version 1.260, 2017/06/06 09:12:17 |
version 1.261, 2017/06/09 04:40:04 |
|
|
/* |
/* |
* The 2^(blocksize*2) limit is too expensive for 3DES, |
* The 2^(blocksize*2) limit is too expensive for 3DES, |
* so enforce a 1GB limit for small blocksizes. |
* so enforce a 1GB limit for small blocksizes. |
|
* See RFC4344 section 3.2. |
*/ |
*/ |
if (enc->block_size >= 16) |
if (enc->block_size >= 16) |
*max_blocks = (u_int64_t)1 << (enc->block_size*2); |
*max_blocks = (u_int64_t)1 << (enc->block_size*2); |
|
|
(int64_t)state->rekey_time + state->rekey_interval <= monotime()) |
(int64_t)state->rekey_time + state->rekey_interval <= monotime()) |
return 1; |
return 1; |
|
|
/* Always rekey when MAX_PACKETS sent in either direction */ |
/* |
|
* Always rekey when MAX_PACKETS sent in either direction |
|
* As per RFC4344 section 3.1 we do this after 2^31 packets. |
|
*/ |
if (state->p_send.packets > MAX_PACKETS || |
if (state->p_send.packets > MAX_PACKETS || |
state->p_read.packets > MAX_PACKETS) |
state->p_read.packets > MAX_PACKETS) |
return 1; |
return 1; |