--- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 17:07:59.413376785 -0700 +++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 20:05:12.622588051 -0700 @@ -382,7 +382,7 @@ @@ -822,6 +822,10 @@ kex_choose_conf(struct ssh *ssh) int nenc, nmac, ncomp; u_int mode, ctos, need, dh_need, authlen; - int r, first_kex_follows; + int r, first_kex_follows = 0; + int auth_flag; + + auth_flag = packet_authentication_state(ssh); @@ -441,6 +441,39 @@ int ssh_packet_get_state(struct ssh *, struct sshbuf *); int ssh_packet_set_state(struct ssh *, struct sshbuf *); +diff --git a/packet.c b/packet.c +index dcf35e6..9433f08 100644 +--- a/packet.c ++++ b/packet.c +@@ -920,6 +920,14 @@ ssh_set_newkeys(struct ssh *ssh, int mode) + return 0; + } + ++/* this supports the forced rekeying required for the NONE cipher */ ++int rekey_requested = 0; ++void ++packet_request_rekeying(void) ++{ ++ rekey_requested = 1; ++} ++ + #define MAX_PACKETS (1U<<31) + static int + ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +@@ -946,6 +954,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) + if (state->p_send.packets == 0 && state->p_read.packets == 0) + return 0; + ++ /* used to force rekeying when called for by the none ++ * cipher switch and aes-mt-ctr methods -cjr */ ++ if (rekey_requested == 1) { ++ rekey_requested = 0; ++ return 1; ++ } ++ + /* Time-based rekeying */ + if (state->rekey_interval != 0 && + (int64_t)state->rekey_time + state->rekey_interval <= monotime()) diff --git a/readconf.c b/readconf.c index db5f2d5..33f18c9 100644 --- a/readconf.c @@ -453,10 +486,9 @@ /* Format of the configuration file: -@@ -166,6 +167,8 @@ typedef enum { +@@ -166,5 +167,7 @@ typedef enum { oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oRemoteCommand, - oDisableMTAES, + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, + oNoneEnabled, oNoneSwitch, oVisualHostKey, @@ -592,10 +624,9 @@ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ SyslogFacility log_facility; /* Facility for system logging. */ -@@ -111,7 +115,10 @@ typedef struct { +@@ -111,6 +115,9 @@ typedef struct { int enable_ssh_keysign; int64_t rekey_limit; - int disable_multithreaded; /*disable multithreaded aes-ctr*/ + int none_switch; /* Use none cipher */ + int none_enabled; /* Allow none to be used */ int rekey_interval; @@ -650,10 +681,8 @@ /* Portable-specific options */ if (options->use_pam == -1) -@@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) +@@ -391,4 +400,41 @@ fill_default_server_options(ServerOptions *options) options->permit_tun = SSH_TUNMODE_NO; - if (options->disable_multithreaded == -1) - options->disable_multithreaded = 0; + if (options->none_enabled == -1) + options->none_enabled = 0; + if (options->hpn_disabled == -1) @@ -1095,9 +1124,9 @@ + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); + } + } + debug("Authentication succeeded (%s).", authctxt.method->name); + } - #ifdef WITH_OPENSSL - if (options.disable_multithreaded == 0) { diff --git a/sshd.c b/sshd.c index a738c3a..b32dbe0 100644 --- a/sshd.c @@ -1181,14 +1210,3 @@ # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no -diff --git a/version.h b/version.h -index f1bbf00..21a70c2 100644 ---- a/version.h -+++ b/version.h -@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_7.8" - - #define SSH_PORTABLE "p1" --#define SSH_RELEASE SSH_VERSION SSH_PORTABLE -+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN -+