|
Lines 1000-1009
ssh_set_newkeys(struct ssh *ssh, int mode)
Link Here
|
| 1000 |
* The 2^(blocksize*2) limit is too expensive for 3DES, |
1000 |
* The 2^(blocksize*2) limit is too expensive for 3DES, |
| 1001 |
* blowfish, etc, so enforce a 1GB limit for small blocksizes. |
1001 |
* blowfish, etc, so enforce a 1GB limit for small blocksizes. |
| 1002 |
*/ |
1002 |
*/ |
| 1003 |
if (enc->block_size >= 16) |
1003 |
if (enc->block_size >= 16) { |
| 1004 |
*max_blocks = (u_int64_t)1 << (enc->block_size*2); |
1004 |
*max_blocks = ((u_int64_t)1 << (enc->block_size*2)) |
| 1005 |
else |
1005 |
/* |
|
|
1006 |
* Subtract the maximum number of blocks that can |
| 1007 |
* possibly come from the buffer to avoid |
| 1008 |
* running over the limit. |
| 1009 |
* |
| 1010 |
* Effectively, this currently subtracts 128MB from |
| 1011 |
* rekey limits which are 64GB and more. |
| 1012 |
*/ |
| 1013 |
- ((sshbuf_max_size(state->input) + enc->block_size - 1) |
| 1014 |
/ enc->block_size); |
| 1015 |
} else { |
| 1006 |
*max_blocks = ((u_int64_t)1 << 30) / enc->block_size; |
1016 |
*max_blocks = ((u_int64_t)1 << 30) / enc->block_size; |
|
|
1017 |
} |
| 1007 |
if (state->rekey_limit) |
1018 |
if (state->rekey_limit) |
| 1008 |
*max_blocks = MIN(*max_blocks, |
1019 |
*max_blocks = MIN(*max_blocks, |
| 1009 |
state->rekey_limit / enc->block_size); |
1020 |
state->rekey_limit / enc->block_size); |
| 1010 |
- |
|
|