Add optional AES decryption support via patch from CVS. (default: off)

It's been about 3.5 years since ssldump's last release and these patches have been in CVS for about 3 years. It would be a shame to just leave them there. Obtained from: CVS by way of Suse 9.3 RPM
author: Tom McLaughlin <tmclaugh@FreeBSD.org> 2006-05-03 00:48:49 +0000
committer: Tom McLaughlin <tmclaugh@FreeBSD.org> 2006-05-03 00:48:49 +0000
commit: 473212b77e134aadd420c2727be3e2765af7f389 (patch)
tree: 2b5f52aeda47d27be7f2ff796bc34cb5ade22870 /net/ssldump
parent: clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability (diff)
2 files changed, 165 insertions, 0 deletions
diff --git a/net/ssldump/Makefile b/net/ssldump/Makefile
index c8b62be7696d..393593d592e3 100644
--- a/net/ssldump/Makefile
+++ b/net/ssldump/Makefile
@@ -16,6 +16,8 @@ COMMENT=	SSLv3/TLS network protocol analyzer
 
 USE_OPENSSL=	YES
 
+OPTIONS=	AES "Enable AES support from CVS (EXPERIMENTAL)" off
+
 .include <bsd.port.pre.mk>
 
 GNU_CONFIGURE=	YES
@@ -26,4 +28,8 @@ CONFIGURE_ARGS=	--with-openssl=${OPENSSLBASE} \
 MAN1=		ssldump.1
 PLIST_FILES=	bin/ssldump
 
+.if defined (WITH_AES)
+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-aes
+.endif
+
 .include <bsd.port.post.mk>
diff --git a/net/ssldump/files/extra-patch-aes b/net/ssldump/files/extra-patch-aes
new file mode 100644
index 000000000000..d1310ca640f5
--- /dev/null
+++ b/net/ssldump/files/extra-patch-aes
@@ -0,0 +1,159 @@
+diff -uNr ssl/ciphersuites.c.orig ssl/ciphersuites.c
+--- ssl/ciphersuites.c.orig	2002-08-16 19:33:17.000000000 -0600
++++ ssl/ciphersuites.c	2003-04-25 11:30:44.000000000 -0600
+@@ -78,10 +78,25 @@
+      {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1},
+      {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0},
+      {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0},
++
++     {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0},
++
++     {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0},
++
+      {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1},
+      {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1},
+      {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1},
+-     {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1},
++     {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1},
+      {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1},
+      {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1},     
+      {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
+diff -uNr ssl/sslciphers.h.orig ssl/sslciphers.h
+--- ssl/sslciphers.h.orig	2002-08-16 19:33:17.000000000 -0600
++++ ssl/sslciphers.h	2003-04-25 11:30:46.000000000 -0600
+@@ -71,7 +71,9 @@
+ #define ENC_RC4		0x32
+ #define ENC_RC2		0x33
+ #define ENC_IDEA	0x34
+-#define ENC_NULL	0x35
++#define ENC_AES128      0x35
++#define ENC_AES256      0x36
++#define ENC_NULL	0x37
+ 
+ #define DIG_MD5		0x40
+ #define DIG_SHA		0x41
+diff -uNr ssl/ssl.enums.orig ssl/ssl.enums
+--- ssl/ssl.enums.orig	2001-07-20 10:44:32.000000000 -0600
++++ ssl/ssl.enums	2003-04-25 11:30:45.000000000 -0600
+@@ -356,6 +356,18 @@
+     CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x19 };
+     CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA           = { 0x00,0x1A };
+     CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA      = { 0x00,0x1B };
++    CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA           = { 0x00,0x2F };
++    CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA        = { 0x00,0x30 };
++    CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA        = { 0x00,0x31 };
++    CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA       = { 0x00,0x32 };
++    CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA       = { 0x00,0x33 };
++    CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA       = { 0x00,0x34 };
++    CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA           = { 0x00,0x35 };
++    CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA        = { 0x00,0x36 };
++    CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA        = { 0x00,0x37 };
++    CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA       = { 0x00,0x38 };
++    CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA       = { 0x00,0x39 };
++    CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA       = { 0x00,0x3A };
+     CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5     = { 0x00,0x60 };
+     CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5   = { 0x00,0x61 };
+     CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     = { 0x00,0x62 };
+diff -uNr ssl/ssl.enums.c.orig ssl/ssl.enums.c
+--- ssl/ssl.enums.c.orig	2001-07-20 10:44:36.000000000 -0600
++++ ssl/ssl.enums.c	2003-04-25 11:30:45.000000000 -0600
+@@ -611,6 +611,54 @@
+ 		"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ 		0	},
+ 	{
++	        47,
++	        "TLS_RSA_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        48,
++	        "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        49,
++	        "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        50,
++	        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        51,
++	        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        52,
++	        "TLS_DH_anon_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        53,
++	        "TLS_RSA_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        54,
++	        "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        55,
++	        "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        56,
++	        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        57,
++	        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        58,
++	        "TLS_DH_anon_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
+ 		96,
+ 		"TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
+ 		0	},
+diff -uNr ssl/ssl_rec.c.orig ssl/ssl_rec.c
+--- ssl/ssl_rec.c.orig	2000-11-02 23:38:06.000000000 -0700
++++ ssl/ssl_rec.c	2003-04-25 11:30:46.000000000 -0600
+@@ -78,7 +78,9 @@
+      "DES3",
+      "RC4",
+      "RC2",
+-     "IDEA"
++     "IDEA",
++     "AES128",
++     "AES256"
+ };
+ 
+ 
+@@ -101,6 +103,11 @@
+     /* Find the SSLeay cipher */
+     if(cs->enc!=ENC_NULL){
+       ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]);
++      if(!ciph)
++	ABORT(R_INTERNAL);
++    }
++    else {
++      ciph=EVP_enc_null();
+     }
+ 
+     if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1)))
+@@ -169,7 +176,7 @@
+     *outl=inl;
+     
+     /* Now strip off the padding*/
+-    if(d->cs->block!=1){
++    if(d->cs->block>1){
+       pad=out[inl-1];
+       *outl-=(pad+1);
+     }
author	Tom McLaughlin <tmclaugh@FreeBSD.org>	2006-05-03 00:48:49 +0000
committer	Tom McLaughlin <tmclaugh@FreeBSD.org>	2006-05-03 00:48:49 +0000
commit	473212b77e134aadd420c2727be3e2765af7f389 (patch)
tree	2b5f52aeda47d27be7f2ff796bc34cb5ade22870 /net/ssldump
parent	clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability (diff)