diff options
Diffstat (limited to 'net-misc/openssh/files/openssh-8.0_p1-hpn-glue.patch')
| -rw-r--r-- | net-misc/openssh/files/openssh-8.0_p1-hpn-glue.patch | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/net-misc/openssh/files/openssh-8.0_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-8.0_p1-hpn-glue.patch new file mode 100644 index 000000000000..adbfa87af68b --- /dev/null +++ b/net-misc/openssh/files/openssh-8.0_p1-hpn-glue.patch @@ -0,0 +1,194 @@ +diff -ur --exclude '.*.un*' a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff +--- a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-04-18 15:07:06.748067368 -0700 ++++ b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-04-18 19:42:26.689298696 -0700 +@@ -998,7 +998,7 @@ + + * so we repoint the define to the multithreaded evp. To start the threads we + + * then force a rekey + + */ +-+ const void *cc = ssh_packet_get_send_context(active_state); +++ const void *cc = ssh_packet_get_send_context(ssh); + + + + /* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */ + + if (strstr(cipher_ctx_name(cc), "ctr")) { +@@ -1028,7 +1028,7 @@ + + * so we repoint the define to the multithreaded evp. To start the threads we + + * then force a rekey + + */ +-+ const void *cc = ssh_packet_get_send_context(active_state); +++ const void *cc = ssh_packet_get_send_context(ssh); + + + + /* only rekey if necessary. If we don't do this gcm mode cipher breaks */ + + if (strstr(cipher_ctx_name(cc), "ctr")) { +diff -ur --exclude '.*.un*' a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff +--- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 15:07:11.289035776 -0700 ++++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 17:07:59.413376785 -0700 +@@ -162,24 +162,24 @@ + } + + +static int +-+channel_tcpwinsz(void) +++channel_tcpwinsz(struct ssh *ssh) + +{ + + u_int32_t tcpwinsz = 0; + + socklen_t optsz = sizeof(tcpwinsz); + + int ret = -1; + + + + /* if we aren't on a socket return 128KB */ +-+ if (!packet_connection_is_on_socket()) +++ if (!ssh_packet_connection_is_on_socket(ssh)) + + return 128 * 1024; + + +-+ ret = getsockopt(packet_get_connection_in(), +++ ret = getsockopt(ssh_packet_get_connection_in(ssh), + + SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); + + /* return no more than SSHBUF_SIZE_MAX (currently 256MB) */ + + if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX) + + tcpwinsz = SSHBUF_SIZE_MAX; + + + + debug2("tcpwinsz: tcp connection %d, Receive window: %d", +-+ packet_get_connection_in(), tcpwinsz); +++ ssh_packet_get_connection_in(ssh), tcpwinsz); + + return tcpwinsz; + +} + + +@@ -191,7 +191,7 @@ + c->local_window < c->local_window_max/2) && + c->local_consumed > 0) { + + u_int addition = 0; +-+ u_int32_t tcpwinsz = channel_tcpwinsz(); +++ u_int32_t tcpwinsz = channel_tcpwinsz(ssh); + + /* adjust max window size if we are in a dynamic environment */ + + if (c->dynamic_window && (tcpwinsz > c->local_window_max)) { + + /* grow the window somewhat aggressively to maintain pressure */ +@@ -409,18 +409,10 @@ + index dcf35e6..da4ced0 100644 + --- a/packet.c + +++ b/packet.c +-@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) ++@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) + return 0; + } + +-+/* this supports the forced rekeying required for the NONE cipher */ +-+int rekey_requested = 0; +-+void +-+packet_request_rekeying(void) +-+{ +-+ rekey_requested = 1; +-+} +-+ + +/* used to determine if pre or post auth when rekeying for aes-ctr + + * and none cipher switch */ + +int +@@ -434,20 +426,6 @@ + #define MAX_PACKETS (1U<<31) + static int + ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +-@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +- if (state->p_send.packets == 0 && state->p_read.packets == 0) +- return 0; +- +-+ /* used to force rekeying when called for by the none +-+ * cipher switch methods -cjr */ +-+ if (rekey_requested == 1) { +-+ rekey_requested = 0; +-+ return 1; +-+ } +-+ +- /* Time-based rekeying */ +- if (state->rekey_interval != 0 && +- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) + diff --git a/packet.h b/packet.h + index 170203c..f4d9df2 100644 + --- a/packet.h +@@ -476,9 +454,9 @@ + /* Format of the configuration file: + + @@ -166,6 +167,8 @@ typedef enum { +- oHashKnownHosts, + oTunnel, oTunnelDevice, + oLocalCommand, oPermitLocalCommand, oRemoteCommand, ++ oDisableMTAES, + + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, + + oNoneEnabled, oNoneSwitch, + oVisualHostKey, +@@ -615,9 +593,9 @@ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ + SyslogFacility log_facility; /* Facility for system logging. */ + @@ -111,7 +115,10 @@ typedef struct { +- + int enable_ssh_keysign; + int64_t rekey_limit; ++ int disable_multithreaded; /*disable multithreaded aes-ctr*/ + + int none_switch; /* Use none cipher */ + + int none_enabled; /* Allow none to be used */ + int rekey_interval; +@@ -673,9 +651,9 @@ + /* Portable-specific options */ + if (options->use_pam == -1) + @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) +- } +- if (options->permit_tun == -1) + options->permit_tun = SSH_TUNMODE_NO; ++ if (options->disable_multithreaded == -1) ++ options->disable_multithreaded = 0; + + if (options->none_enabled == -1) + + options->none_enabled = 0; + + if (options->hpn_disabled == -1) +@@ -1092,7 +1070,7 @@ + xxx_host = host; + xxx_hostaddr = hostaddr; + +-@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, ++@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, + + if (!authctxt.success) + fatal("Authentication failed."); +@@ -1108,7 +1086,7 @@ + + memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); + + myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; + + myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; +-+ kex_prop2buf(active_state->kex->my, myproposal); +++ kex_prop2buf(ssh->kex->my, myproposal); + + packet_request_rekeying(); + + fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n"); + + } else { +@@ -1117,23 +1095,13 @@ + + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); + + } + + } +-+ +- debug("Authentication succeeded (%s).", authctxt.method->name); +- } + ++ #ifdef WITH_OPENSSL ++ if (options.disable_multithreaded == 0) { + diff --git a/sshd.c b/sshd.c + index a738c3a..b32dbe0 100644 + --- a/sshd.c + +++ b/sshd.c +-@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) +- char remote_version[256]; /* Must be at least as big as buf. */ +- +- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", +-- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, +-+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, +- *options.version_addendum == '\0' ? "" : " ", +- options.version_addendum); +- + @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la) + int ret, listen_sock; + struct addrinfo *ai; +@@ -1217,11 +1185,10 @@ + index f1bbf00..21a70c2 100644 + --- a/version.h + +++ b/version.h +-@@ -3,4 +3,6 @@ ++@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_7.8" + + #define SSH_PORTABLE "p1" + -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_HPN "-hpn14v16" + +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN + + |