Attachment #2780 for bug #2521

Lines 176-182 struct session_state { Link Here

(-)packet.c (-6 / +10 lines)
176		176
177	/* Volume-based rekeying */	177	/* Volume-based rekeying */
178	u_int64_t max_blocks_in, max_blocks_out;	178	u_int64_t max_blocks_in, max_blocks_out;
179	u_int32_t rekey_limit;	179	u_int64_t rekey_limit;
180		180
181	/* Time-based rekeying */	181	/* Time-based rekeying */
182	u_int32_t rekey_interval; /* how often in seconds */	182	u_int32_t rekey_interval; /* how often in seconds */
Lines 943-949 ssh_set_newkeys(struct ssh *ssh, int mod Link Here
943	max_blocks = &state->max_blocks_in;	943	max_blocks = &state->max_blocks_in;
944	}	944	}
945	if (state->newkeys[mode] != NULL) {	945	if (state->newkeys[mode] != NULL) {
946	debug("set_newkeys: rekeying");	946	debug("set_newkeys: rekeying, input %llu bytes %llu blocks, "
		947	"output %llu bytes %llu blocks",
		948	state->p_read.bytes, state->p_read.blocks,
		949	state->p_send.bytes, state->p_send.blocks);
947	if ((r = cipher_cleanup(cc)) != 0)	950	if ((r = cipher_cleanup(cc)) != 0)
948	return r;	951	return r;
949	enc = &state->newkeys[mode]->enc;	952	enc = &state->newkeys[mode]->enc;
Lines 1011-1016 ssh_set_newkeys(struct ssh *ssh, int mod Link Here
1011	if (state->rekey_limit)	1014	if (state->rekey_limit)
1012	max_blocks = MIN(max_blocks,	1015	max_blocks = MIN(max_blocks,
1013	state->rekey_limit / enc->block_size);	1016	state->rekey_limit / enc->block_size);
		1017	debug("rekey after %llu blocks", *max_blocks);
1014	return 0;	1018	return 0;
1015	}	1019	}
1016		1020
Lines 2252-2260 ssh_packet_need_rekeying(struct ssh *ssh Link Here
2252	}	2256	}
2253		2257
2254	void	2258	void
2255	ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds)	2259	ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds)
2256	{	2260	{
2257	debug3("rekey after %lld bytes, %d seconds", (long long)bytes,	2261	debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes,
2258	(int)seconds);	2262	(int)seconds);
2259	ssh->state->rekey_limit = bytes;	2263	ssh->state->rekey_limit = bytes;
2260	ssh->state->rekey_interval = seconds;	2264	ssh->state->rekey_interval = seconds;
Lines 2464-2470 ssh_packet_get_state(struct ssh *ssh, st Link Here
2464	if ((r = kex_to_blob(m, ssh->kex)) != 0 \|\|	2468	if ((r = kex_to_blob(m, ssh->kex)) != 0 \|\|
2465	(r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 \|\|	2469	(r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 \|\|
2466	(r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 \|\|	2470	(r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 \|\|
2467	(r = sshbuf_put_u32(m, state->rekey_limit)) != 0 \|\|	2471	(r = sshbuf_put_u64(m, state->rekey_limit)) != 0 \|\|
2468	(r = sshbuf_put_u32(m, state->rekey_interval)) != 0 \|\|	2472	(r = sshbuf_put_u32(m, state->rekey_interval)) != 0 \|\|
2469	(r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 \|\|	2473	(r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 \|\|
2470	(r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 \|\|	2474	(r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 \|\|
Lines 2649-2655 ssh_packet_set_state(struct ssh *ssh, st Link Here
2649	if ((r = kex_from_blob(m, &ssh->kex)) != 0 \|\|	2653	if ((r = kex_from_blob(m, &ssh->kex)) != 0 \|\|
2650	(r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 \|\|	2654	(r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 \|\|
2651	(r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 \|\|	2655	(r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 \|\|
2652	(r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 \|\|	2656	(r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 \|\|
2653	(r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 \|\|	2657	(r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 \|\|
2654	(r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 \|\|	2658	(r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 \|\|
2655	(r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 \|\|	2659	(r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 \|\|

Lines 132-138 const char *ssh_remote_ipaddr(struct ssh Link Here

(-)packet.h (-1 / +1 lines)
132	int ssh_remote_port(struct ssh *);	132	int ssh_remote_port(struct ssh *);
133		133
134	int ssh_packet_need_rekeying(struct ssh *);	134	int ssh_packet_need_rekeying(struct ssh *);
135	void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t);	135	void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t);
136	time_t ssh_packet_get_rekey_timeout(struct ssh *);	136	time_t ssh_packet_get_rekey_timeout(struct ssh *);
137		137
138	/* XXX FIXME */	138	/* XXX FIXME */




			if (scan_scaled(arg, &val64) == -1)
				fatal("%.200s line %d: Bad number '%s': %s",
				    filename, linenum, arg, strerror(errno));
			/* check for too-large or too-small limits */
			if (val64 > UINT_MAX)
				fatal("%.200s line %d: RekeyLimit too large",
				    filename, linenum);
			if (val64 != 0 && val64 < 16)
				fatal("%.200s line %d: RekeyLimit too small",
				    filename, linenum);
		}
		if (*activep && options->rekey_limit == -1)
			options->rekey_limit = val64;
		if (s != NULL) { /* optional rekey interval present */
			if (strcmp(s, "none") == 0) {
				(void)strdelim(&s);	/* discard */

	printf("%s\n", iptos2str(o->ip_qos_bulk));

	/* oRekeyLimit */
	printf("rekeylimit %llu %d\n",
	    (unsigned long long)o->rekey_limit, o->rekey_interval);

	/* oStreamLocalBindMask */
	printf("streamlocalbindmask 0%o\n",




			if (scan_scaled(arg, &val64) == -1)
				fatal("%.200s line %d: Bad number '%s': %s",
				    filename, linenum, arg, strerror(errno));
			/* check for too-large or too-small limits */
			if (val64 > UINT_MAX)
				fatal("%.200s line %d: RekeyLimit too large",
				    filename, linenum);
			if (val64 != 0 && val64 < 16)
				fatal("%.200s line %d: RekeyLimit too small",
				    filename, linenum);
		}
		if (*activep && options->rekey_limit == -1)
			options->rekey_limit = val64;
		if (cp != NULL) { /* optional rekey interval present */
			if (strcmp(cp, "none") == 0) {
				(void)strdelim(&cp);	/* discard */

	printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
	printf("%s\n", iptos2str(o->ip_qos_bulk));

	printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
	    o->rekey_interval);

	channel_print_adm_permitted_opens();

Lines 2387-2393 do_ssh2_kex(void) Link Here

(-)sshd.c (-1 / +1 lines)
2387	}	2387	}
2388		2388
2389	if (options.rekey_limit \|\| options.rekey_interval)	2389	if (options.rekey_limit \|\| options.rekey_interval)
2390	packet_set_rekey_limits((u_int32_t)options.rekey_limit,	2390	packet_set_rekey_limits(options.rekey_limit,
2391	(time_t)options.rekey_interval);	2391	(time_t)options.rekey_interval);
2392		2392
2393	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(	2393	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(

Return to bug 2521

Lines 964-979 parse_time: Link Here

(-)readconf.c (-7 / +3 lines)
964	if (scan_scaled(arg, &val64) == -1)	964	if (scan_scaled(arg, &val64) == -1)
965	fatal("%.200s line %d: Bad number '%s': %s",	965	fatal("%.200s line %d: Bad number '%s': %s",
966	filename, linenum, arg, strerror(errno));	966	filename, linenum, arg, strerror(errno));
967	/* check for too-large or too-small limits */
968	if (val64 > UINT_MAX)
969	fatal("%.200s line %d: RekeyLimit too large",
970	filename, linenum);
971	if (val64 != 0 && val64 < 16)	967	if (val64 != 0 && val64 < 16)
972	fatal("%.200s line %d: RekeyLimit too small",	968	fatal("%.200s line %d: RekeyLimit too small",
973	filename, linenum);	969	filename, linenum);
974	}	970	}
975	if (*activep && options->rekey_limit == -1)	971	if (*activep && options->rekey_limit == -1)
976	options->rekey_limit = (u_int32_t)val64;	972	options->rekey_limit = val64;
977	if (s != NULL) { /* optional rekey interval present */	973	if (s != NULL) { /* optional rekey interval present */
978	if (strcmp(s, "none") == 0) {	974	if (strcmp(s, "none") == 0) {
979	(void)strdelim(&s); /* discard */	975	(void)strdelim(&s); /* discard */
Lines 2429-2436 dump_client_config(Options *o, const cha Link Here
2429	printf("%s\n", iptos2str(o->ip_qos_bulk));	2425	printf("%s\n", iptos2str(o->ip_qos_bulk));
2430		2426
2431	/* oRekeyLimit */	2427	/* oRekeyLimit */
2432	printf("rekeylimit %lld %d\n",	2428	printf("rekeylimit %llu %d\n",
2433	(long long)o->rekey_limit, o->rekey_interval);	2429	(unsigned long long)o->rekey_limit, o->rekey_interval);
2434		2430
2435	/* oStreamLocalBindMask */	2431	/* oStreamLocalBindMask */
2436	printf("streamlocalbindmask 0%o\n",	2432	printf("streamlocalbindmask 0%o\n",

Lines 1278-1293 process_server_config_line(ServerOptions Link Here

(-)servconf.c (-6 / +2 lines)
1278	if (scan_scaled(arg, &val64) == -1)	1278	if (scan_scaled(arg, &val64) == -1)
1279	fatal("%.200s line %d: Bad number '%s': %s",	1279	fatal("%.200s line %d: Bad number '%s': %s",
1280	filename, linenum, arg, strerror(errno));	1280	filename, linenum, arg, strerror(errno));
1281	/* check for too-large or too-small limits */
1282	if (val64 > UINT_MAX)
1283	fatal("%.200s line %d: RekeyLimit too large",
1284	filename, linenum);
1285	if (val64 != 0 && val64 < 16)	1281	if (val64 != 0 && val64 < 16)
1286	fatal("%.200s line %d: RekeyLimit too small",	1282	fatal("%.200s line %d: RekeyLimit too small",
1287	filename, linenum);	1283	filename, linenum);
1288	}	1284	}
1289	if (*activep && options->rekey_limit == -1)	1285	if (*activep && options->rekey_limit == -1)
1290	options->rekey_limit = (u_int32_t)val64;	1286	options->rekey_limit = val64;
1291	if (cp != NULL) { /* optional rekey interval present */	1287	if (cp != NULL) { /* optional rekey interval present */
1292	if (strcmp(cp, "none") == 0) {	1288	if (strcmp(cp, "none") == 0) {
1293	(void)strdelim(&cp); /* discard */	1289	(void)strdelim(&cp); /* discard */
Lines 2304-2310 dump_config(ServerOptions *o) Link Here
2304	printf("ipqos %s ", iptos2str(o->ip_qos_interactive));	2300	printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
2305	printf("%s\n", iptos2str(o->ip_qos_bulk));	2301	printf("%s\n", iptos2str(o->ip_qos_bulk));
2306		2302
2307	printf("rekeylimit %lld %d\n", (long long)o->rekey_limit,	2303	printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
2308	o->rekey_interval);	2304	o->rekey_interval);
2309		2305
2310	channel_print_adm_permitted_opens();	2306	channel_print_adm_permitted_opens();