- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h
index 8c94dd5..9605066 100644
--- a/include/polarssl/cipher.h
+++ b/include/polarssl/cipher.h
@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -48,6 +48,7 @@
typedef enum {
POLARSSL_CIPHER_ID_NONE = 0,
+ POLARSSL_CIPHER_ID_NULL,
POLARSSL_CIPHER_ID_AES,
POLARSSL_CIPHER_ID_DES,
POLARSSL_CIPHER_ID_3DES,
@@ -56,6 +57,7 @@
typedef enum {
POLARSSL_CIPHER_NONE = 0,
+ POLARSSL_CIPHER_NULL,
POLARSSL_CIPHER_AES_128_CBC,
POLARSSL_CIPHER_AES_192_CBC,
POLARSSL_CIPHER_AES_256_CBC,
@@ -81,6 +83,7 @@
typedef enum {
POLARSSL_MODE_NONE = 0,
+ POLARSSL_MODE_NULL,
POLARSSL_MODE_CBC,
POLARSSL_MODE_CFB128,
POLARSSL_MODE_OFB,
diff --git a/include/polarssl/cipher_wrap.h b/include/polarssl/cipher_wrap.h
index 5df8174..e81c11d 100644
--- a/include/polarssl/cipher_wrap.h
+++ b/include/polarssl/cipher_wrap.h
@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -84,6 +84,10 @@
#endif /* defined(POLARSSL_DES_C) */
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+extern const cipher_info_t null_cipher_info;
+#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index ea518d7..83319cc 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -130,6 +130,23 @@
#define POLARSSL_CIPHER_MODE_CTR
/**
+ * \def POLARSSL_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ * SSL_RSA_NULL_MD5
+ * SSL_RSA_NULL_SHA
+ * SSL_RSA_NULL_SHA256
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+#define POLARSSL_CIPHER_NULL_CIPHER
+ */
+
+/**
* \def POLARSSL_DEBUG_MSG
*
* Requires: POLARSSL_DEBUG_C
@@ -139,6 +156,21 @@
#define POLARSSL_DEBUG_MSG
/**
+ * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS (like RC4_40)
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels without virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ * SSL_RSA_DES_SHA
+ * SSL_EDH_RSA_DES_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
+ */
+
+/**
* \def POLARSSL_GENPRIME
*
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 74c5d2d..4b7d272 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -3,7 +3,7 @@
*
* \brief SSL/TLS functions.
*
- * Copyright (C) 2006-2010, Brainspark B.V.
+ * Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -110,6 +110,12 @@
/*
* Supported ciphersuites
*/
+#define SSL_RSA_NULL_MD5 0x01 /**< Weak! */
+#define SSL_RSA_NULL_SHA 0x02 /**< Weak! */
+#define SSL_RSA_NULL_SHA256 0x3B /**< Weak! */
+#define SSL_RSA_DES_SHA 0x09 /**< Weak! */
+#define SSL_EDH_RSA_DES_SHA 0x15 /**< Weak! */
+
#define SSL_RSA_RC4_128_MD5 0x04
#define SSL_RSA_RC4_128_SHA 0x05
#define SSL_RSA_DES_168_SHA 0x0A