upstream: Make zlib optional. This adds a "ZLIB" build time option

that allows building without zlib compression and associated options. With feedback from markus@, ok djm@ OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
author: dtucker@openbsd.org <dtucker@openbsd.org> 2020-01-23 10:24:29 +0000
committer: Darren Tucker <dtucker@dtucker.net> 2020-01-23 21:53:54 +1100
commit: 7f8e66fea8c4e2a910df9067cb7638999b7764d5 (patch)
tree: 88c1a4a73a03cfa993fee0c1f23b6327ef1351a1
parent: 69ac4e33023b379e9a8e9b4b6aeeffa6d1fcf6fa (diff)
8 files changed, 91 insertions, 16 deletions
diff --git a/cipher.c b/cipher.c
index 25f98ba8e..820bc6ace 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.113 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.114 2020/01/23 10:24:29 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -143,6 +143,17 @@ cipher_alg_list(char sep, int auth_only)
        return ret;
 }
+const char *
+compression_alg_list(int compression)
+{
+#ifdef WITH_ZLIB
+        return compression ? "zlib@openssh.com,zlib,none" :
+            "none,zlib@openssh.com,zlib";
+#else
+        return "none";
+#endif
+}
 u_int
 cipher_blocksize(const struct sshcipher *c)
 {
diff --git a/cipher.h b/cipher.h
index 5843aab49..1a591cd7f 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.54 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.55 2020/01/23 10:24:29 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -54,6 +54,7 @@ const struct sshcipher *cipher_by_name(const char *);
 const char *cipher_warning_message(const struct sshcipher_ctx *);
 int      ciphers_valid(const char *);
 char    *cipher_alg_list(char, int);
+const char *compression_alg_list(int);
 int      cipher_init(struct sshcipher_ctx **, const struct sshcipher *,
    const u_char *, u_int, const u_char *, u_int, int);
 int      cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *,
diff --git a/kex.c b/kex.c
index 2195cea4e..ce85f0439 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.155 2019/10/08 22:40:39 dtucker Exp $ */
+/* $OpenBSD: kex.c,v 1.156 2020/01/23 10:24:29 dtucker Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 *
@@ -798,11 +798,14 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
        if (name == NULL)
                return SSH_ERR_NO_COMPRESS_ALG_MATCH;
+#ifdef WITH_ZLIB
        if (strcmp(name, "zlib@openssh.com") == 0) {
                comp->type = COMP_DELAYED;
        } else if (strcmp(name, "zlib") == 0) {
                comp->type = COMP_ZLIB;
-        } else if (strcmp(name, "none") == 0) {
+        } else
+#endif  /* WITH_ZLIB */
+        if (strcmp(name, "none") == 0) {
                comp->type = COMP_NONE;
        } else {
                error("%s: unsupported compression scheme %s", __func__, name);
diff --git a/packet.c b/packet.c
index 2b50ef415..cffadd9a4 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.287 2019/12/16 13:58:53 tobhe Exp $ */
+/* $OpenBSD: packet.c,v 1.288 2020/01/23 10:24:29 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -76,7 +76,9 @@
 # endif
 #endif
+#ifdef WITH_ZLIB
 #include <zlib.h>
+#endif
 #include "xmalloc.h"
 #include "compat.h"
@@ -150,9 +152,11 @@ struct session_state {
        /* Scratch buffer for packet compression/decompression. */
        struct sshbuf *compression_buffer;
+#ifdef WITH_ZLIB
        /* Incoming/outgoing compression dictionaries */
        z_stream compression_in_stream;
        z_stream compression_out_stream;
+#endif
        int compression_in_started;
        int compression_out_started;
        int compression_in_failures;
@@ -609,7 +613,8 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
                state->newkeys[mode] = NULL;
                ssh_clear_newkeys(ssh, mode);           /* next keys */
        }
-        /* compression state is in shared mem, so we can only release it once */
+#ifdef WITH_ZLIB
+        /* comression state is in shared mem, so we can only release it once */
        if (do_close && state->compression_buffer) {
                sshbuf_free(state->compression_buffer);
                if (state->compression_out_started) {
@@ -635,6 +640,7 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
                                inflateEnd(stream);
                }
        }
+#endif  /* WITH_ZLIB */
        cipher_free(state->send_context);
        cipher_free(state->receive_context);
        state->send_context = state->receive_context = NULL;
@@ -690,6 +696,7 @@ ssh_packet_init_compression(struct ssh *ssh)
        return 0;
 }
+#ifdef WITH_ZLIB
 static int
 start_compression_out(struct ssh *ssh, int level)
 {
@@ -821,6 +828,33 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
        /* NOTREACHED */
 }
+#else   /* WITH_ZLIB */
+static int
+start_compression_out(struct ssh *ssh, int level)
+{
+        return SSH_ERR_INTERNAL_ERROR;
+}
+static int
+start_compression_in(struct ssh *ssh)
+{
+        return SSH_ERR_INTERNAL_ERROR;
+}
+static int
+compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
+{
+        return SSH_ERR_INTERNAL_ERROR;
+}
+static int
+uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
+{
+        return SSH_ERR_INTERNAL_ERROR;
+}
+#endif  /* WITH_ZLIB */
 void
 ssh_clear_newkeys(struct ssh *ssh, int mode)
 {
diff --git a/readconf.c b/readconf.c
index 59443bfdb..b25984548 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.321 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.322 2020/01/23 10:24:29 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -837,6 +837,13 @@ static const struct multistate multistate_canonicalizehostname[] = {
        { "always",                     SSH_CANONICALISE_ALWAYS },
        { NULL, -1 }
 };
+static const struct multistate multistate_compression[] = {
+#ifdef WITH_ZLIB
+        { "yes",                        COMP_ZLIB },
+#endif
+        { "no",                         COMP_NONE },
+        { NULL, -1 }
+};
 /*
 * Processes a single option line as used in the configuration files. This
@@ -1046,7 +1053,8 @@ parse_time:
        case oCompression:
                intptr = &options->compression;
-                goto parse_flag;
+                multistate_ptr = multistate_compression;
+                goto parse_multistate;
        case oTCPKeepAlive:
                intptr = &options->tcp_keep_alive;
diff --git a/servconf.c b/servconf.c
index 1a4c49907..1e0718139 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.358 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.359 2020/01/23 10:24:29 dtucker Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -384,7 +384,12 @@ fill_default_server_options(ServerOptions *options)
                options->permit_user_env_whitelist = NULL;
        }
        if (options->compression == -1)
+#ifdef WITH_ZLIB
                options->compression = COMP_DELAYED;
+#else
+                options->compression = COMP_NONE;
+#endif
        if (options->rekey_limit == -1)
                options->rekey_limit = 0;
        if (options->rekey_interval == -1)
@@ -1213,8 +1218,10 @@ static const struct multistate multistate_permitrootlogin[] = {
        { NULL, -1 }
 };
 static const struct multistate multistate_compression[] = {
+#ifdef WITH_ZLIB
        { "yes",                        COMP_DELAYED },
        { "delayed",                    COMP_DELAYED },
+#endif
        { "no",                         COMP_NONE },
        { NULL, -1 }
 };
diff --git a/ssh.c b/ssh.c
index c0511f2a0..851d85b50 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.512 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.513 2020/01/23 10:24:29 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -602,6 +602,7 @@ main(int ac, char **av)
        struct addrinfo *addrs = NULL;
        struct ssh_digest_ctx *md;
        u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
+        size_t n, len;
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();
@@ -753,10 +754,16 @@ main(int ac, char **av)
                                cp = sshkey_alg_list(0, 1, 1, '\n');
                        else if (strcmp(optarg, "protocol-version") == 0)
                                cp = xstrdup("2");
-                        else if (strcmp(optarg, "help") == 0) {
+                        else if (strcmp(optarg, "compression") == 0) {
+                                cp = xstrdup(compression_alg_list(0));
+                                len = strlen(cp);
+                                for (n = 0; n < len; n++)
+                                        if (cp[n] == ',')
+                                                cp[n] = '\n';
+                        } else if (strcmp(optarg, "help") == 0) {
                                cp = xstrdup(
-                                    "cipher\ncipher-auth\nkex\nkey\n"
+                                    "cipher\ncipher-auth\ncompression\nkex\n"
-                                    "key-cert\nkey-plain\nmac\n"
+                                    "key\nkey-cert\nkey-plain\nmac\n"
                                    "protocol-version\nsig");
                        }
                        if (cp == NULL)
@@ -959,7 +966,11 @@ main(int ac, char **av)
                        break;
                case 'C':
+#ifdef WITH_ZLIB
                        options.compression = 1;
+#else
+                        error("Compression not supported, disabling.");
+#endif
                        break;
                case 'N':
                        no_shell_flag = 1;
diff --git a/sshconnect2.c b/sshconnect2.c
index 8d13310f2..3b84a2d56 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.317 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.318 2020/01/23 10:24:30 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -174,8 +174,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
        myproposal[PROPOSAL_ENC_ALGS_STOC] =
            compat_cipher_proposal(options.ciphers);
        myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-            myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
+            myproposal[PROPOSAL_COMP_ALGS_STOC] =
-            "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";
+            (char *)compression_alg_list(options.compression);
        myproposal[PROPOSAL_MAC_ALGS_CTOS] =
            myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
        if (options.hostkeyalgorithms != NULL) {
author	dtucker@openbsd.org <dtucker@openbsd.org>	2020-01-23 10:24:29 +0000
committer	Darren Tucker <dtucker@dtucker.net>	2020-01-23 21:53:54 +1100
commit	7f8e66fea8c4e2a910df9067cb7638999b7764d5 (patch)
tree	88c1a4a73a03cfa993fee0c1f23b6327ef1351a1
parent	69ac4e33023b379e9a8e9b4b6aeeffa6d1fcf6fa (diff)