diff options
author | sf@openbsd.org <sf@openbsd.org> | 2018-07-09 13:37:10 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-10 15:13:41 +1000 |
commit | 168b46f405d6736960ba7930389eecb9b6710b7e (patch) | |
tree | aab4c134cce64b06caefa41246805d69daab4fe8 | |
parent | ab39267fa1243d02b6c330615539fc4b21e17dc4 (diff) |
upstream: Revert previous two commits
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:
date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB
Only delayed compression is supported nowadays.
ok markus@
date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
-rw-r--r-- | kex.c | 4 | ||||
-rw-r--r-- | kex.h | 3 | ||||
-rw-r--r-- | monitor_wrap.c | 4 | ||||
-rw-r--r-- | packet.c | 11 | ||||
-rw-r--r-- | servconf.c | 8 | ||||
-rw-r--r-- | sshconnect2.c | 4 |
6 files changed, 20 insertions, 14 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.140 2018/07/06 09:06:14 sf Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.141 2018/07/09 13:37:10 sf Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -741,6 +741,8 @@ choose_comp(struct sshcomp *comp, char *client, char *server) | |||
741 | if (name == NULL) | 741 | if (name == NULL) |
742 | return SSH_ERR_NO_COMPRESS_ALG_MATCH; | 742 | return SSH_ERR_NO_COMPRESS_ALG_MATCH; |
743 | if (strcmp(name, "zlib@openssh.com") == 0) { | 743 | if (strcmp(name, "zlib@openssh.com") == 0) { |
744 | comp->type = COMP_DELAYED; | ||
745 | } else if (strcmp(name, "zlib") == 0) { | ||
744 | comp->type = COMP_ZLIB; | 746 | comp->type = COMP_ZLIB; |
745 | } else if (strcmp(name, "none") == 0) { | 747 | } else if (strcmp(name, "none") == 0) { |
746 | comp->type = COMP_NONE; | 748 | comp->type = COMP_NONE; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.87 2018/07/06 09:06:14 sf Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.88 2018/07/09 13:37:10 sf Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -65,6 +65,7 @@ | |||
65 | 65 | ||
66 | #define COMP_NONE 0 | 66 | #define COMP_NONE 0 |
67 | #define COMP_ZLIB 1 | 67 | #define COMP_ZLIB 1 |
68 | #define COMP_DELAYED 2 | ||
68 | 69 | ||
69 | #define CURVE25519_SIZE 32 | 70 | #define CURVE25519_SIZE 32 |
70 | 71 | ||
diff --git a/monitor_wrap.c b/monitor_wrap.c index e280fd2ad..012ab01a9 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.c,v 1.100 2018/07/06 09:05:01 sf Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.101 2018/07/09 13:37:10 sf Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -84,6 +84,8 @@ | |||
84 | #include "ssherr.h" | 84 | #include "ssherr.h" |
85 | 85 | ||
86 | /* Imports */ | 86 | /* Imports */ |
87 | extern z_stream incoming_stream; | ||
88 | extern z_stream outgoing_stream; | ||
87 | extern struct monitor *pmonitor; | 89 | extern struct monitor *pmonitor; |
88 | extern Buffer loginmsg; | 90 | extern Buffer loginmsg; |
89 | extern ServerOptions options; | 91 | extern ServerOptions options; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.274 2018/07/06 09:06:14 sf Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.275 2018/07/09 13:37:10 sf Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -879,8 +879,9 @@ ssh_set_newkeys(struct ssh *ssh, int mode) | |||
879 | /* explicit_bzero(enc->iv, enc->block_size); | 879 | /* explicit_bzero(enc->iv, enc->block_size); |
880 | explicit_bzero(enc->key, enc->key_len); | 880 | explicit_bzero(enc->key, enc->key_len); |
881 | explicit_bzero(mac->key, mac->key_len); */ | 881 | explicit_bzero(mac->key, mac->key_len); */ |
882 | if (comp->type == COMP_ZLIB && state->after_authentication | 882 | if ((comp->type == COMP_ZLIB || |
883 | && comp->enabled == 0) { | 883 | (comp->type == COMP_DELAYED && |
884 | state->after_authentication)) && comp->enabled == 0) { | ||
884 | if ((r = ssh_packet_init_compression(ssh)) < 0) | 885 | if ((r = ssh_packet_init_compression(ssh)) < 0) |
885 | return r; | 886 | return r; |
886 | if (mode == MODE_OUT) { | 887 | if (mode == MODE_OUT) { |
@@ -970,7 +971,7 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) | |||
970 | 971 | ||
971 | /* | 972 | /* |
972 | * Remember that we are past the authentication step, so rekeying | 973 | * Remember that we are past the authentication step, so rekeying |
973 | * with COMP_ZLIB will turn on compression immediately. | 974 | * with COMP_DELAYED will turn on compression immediately. |
974 | */ | 975 | */ |
975 | state->after_authentication = 1; | 976 | state->after_authentication = 1; |
976 | for (mode = 0; mode < MODE_MAX; mode++) { | 977 | for (mode = 0; mode < MODE_MAX; mode++) { |
@@ -978,7 +979,7 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) | |||
978 | if (state->newkeys[mode] == NULL) | 979 | if (state->newkeys[mode] == NULL) |
979 | continue; | 980 | continue; |
980 | comp = &state->newkeys[mode]->comp; | 981 | comp = &state->newkeys[mode]->comp; |
981 | if (comp && !comp->enabled && comp->type == COMP_ZLIB) { | 982 | if (comp && !comp->enabled && comp->type == COMP_DELAYED) { |
982 | if ((r = ssh_packet_init_compression(ssh)) != 0) | 983 | if ((r = ssh_packet_init_compression(ssh)) != 0) |
983 | return r; | 984 | return r; |
984 | if (mode == MODE_OUT) { | 985 | if (mode == MODE_OUT) { |
diff --git a/servconf.c b/servconf.c index f5272b0f9..97c268e3c 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.336 2018/07/06 09:06:14 sf Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.337 2018/07/09 13:37:10 sf Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -349,7 +349,7 @@ fill_default_server_options(ServerOptions *options) | |||
349 | options->permit_user_env_whitelist = NULL; | 349 | options->permit_user_env_whitelist = NULL; |
350 | } | 350 | } |
351 | if (options->compression == -1) | 351 | if (options->compression == -1) |
352 | options->compression = COMP_ZLIB; | 352 | options->compression = COMP_DELAYED; |
353 | if (options->rekey_limit == -1) | 353 | if (options->rekey_limit == -1) |
354 | options->rekey_limit = 0; | 354 | options->rekey_limit = 0; |
355 | if (options->rekey_interval == -1) | 355 | if (options->rekey_interval == -1) |
@@ -1170,8 +1170,8 @@ static const struct multistate multistate_permitrootlogin[] = { | |||
1170 | { NULL, -1 } | 1170 | { NULL, -1 } |
1171 | }; | 1171 | }; |
1172 | static const struct multistate multistate_compression[] = { | 1172 | static const struct multistate multistate_compression[] = { |
1173 | { "yes", COMP_ZLIB }, | 1173 | { "yes", COMP_DELAYED }, |
1174 | { "delayed", COMP_ZLIB }, | 1174 | { "delayed", COMP_DELAYED }, |
1175 | { "no", COMP_NONE }, | 1175 | { "no", COMP_NONE }, |
1176 | { NULL, -1 } | 1176 | { NULL, -1 } |
1177 | }; | 1177 | }; |
diff --git a/sshconnect2.c b/sshconnect2.c index 183484e08..4bc0a7034 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.276 2018/07/06 09:05:01 sf Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.277 2018/07/09 13:37:10 sf Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
174 | compat_cipher_proposal(options.ciphers); | 174 | compat_cipher_proposal(options.ciphers); |
175 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 175 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
176 | myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? | 176 | myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? |
177 | "zlib@openssh.com,none" : "none,zlib@openssh.com"; | 177 | "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; |
178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = | 178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = |
179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | 179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; |
180 | if (options.hostkeyalgorithms != NULL) { | 180 | if (options.hostkeyalgorithms != NULL) { |