From 09e8c3378b70ad4a9a4aa6fbc835bdbb854890cb Mon Sep 17 00:00:00 2001 From: Rafael Sadowski Date: Sun, 9 Oct 2016 10:05:13 +0200 Subject: [PATCH] add LibreSSL support - Tested with LibreSSL 2.5.0 on OpenBSD current amd64 --- hydra-mod.c | 9 +++++---- hydra-rdp.c | 8 ++++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index 0552e09..972907f 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -438,10 +438,10 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { return ret; } -#ifdef LIBOPENSSL +#ifdef LIBOPENSSL && !defined(LIBRESSL_VERSION_NUMBER) RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { int ok = 0; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) BIGNUM *n; n = BN_new(); RSA_get0_key(rsa, &n, NULL, NULL); @@ -451,7 +451,7 @@ RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { ok = 1; #endif if(ok == 0 && RSA_size(rsa)!=(keylength/8)){ // n is not zero -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) BN_free(n); #endif RSA_free(rsa); @@ -467,7 +467,8 @@ RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { rsa = RSA_generate_key(keylength, RSA_F4, NULL, NULL); #endif } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + BN_free(n); #endif return rsa; diff --git a/hydra-rdp.c b/hydra-rdp.c index dd87410..38c9c83 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -910,13 +910,13 @@ SSL_RKEY *ssl_cert_to_rkey(X509 * cert, uint32 * key_len) { Kudos to Richard Levitte for the following (. intuitive .) lines of code that resets the OID and let's us extract the key. */ -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) nid = X509_get_signature_nid(cert); #else nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); #endif if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) // fprintf(stderr, "[ERROR] the current experimental openssl-1.1 support in hydra does not support RDP :( \n"); // hydra_child_exit(2); X509_ALGOR *algor = X509_get0_tbs_sigalg(cert); @@ -954,7 +954,7 @@ void ssl_rkey_free(SSL_RKEY * rkey) { int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, uint32 max_mod_len) { int len; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) BIGNUM *n, *e, *d; n = BN_new(); @@ -987,7 +987,7 @@ BOOL ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_le void ssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md) { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) HMAC_CTX *ctx; ctx = HMAC_CTX_new(); HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL);