packages: openssh/openssh.spec, openssh/openssh-5.2p1-hpn13v6.diff (NEW), o...
glen
glen at pld-linux.org
Fri Sep 4 13:40:35 CEST 2009
Author: glen Date: Fri Sep 4 11:40:35 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- hpn patch updated to hpn13v6
---- Files affected:
packages/openssh:
openssh.spec (1.320 -> 1.321) , openssh-5.2p1-hpn13v6.diff (NONE -> 1.1) (NEW), openssh-5.0p1-hpn13v4.diff (1.1 -> NONE) (REMOVED)
---- Diffs:
================================================================
Index: packages/openssh/openssh.spec
diff -u packages/openssh/openssh.spec:1.320 packages/openssh/openssh.spec:1.321
--- packages/openssh/openssh.spec:1.320 Wed Sep 2 13:59:35 2009
+++ packages/openssh/openssh.spec Fri Sep 4 13:40:29 2009
@@ -45,8 +45,8 @@
Patch5: %{name}-config.patch
Patch7: %{name}-selinux.patch
# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
-# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.9p1-hpn13v2.diff.gz
-Patch9: %{name}-5.0p1-hpn13v4.diff
+# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
+Patch9: %{name}-5.2p1-hpn13v6.diff
Patch10: %{name}-include.patch
Patch11: %{name}-chroot.patch
Patch12: http://people.debian.org/~cjwatson/%{name}-blacklist.diff
@@ -92,22 +92,13 @@
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
-%if %{with hpn} || %{with hpn_none}
+%if %{with hpn}
This release includes High Performance SSH/SCP patches from
http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed
to increase throughput on fast connections with high RTT (20-150 msec).
See the website for '-w' values for your connection and /proc/sys TCP
values. BTW. in a LAN you have got generally RTT < 1 msec.
%endif
-%if %{with hpn_none}
-It also includes an undocumented '-z' option which switches
-the cipher to none after authentication is completed. Data is
-still secured from tampering and corruption in transit through
-the use of the Message Authentication Code (MAC).
-This option will significantly reduce the number of cpu cycles used
-by the SSH/SCP process. This may allow some users to see significant
-improvement in (sniffable) data tranfer rates.
-%endif
%description -l de.UTF-8
OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
@@ -156,7 +147,7 @@
Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
co najmniej jeden z pakietów: openssh-clients lub openssh-server.
-%if %{with hpn} || %{with hpn_none}
+%if %{with hpn}
Ta wersja zawiera łaty z projektu High Performance SSH/SCP
http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
zwiększenie przepustowości transmisji dla szybkich połączeń
@@ -164,15 +155,6 @@
odpowednie dla danego połączenia wartości parametru '-w' oraz
opcje /proc/sys dla TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
%endif
-%if %{with hpn_none}
-Obsługiwana jest również nieudokumentowana opcja '-z' odpowiedzialna
-za wyłączenie szyfrowania danych po zakończeniu procesu uwierzytelniania.
-Dane są zabezpieczone przed modyfikacją lub uszkodzeniem przez
-stosowanie Message Authentication Code (MAC).
-Opcja ta znacznie redukuje liczbę cykli procesora zużywanych przez
-procesy SSH/SCP. W wybranych zastosowaniach może ona wpłynąć
-na wyraźne przyspieszenie (podsłuchiwalnej) transmisji danych.
-%endif
%description -l pt.UTF-8
OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
@@ -329,10 +311,10 @@
Requires(pre): /bin/id
Requires(pre): /usr/sbin/useradd
Requires: %{name} = %{epoch}:%{version}-%{release}
-Suggests: /bin/login
Requires: pam >= 0.99.7.1
Requires: rc-scripts >= 0.4.1.23
Requires: util-linux
+Suggests: /bin/login
Provides: ssh-server
Provides: user(sshd)
@@ -469,8 +451,8 @@
This package contains OpenSSH LDAP Public Key schema for openldap.
%description -n openldap-schema-openssh-lpk -l pl.UTF-8
-Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH
-dla openldap-a.
+Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
+openldap-a.
%prep
%setup -q
@@ -706,6 +688,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.321 2009/09/04 11:40:29 glen
+- hpn patch updated to hpn13v6
+
Revision 1.320 2009/09/02 11:59:35 glen
- default config doesn't use /bin/login; rel 6
================================================================
Index: packages/openssh/openssh-5.2p1-hpn13v6.diff
diff -u /dev/null packages/openssh/openssh-5.2p1-hpn13v6.diff:1.1
--- /dev/null Fri Sep 4 13:40:35 2009
+++ packages/openssh/openssh-5.2p1-hpn13v6.diff Fri Sep 4 13:40:29 2009
@@ -0,0 +1,3693 @@
+diff -NupwB openssh-5.2p1-canonical/auth2.c openssh-5.2p1-hpn13v6/auth2.c
+--- openssh-5.2p1-canonical/auth2.c 2008-11-05 00:20:46.000000000 -0500
++++ openssh-5.2p1-hpn13v6/auth2.c 2009-05-14 12:36:10.000000000 -0400
+@@ -49,6 +49,7 @@
+ #include "dispatch.h"
+ #include "pathnames.h"
+ #include "buffer.h"
++#include "canohost.h"
+
+ #ifdef GSSAPI
+ #include "ssh-gss.h"
+@@ -75,6 +76,9 @@ extern Authmethod method_gssapi;
+ extern Authmethod method_jpake;
+ #endif
+
++static int log_flag = 0;
++
++
+ Authmethod *authmethods[] = {
+ &method_none,
+ &method_pubkey,
+@@ -225,6 +229,11 @@ input_userauth_request(int type, u_int32
+ service = packet_get_string(NULL);
+ method = packet_get_string(NULL);
+ debug("userauth-request for user %s service %s method %s", user, service, method);
++ if (!log_flag) {
++ logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s",
++ get_remote_ipaddr(), get_remote_port(), user);
++ log_flag = 1;
++ }
+ debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
+
+ if ((style = strchr(user, ':')) != NULL)
+diff -NupwB openssh-5.2p1-canonical/buffer.c openssh-5.2p1-hpn13v6/buffer.c
+--- openssh-5.2p1-canonical/buffer.c 2006-08-04 22:39:39.000000000 -0400
++++ openssh-5.2p1-hpn13v6/buffer.c 2009-05-14 12:36:10.000000000 -0400
+@@ -127,7 +127,7 @@ restart:
+
+ /* Increase the size of the buffer and retry. */
+ newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
+- if (newlen > BUFFER_MAX_LEN)
++ if (newlen > BUFFER_MAX_LEN_HPN)
+ fatal("buffer_append_space: alloc %u not supported",
+ newlen);
+ buffer->buf = xrealloc(buffer->buf, 1, newlen);
+diff -NupwB openssh-5.2p1-canonical/buffer.h openssh-5.2p1-hpn13v6/buffer.h
+--- openssh-5.2p1-canonical/buffer.h 2008-05-19 00:59:37.000000000 -0400
++++ openssh-5.2p1-hpn13v6/buffer.h 2009-05-14 12:36:10.000000000 -0400
+@@ -16,6 +16,9 @@
+ #ifndef BUFFER_H
+ #define BUFFER_H
+
++/* move the following to a more appropriate place and name */
++#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */
++
+ typedef struct {
+ u_char *buf; /* Buffer for data. */
+ u_int alloc; /* Number of bytes allocated for data. */
+diff -NupwB openssh-5.2p1-canonical/channels.c openssh-5.2p1-hpn13v6/channels.c
+--- openssh-5.2p1-canonical/channels.c 2009-02-14 00:28:21.000000000 -0500
++++ openssh-5.2p1-hpn13v6/channels.c 2009-05-14 12:36:10.000000000 -0400
+@@ -169,8 +169,14 @@ static void port_open_helper(Channel *c,
+ static int connect_next(struct channel_connect *);
+ static void channel_connect_ctx_free(struct channel_connect *);
+
++
++static int hpn_disabled = 0;
++static int hpn_buffer_size = 2 * 1024 * 1024;
++
+ /* -- channel core */
+
++
++
+ Channel *
+ channel_by_id(int id)
+ {
+@@ -308,6 +314,7 @@ channel_new(char *ctype, int type, int r
+ c->local_window_max = window;
+ c->local_consumed = 0;
+ c->local_maxpacket = maxpack;
++ c->dynamic_window = 0;
+ c->remote_id = -1;
+ c->remote_name = xstrdup(remote_name);
+ c->remote_window = 0;
+@@ -798,11 +805,35 @@ channel_pre_open_13(Channel *c, fd_set *
+ FD_SET(c->sock, writeset);
+ }
+
++int channel_tcpwinsz () {
++ u_int32_t tcpwinsz = 0;
++ socklen_t optsz = sizeof(tcpwinsz);
++ int ret = -1;
++
++ /* if we aren't on a socket return 128KB*/
++ if(!packet_connection_is_on_socket())
++ return(128*1024);
++ ret = getsockopt(packet_get_connection_in(),
++ SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
++ /* return no more than 64MB */
++ if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN)
++ tcpwinsz = BUFFER_MAX_LEN_HPN;
++ debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
++ packet_get_connection_in());
++ return(tcpwinsz);
++}
++
+ static void
+ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
+ {
+ u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
+
++ /* check buffer limits */
++ if ((!c->tcpwinsz) || (c->dynamic_window > 0))
++ c->tcpwinsz = channel_tcpwinsz();
++
++ limit = MIN(limit, 2 * c->tcpwinsz);
++
+ if (c->istate == CHAN_INPUT_OPEN &&
+ limit > 0 &&
+ buffer_len(&c->input) < limit &&
+@@ -1759,14 +1790,21 @@ channel_check_window(Channel *c)
+ c->local_maxpacket*3) ||
+ c->local_window < c->local_window_max/2) &&
+ c->local_consumed > 0) {
++ u_int addition = 0;
++ /* adjust max window size if we are in a dynamic environment */
++ if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
++ /* grow the window somewhat aggressively to maintain pressure */
++ addition = 1.5*(c->tcpwinsz - c->local_window_max);
++ c->local_window_max += addition;
++ }
+ packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
+ packet_put_int(c->remote_id);
+- packet_put_int(c->local_consumed);
++ packet_put_int(c->local_consumed + addition);
+ packet_send();
+ debug2("channel %d: window %d sent adjust %d",
+ c->self, c->local_window,
+ c->local_consumed);
+- c->local_window += c->local_consumed;
++ c->local_window += c->local_consumed + addition;
+ c->local_consumed = 0;
+ }
+ return 1;
+@@ -1969,11 +2007,12 @@ channel_after_select(fd_set *readset, fd
+
+
+ /* If there is data to send to the connection, enqueue some of it now. */
+-void
++int
+ channel_output_poll(void)
+ {
+ Channel *c;
+ u_int i, len;
++ int packet_length = 0;
+
+ for (i = 0; i < channels_alloc; i++) {
+ c = channels[i];
+@@ -2013,7 +2052,7 @@ channel_output_poll(void)
+ packet_start(SSH2_MSG_CHANNEL_DATA);
+ packet_put_int(c->remote_id);
+ packet_put_string(data, dlen);
+- packet_send();
++ packet_length = packet_send();
+ c->remote_window -= dlen + 4;
+ xfree(data);
+ }
+@@ -2043,7 +2082,7 @@ channel_output_poll(void)
+ SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA);
+ packet_put_int(c->remote_id);
+ packet_put_string(buffer_ptr(&c->input), len);
+- packet_send();
++ packet_length = packet_send();
+ buffer_consume(&c->input, len);
+ c->remote_window -= len;
+ }
+@@ -2078,12 +2117,13 @@ channel_output_poll(void)
+ packet_put_int(c->remote_id);
+ packet_put_int(SSH2_EXTENDED_DATA_STDERR);
+ packet_put_string(buffer_ptr(&c->extended), len);
+- packet_send();
++ packet_length = packet_send();
+ buffer_consume(&c->extended, len);
+ c->remote_window -= len;
+ debug2("channel %d: sent ext data %d", c->self, len);
+ }
+ }
++ return (packet_length);
+ }
+
+
+@@ -2459,6 +2499,15 @@ channel_set_af(int af)
+ IPv4or6 = af;
+ }
+
++
++void
++channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
++{
++ hpn_disabled = external_hpn_disabled;
++ hpn_buffer_size = external_hpn_buffer_size;
++ debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, hpn_buffer_size);
++}
++
+ static int
+ channel_setup_fwd_listener(int type, const char *listen_addr,
+ u_short listen_port, int *allocated_listen_port,
+@@ -2610,9 +2659,15 @@ channel_setup_fwd_listener(int type, con
+ }
+
+ /* Allocate a channel number for the socket. */
++ /* explicitly test for hpn disabled option. if true use smaller window size */
++ if (hpn_disabled)
+ c = channel_new("port listener", type, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+ 0, "port listener", 1);
++ else
++ c = channel_new("port listener", type, sock, sock, -1,
++ hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
++ 0, "port listener", 1);
+ c->path = xstrdup(host);
+ c->host_port = port_to_connect;
+ c->listening_port = listen_port;
+@@ -3151,10 +3206,17 @@ x11_create_display_inet(int x11_display_
+ *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
+ for (n = 0; n < num_socks; n++) {
+ sock = socks[n];
++ /* Is this really necassary? */
++ if (hpn_disabled)
+ nc = channel_new("x11 listener",
+ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+ 0, "X11 inet listener", 1);
++ else
++ nc = channel_new("x11 listener",
++ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
++ hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
++ 0, "X11 inet listener", 1);
+ nc->single_connection = single_connection;
+ (*chanids)[n] = nc->self;
+ }
+diff -NupwB openssh-5.2p1-canonical/channels.h openssh-5.2p1-hpn13v6/channels.h
+--- openssh-5.2p1-canonical/channels.h 2009-02-14 00:28:21.000000000 -0500
++++ openssh-5.2p1-hpn13v6/channels.h 2009-05-14 12:36:10.000000000 -0400
+@@ -115,8 +115,10 @@ struct Channel {
+ u_int local_window_max;
+ u_int local_consumed;
+ u_int local_maxpacket;
++ int dynamic_window;
+ int extended_usage;
+ int single_connection;
++ u_int tcpwinsz;
+
+ char *ctype; /* type */
+
+@@ -146,9 +148,11 @@ struct Channel {
+
+ /* default window/packet sizes for tcp/x11-fwd-channel */
+ #define CHAN_SES_PACKET_DEFAULT (32*1024)
+-#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
++#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
++
+ #define CHAN_TCP_PACKET_DEFAULT (32*1024)
+-#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
++#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
++
+ #define CHAN_X11_PACKET_DEFAULT (16*1024)
+ #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
+
+@@ -221,7 +225,7 @@ void channel_input_status_confirm(int,
+
+ void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int);
+ void channel_after_select(fd_set *, fd_set *);
+-void channel_output_poll(void);
++int channel_output_poll(void);
+
+ int channel_not_very_much_buffered_data(void);
+ void channel_close_all(void);
+@@ -277,4 +281,7 @@ void chan_rcvd_ieof(Channel *);
+ void chan_write_failed(Channel *);
+ void chan_obuf_empty(Channel *);
+
++/* hpn handler */
++void channel_set_hpn(int, int);
++
+ #endif
+diff -NupwB openssh-5.2p1-canonical/cipher.c openssh-5.2p1-hpn13v6/cipher.c
+--- openssh-5.2p1-canonical/cipher.c 2009-01-28 00:38:41.000000000 -0500
++++ openssh-5.2p1-hpn13v6/cipher.c 2009-05-14 12:36:10.000000000 -0400
+@@ -55,6 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(voi
+ extern const EVP_CIPHER *evp_ssh1_3des(void);
+ extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+ extern const EVP_CIPHER *evp_aes_128_ctr(void);
++extern const EVP_CIPHER *evp_aes_ctr_mt(void);
+ extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+
+ struct Cipher {
+@@ -82,9 +83,9 @@ struct Cipher {
+ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
+ { "rijndael-cbc at lysator.liu.se",
+ SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
+- { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
+- { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
+- { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
++ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_ctr_mt },
++ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_ctr_mt },
++ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_ctr_mt },
+ #ifdef USE_CIPHER_ACSS
+ { "acss at openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
+ #endif
+@@ -163,7 +164,8 @@ ciphers_valid(const char *names)
+ for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
+ (p = strsep(&cp, CIPHER_SEP))) {
+ c = cipher_by_name(p);
+- if (c == NULL || c->number != SSH_CIPHER_SSH2) {
++ if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
++c->number != SSH_CIPHER_NONE)) {
+ debug("bad cipher %s [%s]", p, names);
+ xfree(cipher_list);
+ return 0;
+@@ -337,6 +339,7 @@ cipher_get_keyiv(CipherContext *cc, u_ch
+ int evplen;
+
+ switch (c->number) {
++ case SSH_CIPHER_NONE:
+ case SSH_CIPHER_SSH2:
+ case SSH_CIPHER_DES:
+ case SSH_CIPHER_BLOWFISH:
+@@ -371,6 +374,7 @@ cipher_set_keyiv(CipherContext *cc, u_ch
+ int evplen = 0;
+
+ switch (c->number) {
++ case SSH_CIPHER_NONE:
+ case SSH_CIPHER_SSH2:
+ case SSH_CIPHER_DES:
+ case SSH_CIPHER_BLOWFISH:
+diff -NupwB openssh-5.2p1-canonical/cipher-ctr-mt.c openssh-5.2p1-hpn13v6/cipher-ctr-mt.c
+--- openssh-5.2p1-canonical/cipher-ctr-mt.c 1969-12-31 19:00:00.000000000 -0500
++++ openssh-5.2p1-hpn13v6/cipher-ctr-mt.c 2009-05-14 12:36:10.000000000 -0400
+@@ -0,0 +1,473 @@
++/*
++ * OpenSSH Multi-threaded AES-CTR Cipher
++ *
++ * Author: Benjamin Bennett <ben at psc.edu>
++ * Copyright (c) 2008 Pittsburgh Supercomputing Center. All rights reserved.
++ *
++ * Based on original OpenSSH AES-CTR cipher. Small portions remain unchanged,
++ * Copyright (c) 2003 Markus Friedl <markus at openbsd.org>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++#include "includes.h"
++
++#include <sys/types.h>
++
++#include <stdarg.h>
++#include <string.h>
++
++#include <openssl/evp.h>
++
++#include "xmalloc.h"
++#include "log.h"
++
++/* compatibility with old or broken OpenSSL versions */
++#include "openbsd-compat/openssl-compat.h"
++
++#ifndef USE_BUILTIN_RIJNDAEL
++#include <openssl/aes.h>
++#endif
++
++#include <pthread.h>
++
++/*-------------------- TUNABLES --------------------*/
++/* Number of pregen threads to use */
++#define CIPHER_THREADS 2
++
++/* Number of keystream queues */
++#define NUMKQ (CIPHER_THREADS + 2)
++
++/* Length of a keystream queue */
++#define KQLEN 4096
++
++/* Processor cacheline length */
++#define CACHELINE_LEN 64
++
++/* Collect thread stats and print at cancellation when in debug mode */
++/* #define CIPHER_THREAD_STATS */
++
++/* Use single-byte XOR instead of 8-byte XOR */
++/* #define CIPHER_BYTE_XOR */
++/*-------------------- END TUNABLES --------------------*/
++
++
++const EVP_CIPHER *evp_aes_ctr_mt(void);
++
++#ifdef CIPHER_THREAD_STATS
++/*
++ * Struct to collect thread stats
++ */
++struct thread_stats {
++ u_int fills;
++ u_int skips;
++ u_int waits;
++ u_int drains;
++};
++
++/*
++ * Debug print the thread stats
++ * Use with pthread_cleanup_push for displaying at thread cancellation
++ */
++static void
++thread_loop_stats(void *x)
++{
++ struct thread_stats *s = x;
++
++ debug("tid %lu - %u fills, %u skips, %u waits", pthread_self(),
++ s->fills, s->skips, s->waits);
++}
++
++ #define STATS_STRUCT(s) struct thread_stats s
++ #define STATS_INIT(s) { memset(&s, 0, sizeof(s)); }
++ #define STATS_FILL(s) { s.fills++; }
++ #define STATS_SKIP(s) { s.skips++; }
++ #define STATS_WAIT(s) { s.waits++; }
++ #define STATS_DRAIN(s) { s.drains++; }
++#else
++ #define STATS_STRUCT(s)
++ #define STATS_INIT(s)
++ #define STATS_FILL(s)
++ #define STATS_SKIP(s)
++ #define STATS_WAIT(s)
++ #define STATS_DRAIN(s)
++#endif
++
++/* Keystream Queue state */
++enum {
++ KQINIT,
++ KQEMPTY,
++ KQFILLING,
++ KQFULL,
++ KQDRAINING
++};
++
++/* Keystream Queue struct */
++struct kq {
++ u_char keys[KQLEN][AES_BLOCK_SIZE];
++ u_char ctr[AES_BLOCK_SIZE];
++ u_char pad0[CACHELINE_LEN];
++ volatile int qstate;
++ pthread_mutex_t lock;
++ pthread_cond_t cond;
++ u_char pad1[CACHELINE_LEN];
++};
++
++/* Context struct */
++struct ssh_aes_ctr_ctx
++{
++ struct kq q[NUMKQ];
++ AES_KEY aes_ctx;
++ STATS_STRUCT(stats);
++ u_char aes_counter[AES_BLOCK_SIZE];
++ pthread_t tid[CIPHER_THREADS];
++ int state;
++ int qidx;
++ int ridx;
++};
++
++/* <friedl>
++ * increment counter 'ctr',
++ * the counter is of size 'len' bytes and stored in network-byte-order.
++ * (LSB at ctr[len-1], MSB at ctr[0])
++ */
++static void
++ssh_ctr_inc(u_char *ctr, u_int len)
++{
++ int i;
++
++ for (i = len - 1; i >= 0; i--)
++ if (++ctr[i]) /* continue on overflow */
++ return;
++}
++
++/*
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssh/openssh.spec?r1=1.320&r2=1.321&f=u
More information about the pld-cvs-commit
mailing list