https://bugzilla.mindrot.org/show_bug.cgi?id=3655 https://github.com/openssh/openssh-portable/commit/fe6c6330c1a94c7a537efe9069853ce7a275c50a https://bugs.gentoo.org/929191 From fe6c6330c1a94c7a537efe9069853ce7a275c50a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 13 Oct 2024 22:20:06 +0000 Subject: [PATCH] upstream: don't start the ObscureKeystrokeTiming mitigations if there has been traffic on a X11 forwarding channel recently. Should fix X11 forwarding performance problems when this setting is enabled. Patch from Antonio Larrosa via bz3655 OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab --- a/channels.c +++ b/channels.c @@ -5336,3 +5336,22 @@ x11_request_forwarding_with_spoofing(struct ssh *ssh, int client_session_id, fatal_fr(r, "send x11-req"); free(new_data); } + +/* + * Returns whether an x11 channel was used recently (less than a second ago) + */ +int +x11_channel_used_recently(struct ssh *ssh) { + u_int i; + Channel *c; + time_t lastused = 0; + + for (i = 0; i < ssh->chanctxt->channels_alloc; i++) { + c = ssh->chanctxt->channels[i]; + if (c == NULL || c->ctype == NULL || c->lastused == 0 || + strcmp(c->ctype, "x11-connection") != 0) + continue; + lastused = c->lastused; + } + return lastused != 0 && monotime() > lastused + 1; +} --- a/channels.h +++ b/channels.h @@ -382,6 +382,7 @@ int x11_connect_display(struct ssh *); int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **); void x11_request_forwarding_with_spoofing(struct ssh *, int, const char *, const char *, const char *, int); +int x11_channel_used_recently(struct ssh *ssh); /* channel close */ --- a/clientloop.c +++ b/clientloop.c @@ -659,9 +659,10 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout, if (just_started) return 1; - /* Don't arm output fd for poll until the timing interval has elapsed */ + /* Don't arm output fd for poll until the timing interval has elapsed... */ if (timespeccmp(&now, &next_interval, <)) - return 0; + /* ...unless there's x11 communicattion happening */ + return x11_channel_used_recently(ssh); /* Calculate number of intervals missed since the last check */ n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000;