path: root/network/dsniff/patches/24_Fix-OpenSSL1.1.0-Build.patch

Description: Fix build with OpenSSL 1.1.0
Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/


--- a/ssh.c
+++ b/ssh.c
@@ -234,7 +234,10 @@
 	u_char *p, cipher, cookie[8], msg[1024];
 	u_int32_t num;
 	int i;
-	
+    
+	const BIGNUM *servkey_e, *servkey_n;
+	const BIGNUM *hostkey_e, *hostkey_n;
+
 	/* Generate anti-spoofing cookie. */
 	RAND_bytes(cookie, sizeof(cookie));
 	
@@ -243,11 +246,13 @@
 	*p++ = SSH_SMSG_PUBLIC_KEY;			/* type */
 	memcpy(p, cookie, 8); p += 8;			/* cookie */
 	num = 768; PUTLONG(num, p);			/* servkey bits */
-	put_bn(ssh->ctx->servkey->e, &p);		/* servkey exponent */
-	put_bn(ssh->ctx->servkey->n, &p);		/* servkey modulus */
+	RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL);
+	put_bn(servkey_e, &p);		/* servkey exponent */
+	put_bn(servkey_n, &p);		/* servkey modulus */
 	num = 1024; PUTLONG(num, p);			/* hostkey bits */
-	put_bn(ssh->ctx->hostkey->e, &p);		/* hostkey exponent */
-	put_bn(ssh->ctx->hostkey->n, &p);		/* hostkey modulus */
+	RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL);
+	put_bn(hostkey_e, &p);		/* hostkey exponent */
+	put_bn(hostkey_n, &p);		/* hostkey modulus */
 	num = 0; PUTLONG(num, p);			/* protocol flags */
 	num = ssh->ctx->encmask; PUTLONG(num, p);	/* ciphers */
 	num = ssh->ctx->authmask; PUTLONG(num, p);	/* authmask */
@@ -298,7 +303,7 @@
 	SKIP(p, i, 4);
 
 	/* Decrypt session key. */
-	if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
+	if (BN_cmp(servkey_n, hostkey_n) > 0) {
 		rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
 		rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
 	}
@@ -318,8 +323,8 @@
 	BN_clear_free(enckey);
 	
 	/* Derive real session key using session id. */
-	if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
-				ssh->ctx->servkey->n)) == NULL) {
+	if ((p = ssh_session_id(cookie, hostkey_n,
+				servkey_n)) == NULL) {
 		warn("ssh_session_id");
 		return (-1);
 	}
@@ -328,10 +333,8 @@
 	}
 	/* Set cipher. */
 	if (cipher == SSH_CIPHER_3DES) {
-		ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->encrypt = des3_encrypt;
-		ssh->decrypt = des3_decrypt;
+		warnx("cipher 3des no longer supported");
+		return (-1);
 	}
 	else if (cipher == SSH_CIPHER_BLOWFISH) {
 		ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
@@ -357,7 +360,10 @@
 	u_char *p, cipher, cookie[8], msg[1024];
 	u_int32_t num;
 	int i;
-	
+
+	BIGNUM *servkey_n, *servkey_e;
+	BIGNUM *hostkey_n, *hostkey_e;
+
 	/* Get public key. */
 	if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
 		warn("SSH_recv");
@@ -379,21 +385,23 @@
 
 	/* Get servkey. */
 	ssh->ctx->servkey = RSA_new();
-	ssh->ctx->servkey->n = BN_new();
-	ssh->ctx->servkey->e = BN_new();
+	servkey_n = BN_new();
+	servkey_e = BN_new();
+	RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL);
 
 	SKIP(p, i, 4);
-	get_bn(ssh->ctx->servkey->e, &p, &i);
-	get_bn(ssh->ctx->servkey->n, &p, &i);
+	get_bn(servkey_e, &p, &i);
+	get_bn(servkey_n, &p, &i);
 
 	/* Get hostkey. */
 	ssh->ctx->hostkey = RSA_new();
-	ssh->ctx->hostkey->n = BN_new();
-	ssh->ctx->hostkey->e = BN_new();
+	hostkey_n = BN_new();
+	hostkey_e = BN_new();
+	RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL);
 
 	SKIP(p, i, 4);
-	get_bn(ssh->ctx->hostkey->e, &p, &i);
-	get_bn(ssh->ctx->hostkey->n, &p, &i);
+	get_bn(hostkey_e, &p, &i);
+	get_bn(hostkey_n, &p, &i);
 
 	/* Get cipher, auth masks. */
 	SKIP(p, i, 4);
@@ -405,8 +413,8 @@
 	RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
 
 	/* Obfuscate with session id. */
-	if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
-				ssh->ctx->servkey->n)) == NULL) {
+	if ((p = ssh_session_id(cookie, hostkey_n,
+				servkey_n)) == NULL) {
 		warn("ssh_session_id");
 		return (-1);
 	}
@@ -422,7 +430,7 @@
 		else BN_add_word(bn, ssh->sesskey[i]);
 	}
 	/* Encrypt session key. */
-	if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
+	if (BN_cmp(servkey_n, hostkey_n) < 0) {
 		rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
 		rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
 	}
@@ -470,10 +478,8 @@
 		ssh->decrypt = blowfish_decrypt;
 	}
 	else if (cipher == SSH_CIPHER_3DES) {
-		ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->encrypt = des3_encrypt;
-		ssh->decrypt = des3_decrypt;
+		warnx("cipher 3des no longer supported");
+		return (-1);
 	}
 	/* Get server response. */
 	if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
--- a/sshcrypto.c
+++ b/sshcrypto.c
@@ -28,10 +28,12 @@
 	u_char			iv[8];
 };
 
+#if 0
 struct des3_state {
 	des_key_schedule	k1, k2, k3;
 	des_cblock		iv1, iv2, iv3;
 };
+#endif
 
 void
 rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
@@ -39,10 +41,12 @@
 	u_char *inbuf, *outbuf;
 	int len, ilen, olen;
 
-	if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
+	const BIGNUM *n, *e;
+	RSA_get0_key(key, &n, &e, NULL);
+	if (BN_num_bits(e) < 2 || !BN_is_odd(e))
 		errx(1, "rsa_public_encrypt() exponent too small or not odd");
 
-	olen = BN_num_bytes(key->n);
+	olen = BN_num_bytes(n);
 	outbuf = malloc(olen);
 
 	ilen = BN_num_bytes(in);
@@ -71,7 +75,9 @@
 	u_char *inbuf, *outbuf;
 	int len, ilen, olen;
 
-	olen = BN_num_bytes(key->n);
+	const BIGNUM *n;
+	RSA_get0_key(key, &n, NULL, NULL);
+	olen = BN_num_bytes(n);
 	outbuf = malloc(olen);
 
 	ilen = BN_num_bytes(in);
@@ -146,6 +152,7 @@
 	swap_bytes(dst, dst, len);
 }
 
+#if 0
 /* XXX - SSH1's weirdo 3DES... */
 void *
 des3_init(u_char *sesskey, int len)
@@ -194,3 +201,4 @@
 	des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT);
 	des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT);
 }
+#endif