Date: Friday, March 3, 2017 @ 21:02:15 Author: arojas Revision: 214709
openssl 1.1 rebuild Added: dsniff/trunk/dsniff-openssl-1.1.patch Modified: dsniff/trunk/PKGBUILD --------------------------+ PKGBUILD | 8 - dsniff-openssl-1.1.patch | 243 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 248 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-03-03 20:55:21 UTC (rev 214708) +++ PKGBUILD 2017-03-03 21:02:15 UTC (rev 214709) @@ -4,7 +4,7 @@ pkgname=dsniff pkgver=2.4b1 -pkgrel=25 +pkgrel=26 pkgdesc="Collection of tools for network auditing and penetration testing" url="http://www.monkey.org/~dugsong/dsniff/"; arch=('i686' 'x86_64') @@ -11,9 +11,10 @@ license=('BSD') depends=('libpcap' 'openssl' 'libxmu' 'glib2' 'libnet' 'libnids') source=("https://www.monkey.org/~dugsong/${pkgname}/beta/$pkgname-$pkgver.tar.gz"; - "http://ftp.de.debian.org/debian/pool/main/d/${pkgname}/${pkgname}_2.4b1+debian-22.1.debian.tar.gz";) + "http://ftp.de.debian.org/debian/pool/main/d/${pkgname}/${pkgname}_2.4b1+debian-22.1.debian.tar.gz"; dsniff-openssl-1.1.patch) md5sums=('2f761fa3475682a7512b0b43568ee7d6' - 'e80551b70dc3976d4cdddd3319cca9eb') + 'e80551b70dc3976d4cdddd3319cca9eb' + 'd5ec0f6baa1d3fa713fa71c80f154cab') prepare() { cd "$srcdir"/$pkgname-2.4 @@ -21,6 +22,7 @@ patch -N < "../debian/patches/$i" done sed -i 's|${CC-cc} -E|${CC-cc} -O2 -E|g' configure + patch -p1 -i ../dsniff-openssl-1.1.patch } build() { Added: dsniff-openssl-1.1.patch =================================================================== --- dsniff-openssl-1.1.patch (rev 0) +++ dsniff-openssl-1.1.patch 2017-03-03 21:02:15 UTC (rev 214709) @@ -0,0 +1,243 @@ +Patch by Christoph Biedl <[email protected]> for dsniff >= +2.4b1, which fixes building with OpenSSL 1.1.0. Adapted for compatibility +with older OpenSSL versions by Robert Scheck <[email protected]>. + +--- dsniff-2.4/ssh.c 2017-02-11 22:31:54.705269813 +0100 ++++ dsniff-2.4/ssh.c.openssl_110 2017-02-11 22:45:31.193447230 +0100 +@@ -234,6 +234,10 @@ + u_char *p, cipher, cookie[8], msg[1024]; + u_int32_t num; + int i; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *servkey_e, *servkey_n; ++ const BIGNUM *hostkey_e, *hostkey_n; ++#endif + + /* Generate anti-spoofing cookie. */ + RAND_bytes(cookie, sizeof(cookie)); +@@ -243,11 +247,23 @@ + *p++ = SSH_SMSG_PUBLIC_KEY; /* type */ + memcpy(p, cookie, 8); p += 8; /* cookie */ + num = 768; PUTLONG(num, p); /* servkey bits */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL); ++ put_bn(servkey_e, &p); /* servkey exponent */ ++ put_bn(servkey_n, &p); /* servkey modulus */ ++#else + put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */ + put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */ ++#endif + num = 1024; PUTLONG(num, p); /* hostkey bits */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL); ++ put_bn(hostkey_e, &p); /* hostkey exponent */ ++ put_bn(hostkey_n, &p); /* hostkey modulus */ ++#else + put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */ + put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */ ++#endif + num = 0; PUTLONG(num, p); /* protocol flags */ + num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */ + num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */ +@@ -298,7 +314,11 @@ + SKIP(p, i, 4); + + /* Decrypt session key. */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if (BN_cmp(servkey_n, hostkey_n) > 0) { ++#else + if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) { ++#endif + rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey); + rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey); + } +@@ -318,8 +338,13 @@ + BN_clear_free(enckey); + + /* Derive real session key using session id. */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if ((p = ssh_session_id(cookie, hostkey_n, ++ servkey_n)) == NULL) { ++#else + if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, + ssh->ctx->servkey->n)) == NULL) { ++#endif + warn("ssh_session_id"); + return (-1); + } +@@ -328,10 +353,15 @@ + } + /* Set cipher. */ + if (cipher == SSH_CIPHER_3DES) { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ warnx("cipher 3des no longer supported"); ++ return (-1); ++#else + ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); + ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); + ssh->encrypt = des3_encrypt; + ssh->decrypt = des3_decrypt; ++#endif + } + else if (cipher == SSH_CIPHER_BLOWFISH) { + ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey)); +@@ -357,6 +387,10 @@ + u_char *p, cipher, cookie[8], msg[1024]; + u_int32_t num; + int i; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *servkey_n, *servkey_e; ++ BIGNUM *hostkey_n, *hostkey_e; ++#endif + + /* Get public key. */ + if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { +@@ -379,21 +413,43 @@ + + /* Get servkey. */ + ssh->ctx->servkey = RSA_new(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ servkey_n = BN_new(); ++ servkey_e = BN_new(); ++ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL); ++#else + ssh->ctx->servkey->n = BN_new(); + ssh->ctx->servkey->e = BN_new(); ++#endif + + SKIP(p, i, 4); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ get_bn(servkey_e, &p, &i); ++ get_bn(servkey_n, &p, &i); ++#else + get_bn(ssh->ctx->servkey->e, &p, &i); + get_bn(ssh->ctx->servkey->n, &p, &i); ++#endif + + /* Get hostkey. */ + ssh->ctx->hostkey = RSA_new(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ hostkey_n = BN_new(); ++ hostkey_e = BN_new(); ++ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL); ++#else + ssh->ctx->hostkey->n = BN_new(); + ssh->ctx->hostkey->e = BN_new(); ++#endif + + SKIP(p, i, 4); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ get_bn(hostkey_e, &p, &i); ++ get_bn(hostkey_n, &p, &i); ++#else + get_bn(ssh->ctx->hostkey->e, &p, &i); + get_bn(ssh->ctx->hostkey->n, &p, &i); ++#endif + + /* Get cipher, auth masks. */ + SKIP(p, i, 4); +@@ -405,8 +461,13 @@ + RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey)); + + /* Obfuscate with session id. */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if ((p = ssh_session_id(cookie, hostkey_n, ++ servkey_n)) == NULL) { ++#else + if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, + ssh->ctx->servkey->n)) == NULL) { ++#endif + warn("ssh_session_id"); + return (-1); + } +@@ -422,7 +483,11 @@ + else BN_add_word(bn, ssh->sesskey[i]); + } + /* Encrypt session key. */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if (BN_cmp(servkey_n, hostkey_n) < 0) { ++#else + if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) { ++#endif + rsa_public_encrypt(bn, bn, ssh->ctx->servkey); + rsa_public_encrypt(bn, bn, ssh->ctx->hostkey); + } +@@ -470,10 +535,15 @@ + ssh->decrypt = blowfish_decrypt; + } + else if (cipher == SSH_CIPHER_3DES) { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ warnx("cipher 3des no longer supported"); ++ return (-1); ++#else + ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); + ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); + ssh->encrypt = des3_encrypt; + ssh->decrypt = des3_decrypt; ++#endif + } + /* Get server response. */ + if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { +--- dsniff-2.4/sshcrypto.c 2017-02-11 22:31:54.688270184 +0100 ++++ dsniff-2.4/sshcrypto.c.openssl_110 2017-02-11 22:35:30.594555807 +0100 +@@ -28,10 +28,12 @@ + u_char iv[8]; + }; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + struct des3_state { + des_key_schedule k1, k2, k3; + des_cblock iv1, iv2, iv3; + }; ++#endif + + void + rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) +@@ -39,10 +41,20 @@ + u_char *inbuf, *outbuf; + int len, ilen, olen; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *n, *e; ++ RSA_get0_key(key, &n, &e, NULL); ++ if (BN_num_bits(e) < 2 || !BN_is_odd(e)) ++#else + if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) ++#endif + errx(1, "rsa_public_encrypt() exponent too small or not odd"); + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ olen = BN_num_bytes(n); ++#else + olen = BN_num_bytes(key->n); ++#endif + outbuf = malloc(olen); + + ilen = BN_num_bytes(in); +@@ -71,7 +83,13 @@ + u_char *inbuf, *outbuf; + int len, ilen, olen; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *n; ++ RSA_get0_key(key, &n, NULL, NULL); ++ olen = BN_num_bytes(n); ++#else + olen = BN_num_bytes(key->n); ++#endif + outbuf = malloc(olen); + + ilen = BN_num_bytes(in); +@@ -146,6 +164,7 @@ + swap_bytes(dst, dst, len); + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* XXX - SSH1's weirdo 3DES... */ + void * + des3_init(u_char *sesskey, int len) +@@ -194,3 +213,4 @@ + des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT); + des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT); + } ++#endif
