diff options
Diffstat (limited to 'net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch')
-rw-r--r-- | net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch | 216 |
1 files changed, 0 insertions, 216 deletions
diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch deleted file mode 100644 index 0ad814f95d87..000000000000 --- a/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch +++ /dev/null @@ -1,216 +0,0 @@ -Only in b: .openssh-7_8_P1-hpn-AES-CTR-14.16.diff.un~ -Only in b: .openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.un~ -diff -ru a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff ---- a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:48:31.513603947 -0700 -+++ b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:50:15.012495676 -0700 -@@ -17,8 +17,8 @@ - canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \ - - cipher-ctr.o cleanup.o \ - + cipher-ctr.o cleanup.o cipher-ctr-mt.o \ -- compat.o crc32.o fatal.o hostfile.o \ -- log.o match.o moduli.o nchan.o packet.o opacket.o \ -+ compat.o fatal.o hostfile.o \ -+ log.o match.o moduli.o nchan.o packet.o \ - readpass.o ttymodes.o xmalloc.o addrmatch.o \ - diff --git a/cipher-ctr-mt.c b/cipher-ctr-mt.c - new file mode 100644 -@@ -998,7 +998,7 @@ - + * so we repoint the define to the multithreaded evp. To start the threads we - + * then force a rekey - + */ --+ const void *cc = ssh_packet_get_send_context(active_state); -++ const void *cc = ssh_packet_get_send_context(ssh); - + - + /* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */ - + if (strstr(cipher_ctx_name(cc), "ctr")) { -@@ -1028,7 +1028,7 @@ - + * so we repoint the define to the multithreaded evp. To start the threads we - + * then force a rekey - + */ --+ const void *cc = ssh_packet_get_send_context(active_state); -++ const void *cc = ssh_packet_get_send_context(ssh); - + - + /* only rekey if necessary. If we don't do this gcm mode cipher breaks */ - + if (strstr(cipher_ctx_name(cc), "ctr")) { -diff -ru a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff ---- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 13:47:54.801642144 -0700 -+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 15:58:05.085803333 -0700 -@@ -162,24 +162,24 @@ - } - - +static int --+channel_tcpwinsz(void) -++channel_tcpwinsz(struct ssh *ssh) - +{ - + u_int32_t tcpwinsz = 0; - + socklen_t optsz = sizeof(tcpwinsz); - + int ret = -1; - + - + /* if we aren't on a socket return 128KB */ --+ if (!packet_connection_is_on_socket()) -++ if (!ssh_packet_connection_is_on_socket(ssh)) - + return 128 * 1024; - + --+ ret = getsockopt(packet_get_connection_in(), -++ ret = getsockopt(ssh_packet_get_connection_in(ssh), - + SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); - + /* return no more than SSHBUF_SIZE_MAX (currently 256MB) */ - + if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX) - + tcpwinsz = SSHBUF_SIZE_MAX; - + - + debug2("tcpwinsz: tcp connection %d, Receive window: %d", --+ packet_get_connection_in(), tcpwinsz); -++ ssh_packet_get_connection_in(ssh), tcpwinsz); - + return tcpwinsz; - +} - + -@@ -191,7 +191,7 @@ - c->local_window < c->local_window_max/2) && - c->local_consumed > 0) { - + u_int addition = 0; --+ u_int32_t tcpwinsz = channel_tcpwinsz(); -++ u_int32_t tcpwinsz = channel_tcpwinsz(ssh); - + /* adjust max window size if we are in a dynamic environment */ - + if (c->dynamic_window && (tcpwinsz > c->local_window_max)) { - + /* grow the window somewhat aggressively to maintain pressure */ -@@ -409,18 +409,10 @@ - index dcf35e6..da4ced0 100644 - --- a/packet.c - +++ b/packet.c --@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) - return 0; - } - --+/* this supports the forced rekeying required for the NONE cipher */ --+int rekey_requested = 0; --+void --+packet_request_rekeying(void) --+{ --+ rekey_requested = 1; --+} --+ - +/* used to determine if pre or post auth when rekeying for aes-ctr - + * and none cipher switch */ - +int -@@ -434,20 +426,6 @@ - #define MAX_PACKETS (1U<<31) - static int - ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) --@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -- if (state->p_send.packets == 0 && state->p_read.packets == 0) -- return 0; -- --+ /* used to force rekeying when called for by the none --+ * cipher switch methods -cjr */ --+ if (rekey_requested == 1) { --+ rekey_requested = 0; --+ return 1; --+ } --+ -- /* Time-based rekeying */ -- if (state->rekey_interval != 0 && -- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - diff --git a/packet.h b/packet.h - index 170203c..f4d9df2 100644 - --- a/packet.h -@@ -476,9 +454,9 @@ - /* Format of the configuration file: - - @@ -166,6 +167,8 @@ typedef enum { -- oHashKnownHosts, - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -+ oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneSwitch, - oVisualHostKey, -@@ -615,9 +593,9 @@ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ - @@ -111,7 +115,10 @@ typedef struct { -- - int enable_ssh_keysign; - int64_t rekey_limit; -+ int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none to be used */ - int rekey_interval; -@@ -633,7 +611,7 @@ - off_t i, statbytes; - size_t amt, nr; - int fd = -1, haderr, indx; --- char *last, *name, buf[2048], encname[PATH_MAX]; -+- char *last, *name, buf[PATH_MAX + 128], encname[PATH_MAX]; - + char *last, *name, buf[16384], encname[PATH_MAX]; - int len; - -@@ -673,9 +651,9 @@ - /* Portable-specific options */ - if (options->use_pam == -1) - @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) -- } -- if (options->permit_tun == -1) - options->permit_tun = SSH_TUNMODE_NO; -+ if (options->disable_multithreaded == -1) -+ options->disable_multithreaded = 0; - + if (options->none_enabled == -1) - + options->none_enabled = 0; - + if (options->hpn_disabled == -1) -@@ -1092,7 +1070,7 @@ - xxx_host = host; - xxx_hostaddr = hostaddr; - --@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, -+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, - - if (!authctxt.success) - fatal("Authentication failed."); -@@ -1108,7 +1086,7 @@ - + memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); - + myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; - + myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; --+ kex_prop2buf(active_state->kex->my, myproposal); -++ kex_prop2buf(ssh->kex->my, myproposal); - + packet_request_rekeying(); - + fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n"); - + } else { -@@ -1117,23 +1095,13 @@ - + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); - + } - + } --+ -- debug("Authentication succeeded (%s).", authctxt.method->name); -- } - -+ #ifdef WITH_OPENSSL -+ if (options.disable_multithreaded == 0) { - diff --git a/sshd.c b/sshd.c - index a738c3a..b32dbe0 100644 - --- a/sshd.c - +++ b/sshd.c --@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) -- char remote_version[256]; /* Must be at least as big as buf. */ -- -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", --- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, --+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, -- *options.version_addendum == '\0' ? "" : " ", -- options.version_addendum); -- - @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la) - int ret, listen_sock; - struct addrinfo *ai; -@@ -1217,11 +1185,10 @@ - index f1bbf00..21a70c2 100644 - --- a/version.h - +++ b/version.h --@@ -3,4 +3,6 @@ -+@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_7.8" - - #define SSH_PORTABLE "p1" - -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn14v16" - +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN - + |