8 files changed, 91 insertions, 16 deletions

diff --git a/cipher.c b/cipher.c
index 25f98ba8e..820bc6ace 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.113 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.114 2020/01/23 10:24:29 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -143,6 +143,17 @@ cipher_alg_list(char sep, int auth_only)
         return ret;
 }
 
+const char *
+compression_alg_list(int compression)
+{
+#ifdef WITH_ZLIB
+        return compression ? "zlib@openssh.com,zlib,none" :
+            "none,zlib@openssh.com,zlib";
+#else
+        return "none";
+#endif
+}
+
 u_int
 cipher_blocksize(const struct sshcipher *c)
 {
diff --git a/cipher.h b/cipher.h
index 5843aab49..1a591cd7f 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.54 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.55 2020/01/23 10:24:29 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -54,6 +54,7 @@ const struct sshcipher *cipher_by_name(const char *);
 const char *cipher_warning_message(const struct sshcipher_ctx *);
 int      ciphers_valid(const char *);
 char    *cipher_alg_list(char, int);
+const char *compression_alg_list(int);
 int      cipher_init(struct sshcipher_ctx **, const struct sshcipher *,
     const u_char *, u_int, const u_char *, u_int, int);
 int      cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *,
diff --git a/kex.c b/kex.c
index 2195cea4e..ce85f0439 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.155 2019/10/08 22:40:39 dtucker Exp $ */
+/* $OpenBSD: kex.c,v 1.156 2020/01/23 10:24:29 dtucker Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -798,11 +798,14 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
 
         if (name == NULL)
                 return SSH_ERR_NO_COMPRESS_ALG_MATCH;
+#ifdef WITH_ZLIB
         if (strcmp(name, "zlib@openssh.com") == 0) {
                 comp->type = COMP_DELAYED;
         } else if (strcmp(name, "zlib") == 0) {
                 comp->type = COMP_ZLIB;
-        } else if (strcmp(name, "none") == 0) {
+        } else
+#endif  /* WITH_ZLIB */
+        if (strcmp(name, "none") == 0) {
                 comp->type = COMP_NONE;
         } else {
                 error("%s: unsupported compression scheme %s", __func__, name);
diff --git a/packet.c b/packet.c
index 2b50ef415..cffadd9a4 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.287 2019/12/16 13:58:53 tobhe Exp $ */
+/* $OpenBSD: packet.c,v 1.288 2020/01/23 10:24:29 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -76,7 +76,9 @@
 # endif
 #endif
 
+#ifdef WITH_ZLIB
 #include <zlib.h>
+#endif
 
 #include "xmalloc.h"
 #include "compat.h"
@@ -150,9 +152,11 @@ struct session_state {
         /* Scratch buffer for packet compression/decompression. */
         struct sshbuf *compression_buffer;
 
+#ifdef WITH_ZLIB
         /* Incoming/outgoing compression dictionaries */
         z_stream compression_in_stream;
         z_stream compression_out_stream;
+#endif
         int compression_in_started;
         int compression_out_started;
         int compression_in_failures;
@@ -609,7 +613,8 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
                 state->newkeys[mode] = NULL;
                 ssh_clear_newkeys(ssh, mode);           /* next keys */
         }
-        /* compression state is in shared mem, so we can only release it once */
+#ifdef WITH_ZLIB
+        /* comression state is in shared mem, so we can only release it once */
         if (do_close && state->compression_buffer) {
                 sshbuf_free(state->compression_buffer);
                 if (state->compression_out_started) {
@@ -635,6 +640,7 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
                                 inflateEnd(stream);
                 }
         }
+#endif  /* WITH_ZLIB */
         cipher_free(state->send_context);
         cipher_free(state->receive_context);
         state->send_context = state->receive_context = NULL;
@@ -690,6 +696,7 @@ ssh_packet_init_compression(struct ssh *ssh)
         return 0;
 }
 
+#ifdef WITH_ZLIB
 static int
 start_compression_out(struct ssh *ssh, int level)
 {
@@ -821,6 +828,33 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
         /* NOTREACHED */
 }
 
+#else   /* WITH_ZLIB */
+
+static int
+start_compression_out(struct ssh *ssh, int level)
+{
+        return SSH_ERR_INTERNAL_ERROR;
+}
+
+static int
+start_compression_in(struct ssh *ssh)
+{
+        return SSH_ERR_INTERNAL_ERROR;
+}
+
+static int
+compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
+{
+        return SSH_ERR_INTERNAL_ERROR;
+}
+
+static int
+uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
+{
+        return SSH_ERR_INTERNAL_ERROR;
+}
+#endif  /* WITH_ZLIB */
+
 void
 ssh_clear_newkeys(struct ssh *ssh, int mode)
 {
diff --git a/readconf.c b/readconf.c
index 59443bfdb..b25984548 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.321 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.322 2020/01/23 10:24:29 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -837,6 +837,13 @@ static const struct multistate multistate_canonicalizehostname[] = {
         { "always",                     SSH_CANONICALISE_ALWAYS },
         { NULL, -1 }
 };
+static const struct multistate multistate_compression[] = {
+#ifdef WITH_ZLIB
+        { "yes",                        COMP_ZLIB },
+#endif
+        { "no",                         COMP_NONE },
+        { NULL, -1 }
+};
 
 /*
  * Processes a single option line as used in the configuration files. This
@@ -1046,7 +1053,8 @@ parse_time:
 
         case oCompression:
                 intptr = &options->compression;
-                goto parse_flag;
+                multistate_ptr = multistate_compression;
+                goto parse_multistate;
 
         case oTCPKeepAlive:
                 intptr = &options->tcp_keep_alive;
diff --git a/servconf.c b/servconf.c
index 1a4c49907..1e0718139 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.358 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.359 2020/01/23 10:24:29 dtucker Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -384,7 +384,12 @@ fill_default_server_options(ServerOptions *options)
                 options->permit_user_env_whitelist = NULL;
         }
         if (options->compression == -1)
+#ifdef WITH_ZLIB
                 options->compression = COMP_DELAYED;
+#else
+                options->compression = COMP_NONE;
+#endif
+
         if (options->rekey_limit == -1)
                 options->rekey_limit = 0;
         if (options->rekey_interval == -1)
@@ -1213,8 +1218,10 @@ static const struct multistate multistate_permitrootlogin[] = {
         { NULL, -1 }
 };
 static const struct multistate multistate_compression[] = {
+#ifdef WITH_ZLIB
         { "yes",                        COMP_DELAYED },
         { "delayed",                    COMP_DELAYED },
+#endif
         { "no",                         COMP_NONE },
         { NULL, -1 }
 };
diff --git a/ssh.c b/ssh.c
index c0511f2a0..851d85b50 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.512 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.513 2020/01/23 10:24:29 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -602,6 +602,7 @@ main(int ac, char **av)
         struct addrinfo *addrs = NULL;
         struct ssh_digest_ctx *md;
         u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
+        size_t n, len;
 
         /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
         sanitise_stdfd();
@@ -753,10 +754,16 @@ main(int ac, char **av)
                                 cp = sshkey_alg_list(0, 1, 1, '\n');
                         else if (strcmp(optarg, "protocol-version") == 0)
                                 cp = xstrdup("2");
-                        else if (strcmp(optarg, "help") == 0) {
+                        else if (strcmp(optarg, "compression") == 0) {
+                                cp = xstrdup(compression_alg_list(0));
+                                len = strlen(cp);
+                                for (n = 0; n < len; n++)
+                                        if (cp[n] == ',')
+                                                cp[n] = '\n';
+                        } else if (strcmp(optarg, "help") == 0) {
                                 cp = xstrdup(
-                                    "cipher\ncipher-auth\nkex\nkey\n"
-                                    "key-cert\nkey-plain\nmac\n"
+                                    "cipher\ncipher-auth\ncompression\nkex\n"
+                                    "key\nkey-cert\nkey-plain\nmac\n"
                                     "protocol-version\nsig");
                         }
                         if (cp == NULL)
@@ -959,7 +966,11 @@ main(int ac, char **av)
                         break;
 
                 case 'C':
+#ifdef WITH_ZLIB
                         options.compression = 1;
+#else
+                        error("Compression not supported, disabling.");
+#endif
                         break;
                 case 'N':
                         no_shell_flag = 1;
diff --git a/sshconnect2.c b/sshconnect2.c
index 8d13310f2..3b84a2d56 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.317 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.318 2020/01/23 10:24:30 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -174,8 +174,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
         myproposal[PROPOSAL_ENC_ALGS_STOC] =
             compat_cipher_proposal(options.ciphers);
         myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-            myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
-            "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";
+            myproposal[PROPOSAL_COMP_ALGS_STOC] =
+            (char *)compression_alg_list(options.compression);
         myproposal[PROPOSAL_MAC_ALGS_CTOS] =
             myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
         if (options.hostkeyalgorithms != NULL) {