Description: AES patch
patch for ssldump >= 0.9b3: adds support for AES cipher-suites (to ssldump).
For further information, please have a look to Novell bug ID #50952.
Author: Carsten Hoeger <choeger@suse.de>
Bug-Debian: http://bugs.debian.org/383619
--- ssl/ciphersuites.c
+++ ssl/ciphersuites.c
@@ -78,10 +78,22 @@ static SSL_CipherSuite CipherSuites[]={
{25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1},
{26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0},
{27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0},
+ {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0},
{96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1},
{97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1},
{98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1},
- {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1},
+ {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1},
{100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1},
{101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1},
{102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
--- ssl/ssl.enums
+++ ssl/ssl.enums
@@ -356,6 +356,18 @@ ClientKeyExchange(16)
CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 };
CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B };
+ CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F };
+ CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 };
+ CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 };
+ CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 };
+ CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 };
+ CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 };
+ CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 };
+ CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 };
+ CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 };
+ CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 };
+ CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 };
+ CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A };
CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 };
CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 };
CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 };
--- ssl/ssl.enums.c
+++ ssl/ssl.enums.c
@@ -163,6 +163,7 @@ static int decode_HandshakeType_HelloReq
printf("\n");
+ return(0);
}
static int decode_HandshakeType_ClientHello(ssl,dir,seg,data)
@@ -368,6 +369,7 @@ static int decode_HandshakeType_ServerHe
printf("\n");
+ return(0);
}
static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data)
@@ -611,6 +613,54 @@ decoder cipher_suite_decoder[]={
"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
0 },
{
+ 47,
+ "TLS_RSA_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 48,
+ "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 49,
+ "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 50,
+ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 51,
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 52,
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 53,
+ "TLS_RSA_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 54,
+ "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 55,
+ "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 56,
+ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 57,
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 58,
+ "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
96,
"TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
0 },
--- ssl/ssl_rec.c
+++ ssl/ssl_rec.c
@@ -78,7 +78,9 @@ static char *ciphers[]={
"DES3",
"RC4",
"RC2",
- "IDEA"
+ "IDEA",
+ "AES128",
+ "AES256"
};
@@ -101,6 +103,11 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,i
/* Find the SSLeay cipher */
if(cs->enc!=ENC_NULL){
ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]);
+ if(!ciph)
+ ABORT(R_INTERNAL);
+ }
+ else {
+ ciph=EVP_enc_null();
}
if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1)))
@@ -169,7 +176,7 @@ int ssl_decode_rec_data(ssl,d,ct,version
*outl=inl;
/* Now strip off the padding*/
- if(d->cs->block!=1){
+ if(d->cs->block>1){
pad=out[inl-1];
*outl-=(pad+1);
}
--- ssl/sslciphers.h
+++ ssl/sslciphers.h
@@ -71,7 +71,9 @@ typedef struct SSL_CipherSuite_ {
#define ENC_RC4 0x32
#define ENC_RC2 0x33
#define ENC_IDEA 0x34
-#define ENC_NULL 0x35
+#define ENC_AES128 0x35
+#define ENC_AES256 0x36
+#define ENC_NULL 0x37
#define DIG_MD5 0x40
#define DIG_SHA 0x41