diff options
-rw-r--r-- | net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch | 107 | ||||
-rw-r--r-- | net-misc/openssh/openssh-7.9_p1.ebuild | 1 |
2 files changed, 108 insertions, 0 deletions
diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch new file mode 100644 index 000000000000..524d05ad89d5 --- /dev/null +++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch @@ -0,0 +1,107 @@ +--- openssh-7.9p1.orig/cipher-ctr-mt.c 2018-10-24 20:48:00.909255466 -0000 ++++ openssh-7.9p1/cipher-ctr-mt.c 2018-10-24 20:48:17.378155144 -0000 +@@ -46,7 +46,7 @@ + + /*-------------------- TUNABLES --------------------*/ + /* maximum number of threads and queues */ +-#define MAX_THREADS 32 ++#define MAX_THREADS 32 + #define MAX_NUMKQ (MAX_THREADS * 2) + + /* Number of pregen threads to use */ +@@ -435,7 +435,7 @@ + destp.u += AES_BLOCK_SIZE; + srcp.u += AES_BLOCK_SIZE; + len -= AES_BLOCK_SIZE; +- ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE); ++ ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE); + + /* Increment read index, switch queues on rollover */ + if ((ridx = (ridx + 1) % KQLEN) == 0) { +@@ -481,8 +481,6 @@ + /* get the number of cores in the system */ + /* if it's not linux it currently defaults to 2 */ + /* divide by 2 to get threads for each direction (MODE_IN||MODE_OUT) */ +- /* NB: assigning a float to an int discards the remainder which is */ +- /* acceptable (and wanted) in this case */ + #ifdef __linux__ + cipher_threads = sysconf(_SC_NPROCESSORS_ONLN) / 2; + #endif /*__linux__*/ +@@ -505,11 +503,12 @@ + if (cipher_threads < 2) + cipher_threads = 2; + +- /* assure that we aren't trying to create more threads than we have in the struct */ +- /* cipher_threads is half the total of allowable threads hence the odd looking math here */ ++ /* assure that we aren't trying to create more threads */ ++ /* than we have in the struct. cipher_threads is half the */ ++ /* total of allowable threads hence the odd looking math here */ + if (cipher_threads * 2 > MAX_THREADS) + cipher_threads = MAX_THREADS / 2; +- ++ + /* set the number of keystream queues */ + numkq = cipher_threads * 2; + +@@ -551,16 +550,16 @@ + } + + if (iv != NULL) { +- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); ++ memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); + c->state |= HAVE_IV; + } + + if (c->state == (HAVE_KEY | HAVE_IV)) { + /* Clear queues */ +- memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE); ++ memcpy(c->q[0].ctr, c->aes_counter, AES_BLOCK_SIZE); + c->q[0].qstate = KQINIT; + for (i = 1; i < numkq; i++) { +- memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE); ++ memcpy(c->q[i].ctr, c->aes_counter, AES_BLOCK_SIZE); + ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE); + c->q[i].qstate = KQEMPTY; + } +@@ -644,8 +643,22 @@ + const EVP_CIPHER * + evp_aes_ctr_mt(void) + { ++# if OPENSSL_VERSION_NUMBER >= 0x10100000UL ++ static EVP_CIPHER *aes_ctr; ++ aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/); ++ EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE); ++ EVP_CIPHER_meth_set_init(aes_ctr, ssh_aes_ctr_init); ++ EVP_CIPHER_meth_set_cleanup(aes_ctr, ssh_aes_ctr_cleanup); ++ EVP_CIPHER_meth_set_do_cipher(aes_ctr, ssh_aes_ctr); ++# ifndef SSH_OLD_EVP ++ EVP_CIPHER_meth_set_flags(aes_ctr, EVP_CIPH_CBC_MODE ++ | EVP_CIPH_VARIABLE_LENGTH ++ | EVP_CIPH_ALWAYS_CALL_INIT ++ | EVP_CIPH_CUSTOM_IV); ++# endif /*SSH_OLD_EVP*/ ++ return (aes_ctr); ++# else /*earlier version of openssl*/ + static EVP_CIPHER aes_ctr; +- + memset(&aes_ctr, 0, sizeof(EVP_CIPHER)); + aes_ctr.nid = NID_undef; + aes_ctr.block_size = AES_BLOCK_SIZE; +@@ -654,11 +667,12 @@ + aes_ctr.init = ssh_aes_ctr_init; + aes_ctr.cleanup = ssh_aes_ctr_cleanup; + aes_ctr.do_cipher = ssh_aes_ctr; +-#ifndef SSH_OLD_EVP +- aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | +- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; +-#endif +- return &aes_ctr; ++# ifndef SSH_OLD_EVP ++ aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | ++ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; ++# endif /*SSH_OLD_EVP*/ ++ return &aes_ctr; ++# endif /*OPENSSH_VERSION_NUMBER*/ + } + + #endif /* defined(WITH_OPENSSL) */ diff --git a/net-misc/openssh/openssh-7.9_p1.ebuild b/net-misc/openssh/openssh-7.9_p1.ebuild index c38afd6020ca..83ff7a4d299d 100644 --- a/net-misc/openssh/openssh-7.9_p1.ebuild +++ b/net-misc/openssh/openssh-7.9_p1.ebuild @@ -169,6 +169,7 @@ src_prepare() { popd eapply "${hpn_patchdir}" + eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch" einfo "Patching Makefile.in for HPN patch set ..." sed -i \ |