sbin/iked fallout after OpenSSL valahalla slashing

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

sbin/iked fallout after OpenSSL valahalla slashing

Ian McWilliam-2
Hoope the attached diff is a correct fix. Hit me with the cluebat if
not.

cc -O2 -pipe  -Wall -I/usr/src/sbin/iked -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith
-Wcast-qual -Wsign-compare -fno-pie   -c
/usr/src/sbin/iked/chap_ms.c/usr/src/sbin/iked/chap_ms.c: In function
'mschap_des_addparity':/usr/src/sbin/iked/chap_ms.c:104: error:
'des_cblock' undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:104: error: (Each undeclared
identifier is reported only once/usr/src/sbin/iked/chap_ms.c:104:
error: for each function it appears
in.)/usr/src/sbin/iked/chap_ms.c:104: error: expected expression
before ')' token/usr/src/sbin/iked/chap_ms.c: In function
'mschap_des_encrypt':/usr/src/sbin/iked/chap_ms.c:110: error:
'des_cblock' undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:110: error: expected ';' before
'des_key'/usr/src/sbin/iked/chap_ms.c:111: error: 'des_key_schedule'
undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:111: error: expected ';' before
'key_schedule'/usr/src/sbin/iked/chap_ms.c:113: error: 'des_key'
undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:115: error: 'key_schedule'
undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:116: error: expected expression
before ')' token/usr/src/sbin/iked/chap_ms.c:117: error: too few
arguments to function 'DES_ecb_encrypt'*** Error 1 in
/usr/src/sbin/iked (:87 'chap_ms.o')
? chap_ms.c.ianm? ided.diffIndex:
chap_ms.c===================================================================RCS
file: /cvs/src/sbin/iked/chap_ms.c,vretrieving revision 1.6diff -u -p
-u -p -r1.6 chap_ms.c--- chap_ms.c   8 Jan 2013 10:38:19 -0000    
  1.6+++ chap_ms.c   16 Apr 2014 05:30:50 -0000@@ -101,19 +101,19 @@
mschap_des_addparity(u_int8_t *key, u_in        des_key[6] =
get7bits(key, 42);        des_key[7] = get7bits(key, 49);
-       DES_set_odd_parity((des_cblock *)des_key);+      
DES_set_odd_parity((DES_cblock *)des_key); }
 void mschap_des_encrypt(u_int8_t *clear, u_int8_t *key, u_int8_t
*cipher) {-       des_cblock              des_key;-    
  des_key_schedule        key_schedule;+       DES_cblock  
           des_key;+       DES_key_schedule      
 key_schedule;
        mschap_des_addparity(key, des_key);
        DES_set_key(&des_key, &key_schedule);-      
DES_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,+      
DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,       
    &key_schedule, 1); }

Reply | Threaded
Open this post in threaded view
|

Re: sbin/iked fallout after OpenSSL valahalla slashing

Bob Beck-2

not quite, because your diff was mangled, but I think
you had it right anyway.. fix committed by miod, thanks for
telling us.


On Wed, Apr 16, 2014 at 03:39:03PM +1000, Ian McWilliam wrote:

> Hoope the attached diff is a correct fix. Hit me with the cluebat if
> not.
>
> cc -O2 -pipe ??-Wall -I/usr/src/sbin/iked -Wstrict-prototypes
> -Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith
> -Wcast-qual -Wsign-compare -fno-pie ?? -c
> /usr/src/sbin/iked/chap_ms.c/usr/src/sbin/iked/chap_ms.c: In function
> 'mschap_des_addparity':/usr/src/sbin/iked/chap_ms.c:104: error:
> 'des_cblock' undeclared (first use in this
> function)/usr/src/sbin/iked/chap_ms.c:104: error: (Each undeclared
> identifier is reported only once/usr/src/sbin/iked/chap_ms.c:104:
> error: for each function it appears
> in.)/usr/src/sbin/iked/chap_ms.c:104: error: expected expression
> before ')' token/usr/src/sbin/iked/chap_ms.c: In function
> 'mschap_des_encrypt':/usr/src/sbin/iked/chap_ms.c:110: error:
> 'des_cblock' undeclared (first use in this
> function)/usr/src/sbin/iked/chap_ms.c:110: error: expected ';' before
> 'des_key'/usr/src/sbin/iked/chap_ms.c:111: error: 'des_key_schedule'
> undeclared (first use in this
> function)/usr/src/sbin/iked/chap_ms.c:111: error: expected ';' before
> 'key_schedule'/usr/src/sbin/iked/chap_ms.c:113: error: 'des_key'
> undeclared (first use in this
> function)/usr/src/sbin/iked/chap_ms.c:115: error: 'key_schedule'
> undeclared (first use in this
> function)/usr/src/sbin/iked/chap_ms.c:116: error: expected expression
> before ')' token/usr/src/sbin/iked/chap_ms.c:117: error: too few
> arguments to function 'DES_ecb_encrypt'*** Error 1 in
> /usr/src/sbin/iked (:87 'chap_ms.o')
> ? chap_ms.c.ianm? ided.diffIndex:
> chap_ms.c===================================================================RCS
> file: /cvs/src/sbin/iked/chap_ms.c,vretrieving revision 1.6diff -u -p
> -u -p -r1.6 chap_ms.c--- chap_ms.c ?? 8 Jan 2013 10:38:19 -0000 ?? ??
> ?? 1.6+++ chap_ms.c ?? 16 Apr 2014 05:30:50 -0000@@ -101,19 +101,19 @@
> mschap_des_addparity(u_int8_t *key, u_in?? ?? ?? ?? des_key[6] =
> get7bits(key, 42);?? ?? ?? ?? des_key[7] = get7bits(key, 49);
> - ?? ?? ?? DES_set_odd_parity((des_cblock *)des_key);+ ?? ?? ??
> DES_set_odd_parity((DES_cblock *)des_key);??}
> ??void??mschap_des_encrypt(u_int8_t *clear, u_int8_t *key, u_int8_t
> *cipher)??{- ?? ?? ?? des_cblock ?? ?? ?? ?? ?? ?? ??des_key;- ?? ??
> ?? des_key_schedule ?? ?? ?? ??key_schedule;+ ?? ?? ?? DES_cblock ??
> ?? ?? ?? ?? ?? ??des_key;+ ?? ?? ?? DES_key_schedule ?? ?? ??
> ??key_schedule;
> ?? ?? ?? ?? mschap_des_addparity(key, des_key);
> ?? ?? ?? ?? DES_set_key(&des_key, &key_schedule);- ?? ?? ??
> DES_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,+ ?? ?? ??
> DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,?? ?? ?? ??
> ?? ?? &key_schedule, 1);??}
>

Reply | Threaded
Open this post in threaded view
|

Re: sbin/iked fallout after OpenSSL valahalla slashing

Ian McWilliam-2
 

Sorry, it's a poor choice of MS outlook or Web email client here at
work.

        /usr/src/usr.bin/gzsig suffers similar fallout it looks a little bit
tricker to fix.

        cc -O2 -pipe    -c /usr/src/usr.bin/gzsig/ssh.c

        /usr/src/usr.bin/gzsig/ssh.c:59: error: expected
specifier-qualifier-list before 'des_key_schedule'

        /usr/src/usr.bin/gzsig/ssh.c: In function 'des3_init':

        /usr/src/usr.bin/gzsig/ssh.c:156: error: 'struct des3_state' has no
member named 'k1'

        /usr/src/usr.bin/gzsig/ssh.c:157: error: 'struct des3_state' has no
member named 'k2'

        /usr/src/usr.bin/gzsig/ssh.c:160: error: 'struct des3_state' has no
member named 'k3'

        /usr/src/usr.bin/gzsig/ssh.c:162: error: 'struct des3_state' has no
member named 'k3'

        /usr/src/usr.bin/gzsig/ssh.c:164: error: 'struct des3_state' has no
member named 'iv1'

        /usr/src/usr.bin/gzsig/ssh.c:165: error: 'struct des3_state' has no
member named 'iv2'

        /usr/src/usr.bin/gzsig/ssh.c:166: error: 'struct des3_state' has no
member named 'iv3'

        /usr/src/usr.bin/gzsig/ssh.c: In function 'des3_decrypt':

        /usr/src/usr.bin/gzsig/ssh.c:177: error: 'struct des3_state' has no
member named 'iv1'

        /usr/src/usr.bin/gzsig/ssh.c:177: error: 'struct des3_state' has no
member named 'iv2'

        /usr/src/usr.bin/gzsig/ssh.c:179: error: 'struct des3_state' has no
member named 'k3'

        /usr/src/usr.bin/gzsig/ssh.c:179: error: 'struct des3_state' has no
member named 'iv3'

        /usr/src/usr.bin/gzsig/ssh.c:180: error: 'struct des3_state' has no
member named 'k2'

        /usr/src/usr.bin/gzsig/ssh.c:180: error: 'struct des3_state' has no
member named 'iv2'

        /usr/src/usr.bin/gzsig/ssh.c:181: error: 'struct des3_state' has no
member named 'k1'

        /usr/src/usr.bin/gzsig/ssh.c:181: error: 'struct des3_state' has no
member named 'iv1'

        *** Error 1 in /usr/src/usr.bin/gzsig (:87 'ssh.o')

        I can get it down to this

        ssh.o(.text+0x5ab): In function `ssh_load_private':

        : undefined reference to `des_set_key'

        ssh.o(.text+0x675): In function `ssh_load_private':

        : undefined reference to `des_set_key'

        ssh.o(.text+0x745): In function `ssh_load_private':

        : undefined reference to `des_set_key'

        ssh.o(.text+0x85c): In function `ssh_load_private':

        : undefined reference to `des_ncbc_encrypt'

        ssh.o(.text+0x938): In function `ssh_load_private':

        : undefined reference to `des_ncbc_encrypt'

        ssh.o(.text+0x9db): In function `ssh_load_private':

        : undefined reference to `des_ncbc_encrypt'

        collect2: ld returned 1 exit status
going a bit further gets me here

        cc -O2 -pipe    -c /usr/src/usr.bin/gzsig/ssh.c

        /usr/src/usr.bin/gzsig/ssh.c: In function 'des3_decrypt':

        /usr/src/usr.bin/gzsig/ssh.c:179: error: incompatible type for
argument 4 of 'DES_ncbc_encrypt'

        /usr/src/usr.bin/gzsig/ssh.c:180: error: incompatible type for
argument 4 of 'DES_ncbc_encrypt'

        /usr/src/usr.bin/gzsig/ssh.c:181: error: incompatible type for
argument 4 of 'DES_ncbc_encrypt'

        *** Error 1 in /usr/src/usr.bin/gzsig (:87 'ssh.o')

        I'll leave this one for you guys.

        Ian McWilliam

----- Original Message -----
From: "Bob Beck"
To:"Ian McWilliam"
Cc:
Sent:Wed, 16 Apr 2014 00:10:42 -0600
Subject:Re: sbin/iked fallout after OpenSSL valahalla slashing

 not quite, because your diff was mangled, but I think
 you had it right anyway.. fix committed by miod, thanks for
 telling us.

 On Wed, Apr 16, 2014 at 03:39:03PM +1000, Ian McWilliam wrote:
 > Hoope the attached diff is a correct fix. Hit me with the cluebat
if
 > not.
 >
 > cc -O2 -pipe ??-Wall -I/usr/src/sbin/iked -Wstrict-prototypes
 > -Wmissing-prototypes -Wmissing-declarations -Wshadow
-Wpointer-arith
 > -Wcast-qual -Wsign-compare -fno-pie ?? -c
 > /usr/src/sbin/iked/chap_ms.c/usr/src/sbin/iked/chap_ms.c: In
function
 > 'mschap_des_addparity':/usr/src/sbin/iked/chap_ms.c:104: error:
 > 'des_cblock' undeclared (first use in this
 > function)/usr/src/sbin/iked/chap_ms.c:104: error: (Each undeclared
 > identifier is reported only once/usr/src/sbin/iked/chap_ms.c:104:
 > error: for each function it appears
 > in.)/usr/src/sbin/iked/chap_ms.c:104: error: expected expression
 > before ')' token/usr/src/sbin/iked/chap_ms.c: In function
 > 'mschap_des_encrypt':/usr/src/sbin/iked/chap_ms.c:110: error:
 > 'des_cblock' undeclared (first use in this
 > function)/usr/src/sbin/iked/chap_ms.c:110: error: expected ';'
before
 > 'des_key'/usr/src/sbin/iked/chap_ms.c:111: error:
'des_key_schedule'
 > undeclared (first use in this
 > function)/usr/src/sbin/iked/chap_ms.c:111: error: expected ';'
before
 > 'key_schedule'/usr/src/sbin/iked/chap_ms.c:113: error: 'des_key'
 > undeclared (first use in this
 > function)/usr/src/sbin/iked/chap_ms.c:115: error: 'key_schedule'
 > undeclared (first use in this
 > function)/usr/src/sbin/iked/chap_ms.c:116: error: expected
expression
 > before ')' token/usr/src/sbin/iked/chap_ms.c:117: error: too few
 > arguments to function 'DES_ecb_encrypt'*** Error 1 in
 > /usr/src/sbin/iked (:87 'chap_ms.o')
 > ? chap_ms.c.ianm? ided.diffIndex:
 >
chap_ms.c===================================================================RCS
 > file: /cvs/src/sbin/iked/chap_ms.c,vretrieving revision 1.6diff -u
-p
 > -u -p -r1.6 chap_ms.c--- chap_ms.c ?? 8 Jan 2013 10:38:19 -0000 ??
??
 > ?? 1.6+++ chap_ms.c ?? 16 Apr 2014 05:30:50 -0000@@ -101,19 +101,19
@@
 > mschap_des_addparity(u_int8_t *key, u_in?? ?? ?? ?? des_key[6] =
 > get7bits(key, 42);?? ?? ?? ?? des_key[7] = get7bits(key, 49);
 > - ?? ?? ?? DES_set_odd_parity((des_cblock *)des_key);+ ?? ?? ??
 > DES_set_odd_parity((DES_cblock *)des_key);??}
 > ??void??mschap_des_encrypt(u_int8_t *clear, u_int8_t *key, u_int8_t
 > *cipher)??{- ?? ?? ?? des_cblock ?? ?? ?? ?? ?? ?? ??des_key;- ??
??
 > ?? des_key_schedule ?? ?? ?? ??key_schedule;+ ?? ?? ?? DES_cblock
??
 > ?? ?? ?? ?? ?? ??des_key;+ ?? ?? ?? DES_key_schedule ?? ?? ??
 > ??key_schedule;
 > ?? ?? ?? ?? mschap_des_addparity(key, des_key);
 > ?? ?? ?? ?? DES_set_key(&des_key, &key_schedule);- ?? ?? ??
 > DES_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,+ ?? ??
??
 > DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,?? ?? ??
??
 > ?? ?? &key_schedule, 1);??}
 >


Reply | Threaded
Open this post in threaded view
|

Re: sbin/iked fallout after OpenSSL valahalla slashing

Bob Beck-2

those should all be fixed now.


On Wed, Apr 16, 2014 at 04:19:09PM +1000, Ian McWilliam wrote:

> ??
>
> Sorry, it's a poor choice of MS outlook or Web email client here at
> work.
>
> /usr/src/usr.bin/gzsig suffers similar fallout it looks a little bit
> tricker to fix.
>
> cc -O2 -pipe ?? ??-c /usr/src/usr.bin/gzsig/ssh.c
>
> /usr/src/usr.bin/gzsig/ssh.c:59: error: expected
> specifier-qualifier-list before 'des_key_schedule'
>
> /usr/src/usr.bin/gzsig/ssh.c: In function 'des3_init':
>
> /usr/src/usr.bin/gzsig/ssh.c:156: error: 'struct des3_state' has no
> member named 'k1'
>
> /usr/src/usr.bin/gzsig/ssh.c:157: error: 'struct des3_state' has no
> member named 'k2'
>
> /usr/src/usr.bin/gzsig/ssh.c:160: error: 'struct des3_state' has no
> member named 'k3'
>
> /usr/src/usr.bin/gzsig/ssh.c:162: error: 'struct des3_state' has no
> member named 'k3'
>
> /usr/src/usr.bin/gzsig/ssh.c:164: error: 'struct des3_state' has no
> member named 'iv1'
>
> /usr/src/usr.bin/gzsig/ssh.c:165: error: 'struct des3_state' has no
> member named 'iv2'
>
> /usr/src/usr.bin/gzsig/ssh.c:166: error: 'struct des3_state' has no
> member named 'iv3'
>
> /usr/src/usr.bin/gzsig/ssh.c: In function 'des3_decrypt':
>
> /usr/src/usr.bin/gzsig/ssh.c:177: error: 'struct des3_state' has no
> member named 'iv1'
>
> /usr/src/usr.bin/gzsig/ssh.c:177: error: 'struct des3_state' has no
> member named 'iv2'
>
> /usr/src/usr.bin/gzsig/ssh.c:179: error: 'struct des3_state' has no
> member named 'k3'
>
> /usr/src/usr.bin/gzsig/ssh.c:179: error: 'struct des3_state' has no
> member named 'iv3'
>
> /usr/src/usr.bin/gzsig/ssh.c:180: error: 'struct des3_state' has no
> member named 'k2'
>
> /usr/src/usr.bin/gzsig/ssh.c:180: error: 'struct des3_state' has no
> member named 'iv2'
>
> /usr/src/usr.bin/gzsig/ssh.c:181: error: 'struct des3_state' has no
> member named 'k1'
>
> /usr/src/usr.bin/gzsig/ssh.c:181: error: 'struct des3_state' has no
> member named 'iv1'
>
> *** Error 1 in /usr/src/usr.bin/gzsig (:87 'ssh.o')
>
> I can get it down to this
>
> ssh.o(.text+0x5ab): In function `ssh_load_private':
>
> : undefined reference to `des_set_key'
>
> ssh.o(.text+0x675): In function `ssh_load_private':
>
> : undefined reference to `des_set_key'
>
> ssh.o(.text+0x745): In function `ssh_load_private':
>
> : undefined reference to `des_set_key'
>
> ssh.o(.text+0x85c): In function `ssh_load_private':
>
> : undefined reference to `des_ncbc_encrypt'
>
> ssh.o(.text+0x938): In function `ssh_load_private':
>
> : undefined reference to `des_ncbc_encrypt'
>
> ssh.o(.text+0x9db): In function `ssh_load_private':
>
> : undefined reference to `des_ncbc_encrypt'
>
> collect2: ld returned 1 exit status
> going a bit further gets me here
>
> cc -O2 -pipe?? ?? -c /usr/src/usr.bin/gzsig/ssh.c
>
> /usr/src/usr.bin/gzsig/ssh.c: In function 'des3_decrypt':
>
> /usr/src/usr.bin/gzsig/ssh.c:179: error: incompatible type for
> argument 4 of 'DES_ncbc_encrypt'
>
> /usr/src/usr.bin/gzsig/ssh.c:180: error: incompatible type for
> argument 4 of 'DES_ncbc_encrypt'
>
> /usr/src/usr.bin/gzsig/ssh.c:181: error: incompatible type for
> argument 4 of 'DES_ncbc_encrypt'
>
> *** Error 1 in /usr/src/usr.bin/gzsig (:87 'ssh.o')
>
> I'll leave this one for you guys.
>
> Ian McWilliam
>
> ----- Original Message -----
> From: "Bob Beck"
> To:"Ian McWilliam"
> Cc:
> Sent:Wed, 16 Apr 2014 00:10:42 -0600
> Subject:Re: sbin/iked fallout after OpenSSL valahalla slashing
>
>  not quite, because your diff was mangled, but I think
>  you had it right anyway.. fix committed by miod, thanks for
>  telling us.
>
>  On Wed, Apr 16, 2014 at 03:39:03PM +1000, Ian McWilliam wrote:
>  > Hoope the attached diff is a correct fix. Hit me with the cluebat
> if
>  > not.
>  >
>  > cc -O2 -pipe ??-Wall -I/usr/src/sbin/iked -Wstrict-prototypes
>  > -Wmissing-prototypes -Wmissing-declarations -Wshadow
> -Wpointer-arith
>  > -Wcast-qual -Wsign-compare -fno-pie ?? -c
>  > /usr/src/sbin/iked/chap_ms.c/usr/src/sbin/iked/chap_ms.c: In
> function
>  > 'mschap_des_addparity':/usr/src/sbin/iked/chap_ms.c:104: error:
>  > 'des_cblock' undeclared (first use in this
>  > function)/usr/src/sbin/iked/chap_ms.c:104: error: (Each undeclared
>  > identifier is reported only once/usr/src/sbin/iked/chap_ms.c:104:
>  > error: for each function it appears
>  > in.)/usr/src/sbin/iked/chap_ms.c:104: error: expected expression
>  > before ')' token/usr/src/sbin/iked/chap_ms.c: In function
>  > 'mschap_des_encrypt':/usr/src/sbin/iked/chap_ms.c:110: error:
>  > 'des_cblock' undeclared (first use in this
>  > function)/usr/src/sbin/iked/chap_ms.c:110: error: expected ';'
> before
>  > 'des_key'/usr/src/sbin/iked/chap_ms.c:111: error:
> 'des_key_schedule'
>  > undeclared (first use in this
>  > function)/usr/src/sbin/iked/chap_ms.c:111: error: expected ';'
> before
>  > 'key_schedule'/usr/src/sbin/iked/chap_ms.c:113: error: 'des_key'
>  > undeclared (first use in this
>  > function)/usr/src/sbin/iked/chap_ms.c:115: error: 'key_schedule'
>  > undeclared (first use in this
>  > function)/usr/src/sbin/iked/chap_ms.c:116: error: expected
> expression
>  > before ')' token/usr/src/sbin/iked/chap_ms.c:117: error: too few
>  > arguments to function 'DES_ecb_encrypt'*** Error 1 in
>  > /usr/src/sbin/iked (:87 'chap_ms.o')
>  > ? chap_ms.c.ianm? ided.diffIndex:
>  >
> chap_ms.c===================================================================RCS
>  > file: /cvs/src/sbin/iked/chap_ms.c,vretrieving revision 1.6diff -u
> -p
>  > -u -p -r1.6 chap_ms.c--- chap_ms.c ?? 8 Jan 2013 10:38:19 -0000 ??
> ??
>  > ?? 1.6+++ chap_ms.c ?? 16 Apr 2014 05:30:50 -0000@@ -101,19 +101,19
> @@
>  > mschap_des_addparity(u_int8_t *key, u_in?? ?? ?? ?? des_key[6] =
>  > get7bits(key, 42);?? ?? ?? ?? des_key[7] = get7bits(key, 49);
>  > - ?? ?? ?? DES_set_odd_parity((des_cblock *)des_key);+ ?? ?? ??
>  > DES_set_odd_parity((DES_cblock *)des_key);??}
>  > ??void??mschap_des_encrypt(u_int8_t *clear, u_int8_t *key, u_int8_t
>  > *cipher)??{- ?? ?? ?? des_cblock ?? ?? ?? ?? ?? ?? ??des_key;- ??
> ??
>  > ?? des_key_schedule ?? ?? ?? ??key_schedule;+ ?? ?? ?? DES_cblock
> ??
>  > ?? ?? ?? ?? ?? ??des_key;+ ?? ?? ?? DES_key_schedule ?? ?? ??
>  > ??key_schedule;
>  > ?? ?? ?? ?? mschap_des_addparity(key, des_key);
>  > ?? ?? ?? ?? DES_set_key(&des_key, &key_schedule);- ?? ?? ??
>  > DES_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,+ ?? ??
> ??
>  > DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,?? ?? ??
> ??
>  > ?? ?? &key_schedule, 1);??}
>  >
>
>