diff options
-rw-r--r-- | security/fressh/Makefile | 3 | ||||
-rw-r--r-- | security/fressh/distinfo | 5 | ||||
-rw-r--r-- | security/fressh/patches/patch-ac | 36 | ||||
-rw-r--r-- | security/fressh/patches/patch-ad | 307 | ||||
-rw-r--r-- | security/fressh/patches/patch-ae | 23 |
5 files changed, 372 insertions, 2 deletions
diff --git a/security/fressh/Makefile b/security/fressh/Makefile index eb25017c15d..a1fdb0936d3 100644 --- a/security/fressh/Makefile +++ b/security/fressh/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.7 2003/07/21 17:20:09 martti Exp $ +# $NetBSD: Makefile,v 1.8 2003/09/21 08:35:51 jmc Exp $ DISTNAME= fressh-0.8.1 +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= http://www.fressh.org/ EXTRACT_SUFX= .tar.bz2 diff --git a/security/fressh/distinfo b/security/fressh/distinfo index 1922ff5a956..b0e5467af81 100644 --- a/security/fressh/distinfo +++ b/security/fressh/distinfo @@ -1,6 +1,9 @@ -$NetBSD: distinfo,v 1.3 2002/05/20 15:22:00 wiz Exp $ +$NetBSD: distinfo,v 1.4 2003/09/21 08:35:52 jmc Exp $ SHA1 (fressh-0.8.1.tar.bz2) = 4dd0a6d4240337b4726a6a68b17878a45974cf82 Size (fressh-0.8.1.tar.bz2) = 110390 bytes SHA1 (patch-aa) = 0b65db8177ffb81084412f9716f73e92920d559c SHA1 (patch-ab) = 3cb31fda120a57fa3ff0aaaabba1cbb5923bd686 +SHA1 (patch-ac) = 71477043d47a8e85c7dd0bc1e41b33f18be2a268 +SHA1 (patch-ad) = db398df2db517e49c5df4c04e863ddc2b99052ce +SHA1 (patch-ae) = d4fe3fc48edf751e9c79a843dee80bef53fa301e diff --git a/security/fressh/patches/patch-ac b/security/fressh/patches/patch-ac new file mode 100644 index 00000000000..0f62755670e --- /dev/null +++ b/security/fressh/patches/patch-ac @@ -0,0 +1,36 @@ +$NetBSD: patch-ac,v 1.1 2003/09/21 08:35:53 jmc Exp $ + +--- crypto/ssh_3des.h.orig 2003-09-21 03:04:38.000000000 +0000 ++++ crypto/ssh_3des.h 2003-09-21 03:05:29.000000000 +0000 +@@ -16,6 +16,7 @@ + #ifndef _SSH_3DES_H + #define _SSH_3DES_H + ++#include "openssl/opensslv.h" + #include "openssl/des.h" + #include "openssl/hmac.h" + +@@ -24,13 +25,23 @@ + struct ssh_cipher; + + typedef struct { ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_key_schedule des_ks[3]; ++ DES_cblock des_ivec[6]; /* Two directions, same key! */ ++#else + des_key_schedule des_ks[3]; + des_cblock des_ivec[6]; /* Two directions, same key! */ ++#endif + } ssh_3des_t; + + typedef struct { ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_key_schedule des_ks[6]; ++ DES_cblock des_ivec[2]; ++#else + des_key_schedule des_ks[6]; + des_cblock des_ivec[2]; ++#endif + u_int8_t mac_key[2][16]; + } ssh_des3_t; + diff --git a/security/fressh/patches/patch-ad b/security/fressh/patches/patch-ad new file mode 100644 index 00000000000..cce1c8c3d79 --- /dev/null +++ b/security/fressh/patches/patch-ad @@ -0,0 +1,307 @@ +$NetBSD: patch-ad,v 1.1 2003/09/21 08:35:54 jmc Exp $ + +--- crypto/ssh_crypto_openssl.c.orig 2003-09-21 03:06:28.000000000 +0000 ++++ crypto/ssh_crypto_openssl.c 2003-09-21 03:26:42.000000000 +0000 +@@ -50,7 +50,11 @@ + #include <openssl/opensslv.h> + + #if OPENSSL_VERSION_NUMBER >= 0x00903000L ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++#define TO_CBLOCK(x) ((DES_cblock *)(x)) ++#else + #define TO_CBLOCK(x) ((des_cblock *)(x)) ++#endif + #else + #define TO_CBLOCK(x) (x) + #endif +@@ -431,7 +435,11 @@ + FUNC_DECL(ssh_des_initialize); + + int err; ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_cblock key; ++#else + des_cblock key; ++#endif + ssh_des_t *key_data; + + if (klen < 8) { +@@ -444,12 +452,21 @@ + if (key_data == NULL) + return NULL; + ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ memcpy(key, session_key, sizeof(DES_cblock)); ++ DES_set_odd_parity(TO_CBLOCK(key)); ++ if (!DES_is_weak_key(TO_CBLOCK(key))) ++ (void) DES_set_key(TO_CBLOCK(key), &key_data->des_ks); ++ else ++ err = 1; ++#else + memcpy(key, session_key, sizeof(des_cblock)); + des_set_odd_parity(TO_CBLOCK(key)); + if (!des_is_weak_key(TO_CBLOCK(key))) + (void) des_set_key(TO_CBLOCK(key), key_data->des_ks); + else + err = 1; ++#endif + + memset(key_data->des_ivec[0], 0, sizeof(key_data->des_ivec[0])); + memset(key_data->des_ivec[1], 0, sizeof(key_data->des_ivec[1])); +@@ -477,8 +494,13 @@ + ssh_des_t *key_data) + { + ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_ncbc_encrypt(clear, enc, length, &key_data->des_ks, ++ TO_CBLOCK(key_data->des_ivec[0]), DES_ENCRYPT); ++#else + des_ncbc_encrypt(clear, enc, length, key_data->des_ks, + TO_CBLOCK(key_data->des_ivec[0]), DES_ENCRYPT); ++#endif + } + + void +@@ -486,8 +508,13 @@ + ssh_des_t *key_data) + { + ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_ncbc_encrypt(enc, clear, length, &key_data->des_ks, ++ TO_CBLOCK(key_data->des_ivec[1]), DES_DECRYPT); ++#else + des_ncbc_encrypt(enc, clear, length, key_data->des_ks, + TO_CBLOCK(key_data->des_ivec[1]), DES_DECRYPT); ++#endif + } + #endif /* WITH_CIPHER_DES */ + +@@ -528,7 +555,11 @@ + FUNC_DECL(ssh_3des_initialize); + + int i, j; ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_cblock key[3]; ++#else + des_cblock key[3]; ++#endif + ssh_3des_t *key_data; + + if (klen < 16) { +@@ -540,6 +571,22 @@ + return NULL; + + for (i = j = 0; i < 3; i++) { ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ memcpy(key[i], session_key + j, sizeof(DES_cblock)); ++ DES_set_odd_parity(TO_CBLOCK(key[i])); ++ if (DES_is_weak_key(TO_CBLOCK(key[i]))) ++ break; ++ (void) DES_set_key(TO_CBLOCK(key[i]), &key_data->des_ks[i]); ++ /* ++ * when keying from a passphrase (after md5) we will run ++ * out of keying material after two keys, so be *very* ++ * general about how big we expect the keying material ++ * to be. ++ */ ++ j += sizeof(DES_cblock); ++ if (j + sizeof(DES_cblock) > klen) ++ j = 0; ++#else + memcpy(key[i], session_key + j, sizeof(des_cblock)); + des_set_odd_parity(TO_CBLOCK(key[i])); + if (des_is_weak_key(TO_CBLOCK(key[i]))) +@@ -554,6 +601,7 @@ + j += sizeof(des_cblock); + if (j + sizeof(des_cblock) > klen) + j = 0; ++#endif + } + + memset(key_data->des_ivec[0], 0, sizeof(key_data->des_ivec[0])); +@@ -588,7 +636,11 @@ + FUNC_DECL(ssh_des3_initialize); + + int i; ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_cblock key; ++#else + des_cblock key; ++#endif + ssh_des3_t *key_data; + u_int8_t key1ofb[24] = { + 0x10, 0x23, 0x66, 0x20, 0x10, 0x1d, 0xb7, 0x37, +@@ -655,6 +707,17 @@ + + temp = key1ofb; + for (i = 0; i < 3; i++) { ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ memcpy(&key, temp, sizeof(DES_cblock)); ++ DES_set_odd_parity(TO_CBLOCK(&key)); ++ if (DES_is_weak_key(TO_CBLOCK(&key))) ++ weak++; ++ (void) DES_set_key(TO_CBLOCK(&key), ++ &key_data->des_ks[i]); ++ temp += sizeof(DES_cblock); ++ } ++ memset(&key, 0, sizeof(DES_cblock)); ++#else + memcpy(&key, temp, sizeof(des_cblock)); + des_set_odd_parity(TO_CBLOCK(&key)); + if (des_is_weak_key(TO_CBLOCK(&key))) +@@ -664,10 +727,22 @@ + temp += sizeof(des_cblock); + } + memset(&key, 0, sizeof(des_cblock)); ++#endif + memset(key1ofb, 0, 24); + + temp = key2ofb; + for (i = 3; i < 6; i++) { ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ memcpy(&key, temp, sizeof(DES_cblock)); ++ DES_set_odd_parity(TO_CBLOCK(&key)); ++ if (DES_is_weak_key(TO_CBLOCK(&key))) ++ weak++; ++ (void) DES_set_key(TO_CBLOCK(&key), ++ &key_data->des_ks[i]); ++ temp += sizeof(DES_cblock); ++ } ++ memset(&key, 0, sizeof(DES_cblock)); ++#else + memcpy(&key, temp, sizeof(des_cblock)); + des_set_odd_parity(TO_CBLOCK(&key)); + if (des_is_weak_key(TO_CBLOCK(&key))) +@@ -677,6 +752,7 @@ + temp += sizeof(des_cblock); + } + memset(&key, 0, sizeof(des_cblock)); ++#endif + memset(key2ofb, 0, 24); + break; + case SSH_ROLE_CLIENT: +@@ -688,6 +764,17 @@ + + temp = key2ofb; + for (i = 0; i < 3; i++) { ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ memcpy(&key, temp, sizeof(DES_cblock)); ++ DES_set_odd_parity(TO_CBLOCK(&key)); ++ if (DES_is_weak_key(TO_CBLOCK(&key))) ++ weak++; ++ (void) DES_set_key(TO_CBLOCK(&key), ++ &key_data->des_ks[i]); ++ temp += sizeof(DES_cblock); ++ } ++ memset(&key, 0, sizeof(DES_cblock)); ++#else + memcpy(&key, temp, sizeof(des_cblock)); + des_set_odd_parity(TO_CBLOCK(&key)); + if (des_is_weak_key(TO_CBLOCK(&key))) +@@ -697,10 +784,22 @@ + temp += sizeof(des_cblock); + } + memset(&key, 0, sizeof(des_cblock)); ++#endif + memset(key2ofb, 0, 24); + + temp = key1ofb; + for (i = 3; i < 6; i++) { ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ memcpy(&key, temp, sizeof(DES_cblock)); ++ DES_set_odd_parity(TO_CBLOCK(&key)); ++ if (DES_is_weak_key(TO_CBLOCK(&key))) ++ weak++; ++ (void) DES_set_key(TO_CBLOCK(&key), ++ &key_data->des_ks[i]); ++ temp += sizeof(DES_cblock); ++ } ++ memset(&key, 0, sizeof(DES_cblock)); ++#else + memcpy(&key, temp, sizeof(des_cblock)); + des_set_odd_parity(TO_CBLOCK(&key)); + if (des_is_weak_key(TO_CBLOCK(&key))) +@@ -710,6 +809,7 @@ + temp += sizeof(des_cblock); + } + memset(&key, 0, sizeof(des_cblock)); ++#endif + memset(key1ofb, 0, 24); + break; + } +@@ -737,12 +837,21 @@ + ssh_3des_t *key_data) + { + ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_ncbc_encrypt(clear, enc, length, &key_data->des_ks[0], ++ TO_CBLOCK(key_data->des_ivec[0]), DES_ENCRYPT); ++ DES_ncbc_encrypt(enc, enc, length, &key_data->des_ks[1], ++ TO_CBLOCK(key_data->des_ivec[1]), DES_DECRYPT); ++ DES_ncbc_encrypt(enc, enc, length, &key_data->des_ks[2], ++ TO_CBLOCK(key_data->des_ivec[2]), DES_ENCRYPT); ++#else + des_ncbc_encrypt(clear, enc, length, key_data->des_ks[0], + TO_CBLOCK(key_data->des_ivec[0]), DES_ENCRYPT); + des_ncbc_encrypt(enc, enc, length, key_data->des_ks[1], + TO_CBLOCK(key_data->des_ivec[1]), DES_DECRYPT); + des_ncbc_encrypt(enc, enc, length, key_data->des_ks[2], + TO_CBLOCK(key_data->des_ivec[2]), DES_ENCRYPT); ++#endif + } + + void +@@ -750,12 +859,21 @@ + ssh_3des_t *key_data) + { + ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_ncbc_encrypt(enc, clear, length, &key_data->des_ks[2], ++ TO_CBLOCK(key_data->des_ivec[3]), DES_DECRYPT); ++ DES_ncbc_encrypt(clear, clear, length, &key_data->des_ks[1], ++ TO_CBLOCK(key_data->des_ivec[4]), DES_ENCRYPT); ++ DES_ncbc_encrypt(clear, clear, length, &key_data->des_ks[0], ++ TO_CBLOCK(key_data->des_ivec[5]), DES_DECRYPT); ++#else + des_ncbc_encrypt(enc, clear, length, key_data->des_ks[2], + TO_CBLOCK(key_data->des_ivec[3]), DES_DECRYPT); + des_ncbc_encrypt(clear, clear, length, key_data->des_ks[1], + TO_CBLOCK(key_data->des_ivec[4]), DES_ENCRYPT); + des_ncbc_encrypt(clear, clear, length, key_data->des_ks[0], + TO_CBLOCK(key_data->des_ivec[5]), DES_DECRYPT); ++#endif + + } + +@@ -764,9 +882,15 @@ + ssh_des3_t *key_data) + { + ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_ede3_cbc_encrypt(clear, enc, length, &key_data->des_ks[0], ++ &key_data->des_ks[1], &key_data->des_ks[2], ++ TO_CBLOCK(key_data->des_ivec[0]), DES_ENCRYPT); ++#else + des_ede3_cbc_encrypt(clear, enc, length, key_data->des_ks[0], + key_data->des_ks[1], key_data->des_ks[2], + TO_CBLOCK(key_data->des_ivec[0]), DES_ENCRYPT); ++#endif + } + + void +@@ -774,9 +898,15 @@ + ssh_des3_t *key_data) + { + ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_ede3_cbc_encrypt(enc, clear, length, &key_data->des_ks[3], ++ &key_data->des_ks[4], &key_data->des_ks[5], ++ TO_CBLOCK(key_data->des_ivec[1]), DES_DECRYPT); ++#else + des_ede3_cbc_encrypt(enc, clear, length, key_data->des_ks[3], + key_data->des_ks[4], key_data->des_ks[5], + TO_CBLOCK(key_data->des_ivec[1]), DES_DECRYPT); ++#endif + + } + diff --git a/security/fressh/patches/patch-ae b/security/fressh/patches/patch-ae new file mode 100644 index 00000000000..708a01e0e17 --- /dev/null +++ b/security/fressh/patches/patch-ae @@ -0,0 +1,23 @@ +$NetBSD: patch-ae,v 1.1 2003/09/21 08:35:55 jmc Exp $ + +--- crypto/ssh_des.h.orig 2003-09-21 03:02:53.000000000 +0000 ++++ crypto/ssh_des.h 2003-09-21 03:04:13.000000000 +0000 +@@ -16,12 +16,18 @@ + #ifndef _SSH_DES_H + #define _SSH_DES_H + ++#include "openssl/opensslv.h" + #include "openssl/des.h" + struct ssh_cipher; + + typedef struct { ++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL ++ DES_key_schedule des_ks; ++ DES_cblock des_ivec[2]; /* Two directions, same key! */ ++#else + des_key_schedule des_ks; + des_cblock des_ivec[2]; /* Two directions, same key! */ ++#endif + } ssh_des_t; + + void ssh_des_attach(struct ssh_cipher *); |