From 10ccf611ab8ecba9ce6b0548c5ccd8c1220baf92 Mon Sep 17 00:00:00 2001
From: "deraadt@openbsd.org" <deraadt@openbsd.org>
Date: Fri, 23 Aug 2024 04:51:00 +0000
Subject: [PATCH] upstream: As defined in the RFC, the SSH protocol has
 negotiable

compression support (which is requested as the name "zlib"). Compression
starts very early in the session. Relative early in OpenSSH lifetime, privsep
was added to sshd, and this required a shared-memory hack so the two
processes could see what was going on in the dataflow.  This shared-memory
hack was soon recognized as a tremendous complexity risk, because it put libz
(which very much trusts it's memory) in a dangerous place, and a new option
("zlib@openssh.com") was added begins compression after authentication (aka
delayed-compression).  That change also permitted removal of the
shared-memory hack. Despite removal from the server, the old "zlib" support
remained in the client, to allow negotiation with non-OpenSSH daemons which
lack the delayed-compression option. This commit deletes support for the
older "zlib" option in the client. It reduces our featureset in a small way,
and encourages other servers to move to a better design. The SSH protocol is
different enough that compressed-key-material attacks like BEAST are
unlikely, but who wants to take the chance? We encourage other ssh servers
who care about optional compression support to add delayed-zlib support.
(Some already do "zlib@openssh.com") ok djm markus

OpenBSD-Commit-ID: 6df986f38e4ab389f795a6e39e7c6857a763ba72
---
 cipher.c   | 6 +++---
 kex.c      | 4 +---
 kex.h      | 4 +---
 packet.c   | 7 +++----
 readconf.c | 4 ++--
 5 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/cipher.c b/cipher.c
index 9c2fbd6cfc3..7d6e7d8c65e 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.122 2024/08/14 15:42:18 tobias Exp $ */
+/* $OpenBSD: cipher.c,v 1.123 2024/08/23 04:51:00 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -143,8 +143,8 @@ const char *
 compression_alg_list(int compression)
 {
 #ifdef WITH_ZLIB
-	return compression ? "zlib@openssh.com,zlib,none" :
-	    "none,zlib@openssh.com,zlib";
+	return compression ? "zlib@openssh.com,none" :
+	    "none,zlib@openssh.com";
 #else
 	return "none";
 #endif
diff --git a/kex.c b/kex.c
index 63aae5d71ee..6b957e5e18f 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.186 2024/05/17 00:30:23 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.187 2024/08/23 04:51:00 deraadt Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -842,8 +842,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
 #ifdef WITH_ZLIB
 	if (strcmp(name, "zlib@openssh.com") == 0) {
 		comp->type = COMP_DELAYED;
-	} else if (strcmp(name, "zlib") == 0) {
-		comp->type = COMP_ZLIB;
 	} else
 #endif	/* WITH_ZLIB */
 	if (strcmp(name, "none") == 0) {
diff --git a/kex.h b/kex.h
index 4b3ece669da..6700302137f 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.124 2024/08/22 23:11:30 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.125 2024/08/23 04:51:00 deraadt Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -66,8 +66,6 @@
 #define	KEX_SNTRUP761X25519_SHA512_OLD	"sntrup761x25519-sha512@openssh.com"
 
 #define COMP_NONE	0
-/* pre-auth compression (COMP_ZLIB) is only supported in the client */
-#define COMP_ZLIB	1
 #define COMP_DELAYED	2
 
 #define CURVE25519_SIZE 32
diff --git a/packet.c b/packet.c
index e6ae2013b2b..486f8515746 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.316 2024/08/15 00:51:51 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.317 2024/08/23 04:51:00 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1015,9 +1015,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
 	/* explicit_bzero(enc->iv,  enc->block_size);
 	   explicit_bzero(enc->key, enc->key_len);
 	   explicit_bzero(mac->key, mac->key_len); */
-	if ((comp->type == COMP_ZLIB ||
-	    (comp->type == COMP_DELAYED &&
-	    state->after_authentication)) && comp->enabled == 0) {
+	if (((comp->type == COMP_DELAYED && state->after_authentication)) &&
+	    comp->enabled == 0) {
 		if ((r = ssh_packet_init_compression(ssh)) < 0)
 			return r;
 		if (mode == MODE_OUT) {
diff --git a/readconf.c b/readconf.c
index 4e3791cb7cc..1d0ba0e723a 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.387 2024/05/17 02:39:11 jsg Exp $ */
+/* $OpenBSD: readconf.c,v 1.388 2024/08/23 04:51:00 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1002,7 +1002,7 @@ static const struct multistate multistate_pubkey_auth[] = {
 };
 static const struct multistate multistate_compression[] = {
 #ifdef WITH_ZLIB
-	{ "yes",			COMP_ZLIB },
+	{ "yes",			COMP_DELAYED },
 #endif
 	{ "no",				COMP_NONE },
 	{ NULL, -1 }