From b7689155f3f5c4999846c07a852b1c7a43b09cec Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 28 Sep 2016 21:44:52 +0000
Subject: [PATCH] upstream commit

put back some pre-auth zlib bits that I shouldn't have
removed - they are still used by the client. Spotted by naddy@

Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2
---
 kex.c    | 4 +++-
 kex.h    | 5 +++--
 packet.c | 7 ++++---
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/kex.c b/kex.c
index c122361f2..3f97f8c00 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.125 2016/09/28 20:32:42 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.126 2016/09/28 21:44:52 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -684,6 +684,8 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
 		return SSH_ERR_NO_COMPRESS_ALG_MATCH;
 	if (strcmp(name, "zlib@openssh.com") == 0) {
 		comp->type = COMP_DELAYED;
+	} else if (strcmp(name, "zlib") == 0) {
+		comp->type = COMP_ZLIB;
 	} else if (strcmp(name, "none") == 0) {
 		comp->type = COMP_NONE;
 	} else {
diff --git a/kex.h b/kex.h
index 318c41d4a..3794f2127 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.80 2016/09/28 20:32:42 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.81 2016/09/28 21:44:52 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -64,7 +64,8 @@
 #define	KEX_CURVE25519_SHA256_OLD	"curve25519-sha256@libssh.org"
 
 #define COMP_NONE	0
-#define COMP_DELAYED	1
+#define COMP_ZLIB	1
+#define COMP_DELAYED	2
 
 #define CURVE25519_SIZE 32
 
diff --git a/packet.c b/packet.c
index 337304bd0..50de0267a 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.240 2016/09/28 20:32:42 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.241 2016/09/28 21:44:52 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -965,8 +965,9 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
 	/* explicit_bzero(enc->iv,  enc->block_size);
 	   explicit_bzero(enc->key, enc->key_len);
 	   explicit_bzero(mac->key, mac->key_len); */
-	if (comp->type == COMP_DELAYED && state->after_authentication &&
-	    comp->enabled == 0) {
+	if ((comp->type == COMP_ZLIB ||
+	    (comp->type == COMP_DELAYED &&
+	     state->after_authentication)) && comp->enabled == 0) {
 		if ((r = ssh_packet_init_compression(ssh)) < 0)
 			return r;
 		if (mode == MODE_OUT) {