aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/libssh/libssh.h2
-rw-r--r--include/libssh/session.h2
-rw-r--r--src/options.c34
3 files changed, 38 insertions, 0 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index c81accd7..30a438f4 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -406,6 +406,8 @@ enum ssh_options_e {
SSH_OPTIONS_NODELAY,
SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
SSH_OPTIONS_PROCESS_CONFIG,
+ SSH_OPTIONS_REKEY_DATA,
+ SSH_OPTIONS_REKEY_TIME,
};
enum {
diff --git a/include/libssh/session.h b/include/libssh/session.h
index 0c015fa0..109cb5f5 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -222,6 +222,8 @@ struct ssh_session_struct {
int nodelay;
bool config_processed;
uint8_t options_seen[SOC_MAX];
+ uint64_t rekey_data;
+ uint32_t rekey_time;
} opts;
/* counters */
ssh_counter socket_counter;
diff --git a/src/options.c b/src/options.c
index 329abb9e..d0bd87b3 100644
--- a/src/options.c
+++ b/src/options.c
@@ -475,6 +475,16 @@ int ssh_options_set_algo(ssh_session session,
* automatically uses these configuration files unless
* you provide it with this option or with different file (bool).
*
+ * - SSH_OPTIONS_REKEY_DATA
+ * Set the data limit that can be transferred with a single
+ * key in bytes. RFC 4253 Section 9 recommends 1GB of data
+ * (uint64_t, 0=off)
+ *
+ * - SSH_OPTIONS_REKEY_TIME
+ * Set the time limit for a session before intializing a rekey
+ * in seconds. RFC 4253 Section 9 recommends one hour.
+ * (uint32_t, 0=off)
+ *
* @param value The value to set. This is a generic pointer and the
* datatype which is used should be set according to the
* type set.
@@ -1012,6 +1022,30 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
session->opts.config_processed = !(*x);
}
break;
+ case SSH_OPTIONS_REKEY_DATA:
+ if (value == NULL) {
+ ssh_set_error_invalid(session);
+ return -1;
+ } else {
+ uint64_t *x = (uint64_t *)value;
+ session->opts.rekey_data = *x;
+ }
+ break;
+ case SSH_OPTIONS_REKEY_TIME:
+ if (value == NULL) {
+ ssh_set_error_invalid(session);
+ return -1;
+ } else {
+ uint32_t *x = (uint32_t *)value;
+ if ((*x * 1000) < *x) {
+ ssh_set_error(session, SSH_REQUEST_DENIED,
+ "The provided value (%" PRIu32 ") for rekey"
+ " time is too large", *x);
+ return -1;
+ }
+ session->opts.rekey_time = (*x) * 1000;
+ }
+ break;
default:
ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
return -1;