1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
--- openssh-7.9p1.orig/cipher-ctr-mt.c 2018-10-24 20:48:00.909255466 -0000
+++ openssh-7.9p1/cipher-ctr-mt.c 2018-10-24 20:48:17.378155144 -0000
@@ -46,7 +46,7 @@
/*-------------------- TUNABLES --------------------*/
/* maximum number of threads and queues */
-#define MAX_THREADS 32
+#define MAX_THREADS 32
#define MAX_NUMKQ (MAX_THREADS * 2)
/* Number of pregen threads to use */
@@ -435,7 +435,7 @@
destp.u += AES_BLOCK_SIZE;
srcp.u += AES_BLOCK_SIZE;
len -= AES_BLOCK_SIZE;
- ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
+ ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
/* Increment read index, switch queues on rollover */
if ((ridx = (ridx + 1) % KQLEN) == 0) {
@@ -481,8 +481,6 @@
/* get the number of cores in the system */
/* if it's not linux it currently defaults to 2 */
/* divide by 2 to get threads for each direction (MODE_IN||MODE_OUT) */
- /* NB: assigning a float to an int discards the remainder which is */
- /* acceptable (and wanted) in this case */
#ifdef __linux__
cipher_threads = sysconf(_SC_NPROCESSORS_ONLN) / 2;
#endif /*__linux__*/
@@ -505,11 +503,12 @@
if (cipher_threads < 2)
cipher_threads = 2;
- /* assure that we aren't trying to create more threads than we have in the struct */
- /* cipher_threads is half the total of allowable threads hence the odd looking math here */
+ /* assure that we aren't trying to create more threads */
+ /* than we have in the struct. cipher_threads is half the */
+ /* total of allowable threads hence the odd looking math here */
if (cipher_threads * 2 > MAX_THREADS)
cipher_threads = MAX_THREADS / 2;
-
+
/* set the number of keystream queues */
numkq = cipher_threads * 2;
@@ -551,16 +550,16 @@
}
if (iv != NULL) {
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
c->state |= HAVE_IV;
}
if (c->state == (HAVE_KEY | HAVE_IV)) {
/* Clear queues */
- memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE);
+ memcpy(c->q[0].ctr, c->aes_counter, AES_BLOCK_SIZE);
c->q[0].qstate = KQINIT;
for (i = 1; i < numkq; i++) {
- memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE);
+ memcpy(c->q[i].ctr, c->aes_counter, AES_BLOCK_SIZE);
ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE);
c->q[i].qstate = KQEMPTY;
}
@@ -644,8 +643,22 @@
const EVP_CIPHER *
evp_aes_ctr_mt(void)
{
+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL && !defined(LIBRESSL_VERSION_NUMBER)
+ static EVP_CIPHER *aes_ctr;
+ aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
+ EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
+ EVP_CIPHER_meth_set_init(aes_ctr, ssh_aes_ctr_init);
+ EVP_CIPHER_meth_set_cleanup(aes_ctr, ssh_aes_ctr_cleanup);
+ EVP_CIPHER_meth_set_do_cipher(aes_ctr, ssh_aes_ctr);
+# ifndef SSH_OLD_EVP
+ EVP_CIPHER_meth_set_flags(aes_ctr, EVP_CIPH_CBC_MODE
+ | EVP_CIPH_VARIABLE_LENGTH
+ | EVP_CIPH_ALWAYS_CALL_INIT
+ | EVP_CIPH_CUSTOM_IV);
+# endif /*SSH_OLD_EVP*/
+ return (aes_ctr);
+# else /*earlier version of openssl*/
static EVP_CIPHER aes_ctr;
-
memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
aes_ctr.nid = NID_undef;
aes_ctr.block_size = AES_BLOCK_SIZE;
@@ -654,11 +667,12 @@
aes_ctr.init = ssh_aes_ctr_init;
aes_ctr.cleanup = ssh_aes_ctr_cleanup;
aes_ctr.do_cipher = ssh_aes_ctr;
-#ifndef SSH_OLD_EVP
- aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
-#endif
- return &aes_ctr;
+# ifndef SSH_OLD_EVP
+ aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+# endif /*SSH_OLD_EVP*/
+ return &aes_ctr;
+# endif /*OPENSSH_VERSION_NUMBER*/
}
#endif /* defined(WITH_OPENSSL) */
|