openssh bugs - Aug 2014 - [Bug 2264] New: RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff

https://bugzilla.mindrot.org/show_bug.cgi?id=2264

            Bug ID: 2264
           Summary: RekeyLimit option does not allow '4G' value when
                    UINT_MAX is 0xffffffff
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: glee at ciena.com

When value '4G' is used to specify the RekeyLimit value, the
configuration file parsing function, scan_scaled(), converts the 4G
into value 4294967296 (in readconf.c and in servconf.c alike).

On systems where UINT_MAX is 0xffffffff, we are not able to configure
value '4G' due to the 4294967296 being greater than 4294967295.  This
appears to be a bug since one would expect a value of 4G to be able to
be specified on a 32-bit OS.  The way in which the function
set_newkeys() sets the value of max_blocks, it seems like openssh
should be able to allow value 4G and perform the math to determine
number of blocks before rekey takes place.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2264

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2403
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
rekey_limit is actually an int64_t, so this could probably be
increased. That being said, 4G is a bit long between rekeys...

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2264

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2443

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Retarget pending bugs to openssh-7.1

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2264

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|2403                        |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2264

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2451


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2264

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|2443                        |


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2443
[Bug 2443] Bugs intended to be fixed for OpenSSH 7.1
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2264

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
This has been fixed, you can now specify RekeyLimits up to 2**63.

https://anongit.mindrot.org/openssh.git/commit/?id=921ff00b0ac429666fb361d2d6cb1c8fff0006cb

upstream commit
Allow RekeyLimits in excess of 4G up to 2**63 bits
 (limited by the return type of scan_scaled).  Part of bz#2521, ok djm.

Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2264

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.