From 168b46f405d6736960ba7930389eecb9b6710b7e Mon Sep 17 00:00:00 2001 From: "sf@openbsd.org" Date: Mon, 9 Jul 2018 13:37:10 +0000 Subject: [PATCH] upstream: Revert previous two commits It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@ OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772 --- kex.c | 4 +++- kex.h | 3 ++- monitor_wrap.c | 4 +++- packet.c | 11 ++++++----- servconf.c | 8 ++++---- sshconnect2.c | 4 ++-- 6 files changed, 20 insertions(+), 14 deletions(-) diff --git a/kex.c b/kex.c index b111c4a54..25f9f66f6 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.140 2018/07/06 09:06:14 sf Exp $ */ +/* $OpenBSD: kex.c,v 1.141 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -741,6 +741,8 @@ choose_comp(struct sshcomp *comp, char *client, char *server) if (name == NULL) return SSH_ERR_NO_COMPRESS_ALG_MATCH; if (strcmp(name, "zlib@openssh.com") == 0) { + comp->type = COMP_DELAYED; + } else if (strcmp(name, "zlib") == 0) { comp->type = COMP_ZLIB; } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; diff --git a/kex.h b/kex.h index b57f985ef..e3816047a 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.87 2018/07/06 09:06:14 sf Exp $ */ +/* $OpenBSD: kex.h,v 1.88 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -65,6 +65,7 @@ #define COMP_NONE 0 #define COMP_ZLIB 1 +#define COMP_DELAYED 2 #define CURVE25519_SIZE 32 diff --git a/monitor_wrap.c b/monitor_wrap.c index e280fd2ad..012ab01a9 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.100 2018/07/06 09:05:01 sf Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.101 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -84,6 +84,8 @@ #include "ssherr.h" /* Imports */ +extern z_stream incoming_stream; +extern z_stream outgoing_stream; extern struct monitor *pmonitor; extern Buffer loginmsg; extern ServerOptions options; diff --git a/packet.c b/packet.c index 2e87e520f..4d91792e0 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.274 2018/07/06 09:06:14 sf Exp $ */ +/* $OpenBSD: packet.c,v 1.275 2018/07/09 13:37:10 sf Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -879,8 +879,9 @@ ssh_set_newkeys(struct ssh *ssh, int mode) /* explicit_bzero(enc->iv, enc->block_size); explicit_bzero(enc->key, enc->key_len); explicit_bzero(mac->key, mac->key_len); */ - if (comp->type == COMP_ZLIB && state->after_authentication - && comp->enabled == 0) { + if ((comp->type == COMP_ZLIB || + (comp->type == COMP_DELAYED && + state->after_authentication)) && comp->enabled == 0) { if ((r = ssh_packet_init_compression(ssh)) < 0) return r; if (mode == MODE_OUT) { @@ -970,7 +971,7 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) /* * Remember that we are past the authentication step, so rekeying - * with COMP_ZLIB will turn on compression immediately. + * with COMP_DELAYED will turn on compression immediately. */ state->after_authentication = 1; for (mode = 0; mode < MODE_MAX; mode++) { @@ -978,7 +979,7 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) if (state->newkeys[mode] == NULL) continue; comp = &state->newkeys[mode]->comp; - if (comp && !comp->enabled && comp->type == COMP_ZLIB) { + if (comp && !comp->enabled && comp->type == COMP_DELAYED) { if ((r = ssh_packet_init_compression(ssh)) != 0) return r; if (mode == MODE_OUT) { diff --git a/servconf.c b/servconf.c index f5272b0f9..97c268e3c 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.336 2018/07/06 09:06:14 sf Exp $ */ +/* $OpenBSD: servconf.c,v 1.337 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -349,7 +349,7 @@ fill_default_server_options(ServerOptions *options) options->permit_user_env_whitelist = NULL; } if (options->compression == -1) - options->compression = COMP_ZLIB; + options->compression = COMP_DELAYED; if (options->rekey_limit == -1) options->rekey_limit = 0; if (options->rekey_interval == -1) @@ -1170,8 +1170,8 @@ static const struct multistate multistate_permitrootlogin[] = { { NULL, -1 } }; static const struct multistate multistate_compression[] = { - { "yes", COMP_ZLIB }, - { "delayed", COMP_ZLIB }, + { "yes", COMP_DELAYED }, + { "delayed", COMP_DELAYED }, { "no", COMP_NONE }, { NULL, -1 } }; diff --git a/sshconnect2.c b/sshconnect2.c index 183484e08..4bc0a7034 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.276 2018/07/06 09:05:01 sf Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.277 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? - "zlib@openssh.com,none" : "none,zlib@openssh.com"; + "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) {