PR/39646 -- add AES patch, from

http://people.freebsd.org/~tmclaugh/files/ssldump-aes.diff
author: shattered <shattered> 2011-09-13 17:27:36 +0000
committer: shattered <shattered> 2011-09-13 17:27:36 +0000
commit: 451acb8ab3cc26ca669ddca53bec4ec69f2915f7 (patch)
tree: 8cebd92b4b22c07fdde111e98d800bbf63c49b1a /security
parent: 5595ec094b486c7a17a85bd49dc6a00d5a53512d (diff)
download: pkgsrc-451acb8ab3cc26ca669ddca53bec4ec69f2915f7.tar.gz
3 files changed, 167 insertions, 3 deletions
diff --git a/security/ssldump/Makefile b/security/ssldump/Makefile
index e12362b80d8..d72decca721 100644
--- a/security/ssldump/Makefile
+++ b/security/ssldump/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2010/01/27 16:55:04 joerg Exp $
+# $NetBSD: Makefile,v 1.22 2011/09/13 17:27:36 shattered Exp $
 #
 
 DISTNAME=	ssldump-0.9b3
-PKGREVISION=	8
+PKGREVISION=	9
 CATEGORIES=	security
 MASTER_SITES=	http://www.rtfm.com/ssldump/
 
diff --git a/security/ssldump/distinfo b/security/ssldump/distinfo
index 4fd30846bd4..e0b02dbde32 100644
--- a/security/ssldump/distinfo
+++ b/security/ssldump/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.7 2007/06/17 01:40:51 hubertf Exp $
+$NetBSD: distinfo,v 1.8 2011/09/13 17:27:36 shattered Exp $
 
 SHA1 (ssldump-0.9b3.tar.gz) = a633a9a811a138eac5ed440d583473b644135ef5
 RMD160 (ssldump-0.9b3.tar.gz) = 941cf8f2ef8459ec4f9ce65772e134505d46566f
 Size (ssldump-0.9b3.tar.gz) = 137435 bytes
 SHA1 (patch-aa) = 8ab6a65c0e338e99249a0c90b87340252494020a
 SHA1 (patch-ab) = 38479b85460d56841a62b04c1134461bfaae72e5
+SHA1 (patch-aes) = 75180402f5a8d775dd27049700717d30063f3de9
diff --git a/security/ssldump/patches/patch-aes b/security/ssldump/patches/patch-aes
new file mode 100644
index 00000000000..ebfb6bf7427
--- /dev/null
+++ b/security/ssldump/patches/patch-aes
@@ -0,0 +1,163 @@
+$NetBSD: patch-aes,v 1.1 2011/09/13 17:27:36 shattered Exp $
+
+http://people.freebsd.org/~tmclaugh/files/ssldump-aes.diff
+
+diff -uNr ssl/ciphersuites.c.orig ssl/ciphersuites.c
+--- ssl/ciphersuites.c.orig	2002-08-16 19:33:17.000000000 -0600
++++ ssl/ciphersuites.c	2003-04-25 11:30:44.000000000 -0600
+@@ -78,10 +78,25 @@
+      {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1},
+      {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0},
+      {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0},
++
++     {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
++     {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0},
++
++     {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
++     {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0},
++
+      {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1},
+      {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1},
+      {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1},
+-     {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1},
++     {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1},
+      {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1},
+      {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1},     
+      {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
+diff -uNr ssl/sslciphers.h.orig ssl/sslciphers.h
+--- ssl/sslciphers.h.orig	2002-08-16 19:33:17.000000000 -0600
++++ ssl/sslciphers.h	2003-04-25 11:30:46.000000000 -0600
+@@ -71,7 +71,9 @@
+ #define ENC_RC4		0x32
+ #define ENC_RC2		0x33
+ #define ENC_IDEA	0x34
+-#define ENC_NULL	0x35
++#define ENC_AES128      0x35
++#define ENC_AES256      0x36
++#define ENC_NULL	0x37
+ 
+ #define DIG_MD5		0x40
+ #define DIG_SHA		0x41
+diff -uNr ssl/ssl.enums.orig ssl/ssl.enums
+--- ssl/ssl.enums.orig	2001-07-20 10:44:32.000000000 -0600
++++ ssl/ssl.enums	2003-04-25 11:30:45.000000000 -0600
+@@ -356,6 +356,18 @@
+     CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x19 };
+     CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA           = { 0x00,0x1A };
+     CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA      = { 0x00,0x1B };
++    CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA           = { 0x00,0x2F };
++    CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA        = { 0x00,0x30 };
++    CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA        = { 0x00,0x31 };
++    CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA       = { 0x00,0x32 };
++    CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA       = { 0x00,0x33 };
++    CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA       = { 0x00,0x34 };
++    CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA           = { 0x00,0x35 };
++    CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA        = { 0x00,0x36 };
++    CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA        = { 0x00,0x37 };
++    CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA       = { 0x00,0x38 };
++    CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA       = { 0x00,0x39 };
++    CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA       = { 0x00,0x3A };
+     CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5     = { 0x00,0x60 };
+     CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5   = { 0x00,0x61 };
+     CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     = { 0x00,0x62 };
+diff -uNr ssl/ssl.enums.c.orig ssl/ssl.enums.c
+--- ssl/ssl.enums.c.orig	2001-07-20 10:44:36.000000000 -0600
++++ ssl/ssl.enums.c	2003-04-25 11:30:45.000000000 -0600
+@@ -611,6 +611,54 @@
+ 		"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
+ 		0	},
+ 	{
++	        47,
++	        "TLS_RSA_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        48,
++	        "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        49,
++	        "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        50,
++	        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        51,
++	        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        52,
++	        "TLS_DH_anon_WITH_AES_128_CBC_SHA",
++	        0       },
++	{
++	        53,
++	        "TLS_RSA_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        54,
++	        "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        55,
++	        "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        56,
++	        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        57,
++	        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
++	        58,
++	        "TLS_DH_anon_WITH_AES_256_CBC_SHA",
++	        0       },
++	{
+ 		96,
+ 		"TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
+ 		0	},
+diff -uNr ssl/ssl_rec.c.orig ssl/ssl_rec.c
+--- ssl/ssl_rec.c.orig	2000-11-02 23:38:06.000000000 -0700
++++ ssl/ssl_rec.c	2003-04-25 11:30:46.000000000 -0600
+@@ -78,7 +78,9 @@
+      "DES3",
+      "RC4",
+      "RC2",
+-     "IDEA"
++     "IDEA",
++     "AES128",
++     "AES256"
+ };
+ 
+ 
+@@ -101,6 +103,11 @@
+     /* Find the SSLeay cipher */
+     if(cs->enc!=ENC_NULL){
+       ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]);
++      if(!ciph)
++	ABORT(R_INTERNAL);
++    }
++    else {
++      ciph=EVP_enc_null();
+     }
+ 
+     if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1)))
+@@ -169,7 +176,7 @@
+     *outl=inl;
+     
+     /* Now strip off the padding*/
+-    if(d->cs->block!=1){
++    if(d->cs->block>1){
+       pad=out[inl-1];
+       *outl-=(pad+1);
+     }
author	shattered <shattered>	2011-09-13 17:27:36 +0000
committer	shattered <shattered>	2011-09-13 17:27:36 +0000
commit	451acb8ab3cc26ca669ddca53bec4ec69f2915f7 (patch)
tree	8cebd92b4b22c07fdde111e98d800bbf63c49b1a /security
parent	5595ec094b486c7a17a85bd49dc6a00d5a53512d (diff)
download	pkgsrc-451acb8ab3cc26ca669ddca53bec4ec69f2915f7.tar.gz