- markus@cvs.openbsd.org 2003/04/01 10:10:23

[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] rekeying bugfixes and automatic rekeying: * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying - markus@cvs.openbsd.org 2003/04/01 10:22:21 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] backout rekeying changes (for 3.6.1)
2003-04-01 21:43:39 +10:00 · 2003-04-01 21:43:39 +10:00 · 2dc074ef4b
parent 495dca3518
commit 2dc074ef4b
10 changed files with 27 additions and 11 deletions
--- a/20
+++ b/20
@ -7,7 +7,23 @@
     - new sentence new line
     - .Bk for arguments
     ok markus@
-
+   - markus@cvs.openbsd.org 2003/04/01 10:10:23
+     [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
+     [readconf.h serverloop.c sshconnect2.c]
+     rekeying bugfixes and automatic rekeying:
+     * both client and server rekey _automatically_
+           (a) after 2^31 packets, because after 2^32 packets
+               the sequence number for packets wraps
+           (b) after 2^(blocksize_in_bits/4) blocks
+       (see: draft-ietf-secsh-newmodes-00.txt)
+       (a) and (b) are _enabled_ by default, and only disabled for known
+       openssh versions, that don't support rekeying properly.
+     * client option 'RekeyLimit'
+     * do not reply to requests during rekeying
+   - markus@cvs.openbsd.org 2003/04/01 10:22:21
+     [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
+     [readconf.h serverloop.c sshconnect2.c]
+     backout rekeying changes (for 3.6.1)

 20030326
 - (djm) OpenBSD CVS Sync
@ -1270,4 +1286,4 @@
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@

-$Id: ChangeLog,v 1.2643 2003/04/01 11:42:14 djm Exp $
+$Id: ChangeLog,v 1.2644 2003/04/01 11:43:39 djm Exp $
--- a/clientloop.c
+++ b/clientloop.c
@ -59,7 +59,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.105 2002/11/18 16:43:44 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.107 2003/04/01 10:22:21 markus Exp $");

 #include "ssh.h"
 #include "ssh1.h"
--- a/monitor.c
+++ b/monitor.c
@ -25,7 +25,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.34 2003/03/23 19:02:00 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.36 2003/04/01 10:22:21 markus Exp $");

 #include <openssl/dh.h>

--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@ -25,7 +25,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");

 #include <openssl/bn.h>
 #include <openssl/dh.h>
--- a/packet.c
+++ b/packet.c
@ -37,7 +37,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.102 2002/12/10 19:47:14 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.104 2003/04/01 10:22:21 markus Exp $");

 #include "xmalloc.h"
 #include "buffer.h"
--- a/packet.h
+++ b/packet.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $	*/
+/*	$OpenBSD: packet.h,v 1.37 2003/04/01 10:22:21 markus Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
--- a/readconf.c
+++ b/readconf.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.102 2003/02/05 09:02:28 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");

 #include "ssh.h"
 #include "xmalloc.h"
--- a/readconf.h
+++ b/readconf.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: readconf.h,v 1.44 2002/11/07 22:08:07 markus Exp $	*/
+/*	$OpenBSD: readconf.h,v 1.46 2003/04/01 10:22:21 markus Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
--- a/serverloop.c
+++ b/serverloop.c
@ -35,7 +35,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.104 2002/09/19 16:03:15 stevesk Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.106 2003/04/01 10:22:21 markus Exp $");

 #include "xmalloc.h"
 #include "packet.h"
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.114 2003/04/01 10:22:21 markus Exp $");

 #include "ssh.h"
 #include "ssh2.h"