- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!

2012-02-06 16:45:10 +00:00 · 2012-02-06 16:45:10 +00:00 · fab5c829e7
commit fab5c829e7
parent 13eb9f01cf
16 changed files with 556 additions and 41 deletions
--- a/library/cipher.c
+++ b/library/cipher.c
@ -5,7 +5,7 @@
 *
 * \author Adriaan de Jong <dejong@fox-it.com>
 *
- *  Copyright (C) 2006-2010, Brainspark B.V.
+ *  Copyright (C) 2006-2012, Brainspark B.V.
 *
 *  This file is part of PolarSSL (http://www.polarssl.org)
 *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -86,6 +86,10 @@ static const int supported_ciphers[] = {
        POLARSSL_CIPHER_DES_EDE3_CBC,
 #endif /* defined(POLARSSL_DES_C) */

+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+        POLARSSL_CIPHER_NULL,
+#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
+
        0
 };

@ -164,6 +168,11 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
            return &des_ede3_cbc_info;
 #endif

+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+        case POLARSSL_CIPHER_NULL:
+            return &null_cipher_info;
+#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
+
        default:
            return NULL;
    }
@ -237,6 +246,12 @@ const cipher_info_t *cipher_info_from_string( const char *cipher_name )
    if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
 #endif
+
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+    if( !strcasecmp( "NULL", cipher_name ) )
+        return cipher_info_from_type( POLARSSL_CIPHER_NULL );
+#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
+
    return NULL;
 }

@ -274,6 +289,11 @@ int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
    ctx->key_length = key_length;
    ctx->operation = operation;

+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+    if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
+        return 0;
+#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
+
    /*
     * For CFB128 and CTR mode always use the encryption key schedule
     */
@ -318,6 +338,15 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile

    *olen = 0;

+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+    if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
+    {
+        memcpy( output, input, ilen );
+        *olen = ilen;
+        return 0;
+    }
+#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
+
    if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
    {
        /*
@ -465,7 +494,8 @@ int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen)
    *olen = 0;

    if( POLARSSL_MODE_CFB128 == ctx->cipher_info->mode ||
-        POLARSSL_MODE_CTR == ctx->cipher_info->mode )
+        POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
+        POLARSSL_MODE_NULL == ctx->cipher_info->mode )
    {
        return 0;
    }