Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Oct 2018 20:03:46 +0000 (UTC)
From:      Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r482244 - in head/net-mgmt/ettercap: . files
Message-ID:  <201810162003.w9GK3kx5009762@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: sunpoet
Date: Tue Oct 16 20:03:46 2018
New Revision: 482244
URL: https://svnweb.freebsd.org/changeset/ports/482244

Log:
  Fix build with OpenSSL 1.1.x
  
  Obtained from:	https://github.com/LocutusOfBorg/ettercap/commit/f0d63b27c82df2ad5f7ada6310727d841b43fbcc
  		https://github.com/LocutusOfBorg/ettercap/commit/def7a62c542241367428223dc460906b0634dcd1

Added:
  head/net-mgmt/ettercap/files/patch-src-dissectors-ec_ssh.c   (contents, props changed)
  head/net-mgmt/ettercap/files/patch-src-ec_sslwrap.c   (contents, props changed)
Modified:
  head/net-mgmt/ettercap/Makefile

Modified: head/net-mgmt/ettercap/Makefile
==============================================================================
--- head/net-mgmt/ettercap/Makefile	Tue Oct 16 20:03:38 2018	(r482243)
+++ head/net-mgmt/ettercap/Makefile	Tue Oct 16 20:03:46 2018	(r482244)
@@ -16,7 +16,7 @@ LICENSE_FILE=	${WRKSRC}/LICENSE
 LIB_DEPENDS=	libnet.so:net/libnet
 
 OPTIONS_DEFINE=	DESKTOP DOCS GTK2 IPV6 NCURSES PCRE PLUGINS SSL UTF8
-OPTIONS_DEFAULT=GTK2 NCURSES PCRE PLUGINS SSL UTF8
+OPTIONS_DEFAULT=NCURSES PCRE PLUGINS SSL UTF8
 OPTIONS_SUB=	yes
 DESKTOP_DESC=	Install ettercap.desktop
 NCURSES_DESC=	Ncurses interface

Added: head/net-mgmt/ettercap/files/patch-src-dissectors-ec_ssh.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net-mgmt/ettercap/files/patch-src-dissectors-ec_ssh.c	Tue Oct 16 20:03:46 2018	(r482244)
@@ -0,0 +1,207 @@
+Obtained from:	https://github.com/LocutusOfBorg/ettercap/commit/f0d63b27c82df2ad5f7ada6310727d841b43fbcc
+
+--- src/dissectors/ec_ssh.c.orig	2015-03-14 13:43:11 UTC
++++ src/dissectors/ec_ssh.c
+@@ -36,6 +36,10 @@
+ #include <openssl/md5.h>
+ #include <zlib.h>
+ 
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define SMSG_PUBLIC_KEY 2
+ #define CMSG_SESSION_KEY 3
+ #define CMSG_USER 4
+@@ -138,6 +142,11 @@ FUNC_DECODER(dissector_ssh)
+    char tmp[MAX_ASCII_ADDR_LEN];
+    u_int32 ssh_len, ssh_mod;
+    u_char ssh_packet_type, *ptr, *key_to_put;
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++   BIGNUM *h_n, *s_n, *m_h_n, *m_s_n;
++   BIGNUM *h_e, *s_e, *m_h_e, *m_s_e;
++   BIGNUM *h_d, *s_d, *m_h_d, *m_s_d;
++#endif
+ 
+    /* don't complain about unused var */
+    (void) DECODE_DATA; 
+@@ -383,12 +392,25 @@ FUNC_DECODER(dissector_ssh)
+             if (session_data->ptrkey == NULL) { 
+                /* Initialize RSA key structures (other fileds are set to 0) */
+                session_data->serverkey = RSA_new();
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               s_n = BN_new();
++               s_e = BN_new();
++               RSA_set0_key(session_data->serverkey, s_n, s_e, s_d);
++#else
+                session_data->serverkey->n = BN_new();
+                session_data->serverkey->e = BN_new();
++#endif
+ 
+                session_data->hostkey = RSA_new();
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               h_n = BN_new();
++               h_e = BN_new();
++               RSA_set0_key(session_data->hostkey, h_n, h_e, h_d);
++#else
+                session_data->hostkey->n = BN_new();
+                session_data->hostkey->e = BN_new();
++#endif
+ 
+                /* Get the RSA Key from the packet */
+                NS_GET32(server_mod,ptr);
+@@ -396,19 +418,37 @@ FUNC_DECODER(dissector_ssh)
+                   DEBUG_MSG("Dissector_ssh Bougs Server_Mod");
+                   return NULL;
+                }
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d);
++               get_bn(s_e, &ptr);
++               get_bn(s_n, &ptr);
++#else
+                get_bn(session_data->serverkey->e, &ptr);
+                get_bn(session_data->serverkey->n, &ptr);
++#endif
+ 
+                NS_GET32(host_mod,ptr);
+                if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) {
+                   DEBUG_MSG("Dissector_ssh Bougs Host_Mod");
+                   return NULL;
+                }
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d);
++               get_bn(h_e, &ptr);
++               get_bn(h_n, &ptr);
++#else
+                get_bn(session_data->hostkey->e, &ptr);
+                get_bn(session_data->hostkey->n, &ptr);
++#endif
+ 
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               server_exp = BN_get_word(s_e);
++               host_exp   = BN_get_word(h_e);
++#else
+                server_exp = *(session_data->serverkey->e->d);
+                host_exp   = *(session_data->hostkey->e->d);
++#endif
+ 
+                /* Check if we already have a suitable RSA key to substitute */
+                index_ssl = &ssh_conn_key;
+@@ -424,7 +464,7 @@ FUNC_DECODER(dissector_ssh)
+                   SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key));
+ 
+                   /* Generate the new key */
+-                  (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL);
++                  (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL);
+                   (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL);
+                   (*index_ssl)->server_mod = server_mod;
+                   (*index_ssl)->host_mod = host_mod;
+@@ -443,11 +483,25 @@ FUNC_DECODER(dissector_ssh)
+ 
+             /* Put our RSA key in the packet */
+             key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d);
++            put_bn(m_s_e, &key_to_put);
++            put_bn(m_s_n, &key_to_put);
++#else
+             put_bn(session_data->ptrkey->myserverkey->e, &key_to_put);
+             put_bn(session_data->ptrkey->myserverkey->n, &key_to_put);
++#endif
+             key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d);
++            put_bn(m_h_e, &key_to_put);
++            put_bn(m_h_n, &key_to_put);
++#else
+             put_bn(session_data->ptrkey->myhostkey->e, &key_to_put);
+             put_bn(session_data->ptrkey->myhostkey->n, &key_to_put);
++#endif
+ 
+             /* Recalculate SSH crc */
+             *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO));
+@@ -482,19 +536,34 @@ FUNC_DECODER(dissector_ssh)
+             key_to_put = ptr;
+ 
+             /* Calculate real session id and our fake session id */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            temp_session_id = ssh_session_id(cookie, h_n, s_n);
++#else
+             temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n);
++#endif
+             if (temp_session_id)
+                memcpy(session_id1, temp_session_id, 16);
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n);
++#else
+             temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n);
++#endif
++
+             if (temp_session_id)
+                memcpy(session_id2, temp_session_id, 16);
+ 
+             /* Get the session key */
+             enckey = BN_new();
++
+             get_bn(enckey, &ptr);
+ 
+             /* Decrypt session key */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            if (BN_cmp(m_s_n, m_h_n) > 0) {
++#else
+             if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) {
++#endif
+               rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey);
+               rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey);
+             } else {
+@@ -534,7 +603,11 @@ FUNC_DECODER(dissector_ssh)
+                  BN_add_word(bn, sesskey[i]);
+             }
+ 
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            if (BN_cmp(s_n, h_n) < 0) {
++#else
+             if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) {
++#endif
+                rsa_public_encrypt(bn, bn, session_data->serverkey);
+                rsa_public_encrypt(bn, bn, session_data->hostkey);
+             } else {
+@@ -716,7 +789,16 @@ static void rsa_public_encrypt(BIGNUM *o
+    u_char *inbuf, *outbuf;
+    int32 len, ilen, olen;
+ 
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++   BIGNUM *n;
++   BIGNUM *e;
++   BIGNUM *d;
++   RSA_get0_key(key, &n, &e, &d);
++   olen = BN_num_bytes(n);
++#else
+    olen = BN_num_bytes(key->n);
++#endif
++
+    outbuf = malloc(olen);
+    if (outbuf == NULL) /* oops, couldn't allocate memory */
+       return;
+@@ -744,7 +826,16 @@ static void rsa_private_decrypt(BIGNUM *
+    u_char *inbuf, *outbuf;
+    int32 len, ilen, olen;
+ 
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++   BIGNUM *n;
++   BIGNUM *e;
++   BIGNUM *d;
++   RSA_get0_key(key, &n, &e, &d);
++   olen = BN_num_bytes(n);
++#else
+    olen = BN_num_bytes(key->n);
++#endif
++
+    outbuf = malloc(olen);
+    if (outbuf == NULL) /* oops, couldn't allocate memory */
+       return;

Added: head/net-mgmt/ettercap/files/patch-src-ec_sslwrap.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net-mgmt/ettercap/files/patch-src-ec_sslwrap.c	Tue Oct 16 20:03:46 2018	(r482244)
@@ -0,0 +1,36 @@
+Obtained from:	https://github.com/LocutusOfBorg/ettercap/commit/f0d63b27c82df2ad5f7ada6310727d841b43fbcc
+		https://github.com/LocutusOfBorg/ettercap/commit/def7a62c542241367428223dc460906b0634dcd1
+
+--- src/ec_sslwrap.c.orig	2015-03-14 13:43:11 UTC
++++ src/ec_sslwrap.c
+@@ -53,6 +53,10 @@
+ #define OPENSSL_NO_KRB5 1
+ #include <openssl/ssl.h>
+ 
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define BREAK_ON_ERROR(x,y,z) do {  \
+    if (x == -E_INVALID) {            \
+       SAFE_FREE(z.DATA.disp_data);  \
+@@ -974,9 +978,19 @@ static X509 *sslw_create_selfsigned(X509
+    index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1);
+    if (index >=0) {
+       ext = X509_get_ext(server_cert, index);
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++      ASN1_OCTET_STRING* os;
++      os = X509_EXTENSION_get_data (ext);
++#endif
+       if (ext) {
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++         os->data[7] = 0xe7;
++         os->data[8] = 0x7e;
++         X509_EXTENSION_set_data (ext, os);
++#else
+          ext->value->data[7] = 0xe7;
+          ext->value->data[8] = 0x7e;
++#endif
+          X509_add_ext(out_cert, ext, -1);
+       }
+    }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810162003.w9GK3kx5009762>