Friday, December 03, 2021

Re: dsniff: fix build for upcoming libcrypto bump

No feedback. I'm going to commit this patch tomorrow.

On Fri, Nov 26, 2021 at 09:18:21AM +0100, Theo Buehler wrote:
> The build fix is relatively straightforward, mostly based on Debian's
> patch set.
>
> https://sources.debian.org/patches/dsniff/2.4b1+debian-30/24_Fix-OpenSSL1.1.0-Build.patch/
>
> If anyone uses this, a quick test would be appreciated.

Index: Makefile
===================================================================
RCS file: /cvs/ports/security/dsniff/Makefile,v
retrieving revision 1.63
diff -u -p -r1.63 Makefile
--- Makefile 12 Jul 2019 20:49:01 -0000 1.63
+++ Makefile 25 Nov 2021 22:35:42 -0000
@@ -3,7 +3,7 @@
COMMENT= sniffing tools for penetration testing

DISTNAME= dsniff-2.3
-REVISION= 16
+REVISION= 17
CATEGORIES= security

MASTER_SITES= http://monkey.org/~dugsong/dsniff/
Index: patches/patch-arp_c
===================================================================
RCS file: patches/patch-arp_c
diff -N patches/patch-arp_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-arp_c 25 Nov 2021 22:34:41 -0000
@@ -0,0 +1,13 @@
+$OpenBSD$
+
+Index: arp.c
+--- arp.c.orig
++++ arp.c
+@@ -32,6 +32,7 @@
+ #include <netinet/if_ether.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <string.h>
+ #include <unistd.h>
+
+ #ifdef BSD
Index: patches/patch-buf_c
===================================================================
RCS file: patches/patch-buf_c
diff -N patches/patch-buf_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-buf_c 25 Nov 2021 22:28:38 -0000
@@ -0,0 +1,13 @@
+$OpenBSD$
+
+Index: buf.c
+--- buf.c.orig
++++ buf.c
+@@ -12,6 +12,7 @@
+ #include <sys/types.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <string.h>
+ #include <stdarg.h>
+ #include <unistd.h>
+ #include <ctype.h>
Index: patches/patch-ssh_c
===================================================================
RCS file: patches/patch-ssh_c
diff -N patches/patch-ssh_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-ssh_c 26 Nov 2021 07:04:59 -0000
@@ -0,0 +1,161 @@
+$OpenBSD$
+
+Based on https://sources.debian.org/patches/dsniff/2.4b1+debian-30/24_Fix-OpenSSL1.1.0-Build.patch/
+
+Index: ssh.c
+--- ssh.c.orig
++++ ssh.c
+@@ -13,6 +13,8 @@
+ #include <sys/param.h>
+ #include <sys/types.h>
+ #include <arpa/nameser.h>
++#include <openssl/err.h>
++#include <openssl/md5.h>
+ #include <openssl/ssl.h>
+ #include <openssl/rand.h>
+
+@@ -86,7 +88,7 @@ static u_int crc32_tab[] = {
+ static u_char pkt[4 + 8 + SSH_MAX_PKTLEN];
+
+ static void
+-put_bn(BIGNUM *bn, u_char **pp)
++put_bn(const BIGNUM *bn, u_char **pp)
+ {
+ short i;
+
+@@ -116,7 +118,7 @@ get_bn(BIGNUM *bn, u_char **pp, int *lenp)
+ }
+
+ static u_char *
+-ssh_session_id(u_char *cookie, BIGNUM *hostkey_n, BIGNUM *servkey_n)
++ssh_session_id(u_char *cookie, const BIGNUM *hostkey_n, const BIGNUM *servkey_n)
+ {
+ static u_char sessid[16];
+ u_int i, j;
+@@ -231,7 +233,10 @@ SSH_accept(SSH *ssh)
+ u_char *p, cipher, cookie[8], msg[1024];
+ u_int32_t num;
+ int i;
+-
++
++ const BIGNUM *servkey_e, *servkey_n;
++ const BIGNUM *hostkey_e, *hostkey_n;
++
+ /* Generate anti-spoofing cookie. */
+ RAND_bytes(cookie, sizeof(cookie));
+
+@@ -240,11 +245,13 @@ SSH_accept(SSH *ssh)
+ *p++ = SSH_SMSG_PUBLIC_KEY; /* type */
+ memcpy(p, cookie, 8); p += 8; /* cookie */
+ num = 768; PUTLONG(num, p); /* servkey bits */
+- put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */
+- put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */
++ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL);
++ put_bn(servkey_e, &p); /* servkey exponent */
++ put_bn(servkey_n, &p); /* servkey modulus */
+ num = 1024; PUTLONG(num, p); /* hostkey bits */
+- put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */
+- put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */
++ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL);
++ put_bn(hostkey_e, &p); /* hostkey exponent */
++ put_bn(hostkey_n, &p); /* hostkey modulus */
+ num = 0; PUTLONG(num, p); /* protocol flags */
+ num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */
+ num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */
+@@ -295,7 +302,7 @@ SSH_accept(SSH *ssh)
+ SKIP(p, i, 4);
+
+ /* Decrypt session key. */
+- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
++ if (BN_cmp(servkey_n, hostkey_n) > 0) {
+ rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
+ rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
+ }
+@@ -315,8 +322,8 @@ SSH_accept(SSH *ssh)
+ BN_clear_free(enckey);
+
+ /* Derive real session key using session id. */
+- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
+- ssh->ctx->servkey->n)) == NULL) {
++ if ((p = ssh_session_id(cookie, hostkey_n,
++ servkey_n)) == NULL) {
+ warn("ssh_session_id");
+ return (-1);
+ }
+@@ -325,10 +332,8 @@ SSH_accept(SSH *ssh)
+ }
+ /* Set cipher. */
+ if (cipher == SSH_CIPHER_3DES) {
+- ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
+- ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
+- ssh->encrypt = des3_encrypt;
+- ssh->decrypt = des3_decrypt;
++ warnx("cipher 3des no longer supported");
++ return (-1);
+ }
+ else if (cipher == SSH_CIPHER_BLOWFISH) {
+ ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
+@@ -354,7 +359,10 @@ SSH_connect(SSH *ssh)
+ u_char *p, cipher, cookie[8], msg[1024];
+ u_int32_t num;
+ int i;
+-
++
++ BIGNUM *servkey_n, *servkey_e;
++ BIGNUM *hostkey_n, *hostkey_e;
++
+ /* Get public key. */
+ if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
+ warn("SSH_recv");
+@@ -376,21 +384,23 @@ SSH_connect(SSH *ssh)
+
+ /* Get servkey. */
+ ssh->ctx->servkey = RSA_new();
+- ssh->ctx->servkey->n = BN_new();
+- ssh->ctx->servkey->e = BN_new();
++ servkey_n = BN_new();
++ servkey_e = BN_new();
++ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL);
+
+ SKIP(p, i, 4);
+- get_bn(ssh->ctx->servkey->e, &p, &i);
+- get_bn(ssh->ctx->servkey->n, &p, &i);
++ get_bn(servkey_e, &p, &i);
++ get_bn(servkey_n, &p, &i);
+
+ /* Get hostkey. */
+ ssh->ctx->hostkey = RSA_new();
+- ssh->ctx->hostkey->n = BN_new();
+- ssh->ctx->hostkey->e = BN_new();
++ hostkey_n = BN_new();
++ hostkey_e = BN_new();
++ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL);
+
+ SKIP(p, i, 4);
+- get_bn(ssh->ctx->hostkey->e, &p, &i);
+- get_bn(ssh->ctx->hostkey->n, &p, &i);
++ get_bn(hostkey_e, &p, &i);
++ get_bn(hostkey_n, &p, &i);
+
+ /* Get cipher, auth masks. */
+ SKIP(p, i, 4);
+@@ -402,8 +412,8 @@ SSH_connect(SSH *ssh)
+ RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
+
+ /* Obfuscate with session id. */
+- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
+- ssh->ctx->servkey->n)) == NULL) {
++ if ((p = ssh_session_id(cookie, hostkey_n,
++ servkey_n)) == NULL) {
+ warn("ssh_session_id");
+ return (-1);
+ }
+@@ -419,7 +429,7 @@ SSH_connect(SSH *ssh)
+ else BN_add_word(bn, ssh->sesskey[i]);
+ }
+ /* Encrypt session key. */
+- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
++ if (BN_cmp(servkey_n, hostkey_n) < 0) {
+ rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
+ rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
+ }
Index: patches/patch-sshcrypto_c
===================================================================
RCS file: /cvs/ports/security/dsniff/patches/patch-sshcrypto_c,v
retrieving revision 1.3
diff -u -p -r1.3 patch-sshcrypto_c
--- patches/patch-sshcrypto_c 29 May 2015 15:57:29 -0000 1.3
+++ patches/patch-sshcrypto_c 26 Nov 2021 07:06:11 -0000
@@ -1,6 +1,13 @@
$OpenBSD: patch-sshcrypto_c,v 1.3 2015/05/29 15:57:29 jca Exp $
---- sshcrypto.c.orig Tue Nov 28 22:23:28 2000
-+++ sshcrypto.c Fri May 29 17:56:22 2015
+
+Use DES API instead of des
+
+OpenSSL 1.1 API conversion based on
+https://sources.debian.org/patches/dsniff/2.4b1+debian-30/24_Fix-OpenSSL1.1.0-Build.patch/
+
+Index: sshcrypto.c
+--- sshcrypto.c.orig
++++ sshcrypto.c
@@ -15,7 +15,9 @@
#include <sys/types.h>
#include <openssl/ssl.h>
@@ -22,7 +29,33 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/0
};

void
-@@ -153,13 +155,13 @@ des3_init(u_char *sesskey, int len)
+@@ -37,10 +39,12 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
+ u_char *inbuf, *outbuf;
+ int len, ilen, olen;
+
+- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
++ const BIGNUM *n, *e;
++ RSA_get0_key(key, &n, &e, NULL);
++ if (BN_num_bits(e) < 2 || !BN_is_odd(e))
+ errx(1, "rsa_public_encrypt() exponent too small or not odd");
+
+- olen = BN_num_bytes(key->n);
++ olen = BN_num_bytes(n);
+ outbuf = malloc(olen);
+
+ ilen = BN_num_bytes(in);
+@@ -69,7 +73,9 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
+ u_char *inbuf, *outbuf;
+ int len, ilen, olen;
+
+- olen = BN_num_bytes(key->n);
++ const BIGNUM *n;
++ RSA_get0_key(key, &n, NULL, NULL);
++ olen = BN_num_bytes(n);
+ outbuf = malloc(olen);
+
+ ilen = BN_num_bytes(in);
+@@ -153,13 +159,13 @@ des3_init(u_char *sesskey, int len)
if ((state = malloc(sizeof(*state))) == NULL)
err(1, "malloc");

@@ -40,7 +73,7 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/0

memset(state->iv1, 0, 8);
memset(state->iv2, 0, 8);
-@@ -175,9 +177,9 @@ des3_encrypt(u_char *src, u_char *dst, int len, void *
+@@ -175,9 +181,9 @@ des3_encrypt(u_char *src, u_char *dst, int len, void *
estate = (struct des3_state *)state;
memcpy(estate->iv1, estate->iv2, 8);

@@ -53,7 +86,7 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/0
}

void
-@@ -188,7 +190,7 @@ des3_decrypt(u_char *src, u_char *dst, int len, void *
+@@ -188,7 +194,7 @@ des3_decrypt(u_char *src, u_char *dst, int len, void *
dstate = (struct des3_state *)state;
memcpy(dstate->iv1, dstate->iv2, 8);

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)