The build fix is relatively straightforward, mostly based on Debian's patch set.
https://sources.debian.org/patches/dsniff/2.4b1+debian-30/24_Fix-OpenSSL1.1.0-Build.patch/ If anyone uses this, a quick test would be appreciated. Index: Makefile =================================================================== RCS file: /cvs/ports/security/dsniff/Makefile,v retrieving revision 1.63 diff -u -p -r1.63 Makefile --- Makefile 12 Jul 2019 20:49:01 -0000 1.63 +++ Makefile 25 Nov 2021 22:35:42 -0000 @@ -3,7 +3,7 @@ COMMENT= sniffing tools for penetration testing DISTNAME= dsniff-2.3 -REVISION= 16 +REVISION= 17 CATEGORIES= security MASTER_SITES= http://monkey.org/~dugsong/dsniff/ Index: patches/patch-arp_c =================================================================== RCS file: patches/patch-arp_c diff -N patches/patch-arp_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-arp_c 25 Nov 2021 22:34:41 -0000 @@ -0,0 +1,13 @@ +$OpenBSD$ + +Index: arp.c +--- arp.c.orig ++++ arp.c +@@ -32,6 +32,7 @@ + #include <netinet/if_ether.h> + #include <stdio.h> + #include <stdlib.h> ++#include <string.h> + #include <unistd.h> + + #ifdef BSD Index: patches/patch-buf_c =================================================================== RCS file: patches/patch-buf_c diff -N patches/patch-buf_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-buf_c 25 Nov 2021 22:28:38 -0000 @@ -0,0 +1,13 @@ +$OpenBSD$ + +Index: buf.c +--- buf.c.orig ++++ buf.c +@@ -12,6 +12,7 @@ + #include <sys/types.h> + #include <stdio.h> + #include <stdlib.h> ++#include <string.h> + #include <stdarg.h> + #include <unistd.h> + #include <ctype.h> Index: patches/patch-ssh_c =================================================================== RCS file: patches/patch-ssh_c diff -N patches/patch-ssh_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-ssh_c 26 Nov 2021 07:04:59 -0000 @@ -0,0 +1,161 @@ +$OpenBSD$ + +Based on https://sources.debian.org/patches/dsniff/2.4b1+debian-30/24_Fix-OpenSSL1.1.0-Build.patch/ + +Index: ssh.c +--- ssh.c.orig ++++ ssh.c +@@ -13,6 +13,8 @@ + #include <sys/param.h> + #include <sys/types.h> + #include <arpa/nameser.h> ++#include <openssl/err.h> ++#include <openssl/md5.h> + #include <openssl/ssl.h> + #include <openssl/rand.h> + +@@ -86,7 +88,7 @@ static u_int crc32_tab[] = { + static u_char pkt[4 + 8 + SSH_MAX_PKTLEN]; + + static void +-put_bn(BIGNUM *bn, u_char **pp) ++put_bn(const BIGNUM *bn, u_char **pp) + { + short i; + +@@ -116,7 +118,7 @@ get_bn(BIGNUM *bn, u_char **pp, int *lenp) + } + + static u_char * +-ssh_session_id(u_char *cookie, BIGNUM *hostkey_n, BIGNUM *servkey_n) ++ssh_session_id(u_char *cookie, const BIGNUM *hostkey_n, const BIGNUM *servkey_n) + { + static u_char sessid[16]; + u_int i, j; +@@ -231,7 +233,10 @@ SSH_accept(SSH *ssh) + u_char *p, cipher, cookie[8], msg[1024]; + u_int32_t num; + int i; +- ++ ++ const BIGNUM *servkey_e, *servkey_n; ++ const BIGNUM *hostkey_e, *hostkey_n; ++ + /* Generate anti-spoofing cookie. */ + RAND_bytes(cookie, sizeof(cookie)); + +@@ -240,11 +245,13 @@ SSH_accept(SSH *ssh) + *p++ = SSH_SMSG_PUBLIC_KEY; /* type */ + memcpy(p, cookie, 8); p += 8; /* cookie */ + num = 768; PUTLONG(num, p); /* servkey bits */ +- put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */ +- put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */ ++ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL); ++ put_bn(servkey_e, &p); /* servkey exponent */ ++ put_bn(servkey_n, &p); /* servkey modulus */ + num = 1024; PUTLONG(num, p); /* hostkey bits */ +- put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */ +- put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */ ++ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL); ++ put_bn(hostkey_e, &p); /* hostkey exponent */ ++ put_bn(hostkey_n, &p); /* hostkey modulus */ + num = 0; PUTLONG(num, p); /* protocol flags */ + num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */ + num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */ +@@ -295,7 +302,7 @@ SSH_accept(SSH *ssh) + SKIP(p, i, 4); + + /* Decrypt session key. */ +- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) { ++ if (BN_cmp(servkey_n, hostkey_n) > 0) { + rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey); + rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey); + } +@@ -315,8 +322,8 @@ SSH_accept(SSH *ssh) + BN_clear_free(enckey); + + /* Derive real session key using session id. */ +- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, +- ssh->ctx->servkey->n)) == NULL) { ++ if ((p = ssh_session_id(cookie, hostkey_n, ++ servkey_n)) == NULL) { + warn("ssh_session_id"); + return (-1); + } +@@ -325,10 +332,8 @@ SSH_accept(SSH *ssh) + } + /* Set cipher. */ + if (cipher == SSH_CIPHER_3DES) { +- ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); +- ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); +- ssh->encrypt = des3_encrypt; +- ssh->decrypt = des3_decrypt; ++ warnx("cipher 3des no longer supported"); ++ return (-1); + } + else if (cipher == SSH_CIPHER_BLOWFISH) { + ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey)); +@@ -354,7 +359,10 @@ SSH_connect(SSH *ssh) + u_char *p, cipher, cookie[8], msg[1024]; + u_int32_t num; + int i; +- ++ ++ BIGNUM *servkey_n, *servkey_e; ++ BIGNUM *hostkey_n, *hostkey_e; ++ + /* Get public key. */ + if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { + warn("SSH_recv"); +@@ -376,21 +384,23 @@ SSH_connect(SSH *ssh) + + /* Get servkey. */ + ssh->ctx->servkey = RSA_new(); +- ssh->ctx->servkey->n = BN_new(); +- ssh->ctx->servkey->e = BN_new(); ++ servkey_n = BN_new(); ++ servkey_e = BN_new(); ++ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL); + + SKIP(p, i, 4); +- get_bn(ssh->ctx->servkey->e, &p, &i); +- get_bn(ssh->ctx->servkey->n, &p, &i); ++ get_bn(servkey_e, &p, &i); ++ get_bn(servkey_n, &p, &i); + + /* Get hostkey. */ + ssh->ctx->hostkey = RSA_new(); +- ssh->ctx->hostkey->n = BN_new(); +- ssh->ctx->hostkey->e = BN_new(); ++ hostkey_n = BN_new(); ++ hostkey_e = BN_new(); ++ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL); + + SKIP(p, i, 4); +- get_bn(ssh->ctx->hostkey->e, &p, &i); +- get_bn(ssh->ctx->hostkey->n, &p, &i); ++ get_bn(hostkey_e, &p, &i); ++ get_bn(hostkey_n, &p, &i); + + /* Get cipher, auth masks. */ + SKIP(p, i, 4); +@@ -402,8 +412,8 @@ SSH_connect(SSH *ssh) + RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey)); + + /* Obfuscate with session id. */ +- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, +- ssh->ctx->servkey->n)) == NULL) { ++ if ((p = ssh_session_id(cookie, hostkey_n, ++ servkey_n)) == NULL) { + warn("ssh_session_id"); + return (-1); + } +@@ -419,7 +429,7 @@ SSH_connect(SSH *ssh) + else BN_add_word(bn, ssh->sesskey[i]); + } + /* Encrypt session key. */ +- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) { ++ if (BN_cmp(servkey_n, hostkey_n) < 0) { + rsa_public_encrypt(bn, bn, ssh->ctx->servkey); + rsa_public_encrypt(bn, bn, ssh->ctx->hostkey); + } Index: patches/patch-sshcrypto_c =================================================================== RCS file: /cvs/ports/security/dsniff/patches/patch-sshcrypto_c,v retrieving revision 1.3 diff -u -p -r1.3 patch-sshcrypto_c --- patches/patch-sshcrypto_c 29 May 2015 15:57:29 -0000 1.3 +++ patches/patch-sshcrypto_c 26 Nov 2021 07:06:11 -0000 @@ -1,6 +1,13 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/05/29 15:57:29 jca Exp $ ---- sshcrypto.c.orig Tue Nov 28 22:23:28 2000 -+++ sshcrypto.c Fri May 29 17:56:22 2015 + +Use DES API instead of des + +OpenSSL 1.1 API conversion based on +https://sources.debian.org/patches/dsniff/2.4b1+debian-30/24_Fix-OpenSSL1.1.0-Build.patch/ + +Index: sshcrypto.c +--- sshcrypto.c.orig ++++ sshcrypto.c @@ -15,7 +15,9 @@ #include <sys/types.h> #include <openssl/ssl.h> @@ -22,7 +29,33 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/0 }; void -@@ -153,13 +155,13 @@ des3_init(u_char *sesskey, int len) +@@ -37,10 +39,12 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) + u_char *inbuf, *outbuf; + int len, ilen, olen; + +- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) ++ const BIGNUM *n, *e; ++ RSA_get0_key(key, &n, &e, NULL); ++ if (BN_num_bits(e) < 2 || !BN_is_odd(e)) + errx(1, "rsa_public_encrypt() exponent too small or not odd"); + +- olen = BN_num_bytes(key->n); ++ olen = BN_num_bytes(n); + outbuf = malloc(olen); + + ilen = BN_num_bytes(in); +@@ -69,7 +73,9 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) + u_char *inbuf, *outbuf; + int len, ilen, olen; + +- olen = BN_num_bytes(key->n); ++ const BIGNUM *n; ++ RSA_get0_key(key, &n, NULL, NULL); ++ olen = BN_num_bytes(n); + outbuf = malloc(olen); + + ilen = BN_num_bytes(in); +@@ -153,13 +159,13 @@ des3_init(u_char *sesskey, int len) if ((state = malloc(sizeof(*state))) == NULL) err(1, "malloc"); @@ -40,7 +73,7 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/0 memset(state->iv1, 0, 8); memset(state->iv2, 0, 8); -@@ -175,9 +177,9 @@ des3_encrypt(u_char *src, u_char *dst, int len, void * +@@ -175,9 +181,9 @@ des3_encrypt(u_char *src, u_char *dst, int len, void * estate = (struct des3_state *)state; memcpy(estate->iv1, estate->iv2, 8); @@ -53,7 +86,7 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/0 } void -@@ -188,7 +190,7 @@ des3_decrypt(u_char *src, u_char *dst, int len, void * +@@ -188,7 +194,7 @@ des3_decrypt(u_char *src, u_char *dst, int len, void * dstate = (struct des3_state *)state; memcpy(dstate->iv1, dstate->iv2, 8);
