diff -r 9822f642bd61 kern/devtls.c
--- a/kern/devtls.c	Sat Jul 14 10:30:35 2012 -0400
+++ b/kern/devtls.c	Sat Jul 14 00:00:00 2012 +0200
@@ -233,6 +233,8 @@
 static int	rc4enc(Secret *sec, uchar *buf, int n);
 static int	des3enc(Secret *sec, uchar *buf, int n);
 static int	des3dec(Secret *sec, uchar *buf, int n);
+static int	aesenc(Secret *sec, uchar *buf, int n);
+static int	aesdec(Secret *sec, uchar *buf, int n);
 static int	noenc(Secret *sec, uchar *buf, int n);
 static int	sslunpad(uchar *buf, int n, int block);
 static int	tlsunpad(uchar *buf, int n, int block);
@@ -1430,6 +1432,16 @@
 }
 
 static void
+initAESkey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
+{
+	s->enckey = smalloc(sizeof(AESstate));
+	s->enc = aesenc;
+	s->dec = aesdec;
+	s->block = 16;
+	setupAESstate(s->enckey, p, ea->keylen, iv);
+}
+
+static void
 initclearenc(Encalg *unused1, Secret *s, uchar *unused2, uchar *unused3)
 {
 	s->enc = noenc;
@@ -1442,6 +1454,8 @@
 	{ "clear", 0, 0, initclearenc },
 	{ "rc4_128", 128/8, 0, initRC4key },
 	{ "3des_ede_cbc", 3 * 8, 8, initDES3key },
+	{ "aes_128_cbc", 128/8, 16, initAESkey },
+	{ "aes_256_cbc", 256/8, 16, initAESkey },
 	{ 0 }
 };
 
@@ -2017,6 +2031,22 @@
 	des3CBCdecrypt(buf, n, sec->enckey);
 	return (*sec->unpad)(buf, n, 8);
 }
+
+static int
+aesenc(Secret *sec, uchar *buf, int n)
+{
+	n = blockpad(buf, n, 16);
+	aesCBCencrypt(buf, n, sec->enckey);
+	return n;
+}
+
+static int
+aesdec(Secret *sec, uchar *buf, int n)
+{
+	aesCBCdecrypt(buf, n, sec->enckey);
+	return (*sec->unpad)(buf, n, 16);
+}
+
 static DigestState*
 nomac(uchar *unused1, ulong unused2, uchar *unused3, ulong unused4,
 	uchar *unused5, DigestState *unused6)