diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2020-01-23 10:24:31 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2020-01-23 10:24:31 +0000 |
| commit | 5c2f3155ce4f7609061759dd4894c6d716202256 (patch) | |
| tree | f9a1f0c69b0786087e801ef6794c6f384fc3f128 /usr.bin | |
| parent | f23ed0d7ffd13324e8d7c0a8ecd84b856fbeb8ab (diff) | |
Make zlib optional. This adds a "ZLIB" build time option that allows
building without zlib compression and associated options. With feedback
from markus@, ok djm@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/Makefile.inc | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/cipher.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/cipher.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/kex.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/packet.c | 36 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.c | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keyscan/Makefile | 11 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keysign/Makefile | 11 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 19 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh/Makefile | 11 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd/Makefile | 11 |
13 files changed, 128 insertions, 28 deletions
diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc index 63877868418..5d7ac0bad40 100644 --- a/usr.bin/ssh/Makefile.inc +++ b/usr.bin/ssh/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.80 2019/12/13 19:09:10 djm Exp $ +# $OpenBSD: Makefile.inc,v 1.81 2020/01/23 10:24:29 dtucker Exp $ .include <bsd.own.mk> @@ -34,11 +34,16 @@ CDIAGFLAGS+= -Wold-style-definition WARNINGS=yes OPENSSL?= yes +ZLIB?= yes .if (${OPENSSL:L} == "yes") CFLAGS+= -DWITH_OPENSSL .endif +.if (${ZLIB:L} == "yes") +CFLAGS+= -DWITH_ZLIB +.endif + CFLAGS+= -DENABLE_PKCS11 .ifndef NOPIC CFLAGS+= -DHAVE_DLOPEN diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c index 94ea6e744bc..714d4591554 100644 --- a/usr.bin/ssh/cipher.c +++ b/usr.bin/ssh/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.113 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.114 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -135,6 +135,17 @@ cipher_alg_list(char sep, int auth_only) return ret; } +const char * +compression_alg_list(int compression) +{ +#ifdef WITH_ZLIB + return compression ? "zlib@openssh.com,zlib,none" : + "none,zlib@openssh.com,zlib"; +#else + return "none"; +#endif +} + u_int cipher_blocksize(const struct sshcipher *c) { diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h index 5843aab4931..1a591cd7fd4 100644 --- a/usr.bin/ssh/cipher.h +++ b/usr.bin/ssh/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.54 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: cipher.h,v 1.55 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -54,6 +54,7 @@ const struct sshcipher *cipher_by_name(const char *); const char *cipher_warning_message(const struct sshcipher_ctx *); int ciphers_valid(const char *); char *cipher_alg_list(char, int); +const char *compression_alg_list(int); int cipher_init(struct sshcipher_ctx **, const struct sshcipher *, const u_char *, u_int, const u_char *, u_int, int); int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *, diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 148196aef6b..3f12dbce16f 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.155 2019/10/08 22:40:39 dtucker Exp $ */ +/* $OpenBSD: kex.c,v 1.156 2020/01/23 10:24:29 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -783,11 +783,14 @@ choose_comp(struct sshcomp *comp, char *client, char *server) if (name == NULL) return SSH_ERR_NO_COMPRESS_ALG_MATCH; +#ifdef WITH_ZLIB if (strcmp(name, "zlib@openssh.com") == 0) { comp->type = COMP_DELAYED; } else if (strcmp(name, "zlib") == 0) { comp->type = COMP_ZLIB; - } else if (strcmp(name, "none") == 0) { + } else +#endif /* WITH_ZLIB */ + if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { error("%s: unsupported compression scheme %s", __func__, name); diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 9a3dda208fb..fac27fbd6e3 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.287 2019/12/16 13:58:53 tobhe Exp $ */ +/* $OpenBSD: packet.c,v 1.288 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -56,7 +56,9 @@ #include <signal.h> #include <time.h> +#ifdef WITH_ZLIB #include <zlib.h> +#endif #include "xmalloc.h" #include "compat.h" @@ -130,9 +132,11 @@ struct session_state { /* Scratch buffer for packet compression/decompression. */ struct sshbuf *compression_buffer; +#ifdef WITH_ZLIB /* Incoming/outgoing compression dictionaries */ z_stream compression_in_stream; z_stream compression_out_stream; +#endif int compression_in_started; int compression_out_started; int compression_in_failures; @@ -584,6 +588,7 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close) state->newkeys[mode] = NULL; ssh_clear_newkeys(ssh, mode); /* next keys */ } +#ifdef WITH_ZLIB /* comression state is in shared mem, so we can only release it once */ if (do_close && state->compression_buffer) { sshbuf_free(state->compression_buffer); @@ -610,6 +615,7 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close) inflateEnd(stream); } } +#endif /* WITH_ZLIB */ cipher_free(state->send_context); cipher_free(state->receive_context); state->send_context = state->receive_context = NULL; @@ -665,6 +671,7 @@ ssh_packet_init_compression(struct ssh *ssh) return 0; } +#ifdef WITH_ZLIB static int start_compression_out(struct ssh *ssh, int level) { @@ -796,6 +803,33 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) /* NOTREACHED */ } +#else /* WITH_ZLIB */ + +static int +start_compression_out(struct ssh *ssh, int level) +{ + return SSH_ERR_INTERNAL_ERROR; +} + +static int +start_compression_in(struct ssh *ssh) +{ + return SSH_ERR_INTERNAL_ERROR; +} + +static int +compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) +{ + return SSH_ERR_INTERNAL_ERROR; +} + +static int +uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) +{ + return SSH_ERR_INTERNAL_ERROR; +} +#endif /* WITH_ZLIB */ + void ssh_clear_newkeys(struct ssh *ssh, int mode) { diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 9c3a8560876..11a5d677a4f 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.321 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.322 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -823,6 +823,13 @@ static const struct multistate multistate_canonicalizehostname[] = { { "always", SSH_CANONICALISE_ALWAYS }, { NULL, -1 } }; +static const struct multistate multistate_compression[] = { +#ifdef WITH_ZLIB + { "yes", COMP_ZLIB }, +#endif + { "no", COMP_NONE }, + { NULL, -1 } +}; /* * Processes a single option line as used in the configuration files. This @@ -1032,7 +1039,8 @@ parse_time: case oCompression: intptr = &options->compression; - goto parse_flag; + multistate_ptr = multistate_compression; + goto parse_multistate; case oTCPKeepAlive: intptr = &options->tcp_keep_alive; diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index ad5fa8f76be..78540b226f3 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.358 2020/01/23 02:46:49 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.359 2020/01/23 10:24:29 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -363,7 +363,12 @@ fill_default_server_options(ServerOptions *options) options->permit_user_env_whitelist = NULL; } if (options->compression == -1) +#ifdef WITH_ZLIB options->compression = COMP_DELAYED; +#else + options->compression = COMP_NONE; +#endif + if (options->rekey_limit == -1) options->rekey_limit = 0; if (options->rekey_interval == -1) @@ -1156,8 +1161,10 @@ static const struct multistate multistate_permitrootlogin[] = { { NULL, -1 } }; static const struct multistate multistate_compression[] = { +#ifdef WITH_ZLIB { "yes", COMP_DELAYED }, { "delayed", COMP_DELAYED }, +#endif { "no", COMP_NONE }, { NULL, -1 } }; diff --git a/usr.bin/ssh/ssh-keyscan/Makefile b/usr.bin/ssh/ssh-keyscan/Makefile index db192787b2d..28e5fba2bb0 100644 --- a/usr.bin/ssh/ssh-keyscan/Makefile +++ b/usr.bin/ssh/ssh-keyscan/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.15 2019/12/13 19:09:10 djm Exp $ +# $OpenBSD: Makefile,v 1.16 2020/01/23 10:24:30 dtucker Exp $ .PATH: ${.CURDIR}/.. @@ -12,6 +12,11 @@ BINDIR= /usr/bin .include <bsd.prog.mk> -LDADD+= -lcrypto -lz -lutil -DPADD+= ${LIBCRYPTO} ${LIBZ} ${LIBUTIL} +LDADD+= -lcrypto -lutil +DPADD+= ${LIBCRYPTO} ${LIBUTIL} + +.if (${ZLIB:L} == "yes") +LDADD+= -lz +DPADD+= ${LIBZ} +.endif diff --git a/usr.bin/ssh/ssh-keysign/Makefile b/usr.bin/ssh/ssh-keysign/Makefile index e3eaa153a73..3f690c08aaa 100644 --- a/usr.bin/ssh/ssh-keysign/Makefile +++ b/usr.bin/ssh/ssh-keysign/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.18 2019/12/13 19:09:10 djm Exp $ +# $OpenBSD: Makefile,v 1.19 2020/01/23 10:24:30 dtucker Exp $ .PATH: ${.CURDIR}/.. @@ -16,5 +16,10 @@ MAN= ssh-keysign.8 .include <bsd.prog.mk> -LDADD+= -lcrypto -lutil -lz -DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} +LDADD+= -lcrypto -lutil +DPADD+= ${LIBCRYPTO} ${LIBUTIL} + +.if (${ZLIB:L} == "yes") +LDADD+= -lz +DPADD+= ${LIBZ} +.endif diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 6797afe0d47..ca15feba7e8 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.512 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.513 2020/01/23 10:24:29 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -586,6 +586,7 @@ main(int ac, char **av) struct addrinfo *addrs = NULL; struct ssh_digest_ctx *md; u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; + size_t n, len; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -727,10 +728,16 @@ main(int ac, char **av) cp = sshkey_alg_list(0, 1, 1, '\n'); else if (strcmp(optarg, "protocol-version") == 0) cp = xstrdup("2"); - else if (strcmp(optarg, "help") == 0) { + else if (strcmp(optarg, "compression") == 0) { + cp = xstrdup(compression_alg_list(0)); + len = strlen(cp); + for (n = 0; n < len; n++) + if (cp[n] == ',') + cp[n] = '\n'; + } else if (strcmp(optarg, "help") == 0) { cp = xstrdup( - "cipher\ncipher-auth\nkex\nkey\n" - "key-cert\nkey-plain\nmac\n" + "cipher\ncipher-auth\ncompression\nkex\n" + "key\nkey-cert\nkey-plain\nmac\n" "protocol-version\nsig"); } if (cp == NULL) @@ -933,7 +940,11 @@ main(int ac, char **av) break; case 'C': +#ifdef WITH_ZLIB options.compression = 1; +#else + error("Compression not supported, disabling."); +#endif break; case 'N': no_shell_flag = 1; diff --git a/usr.bin/ssh/ssh/Makefile b/usr.bin/ssh/ssh/Makefile index 218c6bc4cc3..88cd05492e5 100644 --- a/usr.bin/ssh/ssh/Makefile +++ b/usr.bin/ssh/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.79 2019/12/13 19:09:10 djm Exp $ +# $OpenBSD: Makefile,v 1.80 2020/01/23 10:24:30 dtucker Exp $ .PATH: ${.CURDIR}/.. @@ -35,5 +35,10 @@ LDADD+= -lcrypto DPADD+= ${LIBCRYPTO} .endif -LDADD+= -lutil -lz -DPADD+= ${LIBUTIL} ${LIBZ} +LDADD+= -lutil +DPADD+= ${LIBUTIL} + +.if (${ZLIB:L} == "yes") +LDADD+= -lz +DPADD+= ${LIBZ} +.endif diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 98dcae7bd2e..93ac1ac44cf 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.317 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.318 2020/01/23 10:24:30 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -169,8 +169,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? - "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = + (char *)compression_alg_list(options.compression); myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { diff --git a/usr.bin/ssh/sshd/Makefile b/usr.bin/ssh/sshd/Makefile index d8336250ee7..bf6b73f60b6 100644 --- a/usr.bin/ssh/sshd/Makefile +++ b/usr.bin/ssh/sshd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.102 2019/12/13 19:09:10 djm Exp $ +# $OpenBSD: Makefile,v 1.103 2020/01/23 10:24:30 dtucker Exp $ .PATH: ${.CURDIR}/.. @@ -39,5 +39,10 @@ LDADD+= -lcrypto DPADD+= ${LIBCRYPTO} .endif -LDADD+= -lutil -lz -DPADD+= ${LIBUTIL} ${LIBZ} +LDADD+= -lutil +DPADD+= ${LIBUTIL} + +.if (${ZLIB:L} == "yes") +LDADD+= -lz +DPADD+= ${LIBZ} +.endif |