Package: ssldump
Version: 0.9b3-2.1
Severity: important
Tags: patch
patch at: http://people.freebsd.org/~tmclaugh/files/ssldump-aes.diff
some more info at: http://www.freshports.org/net/ssldump or:
http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/x86_64/ssldump-0.9b3-78.x86_64.html
-- System Information:
Debian Release: testing/unstable
APT prefers stable
APT policy: (750, 'stable'), (700, 'testing'), (600, 'unstable'), (550,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_ZA, LC_CTYPE=en_ZA (charmap=ISO-8859-1)
Versions of packages ssldump depends on:
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libpcap0.7 0.7.2-7 System interface for user-level pa
ii libssl0.9.8 0.9.8b-2 SSL shared libraries
ssldump recommends no packages.
-- no debconf information
diff -Nur ssldump.orig/Makefile ssldump/Makefile
--- ssldump.orig/Makefile Sun Apr 24 14:24:25 2005
+++ ssldump/Makefile Tue May 2 13:26:01 2006
@@ -16,6 +16,8 @@
USE_OPENSSL= YES
+OPTIONS= AES "Enable AES support from CVS" off
+
.include <bsd.port.pre.mk>
GNU_CONFIGURE= YES
@@ -25,5 +27,9 @@
MAN1= ssldump.1
PLIST_FILES= bin/ssldump
+
+.if defined (WITH_AES)
+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-aes
+.endif
.include <bsd.port.post.mk>
diff -Nur ssldump.orig/files/extra-patch-aes ssldump/files/extra-patch-aes
--- ssldump.orig/files/extra-patch-aes Wed Dec 31 19:00:00 1969
+++ ssldump/files/extra-patch-aes Tue May 2 13:31:36 2006
@@ -0,0 +1,159 @@
+diff -uNr ssl/ciphersuites.c.orig ssl/ciphersuites.c
+--- ssl/ciphersuites.c.orig 2002-08-16 19:33:17.000000000 -0600
++++ ssl/ciphersuites.c 2003-04-25 11:30:44.000000000 -0600
+@@ -78,10 +78,25 @@
+ {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1},
+ {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0},
+ {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0},
++
++ {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
++ {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
++ {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
++ {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
++ {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
++ {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0},
++
++ {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
++ {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
++ {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
++ {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
++ {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
++ {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0},
++
+ {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1},
+ {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1},
+ {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1},
+- {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1},
++ {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1},
+ {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1},
+ {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1},
+ {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
+diff -uNr ssl/sslciphers.h.orig ssl/sslciphers.h
+--- ssl/sslciphers.h.orig 2002-08-16 19:33:17.000000000 -0600
++++ ssl/sslciphers.h 2003-04-25 11:30:46.000000000 -0600
+@@ -71,7 +71,9 @@
+ #define ENC_RC4 0x32
+ #define ENC_RC2 0x33
+ #define ENC_IDEA 0x34
+-#define ENC_NULL 0x35
++#define ENC_AES128 0x35
++#define ENC_AES256 0x36
++#define ENC_NULL 0x37
+
+ #define DIG_MD5 0x40
+ #define DIG_SHA 0x41
+diff -uNr ssl/ssl.enums.orig ssl/ssl.enums
+--- ssl/ssl.enums.orig 2001-07-20 10:44:32.000000000 -0600
++++ ssl/ssl.enums 2003-04-25 11:30:45.000000000 -0600
+@@ -356,6 +356,18 @@
+ CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 };
+ CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
+ CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B };
++ CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F };
++ CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 };
++ CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 };
++ CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 };
++ CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 };
++ CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 };
++ CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 };
++ CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 };
++ CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 };
++ CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 };
++ CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 };
++ CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A };
+ CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 };
+ CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 };
+ CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 };
+diff -uNr ssl/ssl.enums.c.orig ssl/ssl.enums.c
+--- ssl/ssl.enums.c.orig 2001-07-20 10:44:36.000000000 -0600
++++ ssl/ssl.enums.c 2003-04-25 11:30:45.000000000 -0600
+@@ -611,6 +611,54 @@
+ "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ 0 },
+ {
++ 47,
++ "TLS_RSA_WITH_AES_128_CBC_SHA",
++ 0 },
++ {
++ 48,
++ "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
++ 0 },
++ {
++ 49,
++ "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
++ 0 },
++ {
++ 50,
++ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
++ 0 },
++ {
++ 51,
++ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
++ 0 },
++ {
++ 52,
++ "TLS_DH_anon_WITH_AES_128_CBC_SHA",
++ 0 },
++ {
++ 53,
++ "TLS_RSA_WITH_AES_256_CBC_SHA",
++ 0 },
++ {
++ 54,
++ "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
++ 0 },
++ {
++ 55,
++ "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
++ 0 },
++ {
++ 56,
++ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
++ 0 },
++ {
++ 57,
++ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
++ 0 },
++ {
++ 58,
++ "TLS_DH_anon_WITH_AES_256_CBC_SHA",
++ 0 },
++ {
+ 96,
+ "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
+ 0 },
+diff -uNr ssl/ssl_rec.c.orig ssl/ssl_rec.c
+--- ssl/ssl_rec.c.orig 2000-11-02 23:38:06.000000000 -0700
++++ ssl/ssl_rec.c 2003-04-25 11:30:46.000000000 -0600
+@@ -78,7 +78,9 @@
+ "DES3",
+ "RC4",
+ "RC2",
+- "IDEA"
++ "IDEA",
++ "AES128",
++ "AES256"
+ };
+
+
+@@ -101,6 +103,11 @@
+ /* Find the SSLeay cipher */
+ if(cs->enc!=ENC_NULL){
+ ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]);
++ if(!ciph)
++ ABORT(R_INTERNAL);
++ }
++ else {
++ ciph=EVP_enc_null();
+ }
+
+ if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1)))
+@@ -169,7 +176,7 @@
+ *outl=inl;
+
+ /* Now strip off the padding*/
+- if(d->cs->block!=1){
++ if(d->cs->block>1){
+ pad=out[inl-1];
+ *outl-=(pad+1);
+ }
