From 7f8e66fea8c4e2a910df9067cb7638999b7764d5 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 23 Jan 2020 10:24:29 +0000 Subject: [PATCH] upstream: Make zlib optional. This adds a "ZLIB" build time option that allows building without zlib compression and associated options. With feedback from markus@, ok djm@ OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910 --- cipher.c | 13 ++++++++++++- cipher.h | 3 ++- kex.c | 7 +++++-- packet.c | 38 ++++++++++++++++++++++++++++++++++++-- readconf.c | 12 ++++++++++-- servconf.c | 9 ++++++++- ssh.c | 19 +++++++++++++++---- sshconnect2.c | 6 +++--- 8 files changed, 91 insertions(+), 16 deletions(-) diff --git a/cipher.c b/cipher.c index 25f98ba8e..820bc6ace 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.113 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.114 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -143,6 +143,17 @@ cipher_alg_list(char sep, int auth_only) return ret; } +const char * +compression_alg_list(int compression) +{ +#ifdef WITH_ZLIB + return compression ? "zlib@openssh.com,zlib,none" : + "none,zlib@openssh.com,zlib"; +#else + return "none"; +#endif +} + u_int cipher_blocksize(const struct sshcipher *c) { diff --git a/cipher.h b/cipher.h index 5843aab49..1a591cd7f 100644 --- a/cipher.h +++ b/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.54 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: cipher.h,v 1.55 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -54,6 +54,7 @@ const struct sshcipher *cipher_by_name(const char *); const char *cipher_warning_message(const struct sshcipher_ctx *); int ciphers_valid(const char *); char *cipher_alg_list(char, int); +const char *compression_alg_list(int); int cipher_init(struct sshcipher_ctx **, const struct sshcipher *, const u_char *, u_int, const u_char *, u_int, int); int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *, diff --git a/kex.c b/kex.c index 2195cea4e..ce85f0439 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.155 2019/10/08 22:40:39 dtucker Exp $ */ +/* $OpenBSD: kex.c,v 1.156 2020/01/23 10:24:29 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -798,11 +798,14 @@ choose_comp(struct sshcomp *comp, char *client, char *server) if (name == NULL) return SSH_ERR_NO_COMPRESS_ALG_MATCH; +#ifdef WITH_ZLIB if (strcmp(name, "zlib@openssh.com") == 0) { comp->type = COMP_DELAYED; } else if (strcmp(name, "zlib") == 0) { comp->type = COMP_ZLIB; - } else if (strcmp(name, "none") == 0) { + } else +#endif /* WITH_ZLIB */ + if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { error("%s: unsupported compression scheme %s", __func__, name); diff --git a/packet.c b/packet.c index 2b50ef415..cffadd9a4 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.287 2019/12/16 13:58:53 tobhe Exp $ */ +/* $OpenBSD: packet.c,v 1.288 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -76,7 +76,9 @@ # endif #endif +#ifdef WITH_ZLIB #include +#endif #include "xmalloc.h" #include "compat.h" @@ -150,9 +152,11 @@ struct session_state { /* Scratch buffer for packet compression/decompression. */ struct sshbuf *compression_buffer; +#ifdef WITH_ZLIB /* Incoming/outgoing compression dictionaries */ z_stream compression_in_stream; z_stream compression_out_stream; +#endif int compression_in_started; int compression_out_started; int compression_in_failures; @@ -609,7 +613,8 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close) state->newkeys[mode] = NULL; ssh_clear_newkeys(ssh, mode); /* next keys */ } - /* compression state is in shared mem, so we can only release it once */ +#ifdef WITH_ZLIB + /* comression state is in shared mem, so we can only release it once */ if (do_close && state->compression_buffer) { sshbuf_free(state->compression_buffer); if (state->compression_out_started) { @@ -635,6 +640,7 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close) inflateEnd(stream); } } +#endif /* WITH_ZLIB */ cipher_free(state->send_context); cipher_free(state->receive_context); state->send_context = state->receive_context = NULL; @@ -690,6 +696,7 @@ ssh_packet_init_compression(struct ssh *ssh) return 0; } +#ifdef WITH_ZLIB static int start_compression_out(struct ssh *ssh, int level) { @@ -821,6 +828,33 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) /* NOTREACHED */ } +#else /* WITH_ZLIB */ + +static int +start_compression_out(struct ssh *ssh, int level) +{ + return SSH_ERR_INTERNAL_ERROR; +} + +static int +start_compression_in(struct ssh *ssh) +{ + return SSH_ERR_INTERNAL_ERROR; +} + +static int +compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) +{ + return SSH_ERR_INTERNAL_ERROR; +} + +static int +uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) +{ + return SSH_ERR_INTERNAL_ERROR; +} +#endif /* WITH_ZLIB */ + void ssh_clear_newkeys(struct ssh *ssh, int mode) { diff --git a/readconf.c b/readconf.c index 59443bfdb..b25984548 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.321 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.322 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -837,6 +837,13 @@ static const struct multistate multistate_canonicalizehostname[] = { { "always", SSH_CANONICALISE_ALWAYS }, { NULL, -1 } }; +static const struct multistate multistate_compression[] = { +#ifdef WITH_ZLIB + { "yes", COMP_ZLIB }, +#endif + { "no", COMP_NONE }, + { NULL, -1 } +}; /* * Processes a single option line as used in the configuration files. This @@ -1046,7 +1053,8 @@ parse_time: case oCompression: intptr = &options->compression; - goto parse_flag; + multistate_ptr = multistate_compression; + goto parse_multistate; case oTCPKeepAlive: intptr = &options->tcp_keep_alive; diff --git a/servconf.c b/servconf.c index 1a4c49907..1e0718139 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.358 2020/01/23 02:46:49 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.359 2020/01/23 10:24:29 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -384,7 +384,12 @@ fill_default_server_options(ServerOptions *options) options->permit_user_env_whitelist = NULL; } if (options->compression == -1) +#ifdef WITH_ZLIB options->compression = COMP_DELAYED; +#else + options->compression = COMP_NONE; +#endif + if (options->rekey_limit == -1) options->rekey_limit = 0; if (options->rekey_interval == -1) @@ -1213,8 +1218,10 @@ static const struct multistate multistate_permitrootlogin[] = { { NULL, -1 } }; static const struct multistate multistate_compression[] = { +#ifdef WITH_ZLIB { "yes", COMP_DELAYED }, { "delayed", COMP_DELAYED }, +#endif { "no", COMP_NONE }, { NULL, -1 } }; diff --git a/ssh.c b/ssh.c index c0511f2a0..851d85b50 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.512 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.513 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -602,6 +602,7 @@ main(int ac, char **av) struct addrinfo *addrs = NULL; struct ssh_digest_ctx *md; u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; + size_t n, len; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -753,10 +754,16 @@ main(int ac, char **av) cp = sshkey_alg_list(0, 1, 1, '\n'); else if (strcmp(optarg, "protocol-version") == 0) cp = xstrdup("2"); - else if (strcmp(optarg, "help") == 0) { + else if (strcmp(optarg, "compression") == 0) { + cp = xstrdup(compression_alg_list(0)); + len = strlen(cp); + for (n = 0; n < len; n++) + if (cp[n] == ',') + cp[n] = '\n'; + } else if (strcmp(optarg, "help") == 0) { cp = xstrdup( - "cipher\ncipher-auth\nkex\nkey\n" - "key-cert\nkey-plain\nmac\n" + "cipher\ncipher-auth\ncompression\nkex\n" + "key\nkey-cert\nkey-plain\nmac\n" "protocol-version\nsig"); } if (cp == NULL) @@ -959,7 +966,11 @@ main(int ac, char **av) break; case 'C': +#ifdef WITH_ZLIB options.compression = 1; +#else + error("Compression not supported, disabling."); +#endif break; case 'N': no_shell_flag = 1; diff --git a/sshconnect2.c b/sshconnect2.c index 8d13310f2..3b84a2d56 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.317 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.318 2020/01/23 10:24:30 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -174,8 +174,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? - "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = + (char *)compression_alg_list(options.compression); myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) {