1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
--- temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig 2018-09-11 17:19:19.968420409 -0700
+++ temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2018-09-11 17:39:19.977535398 -0700
@@ -409,18 +409,10 @@
index dcf35e6..da4ced0 100644
--- a/packet.c
+++ b/packet.c
-@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
return 0;
}
-+/* this supports the forced rekeying required for the NONE cipher */
-+int rekey_requested = 0;
-+void
-+packet_request_rekeying(void)
-+{
-+ rekey_requested = 1;
-+}
-+
+/* used to determine if pre or post auth when rekeying for aes-ctr
+ * and none cipher switch */
+int
@@ -434,20 +426,6 @@
#define MAX_PACKETS (1U<<31)
static int
ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
- if (state->p_send.packets == 0 && state->p_read.packets == 0)
- return 0;
-
-+ /* used to force rekeying when called for by the none
-+ * cipher switch methods -cjr */
-+ if (rekey_requested == 1) {
-+ rekey_requested = 0;
-+ return 1;
-+ }
-+
- /* Time-based rekeying */
- if (state->rekey_interval != 0 &&
- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
diff --git a/packet.h b/packet.h
index 170203c..f4d9df2 100644
--- a/packet.h
@@ -476,9 +454,9 @@
/* Format of the configuration file:
@@ -166,6 +167,8 @@ typedef enum {
- oHashKnownHosts,
oTunnel, oTunnelDevice,
oLocalCommand, oPermitLocalCommand, oRemoteCommand,
+ oDisableMTAES,
+ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ oNoneEnabled, oNoneSwitch,
oVisualHostKey,
@@ -615,9 +593,9 @@
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
SyslogFacility log_facility; /* Facility for system logging. */
@@ -111,7 +115,10 @@ typedef struct {
-
int enable_ssh_keysign;
int64_t rekey_limit;
+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
+ int none_switch; /* Use none cipher */
+ int none_enabled; /* Allow none to be used */
int rekey_interval;
@@ -673,9 +651,9 @@
/* Portable-specific options */
if (options->use_pam == -1)
@@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options)
- }
- if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
+ if (options->disable_multithreaded == -1)
+ options->disable_multithreaded = 0;
+ if (options->none_enabled == -1)
+ options->none_enabled = 0;
+ if (options->hpn_disabled == -1)
@@ -1092,7 +1070,7 @@
xxx_host = host;
xxx_hostaddr = hostaddr;
-@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
if (!authctxt.success)
fatal("Authentication failed.");
@@ -1117,10 +1095,9 @@
+ fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
+ }
+ }
-+
- debug("Authentication succeeded (%s).", authctxt.method->name);
- }
+ #ifdef WITH_OPENSSL
+ if (options.disable_multithreaded == 0) {
diff --git a/sshd.c b/sshd.c
index a738c3a..b32dbe0 100644
--- a/sshd.c
@@ -1217,11 +1194,10 @@
index f1bbf00..21a70c2 100644
--- a/version.h
+++ b/version.h
-@@ -3,4 +3,6 @@
+@@ -3,4 +3,5 @@
#define SSH_VERSION "OpenSSH_7.8"
#define SSH_PORTABLE "p1"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN "-hpn14v16"
+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
+
|
GitWeb