Package: mixmaster
Version: 3.0.0-9
Severity: grave
Tags: patch
Dear Maintainer,
the conversion to use libssl 1.1 renders the package allmost unusable
due to segmentation faults in DES key handling.
DES_set_key() does not allocate memory. After converting
"des_key_schedule X" to "DES_key_schedule *X" DES_set_key() tries to
access memory through an uninitialized pointer. Change conversion to
"DES_key_schedule X" and adapt the usage from "X" to "&X".
Regards
Bene
diff -ruNp mixmaster-3.0.0.orig/debian/patches/mixmaster-libssl-1.1.patch mixmaster-3.0.0/debian/patches/mixmaster-libssl-1.1.patch
--- mixmaster-3.0.0.orig/debian/patches/mixmaster-libssl-1.1.patch 2017-07-02 19:28:00.000000000 +0200
+++ mixmaster-3.0.0/debian/patches/mixmaster-libssl-1.1.patch 2017-08-08 21:50:58.703847144 +0200
@@ -176,9 +176,9 @@ Migrate to libssl 1.1
- des_key_schedule ks2;
- des_key_schedule ks3;
- des_cblock i;
-+ DES_key_schedule *ks1;
-+ DES_key_schedule *ks2;
-+ DES_key_schedule *ks3;
++ DES_key_schedule ks1;
++ DES_key_schedule ks2;
++ DES_key_schedule ks3;
+ DES_cblock i;
assert(enc == ENCRYPT || enc == DECRYPT);
@@ -188,16 +188,16 @@ Migrate to libssl 1.1
memcpy(i, iv->data, 8); /* leave iv buffer unchanged */
- des_set_key((const_des_cblock *) key->data, ks1);
- des_set_key((const_des_cblock *) (key->data + 8), ks2);
-+ DES_set_key((const_DES_cblock *) key->data, ks1);
-+ DES_set_key((const_DES_cblock *) (key->data + 8), ks2);
++ DES_set_key((const_DES_cblock *) key->data, &ks1);
++ DES_set_key((const_DES_cblock *) (key->data + 8), &ks2);
if (key->length == 16)
- des_set_key((const_des_cblock *) key->data, ks3);
-+ DES_set_key((const_DES_cblock *) key->data, ks3);
++ DES_set_key((const_DES_cblock *) key->data, &ks3);
else
- des_set_key((const_des_cblock *) (key->data + 16), ks3);
- des_ede3_cbc_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3,
-+ DES_set_key((const_DES_cblock *) (key->data + 16), ks3);
-+ DES_ede3_cbc_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3,
++ DES_set_key((const_DES_cblock *) (key->data + 16), &ks3);
++ DES_ede3_cbc_encrypt(buf->data, buf->data, buf->length, &ks1, &ks2, &ks3,
&i, enc);
return (0);
}
@@ -208,9 +208,9 @@ Migrate to libssl 1.1
- des_key_schedule ks1;
- des_key_schedule ks2;
- des_key_schedule ks3;
-+ DES_key_schedule *ks1;
-+ DES_key_schedule *ks2;
-+ DES_key_schedule *ks3;
++ DES_key_schedule ks1;
++ DES_key_schedule ks2;
++ DES_key_schedule ks3;
assert(enc == ENCRYPT || enc == DECRYPT);
assert(key->length == 24 && iv->length == 8);
@@ -220,10 +220,10 @@ Migrate to libssl 1.1
- des_set_key((const_des_cblock *) (key->data + 16), ks3);
- des_ede3_cfb64_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3,
- (des_cblock *) iv->data, &n, enc);
-+ DES_set_key((const_DES_cblock *) key->data, ks1);
-+ DES_set_key((const_DES_cblock *) (key->data + 8), ks2);
-+ DES_set_key((const_DES_cblock *) (key->data + 16), ks3);
-+ DES_ede3_cfb64_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3,
++ DES_set_key((const_DES_cblock *) key->data, &ks1);
++ DES_set_key((const_DES_cblock *) (key->data + 8), &ks2);
++ DES_set_key((const_DES_cblock *) (key->data + 16), &ks3);
++ DES_ede3_cfb64_encrypt(buf->data, buf->data, buf->length, &ks1, &ks2, &ks3,
+ (DES_cblock *) iv->data, &n, enc);
return (0);
}
@@ -240,9 +240,9 @@ Migrate to libssl 1.1
- des_key_schedule ks1;
- des_key_schedule ks2;
- des_key_schedule ks3;
-+ DES_key_schedule *ks1;
-+ DES_key_schedule *ks2;
-+ DES_key_schedule *ks3;
++ DES_key_schedule ks1;
++ DES_key_schedule ks2;
++ DES_key_schedule ks3;
SHA_CTX c;
assert(key->length == 25);
@@ -253,38 +253,44 @@ Migrate to libssl 1.1
- des_set_key((const_des_cblock *) (key->data + 1), ks1);
- des_set_key((const_des_cblock *) (key->data + 9), ks2);
- des_set_key((const_des_cblock *) (key->data+ 17), ks3);
-+ DES_set_key((const_DES_cblock *) (key->data + 1), ks1);
-+ DES_set_key((const_DES_cblock *) (key->data + 9), ks2);
-+ DES_set_key((const_DES_cblock *) (key->data+ 17), ks3);
++ DES_set_key((const_DES_cblock *) (key->data + 1), &ks1);
++ DES_set_key((const_DES_cblock *) (key->data + 9), &ks2);
++ DES_set_key((const_DES_cblock *) (key->data+ 17), &ks3);
if (mdc) {
mdc = 1;
-@@ -186,21 +186,21 @@
+@@ -186,22 +186,23 @@
SHA1_Update(&c, in->data, in->length);
}
n = 0;
- des_ede3_cfb64_encrypt(out->data + mdc, out->data + mdc, 10, ks1, ks2, ks3, &iv, &n,
-+ DES_ede3_cfb64_encrypt(out->data + mdc, out->data + mdc, 10, ks1, ks2, ks3, &iv, &n,
- ENCRYPT);
+- ENCRYPT);
++ DES_ede3_cfb64_encrypt(out->data + mdc, out->data + mdc, 10,
++ &ks1, &ks2, &ks3, &iv, &n, ENCRYPT);
if (!mdc) {
iv[6] = iv[0], iv[7] = iv[1];
memcpy(iv, out->data + 2, 6);
n = 0;
}
- des_ede3_cfb64_encrypt(in->data, out->data + 10 + mdc, in->length, ks1, ks2, ks3,
-+ DES_ede3_cfb64_encrypt(in->data, out->data + 10 + mdc, in->length, ks1, ks2, ks3,
- &iv, &n, ENCRYPT);
+- &iv, &n, ENCRYPT);
++ DES_ede3_cfb64_encrypt(in->data, out->data + 10 + mdc, in->length,
++ &ks1, &ks2, &ks3, &iv, &n, ENCRYPT);
if (mdc) {
SHA1_Update(&c, "\xD3\x14", 2); /* 0xD3 = 0xC0 | PGP_MDC */
- des_ede3_cfb64_encrypt("\xD3\x14", out->data + 11 + in->length, 2, ks1, ks2, ks3,
-+ DES_ede3_cfb64_encrypt("\xD3\x14", out->data + 11 + in->length, 2, ks1, ks2, ks3,
- &iv, &n, ENCRYPT);
+- &iv, &n, ENCRYPT);
++ DES_ede3_cfb64_encrypt("\xD3\x14", out->data + 11 + in->length, 2,
++ &ks1, &ks2, &ks3, &iv, &n, ENCRYPT);
SHA1_Final(out->data + 13 + in->length, &c);
- des_ede3_cfb64_encrypt(out->data + 13 + in->length, out->data + 13 + in->length, 20, ks1, ks2, ks3,
-+ DES_ede3_cfb64_encrypt(out->data + 13 + in->length, out->data + 13 + in->length, 20, ks1, ks2, ks3,
- &iv, &n, ENCRYPT);
+- &iv, &n, ENCRYPT);
++ DES_ede3_cfb64_encrypt(out->data + 13 + in->length,
++ out->data + 13 + in->length, 20, &ks1, &ks2, &ks3,
++ &iv, &n, ENCRYPT);
}
return (0);
+ }
--- a/Src/pgpdata.c
+++ b/Src/pgpdata.c
@@ -131,6 +131,7 @@
@@ -580,35 +586,38 @@ Migrate to libssl 1.1
- des_key_schedule ks1;
- des_key_schedule ks2;
- des_key_schedule ks3;
-+ DES_key_schedule *ks1;
-+ DES_key_schedule *ks2;
-+ DES_key_schedule *ks3;
++ DES_key_schedule ks1;
++ DES_key_schedule ks2;
++ DES_key_schedule ks3;
SHA_CTX c;
char md[20]; /* we could make hdr 20 bytes long and reuse it for md */
-@@ -423,12 +423,12 @@
+@@ -423,12 +423,13 @@
for (i = 0; i < 8; i++)
iv[i] = 0;
- des_set_key((const_des_cblock *) key->data, ks1);
- des_set_key((const_des_cblock *) (key->data + 8), ks2);
- des_set_key((const_des_cblock *) (key->data+ 16), ks3);
-+ DES_set_key((const_DES_cblock *) key->data, ks1);
-+ DES_set_key((const_DES_cblock *) (key->data + 8), ks2);
-+ DES_set_key((const_DES_cblock *) (key->data+ 16), ks3);
++ DES_set_key((const_DES_cblock *) key->data, &ks1);
++ DES_set_key((const_DES_cblock *) (key->data + 8), &ks2);
++ DES_set_key((const_DES_cblock *) (key->data+ 16), &ks3);
n = 0;
- des_ede3_cfb64_encrypt(in->data + mdc, hdr, 10, ks1, ks2, ks3, &iv, &n, DECRYPT);
-+ DES_ede3_cfb64_encrypt(in->data + mdc, hdr, 10, ks1, ks2, ks3, &iv, &n, DECRYPT);
++ DES_ede3_cfb64_encrypt(in->data + mdc, hdr, 10, &ks1, &ks2, &ks3,
++ &iv, &n, DECRYPT);
if (n != 2 || hdr[8] != hdr[6] || hdr[9] != hdr[7]) {
err = -1;
goto end;
-@@ -441,7 +441,7 @@
+@@ -441,8 +442,8 @@
memcpy(iv, in->data + 2, 6);
n = 0;
}
- des_ede3_cfb64_encrypt(in->data + 10 + mdc, out->data, in->length - 10 + mdc, ks1,
-+ DES_ede3_cfb64_encrypt(in->data + 10 + mdc, out->data, in->length - 10 + mdc, ks1,
- ks2, ks3, &iv, &n, DECRYPT);
+- ks2, ks3, &iv, &n, DECRYPT);
++ DES_ede3_cfb64_encrypt(in->data + 10 + mdc, out->data, in->length - 10 + mdc,
++ &ks1, &ks2, &ks3, &iv, &n, DECRYPT);
if (mdc) {
if (out->length > 22) {
+ out->length -= 22;
