| --- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 17:07:59.413376785 -0700 |
| +++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 20:05:12.622588051 -0700 |
| @@ -382,7 +382,7 @@ |
| @@ -822,6 +822,10 @@ kex_choose_conf(struct ssh *ssh) |
| int nenc, nmac, ncomp; |
| u_int mode, ctos, need, dh_need, authlen; |
| - int r, first_kex_follows; |
| + int r, first_kex_follows = 0; |
| + int auth_flag; |
| + |
| + auth_flag = packet_authentication_state(ssh); |
| @@ -441,6 +441,39 @@ |
| int ssh_packet_get_state(struct ssh *, struct sshbuf *); |
| int ssh_packet_set_state(struct ssh *, struct sshbuf *); |
| |
| +diff --git a/packet.c b/packet.c |
| +index dcf35e6..9433f08 100644 |
| +--- a/packet.c |
| ++++ b/packet.c |
| +@@ -920,6 +920,14 @@ ssh_set_newkeys(struct ssh *ssh, int mode) |
| + return 0; |
| + } |
| + |
| ++/* this supports the forced rekeying required for the NONE cipher */ |
| ++int rekey_requested = 0; |
| ++void |
| ++packet_request_rekeying(void) |
| ++{ |
| ++ rekey_requested = 1; |
| ++} |
| ++ |
| + #define MAX_PACKETS (1U<<31) |
| + static int |
| + ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) |
| +@@ -946,6 +954,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) |
| + if (state->p_send.packets == 0 && state->p_read.packets == 0) |
| + return 0; |
| + |
| ++ /* used to force rekeying when called for by the none |
| ++ * cipher switch and aes-mt-ctr methods -cjr */ |
| ++ if (rekey_requested == 1) { |
| ++ rekey_requested = 0; |
| ++ return 1; |
| ++ } |
| ++ |
| + /* Time-based rekeying */ |
| + if (state->rekey_interval != 0 && |
| + (int64_t)state->rekey_time + state->rekey_interval <= monotime()) |
| diff --git a/readconf.c b/readconf.c |
| index db5f2d5..33f18c9 100644 |
| --- a/readconf.c |
| @@ -453,10 +486,9 @@ |
| |
| /* Format of the configuration file: |
| |
| -@@ -166,6 +167,8 @@ typedef enum { |
| +@@ -166,5 +167,7 @@ typedef enum { |
| oTunnel, oTunnelDevice, |
| oLocalCommand, oPermitLocalCommand, oRemoteCommand, |
| - oDisableMTAES, |
| + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, |
| + oNoneEnabled, oNoneSwitch, |
| oVisualHostKey, |
| @@ -592,10 +624,9 @@ |
| int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ |
| int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ |
| SyslogFacility log_facility; /* Facility for system logging. */ |
| -@@ -111,7 +115,10 @@ typedef struct { |
| +@@ -111,6 +115,9 @@ typedef struct { |
| int enable_ssh_keysign; |
| int64_t rekey_limit; |
| - int disable_multithreaded; /*disable multithreaded aes-ctr*/ |
| + int none_switch; /* Use none cipher */ |
| + int none_enabled; /* Allow none to be used */ |
| int rekey_interval; |
| @@ -650,10 +681,8 @@ |
| |
| /* Portable-specific options */ |
| if (options->use_pam == -1) |
| -@@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) |
| +@@ -391,4 +400,41 @@ fill_default_server_options(ServerOptions *options) |
| options->permit_tun = SSH_TUNMODE_NO; |
| - if (options->disable_multithreaded == -1) |
| - options->disable_multithreaded = 0; |
| + if (options->none_enabled == -1) |
| + options->none_enabled = 0; |
| + if (options->hpn_disabled == -1) |
| @@ -1095,9 +1124,9 @@ |
| + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); |
| + } |
| + } |
| + debug("Authentication succeeded (%s).", authctxt.method->name); |
| + } |
| |
| - #ifdef WITH_OPENSSL |
| - if (options.disable_multithreaded == 0) { |
| diff --git a/sshd.c b/sshd.c |
| index a738c3a..b32dbe0 100644 |
| --- a/sshd.c |
| @@ -1181,14 +1210,3 @@ |
| # Example of overriding settings on a per-user basis |
| #Match User anoncvs |
| # X11Forwarding no |
| -diff --git a/version.h b/version.h |
| -index f1bbf00..21a70c2 100644 |
| ---- a/version.h |
| -+++ b/version.h |
| -@@ -3,4 +3,5 @@ |
| - #define SSH_VERSION "OpenSSH_7.8" |
| - |
| - #define SSH_PORTABLE "p1" |
| --#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
| -+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN |
| -+ |