[openssh-commits] [openssh] 01/06: upstream commit

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit ad0531614cbe8ec424af3c0fa90c34a8e1ebee4c
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Fri Jun 9 04:40:04 2017 +0000

    upstream commit
    
    Add comments referring to the relevant RFC sections for
    rekeying behaviour.
    
    Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40
---
 packet.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/packet.c b/packet.c
index 7c748688..ea78de3a 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.260 2017/06/06 09:12:17 dtucker Exp $ */
+/* $OpenBSD: packet.c,v 1.261 2017/06/09 04:40:04 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -901,6 +901,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
 	/*
 	 * The 2^(blocksize*2) limit is too expensive for 3DES,
 	 * so enforce a 1GB limit for small blocksizes.
+	 * See RFC4344 section 3.2.
 	 */
 	if (enc->block_size >= 16)
 		*max_blocks = (u_int64_t)1 << (enc->block_size*2);
@@ -944,7 +945,10 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
 		return 1;
 
-	/* Always rekey when MAX_PACKETS sent in either direction */
+	/*
+	 * Always rekey when MAX_PACKETS sent in either direction 
+	 * As per RFC4344 section 3.1 we do this after 2^31 packets.
+	 */
 	if (state->p_send.packets > MAX_PACKETS ||
 	    state->p_read.packets > MAX_PACKETS)
 		return 1;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.