| 1 |
commit: fe87ccdf589165221731be9d02fa9a1a576356ed |
| 2 |
Author: Craig Andrews <candrews <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat Dec 29 01:41:03 2018 +0000 |
| 4 |
Commit: Craig Andrews <candrews <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Jan 2 00:31:53 2019 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe87ccdf |
| 7 |
|
| 8 |
net-analyzer/ettercap: openssl 1.1 compatiblity, EAPI=6, fix tests |
| 9 |
|
| 10 |
Closes: https://bugs.gentoo.org/673222 |
| 11 |
Package-Manager: Portage-2.3.53, Repoman-2.3.12 |
| 12 |
Signed-off-by: Craig Andrews <candrews <AT> gentoo.org> |
| 13 |
|
| 14 |
...tercap-9999.ebuild => ettercap-0.8.2-r2.ebuild} | 33 +-- |
| 15 |
net-analyzer/ettercap/ettercap-9999.ebuild | 29 ++- |
| 16 |
.../files/ettercap-0.8.2-openssl-1.1.patch | 254 +++++++++++++++++++++ |
| 17 |
3 files changed, 284 insertions(+), 32 deletions(-) |
| 18 |
|
| 19 |
diff --git a/net-analyzer/ettercap/ettercap-9999.ebuild b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild |
| 20 |
similarity index 65% |
| 21 |
copy from net-analyzer/ettercap/ettercap-9999.ebuild |
| 22 |
copy to net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild |
| 23 |
index c8f2e6e8f41..6fa10f902c2 100644 |
| 24 |
--- a/net-analyzer/ettercap/ettercap-9999.ebuild |
| 25 |
+++ b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild |
| 26 |
@@ -1,7 +1,7 @@ |
| 27 |
-# Copyright 1999-2017 Gentoo Foundation |
| 28 |
+# Copyright 1999-2018 Gentoo Authors |
| 29 |
# Distributed under the terms of the GNU General Public License v2 |
| 30 |
|
| 31 |
-EAPI=5 |
| 32 |
+EAPI=6 |
| 33 |
|
| 34 |
inherit cmake-utils |
| 35 |
|
| 36 |
@@ -16,10 +16,10 @@ if [[ ${PV} == "9999" ]] ; then |
| 37 |
EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git" |
| 38 |
else |
| 39 |
SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work |
| 40 |
- KEYWORDS="~alpha ~amd64 ~arm ~sparc ~x86 ~x86-fbsd" |
| 41 |
+ KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" |
| 42 |
fi |
| 43 |
-#IUSE="doc gtk ipv6 ncurses +plugins test" |
| 44 |
-IUSE="doc gtk ipv6 libressl ncurses +plugins" |
| 45 |
+ |
| 46 |
+IUSE="doc gtk ipv6 libressl ncurses +plugins test" |
| 47 |
|
| 48 |
RDEPEND="dev-libs/libbsd |
| 49 |
dev-libs/libpcre |
| 50 |
@@ -37,13 +37,18 @@ RDEPEND="dev-libs/libbsd |
| 51 |
>=x11-libs/gtk+-2.2.2:2 |
| 52 |
>=x11-libs/pango-1.2.3 |
| 53 |
) |
| 54 |
- ncurses? ( sys-libs/ncurses:0= ) |
| 55 |
+ ncurses? ( >=sys-libs/ncurses-5.3:= ) |
| 56 |
plugins? ( >=net-misc/curl-7.26.0 )" |
| 57 |
DEPEND="${RDEPEND} |
| 58 |
doc? ( app-text/ghostscript-gpl |
| 59 |
sys-apps/groff ) |
| 60 |
+ test? ( dev-libs/check ) |
| 61 |
sys-devel/flex |
| 62 |
virtual/yacc" |
| 63 |
+PATCHES=( |
| 64 |
+ "${FILESDIR}"/cve-2017-6430.patch |
| 65 |
+ "${FILESDIR}"/${P}-openssl-1.1.patch |
| 66 |
+) |
| 67 |
|
| 68 |
src_prepare() { |
| 69 |
sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die |
| 70 |
@@ -52,21 +57,17 @@ src_prepare() { |
| 71 |
|
| 72 |
src_configure() { |
| 73 |
local mycmakeargs=( |
| 74 |
- $(cmake-utils_use_enable ncurses CURSES) |
| 75 |
- $(cmake-utils_use_enable gtk) |
| 76 |
- $(cmake-utils_use_enable plugins) |
| 77 |
- $(cmake-utils_use_enable ipv6) |
| 78 |
- $(cmake-utils_use_enable doc PDF_DOCS) |
| 79 |
+ -DENABLE_CURSES="$(usex ncurses)" |
| 80 |
+ -DENABLE_GTK="$(usex gtk)" |
| 81 |
+ -DENABLE_PLUGINS="$(usex plugins)" |
| 82 |
+ -DENABLE_IPV6="$(usex ipv6)" |
| 83 |
+ -DENABLE_TESTS="$(usex test)" |
| 84 |
+ -DENABLE_PDF_DOCS="$(usex doc)" |
| 85 |
-DBUNDLED_LIBS=OFF |
| 86 |
-DSYSTEM_LIBS=ON |
| 87 |
-DINSTALL_SYSCONFDIR="${EROOT}"etc |
| 88 |
) |
| 89 |
#right now we only support gtk2, but ettercap also supports gtk3 |
| 90 |
#do we care? do we want to support both? |
| 91 |
- |
| 92 |
- #we want to enable testing but it fails right now |
| 93 |
- #we want to disable the bundled crap, but we are missing at least "libcheck" |
| 94 |
- #if we want to enable tests, we need to fix it, and either package libcheck or allow bundled version |
| 95 |
- #$(cmake-utils_use_enable test TESTS) |
| 96 |
cmake-utils_src_configure |
| 97 |
} |
| 98 |
|
| 99 |
diff --git a/net-analyzer/ettercap/ettercap-9999.ebuild b/net-analyzer/ettercap/ettercap-9999.ebuild |
| 100 |
index c8f2e6e8f41..b83933eda5d 100644 |
| 101 |
--- a/net-analyzer/ettercap/ettercap-9999.ebuild |
| 102 |
+++ b/net-analyzer/ettercap/ettercap-9999.ebuild |
| 103 |
@@ -1,7 +1,7 @@ |
| 104 |
-# Copyright 1999-2017 Gentoo Foundation |
| 105 |
+# Copyright 1999-2018 Gentoo Authors |
| 106 |
# Distributed under the terms of the GNU General Public License v2 |
| 107 |
|
| 108 |
-EAPI=5 |
| 109 |
+EAPI=6 |
| 110 |
|
| 111 |
inherit cmake-utils |
| 112 |
|
| 113 |
@@ -16,10 +16,10 @@ if [[ ${PV} == "9999" ]] ; then |
| 114 |
EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git" |
| 115 |
else |
| 116 |
SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work |
| 117 |
- KEYWORDS="~alpha ~amd64 ~arm ~sparc ~x86 ~x86-fbsd" |
| 118 |
+ KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" |
| 119 |
fi |
| 120 |
-#IUSE="doc gtk ipv6 ncurses +plugins test" |
| 121 |
-IUSE="doc gtk ipv6 libressl ncurses +plugins" |
| 122 |
+ |
| 123 |
+IUSE="doc gtk ipv6 libressl ncurses +plugins test" |
| 124 |
|
| 125 |
RDEPEND="dev-libs/libbsd |
| 126 |
dev-libs/libpcre |
| 127 |
@@ -37,11 +37,12 @@ RDEPEND="dev-libs/libbsd |
| 128 |
>=x11-libs/gtk+-2.2.2:2 |
| 129 |
>=x11-libs/pango-1.2.3 |
| 130 |
) |
| 131 |
- ncurses? ( sys-libs/ncurses:0= ) |
| 132 |
+ ncurses? ( >=sys-libs/ncurses-5.3:= ) |
| 133 |
plugins? ( >=net-misc/curl-7.26.0 )" |
| 134 |
DEPEND="${RDEPEND} |
| 135 |
doc? ( app-text/ghostscript-gpl |
| 136 |
sys-apps/groff ) |
| 137 |
+ test? ( dev-libs/check ) |
| 138 |
sys-devel/flex |
| 139 |
virtual/yacc" |
| 140 |
|
| 141 |
@@ -52,21 +53,17 @@ src_prepare() { |
| 142 |
|
| 143 |
src_configure() { |
| 144 |
local mycmakeargs=( |
| 145 |
- $(cmake-utils_use_enable ncurses CURSES) |
| 146 |
- $(cmake-utils_use_enable gtk) |
| 147 |
- $(cmake-utils_use_enable plugins) |
| 148 |
- $(cmake-utils_use_enable ipv6) |
| 149 |
- $(cmake-utils_use_enable doc PDF_DOCS) |
| 150 |
+ -DENABLE_CURSES="$(usex ncurses)" |
| 151 |
+ -DENABLE_GTK="$(usex gtk)" |
| 152 |
+ -DENABLE_PLUGINS="$(usex plugins)" |
| 153 |
+ -DENABLE_IPV6="$(usex ipv6)" |
| 154 |
+ -DENABLE_TESTS="$(usex test)" |
| 155 |
+ -DENABLE_PDF_DOCS="$(usex doc)" |
| 156 |
-DBUNDLED_LIBS=OFF |
| 157 |
-DSYSTEM_LIBS=ON |
| 158 |
-DINSTALL_SYSCONFDIR="${EROOT}"etc |
| 159 |
) |
| 160 |
#right now we only support gtk2, but ettercap also supports gtk3 |
| 161 |
#do we care? do we want to support both? |
| 162 |
- |
| 163 |
- #we want to enable testing but it fails right now |
| 164 |
- #we want to disable the bundled crap, but we are missing at least "libcheck" |
| 165 |
- #if we want to enable tests, we need to fix it, and either package libcheck or allow bundled version |
| 166 |
- #$(cmake-utils_use_enable test TESTS) |
| 167 |
cmake-utils_src_configure |
| 168 |
} |
| 169 |
|
| 170 |
diff --git a/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch b/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch |
| 171 |
new file mode 100644 |
| 172 |
index 00000000000..b7703d3ef5c |
| 173 |
--- /dev/null |
| 174 |
+++ b/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch |
| 175 |
@@ -0,0 +1,254 @@ |
| 176 |
+From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001 |
| 177 |
+From: Gianfranco Costamagna <costamagnagianfranco@×××××.it> |
| 178 |
+Date: Mon, 27 Jun 2016 12:41:33 +0200 |
| 179 |
+Subject: [PATCH 1/2] First draft of openssl 1.1 compatibility layer (from |
| 180 |
+ https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc) |
| 181 |
+ Closes: #739 |
| 182 |
+ |
| 183 |
+--- |
| 184 |
+ src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++- |
| 185 |
+ src/ec_sslwrap.c | 14 ++++++++ |
| 186 |
+ 2 files changed, 106 insertions(+), 1 deletion(-) |
| 187 |
+ |
| 188 |
+Index: ettercap-0.8.2/src/dissectors/ec_ssh.c |
| 189 |
+=================================================================== |
| 190 |
+--- ettercap-0.8.2.orig/src/dissectors/ec_ssh.c |
| 191 |
++++ ettercap-0.8.2/src/dissectors/ec_ssh.c |
| 192 |
+@@ -36,6 +36,10 @@ |
| 193 |
+ #include <openssl/md5.h> |
| 194 |
+ #include <zlib.h> |
| 195 |
+ |
| 196 |
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
| 197 |
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ |
| 198 |
++#endif |
| 199 |
++ |
| 200 |
+ #define SMSG_PUBLIC_KEY 2 |
| 201 |
+ #define CMSG_SESSION_KEY 3 |
| 202 |
+ #define CMSG_USER 4 |
| 203 |
+@@ -138,6 +142,11 @@ |
| 204 |
+ char tmp[MAX_ASCII_ADDR_LEN]; |
| 205 |
+ u_int32 ssh_len, ssh_mod; |
| 206 |
+ u_char ssh_packet_type, *ptr, *key_to_put; |
| 207 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 208 |
++ BIGNUM *h_n, *s_n, *m_h_n, *m_s_n; |
| 209 |
++ BIGNUM *h_e, *s_e, *m_h_e, *m_s_e; |
| 210 |
++ BIGNUM *h_d, *s_d, *m_h_d, *m_s_d; |
| 211 |
++#endif |
| 212 |
+ |
| 213 |
+ /* don't complain about unused var */ |
| 214 |
+ (void) DECODE_DATA; |
| 215 |
+@@ -383,12 +392,25 @@ |
| 216 |
+ if (session_data->ptrkey == NULL) { |
| 217 |
+ /* Initialize RSA key structures (other fileds are set to 0) */ |
| 218 |
+ session_data->serverkey = RSA_new(); |
| 219 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 220 |
++ s_n = BN_new(); |
| 221 |
++ s_e = BN_new(); |
| 222 |
++ RSA_set0_key(session_data->serverkey, s_n, s_e, s_d); |
| 223 |
++#else |
| 224 |
+ session_data->serverkey->n = BN_new(); |
| 225 |
+ session_data->serverkey->e = BN_new(); |
| 226 |
++#endif |
| 227 |
+ |
| 228 |
+ session_data->hostkey = RSA_new(); |
| 229 |
++ |
| 230 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 231 |
++ h_n = BN_new(); |
| 232 |
++ h_e = BN_new(); |
| 233 |
++ RSA_set0_key(session_data->hostkey, h_n, h_e, h_d); |
| 234 |
++#else |
| 235 |
+ session_data->hostkey->n = BN_new(); |
| 236 |
+ session_data->hostkey->e = BN_new(); |
| 237 |
++#endif |
| 238 |
+ |
| 239 |
+ /* Get the RSA Key from the packet */ |
| 240 |
+ NS_GET32(server_mod,ptr); |
| 241 |
+@@ -396,19 +418,37 @@ |
| 242 |
+ DEBUG_MSG("Dissector_ssh Bougs Server_Mod"); |
| 243 |
+ return NULL; |
| 244 |
+ } |
| 245 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 246 |
++ RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d); |
| 247 |
++ get_bn(s_e, &ptr); |
| 248 |
++ get_bn(s_n, &ptr); |
| 249 |
++#else |
| 250 |
+ get_bn(session_data->serverkey->e, &ptr); |
| 251 |
+ get_bn(session_data->serverkey->n, &ptr); |
| 252 |
++#endif |
| 253 |
+ |
| 254 |
+ NS_GET32(host_mod,ptr); |
| 255 |
+ if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) { |
| 256 |
+ DEBUG_MSG("Dissector_ssh Bougs Host_Mod"); |
| 257 |
+ return NULL; |
| 258 |
+ } |
| 259 |
++ |
| 260 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 261 |
++ RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d); |
| 262 |
++ get_bn(h_e, &ptr); |
| 263 |
++ get_bn(h_n, &ptr); |
| 264 |
++#else |
| 265 |
+ get_bn(session_data->hostkey->e, &ptr); |
| 266 |
+ get_bn(session_data->hostkey->n, &ptr); |
| 267 |
++#endif |
| 268 |
+ |
| 269 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 270 |
++ server_exp = BN_get_word(s_e); |
| 271 |
++ host_exp = BN_get_word(h_e); |
| 272 |
++#else |
| 273 |
+ server_exp = *(session_data->serverkey->e->d); |
| 274 |
+ host_exp = *(session_data->hostkey->e->d); |
| 275 |
++#endif |
| 276 |
+ |
| 277 |
+ /* Check if we already have a suitable RSA key to substitute */ |
| 278 |
+ index_ssl = &ssh_conn_key; |
| 279 |
+@@ -424,7 +464,7 @@ |
| 280 |
+ SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key)); |
| 281 |
+ |
| 282 |
+ /* Generate the new key */ |
| 283 |
+- (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL); |
| 284 |
++ (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL); |
| 285 |
+ (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL); |
| 286 |
+ (*index_ssl)->server_mod = server_mod; |
| 287 |
+ (*index_ssl)->host_mod = host_mod; |
| 288 |
+@@ -443,11 +483,25 @@ |
| 289 |
+ |
| 290 |
+ /* Put our RSA key in the packet */ |
| 291 |
+ key_to_put+=4; |
| 292 |
++ |
| 293 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 294 |
++ RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d); |
| 295 |
++ put_bn(m_s_e, &key_to_put); |
| 296 |
++ put_bn(m_s_n, &key_to_put); |
| 297 |
++#else |
| 298 |
+ put_bn(session_data->ptrkey->myserverkey->e, &key_to_put); |
| 299 |
+ put_bn(session_data->ptrkey->myserverkey->n, &key_to_put); |
| 300 |
++#endif |
| 301 |
+ key_to_put+=4; |
| 302 |
++ |
| 303 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 304 |
++ RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d); |
| 305 |
++ put_bn(m_h_e, &key_to_put); |
| 306 |
++ put_bn(m_h_n, &key_to_put); |
| 307 |
++#else |
| 308 |
+ put_bn(session_data->ptrkey->myhostkey->e, &key_to_put); |
| 309 |
+ put_bn(session_data->ptrkey->myhostkey->n, &key_to_put); |
| 310 |
++#endif |
| 311 |
+ |
| 312 |
+ /* Recalculate SSH crc */ |
| 313 |
+ *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO)); |
| 314 |
+@@ -482,19 +536,34 @@ |
| 315 |
+ key_to_put = ptr; |
| 316 |
+ |
| 317 |
+ /* Calculate real session id and our fake session id */ |
| 318 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 319 |
++ temp_session_id = ssh_session_id(cookie, h_n, s_n); |
| 320 |
++#else |
| 321 |
+ temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n); |
| 322 |
++#endif |
| 323 |
+ if (temp_session_id) |
| 324 |
+ memcpy(session_id1, temp_session_id, 16); |
| 325 |
++ |
| 326 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 327 |
++ temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n); |
| 328 |
++#else |
| 329 |
+ temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n); |
| 330 |
++#endif |
| 331 |
++ |
| 332 |
+ if (temp_session_id) |
| 333 |
+ memcpy(session_id2, temp_session_id, 16); |
| 334 |
+ |
| 335 |
+ /* Get the session key */ |
| 336 |
+ enckey = BN_new(); |
| 337 |
++ |
| 338 |
+ get_bn(enckey, &ptr); |
| 339 |
+ |
| 340 |
+ /* Decrypt session key */ |
| 341 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 342 |
++ if (BN_cmp(m_s_n, m_h_n) > 0) { |
| 343 |
++#else |
| 344 |
+ if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) { |
| 345 |
++#endif |
| 346 |
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey); |
| 347 |
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey); |
| 348 |
+ } else { |
| 349 |
+@@ -534,7 +603,11 @@ |
| 350 |
+ BN_add_word(bn, sesskey[i]); |
| 351 |
+ } |
| 352 |
+ |
| 353 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 354 |
++ if (BN_cmp(s_n, h_n) < 0) { |
| 355 |
++#else |
| 356 |
+ if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) { |
| 357 |
++#endif |
| 358 |
+ rsa_public_encrypt(bn, bn, session_data->serverkey); |
| 359 |
+ rsa_public_encrypt(bn, bn, session_data->hostkey); |
| 360 |
+ } else { |
| 361 |
+@@ -716,7 +789,16 @@ |
| 362 |
+ u_char *inbuf, *outbuf; |
| 363 |
+ int32 len, ilen, olen; |
| 364 |
+ |
| 365 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 366 |
++ BIGNUM *n; |
| 367 |
++ BIGNUM *e; |
| 368 |
++ BIGNUM *d; |
| 369 |
++ RSA_get0_key(key, &n, &e, &d); |
| 370 |
++ olen = BN_num_bytes(n); |
| 371 |
++#else |
| 372 |
+ olen = BN_num_bytes(key->n); |
| 373 |
++#endif |
| 374 |
++ |
| 375 |
+ outbuf = malloc(olen); |
| 376 |
+ if (outbuf == NULL) /* oops, couldn't allocate memory */ |
| 377 |
+ return; |
| 378 |
+@@ -744,7 +826,16 @@ |
| 379 |
+ u_char *inbuf, *outbuf; |
| 380 |
+ int32 len, ilen, olen; |
| 381 |
+ |
| 382 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 383 |
++ BIGNUM *n; |
| 384 |
++ BIGNUM *e; |
| 385 |
++ BIGNUM *d; |
| 386 |
++ RSA_get0_key(key, &n, &e, &d); |
| 387 |
++ olen = BN_num_bytes(n); |
| 388 |
++#else |
| 389 |
+ olen = BN_num_bytes(key->n); |
| 390 |
++#endif |
| 391 |
++ |
| 392 |
+ outbuf = malloc(olen); |
| 393 |
+ if (outbuf == NULL) /* oops, couldn't allocate memory */ |
| 394 |
+ return; |
| 395 |
+Index: ettercap-0.8.2/src/ec_sslwrap.c |
| 396 |
+=================================================================== |
| 397 |
+--- ettercap-0.8.2.orig/src/ec_sslwrap.c |
| 398 |
++++ ettercap-0.8.2/src/ec_sslwrap.c |
| 399 |
+@@ -53,6 +53,10 @@ |
| 400 |
+ #define OPENSSL_NO_KRB5 1 |
| 401 |
+ #include <openssl/ssl.h> |
| 402 |
+ |
| 403 |
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
| 404 |
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ |
| 405 |
++#endif |
| 406 |
++ |
| 407 |
+ #define BREAK_ON_ERROR(x,y,z) do { \ |
| 408 |
+ if (x == -E_INVALID) { \ |
| 409 |
+ SAFE_FREE(z.DATA.disp_data); \ |
| 410 |
+@@ -974,9 +978,19 @@ |
| 411 |
+ index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1); |
| 412 |
+ if (index >=0) { |
| 413 |
+ ext = X509_get_ext(server_cert, index); |
| 414 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 415 |
++ ASN1_OCTET_STRING* os; |
| 416 |
++ os = X509_EXTENSION_get_data (ext); |
| 417 |
++#endif |
| 418 |
+ if (ext) { |
| 419 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
| 420 |
++ os->data[7] = 0xe7; |
| 421 |
++ os->data[8] = 0x7e; |
| 422 |
++ X509_EXTENSION_set_data (ext, os); |
| 423 |
++#else |
| 424 |
+ ext->value->data[7] = 0xe7; |
| 425 |
+ ext->value->data[8] = 0x7e; |
| 426 |
++#endif |
| 427 |
+ X509_add_ext(out_cert, ext, -1); |
| 428 |
+ } |
| 429 |
+ } |
Archives