From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001 From: Gianfranco Costamagna Date: Mon, 27 Jun 2016 12:41:33 +0200 Subject: [PATCH 1/2] First draft of openssl 1.1 compatibility layer (from https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc) Closes: #739 --- src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++- src/ec_sslwrap.c | 14 ++++++++ 2 files changed, 106 insertions(+), 1 deletion(-) Index: ettercap-0.8.2/src/dissectors/ec_ssh.c =================================================================== --- ettercap-0.8.2.orig/src/dissectors/ec_ssh.c +++ ettercap-0.8.2/src/dissectors/ec_ssh.c @@ -36,6 +36,10 @@ #include #include +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) +#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ +#endif + #define SMSG_PUBLIC_KEY 2 #define CMSG_SESSION_KEY 3 #define CMSG_USER 4 @@ -138,6 +142,11 @@ char tmp[MAX_ASCII_ADDR_LEN]; u_int32 ssh_len, ssh_mod; u_char ssh_packet_type, *ptr, *key_to_put; +#ifdef HAVE_OPAQUE_RSA_DSA_DH + BIGNUM *h_n, *s_n, *m_h_n, *m_s_n; + BIGNUM *h_e, *s_e, *m_h_e, *m_s_e; + BIGNUM *h_d, *s_d, *m_h_d, *m_s_d; +#endif /* don't complain about unused var */ (void) DECODE_DATA; @@ -383,12 +392,25 @@ if (session_data->ptrkey == NULL) { /* Initialize RSA key structures (other fileds are set to 0) */ session_data->serverkey = RSA_new(); +#ifdef HAVE_OPAQUE_RSA_DSA_DH + s_n = BN_new(); + s_e = BN_new(); + RSA_set0_key(session_data->serverkey, s_n, s_e, s_d); +#else session_data->serverkey->n = BN_new(); session_data->serverkey->e = BN_new(); +#endif session_data->hostkey = RSA_new(); + +#ifdef HAVE_OPAQUE_RSA_DSA_DH + h_n = BN_new(); + h_e = BN_new(); + RSA_set0_key(session_data->hostkey, h_n, h_e, h_d); +#else session_data->hostkey->n = BN_new(); session_data->hostkey->e = BN_new(); +#endif /* Get the RSA Key from the packet */ NS_GET32(server_mod,ptr); @@ -396,19 +418,37 @@ DEBUG_MSG("Dissector_ssh Bougs Server_Mod"); return NULL; } +#ifdef HAVE_OPAQUE_RSA_DSA_DH + RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d); + get_bn(s_e, &ptr); + get_bn(s_n, &ptr); +#else get_bn(session_data->serverkey->e, &ptr); get_bn(session_data->serverkey->n, &ptr); +#endif NS_GET32(host_mod,ptr); if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) { DEBUG_MSG("Dissector_ssh Bougs Host_Mod"); return NULL; } + +#ifdef HAVE_OPAQUE_RSA_DSA_DH + RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d); + get_bn(h_e, &ptr); + get_bn(h_n, &ptr); +#else get_bn(session_data->hostkey->e, &ptr); get_bn(session_data->hostkey->n, &ptr); +#endif +#ifdef HAVE_OPAQUE_RSA_DSA_DH + server_exp = BN_get_word(s_e); + host_exp = BN_get_word(h_e); +#else server_exp = *(session_data->serverkey->e->d); host_exp = *(session_data->hostkey->e->d); +#endif /* Check if we already have a suitable RSA key to substitute */ index_ssl = &ssh_conn_key; @@ -424,7 +464,7 @@ SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key)); /* Generate the new key */ - (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL); + (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL); (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL); (*index_ssl)->server_mod = server_mod; (*index_ssl)->host_mod = host_mod; @@ -443,11 +483,25 @@ /* Put our RSA key in the packet */ key_to_put+=4; + +#ifdef HAVE_OPAQUE_RSA_DSA_DH + RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d); + put_bn(m_s_e, &key_to_put); + put_bn(m_s_n, &key_to_put); +#else put_bn(session_data->ptrkey->myserverkey->e, &key_to_put); put_bn(session_data->ptrkey->myserverkey->n, &key_to_put); +#endif key_to_put+=4; + +#ifdef HAVE_OPAQUE_RSA_DSA_DH + RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d); + put_bn(m_h_e, &key_to_put); + put_bn(m_h_n, &key_to_put); +#else put_bn(session_data->ptrkey->myhostkey->e, &key_to_put); put_bn(session_data->ptrkey->myhostkey->n, &key_to_put); +#endif /* Recalculate SSH crc */ *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO)); @@ -482,19 +536,34 @@ key_to_put = ptr; /* Calculate real session id and our fake session id */ +#ifdef HAVE_OPAQUE_RSA_DSA_DH + temp_session_id = ssh_session_id(cookie, h_n, s_n); +#else temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n); +#endif if (temp_session_id) memcpy(session_id1, temp_session_id, 16); + +#ifdef HAVE_OPAQUE_RSA_DSA_DH + temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n); +#else temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n); +#endif + if (temp_session_id) memcpy(session_id2, temp_session_id, 16); /* Get the session key */ enckey = BN_new(); + get_bn(enckey, &ptr); /* Decrypt session key */ +#ifdef HAVE_OPAQUE_RSA_DSA_DH + if (BN_cmp(m_s_n, m_h_n) > 0) { +#else if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) { +#endif rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey); rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey); } else { @@ -534,7 +603,11 @@ BN_add_word(bn, sesskey[i]); } +#ifdef HAVE_OPAQUE_RSA_DSA_DH + if (BN_cmp(s_n, h_n) < 0) { +#else if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) { +#endif rsa_public_encrypt(bn, bn, session_data->serverkey); rsa_public_encrypt(bn, bn, session_data->hostkey); } else { @@ -716,7 +789,16 @@ u_char *inbuf, *outbuf; int32 len, ilen, olen; +#ifdef HAVE_OPAQUE_RSA_DSA_DH + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + RSA_get0_key(key, &n, &e, &d); + olen = BN_num_bytes(n); +#else olen = BN_num_bytes(key->n); +#endif + outbuf = malloc(olen); if (outbuf == NULL) /* oops, couldn't allocate memory */ return; @@ -744,7 +826,16 @@ u_char *inbuf, *outbuf; int32 len, ilen, olen; +#ifdef HAVE_OPAQUE_RSA_DSA_DH + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + RSA_get0_key(key, &n, &e, &d); + olen = BN_num_bytes(n); +#else olen = BN_num_bytes(key->n); +#endif + outbuf = malloc(olen); if (outbuf == NULL) /* oops, couldn't allocate memory */ return; Index: ettercap-0.8.2/src/ec_sslwrap.c =================================================================== --- ettercap-0.8.2.orig/src/ec_sslwrap.c +++ ettercap-0.8.2/src/ec_sslwrap.c @@ -53,6 +53,10 @@ #define OPENSSL_NO_KRB5 1 #include +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) +#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ +#endif + #define BREAK_ON_ERROR(x,y,z) do { \ if (x == -E_INVALID) { \ SAFE_FREE(z.DATA.disp_data); \ @@ -974,9 +978,19 @@ index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1); if (index >=0) { ext = X509_get_ext(server_cert, index); +#ifdef HAVE_OPAQUE_RSA_DSA_DH + ASN1_OCTET_STRING* os; + os = X509_EXTENSION_get_data (ext); +#endif if (ext) { +#ifdef HAVE_OPAQUE_RSA_DSA_DH + os->data[7] = 0xe7; + os->data[8] = 0x7e; + X509_EXTENSION_set_data (ext, os); +#else ext->value->data[7] = 0xe7; ext->value->data[8] = 0x7e; +#endif X509_add_ext(out_cert, ext, -1); } }