- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!

include/polarssl/cipher.h

@@ -5,7 +5,7 @@
  *
  * \author Adriaan de Jong <dejong@fox-it.com>
  *
- *  Copyright (C) 2006-2011, Brainspark B.V.
+ *  Copyright (C) 2006-2012, Brainspark B.V.
  *
  *  This file is part of PolarSSL (http://www.polarssl.org)
  *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -48,6 +48,7 @@
 
 typedef enum {
     POLARSSL_CIPHER_ID_NONE = 0,
+    POLARSSL_CIPHER_ID_NULL,
     POLARSSL_CIPHER_ID_AES,
     POLARSSL_CIPHER_ID_DES,
     POLARSSL_CIPHER_ID_3DES,
@@ -56,6 +57,7 @@ typedef enum {
 
 typedef enum {
     POLARSSL_CIPHER_NONE = 0,
+    POLARSSL_CIPHER_NULL,
     POLARSSL_CIPHER_AES_128_CBC,
     POLARSSL_CIPHER_AES_192_CBC,
     POLARSSL_CIPHER_AES_256_CBC,
@@ -81,6 +83,7 @@ typedef enum {
 
 typedef enum {
     POLARSSL_MODE_NONE = 0,
+    POLARSSL_MODE_NULL,
     POLARSSL_MODE_CBC,
     POLARSSL_MODE_CFB128,
     POLARSSL_MODE_OFB,

include/polarssl/cipher_wrap.h

@@ -5,7 +5,7 @@
  *
  * \author Adriaan de Jong <dejong@fox-it.com>
  *
- *  Copyright (C) 2006-2011, Brainspark B.V.
+ *  Copyright (C) 2006-2012, Brainspark B.V.
  *
  *  This file is part of PolarSSL (http://www.polarssl.org)
  *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -84,6 +84,10 @@ extern const cipher_info_t des_ede3_cbc_info;
 
 #endif /* defined(POLARSSL_DES_C) */
 
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+extern const cipher_info_t null_cipher_info;
+#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
+
 #ifdef __cplusplus
 }
 #endif

include/polarssl/config.h

@@ -129,6 +129,23 @@
  */
 #define POLARSSL_CIPHER_MODE_CTR
 
+/**
+ * \def POLARSSL_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ *      SSL_RSA_NULL_MD5
+ *      SSL_RSA_NULL_SHA
+ *      SSL_RSA_NULL_SHA256
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+#define POLARSSL_CIPHER_NULL_CIPHER
+ */
+
 /**
  * \def POLARSSL_DEBUG_MSG
  *
@@ -138,6 +155,21 @@
  */
 #define POLARSSL_DEBUG_MSG
 
+/**
+ * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS (like RC4_40)
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels without virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ *      SSL_RSA_DES_SHA
+ *      SSL_EDH_RSA_DES_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
+ */
+
 /**
  * \def POLARSSL_GENPRIME
  *

include/polarssl/ssl.h

@@ -3,7 +3,7 @@
  *
  * \brief SSL/TLS functions.
  *
- *  Copyright (C) 2006-2010, Brainspark B.V.
+ *  Copyright (C) 2006-2012, Brainspark B.V.
  *
  *  This file is part of PolarSSL (http://www.polarssl.org)
  *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -110,6 +110,12 @@
 /*
  * Supported ciphersuites
  */
+#define SSL_RSA_NULL_MD5             0x01   /**< Weak! */
+#define SSL_RSA_NULL_SHA             0x02   /**< Weak! */
+#define SSL_RSA_NULL_SHA256          0x3B   /**< Weak! */
+#define SSL_RSA_DES_SHA              0x09   /**< Weak! */
+#define SSL_EDH_RSA_DES_SHA          0x15   /**< Weak! */
+
 #define SSL_RSA_RC4_128_MD5          0x04
 #define SSL_RSA_RC4_128_SHA          0x05
 #define SSL_RSA_DES_168_SHA          0x0A