| diff --exclude '*.un~' -ubr a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff |
| --- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-04-19 13:36:51.659996653 -0700 |
| +++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-04-19 13:42:23.302377465 -0700 |
| @@ -536,18 +536,10 @@ |
| if (state->rekey_limit) |
| *max_blocks = MINIMUM(*max_blocks, |
| state->rekey_limit / enc->block_size); |
| -@@ -954,6 +963,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) |
| +@@ -954,6 +963,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) |
| return 0; |
| } |
| |
| -+/* this supports the forced rekeying required for the NONE cipher */ |
| -+int rekey_requested = 0; |
| -+void |
| -+packet_request_rekeying(void) |
| -+{ |
| -+ rekey_requested = 1; |
| -+} |
| -+ |
| +/* used to determine if pre or post auth when rekeying for aes-ctr |
| + * and none cipher switch */ |
| +int |
| @@ -561,20 +553,6 @@ |
| #define MAX_PACKETS (1U<<31) |
| static int |
| ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) |
| -@@ -980,6 +1007,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) |
| - if (state->p_send.packets == 0 && state->p_read.packets == 0) |
| - return 0; |
| - |
| -+ /* used to force rekeying when called for by the none |
| -+ * cipher switch methods -cjr */ |
| -+ if (rekey_requested == 1) { |
| -+ rekey_requested = 0; |
| -+ return 1; |
| -+ } |
| -+ |
| - /* Time-based rekeying */ |
| - if (state->rekey_interval != 0 && |
| - (int64_t)state->rekey_time + state->rekey_interval <= monotime()) |
| @@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) |
| struct session_state *state = ssh->state; |
| int len, r, ms_remain; |
| @@ -598,12 +576,11 @@ |
| }; |
| |
| typedef int (ssh_packet_hook_fn)(struct ssh *, struct sshbuf *, |
| -@@ -155,6 +158,10 @@ int ssh_packet_inc_alive_timeouts(struct ssh *); |
| +@@ -155,6 +158,9 @@ int ssh_packet_inc_alive_timeouts(struct ssh *); |
| int ssh_packet_set_maxsize(struct ssh *, u_int); |
| u_int ssh_packet_get_maxsize(struct ssh *); |
| |
| +/* for forced packet rekeying post auth */ |
| -+void packet_request_rekeying(void); |
| +int packet_authentication_state(const struct ssh *); |
| + |
| int ssh_packet_get_state(struct ssh *, struct sshbuf *); |
| @@ -627,9 +604,9 @@ |
| oLocalCommand, oPermitLocalCommand, oRemoteCommand, |
| + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, |
| + oNoneEnabled, oNoneMacEnabled, oNoneSwitch, |
| + oDisableMTAES, |
| oVisualHostKey, |
| oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, |
| - oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, |
| @@ -297,6 +300,9 @@ static struct { |
| { "kexalgorithms", oKexAlgorithms }, |
| { "ipqos", oIPQoS }, |
| @@ -778,9 +755,9 @@ |
| int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ |
| SyslogFacility log_facility; /* Facility for system logging. */ |
| @@ -120,7 +124,11 @@ typedef struct { |
| - |
| int enable_ssh_keysign; |
| int64_t rekey_limit; |
| + int disable_multithreaded; /*disable multithreaded aes-ctr*/ |
| + int none_switch; /* Use none cipher */ |
| + int none_enabled; /* Allow none cipher to be used */ |
| + int nonemac_enabled; /* Allow none MAC to be used */ |
| @@ -842,9 +819,9 @@ |
| /* Portable-specific options */ |
| if (options->use_pam == -1) |
| @@ -424,6 +434,49 @@ fill_default_server_options(ServerOptions *options) |
| - } |
| - if (options->permit_tun == -1) |
| options->permit_tun = SSH_TUNMODE_NO; |
| + if (options->disable_multithreaded == -1) |
| + options->disable_multithreaded = 0; |
| + if (options->none_enabled == -1) |
| + options->none_enabled = 0; |
| + if (options->nonemac_enabled == -1) |
| @@ -1047,17 +1024,17 @@ |
| Note that |
| diff --git a/sftp.c b/sftp.c |
| index fb3c08d1..89bebbb2 100644 |
| ---- a/sftp.c |
| -+++ b/sftp.c |
| -@@ -71,7 +71,7 @@ typedef void EditLine; |
| - #include "sftp-client.h" |
| - |
| - #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */ |
| --#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */ |
| -+#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */ |
| +--- a/sftp-client.c |
| ++++ b/sftp-client.c |
| +@@ -65,7 +65,7 @@ typedef void EditLine; |
| + #define DEFAULT_COPY_BUFLEN 32768 |
| + |
| + /* Default number of concurrent outstanding requests */ |
| +-#define DEFAULT_NUM_REQUESTS 64 |
| ++#define DEFAULT_NUM_REQUESTS 256 |
| |
| - /* File to read commands from */ |
| - FILE* infile; |
| + /* Minimum amount of data to read at a time */ |
| + #define MIN_READ_SIZE 512 |
| diff --git a/ssh-keygen.c b/ssh-keygen.c |
| index cfb5f115..36a6e519 100644 |
| --- a/ssh-keygen.c |
| @@ -1330,9 +1307,9 @@ |
| + } |
| + } |
| + |
| - debug("Authentication succeeded (%s).", authctxt.method->name); |
| - } |
| |
| + #ifdef WITH_OPENSSL |
| + if (options.disable_multithreaded == 0) { |
| diff --git a/sshd.c b/sshd.c |
| index 6277e6d6..d66fa41a 100644 |
| --- a/sshd.c |