Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 921ff00b0ac429666fb361d2d6cb1c8fff0006cb^! / . / packet.c
commit921ff00b0ac429666fb361d2d6cb1c8fff0006cb[log] [tgz]
authordtucker@openbsd.org <dtucker@openbsd.org>Fri Jan 29 02:54:45 2016 +0000
committerDamien Miller <djm@mindrot.org>Sat Jan 30 11:19:13 2016 +1100
tree555f5a0348185ea84bdf43a298d8811390233cc7
parentc0060a65296f01d4634f274eee184c0e93ba0f23 [diff] [blame]
upstream commit

Allow RekeyLimits in excess of 4G up to 2**63 bits
 (limited by the return type of scan_scaled).  Part of bz#2521, ok djm.

Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979

diff --git a/packet.c b/packet.c
index ffcd8ea..f61b32b 100644
--- a/packet.c
+++ b/packet.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.223 2016/01/29 02:42:46 dtucker Exp $ */
+/* $OpenBSD: packet.c,v 1.224 2016/01/29 02:54:45 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -180,8 +180,7 @@
 	struct packet_state p_read, p_send;
 
 	/* Volume-based rekeying */
-	u_int64_t max_blocks_in, max_blocks_out;
-	u_int32_t rekey_limit;
+	u_int64_t max_blocks_in, max_blocks_out, rekey_limit;
 
 	/* Time-based rekeying */
 	u_int32_t rekey_interval;	/* how often in seconds */
@@ -953,7 +952,10 @@
 		max_blocks = &state->max_blocks_in;
 	}
 	if (state->newkeys[mode] != NULL) {
-		debug("set_newkeys: rekeying");
+		debug("set_newkeys: rekeying, input %llu bytes %llu blocks, "
+		   "output %llu bytes %llu blocks",
+		   state->p_read.bytes, state->p_read.blocks,
+		   state->p_send.bytes, state->p_send.blocks);
 		if ((r = cipher_cleanup(cc)) != 0)
 			return r;
 		enc  = &state->newkeys[mode]->enc;
@@ -1021,6 +1023,7 @@
 	if (state->rekey_limit)
 		*max_blocks = MIN(*max_blocks,
 		    state->rekey_limit / enc->block_size);
+	debug("rekey after %llu blocks", *max_blocks);
 	return 0;
 }
 
@@ -2271,9 +2274,9 @@
 }
 
 void
-ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds)
+ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds)
 {
-	debug3("rekey after %lld bytes, %d seconds", (long long)bytes,
+	debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes,
 	    (int)seconds);
 	ssh->state->rekey_limit = bytes;
 	ssh->state->rekey_interval = seconds;
@@ -2431,7 +2434,7 @@
 		if ((r = kex_to_blob(m, ssh->kex)) != 0 ||
 		    (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 ||
 		    (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 ||
-		    (r = sshbuf_put_u32(m, state->rekey_limit)) != 0 ||
+		    (r = sshbuf_put_u64(m, state->rekey_limit)) != 0 ||
 		    (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 ||
 		    (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 ||
 		    (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 ||
@@ -2610,7 +2613,7 @@
 		if ((r = kex_from_blob(m, &ssh->kex)) != 0 ||
 		    (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 ||
 		    (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 ||
-		    (r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 ||
+		    (r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 ||
 		    (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 ||
 		    (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 ||
 		    (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 ||