mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-05 20:36:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

testing/ssldump: upgrade to 1.4

Browse Source 
use version from github which have many patches
remove obsolete patches
This commit is contained in:
Milan P. Stanić 2020-07-30 18:06:37 +00:00
parent 33a4c4e9fa
commit 5f0421f455
11 changed files with 13 additions and 3049 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
testing/ssldump/0010-openssl.patch
View File

@ -1,216 +0,0 @@
Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3, which
reinstates the the -y (nroff) flag, declares MD5_CTX via <openssl/md5.h>, avoids
"ERROR: Couldn't create network handler" by calling SSL_library_init() function
and OpenSSL_add_all_algorithms() rather SSLeay_add_all_algorithms() and revises
the ssldump man page for correctness and completeness.
--- ssldump-0.9b3/ssl/ssl_analyze.c 2002-01-21 19:46:13.000000000 +0100
+++ ssldump-0.9b3/ssl/ssl_analyze.c.openssl 2010-01-22 23:59:09.000000000 +0100
@@ -133,7 +133,7 @@
SSL_PRINT_DECODE
},
{
- 0,
+ 'y',
"nroff",
SSL_PRINT_NROFF
},
--- ssldump-0.9b3/ssl/ssldecode.c 2002-08-17 03:33:17.000000000 +0200
+++ ssldump-0.9b3/ssl/ssldecode.c.openssl 2010-01-22 23:59:46.000000000 +0100
@@ -51,6 +51,7 @@
#include <openssl/ssl.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
+#include <openssl/md5.h>
#include <openssl/x509v3.h>
#endif
#include "ssldecode.h"
@@ -131,7 +132,8 @@
ssl_decode_ctx *d=0;
int r,_status;
- SSLeay_add_all_algorithms();
+ SSL_library_init();
+ OpenSSL_add_all_algorithms();
if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx))))
ABORT(R_NO_MEMORY);
if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method())))
--- ssldump-0.9b3/ssldump.1 2002-08-13 01:46:53.000000000 +0200
+++ ssldump-0.9b3/ssldump.1.openssl 2010-01-23 00:26:26.000000000 +0100
@@ -61,12 +61,9 @@
.na
.B ssldump
[
-.B \-vtaTnsAxXhHVNdq
+.B \-vTshVq
+.B \-aAdeHnNqTxXvy
] [
-.B \-r
-.I dumpfile
-]
-[
.B \-i
.I interface
]
@@ -81,6 +78,16 @@
.I password
]
[
+.B \-r
+.I dumpfile
+]
+.br
+.ti +8
+[
+.B \-S
+.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|]
+]
+[
.I expression
]
.br
@@ -125,6 +132,7 @@
You must have read access to
.IR /dev/bpf* .
.SH OPTIONS
+.TP
.B \-a
Print bare TCP ACKs (useful for observing Nagle behavior)
.TP
@@ -135,7 +143,7 @@
.B \-d
Display the application data traffic. This usually means
decrypting it, but when -d is used ssldump will also decode
-application data traffic _before_ the SSL session initiates.
+application data traffic \fIbefore\fP the SSL session initiates.
This allows you to see HTTPS CONNECT behavior as well as
SMTP STARTTLS. As a side effect, since ssldump can't tell
whether plaintext is traffic before the initiation of an
@@ -148,18 +156,9 @@
.B \-e
Print absolute timestamps instead of relative timestamps
.TP
-.B \-r
-Read data from \fIfile\fP instead of from the network.
-The old -f option still works but is deprecated and will
-probably be removed with the next version.
.B \-H
Print the full SSL packet header.
.TP
-.B \-k
-Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
-Previous versions of ssldump automatically looked in ./server.pem.
-Now you must specify your keyfile every time.
-.TP
.B \-n
Don't try to resolve host names from IP addresses
.TP
@@ -176,6 +175,12 @@
.B \-q
Don't decode any record fields beyond a single summary line. (quiet mode).
.TP
+.B \-T
+Print the TCP headers.
+.TP
+.B \-v
+Display version and copyright information.
+.TP
.B \-x
Print each record in hex, as well as decoding it.
.TP
@@ -183,13 +188,48 @@
When the -d option is used, binary data is automatically printed
in two columns with a hex dump on the left and the printable characters
on the right. -X suppresses the display of the printable characters,
-thus making it easier to cut and paste the hext data into some other
+thus making it easier to cut and paste the hex data into some other
program.
+.TP
.B \-y
-Decorate the output for processing with troff. Not very
+Decorate the output for processing with nroff/troff. Not very
useful for the average user.
.TP
-.IP "\fI expression\fP"
+.BI \-i " interface"
+Use \fIinterface\fP as the network interface on which to sniff SSL/TLS
+traffic.
+.TP
+.BI \-k " keyfile"
+Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)
+Previous versions of ssldump automatically looked in ./server.pem.
+Now you must specify your keyfile every time.
+.TP
+.BI \-p " password"
+Use \fIpassword\fP as the SSL keyfile password.
+.TP
+.BI \-r " file"
+Read data from \fIfile\fP instead of from the network.
+The old -f option still works but is deprecated and will
+probably be removed with the next version.
+.TP
+.BI \-S " [ " crypto " | " d " | " ht " | " H " ]"
+Specify SSL flags to ssldump. These flags include:
+.RS
+.TP
+.I crypto
+Print cryptographic information.
+.TP
+.I d
+Print fields as decoded.
+.TP
+.I ht
+Print the handshake type.
+.TP
+.I H
+Print handshake type and highlights.
+.RE
+.TP
+\fIexpression\fP
.RS
Selects what packets ssldump will examine. Technically speaking,
ssldump supports the full expression syntax from PCAP and tcpdump.
@@ -200,7 +240,7 @@
don't result in incomplete TCP streams are listed here.
.LP
The \fIexpression\fP consists of one or more
-.I primitives.
+.IR primitives .
Primitives usually consist of an
.I id
(name or number) preceded by one or more qualifiers. There are three
@@ -512,5 +552,11 @@
.LP
ssldump doesn't implement session caching and therefore can't decrypt
resumed sessions.
-
-
+.LP
+.SH SEE ALSO
+.LP
+.BR tcpdump (1)
+.LP
+.SH AUTHOR
+.LP
+ssldump was written by Eric Rescorla <ekr@rtfm.com>.
--- ssldump-0.9b3/base/pcap-snoop.c 2002-09-09 23:02:58.000000000 +0200
+++ ssldump-0.9b3/base/pcap-snoop.c.openssl 2010-04-06 16:50:22.000000000 +0200
@@ -206,7 +206,7 @@
signal(SIGINT,sig_handler);
- while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){
+ while((c=getopt(argc,argv,"vr:f:S:yTtai:k:p:nsAxXhHVNdqem:P"))!=EOF){
switch(c){
case 'v':
print_version();
@@ -227,6 +227,9 @@
case 'a':
NET_print_flags |= NET_PRINT_ACKS;
break;
+ case 'A':
+ SSL_print_flags |= SSL_PRINT_ALL_FIELDS;
+ break;
case 'T':
NET_print_flags |= NET_PRINT_TCP_HDR;
break;

43
testing/ssldump/0020-libpcap.patch
View File

@ -1,43 +0,0 @@
Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3, which
replaces the inclusion of <net/bpf.h> by <pcap-bpf.h> because of changed files.
It adds some 64 bit support in ./configure for lib64 directories around libpcap
and ensures that dynamic linking to libpcap is possible.
--- ssldump-0.9b3/base/pcap-snoop.c 2010-01-23 00:30:24.000000000 +0100
+++ ssldump-0.9b3/base/pcap-snoop.c.libpcap 2010-01-23 00:34:11.000000000 +0100
@@ -49,7 +49,7 @@
#include <pcap.h>
#include <unistd.h>
-#include <net/bpf.h>
+#include <pcap-bpf.h>
#ifndef _WIN32
#include <sys/param.h>
#endif
--- ssldump-0.9b3/configure.in 2001-11-26 23:38:13.000000000 +0100
+++ ssldump-0.9b3/configure.in.libpcap 2010-01-23 00:33:12.000000000 +0100
@@ -62,7 +62,7 @@
dnl Look for PCAP
dnl We absolutely need pcap
ac_pcap_inc_dir="/usr/include /usr/include/pcap /usr/local/include"
-ac_pcap_lib_dir="/usr/lib /usr/local/lib"
+ac_pcap_lib_dir="/usr/local/lib64 /usr/local/lib /usr/lib64 /usr/lib"
AC_ARG_WITH(pcap,[--with-pcap root location for pcap library],
if test "$withval" = "no"; then
@@ -102,13 +102,13 @@
AC_MSG_CHECKING(for PCAP library)
ac_found_pcap_lib_dir="no"
for dir in $ac_pcap_lib_dir; do
- if test -f $dir/libpcap.a; then
+ if test -f $dir/libpcap.a -o -f $dir/libpcap.so; then
dnl Ok, we think we've found them, but check that they
dnl actually ontain the right functions
save_LIBS=$LIBS
save_LDFLAGS=$LDFLAGS
LIBS="-lpcap $LIBS"
- if test "$dir" != "/usr/lib"; then
+ if test "$dir" != "/usr/lib" -a "$dir" != "/usr/lib64"; then
LDFLAGS="-L$dir $LDFLAGS"
fi
AC_TRY_LINK_FUNC(pcap_open_live,ac_linked_libpcap="true",

191
testing/ssldump/0030-aes.patch
View File

@ -1,191 +0,0 @@
Patch by Carsten Hoeger <choeger@suse.de> for ssldump >= 0.9b3 which adds support
for AES cipher-suites (to ssldump). For further information, please have a look to
Novell bug ID #50952.
--- ssldump-0.9b3/ssl/sslciphers.h 2002-08-17 03:33:17.000000000 +0200
+++ ssldump-0.9b3/ssl/sslciphers.h.aes 2010-04-06 16:34:35.000000000 +0200
@@ -71,7 +71,9 @@
#define ENC_RC4 0x32
#define ENC_RC2 0x33
#define ENC_IDEA 0x34
-#define ENC_NULL 0x35
+#define ENC_AES128 0x35
+#define ENC_AES256 0x36
+#define ENC_NULL 0x37
#define DIG_MD5 0x40
#define DIG_SHA 0x41
--- ssldump-0.9b3/ssl/ssl_rec.c 2000-11-03 07:38:06.000000000 +0100
+++ ssldump-0.9b3/ssl/ssl_rec.c.aes 2010-04-06 16:42:13.000000000 +0200
@@ -78,7 +78,9 @@
"DES3",
"RC4",
"RC2",
- "IDEA"
+ "IDEA",
+ "AES128",
+ "AES256"
};
@@ -101,6 +103,11 @@
/* Find the SSLeay cipher */
if(cs->enc!=ENC_NULL){
ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]);
+ if(!ciph)
+ ABORT(R_INTERNAL);
+ }
+ else {
+ ciph=EVP_enc_null();
}
if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1)))
@@ -169,7 +176,7 @@
*outl=inl;
/* Now strip off the padding*/
- if(d->cs->block!=1){
+ if(d->cs->block>1){
pad=out[inl-1];
*outl-=(pad+1);
}
--- ssldump-0.9b3/ssl/ssl.enums 2001-07-20 18:44:32.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl.enums.aes 2010-04-06 16:36:06.000000000 +0200
@@ -356,6 +356,18 @@
CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 };
CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B };
+ CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F };
+ CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 };
+ CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 };
+ CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 };
+ CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 };
+ CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 };
+ CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 };
+ CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 };
+ CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 };
+ CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 };
+ CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 };
+ CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A };
CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 };
CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 };
CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 };
--- ssldump-0.9b3/ssl/ciphersuites.c 2002-08-17 03:33:17.000000000 +0200
+++ ssldump-0.9b3/ssl/ciphersuites.c.aes 2010-04-06 16:33:52.000000000 +0200
@@ -78,10 +78,22 @@
{25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1},
{26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0},
{27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0},
+ {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0},
{96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1},
{97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1},
{98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1},
- {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1},
+ {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1},
{100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1},
{101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1},
{102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
--- ssldump-0.9b3/ssl/ssl.enums.c 2001-07-20 18:44:36.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl.enums.c.aes 2010-04-06 16:40:14.000000000 +0200
@@ -151,7 +151,7 @@
"application_data",
decode_ContentType_application_data
},
-{0}
+{-1}
};
static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data)
@@ -163,6 +163,7 @@
printf("\n");
+ return(0);
}
static int decode_HandshakeType_ClientHello(ssl,dir,seg,data)
@@ -368,6 +369,7 @@
printf("\n");
+ return(0);
}
static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data)
@@ -611,6 +613,54 @@
"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
0 },
{
+ 47,
+ "TLS_RSA_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 48,
+ "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 49,
+ "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 50,
+ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 51,
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 52,
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+ 0 },
+ {
+ 53,
+ "TLS_RSA_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 54,
+ "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 55,
+ "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 56,
+ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 57,
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
+ 58,
+ "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+ 0 },
+ {
96,
"TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
0 },
--- ssldump-0.9b3/ssl/ssl_enum.c 2000-10-09 07:14:02.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl_enum.c.aes 2010-04-06 16:57:15.000000000 +0200
@@ -70,7 +70,7 @@
"application_data",
decode_ContentType_application_data
},
-{0}
+{-1}
};
static int decode_HandshakeType_hello_request(ssl,dir,seg,data)

191
testing/ssldump/0040-cvs-20060619.patch
View File

@ -1,191 +0,0 @@
Patch by Michael Calmer <mc@suse.de> for ssldump >= 0.9b3 which backports several
fixes and some minor enhancements from upstream CVS 2006-06-19.
--- ssldump-0.9b3/ssl/sslprint.c 2002-08-17 03:33:17.000000000 +0200
+++ ssldump-0.9b3/ssl/sslprint.c.cvs 2010-04-06 17:12:40.000000000 +0200
@@ -248,12 +248,12 @@
SSL_DECODE_UINT16(ssl,0,0,&d,&length);
if(d.len!=length){
- explain(ssl,"Short record\n");
+ explain(ssl," Short record: %u bytes available (expecting: %u)\n",length,d.len);
return(0);
}
P_(P_RH){
- explain(ssl,"V%d.%d(%d)",vermaj,vermin,length);
+ explain(ssl," V%d.%d(%d)",vermaj,vermin,length);
}
@@ -262,19 +262,22 @@
r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d);
if(r==SSL_BAD_MAC){
- explain(ssl," bad MAC\n");
+ explain(ssl," bad MAC\n");
return(0);
}
if(r){
- if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct))
+ if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) {
+ printf(" unknown record type: %d\n", ct);
ERETURN(r);
+ }
printf("\n");
}
else{
- if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q,
- &d))
+ if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) {
+ printf(" unknown record type: %d\n", ct);
ERETURN(r);
+ }
}
return(0);
@@ -369,7 +372,7 @@
dtable++;
}
- return(-1);
+ return(R_NOT_FOUND);
}
int ssl_decode_enum(ssl,name,size,dtable,p,data,x)
@@ -416,8 +419,7 @@
dtable++;
}
- explain(ssl,"%s","unknown value");
- return(0);
+ return(R_NOT_FOUND);
}
int explain(ssl_obj *ssl,char *format,...)
@@ -535,7 +537,7 @@
printf("\n");
for(i=0;i<d->len;i++){
- if(!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i])){
+ if(d->data[i] == 0 || (!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i]))){
bit8=1;
break;
}
@@ -557,7 +559,8 @@
else{
int nl=1;
INDENT;
- printf("---------------------------------------------------------------\n"); if(SSL_print_flags & SSL_PRINT_NROFF){
+ printf("---------------------------------------------------------------\n");
+ if(SSL_print_flags & SSL_PRINT_NROFF){
if(ssl->process_ciphertext & ssl->direction)
printf("\\f[CI]");
else
--- ssldump-0.9b3/ssl/ssl_analyze.c 2010-04-06 16:58:23.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl_analyze.c.cvs 2010-04-06 17:08:22.000000000 +0200
@@ -359,12 +359,16 @@
case 23:
break;
default:
- printf("Unknown SSL content type %d\n",q->data[0] & 255);
- ABORT(R_INTERNAL);
+ DBG((0,"Unknown SSL content type %d for segment %u:%u(%u)",
+ q->data[0] & 255,seg->s_seq,seg->s_seq+seg->len,seg->len));
}
rec_len=COMBINE(q->data[3],q->data[4]);
+ /* SSL v3.0 spec says a record may not exceed 2**14 + 2048 == 18432 */
+ if(rec_len > 18432)
+ ABORT(R_INTERNAL);
+
/*Expand the buffer*/
if(q->_allocated<(rec_len+SSL_HEADER_SIZE)){
if(!(q->data=realloc(q->data,rec_len+5)))
--- ssldump-0.9b3/base/tcppack.c 2002-09-09 23:02:58.000000000 +0200
+++ ssldump-0.9b3/base/tcppack.c.cvs 2010-04-06 17:06:46.000000000 +0200
@@ -95,11 +95,11 @@
proper order. This shouldn't be a problem, though,
except for simultaneous connects*/
if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){
- DBG((0,"TCP: rejecting packet from unknown connection\n"));
+ DBG((0,"TCP: rejecting packet from unknown connection, seq: %u\n",ntohl(p->tcp->th_seq)));
return(0);
}
- DBG((0,"SYN1\n"));
+ DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq)));
if(r=new_connection(handler,ctx,p,&conn))
ABORT(r);
conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
@@ -117,14 +117,14 @@
conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
conn->r2i.ack=ntohl(p->tcp->th_ack)+1;
conn->state=TCP_STATE_SYN2;
- DBG((0,"SYN2\n"));
+ DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq)));
break;
case TCP_STATE_SYN2:
{
char *sn=0,*dn=0;
if(direction != DIR_I2R)
break;
- DBG((0,"ACK\n"));
+ DBG((0,"ACK seq: %u",ntohl(p->tcp->th_seq)));
conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
lookuphostname(&conn->i_addr,&sn);
lookuphostname(&conn->r_addr,&dn);
@@ -228,7 +228,8 @@
l=p->len - p->tcp->th_off * 4;
if(stream->close){
- DBG((0,"Rejecting packet received after FIN"));
+ DBG((0,"Rejecting packet received after FIN: %u:%u(%u)",
+ ntohl(p->tcp->th_seq),ntohl(p->tcp->th_seq+l),l));
return(0);
}
@@ -341,20 +342,26 @@
if(conn->state == TCP_STATE_ESTABLISHED)
conn->state=TCP_STATE_FIN1;
else
- conn->state=TCP_STATE_CLOSED;
+ conn->state=TCP_STATE_CLOSED;
}
stream->oo_queue=seg->next;
seg->next=0;
stream->seq=seg->s_seq + seg->len;
- if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction))
+ DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
+ if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) {
+ DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
ABORT(r);
+ }
}
if(stream->close){
- if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction))
- ABORT(r);
+ DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
+ if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) {
+ DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
+ ABORT(r);
+ }
}
free_tcp_segment_queue(_seg.next);
--- ssldump-0.9b3/common/lib/r_assoc.c 2001-12-24 07:06:26.000000000 +0100
+++ ssldump-0.9b3/common/lib/r_assoc.c.cvs 2010-04-06 17:01:11.000000000 +0200
@@ -306,7 +306,7 @@
ABORT(R_NO_MEMORY);
for(i=0;i<new->size;i++){
if(r=copy_assoc_chain(new->chains+i,old->chains[i]))
- ABORT(r);
+ ABORT(R_NO_MEMORY);
}
*newp=new;

54
testing/ssldump/0050-table-stops.patch
View File

@ -1,54 +0,0 @@
Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3, which is
changing the decoder table ends from 0 to -1 to match the expected value of table
search routines. Without this patch, ssldump segfaults at latest after some time
of usage when decoding unknown enumerated values. For further information, please
have a look to Red Hat Bugzilla, bug ID #747398.
--- ssldump-0.9b3/ssl/ssl.enums.c 2011-10-24 22:33:03.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl.enums.c.table-stops 2011-10-24 22:34:20.000000000 +0200
@@ -500,7 +500,7 @@
"Finished",
decode_HandshakeType_Finished
},
-{0}
+{-1}
};
decoder cipher_suite_decoder[]={
@@ -778,7 +778,7 @@
"fatal",
decode_AlertLevel_fatal
},
-{0}
+{-1}
};
static int decode_AlertDescription_close_notify(ssl,dir,seg,data)
@@ -1081,7 +1081,7 @@
"no_renegotiation",
decode_AlertDescription_no_renegotiation
},
-{0}
+{-1}
};
decoder compression_method_decoder[]={
@@ -1145,6 +1145,6 @@
"dss_fixed_dh",
decode_client_certificate_type_dss_fixed_dh
},
-{0}
+{-1}
};
--- ssldump-0.9b3/ssl/ssl_enum.c 2011-10-24 22:33:03.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl_enum.c.table-stops 2011-10-24 22:34:44.000000000 +0200
@@ -260,7 +260,7 @@
"finished",
decode_HandshakeType_finished
},
-{0}
+{-1}
};
decoder cipher_suite_decoder[]={

91
testing/ssldump/0060-link_layer.patch
View File

@ -1,91 +0,0 @@
Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3 which adds
some further link layer offsets; inspirated from the original DLT_LINUX_SLL patch
by PeBek at http://sourceforge.net/p/ssldump/patches/6/.
--- ssldump-0.9b3/base/pcap-snoop.c 2014-05-04 02:02:58.000000000 +0200
+++ ssldump-0.9b3/base/pcap-snoop.c.link_layer 2014-05-04 02:20:21.000000000 +0200
@@ -136,6 +136,10 @@
len=hdr->len;
switch(pcap_if_type){
+ case DLT_RAW:
+#ifdef DLT_LOOP
+ case DLT_LOOP:
+#endif
case DLT_NULL:
data+=4;
len-=4;
@@ -158,6 +162,73 @@
return;
break;
+ case DLT_IEEE802:
+ data+=22;
+ len-=22;
+ break;
+ case DLT_FDDI:
+ data+=21;
+ len-=21;
+ break;
+#ifdef __amigaos__
+ case DLT_MIAMI:
+ data+=16;
+ len-=16;
+ break;
+#endif
+ case DLT_SLIP:
+#ifdef DLT_SLIP_BSDOS
+ case DLT_SLIP_BSDOS:
+#endif
+#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
+ data+=16;
+ len-=16;
+#else
+ data+=24;
+ len-=24;
+#endif
+ break;
+ case DLT_PPP:
+#ifdef DLT_PPP_BSDOS
+ case DLT_PPP_BSDOS:
+#endif
+#ifdef DLT_PPP_SERIAL
+ case DLT_PPP_SERIAL:
+#endif
+#ifdef DLT_PPP_ETHER
+ case DLT_PPP_ETHER:
+#endif
+#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
+ data+=4;
+ len-=4;
+#else
+#if defined(sun) || defined(__sun)
+ data+=8;
+ len-=8;
+#else
+ data+=24;
+ len-=24;
+#endif
+#endif
+ break;
+#ifdef DLT_ENC
+ case DLT_ENC:
+ data+=12;
+ len-=12;
+ break;
+#endif
+#ifdef DLT_LINUX_SLL
+ case DLT_LINUX_SLL:
+ data+=16;
+ len-=16;
+ break;
+#endif
+#ifdef DLT_IPNET
+ case DLT_IPNET:
+ data+=24;
+ len-=24;
+ break;
+#endif
}
network_process_packet(n,&hdr->ts,data,len);
}

36
testing/ssldump/0070-pcap-vlan.patch
View File

@ -1,36 +0,0 @@
Patch by David Holmes <dholmesf5@users.sourceforge.net> for ssldump >= 0.9b3 which
adds a filter to include traffic with or without the 802.1Q VLAN header.
--- ssldump-0.9b3/base/pcap-snoop.c 2014-05-04 02:20:21.000000000 +0200
+++ ssldump-0.9b3/base/pcap-snoop.c.pcap-vlan 2014-05-04 05:22:43.000000000 +0200
@@ -385,6 +385,30 @@
if(filter){
struct bpf_program fp;
+ /* (F5 patch)
+ * reformat filter to include traffic with or without the 802.1q
+ * vlan header. for example, "port 80" becomes:
+ * "( port 80 ) or ( vlan and port 80 )".
+ * note that if the filter includes the literals vlan, tagged, or
+ * untagged, then it is assumed that the user knows what she is
+ * doing, and the filter is not reformatted.
+ */
+ if ((pcap_datalink(p) == DLT_EN10MB) &&
+ (filter != NULL) &&
+ (strstr(filter,"vlan") == NULL)) {
+ char *tmp_filter;
+ char *fmt = "( (not ether proto 0x8100) and (%s) ) or ( vlan and (%s) )";
+
+ tmp_filter = (char *)malloc((strlen(filter) * 2) + strlen(fmt) + 1);
+ if (tmp_filter == NULL) {
+ fprintf(stderr,"PCAP: malloc failed\n");
+ err_exit("Aborting",-1);
+ }
+
+ sprintf(tmp_filter,fmt,filter,filter);
+ filter = tmp_filter;
+ }
+
if(pcap_compile(p,&fp,filter,0,netmask)<0)
verr_exit("PCAP: %s\n",pcap_geterr(p));

218
testing/ssldump/0080-tlsv12.patch
View File

@ -1,218 +0,0 @@
Patch by David Holmes <dholmesf5@users.sourceforge.net> (revised by Paul Aurich
<darkrain@users.sourceforge.net>, minor changes for compilation by Robert Scheck
<robert@fedoraproject.org>) for ssldump >= 0.9b3 which adds TLSv1.1 and TLSv1.2
application data decrypt support. For further information please have a look to
http://sourceforge.net/p/ssldump/patches/8/.
--- ssldump-0.9b3/ssl/ssl_rec.c 2014-05-04 02:02:58.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl_rec.c.tlsv12 2014-05-04 05:30:22.000000000 +0200
@@ -68,19 +68,28 @@
};
-static char *digests[]={
+char *digests[]={
"MD5",
"SHA1"
+ "SHA224",
+ "SHA256",
+ "SHA384",
+ "SHA512",
+ NULL
};
-static char *ciphers[]={
+char *ciphers[]={
"DES",
- "DES3",
+ "3DES",
"RC4",
"RC2",
"IDEA",
"AES128",
- "AES256"
+ "AES256",
+ "CAMELLIA128",
+ "CAMELLIA256",
+ "SEED",
+ NULL
};
@@ -192,6 +201,19 @@
ERETURN(r);
}
else{
+ /* TLS 1.1 and beyond: remove explicit IV, only used with
+ * non-stream ciphers. */
+ if (ssl->version>=0x0302 && ssl->cs->block > 1) {
+ UINT4 blk = ssl->cs->block;
+ if (blk <= *outl) {
+ *outl-=blk;
+ memmove(out, out+blk, *outl);
+ }
+ else {
+ DBG((0,"Block size greater than Plaintext!"));
+ ERETURN(SSL_BAD_MAC);
+ }
+ }
if(r=tls_check_mac(d,ct,version,out,*outl,mac))
ERETURN(r);
}
@@ -231,7 +253,7 @@
HMAC_CTX hm;
const EVP_MD *md;
UINT4 l;
- UCHAR buf[20];
+ UCHAR buf[128];
md=EVP_get_digestbyname(digests[d->cs->dig-0x40]);
HMAC_Init(&hm,d->mac_key->data,d->mac_key->len,md);
--- ssldump-0.9b3/ssl/sslciphers.h 2014-05-04 02:02:58.000000000 +0200
+++ ssldump-0.9b3/ssl/sslciphers.h.tlsv12 2014-05-04 05:07:20.000000000 +0200
@@ -73,10 +73,17 @@
#define ENC_IDEA 0x34
#define ENC_AES128 0x35
#define ENC_AES256 0x36
-#define ENC_NULL 0x37
+#define ENC_CAMELLIA128 0x37
+#define ENC_CAMELLIA256 0x38
+#define ENC_SEED 0x39
+#define ENC_NULL 0x3a
#define DIG_MD5 0x40
#define DIG_SHA 0x41
+#define DIG_SHA224 0x42 /* Not sure why EKR didn't follow RFC for */
+#define DIG_SHA256 0x43 /* these values, but whatever, just adding on */
+#define DIG_SHA384 0x44
+#define DIG_SHA512 0x45
int ssl_find_cipher PROTO_LIST((int num,SSL_CipherSuite **cs));
--- ssldump-0.9b3/ssl/ssldecode.c 2014-05-04 02:02:58.000000000 +0200
+++ ssldump-0.9b3/ssl/ssldecode.c.tlsv12 2014-05-04 05:29:43.000000000 +0200
@@ -61,11 +61,14 @@
#define PRF(ssl,secret,usage,rnd1,rnd2,out) (ssl->version==SSLV3_VERSION)? \
ssl3_prf(ssl,secret,usage,rnd1,rnd2,out): \
- tls_prf(ssl,secret,usage,rnd1,rnd2,out)
+ ((ssl->version == TLSV12_VERSION) ? \
+ tls12_prf(ssl,secret,usage,rnd1,rnd2,out): \
+ tls_prf(ssl,secret,usage,rnd1,rnd2,out))
static char *ssl_password;
+extern char *digests;
extern UINT4 SSL_print_flags;
struct ssl_decode_ctx_ {
@@ -98,6 +101,8 @@
#ifdef OPENSSL
static int tls_P_hash PROTO_LIST((ssl_obj *ssl,Data *secret,Data *seed,
const EVP_MD *md,Data *out));
+static int tls12_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage,
+ Data *rnd1,Data *rnd2,Data *out));
static int tls_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage,
Data *rnd1,Data *rnd2,Data *out));
static int ssl3_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage,
@@ -432,10 +437,9 @@
switch(ssl->version){
case SSLV3_VERSION:
- if(r=ssl_generate_keying_material(ssl,d))
- ABORT(r);
- break;
case TLSV1_VERSION:
+ case TLSV11_VERSION:
+ case TLSV12_VERSION:
if(r=ssl_generate_keying_material(ssl,d))
ABORT(r);
break;
@@ -535,10 +539,9 @@
switch(ssl->version){
case SSLV3_VERSION:
- if(r=ssl_generate_keying_material(ssl,d))
- ABORT(r);
- break;
case TLSV1_VERSION:
+ case TLSV11_VERSION:
+ case TLSV12_VERSION:
if(r=ssl_generate_keying_material(ssl,d))
ABORT(r);
break;
@@ -572,7 +575,7 @@
int left=out->len;
int tocpy;
UCHAR *A;
- UCHAR _A[20],tmp[20];
+ UCHAR _A[128],tmp[128];
unsigned int A_l,tmp_l;
HMAC_CTX hm;
@@ -665,6 +668,53 @@
}
+static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out)
+ ssl_obj *ssl;
+ Data *secret;
+ char *usage;
+ Data *rnd1;
+ Data *rnd2;
+ Data *out;
+
+ {
+ const EVP_MD *md;
+ int r,_status;
+ Data *sha_out=0;
+ Data *seed;
+ UCHAR *ptr;
+ int i, dgi;
+
+ if(r=r_data_alloc(&sha_out,MAX(out->len,64))) /* assume max SHA512 */
+ ABORT(r);
+ if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len))
+ ABORT(r);
+ ptr=seed->data;
+ memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage);
+ memcpy(ptr,rnd1->data,rnd1->len); ptr+=rnd1->len;
+ memcpy(ptr,rnd2->data,rnd2->len); ptr+=rnd2->len;
+
+ /* Earlier versions of openssl didn't have SHA256 of course... */
+ dgi = MAX(DIG_SHA256, ssl->cs->dig)-0x40;
+ if ((md=EVP_get_digestbyname(digests[dgi])) == NULL) {
+ DBG((0,"Cannot get EVP for digest %s, openssl library current?",
+ digests[dgi]));
+ ERETURN(SSL_BAD_MAC);
+ }
+ if(r=tls_P_hash(ssl,secret,seed,md,sha_out))
+ ABORT(r);
+
+ for(i=0;i<out->len;i++)
+ out->data[i]=sha_out->data[i];
+
+ CRDUMPD("PRF out",out);
+ _status=0;
+ abort:
+ r_data_destroy(&sha_out);
+ r_data_destroy(&seed);
+ return(_status);
+
+ }
+
static int ssl3_generate_export_iv(ssl,r1,r2,out)
ssl_obj *ssl;
Data *r1;
--- ssldump-0.9b3/ssl/ssl_h.h 2002-08-17 03:33:17.000000000 +0200
+++ ssldump-0.9b3/ssl/ssl_h.h.tlsv12 2014-05-04 05:17:30.000000000 +0200
@@ -121,6 +121,8 @@
#define SSLV3_VERSION 0x300
#define TLSV1_VERSION 0x301
+#define TLSV11_VERSION 0x302
+#define TLSV12_VERSION 0x303
/*State defines*/
#define SSL_ST_SENT_NOTHING 0

1806
testing/ssldump/0090-ssl-enums.patch
View File

File diff suppressed because it is too large Load Diff

161
testing/ssldump/0100-ciphersuites.patch
View File

@ -1,161 +0,0 @@
Patch by Robert Scheck <robert@fedoraproject.org> for ssldump >= 0.9b3 which adds
a lot of missing cipher suites to support much more application data decoding.
--- ssldump-0.9b3/ssl/ciphersuites.c 2014-05-04 02:02:58.000000000 +0200
+++ ssldump-0.9b3/ssl/ciphersuites.c.rsc 2014-05-04 18:33:11.000000000 +0200
@@ -74,10 +74,11 @@
{21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0},
{22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0},
{23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5,16,1},
- {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5,16,0},
+ {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5,16,0},
{25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1},
{26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0},
{27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0},
+ // Missing: 44-46
{47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
{48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
{49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
@@ -90,13 +91,141 @@
{56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
{57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
{58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {59,KEX_RSA,SIG_RSA,ENC_NULL,0,0,0,DIG_SHA256,32,0},
+ {60,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {61,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256,32,0},
+ {62,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {63,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {64,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {65,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0},
+ {66,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0},
+ {67,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0},
+ {68,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0},
+ {69,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0},
+ {70,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA,20,0},
{96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1},
{97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1},
{98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1},
{99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1},
{100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1},
- {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1},
+ {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1},
{102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
+ {103,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {104,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256,32,0},
+ {105,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256,32,0},
+ {106,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA256,32,0},
+ {107,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA256,32,0},
+ {108,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {109,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA256,32,0},
+ {132,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0},
+ {133,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0},
+ {134,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0},
+ {135,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0},
+ {136,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0},
+ {137,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA,20,0},
+ // Missing: 138-149
+ {150,KEX_RSA,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA,20,0},
+ {151,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA,20,0},
+ {152,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA,20,0},
+ {153,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA,20,0},
+ {154,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA,20,0},
+ {155,KEX_DH,SIG_NONE,ENC_SEED,16,128,128,DIG_SHA,20,0},
+ {156,KEX_RSA,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {157,KEX_RSA,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ {158,KEX_DH,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {159,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ {160,KEX_DH,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {161,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ {162,KEX_DH,SIG_DSS,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {163,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ {164,KEX_DH,SIG_DSS,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {165,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ {166,KEX_DH,SIG_NONE,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {167,KEX_DH,SIG_NONE,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ // Missing: 168-185
+ {186,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {187,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {188,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {189,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {190,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {191,KEX_DH,SIG_NONE,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {192,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0},
+ {193,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0},
+ {194,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0},
+ {195,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0},
+ {196,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0},
+ {197,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0},
+ {49153,KEX_DH,SIG_DSS,ENC_NULL,0,0,0,DIG_SHA,20,0},
+ {49154,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
+ {49155,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0},
+ {49156,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {49157,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {49158,KEX_DH,SIG_DSS,ENC_NULL,0,0,0,DIG_SHA,20,0},
+ {49159,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0},
+ {49160,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0},
+ {49161,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {49162,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {49163,KEX_DH,SIG_RSA,ENC_NULL,0,0,0,DIG_SHA,20,0},
+ {49164,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA,20,0},
+ {49165,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0},
+ {49166,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {49167,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {49168,KEX_DH,SIG_RSA,ENC_NULL,0,0,0,DIG_SHA,20,0},
+ {49169,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA,20,0},
+ {49170,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0},
+ {49171,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {49172,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {49173,KEX_DH,SIG_NONE,ENC_NULL,0,0,0,DIG_SHA,20,0},
+ {49174,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_SHA,20,0},
+ {49175,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA,20,0},
+ {49176,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0},
+ {49177,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0},
+ {49187,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {49188,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384,48,0},
+ {49189,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {49190,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384,48,0},
+ {49191,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {49192,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0},
+ {49193,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA256,32,0},
+ {49194,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0},
+ {49195,KEX_DH,SIG_DSS,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {49196,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ {49197,KEX_DH,SIG_DSS,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {49198,KEX_DH,SIG_DSS,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ {49199,KEX_DH,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {49200,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ {49201,KEX_DH,SIG_RSA,ENC_AES128,4,128,128,DIG_SHA256,32,0},
+ {49202,KEX_DH,SIG_RSA,ENC_AES256,4,256,256,DIG_SHA384,48,0},
+ // Missing: 49203-49211
+ {49266,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {49267,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,48,0},
+ {49268,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {49269,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,48,0},
+ {49270,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {49271,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,48,0},
+ {49272,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0},
+ {49273,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,48,0},
+ {49274,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49275,KEX_RSA,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ {49276,KEX_DH,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49277,KEX_DH,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ {49278,KEX_DH,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49279,KEX_DH,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ {49280,KEX_DH,SIG_DSS,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49281,KEX_DH,SIG_DSS,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ {49282,KEX_DH,SIG_DSS,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49283,KEX_DH,SIG_DSS,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ {49284,KEX_DH,SIG_NONE,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49285,KEX_DH,SIG_NONE,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ {49286,KEX_DH,SIG_DSS,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49287,KEX_DH,SIG_DSS,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ {49288,KEX_DH,SIG_DSS,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49289,KEX_DH,SIG_DSS,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ {49290,KEX_DH,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49291,KEX_DH,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ {49292,KEX_DH,SIG_RSA,ENC_CAMELLIA128,4,128,128,DIG_SHA256,32,0},
+ {49293,KEX_DH,SIG_RSA,ENC_CAMELLIA256,4,256,256,DIG_SHA384,48,0},
+ // Missing: 49294-49307
{-1}
};

55
testing/ssldump/APKBUILD
View File

@ -1,66 +1,37 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer:
pkgname="ssldump"
pkgver="0.9b3"
pkgrel=1
pkgdesc="An SSLv3/TLS network protocol analyzer"
url="http://ssldump.sourceforge.net/"
pkgname=ssldump
pkgver=1.4
pkgrel=0
pkgdesc="SSLv3/TLS network protocol analyzer"
url="https://github.com/adulau/ssldump"
arch="all"
license="BSD-4-Clause"
makedepends="autoconf libpcap-dev openssl-dev"
subpackages="$pkgname-doc"
source="https://downloads.sourceforge.net/ssldump/ssldump-$pkgver.tar.gz"
# Patches from Fedora
source="$source
0010-openssl.patch
0020-libpcap.patch
0030-aes.patch
0040-cvs-20060619.patch
0050-table-stops.patch
0060-link_layer.patch
0070-pcap-vlan.patch
0080-tlsv12.patch
0090-ssl-enums.patch
0100-ciphersuites.patch
"
builddir="$srcdir/ssldump-$pkgver"
options="!check" # no tests provided
makedepends="autoconf automake libnet-dev json-c-dev fts-dev libpcap-dev openssl-dev"
source="https://github.com/adulau/ssldump/archive/v$pkgver/ssldump-$pkgver.tar.gz
"
prepare() {
update_config_guess
update_config_sub
default_prepare
# Rebuilding of configure file is needed for 0020-libpcap.patch
autoconf --force
./autogen.sh
}
build() {
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--datarootdir=/usr/share \
--docdir=/usr/share/doc \
--localstatedir=/var
make
}
package() {
make install BINDIR="$pkgdir/usr/sbin" MANDIR="$pkgdir/usr/share/man"
make install sbindir="$pkgdir/usr/sbin" mandir="$pkgdir/usr/share/man" docdir="$pkgdir/usr/share/doc"
install -D -m 644 COPYRIGHT "$pkgdir"/usr/share/licenses/$pkgname/COPYRIGHT
chmod 644 "$pkgdir"/usr/share/man/man1/*.1*
}
sha512sums="ea81558a243950ab43354c9f33c0a4feae0ae859bc2bd6e6b58838a01f4a1e7a6447f2a9ab1fa40bbe8dbd6c3630c489c17fc9c066cacfddfb64269b0cd5090a ssldump-0.9b3.tar.gz
3d06916b841612d158a5f7c87e7c68a9046ce5842ac11610ec6bf3c83619feecdd66293c66037f2e271496c8439896a4531c0de8ed866a898e310a1fd1de5aca 0010-openssl.patch
12fff42b22baadfde4a0faf12c2336d47811cd36873034cfd81b269f0578c2be4226657b6da6dc5ebcf7b11070f48d357ba1580b47d62619fce3980ea2629bae 0020-libpcap.patch
17a2f401b3ebb171628745041609f96ce82d1b4993d053443a3315b562ea2f8112184dbec0373ae11888c8f0d3c8a7728f3a6ca0a3de5375efd44aabe599ad02 0030-aes.patch
4b9bfa0d10efa322f634c1326b210a7220c23c12c2cb2de9e00383f0d83fa558f578a16d428f035d179f3f692510756fd382efad69c877b9fe2bfacb4c7406e3 0040-cvs-20060619.patch
3bfff13a5d4fdd0684512692309a2ff70eb63d472c4982e7e191073091a419b289b70fbf9604a794dd9b30cf60601b5b7403e2f9decb109f752471114388a4dd 0050-table-stops.patch
912f47fbd686d4f4d68015e57dc92eba284e12dc146184f8cc4165e8e9a795f530d1e572dfb1a2292a3dee0c8f84f29f400375ab99e9215fec921d0464ef8e2d 0060-link_layer.patch
94592125add14409be20981516a8f81765b61fb932dc6004bee7d91e0828b40117ce1f378c4ae7e65725bd645ff827648cf652a7ce8090e49afac0ef5284901e 0070-pcap-vlan.patch
7e68d8ca844348b2440b795372f40af614f99e6e14baa7552de1f8eb1fa72d38771be1b904ee13f1141cf14cb8968f9fcd192c2a2b63885152225090ef20e3e6 0080-tlsv12.patch
8e4e0e19a4ea45e8f98f8e918ddf0cde8a5d0a5fa89558bcfcbb14153e0babee7ff9edaebd6653a5fd6fb95624f47d62b85f2115d7bc25f4f4b6e35844e0f4a3 0090-ssl-enums.patch
86c9ccd83fce92ff72eadd6e9a8e6a2442437e6778d735fae58ca359f390812d1102044058701189608251006de07478024dd389fe7bd9d3834e33039eaf2277 0100-ciphersuites.patch"
sha512sums="fb17c5610dcfce3e8020a5148d37be5b2fbc3083d78727281922ae32b5905c4aa882cd368c3581238f3492c6b5bab943dcff6a966d64160a3836d6a95bdc7682 ssldump-1.4.tar.gz"