- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!

tests/CMakeLists.txt

@@ -34,6 +34,7 @@ add_test_suite(camellia)
 add_test_suite(cipher cipher.aes)
 add_test_suite(cipher cipher.camellia)
 add_test_suite(cipher cipher.des)
+add_test_suite(cipher cipher.null)
 add_test_suite(ctr_drbg)
 add_test_suite(debug)
 add_test_suite(des)

tests/Makefile

@@ -12,8 +12,8 @@ LDFLAGS	+= -L../library -lpolarssl $(SYS_LDFLAGS)
 APPS =	test_suite_aes			test_suite_arc4			\
 		test_suite_base64		test_suite_camellia		\
 		test_suite_cipher.aes	test_suite_cipher.camellia	\
-		test_suite_cipher.des	test_suite_ctr_drbg		\
-		test_suite_debug		\
+		test_suite_cipher.des	test_suite_cipher.null	\
+		test_suite_ctr_drbg		test_suite_debug		\
 		test_suite_des			test_suite_dhm			\
 		test_suite_error		test_suite_hmac_shax	\
 		test_suite_md			test_suite_mdx			\
@@ -38,6 +38,10 @@ test_suite_cipher.des.c : suites/test_suite_cipher.function suites/test_suite_ci
 	echo   "  Generate	$@"
 	scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.des
 
+test_suite_cipher.null.c : suites/test_suite_cipher.function suites/test_suite_cipher.null.data scripts/generate_code.pl suites/helpers.function
+	echo   "  Generate	$@"
+	scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.null
+
 %.c : suites/%.function suites/%.data scripts/generate_code.pl suites/helpers.function
 	echo   "  Generate	$@"
 	scripts/generate_code.pl suites $* $*
@@ -66,11 +70,15 @@ test_suite_cipher.camellia: test_suite_cipher.camellia.c ../library/libpolarssl.
 	echo   "  CC    	$@.c"
 	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
 
-test_suite_ctr_drbg: test_suite_ctr_drbg.c ../library/libpolarssl.a
+test_suite_cipher.des: test_suite_cipher.des.c ../library/libpolarssl.a
 	echo   "  CC    	$@.c"
 	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
 
-test_suite_cipher.des: test_suite_cipher.des.c ../library/libpolarssl.a
+test_suite_cipher.null: test_suite_cipher.null.c ../library/libpolarssl.a
+	echo   "  CC    	$@.c"
+	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
+
+test_suite_ctr_drbg: test_suite_ctr_drbg.c ../library/libpolarssl.a
 	echo   "  CC    	$@.c"
 	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
 

tests/compat.sh

@@ -0,0 +1,136 @@
+killall -q openssl ssl_server
+
+openssl s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL &
+PROCESS_ID=$!
+
+sleep 1
+
+CIPHERS="                               \
+    SSL-EDH-RSA-AES-128-SHA             \
+    SSL-EDH-RSA-AES-256-SHA             \
+    SSL-EDH-RSA-CAMELLIA-128-SHA        \
+    SSL-EDH-RSA-CAMELLIA-256-SHA        \
+    SSL-EDH-RSA-DES-168-SHA             \
+    SSL-RSA-AES-256-SHA                 \
+    SSL-RSA-CAMELLIA-256-SHA            \
+    SSL-RSA-AES-128-SHA                 \
+    SSL-RSA-CAMELLIA-128-SHA            \
+    SSL-RSA-DES-168-SHA                 \
+    SSL-RSA-RC4-128-SHA                 \
+    SSL-RSA-RC4-128-MD5                 \
+    SSL-RSA-NULL-MD5                    \
+    SSL-RSA-NULL-SHA                    \
+    SSL-RSA-DES-SHA                     \
+    SSL-EDH-RSA-DES-SHA                 \
+    "
+
+#    Not supported by OpenSSL: SSL-RSA-NULL-SHA256
+for i in $CIPHERS;
+do
+    RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
+    EXIT=$?
+    echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
+    if [ "$EXIT" = "2" ];
+    then
+        echo Ciphersuite not supported in client
+    elif [ "$EXIT" != "0" ];
+    then
+        echo Failed
+        echo $RESULT
+    else
+        echo Success
+    fi
+done
+kill $PROCESS_ID
+
+../programs/ssl/ssl_server > /dev/null &
+PROCESS_ID=$!
+
+sleep 1
+
+CIPHERS="                           \
+    DHE-RSA-AES128-SHA              \
+    DHE-RSA-AES256-SHA              \
+    DHE-RSA-CAMELLIA128-SHA         \
+    DHE-RSA-CAMELLIA256-SHA         \
+    EDH-RSA-DES-CBC3-SHA            \
+    AES256-SHA                      \
+    CAMELLIA256-SHA                 \
+    AES128-SHA                      \
+    CAMELLIA128-SHA                 \
+    DES-CBC3-SHA                    \
+    RC4-SHA                         \
+    RC4-MD5                         \
+    NULL-MD5                        \
+    NULL-SHA                        \
+    DES-CBC-SHA                     \
+    EDH-RSA-DES-CBC-SHA             \
+    "
+
+#    Not supported by OpenSSL: NULL-SHA256
+for i in $CIPHERS;
+do
+    RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | openssl s_client -cipher $i 2>&1)"
+    EXIT=$?
+    echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
+
+    if [ "$EXIT" != "0" ];
+    then
+        SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
+        if [ "X$SUPPORTED" != "X" ]
+        then
+            echo "Ciphersuite not supported in server"
+        else
+            echo Failed
+            echo $RESULT
+        fi
+    else
+        echo Success
+    fi
+done
+
+kill $PROCESS_ID
+
+../programs/ssl/ssl_server > /dev/null &
+PROCESS_ID=$!
+
+sleep 1
+
+CIPHERS="                               \
+    SSL-RSA-RC4-128-SHA                 \
+    SSL-RSA-NULL-MD5                    \
+    SSL-EDH-RSA-AES-128-SHA             \
+    SSL-EDH-RSA-AES-256-SHA             \
+    SSL-EDH-RSA-CAMELLIA-128-SHA        \
+    SSL-EDH-RSA-CAMELLIA-256-SHA        \
+    SSL-EDH-RSA-DES-168-SHA             \
+    SSL-RSA-NULL-SHA                    \
+    SSL-RSA-AES-256-SHA                 \
+    SSL-RSA-CAMELLIA-256-SHA            \
+    SSL-RSA-AES-128-SHA                 \
+    SSL-RSA-CAMELLIA-128-SHA            \
+    SSL-RSA-DES-168-SHA                 \
+    SSL-RSA-RC4-128-MD5                 \
+    SSL-RSA-DES-SHA                     \
+    SSL-EDH-RSA-DES-SHA                 \
+    SSL-RSA-NULL-SHA256                 \
+    "
+
+for i in $CIPHERS;
+do
+    RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
+    EXIT=$?
+    echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
+    if [ "$EXIT" = "2" ];
+    then
+        echo Ciphersuite not supported in client
+    elif [ "$EXIT" != "0" ];
+    then
+        echo Failed
+        echo $RESULT
+    else
+        echo Success
+    fi
+done
+kill $PROCESS_ID
+

tests/suites/test_suite_cipher.null.data

@@ -0,0 +1,102 @@
+Cipher Selftest
+depends_on:POLARSSL_SELF_TEST
+cipher_selftest:
+
+Decrypt empty buffer
+dec_empty_buf:
+
+NULL Encrypt and decrypt 0 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:0
+
+NULL Encrypt and decrypt 1 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:1
+
+NULL Encrypt and decrypt 2 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:2
+
+NULL Encrypt and decrypt 7 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:7
+
+NULL Encrypt and decrypt 8 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:8
+
+NULL Encrypt and decrypt 9 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:9
+
+NULL Encrypt and decrypt 15 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:15
+
+NULL Encrypt and decrypt 16 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:16
+
+NULL Encrypt and decrypt 31 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:31
+
+NULL Encrypt and decrypt 32 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:32
+
+NULL Encrypt and decrypt 33 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:33
+
+NULL Encrypt and decrypt 47 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:47
+
+NULL Encrypt and decrypt 48 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:48
+
+NULL Encrypt and decrypt 49 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:49
+
+NULL Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:1:0:
+
+NULL Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:0:1:
+
+NULL Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:16:0:
+
+NULL Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:0:16:
+
+NULL Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:1:15:
+
+NULL Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:15:1:
+
+NULL Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:15:7:
+
+NULL Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:16:6:
+
+NULL Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:17:6:
+
+NULL Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:16:16: