ */
|
||||
/* $OpenBSD: packet.h,v 1.69 2016/01/29 02:54:45 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -146,7 +146,7 @@ const char *ssh_remote_ipaddr(struct ssh *);
|
||||
int ssh_remote_port(struct ssh *);
|
||||
|
||||
int ssh_packet_need_rekeying(struct ssh *);
|
||||
void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t);
|
||||
void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t);
|
||||
time_t ssh_packet_get_rekey_timeout(struct ssh *);
|
||||
|
||||
void *ssh_packet_get_input(struct ssh *);
|
||||
|
||||
12
readconf.c
12
readconf.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: readconf.c,v 1.248 2016/01/14 16:17:40 markus Exp $ */
|
||||
/* $OpenBSD: readconf.c,v 1.249 2016/01/29 02:54:45 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -976,16 +976,12 @@ parse_time:
|
||||
if (scan_scaled(arg, &val64) == -1)
|
||||
fatal("%.200s line %d: Bad number '%s': %s",
|
||||
filename, linenum, arg, strerror(errno));
|
||||
/* check for too-large or too-small limits */
|
||||
if (val64 > UINT_MAX)
|
||||
fatal("%.200s line %d: RekeyLimit too large",
|
||||
filename, linenum);
|
||||
if (val64 != 0 && val64 < 16)
|
||||
fatal("%.200s line %d: RekeyLimit too small",
|
||||
filename, linenum);
|
||||
}
|
||||
if (*activep && options->rekey_limit == -1)
|
||||
options->rekey_limit = (u_int32_t)val64;
|
||||
options->rekey_limit = val64;
|
||||
if (s != NULL) { /* optional rekey interval present */
|
||||
if (strcmp(s, "none") == 0) {
|
||||
(void)strdelim(&s); /* discard */
|
||||
@ -2436,8 +2432,8 @@ dump_client_config(Options *o, const char *host)
|
||||
printf("%s\n", iptos2str(o->ip_qos_bulk));
|
||||
|
||||
/* oRekeyLimit */
|
||||
printf("rekeylimit %lld %d\n",
|
||||
(long long)o->rekey_limit, o->rekey_interval);
|
||||
printf("rekeylimit %llu %d\n",
|
||||
(unsigned long long)o->rekey_limit, o->rekey_interval);
|
||||
|
||||
/* oStreamLocalBindMask */
|
||||
printf("streamlocalbindmask 0%o\n",
|
||||
|
||||
10
servconf.c
10
servconf.c
@ -1,5 +1,5 @@
|
||||
|
||||
/* $OpenBSD: servconf.c,v 1.283 2015/11/13 04:38:06 djm Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.284 2016/01/29 02:54:45 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
@ -1330,16 +1330,12 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
if (scan_scaled(arg, &val64) == -1)
|
||||
fatal("%.200s line %d: Bad number '%s': %s",
|
||||
filename, linenum, arg, strerror(errno));
|
||||
/* check for too-large or too-small limits */
|
||||
if (val64 > UINT_MAX)
|
||||
fatal("%.200s line %d: RekeyLimit too large",
|
||||
filename, linenum);
|
||||
if (val64 != 0 && val64 < 16)
|
||||
fatal("%.200s line %d: RekeyLimit too small",
|
||||
filename, linenum);
|
||||
}
|
||||
if (*activep && options->rekey_limit == -1)
|
||||
options->rekey_limit = (u_int32_t)val64;
|
||||
options->rekey_limit = val64;
|
||||
if (cp != NULL) { /* optional rekey interval present */
|
||||
if (strcmp(cp, "none") == 0) {
|
||||
(void)strdelim(&cp); /* discard */
|
||||
@ -2361,7 +2357,7 @@ dump_config(ServerOptions *o)
|
||||
printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
|
||||
printf("%s\n", iptos2str(o->ip_qos_bulk));
|
||||
|
||||
printf("rekeylimit %lld %d\n", (long long)o->rekey_limit,
|
||||
printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
|
||||
o->rekey_interval);
|
||||
|
||||
channel_print_adm_permitted_opens();
|
||||
|
||||
4
sshd.c
4
sshd.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshd.c,v 1.463 2016/01/14 16:17:40 markus Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.464 2016/01/29 02:54:45 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -2563,7 +2563,7 @@ do_ssh2_kex(void)
|
||||
}
|
||||
|
||||
if (options.rekey_limit || options.rekey_interval)
|
||||
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
||||
packet_set_rekey_limits(options.rekey_limit,
|
||||
(time_t)options.rekey_interval);
|
||||
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
|
||||
|
||||
Loading…
Reference in New Issue
Block a user