rekeying bugfixes and automatic rekeying:

* both client and server rekey _automatically_
      (a) after 2^31 packets, because after 2^32 packets
          the sequence number for packets wraps
      (b) after 2^(blocksize_in_bits/4) blocks
  (see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt)
  (a) and (b) are _enabled_ by default, and only disabled for known
  openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying

1 files changed, 4 insertions, 1 deletions

diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index d8ffba0e8d9..51f447ed81f 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.113 2003/04/01 10:10:23 markus Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -108,6 +108,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
 		    options.hostkeyalgorithms;
 
+	if (options.rekey_limit)
+		packet_set_rekey_limit(options.rekey_limit);
+
 	/* start key exchange */
 	kex = kex_setup(myproposal);
 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;