Remove zlib from the default compression methods and fips methods

Signed-off-by: Khalid Mamdouh <khalidmamdou7@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

src/kex.c

@@ -89,8 +89,10 @@
 
 #ifdef WITH_ZLIB
 #define ZLIB "none,zlib@openssh.com,zlib"
+#define ZLIB_DEFAULT "none,zlib@openssh.com"
 #else
 #define ZLIB "none"
+#define ZLIB_DEFAULT "none"
 #endif /* WITH_ZLIB */
 
 #ifdef HAVE_CURVE25519
@@ -216,8 +218,8 @@ static const char *fips_methods[] = {
     FIPS_ALLOWED_CIPHERS,
     FIPS_ALLOWED_MACS,
     FIPS_ALLOWED_MACS,
-    ZLIB,
+    ZLIB_DEFAULT,
-    ZLIB,
+    ZLIB_DEFAULT,
     "",
     "",
     NULL
@@ -231,8 +233,8 @@ static const char *default_methods[] = {
     CHACHA20 AES,
     "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512",
     "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512",
-    ZLIB,
+    ZLIB_DEFAULT,
-    ZLIB,
+    ZLIB_DEFAULT,
     "",
     "",
     NULL

tests/client/torture_algorithms.c

@@ -594,25 +594,35 @@ static void torture_algorithms_zlib(void **state) {
 
     rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "zlib");
 #ifdef WITH_ZLIB
+    if (ssh_fips_mode()) {
+        assert_int_equal(rc, SSH_ERROR);
+    } else {
         assert_int_equal(rc, SSH_OK);
+    }
 #else
     assert_int_equal(rc, SSH_ERROR);
 #endif
 
     rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "zlib");
 #ifdef WITH_ZLIB
+    if (ssh_fips_mode()) {
+        assert_int_equal(rc, SSH_ERROR);
+    } else {
         assert_int_equal(rc, SSH_OK);
+    }
 #else
     assert_int_equal(rc, SSH_ERROR);
 #endif
 
     rc = ssh_connect(session);
 #ifdef WITH_ZLIB
+    if (!ssh_fips_mode()) {
         if (ssh_get_openssh_version(session)) {
             assert_false(rc == SSH_OK);
             ssh_disconnect(session);
             return;
         }
+    }
 #endif
     assert_int_equal(rc, SSH_OK);