<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">Description: AES patch
 patch for ssldump &gt;= 0.9b3: adds support for AES cipher-suites (to ssldump).
 For further information, please have a look to Novell bug ID #50952.
Author: Carsten Hoeger &lt;choeger@suse.de&gt; 
Bug-Debian: http://bugs.debian.org/383619
--- ssl/ciphersuites.c
+++ ssl/ciphersuites.c
@@ -78,10 +78,22 @@ static SSL_CipherSuite CipherSuites[]={
      {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1},
      {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0},
      {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0},
+     {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0},
      {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1},
      {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1},
      {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1},
-     {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1},
+     {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1},
      {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1},
      {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1},     
      {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
--- ssl/ssl.enums
+++ ssl/ssl.enums
@@ -356,6 +356,18 @@ ClientKeyExchange(16)
     CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x19 };
     CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA           = { 0x00,0x1A };
     CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA      = { 0x00,0x1B };
+    CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA           = { 0x00,0x2F };
+    CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA        = { 0x00,0x30 };
+    CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA        = { 0x00,0x31 };
+    CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA       = { 0x00,0x32 };
+    CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA       = { 0x00,0x33 };
+    CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA       = { 0x00,0x34 };
+    CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA           = { 0x00,0x35 };
+    CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA        = { 0x00,0x36 };
+    CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA        = { 0x00,0x37 };
+    CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA       = { 0x00,0x38 };
+    CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA       = { 0x00,0x39 };
+    CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA       = { 0x00,0x3A };
     CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5     = { 0x00,0x60 };
     CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5   = { 0x00,0x61 };
     CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     = { 0x00,0x62 };
--- ssl/ssl.enums.c
+++ ssl/ssl.enums.c
@@ -163,6 +163,7 @@ static int decode_HandshakeType_HelloReq
 
 
   printf("\n");
+  return(0);
 
   }
 static int decode_HandshakeType_ClientHello(ssl,dir,seg,data)
@@ -368,6 +369,7 @@ static int decode_HandshakeType_ServerHe
 
 
   printf("\n");
+  return(0);
 
   }
 static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data)
@@ -611,6 +613,54 @@ decoder cipher_suite_decoder[]={
 		"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
 		0	},
 	{
+		47,
+		"TLS_RSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		48,
+		"TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		49,
+		"TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		50,
+		"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		51,
+		"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		52,
+		"TLS_DH_anon_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		53,
+		"TLS_RSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		54,
+		"TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		55,
+		"TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		56,
+		"TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		57,
+		"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		58,
+		"TLS_DH_anon_WITH_AES_256_CBC_SHA",
+		0	},
+	{
 		96,
 		"TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
 		0	},
--- ssl/ssl_rec.c
+++ ssl/ssl_rec.c
@@ -78,7 +78,9 @@ static char *ciphers[]={
      "DES3",
      "RC4",
      "RC2",
-     "IDEA"
+     "IDEA",
+     "AES128",
+     "AES256"
 };
 
 
@@ -101,6 +103,11 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,i
     /* Find the SSLeay cipher */
     if(cs-&gt;enc!=ENC_NULL){
       ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs-&gt;enc-0x30]);
+      if(!ciph)
+        ABORT(R_INTERNAL);
+    }
+    else {
+      ciph=EVP_enc_null();
     }
 
     if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1)))
@@ -169,7 +176,7 @@ int ssl_decode_rec_data(ssl,d,ct,version
     *outl=inl;
     
     /* Now strip off the padding*/
-    if(d-&gt;cs-&gt;block!=1){
+    if(d-&gt;cs-&gt;block&gt;1){
       pad=out[inl-1];
       *outl-=(pad+1);
     }
--- ssl/sslciphers.h
+++ ssl/sslciphers.h
@@ -71,7 +71,9 @@ typedef struct SSL_CipherSuite_ {
 #define ENC_RC4		0x32
 #define ENC_RC2		0x33
 #define ENC_IDEA	0x34
-#define ENC_NULL	0x35
+#define ENC_AES128	0x35
+#define ENC_AES256	0x36
+#define ENC_NULL	0x37
 
 #define DIG_MD5		0x40
 #define DIG_SHA		0x41
</pre></body></html>