[openssh-commits] [openssh] 02/07: upstream: Make zlib optional. This adds a "ZLIB" build time option
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Jan 23 22:34:57 AEDT 2020
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 7f8e66fea8c4e2a910df9067cb7638999b7764d5
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Thu Jan 23 10:24:29 2020 +0000
upstream: Make zlib optional. This adds a "ZLIB" build time option
that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@
OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
---
cipher.c | 13 ++++++++++++-
cipher.h | 3 ++-
kex.c | 7 +++++--
packet.c | 38 ++++++++++++++++++++++++++++++++++++--
readconf.c | 12 ++++++++++--
servconf.c | 9 ++++++++-
ssh.c | 19 +++++++++++++++----
sshconnect2.c | 6 +++---
8 files changed, 91 insertions(+), 16 deletions(-)
diff --git a/cipher.c b/cipher.c
index 25f98ba8..820bc6ac 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.113 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.114 2020/01/23 10:24:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -143,6 +143,17 @@ cipher_alg_list(char sep, int auth_only)
return ret;
}
+const char *
+compression_alg_list(int compression)
+{
+#ifdef WITH_ZLIB
+ return compression ? "zlib at openssh.com,zlib,none" :
+ "none,zlib at openssh.com,zlib";
+#else
+ return "none";
+#endif
+}
+
u_int
cipher_blocksize(const struct sshcipher *c)
{
diff --git a/cipher.h b/cipher.h
index 5843aab4..1a591cd7 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.54 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.55 2020/01/23 10:24:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -54,6 +54,7 @@ const struct sshcipher *cipher_by_name(const char *);
const char *cipher_warning_message(const struct sshcipher_ctx *);
int ciphers_valid(const char *);
char *cipher_alg_list(char, int);
+const char *compression_alg_list(int);
int cipher_init(struct sshcipher_ctx **, const struct sshcipher *,
const u_char *, u_int, const u_char *, u_int, int);
int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *,
diff --git a/kex.c b/kex.c
index 2195cea4..ce85f043 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.155 2019/10/08 22:40:39 dtucker Exp $ */
+/* $OpenBSD: kex.c,v 1.156 2020/01/23 10:24:29 dtucker Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -798,11 +798,14 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
if (name == NULL)
return SSH_ERR_NO_COMPRESS_ALG_MATCH;
+#ifdef WITH_ZLIB
if (strcmp(name, "zlib at openssh.com") == 0) {
comp->type = COMP_DELAYED;
} else if (strcmp(name, "zlib") == 0) {
comp->type = COMP_ZLIB;
- } else if (strcmp(name, "none") == 0) {
+ } else
+#endif /* WITH_ZLIB */
+ if (strcmp(name, "none") == 0) {
comp->type = COMP_NONE;
} else {
error("%s: unsupported compression scheme %s", __func__, name);
diff --git a/packet.c b/packet.c
index 2b50ef41..cffadd9a 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.287 2019/12/16 13:58:53 tobhe Exp $ */
+/* $OpenBSD: packet.c,v 1.288 2020/01/23 10:24:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -76,7 +76,9 @@
# endif
#endif
+#ifdef WITH_ZLIB
#include <zlib.h>
+#endif
#include "xmalloc.h"
#include "compat.h"
@@ -150,9 +152,11 @@ struct session_state {
/* Scratch buffer for packet compression/decompression. */
struct sshbuf *compression_buffer;
+#ifdef WITH_ZLIB
/* Incoming/outgoing compression dictionaries */
z_stream compression_in_stream;
z_stream compression_out_stream;
+#endif
int compression_in_started;
int compression_out_started;
int compression_in_failures;
@@ -609,7 +613,8 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
state->newkeys[mode] = NULL;
ssh_clear_newkeys(ssh, mode); /* next keys */
}
- /* compression state is in shared mem, so we can only release it once */
+#ifdef WITH_ZLIB
+ /* comression state is in shared mem, so we can only release it once */
if (do_close && state->compression_buffer) {
sshbuf_free(state->compression_buffer);
if (state->compression_out_started) {
@@ -635,6 +640,7 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close)
inflateEnd(stream);
}
}
+#endif /* WITH_ZLIB */
cipher_free(state->send_context);
cipher_free(state->receive_context);
state->send_context = state->receive_context = NULL;
@@ -690,6 +696,7 @@ ssh_packet_init_compression(struct ssh *ssh)
return 0;
}
+#ifdef WITH_ZLIB
static int
start_compression_out(struct ssh *ssh, int level)
{
@@ -821,6 +828,33 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
/* NOTREACHED */
}
+#else /* WITH_ZLIB */
+
+static int
+start_compression_out(struct ssh *ssh, int level)
+{
+ return SSH_ERR_INTERNAL_ERROR;
+}
+
+static int
+start_compression_in(struct ssh *ssh)
+{
+ return SSH_ERR_INTERNAL_ERROR;
+}
+
+static int
+compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
+{
+ return SSH_ERR_INTERNAL_ERROR;
+}
+
+static int
+uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
+{
+ return SSH_ERR_INTERNAL_ERROR;
+}
+#endif /* WITH_ZLIB */
+
void
ssh_clear_newkeys(struct ssh *ssh, int mode)
{
diff --git a/readconf.c b/readconf.c
index 59443bfd..b2598454 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.321 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.322 2020/01/23 10:24:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -837,6 +837,13 @@ static const struct multistate multistate_canonicalizehostname[] = {
{ "always", SSH_CANONICALISE_ALWAYS },
{ NULL, -1 }
};
+static const struct multistate multistate_compression[] = {
+#ifdef WITH_ZLIB
+ { "yes", COMP_ZLIB },
+#endif
+ { "no", COMP_NONE },
+ { NULL, -1 }
+};
/*
* Processes a single option line as used in the configuration files. This
@@ -1046,7 +1053,8 @@ parse_time:
case oCompression:
intptr = &options->compression;
- goto parse_flag;
+ multistate_ptr = multistate_compression;
+ goto parse_multistate;
case oTCPKeepAlive:
intptr = &options->tcp_keep_alive;
diff --git a/servconf.c b/servconf.c
index 1a4c4990..1e071813 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.358 2020/01/23 02:46:49 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.359 2020/01/23 10:24:29 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -384,7 +384,12 @@ fill_default_server_options(ServerOptions *options)
options->permit_user_env_whitelist = NULL;
}
if (options->compression == -1)
+#ifdef WITH_ZLIB
options->compression = COMP_DELAYED;
+#else
+ options->compression = COMP_NONE;
+#endif
+
if (options->rekey_limit == -1)
options->rekey_limit = 0;
if (options->rekey_interval == -1)
@@ -1213,8 +1218,10 @@ static const struct multistate multistate_permitrootlogin[] = {
{ NULL, -1 }
};
static const struct multistate multistate_compression[] = {
+#ifdef WITH_ZLIB
{ "yes", COMP_DELAYED },
{ "delayed", COMP_DELAYED },
+#endif
{ "no", COMP_NONE },
{ NULL, -1 }
};
diff --git a/ssh.c b/ssh.c
index c0511f2a..851d85b5 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.512 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.513 2020/01/23 10:24:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -602,6 +602,7 @@ main(int ac, char **av)
struct addrinfo *addrs = NULL;
struct ssh_digest_ctx *md;
u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
+ size_t n, len;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
@@ -753,10 +754,16 @@ main(int ac, char **av)
cp = sshkey_alg_list(0, 1, 1, '\n');
else if (strcmp(optarg, "protocol-version") == 0)
cp = xstrdup("2");
- else if (strcmp(optarg, "help") == 0) {
+ else if (strcmp(optarg, "compression") == 0) {
+ cp = xstrdup(compression_alg_list(0));
+ len = strlen(cp);
+ for (n = 0; n < len; n++)
+ if (cp[n] == ',')
+ cp[n] = '\n';
+ } else if (strcmp(optarg, "help") == 0) {
cp = xstrdup(
- "cipher\ncipher-auth\nkex\nkey\n"
- "key-cert\nkey-plain\nmac\n"
+ "cipher\ncipher-auth\ncompression\nkex\n"
+ "key\nkey-cert\nkey-plain\nmac\n"
"protocol-version\nsig");
}
if (cp == NULL)
@@ -959,7 +966,11 @@ main(int ac, char **av)
break;
case 'C':
+#ifdef WITH_ZLIB
options.compression = 1;
+#else
+ error("Compression not supported, disabling.");
+#endif
break;
case 'N':
no_shell_flag = 1;
diff --git a/sshconnect2.c b/sshconnect2.c
index 8d13310f..3b84a2d5 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.317 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.318 2020/01/23 10:24:30 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -174,8 +174,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(options.ciphers);
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
- "zlib at openssh.com,zlib,none" : "none,zlib at openssh.com,zlib";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] =
+ (char *)compression_alg_list(options.compression);
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
if (options.hostkeyalgorithms != NULL) {
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list