| --- temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig 2018-09-11 17:19:19.968420409 -0700 |
| +++ temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2018-09-11 17:39:19.977535398 -0700 |
| @@ -409,18 +409,10 @@ |
| index dcf35e6..da4ced0 100644 |
| --- a/packet.c |
| +++ b/packet.c |
| -@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) |
| +@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) |
| return 0; |
| } |
| |
| -+/* this supports the forced rekeying required for the NONE cipher */ |
| -+int rekey_requested = 0; |
| -+void |
| -+packet_request_rekeying(void) |
| -+{ |
| -+ rekey_requested = 1; |
| -+} |
| -+ |
| +/* used to determine if pre or post auth when rekeying for aes-ctr |
| + * and none cipher switch */ |
| +int |
| @@ -434,20 +426,6 @@ |
| #define MAX_PACKETS (1U<<31) |
| static int |
| ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) |
| -@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) |
| - if (state->p_send.packets == 0 && state->p_read.packets == 0) |
| - return 0; |
| - |
| -+ /* used to force rekeying when called for by the none |
| -+ * cipher switch methods -cjr */ |
| -+ if (rekey_requested == 1) { |
| -+ rekey_requested = 0; |
| -+ return 1; |
| -+ } |
| -+ |
| - /* Time-based rekeying */ |
| - if (state->rekey_interval != 0 && |
| - (int64_t)state->rekey_time + state->rekey_interval <= monotime()) |
| diff --git a/packet.h b/packet.h |
| index 170203c..f4d9df2 100644 |
| --- a/packet.h |
| @@ -476,9 +454,9 @@ |
| /* Format of the configuration file: |
| |
| @@ -166,6 +167,8 @@ typedef enum { |
| - oHashKnownHosts, |
| oTunnel, oTunnelDevice, |
| oLocalCommand, oPermitLocalCommand, oRemoteCommand, |
| + oDisableMTAES, |
| + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, |
| + oNoneEnabled, oNoneSwitch, |
| oVisualHostKey, |
| @@ -615,9 +593,9 @@ |
| int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ |
| SyslogFacility log_facility; /* Facility for system logging. */ |
| @@ -111,7 +115,10 @@ typedef struct { |
| - |
| int enable_ssh_keysign; |
| int64_t rekey_limit; |
| + int disable_multithreaded; /*disable multithreaded aes-ctr*/ |
| + int none_switch; /* Use none cipher */ |
| + int none_enabled; /* Allow none to be used */ |
| int rekey_interval; |
| @@ -673,9 +651,9 @@ |
| /* Portable-specific options */ |
| if (options->use_pam == -1) |
| @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) |
| - } |
| - if (options->permit_tun == -1) |
| options->permit_tun = SSH_TUNMODE_NO; |
| + if (options->disable_multithreaded == -1) |
| + options->disable_multithreaded = 0; |
| + if (options->none_enabled == -1) |
| + options->none_enabled = 0; |
| + if (options->hpn_disabled == -1) |
| @@ -1092,7 +1070,7 @@ |
| xxx_host = host; |
| xxx_hostaddr = hostaddr; |
| |
| -@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, |
| +@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, |
| |
| if (!authctxt.success) |
| fatal("Authentication failed."); |
| @@ -1117,10 +1095,9 @@ |
| + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); |
| + } |
| + } |
| -+ |
| - debug("Authentication succeeded (%s).", authctxt.method->name); |
| - } |
| |
| + #ifdef WITH_OPENSSL |
| + if (options.disable_multithreaded == 0) { |
| diff --git a/sshd.c b/sshd.c |
| index a738c3a..b32dbe0 100644 |
| --- a/sshd.c |
| @@ -1217,11 +1194,10 @@ |
| index f1bbf00..21a70c2 100644 |
| --- a/version.h |
| +++ b/version.h |
| -@@ -3,4 +3,6 @@ |
| +@@ -3,4 +3,5 @@ |
| #define SSH_VERSION "OpenSSH_7.8" |
| |
| #define SSH_PORTABLE "p1" |
| -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
| -+#define SSH_HPN "-hpn14v16" |
| +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN |
| + |