diff --git a/ssl/ciphersuites.c b/ssl/ciphersuites.c index 9df8459..5d057c8 100644 --- a/ssl/ciphersuites.c +++ b/ssl/ciphersuites.c @@ -78,10 +78,22 @@ static SSL_CipherSuite CipherSuites[]={ {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1}, {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0}, {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0}, + {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0}, {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1}, {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1}, {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1}, - {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1}, + {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1}, {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1}, {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1}, {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, diff --git a/ssl/ssl.enums b/ssl/ssl.enums index dba21a1..3056674 100644 --- a/ssl/ssl.enums +++ b/ssl/ssl.enums @@ -356,6 +356,18 @@ ClientKeyExchange(16) CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 }; CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B }; + CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F }; + CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 }; + CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 }; + CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 }; + CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 }; + CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 }; + CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 }; + CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 }; + CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 }; + CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 }; + CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 }; + CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A }; CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 }; CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 }; CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 }; diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index 1d4a9bd..327ae0e 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -151,7 +151,7 @@ decoder ContentType_decoder[]={ "application_data", decode_ContentType_application_data }, -{0} +{-1} }; static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data) @@ -163,6 +163,7 @@ static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data) printf("\n"); + return(0); } static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) @@ -368,6 +369,7 @@ static int decode_HandshakeType_ServerHelloDone(ssl,dir,seg,data) printf("\n"); + return(0); } static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) @@ -610,6 +612,54 @@ decoder cipher_suite_decoder[]={ 27, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", 0 }, + { + 47, + "TLS_RSA_WITH_AES_128_CBC_SHA", + 0 }, + { + 48, + "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + 0 }, + { + 49, + "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + 0 }, + { + 50, + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + 0 }, + { + 51, + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + 0 }, + { + 52, + "TLS_DH_anon_WITH_AES_128_CBC_SHA", + 0 }, + { + 53, + "TLS_RSA_WITH_AES_256_CBC_SHA", + 0 }, + { + 54, + "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + 0 }, + { + 55, + "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + 0 }, + { + 56, + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + 0 }, + { + 57, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + 0 }, + { + 58, + "TLS_DH_anon_WITH_AES_256_CBC_SHA", + 0 }, { 96, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", diff --git a/ssl/ssl_enum.c b/ssl/ssl_enum.c index fde56c6..9472bd0 100644 --- a/ssl/ssl_enum.c +++ b/ssl/ssl_enum.c @@ -70,7 +70,7 @@ decoder ContentType_decoder[]={ "application_data", decode_ContentType_application_data }, -{0} +{-1} }; static int decode_HandshakeType_hello_request(ssl,dir,seg,data) diff --git a/ssl/ssl_rec.c b/ssl/ssl_rec.c index e0224e6..b727a82 100644 --- a/ssl/ssl_rec.c +++ b/ssl/ssl_rec.c @@ -78,7 +78,9 @@ static char *ciphers[]={ "DES3", "RC4", "RC2", - "IDEA" + "IDEA", + "AES128", + "AES256" }; @@ -101,6 +103,11 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv) /* Find the SSLeay cipher */ if(cs->enc!=ENC_NULL){ ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]); + if(!ciph) + ABORT(R_INTERNAL); + } + else { + ciph=EVP_enc_null(); } if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1))) @@ -169,7 +176,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) *outl=inl; /* Now strip off the padding*/ - if(d->cs->block!=1){ + if(d->cs->block>1){ pad=out[inl-1]; *outl-=(pad+1); } diff --git a/ssl/sslciphers.h b/ssl/sslciphers.h index 96256ca..ef51248 100644 --- a/ssl/sslciphers.h +++ b/ssl/sslciphers.h @@ -71,7 +71,9 @@ typedef struct SSL_CipherSuite_ { #define ENC_RC4 0x32 #define ENC_RC2 0x33 #define ENC_IDEA 0x34 -#define ENC_NULL 0x35 +#define ENC_AES128 0x35 +#define ENC_AES256 0x36 +#define ENC_NULL 0x37 #define DIG_MD5 0x40 #define DIG_SHA 0x41