Patch by Carsten Hoeger for ssldump >= 0.9b3 which adds support for AES cipher-suites (to ssldump). For further information, please have a look to Novell bug ID #50952. --- ssldump-0.9b3/ssl/sslciphers.h 2002-08-17 03:33:17.000000000 +0200 +++ ssldump-0.9b3/ssl/sslciphers.h.aes 2010-04-06 16:34:35.000000000 +0200 @@ -71,7 +71,9 @@ #define ENC_RC4 0x32 #define ENC_RC2 0x33 #define ENC_IDEA 0x34 -#define ENC_NULL 0x35 +#define ENC_AES128 0x35 +#define ENC_AES256 0x36 +#define ENC_NULL 0x37 #define DIG_MD5 0x40 #define DIG_SHA 0x41 --- ssldump-0.9b3/ssl/ssl_rec.c 2000-11-03 07:38:06.000000000 +0100 +++ ssldump-0.9b3/ssl/ssl_rec.c.aes 2010-04-06 16:42:13.000000000 +0200 @@ -78,7 +78,9 @@ "DES3", "RC4", "RC2", - "IDEA" + "IDEA", + "AES128", + "AES256" }; @@ -101,6 +103,11 @@ /* Find the SSLeay cipher */ if(cs->enc!=ENC_NULL){ ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]); + if(!ciph) + ABORT(R_INTERNAL); + } + else { + ciph=EVP_enc_null(); } if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1))) @@ -169,7 +176,7 @@ *outl=inl; /* Now strip off the padding*/ - if(d->cs->block!=1){ + if(d->cs->block>1){ pad=out[inl-1]; *outl-=(pad+1); } --- ssldump-0.9b3/ssl/ssl.enums 2001-07-20 18:44:32.000000000 +0200 +++ ssldump-0.9b3/ssl/ssl.enums.aes 2010-04-06 16:36:06.000000000 +0200 @@ -356,6 +356,18 @@ CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 }; CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B }; + CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F }; + CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 }; + CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 }; + CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 }; + CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 }; + CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 }; + CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 }; + CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 }; + CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 }; + CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 }; + CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 }; + CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A }; CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 }; CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 }; CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 }; --- ssldump-0.9b3/ssl/ciphersuites.c 2002-08-17 03:33:17.000000000 +0200 +++ ssldump-0.9b3/ssl/ciphersuites.c.aes 2010-04-06 16:33:52.000000000 +0200 @@ -78,10 +78,22 @@ {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1}, {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0}, {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0}, + {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0}, {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1}, {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1}, {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1}, - {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1}, + {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1}, {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1}, {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1}, {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, --- ssldump-0.9b3/ssl/ssl.enums.c 2001-07-20 18:44:36.000000000 +0200 +++ ssldump-0.9b3/ssl/ssl.enums.c.aes 2010-04-06 16:40:14.000000000 +0200 @@ -151,7 +151,7 @@ "application_data", decode_ContentType_application_data }, -{0} +{-1} }; static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data) @@ -163,6 +163,7 @@ printf("\n"); + return(0); } static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) @@ -368,6 +369,7 @@ printf("\n"); + return(0); } static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) @@ -611,6 +613,54 @@ "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", 0 }, { + 47, + "TLS_RSA_WITH_AES_128_CBC_SHA", + 0 }, + { + 48, + "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + 0 }, + { + 49, + "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + 0 }, + { + 50, + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + 0 }, + { + 51, + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + 0 }, + { + 52, + "TLS_DH_anon_WITH_AES_128_CBC_SHA", + 0 }, + { + 53, + "TLS_RSA_WITH_AES_256_CBC_SHA", + 0 }, + { + 54, + "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + 0 }, + { + 55, + "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + 0 }, + { + 56, + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + 0 }, + { + 57, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + 0 }, + { + 58, + "TLS_DH_anon_WITH_AES_256_CBC_SHA", + 0 }, + { 96, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", 0 }, --- ssldump-0.9b3/ssl/ssl_enum.c 2000-10-09 07:14:02.000000000 +0200 +++ ssldump-0.9b3/ssl/ssl_enum.c.aes 2010-04-06 16:57:15.000000000 +0200 @@ -70,7 +70,7 @@ "application_data", decode_ContentType_application_data }, -{0} +{-1} }; static int decode_HandshakeType_hello_request(ssl,dir,seg,data)