PR/39646 -- add AES patch, from

http://people.freebsd.org/~tmclaugh/files/ssldump-aes.diff
2011-09-13 17:27:36 +00:00 · 2011-09-13 17:27:36 +00:00 · cf15b6a4f7
commit cf15b6a4f7
parent 151527fa78
3 changed files with 167 additions and 3 deletions
--- a/security/ssldump/Makefile
+++ b/security/ssldump/Makefile
@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2010/01/27 16:55:04 joerg Exp $
+# $NetBSD: Makefile,v 1.22 2011/09/13 17:27:36 shattered Exp $
 #

 DISTNAME=	ssldump-0.9b3
-PKGREVISION=	8
+PKGREVISION=	9
 CATEGORIES=	security
 MASTER_SITES=	http://www.rtfm.com/ssldump/

--- a/security/ssldump/distinfo
+++ b/security/ssldump/distinfo
@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.7 2007/06/17 01:40:51 hubertf Exp $
+$NetBSD: distinfo,v 1.8 2011/09/13 17:27:36 shattered Exp $

 SHA1 (ssldump-0.9b3.tar.gz) = a633a9a811a138eac5ed440d583473b644135ef5
 RMD160 (ssldump-0.9b3.tar.gz) = 941cf8f2ef8459ec4f9ce65772e134505d46566f
 Size (ssldump-0.9b3.tar.gz) = 137435 bytes
 SHA1 (patch-aa) = 8ab6a65c0e338e99249a0c90b87340252494020a
 SHA1 (patch-ab) = 38479b85460d56841a62b04c1134461bfaae72e5
+SHA1 (patch-aes) = 75180402f5a8d775dd27049700717d30063f3de9
--- a/security/ssldump/patches/patch-aes
+++ b/security/ssldump/patches/patch-aes
@ -0,0 +1,163 @@
+$NetBSD: patch-aes,v 1.1 2011/09/13 17:27:36 shattered Exp $
+
+http://people.freebsd.org/~tmclaugh/files/ssldump-aes.diff
+
+diff -uNr ssl/ciphersuites.c.orig ssl/ciphersuites.c
+--- ssl/ciphersuites.c.orig	2002-08-16 19:33:17.000000000 -0600
+++ ssl/ciphersuites.c	2003-04-25 11:30:44.000000000 -0600
+@@ -78,10 +78,25 @@
+      {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1},
+      {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0},
+      {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0},
+
+     {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+     {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0},
+
+     {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+     {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0},
+
+      {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1},
+      {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1},
+      {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1},
+-     {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1},
+     {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1},
+      {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1},
+      {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1},     
+      {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
+diff -uNr ssl/sslciphers.h.orig ssl/sslciphers.h
+--- ssl/sslciphers.h.orig	2002-08-16 19:33:17.000000000 -0600
+++ ssl/sslciphers.h	2003-04-25 11:30:46.000000000 -0600
+@@ -71,7 +71,9 @@
+ #define ENC_RC4		0x32
+ #define ENC_RC2		0x33
+ #define ENC_IDEA	0x34
+-#define ENC_NULL	0x35
+#define ENC_AES128      0x35
+#define ENC_AES256      0x36
+#define ENC_NULL	0x37
+ 
+ #define DIG_MD5		0x40
+ #define DIG_SHA		0x41
+diff -uNr ssl/ssl.enums.orig ssl/ssl.enums
+--- ssl/ssl.enums.orig	2001-07-20 10:44:32.000000000 -0600
+++ ssl/ssl.enums	2003-04-25 11:30:45.000000000 -0600
+@@ -356,6 +356,18 @@
+     CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x19 };
+     CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA           = { 0x00,0x1A };
+     CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA      = { 0x00,0x1B };
+    CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA           = { 0x00,0x2F };
+    CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA        = { 0x00,0x30 };
+    CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA        = { 0x00,0x31 };
+    CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA       = { 0x00,0x32 };
+    CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA       = { 0x00,0x33 };
+    CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA       = { 0x00,0x34 };
+    CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA           = { 0x00,0x35 };
+    CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA        = { 0x00,0x36 };
+    CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA        = { 0x00,0x37 };
+    CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA       = { 0x00,0x38 };
+    CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA       = { 0x00,0x39 };
+    CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA       = { 0x00,0x3A };
+     CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5     = { 0x00,0x60 };
+     CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5   = { 0x00,0x61 };
+     CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     = { 0x00,0x62 };
+diff -uNr ssl/ssl.enums.c.orig ssl/ssl.enums.c
+--- ssl/ssl.enums.c.orig	2001-07-20 10:44:36.000000000 -0600
+++ ssl/ssl.enums.c	2003-04-25 11:30:45.000000000 -0600
+@@ -611,6 +611,54 @@
+ 		"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ 		0	},
+ 	{
+	        47,
+	        "TLS_RSA_WITH_AES_128_CBC_SHA",
+	        0       },
+	{
+	        48,
+	        "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+	        0       },
+	{
+	        49,
+	        "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+	        0       },
+	{
+	        50,
+	        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+	        0       },
+	{
+	        51,
+	        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+	        0       },
+	{
+	        52,
+	        "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+	        0       },
+	{
+	        53,
+	        "TLS_RSA_WITH_AES_256_CBC_SHA",
+	        0       },
+	{
+	        54,
+	        "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+	        0       },
+	{
+	        55,
+	        "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+	        0       },
+	{
+	        56,
+	        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+	        0       },
+	{
+	        57,
+	        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+	        0       },
+	{
+	        58,
+	        "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+	        0       },
+	{
+ 		96,
+ 		"TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
+ 		0	},
+diff -uNr ssl/ssl_rec.c.orig ssl/ssl_rec.c
+--- ssl/ssl_rec.c.orig	2000-11-02 23:38:06.000000000 -0700
+++ ssl/ssl_rec.c	2003-04-25 11:30:46.000000000 -0600
+@@ -78,7 +78,9 @@
+      "DES3",
+      "RC4",
+      "RC2",
+-     "IDEA"
+     "IDEA",
+     "AES128",
+     "AES256"
+ };
+ 
+ 
+@@ -101,6 +103,11 @@
+     /* Find the SSLeay cipher */
+     if(cs->enc!=ENC_NULL){
+       ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]);
+      if(!ciph)
+	ABORT(R_INTERNAL);
+    }
+    else {
+      ciph=EVP_enc_null();
+     }
+ 
+     if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1)))
+@@ -169,7 +176,7 @@
+     *outl=inl;
+     
+     /* Now strip off the padding*/
+-    if(d->cs->block!=1){
+    if(d->cs->block>1){
+       pad=out[inl-1];
+       *outl-=(pad+1);
+     }