upstream: Remove bug compatibility for implementations that don't

support rekeying. AFAIK this is only an ancient Sun SSH version.

If such an implementation tries to interoperate with OpenSSH, it
will eventually fail when the transport needs rekeying.

This is probably long enough to use it to download a modern SSH
implementation that lacks this problem :)

ok markus@ deraadt@

OpenBSD-Commit-ID: 228a502fee808cf8b7caee23169eb6a1ab1c331a

packet.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.328 2025/12/30 00:22:58 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.329 2025/12/30 00:35:37 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1118,10 +1118,6 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
 	if (ssh_packet_is_rekeying(ssh))
 		return 0;
 
-	/* Peer can't rekey */
-	if (ssh->compat & SSH_BUG_NOREKEY)
-		return 0;
-
 	/*
 	 * Permit one packet in or out per rekey - this allows us to
 	 * make progress when rekey limits are very small.
@@ -1368,8 +1364,7 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
 		logit("outgoing seqnr wraps around");
 	}
 	if (++state->p_send.packets == 0)
-		if (!(ssh->compat & SSH_BUG_NOREKEY))
+		return SSH_ERR_NEED_REKEY;
-			return SSH_ERR_NEED_REKEY;
 	state->p_send.blocks += len / block_size;
 	state->p_send.bytes += len;
 	sshbuf_reset(state->outgoing_packet);
@@ -1784,8 +1779,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 		logit("incoming seqnr wraps around");
 	}
 	if (++state->p_read.packets == 0)
-		if (!(ssh->compat & SSH_BUG_NOREKEY))
+		return SSH_ERR_NEED_REKEY;
-			return SSH_ERR_NEED_REKEY;
 	state->p_read.blocks += (state->packlen + 4) / block_size;
 	state->p_read.bytes += state->packlen + 4;
 

sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.377 2025/12/22 01:49:03 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.378 2025/12/30 00:35:37 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -44,6 +44,7 @@
 #include "xmalloc.h"
 #include "hostfile.h"
 #include "ssh.h"
+#include "compat.h"
 #include "sshbuf.h"
 #include "packet.h"
 #include "sshkey.h"
@@ -1609,6 +1610,11 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
 	    options.version_addendum)) != 0)
 		sshpkt_fatal(ssh, r, "banner exchange");
 
+	if ((ssh->compat & SSH_BUG_NOREKEY)) {
+		logit("Warning: this server does not support rekeying.");
+		logit("This session will eventually fail");
+	}
+
 	/* Put the connection into non-blocking mode. */
 	ssh_packet_set_nonblocking(ssh);
 

sshd-session.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd-session.c,v 1.18 2025/12/16 08:32:50 dtucker Exp $ */
+/* $OpenBSD: sshd-session.c,v 1.19 2025/12/30 00:35:37 djm Exp $ */
 /*
  * SSH2 implementation:
  * Privilege Separation:
@@ -1252,6 +1252,9 @@ main(int ac, char **av)
 	    options.version_addendum)) != 0)
 		sshpkt_fatal(ssh, r, "banner exchange");
 
+	if ((ssh->compat & SSH_BUG_NOREKEY))
+		debug("client does not support rekeying");
+
 	ssh_packet_set_nonblocking(ssh);
 
 	/* allocate authentication context */