From 0c6fe367a7009c5bbabc3071f8cccc77a37859eb Mon Sep 17 00:00:00 2001 From: Matteo Bernardini Date: Sun, 12 Jan 2020 12:08:26 +0100 Subject: 20200112.1 global branch merge. Signed-off-by: Matteo Bernardini --- network/dsniff/24_Fix-OpenSSL1.1.0-Build.patch | 202 +++++++++++++++++++++++++ 1 file changed, 202 insertions(+) create mode 100644 network/dsniff/24_Fix-OpenSSL1.1.0-Build.patch (limited to 'network/dsniff/24_Fix-OpenSSL1.1.0-Build.patch') diff --git a/network/dsniff/24_Fix-OpenSSL1.1.0-Build.patch b/network/dsniff/24_Fix-OpenSSL1.1.0-Build.patch new file mode 100644 index 0000000000..db7739ee34 --- /dev/null +++ b/network/dsniff/24_Fix-OpenSSL1.1.0-Build.patch @@ -0,0 +1,202 @@ +Description: Fix build with OpenSSL 1.1.0 +Author: Christoph Biedl +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ + + +--- a/ssh.c ++++ b/ssh.c +@@ -234,7 +234,10 @@ + u_char *p, cipher, cookie[8], msg[1024]; + u_int32_t num; + int i; +- ++ ++ const BIGNUM *servkey_e, *servkey_n; ++ const BIGNUM *hostkey_e, *hostkey_n; ++ + /* Generate anti-spoofing cookie. */ + RAND_bytes(cookie, sizeof(cookie)); + +@@ -243,11 +246,13 @@ + *p++ = SSH_SMSG_PUBLIC_KEY; /* type */ + memcpy(p, cookie, 8); p += 8; /* cookie */ + num = 768; PUTLONG(num, p); /* servkey bits */ +- put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */ +- put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */ ++ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL); ++ put_bn(servkey_e, &p); /* servkey exponent */ ++ put_bn(servkey_n, &p); /* servkey modulus */ + num = 1024; PUTLONG(num, p); /* hostkey bits */ +- put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */ +- put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */ ++ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL); ++ put_bn(hostkey_e, &p); /* hostkey exponent */ ++ put_bn(hostkey_n, &p); /* hostkey modulus */ + num = 0; PUTLONG(num, p); /* protocol flags */ + num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */ + num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */ +@@ -298,7 +303,7 @@ + SKIP(p, i, 4); + + /* Decrypt session key. */ +- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) { ++ if (BN_cmp(servkey_n, hostkey_n) > 0) { + rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey); + rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey); + } +@@ -318,8 +323,8 @@ + BN_clear_free(enckey); + + /* Derive real session key using session id. */ +- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, +- ssh->ctx->servkey->n)) == NULL) { ++ if ((p = ssh_session_id(cookie, hostkey_n, ++ servkey_n)) == NULL) { + warn("ssh_session_id"); + return (-1); + } +@@ -328,10 +333,8 @@ + } + /* Set cipher. */ + if (cipher == SSH_CIPHER_3DES) { +- ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); +- ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); +- ssh->encrypt = des3_encrypt; +- ssh->decrypt = des3_decrypt; ++ warnx("cipher 3des no longer supported"); ++ return (-1); + } + else if (cipher == SSH_CIPHER_BLOWFISH) { + ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey)); +@@ -357,7 +360,10 @@ + u_char *p, cipher, cookie[8], msg[1024]; + u_int32_t num; + int i; +- ++ ++ BIGNUM *servkey_n, *servkey_e; ++ BIGNUM *hostkey_n, *hostkey_e; ++ + /* Get public key. */ + if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { + warn("SSH_recv"); +@@ -379,21 +385,23 @@ + + /* Get servkey. */ + ssh->ctx->servkey = RSA_new(); +- ssh->ctx->servkey->n = BN_new(); +- ssh->ctx->servkey->e = BN_new(); ++ servkey_n = BN_new(); ++ servkey_e = BN_new(); ++ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL); + + SKIP(p, i, 4); +- get_bn(ssh->ctx->servkey->e, &p, &i); +- get_bn(ssh->ctx->servkey->n, &p, &i); ++ get_bn(servkey_e, &p, &i); ++ get_bn(servkey_n, &p, &i); + + /* Get hostkey. */ + ssh->ctx->hostkey = RSA_new(); +- ssh->ctx->hostkey->n = BN_new(); +- ssh->ctx->hostkey->e = BN_new(); ++ hostkey_n = BN_new(); ++ hostkey_e = BN_new(); ++ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL); + + SKIP(p, i, 4); +- get_bn(ssh->ctx->hostkey->e, &p, &i); +- get_bn(ssh->ctx->hostkey->n, &p, &i); ++ get_bn(hostkey_e, &p, &i); ++ get_bn(hostkey_n, &p, &i); + + /* Get cipher, auth masks. */ + SKIP(p, i, 4); +@@ -405,8 +413,8 @@ + RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey)); + + /* Obfuscate with session id. */ +- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, +- ssh->ctx->servkey->n)) == NULL) { ++ if ((p = ssh_session_id(cookie, hostkey_n, ++ servkey_n)) == NULL) { + warn("ssh_session_id"); + return (-1); + } +@@ -422,7 +430,7 @@ + else BN_add_word(bn, ssh->sesskey[i]); + } + /* Encrypt session key. */ +- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) { ++ if (BN_cmp(servkey_n, hostkey_n) < 0) { + rsa_public_encrypt(bn, bn, ssh->ctx->servkey); + rsa_public_encrypt(bn, bn, ssh->ctx->hostkey); + } +@@ -470,10 +478,8 @@ + ssh->decrypt = blowfish_decrypt; + } + else if (cipher == SSH_CIPHER_3DES) { +- ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); +- ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); +- ssh->encrypt = des3_encrypt; +- ssh->decrypt = des3_decrypt; ++ warnx("cipher 3des no longer supported"); ++ return (-1); + } + /* Get server response. */ + if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { +--- a/sshcrypto.c ++++ b/sshcrypto.c +@@ -28,10 +28,12 @@ + u_char iv[8]; + }; + ++#if 0 + struct des3_state { + des_key_schedule k1, k2, k3; + des_cblock iv1, iv2, iv3; + }; ++#endif + + void + rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) +@@ -39,10 +41,12 @@ + u_char *inbuf, *outbuf; + int len, ilen, olen; + +- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) ++ const BIGNUM *n, *e; ++ RSA_get0_key(key, &n, &e, NULL); ++ if (BN_num_bits(e) < 2 || !BN_is_odd(e)) + errx(1, "rsa_public_encrypt() exponent too small or not odd"); + +- olen = BN_num_bytes(key->n); ++ olen = BN_num_bytes(n); + outbuf = malloc(olen); + + ilen = BN_num_bytes(in); +@@ -71,7 +75,9 @@ + u_char *inbuf, *outbuf; + int len, ilen, olen; + +- olen = BN_num_bytes(key->n); ++ const BIGNUM *n; ++ RSA_get0_key(key, &n, NULL, NULL); ++ olen = BN_num_bytes(n); + outbuf = malloc(olen); + + ilen = BN_num_bytes(in); +@@ -146,6 +152,7 @@ + swap_bytes(dst, dst, len); + } + ++#if 0 + /* XXX - SSH1's weirdo 3DES... */ + void * + des3_init(u_char *sesskey, int len) +@@ -194,3 +201,4 @@ + des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT); + des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT); + } ++#endif -- cgit v1.2.3