diff options
| author | deraadt@openbsd.org <deraadt@openbsd.org> | 2024-08-23 06:51:00 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-08-27 01:05:43 +0200 |
| commit | 10ccf611ab8ecba9ce6b0548c5ccd8c1220baf92 (patch) | |
| tree | ce6dc0c5c4f0f624323c54a2b5b260e1c078a673 | |
| parent | upstream: sntrup761x25519-sha512 now has an IANA codepoint assigned, so (diff) | |
| download | openssh-10ccf611ab8ecba9ce6b0548c5ccd8c1220baf92.tar.xz openssh-10ccf611ab8ecba9ce6b0548c5ccd8c1220baf92.zip | |
upstream: As defined in the RFC, the SSH protocol has negotiable
compression support (which is requested as the name "zlib"). Compression
starts very early in the session. Relative early in OpenSSH lifetime, privsep
was added to sshd, and this required a shared-memory hack so the two
processes could see what was going on in the dataflow. This shared-memory
hack was soon recognized as a tremendous complexity risk, because it put libz
(which very much trusts it's memory) in a dangerous place, and a new option
("zlib@openssh.com") was added begins compression after authentication (aka
delayed-compression). That change also permitted removal of the
shared-memory hack. Despite removal from the server, the old "zlib" support
remained in the client, to allow negotiation with non-OpenSSH daemons which
lack the delayed-compression option. This commit deletes support for the
older "zlib" option in the client. It reduces our featureset in a small way,
and encourages other servers to move to a better design. The SSH protocol is
different enough that compressed-key-material attacks like BEAST are
unlikely, but who wants to take the chance? We encourage other ssh servers
who care about optional compression support to add delayed-zlib support.
(Some already do "zlib@openssh.com") ok djm markus
OpenBSD-Commit-ID: 6df986f38e4ab389f795a6e39e7c6857a763ba72
| -rw-r--r-- | cipher.c | 6 | ||||
| -rw-r--r-- | kex.c | 4 | ||||
| -rw-r--r-- | kex.h | 4 | ||||
| -rw-r--r-- | packet.c | 7 | ||||
| -rw-r--r-- | readconf.c | 4 |
5 files changed, 10 insertions, 15 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.122 2024/08/14 15:42:18 tobias Exp $ */ +/* $OpenBSD: cipher.c,v 1.123 2024/08/23 04:51:00 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -143,8 +143,8 @@ const char * compression_alg_list(int compression) { #ifdef WITH_ZLIB - return compression ? "zlib@openssh.com,zlib,none" : - "none,zlib@openssh.com,zlib"; + return compression ? "zlib@openssh.com,none" : + "none,zlib@openssh.com"; #else return "none"; #endif @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.186 2024/05/17 00:30:23 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.187 2024/08/23 04:51:00 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -842,8 +842,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server) #ifdef WITH_ZLIB if (strcmp(name, "zlib@openssh.com") == 0) { comp->type = COMP_DELAYED; - } else if (strcmp(name, "zlib") == 0) { - comp->type = COMP_ZLIB; } else #endif /* WITH_ZLIB */ if (strcmp(name, "none") == 0) { @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.124 2024/08/22 23:11:30 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.125 2024/08/23 04:51:00 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -66,8 +66,6 @@ #define KEX_SNTRUP761X25519_SHA512_OLD "sntrup761x25519-sha512@openssh.com" #define COMP_NONE 0 -/* pre-auth compression (COMP_ZLIB) is only supported in the client */ -#define COMP_ZLIB 1 #define COMP_DELAYED 2 #define CURVE25519_SIZE 32 @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.316 2024/08/15 00:51:51 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.317 2024/08/23 04:51:00 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1015,9 +1015,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) /* explicit_bzero(enc->iv, enc->block_size); explicit_bzero(enc->key, enc->key_len); explicit_bzero(mac->key, mac->key_len); */ - if ((comp->type == COMP_ZLIB || - (comp->type == COMP_DELAYED && - state->after_authentication)) && comp->enabled == 0) { + if (((comp->type == COMP_DELAYED && state->after_authentication)) && + comp->enabled == 0) { if ((r = ssh_packet_init_compression(ssh)) < 0) return r; if (mode == MODE_OUT) { diff --git a/readconf.c b/readconf.c index 4e3791cb7..1d0ba0e72 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.387 2024/05/17 02:39:11 jsg Exp $ */ +/* $OpenBSD: readconf.c,v 1.388 2024/08/23 04:51:00 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1002,7 +1002,7 @@ static const struct multistate multistate_pubkey_auth[] = { }; static const struct multistate multistate_compression[] = { #ifdef WITH_ZLIB - { "yes", COMP_ZLIB }, + { "yes", COMP_DELAYED }, #endif { "no", COMP_NONE }, { NULL, -1 } |