Google Git
Sign in
cos / third_party / overlays / portage-stable / 6cf3bee672201610494ed6a4e9747e2a302a05c7 / . / net-misc / openssh / files / openssh-8.1_p1-hpn-glue.patch
blob: 0ad814f95d87ec3ba4c34729fd0d0c80bbbde431 [file] [log] [blame]
Only in b: .openssh-7_8_P1-hpn-AES-CTR-14.16.diff.un~
Only in b: .openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.un~
diff -ru a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff
--- a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:48:31.513603947 -0700
+++ b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:50:15.012495676 -0700
@@ -17,8 +17,8 @@
canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
- cipher-ctr.o cleanup.o \
+ cipher-ctr.o cleanup.o cipher-ctr-mt.o \
- compat.o crc32.o fatal.o hostfile.o \
- log.o match.o moduli.o nchan.o packet.o opacket.o \
+ compat.o fatal.o hostfile.o \
+ log.o match.o moduli.o nchan.o packet.o \
readpass.o ttymodes.o xmalloc.o addrmatch.o \
diff --git a/cipher-ctr-mt.c b/cipher-ctr-mt.c
new file mode 100644
@@ -998,7 +998,7 @@
+ * so we repoint the define to the multithreaded evp. To start the threads we
+ * then force a rekey
+ */
-+ const void *cc = ssh_packet_get_send_context(active_state);
++ const void *cc = ssh_packet_get_send_context(ssh);
+
+ /* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */
+ if (strstr(cipher_ctx_name(cc), "ctr")) {
@@ -1028,7 +1028,7 @@
+ * so we repoint the define to the multithreaded evp. To start the threads we
+ * then force a rekey
+ */
-+ const void *cc = ssh_packet_get_send_context(active_state);
++ const void *cc = ssh_packet_get_send_context(ssh);
+
+ /* only rekey if necessary. If we don't do this gcm mode cipher breaks */
+ if (strstr(cipher_ctx_name(cc), "ctr")) {
diff -ru a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff
--- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 13:47:54.801642144 -0700
+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 15:58:05.085803333 -0700
@@ -162,24 +162,24 @@
}
+static int
-+channel_tcpwinsz(void)
++channel_tcpwinsz(struct ssh *ssh)
+{
+ u_int32_t tcpwinsz = 0;
+ socklen_t optsz = sizeof(tcpwinsz);
+ int ret = -1;
+
+ /* if we aren't on a socket return 128KB */
-+ if (!packet_connection_is_on_socket())
++ if (!ssh_packet_connection_is_on_socket(ssh))
+ return 128 * 1024;
+
-+ ret = getsockopt(packet_get_connection_in(),
++ ret = getsockopt(ssh_packet_get_connection_in(ssh),
+ SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
+ /* return no more than SSHBUF_SIZE_MAX (currently 256MB) */
+ if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX)
+ tcpwinsz = SSHBUF_SIZE_MAX;
+
+ debug2("tcpwinsz: tcp connection %d, Receive window: %d",
-+ packet_get_connection_in(), tcpwinsz);
++ ssh_packet_get_connection_in(ssh), tcpwinsz);
+ return tcpwinsz;
+}
+
@@ -191,7 +191,7 @@
c->local_window < c->local_window_max/2) &&
c->local_consumed > 0) {
+ u_int addition = 0;
-+ u_int32_t tcpwinsz = channel_tcpwinsz();
++ u_int32_t tcpwinsz = channel_tcpwinsz(ssh);
+ /* adjust max window size if we are in a dynamic environment */
+ if (c->dynamic_window && (tcpwinsz > c->local_window_max)) {
+ /* grow the window somewhat aggressively to maintain pressure */
@@ -409,18 +409,10 @@
index dcf35e6..da4ced0 100644
--- a/packet.c
+++ b/packet.c
-@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
return 0;
}
-+/* this supports the forced rekeying required for the NONE cipher */
-+int rekey_requested = 0;
-+void
-+packet_request_rekeying(void)
-+{
-+ rekey_requested = 1;
-+}
-+
+/* used to determine if pre or post auth when rekeying for aes-ctr
+ * and none cipher switch */
+int
@@ -434,20 +426,6 @@
#define MAX_PACKETS (1U<<31)
static int
ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
- if (state->p_send.packets == 0 && state->p_read.packets == 0)
- return 0;
-
-+ /* used to force rekeying when called for by the none
-+ * cipher switch methods -cjr */
-+ if (rekey_requested == 1) {
-+ rekey_requested = 0;
-+ return 1;
-+ }
-+
- /* Time-based rekeying */
- if (state->rekey_interval != 0 &&
- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
diff --git a/packet.h b/packet.h
index 170203c..f4d9df2 100644
--- a/packet.h
@@ -476,9 +454,9 @@
/* Format of the configuration file:
@@ -166,6 +167,8 @@ typedef enum {
- oHashKnownHosts,
oTunnel, oTunnelDevice,
oLocalCommand, oPermitLocalCommand, oRemoteCommand,
+ oDisableMTAES,
+ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ oNoneEnabled, oNoneSwitch,
oVisualHostKey,
@@ -615,9 +593,9 @@
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
SyslogFacility log_facility; /* Facility for system logging. */
@@ -111,7 +115,10 @@ typedef struct {
-
int enable_ssh_keysign;
int64_t rekey_limit;
+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
+ int none_switch; /* Use none cipher */
+ int none_enabled; /* Allow none to be used */
int rekey_interval;
@@ -633,7 +611,7 @@
off_t i, statbytes;
size_t amt, nr;
int fd = -1, haderr, indx;
-- char *last, *name, buf[2048], encname[PATH_MAX];
+- char *last, *name, buf[PATH_MAX + 128], encname[PATH_MAX];
+ char *last, *name, buf[16384], encname[PATH_MAX];
int len;
@@ -673,9 +651,9 @@
/* Portable-specific options */
if (options->use_pam == -1)
@@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options)
- }
- if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
+ if (options->disable_multithreaded == -1)
+ options->disable_multithreaded = 0;
+ if (options->none_enabled == -1)
+ options->none_enabled = 0;
+ if (options->hpn_disabled == -1)
@@ -1092,7 +1070,7 @@
xxx_host = host;
xxx_hostaddr = hostaddr;
-@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
if (!authctxt.success)
fatal("Authentication failed.");
@@ -1108,7 +1086,7 @@
+ memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
+ myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
-+ kex_prop2buf(active_state->kex->my, myproposal);
++ kex_prop2buf(ssh->kex->my, myproposal);
+ packet_request_rekeying();
+ fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
+ } else {
@@ -1117,23 +1095,13 @@
+ fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
+ }
+ }
-+
- debug("Authentication succeeded (%s).", authctxt.method->name);
- }
+ #ifdef WITH_OPENSSL
+ if (options.disable_multithreaded == 0) {
diff --git a/sshd.c b/sshd.c
index a738c3a..b32dbe0 100644
--- a/sshd.c
+++ b/sshd.c
-@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
- char remote_version[256]; /* Must be at least as big as buf. */
-
- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
-- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
-+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
- *options.version_addendum == '\0' ? "" : " ",
- options.version_addendum);
-
@@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la)
int ret, listen_sock;
struct addrinfo *ai;
@@ -1217,11 +1185,10 @@
index f1bbf00..21a70c2 100644
--- a/version.h
+++ b/version.h
-@@ -3,4 +3,6 @@
+@@ -3,4 +3,5 @@
#define SSH_VERSION "OpenSSH_7.8"
#define SSH_PORTABLE "p1"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN "-hpn14v16"
+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
+