summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2003-07-10 14:42:29 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2003-07-10 14:42:29 +0000
commit078fcc50bc014ecf784b48b23811743191981233 (patch)
tree650bb3b33b95c1838bacf991740cf9ced6b11a6c
parentc2cb23007efb479c779025d15a4b53ebf9c409df (diff)
the 2^(blocksize*2) rekeying limit is too expensive for 3DES,
blowfish, etc, so enforce a 1GB limit for small blocksizes.
-rw-r--r--usr.bin/ssh/packet.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index 62858bc869e..b7bea462108 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.108 2003/06/24 08:23:46 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.109 2003/07/10 14:42:28 markus Exp $");
#include <sys/queue.h>
@@ -630,7 +630,14 @@ set_newkeys(int mode)
buffer_compress_init_recv();
comp->enabled = 1;
}
- *max_blocks = ((u_int64_t)1 << (enc->block_size*2));
+ /*
+ * The 2^(blocksize*2) limit is too expensive for 3DES,
+ * blowfish, etc, so enforce a 1GB limit for small blocksizes.
+ */
+ if (enc->block_size >= 16)
+ *max_blocks = (u_int64_t)1 << (enc->block_size*2);
+ else
+ *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
if (rekey_limit)
*max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size);
}