summaryrefslogtreecommitdiff
path: root/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch
blob: 90fa248fcbac20eb6697ca45d8e916212564a3b2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff	2020-02-04 14:55:30.408567718 -0800
+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff	2020-02-04 15:16:14.646567224 -0800
@@ -409,18 +409,10 @@
 index 817da43b..b2bcf78f 100644
 --- a/packet.c
 +++ b/packet.c
-@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
  	return 0;
  }
  
-+/* this supports the forced rekeying required for the NONE cipher */
-+int rekey_requested = 0;
-+void
-+packet_request_rekeying(void)
-+{
-+	rekey_requested = 1;
-+}
-+
 +/* used to determine if pre or post auth when rekeying for aes-ctr
 + * and none cipher switch */
 +int
@@ -434,20 +426,6 @@
  #define MAX_PACKETS	(1U<<31)
  static int
  ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
- 	if (state->p_send.packets == 0 && state->p_read.packets == 0)
- 		return 0;
- 
-+	/* used to force rekeying when called for by the none
-+         * cipher switch methods -cjr */
-+        if (rekey_requested == 1) {
-+                rekey_requested = 0;
-+                return 1;
-+        }
-+
- 	/* Time-based rekeying */
- 	if (state->rekey_interval != 0 &&
- 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
 diff --git a/packet.h b/packet.h
 index 8ccfd2e0..1ad9bc06 100644
 --- a/packet.h
@@ -476,9 +454,9 @@
  /* Format of the configuration file:
  
 @@ -167,6 +168,8 @@ typedef enum {
- 	oHashKnownHosts,
  	oTunnel, oTunnelDevice,
  	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
+ 	oDisableMTAES,
 +	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
 +	oNoneEnabled, oNoneSwitch,
  	oVisualHostKey,
@@ -615,9 +593,9 @@
  	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
  	SyslogFacility log_facility;	/* Facility for system logging. */
 @@ -112,7 +116,10 @@ typedef struct {
- 
  	int	enable_ssh_keysign;
  	int64_t rekey_limit;
+ 	int     disable_multithreaded; /*disable multithreaded aes-ctr*/
 +	int     none_switch;    /* Use none cipher */
 +	int     none_enabled;   /* Allow none to be used */
  	int	rekey_interval;
@@ -700,9 +678,9 @@
 +			options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
 +	}
 +
+ 	if (options->disable_multithreaded == -1)
+ 		options->disable_multithreaded = 0;
  	if (options->ip_qos_interactive == -1)
- 		options->ip_qos_interactive = IPTOS_DSCP_AF21;
- 	if (options->ip_qos_bulk == -1)
 @@ -486,6 +532,8 @@ typedef enum {
  	sPasswordAuthentication, sKbdInteractiveAuthentication,
  	sListenAddress, sAddressFamily,
@@ -1079,11 +1057,11 @@
  	xxx_host = host;
  	xxx_hostaddr = hostaddr;
  
-@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
+@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
  
  	if (!authctxt.success)
  		fatal("Authentication failed.");
-+
+ 
 +	/*
 +	 * If the user wants to use the none cipher, do it post authentication
 +	 * and only if the right conditions are met -- both of the NONE commands
@@ -1105,9 +1083,9 @@
 +		}
 +	}
 +
- 	debug("Authentication succeeded (%s).", authctxt.method->name);
- }
- 
+ #ifdef WITH_OPENSSL
+ 	if (options.disable_multithreaded == 0) {
+ 		/* if we are using aes-ctr there can be issues in either a fork or sandbox
 diff --git a/sshd.c b/sshd.c
 index 11571c01..23a06022 100644
 --- a/sshd.c