Description: Fix build with OpenSSL 1.1.0 Author: Christoph Biedl --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/ssh.c +++ b/ssh.c @@ -234,7 +234,10 @@ u_char *p, cipher, cookie[8], msg[1024]; u_int32_t num; int i; - + + const BIGNUM *servkey_e, *servkey_n; + const BIGNUM *hostkey_e, *hostkey_n; + /* Generate anti-spoofing cookie. */ RAND_bytes(cookie, sizeof(cookie)); @@ -243,11 +246,13 @@ *p++ = SSH_SMSG_PUBLIC_KEY; /* type */ memcpy(p, cookie, 8); p += 8; /* cookie */ num = 768; PUTLONG(num, p); /* servkey bits */ - put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */ - put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */ + RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL); + put_bn(servkey_e, &p); /* servkey exponent */ + put_bn(servkey_n, &p); /* servkey modulus */ num = 1024; PUTLONG(num, p); /* hostkey bits */ - put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */ - put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */ + RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL); + put_bn(hostkey_e, &p); /* hostkey exponent */ + put_bn(hostkey_n, &p); /* hostkey modulus */ num = 0; PUTLONG(num, p); /* protocol flags */ num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */ num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */ @@ -298,7 +303,7 @@ SKIP(p, i, 4); /* Decrypt session key. */ - if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) { + if (BN_cmp(servkey_n, hostkey_n) > 0) { rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey); rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey); } @@ -318,8 +323,8 @@ BN_clear_free(enckey); /* Derive real session key using session id. */ - if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, - ssh->ctx->servkey->n)) == NULL) { + if ((p = ssh_session_id(cookie, hostkey_n, + servkey_n)) == NULL) { warn("ssh_session_id"); return (-1); } @@ -328,10 +333,8 @@ } /* Set cipher. */ if (cipher == SSH_CIPHER_3DES) { - ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->encrypt = des3_encrypt; - ssh->decrypt = des3_decrypt; + warnx("cipher 3des no longer supported"); + return (-1); } else if (cipher == SSH_CIPHER_BLOWFISH) { ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey)); @@ -357,7 +360,10 @@ u_char *p, cipher, cookie[8], msg[1024]; u_int32_t num; int i; - + + BIGNUM *servkey_n, *servkey_e; + BIGNUM *hostkey_n, *hostkey_e; + /* Get public key. */ if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { warn("SSH_recv"); @@ -379,21 +385,23 @@ /* Get servkey. */ ssh->ctx->servkey = RSA_new(); - ssh->ctx->servkey->n = BN_new(); - ssh->ctx->servkey->e = BN_new(); + servkey_n = BN_new(); + servkey_e = BN_new(); + RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL); SKIP(p, i, 4); - get_bn(ssh->ctx->servkey->e, &p, &i); - get_bn(ssh->ctx->servkey->n, &p, &i); + get_bn(servkey_e, &p, &i); + get_bn(servkey_n, &p, &i); /* Get hostkey. */ ssh->ctx->hostkey = RSA_new(); - ssh->ctx->hostkey->n = BN_new(); - ssh->ctx->hostkey->e = BN_new(); + hostkey_n = BN_new(); + hostkey_e = BN_new(); + RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL); SKIP(p, i, 4); - get_bn(ssh->ctx->hostkey->e, &p, &i); - get_bn(ssh->ctx->hostkey->n, &p, &i); + get_bn(hostkey_e, &p, &i); + get_bn(hostkey_n, &p, &i); /* Get cipher, auth masks. */ SKIP(p, i, 4); @@ -405,8 +413,8 @@ RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey)); /* Obfuscate with session id. */ - if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, - ssh->ctx->servkey->n)) == NULL) { + if ((p = ssh_session_id(cookie, hostkey_n, + servkey_n)) == NULL) { warn("ssh_session_id"); return (-1); } @@ -422,7 +430,7 @@ else BN_add_word(bn, ssh->sesskey[i]); } /* Encrypt session key. */ - if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) { + if (BN_cmp(servkey_n, hostkey_n) < 0) { rsa_public_encrypt(bn, bn, ssh->ctx->servkey); rsa_public_encrypt(bn, bn, ssh->ctx->hostkey); } @@ -470,10 +478,8 @@ ssh->decrypt = blowfish_decrypt; } else if (cipher == SSH_CIPHER_3DES) { - ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->encrypt = des3_encrypt; - ssh->decrypt = des3_decrypt; + warnx("cipher 3des no longer supported"); + return (-1); } /* Get server response. */ if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { --- a/sshcrypto.c +++ b/sshcrypto.c @@ -28,10 +28,12 @@ u_char iv[8]; }; +#if 0 struct des3_state { des_key_schedule k1, k2, k3; des_cblock iv1, iv2, iv3; }; +#endif void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) @@ -39,10 +41,12 @@ u_char *inbuf, *outbuf; int len, ilen, olen; - if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) + const BIGNUM *n, *e; + RSA_get0_key(key, &n, &e, NULL); + if (BN_num_bits(e) < 2 || !BN_is_odd(e)) errx(1, "rsa_public_encrypt() exponent too small or not odd"); - olen = BN_num_bytes(key->n); + olen = BN_num_bytes(n); outbuf = malloc(olen); ilen = BN_num_bytes(in); @@ -71,7 +75,9 @@ u_char *inbuf, *outbuf; int len, ilen, olen; - olen = BN_num_bytes(key->n); + const BIGNUM *n; + RSA_get0_key(key, &n, NULL, NULL); + olen = BN_num_bytes(n); outbuf = malloc(olen); ilen = BN_num_bytes(in); @@ -146,6 +152,7 @@ swap_bytes(dst, dst, len); } +#if 0 /* XXX - SSH1's weirdo 3DES... */ void * des3_init(u_char *sesskey, int len) @@ -194,3 +201,4 @@ des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT); des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT); } +#endif