diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-09-28 20:32:42 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-09-29 06:54:50 +1000 |
commit | 4577adead6a7d600c8e764619d99477a08192c8f (patch) | |
tree | 1f825ee75953b95abab5a88ee9f8e241cab9eec1 | |
parent | 80d1c963b4dc84ffd11d09617b39c4bffda08956 (diff) |
upstream commit
restore pre-auth compression support in the client -- the
previous commit was intended to remove it from the server only.
remove a few server-side pre-auth compression bits that escaped
adjust wording of Compression directive in sshd_config(5)
pointed out by naddy@ ok markus@
Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
-rw-r--r-- | kex.c | 4 | ||||
-rw-r--r-- | kex.h | 5 | ||||
-rw-r--r-- | packet.c | 7 | ||||
-rw-r--r-- | servconf.c | 4 | ||||
-rw-r--r-- | sshconnect2.c | 4 | ||||
-rw-r--r-- | sshd_config.5 | 12 |
6 files changed, 17 insertions, 19 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.124 2016/09/22 17:52:53 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.125 2016/09/28 20:32:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -684,8 +684,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server) | |||
684 | return SSH_ERR_NO_COMPRESS_ALG_MATCH; | 684 | return SSH_ERR_NO_COMPRESS_ALG_MATCH; |
685 | if (strcmp(name, "zlib@openssh.com") == 0) { | 685 | if (strcmp(name, "zlib@openssh.com") == 0) { |
686 | comp->type = COMP_DELAYED; | 686 | comp->type = COMP_DELAYED; |
687 | } else if (strcmp(name, "zlib") == 0) { | ||
688 | comp->type = COMP_ZLIB; | ||
689 | } else if (strcmp(name, "none") == 0) { | 687 | } else if (strcmp(name, "none") == 0) { |
690 | comp->type = COMP_NONE; | 688 | comp->type = COMP_NONE; |
691 | } else { | 689 | } else { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.79 2016/09/22 21:15:41 djm Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.80 2016/09/28 20:32:42 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -64,8 +64,7 @@ | |||
64 | #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" | 64 | #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" |
65 | 65 | ||
66 | #define COMP_NONE 0 | 66 | #define COMP_NONE 0 |
67 | #define COMP_ZLIB 1 | 67 | #define COMP_DELAYED 1 |
68 | #define COMP_DELAYED 2 | ||
69 | 68 | ||
70 | #define CURVE25519_SIZE 32 | 69 | #define CURVE25519_SIZE 32 |
71 | 70 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.239 2016/09/28 16:33:07 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.240 2016/09/28 20:32:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -965,9 +965,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) | |||
965 | /* explicit_bzero(enc->iv, enc->block_size); | 965 | /* explicit_bzero(enc->iv, enc->block_size); |
966 | explicit_bzero(enc->key, enc->key_len); | 966 | explicit_bzero(enc->key, enc->key_len); |
967 | explicit_bzero(mac->key, mac->key_len); */ | 967 | explicit_bzero(mac->key, mac->key_len); */ |
968 | if ((comp->type == COMP_ZLIB || | 968 | if (comp->type == COMP_DELAYED && state->after_authentication && |
969 | (comp->type == COMP_DELAYED && | 969 | comp->enabled == 0) { |
970 | state->after_authentication)) && comp->enabled == 0) { | ||
971 | if ((r = ssh_packet_init_compression(ssh)) < 0) | 970 | if ((r = ssh_packet_init_compression(ssh)) < 0) |
972 | return r; | 971 | return r; |
973 | if (mode == MODE_OUT) { | 972 | if (mode == MODE_OUT) { |
diff --git a/servconf.c b/servconf.c index 51feb051f..4bf0b2a35 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.296 2016/09/28 16:33:07 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.297 2016/09/28 20:32:42 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -920,8 +920,8 @@ static const struct multistate multistate_permitrootlogin[] = { | |||
920 | { NULL, -1 } | 920 | { NULL, -1 } |
921 | }; | 921 | }; |
922 | static const struct multistate multistate_compression[] = { | 922 | static const struct multistate multistate_compression[] = { |
923 | { "delayed", COMP_DELAYED }, | ||
924 | { "yes", COMP_DELAYED }, | 923 | { "yes", COMP_DELAYED }, |
924 | { "delayed", COMP_DELAYED }, | ||
925 | { "no", COMP_NONE }, | 925 | { "no", COMP_NONE }, |
926 | { NULL, -1 } | 926 | { NULL, -1 } |
927 | }; | 927 | }; |
diff --git a/sshconnect2.c b/sshconnect2.c index a633e76cb..7a8b7ea97 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.249 2016/09/28 16:33:07 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
174 | compat_cipher_proposal(options.ciphers); | 174 | compat_cipher_proposal(options.ciphers); |
175 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 175 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
176 | myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? | 176 | myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? |
177 | "zlib@openssh.com,none" : "none,zlib@openssh.com"; | 177 | "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; |
178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = | 178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = |
179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | 179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; |
180 | if (options.hostkeyalgorithms != NULL) { | 180 | if (options.hostkeyalgorithms != NULL) { |
diff --git a/sshd_config.5 b/sshd_config.5 index 59c9ea471..b5d361e1d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.235 2016/09/22 19:19:01 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.236 2016/09/28 20:32:42 djm Exp $ |
37 | .Dd $Mdocdate: September 22 2016 $ | 37 | .Dd $Mdocdate: September 28 2016 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -529,15 +529,17 @@ channel to request a response from the client. | |||
529 | The default | 529 | The default |
530 | is 0, indicating that these messages will not be sent to the client. | 530 | is 0, indicating that these messages will not be sent to the client. |
531 | .It Cm Compression | 531 | .It Cm Compression |
532 | Specifies whether compression is allowed, or delayed until | 532 | Specifies whether compression is enabled after |
533 | the user has authenticated successfully. | 533 | the user has authenticated successfully. |
534 | The argument must be | 534 | The argument must be |
535 | .Dq yes , | 535 | .Dq yes , |
536 | .Dq delayed , | 536 | .Dq delayed |
537 | (a legacy synonym for | ||
538 | .Dq yes ) | ||
537 | or | 539 | or |
538 | .Dq no . | 540 | .Dq no . |
539 | The default is | 541 | The default is |
540 | .Dq delayed . | 542 | .Dq yes . |
541 | .It Cm DenyGroups | 543 | .It Cm DenyGroups |
542 | This keyword can be followed by a list of group name patterns, separated | 544 | This keyword can be followed by a list of group name patterns, separated |
543 | by spaces. | 545 | by spaces. |