| --- openssh-7.9p1.orig/cipher-ctr-mt.c 2018-10-24 20:48:00.909255466 -0000 |
| +++ openssh-7.9p1/cipher-ctr-mt.c 2018-10-24 20:48:17.378155144 -0000 |
| @@ -46,7 +46,7 @@ |
| |
| /*-------------------- TUNABLES --------------------*/ |
| /* maximum number of threads and queues */ |
| -#define MAX_THREADS 32 |
| +#define MAX_THREADS 32 |
| #define MAX_NUMKQ (MAX_THREADS * 2) |
| |
| /* Number of pregen threads to use */ |
| @@ -435,7 +435,7 @@ |
| destp.u += AES_BLOCK_SIZE; |
| srcp.u += AES_BLOCK_SIZE; |
| len -= AES_BLOCK_SIZE; |
| - ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE); |
| + ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE); |
| |
| /* Increment read index, switch queues on rollover */ |
| if ((ridx = (ridx + 1) % KQLEN) == 0) { |
| @@ -481,8 +481,6 @@ |
| /* get the number of cores in the system */ |
| /* if it's not linux it currently defaults to 2 */ |
| /* divide by 2 to get threads for each direction (MODE_IN||MODE_OUT) */ |
| - /* NB: assigning a float to an int discards the remainder which is */ |
| - /* acceptable (and wanted) in this case */ |
| #ifdef __linux__ |
| cipher_threads = sysconf(_SC_NPROCESSORS_ONLN) / 2; |
| #endif /*__linux__*/ |
| @@ -551,16 +550,16 @@ |
| } |
| |
| if (iv != NULL) { |
| - memcpy(ctx->iv, iv, AES_BLOCK_SIZE); |
| + memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); |
| c->state |= HAVE_IV; |
| } |
| |
| if (c->state == (HAVE_KEY | HAVE_IV)) { |
| /* Clear queues */ |
| - memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE); |
| + memcpy(c->q[0].ctr, c->aes_counter, AES_BLOCK_SIZE); |
| c->q[0].qstate = KQINIT; |
| for (i = 1; i < numkq; i++) { |
| - memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE); |
| + memcpy(c->q[i].ctr, c->aes_counter, AES_BLOCK_SIZE); |
| ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE); |
| c->q[i].qstate = KQEMPTY; |
| } |
| @@ -644,8 +643,22 @@ |
| const EVP_CIPHER * |
| evp_aes_ctr_mt(void) |
| { |
| +# if OPENSSL_VERSION_NUMBER >= 0x10100000UL && !defined(LIBRESSL_VERSION_NUMBER) |
| + static EVP_CIPHER *aes_ctr; |
| + aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/); |
| + EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE); |
| + EVP_CIPHER_meth_set_init(aes_ctr, ssh_aes_ctr_init); |
| + EVP_CIPHER_meth_set_cleanup(aes_ctr, ssh_aes_ctr_cleanup); |
| + EVP_CIPHER_meth_set_do_cipher(aes_ctr, ssh_aes_ctr); |
| +# ifndef SSH_OLD_EVP |
| + EVP_CIPHER_meth_set_flags(aes_ctr, EVP_CIPH_CBC_MODE |
| + | EVP_CIPH_VARIABLE_LENGTH |
| + | EVP_CIPH_ALWAYS_CALL_INIT |
| + | EVP_CIPH_CUSTOM_IV); |
| +# endif /*SSH_OLD_EVP*/ |
| + return (aes_ctr); |
| +# else /*earlier version of openssl*/ |
| static EVP_CIPHER aes_ctr; |
| - |
| memset(&aes_ctr, 0, sizeof(EVP_CIPHER)); |
| aes_ctr.nid = NID_undef; |
| aes_ctr.block_size = AES_BLOCK_SIZE; |
| @@ -654,11 +667,12 @@ |
| aes_ctr.init = ssh_aes_ctr_init; |
| aes_ctr.cleanup = ssh_aes_ctr_cleanup; |
| aes_ctr.do_cipher = ssh_aes_ctr; |
| -#ifndef SSH_OLD_EVP |
| - aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | |
| - EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; |
| -#endif |
| - return &aes_ctr; |
| +# ifndef SSH_OLD_EVP |
| + aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | |
| + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; |
| +# endif /*SSH_OLD_EVP*/ |
| + return &aes_ctr; |
| +# endif /*OPENSSH_VERSION_NUMBER*/ |
| } |
| |
| #endif /* defined(WITH_OPENSSL) */ |