You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
133 lines
4.7 KiB
133 lines
4.7 KiB
diff --exclude '*.un~' -ubr a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff
|
|
--- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-04-19 13:36:51.659996653 -0700
|
|
+++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-04-19 13:42:23.302377465 -0700
|
|
@@ -536,18 +536,10 @@
|
|
if (state->rekey_limit)
|
|
*max_blocks = MINIMUM(*max_blocks,
|
|
state->rekey_limit / enc->block_size);
|
|
-@@ -954,6 +963,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
|
|
+@@ -954,6 +963,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
|
|
return 0;
|
|
}
|
|
|
|
-+/* this supports the forced rekeying required for the NONE cipher */
|
|
-+int rekey_requested = 0;
|
|
-+void
|
|
-+packet_request_rekeying(void)
|
|
-+{
|
|
-+ rekey_requested = 1;
|
|
-+}
|
|
-+
|
|
+/* used to determine if pre or post auth when rekeying for aes-ctr
|
|
+ * and none cipher switch */
|
|
+int
|
|
@@ -561,20 +553,6 @@
|
|
#define MAX_PACKETS (1U<<31)
|
|
static int
|
|
ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
|
|
-@@ -980,6 +1007,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
|
|
- if (state->p_send.packets == 0 && state->p_read.packets == 0)
|
|
- return 0;
|
|
-
|
|
-+ /* used to force rekeying when called for by the none
|
|
-+ * cipher switch methods -cjr */
|
|
-+ if (rekey_requested == 1) {
|
|
-+ rekey_requested = 0;
|
|
-+ return 1;
|
|
-+ }
|
|
-+
|
|
- /* Time-based rekeying */
|
|
- if (state->rekey_interval != 0 &&
|
|
- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
|
|
@@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
|
struct session_state *state = ssh->state;
|
|
int len, r, ms_remain;
|
|
@@ -598,12 +576,11 @@
|
|
};
|
|
|
|
typedef int (ssh_packet_hook_fn)(struct ssh *, struct sshbuf *,
|
|
-@@ -155,6 +158,10 @@ int ssh_packet_inc_alive_timeouts(struct ssh *);
|
|
+@@ -155,6 +158,9 @@ int ssh_packet_inc_alive_timeouts(struct ssh *);
|
|
int ssh_packet_set_maxsize(struct ssh *, u_int);
|
|
u_int ssh_packet_get_maxsize(struct ssh *);
|
|
|
|
+/* for forced packet rekeying post auth */
|
|
-+void packet_request_rekeying(void);
|
|
+int packet_authentication_state(const struct ssh *);
|
|
+
|
|
int ssh_packet_get_state(struct ssh *, struct sshbuf *);
|
|
@@ -627,9 +604,9 @@
|
|
oLocalCommand, oPermitLocalCommand, oRemoteCommand,
|
|
+ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
|
|
+ oNoneEnabled, oNoneMacEnabled, oNoneSwitch,
|
|
+ oDisableMTAES,
|
|
oVisualHostKey,
|
|
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
|
|
- oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
|
|
@@ -297,6 +300,9 @@ static struct {
|
|
{ "kexalgorithms", oKexAlgorithms },
|
|
{ "ipqos", oIPQoS },
|
|
@@ -778,9 +755,9 @@
|
|
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
|
|
SyslogFacility log_facility; /* Facility for system logging. */
|
|
@@ -120,7 +124,11 @@ typedef struct {
|
|
-
|
|
int enable_ssh_keysign;
|
|
int64_t rekey_limit;
|
|
+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
|
|
+ int none_switch; /* Use none cipher */
|
|
+ int none_enabled; /* Allow none cipher to be used */
|
|
+ int nonemac_enabled; /* Allow none MAC to be used */
|
|
@@ -842,9 +819,9 @@
|
|
/* Portable-specific options */
|
|
if (options->use_pam == -1)
|
|
@@ -424,6 +434,49 @@ fill_default_server_options(ServerOptions *options)
|
|
- }
|
|
- if (options->permit_tun == -1)
|
|
options->permit_tun = SSH_TUNMODE_NO;
|
|
+ if (options->disable_multithreaded == -1)
|
|
+ options->disable_multithreaded = 0;
|
|
+ if (options->none_enabled == -1)
|
|
+ options->none_enabled = 0;
|
|
+ if (options->nonemac_enabled == -1)
|
|
@@ -1047,17 +1024,17 @@
|
|
Note that
|
|
diff --git a/sftp.c b/sftp.c
|
|
index fb3c08d1..89bebbb2 100644
|
|
---- a/sftp.c
|
|
-+++ b/sftp.c
|
|
-@@ -71,7 +71,7 @@ typedef void EditLine;
|
|
- #include "sftp-client.h"
|
|
-
|
|
- #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */
|
|
--#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */
|
|
-+#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */
|
|
+--- a/sftp-client.c
|
|
++++ b/sftp-client.c
|
|
+@@ -65,7 +65,7 @@ typedef void EditLine;
|
|
+ #define DEFAULT_COPY_BUFLEN 32768
|
|
+
|
|
+ /* Default number of concurrent outstanding requests */
|
|
+-#define DEFAULT_NUM_REQUESTS 64
|
|
++#define DEFAULT_NUM_REQUESTS 256
|
|
|
|
- /* File to read commands from */
|
|
- FILE* infile;
|
|
+ /* Minimum amount of data to read at a time */
|
|
+ #define MIN_READ_SIZE 512
|
|
diff --git a/ssh-keygen.c b/ssh-keygen.c
|
|
index cfb5f115..36a6e519 100644
|
|
--- a/ssh-keygen.c
|
|
@@ -1330,9 +1307,9 @@
|
|
+ }
|
|
+ }
|
|
+
|
|
- debug("Authentication succeeded (%s).", authctxt.method->name);
|
|
- }
|
|
|
|
+ #ifdef WITH_OPENSSL
|
|
+ if (options.disable_multithreaded == 0) {
|
|
diff --git a/sshd.c b/sshd.c
|
|
index 6277e6d6..d66fa41a 100644
|
|
--- a/sshd.c
|