Attachment #557880 for bug #673222

View | Details | Raw Unified | Return to bug 673222
Collapse All | Expand All

Lines 36-41 Link Here

(-)ettercap-0.8.2/src/dissectors/ec_ssh.c (-1 / +92 lines)
36	#include <openssl/md5.h>	36	#include <openssl/md5.h>
37	#include <zlib.h>	37	#include <zlib.h>
38		38
		39	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		40	#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
		41	#endif
		42
39	#define SMSG_PUBLIC_KEY 2	43	#define SMSG_PUBLIC_KEY 2
40	#define CMSG_SESSION_KEY 3	44	#define CMSG_SESSION_KEY 3
41	#define CMSG_USER 4	45	#define CMSG_USER 4
Lines 138-143 Link Here
138	char tmp[MAX_ASCII_ADDR_LEN];	142	char tmp[MAX_ASCII_ADDR_LEN];
139	u_int32 ssh_len, ssh_mod;	143	u_int32 ssh_len, ssh_mod;
140	u_char ssh_packet_type, ptr, key_to_put;	144	u_char ssh_packet_type, ptr, key_to_put;
		145	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		146	BIGNUM h_n, s_n, m_h_n, m_s_n;
		147	BIGNUM h_e, s_e, m_h_e, m_s_e;
		148	BIGNUM h_d, s_d, m_h_d, m_s_d;
		149	#endif
141		150
142	/* don't complain about unused var */	151	/* don't complain about unused var */
143	(void) DECODE_DATA;	152	(void) DECODE_DATA;
Lines 383-394 Link Here
383	if (session_data->ptrkey == NULL) {	392	if (session_data->ptrkey == NULL) {
384	/* Initialize RSA key structures (other fileds are set to 0) */	393	/* Initialize RSA key structures (other fileds are set to 0) */
385	session_data->serverkey = RSA_new();	394	session_data->serverkey = RSA_new();
		395	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		396	s_n = BN_new();
		397	s_e = BN_new();
		398	RSA_set0_key(session_data->serverkey, s_n, s_e, s_d);
		399	#else
386	session_data->serverkey->n = BN_new();	400	session_data->serverkey->n = BN_new();
387	session_data->serverkey->e = BN_new();	401	session_data->serverkey->e = BN_new();
		402	#endif
388		403
389	session_data->hostkey = RSA_new();	404	session_data->hostkey = RSA_new();
		405
		406	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		407	h_n = BN_new();
		408	h_e = BN_new();
		409	RSA_set0_key(session_data->hostkey, h_n, h_e, h_d);
		410	#else
390	session_data->hostkey->n = BN_new();	411	session_data->hostkey->n = BN_new();
391	session_data->hostkey->e = BN_new();	412	session_data->hostkey->e = BN_new();
		413	#endif
392		414
393	/* Get the RSA Key from the packet */	415	/* Get the RSA Key from the packet */
394	NS_GET32(server_mod,ptr);	416	NS_GET32(server_mod,ptr);
Lines 396-414 Link Here
396	DEBUG_MSG("Dissector_ssh Bougs Server_Mod");	418	DEBUG_MSG("Dissector_ssh Bougs Server_Mod");
397	return NULL;	419	return NULL;
398	}	420	}
		421	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		422	RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d);
		423	get_bn(s_e, &ptr);
		424	get_bn(s_n, &ptr);
		425	#else
399	get_bn(session_data->serverkey->e, &ptr);	426	get_bn(session_data->serverkey->e, &ptr);
400	get_bn(session_data->serverkey->n, &ptr);	427	get_bn(session_data->serverkey->n, &ptr);
		428	#endif
401		429
402	NS_GET32(host_mod,ptr);	430	NS_GET32(host_mod,ptr);
403	if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) {	431	if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) {
404	DEBUG_MSG("Dissector_ssh Bougs Host_Mod");	432	DEBUG_MSG("Dissector_ssh Bougs Host_Mod");
405	return NULL;	433	return NULL;
406	}	434	}
		435
		436	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		437	RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d);
		438	get_bn(h_e, &ptr);
		439	get_bn(h_n, &ptr);
		440	#else
407	get_bn(session_data->hostkey->e, &ptr);	441	get_bn(session_data->hostkey->e, &ptr);
408	get_bn(session_data->hostkey->n, &ptr);	442	get_bn(session_data->hostkey->n, &ptr);
		443	#endif
409		444
		445	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		446	server_exp = BN_get_word(s_e);
		447	host_exp = BN_get_word(h_e);
		448	#else
410	server_exp = *(session_data->serverkey->e->d);	449	server_exp = *(session_data->serverkey->e->d);
411	host_exp = *(session_data->hostkey->e->d);	450	host_exp = *(session_data->hostkey->e->d);
		451	#endif
412		452
413	/* Check if we already have a suitable RSA key to substitute */	453	/* Check if we already have a suitable RSA key to substitute */
414	index_ssl = &ssh_conn_key;	454	index_ssl = &ssh_conn_key;
Lines 424-430 Link Here
424	SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key));	464	SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key));
425		465
426	/* Generate the new key */	466	/* Generate the new key */
427	(index_ssl)->myserverkey = (RSA )RSA_generate_key(server_mod, server_exp, NULL, NULL);	467	(index_ssl)->myserverkey = (RSA )RSA_generate_key_ex(server_mod, server_exp, NULL, NULL);
428	(index_ssl)->myhostkey = (RSA )RSA_generate_key(host_mod, host_exp, NULL, NULL);	468	(index_ssl)->myhostkey = (RSA )RSA_generate_key(host_mod, host_exp, NULL, NULL);
429	(*index_ssl)->server_mod = server_mod;	469	(*index_ssl)->server_mod = server_mod;
430	(*index_ssl)->host_mod = host_mod;	470	(*index_ssl)->host_mod = host_mod;
Lines 443-453 Link Here
443		483
444	/* Put our RSA key in the packet */	484	/* Put our RSA key in the packet */
445	key_to_put+=4;	485	key_to_put+=4;
		486
		487	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		488	RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d);
		489	put_bn(m_s_e, &key_to_put);
		490	put_bn(m_s_n, &key_to_put);
		491	#else
446	put_bn(session_data->ptrkey->myserverkey->e, &key_to_put);	492	put_bn(session_data->ptrkey->myserverkey->e, &key_to_put);
447	put_bn(session_data->ptrkey->myserverkey->n, &key_to_put);	493	put_bn(session_data->ptrkey->myserverkey->n, &key_to_put);
		494	#endif
448	key_to_put+=4;	495	key_to_put+=4;
		496
		497	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		498	RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d);
		499	put_bn(m_h_e, &key_to_put);
		500	put_bn(m_h_n, &key_to_put);
		501	#else
449	put_bn(session_data->ptrkey->myhostkey->e, &key_to_put);	502	put_bn(session_data->ptrkey->myhostkey->e, &key_to_put);
450	put_bn(session_data->ptrkey->myhostkey->n, &key_to_put);	503	put_bn(session_data->ptrkey->myhostkey->n, &key_to_put);
		504	#endif
451		505
452	/* Recalculate SSH crc */	506	/* Recalculate SSH crc */
453	(u_int32 )(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO));	507	(u_int32 )(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO));
Lines 482-500 Link Here
482	key_to_put = ptr;	536	key_to_put = ptr;
483		537
484	/* Calculate real session id and our fake session id */	538	/* Calculate real session id and our fake session id */
		539	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		540	temp_session_id = ssh_session_id(cookie, h_n, s_n);
		541	#else
485	temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n);	542	temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n);
		543	#endif
486	if (temp_session_id)	544	if (temp_session_id)
487	memcpy(session_id1, temp_session_id, 16);	545	memcpy(session_id1, temp_session_id, 16);
		546
		547	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		548	temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n);
		549	#else
488	temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n);	550	temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n);
		551	#endif
		552
489	if (temp_session_id)	553	if (temp_session_id)
490	memcpy(session_id2, temp_session_id, 16);	554	memcpy(session_id2, temp_session_id, 16);
491		555
492	/* Get the session key */	556	/* Get the session key */
493	enckey = BN_new();	557	enckey = BN_new();
		558
494	get_bn(enckey, &ptr);	559	get_bn(enckey, &ptr);
495		560
496	/* Decrypt session key */	561	/* Decrypt session key */
		562	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		563	if (BN_cmp(m_s_n, m_h_n) > 0) {
		564	#else
497	if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) {	565	if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) {
		566	#endif
498	rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey);	567	rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey);
499	rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey);	568	rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey);
500	} else {	569	} else {
Lines 534-540 Link Here
534	BN_add_word(bn, sesskey[i]);	603	BN_add_word(bn, sesskey[i]);
535	}	604	}
536		605
		606	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		607	if (BN_cmp(s_n, h_n) < 0) {
		608	#else
537	if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) {	609	if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) {
		610	#endif
538	rsa_public_encrypt(bn, bn, session_data->serverkey);	611	rsa_public_encrypt(bn, bn, session_data->serverkey);
539	rsa_public_encrypt(bn, bn, session_data->hostkey);	612	rsa_public_encrypt(bn, bn, session_data->hostkey);
540	} else {	613	} else {
Lines 716-722 Link Here
716	u_char inbuf, outbuf;	789	u_char inbuf, outbuf;
717	int32 len, ilen, olen;	790	int32 len, ilen, olen;
718		791
		792	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		793	BIGNUM *n;
		794	BIGNUM *e;
		795	BIGNUM *d;
		796	RSA_get0_key(key, &n, &e, &d);
		797	olen = BN_num_bytes(n);
		798	#else
719	olen = BN_num_bytes(key->n);	799	olen = BN_num_bytes(key->n);
		800	#endif
		801
720	outbuf = malloc(olen);	802	outbuf = malloc(olen);
721	if (outbuf == NULL) /* oops, couldn't allocate memory */	803	if (outbuf == NULL) /* oops, couldn't allocate memory */
722	return;	804	return;
Lines 744-750 Link Here
744	u_char inbuf, outbuf;	826	u_char inbuf, outbuf;
745	int32 len, ilen, olen;	827	int32 len, ilen, olen;
746		828
		829	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		830	BIGNUM *n;
		831	BIGNUM *e;
		832	BIGNUM *d;
		833	RSA_get0_key(key, &n, &e, &d);
		834	olen = BN_num_bytes(n);
		835	#else
747	olen = BN_num_bytes(key->n);	836	olen = BN_num_bytes(key->n);
		837	#endif
		838
748	outbuf = malloc(olen);	839	outbuf = malloc(olen);
749	if (outbuf == NULL) /* oops, couldn't allocate memory */	840	if (outbuf == NULL) /* oops, couldn't allocate memory */
750	return;	841	return;

Lines 53-58 Link Here

(-)ettercap-0.8.2/src/ec_sslwrap.c (+14 lines)
53	#define OPENSSL_NO_KRB5 1	53	#define OPENSSL_NO_KRB5 1
54	#include <openssl/ssl.h>	54	#include <openssl/ssl.h>
55		55
		56	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		57	#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
		58	#endif
		59
56	#define BREAK_ON_ERROR(x,y,z) do { \	60	#define BREAK_ON_ERROR(x,y,z) do { \
57	if (x == -E_INVALID) { \	61	if (x == -E_INVALID) { \
58	SAFE_FREE(z.DATA.disp_data); \	62	SAFE_FREE(z.DATA.disp_data); \
Lines 974-982 Link Here
974	index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1);	978	index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1);
975	if (index >=0) {	979	if (index >=0) {
976	ext = X509_get_ext(server_cert, index);	980	ext = X509_get_ext(server_cert, index);
		981	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		982	ASN1_OCTET_STRING* os;
		983	os = X509_EXTENSION_get_data (ext);
		984	#endif
977	if (ext) {	985	if (ext) {
		986	#ifdef HAVE_OPAQUE_RSA_DSA_DH
		987	os->data[7] = 0xe7;
		988	os->data[8] = 0x7e;
		989	X509_EXTENSION_set_data (ext, os);
		990	#else
978	ext->value->data[7] = 0xe7;	991	ext->value->data[7] = 0xe7;
979	ext->value->data[8] = 0x7e;	992	ext->value->data[8] = 0x7e;
		993	#endif
980	X509_add_ext(out_cert, ext, -1);	994	X509_add_ext(out_cert, ext, -1);
981	}	995	}
982	}	996	}

Return to bug 673222