Package: mixmaster Version: 3.0.0-9 Severity: grave Tags: patch Dear Maintainer,
the conversion to use libssl 1.1 renders the package allmost unusable due to segmentation faults in DES key handling. DES_set_key() does not allocate memory. After converting "des_key_schedule X" to "DES_key_schedule *X" DES_set_key() tries to access memory through an uninitialized pointer. Change conversion to "DES_key_schedule X" and adapt the usage from "X" to "&X". Regards Bene
diff -ruNp mixmaster-3.0.0.orig/debian/patches/mixmaster-libssl-1.1.patch mixmaster-3.0.0/debian/patches/mixmaster-libssl-1.1.patch --- mixmaster-3.0.0.orig/debian/patches/mixmaster-libssl-1.1.patch 2017-07-02 19:28:00.000000000 +0200 +++ mixmaster-3.0.0/debian/patches/mixmaster-libssl-1.1.patch 2017-08-08 21:50:58.703847144 +0200 @@ -176,9 +176,9 @@ Migrate to libssl 1.1 - des_key_schedule ks2; - des_key_schedule ks3; - des_cblock i; -+ DES_key_schedule *ks1; -+ DES_key_schedule *ks2; -+ DES_key_schedule *ks3; ++ DES_key_schedule ks1; ++ DES_key_schedule ks2; ++ DES_key_schedule ks3; + DES_cblock i; assert(enc == ENCRYPT || enc == DECRYPT); @@ -188,16 +188,16 @@ Migrate to libssl 1.1 memcpy(i, iv->data, 8); /* leave iv buffer unchanged */ - des_set_key((const_des_cblock *) key->data, ks1); - des_set_key((const_des_cblock *) (key->data + 8), ks2); -+ DES_set_key((const_DES_cblock *) key->data, ks1); -+ DES_set_key((const_DES_cblock *) (key->data + 8), ks2); ++ DES_set_key((const_DES_cblock *) key->data, &ks1); ++ DES_set_key((const_DES_cblock *) (key->data + 8), &ks2); if (key->length == 16) - des_set_key((const_des_cblock *) key->data, ks3); -+ DES_set_key((const_DES_cblock *) key->data, ks3); ++ DES_set_key((const_DES_cblock *) key->data, &ks3); else - des_set_key((const_des_cblock *) (key->data + 16), ks3); - des_ede3_cbc_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3, -+ DES_set_key((const_DES_cblock *) (key->data + 16), ks3); -+ DES_ede3_cbc_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3, ++ DES_set_key((const_DES_cblock *) (key->data + 16), &ks3); ++ DES_ede3_cbc_encrypt(buf->data, buf->data, buf->length, &ks1, &ks2, &ks3, &i, enc); return (0); } @@ -208,9 +208,9 @@ Migrate to libssl 1.1 - des_key_schedule ks1; - des_key_schedule ks2; - des_key_schedule ks3; -+ DES_key_schedule *ks1; -+ DES_key_schedule *ks2; -+ DES_key_schedule *ks3; ++ DES_key_schedule ks1; ++ DES_key_schedule ks2; ++ DES_key_schedule ks3; assert(enc == ENCRYPT || enc == DECRYPT); assert(key->length == 24 && iv->length == 8); @@ -220,10 +220,10 @@ Migrate to libssl 1.1 - des_set_key((const_des_cblock *) (key->data + 16), ks3); - des_ede3_cfb64_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3, - (des_cblock *) iv->data, &n, enc); -+ DES_set_key((const_DES_cblock *) key->data, ks1); -+ DES_set_key((const_DES_cblock *) (key->data + 8), ks2); -+ DES_set_key((const_DES_cblock *) (key->data + 16), ks3); -+ DES_ede3_cfb64_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3, ++ DES_set_key((const_DES_cblock *) key->data, &ks1); ++ DES_set_key((const_DES_cblock *) (key->data + 8), &ks2); ++ DES_set_key((const_DES_cblock *) (key->data + 16), &ks3); ++ DES_ede3_cfb64_encrypt(buf->data, buf->data, buf->length, &ks1, &ks2, &ks3, + (DES_cblock *) iv->data, &n, enc); return (0); } @@ -240,9 +240,9 @@ Migrate to libssl 1.1 - des_key_schedule ks1; - des_key_schedule ks2; - des_key_schedule ks3; -+ DES_key_schedule *ks1; -+ DES_key_schedule *ks2; -+ DES_key_schedule *ks3; ++ DES_key_schedule ks1; ++ DES_key_schedule ks2; ++ DES_key_schedule ks3; SHA_CTX c; assert(key->length == 25); @@ -253,38 +253,44 @@ Migrate to libssl 1.1 - des_set_key((const_des_cblock *) (key->data + 1), ks1); - des_set_key((const_des_cblock *) (key->data + 9), ks2); - des_set_key((const_des_cblock *) (key->data+ 17), ks3); -+ DES_set_key((const_DES_cblock *) (key->data + 1), ks1); -+ DES_set_key((const_DES_cblock *) (key->data + 9), ks2); -+ DES_set_key((const_DES_cblock *) (key->data+ 17), ks3); ++ DES_set_key((const_DES_cblock *) (key->data + 1), &ks1); ++ DES_set_key((const_DES_cblock *) (key->data + 9), &ks2); ++ DES_set_key((const_DES_cblock *) (key->data+ 17), &ks3); if (mdc) { mdc = 1; -@@ -186,21 +186,21 @@ +@@ -186,22 +186,23 @@ SHA1_Update(&c, in->data, in->length); } n = 0; - des_ede3_cfb64_encrypt(out->data + mdc, out->data + mdc, 10, ks1, ks2, ks3, &iv, &n, -+ DES_ede3_cfb64_encrypt(out->data + mdc, out->data + mdc, 10, ks1, ks2, ks3, &iv, &n, - ENCRYPT); +- ENCRYPT); ++ DES_ede3_cfb64_encrypt(out->data + mdc, out->data + mdc, 10, ++ &ks1, &ks2, &ks3, &iv, &n, ENCRYPT); if (!mdc) { iv[6] = iv[0], iv[7] = iv[1]; memcpy(iv, out->data + 2, 6); n = 0; } - des_ede3_cfb64_encrypt(in->data, out->data + 10 + mdc, in->length, ks1, ks2, ks3, -+ DES_ede3_cfb64_encrypt(in->data, out->data + 10 + mdc, in->length, ks1, ks2, ks3, - &iv, &n, ENCRYPT); +- &iv, &n, ENCRYPT); ++ DES_ede3_cfb64_encrypt(in->data, out->data + 10 + mdc, in->length, ++ &ks1, &ks2, &ks3, &iv, &n, ENCRYPT); if (mdc) { SHA1_Update(&c, "\xD3\x14", 2); /* 0xD3 = 0xC0 | PGP_MDC */ - des_ede3_cfb64_encrypt("\xD3\x14", out->data + 11 + in->length, 2, ks1, ks2, ks3, -+ DES_ede3_cfb64_encrypt("\xD3\x14", out->data + 11 + in->length, 2, ks1, ks2, ks3, - &iv, &n, ENCRYPT); +- &iv, &n, ENCRYPT); ++ DES_ede3_cfb64_encrypt("\xD3\x14", out->data + 11 + in->length, 2, ++ &ks1, &ks2, &ks3, &iv, &n, ENCRYPT); SHA1_Final(out->data + 13 + in->length, &c); - des_ede3_cfb64_encrypt(out->data + 13 + in->length, out->data + 13 + in->length, 20, ks1, ks2, ks3, -+ DES_ede3_cfb64_encrypt(out->data + 13 + in->length, out->data + 13 + in->length, 20, ks1, ks2, ks3, - &iv, &n, ENCRYPT); +- &iv, &n, ENCRYPT); ++ DES_ede3_cfb64_encrypt(out->data + 13 + in->length, ++ out->data + 13 + in->length, 20, &ks1, &ks2, &ks3, ++ &iv, &n, ENCRYPT); } return (0); + } --- a/Src/pgpdata.c +++ b/Src/pgpdata.c @@ -131,6 +131,7 @@ @@ -580,35 +586,38 @@ Migrate to libssl 1.1 - des_key_schedule ks1; - des_key_schedule ks2; - des_key_schedule ks3; -+ DES_key_schedule *ks1; -+ DES_key_schedule *ks2; -+ DES_key_schedule *ks3; ++ DES_key_schedule ks1; ++ DES_key_schedule ks2; ++ DES_key_schedule ks3; SHA_CTX c; char md[20]; /* we could make hdr 20 bytes long and reuse it for md */ -@@ -423,12 +423,12 @@ +@@ -423,12 +423,13 @@ for (i = 0; i < 8; i++) iv[i] = 0; - des_set_key((const_des_cblock *) key->data, ks1); - des_set_key((const_des_cblock *) (key->data + 8), ks2); - des_set_key((const_des_cblock *) (key->data+ 16), ks3); -+ DES_set_key((const_DES_cblock *) key->data, ks1); -+ DES_set_key((const_DES_cblock *) (key->data + 8), ks2); -+ DES_set_key((const_DES_cblock *) (key->data+ 16), ks3); ++ DES_set_key((const_DES_cblock *) key->data, &ks1); ++ DES_set_key((const_DES_cblock *) (key->data + 8), &ks2); ++ DES_set_key((const_DES_cblock *) (key->data+ 16), &ks3); n = 0; - des_ede3_cfb64_encrypt(in->data + mdc, hdr, 10, ks1, ks2, ks3, &iv, &n, DECRYPT); -+ DES_ede3_cfb64_encrypt(in->data + mdc, hdr, 10, ks1, ks2, ks3, &iv, &n, DECRYPT); ++ DES_ede3_cfb64_encrypt(in->data + mdc, hdr, 10, &ks1, &ks2, &ks3, ++ &iv, &n, DECRYPT); if (n != 2 || hdr[8] != hdr[6] || hdr[9] != hdr[7]) { err = -1; goto end; -@@ -441,7 +441,7 @@ +@@ -441,8 +442,8 @@ memcpy(iv, in->data + 2, 6); n = 0; } - des_ede3_cfb64_encrypt(in->data + 10 + mdc, out->data, in->length - 10 + mdc, ks1, -+ DES_ede3_cfb64_encrypt(in->data + 10 + mdc, out->data, in->length - 10 + mdc, ks1, - ks2, ks3, &iv, &n, DECRYPT); +- ks2, ks3, &iv, &n, DECRYPT); ++ DES_ede3_cfb64_encrypt(in->data + 10 + mdc, out->data, in->length - 10 + mdc, ++ &ks1, &ks2, &ks3, &iv, &n, DECRYPT); if (mdc) { if (out->length > 22) { + out->length -= 22;