upstream: Remove bug compatibility for implementations that don't

author djm@openbsd.org <djm@openbsd.org>

Tue, 30 Dec 2025 00:35:37 +0000 (00:35 +0000)

committer Damien Miller <djm@mindrot.org>

Tue, 30 Dec 2025 00:37:13 +0000 (11:37 +1100)
author djm@openbsd.org <djm@openbsd.org>
Tue, 30 Dec 2025 00:35:37 +0000 (00:35 +0000)
committer Damien Miller <djm@mindrot.org>
Tue, 30 Dec 2025 00:37:13 +0000 (11:37 +1100)
diff --git a/packet.c b/packet.c

index 2df7a97b7e23e2288f1cf106ae2429e86a12a9ca..1c781763c97c1287364f0a418e55969cfd593aa3 100644 (file)
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.328 2025/12/30 00:22:58 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.329 2025/12/30 00:35:37 djm Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1118,10 +1118,6 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
         if (ssh_packet_is_rekeying(ssh))
                 return 0;
  
-       /* Peer can't rekey */
-       if (ssh->compat & SSH_BUG_NOREKEY)
-               return 0;
-
         /*
          * Permit one packet in or out per rekey - this allows us to
          * make progress when rekey limits are very small.
@@ -1368,8 +1364,7 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
                 logit("outgoing seqnr wraps around");
         }
         if (++state->p_send.packets == 0)
-               if (!(ssh->compat & SSH_BUG_NOREKEY))
-                       return SSH_ERR_NEED_REKEY;
+               return SSH_ERR_NEED_REKEY;
         state->p_send.blocks += len / block_size;
         state->p_send.bytes += len;
         sshbuf_reset(state->outgoing_packet);
@@ -1784,8 +1779,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
                 logit("incoming seqnr wraps around");
         }
         if (++state->p_read.packets == 0)
-               if (!(ssh->compat & SSH_BUG_NOREKEY))
-                       return SSH_ERR_NEED_REKEY;
+               return SSH_ERR_NEED_REKEY;
         state->p_read.blocks += (state->packlen + 4) / block_size;
         state->p_read.bytes += state->packlen + 4;
  
diff --git a/sshconnect.c b/sshconnect.c

index 4b4a9018957c0de2a785953f6021f5ee1f57fa58..9dd1d02ea93ffa32eee0ddb21629359fdeab7178 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.377 2025/12/22 01:49:03 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.378 2025/12/30 00:35:37 djm Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -44,6 +44,7 @@
  #include "xmalloc.h"
  #include "hostfile.h"
  #include "ssh.h"
+#include "compat.h"
  #include "sshbuf.h"
  #include "packet.h"
  #include "sshkey.h"
@@ -1609,6 +1610,11 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
             options.version_addendum)) != 0)
                 sshpkt_fatal(ssh, r, "banner exchange");
  
+       if ((ssh->compat & SSH_BUG_NOREKEY)) {
+               logit("Warning: this server does not support rekeying.");
+               logit("This session will eventually fail");
+       }
+
         /* Put the connection into non-blocking mode. */
         ssh_packet_set_nonblocking(ssh);
  
diff --git a/sshd-session.c b/sshd-session.c

index 5d384fa2f986c4a53d1d5aabb20b76b62351e7a7..5f34f6444cbaa6cd5445f0e968751ff574eea409 100644 (file)
--- a/sshd-session.c
+++ b/sshd-session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd-session.c,v 1.18 2025/12/16 08:32:50 dtucker Exp $ */
+/* $OpenBSD: sshd-session.c,v 1.19 2025/12/30 00:35:37 djm Exp $ */
  /*
   * SSH2 implementation:
   * Privilege Separation:
@@ -1252,6 +1252,9 @@ main(int ac, char **av)
             options.version_addendum)) != 0)
                 sshpkt_fatal(ssh, r, "banner exchange");
  
+       if ((ssh->compat & SSH_BUG_NOREKEY))
+               debug("client does not support rekeying");
+
         ssh_packet_set_nonblocking(ssh);
  
         /* allocate authentication context */
author	djm@openbsd.org <djm@openbsd.org>
	Tue, 30 Dec 2025 00:35:37 +0000 (00:35 +0000)
committer	Damien Miller <djm@mindrot.org>
	Tue, 30 Dec 2025 00:37:13 +0000 (11:37 +1100)
packet.c		patch \| blob \| blame \| history
sshconnect.c		patch \| blob \| blame \| history
sshd-session.c		patch \| blob \| blame \| history