mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 11:45:42 +01:00
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
This commit is contained in:
parent
13eb9f01cf
commit
fab5c829e7
@ -1,5 +1,11 @@
|
|||||||
PolarSSL ChangeLog
|
PolarSSL ChangeLog
|
||||||
|
|
||||||
|
= Version Trunk
|
||||||
|
Features
|
||||||
|
* Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak
|
||||||
|
ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by
|
||||||
|
default!
|
||||||
|
|
||||||
= Version 1.1.1 released on 2012-01-23
|
= Version 1.1.1 released on 2012-01-23
|
||||||
Bugfix
|
Bugfix
|
||||||
* Check for failed malloc() in ssl_set_hostname() and x509_get_entries()
|
* Check for failed malloc() in ssl_set_hostname() and x509_get_entries()
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
*
|
*
|
||||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2011, Brainspark B.V.
|
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
@ -48,6 +48,7 @@
|
|||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
POLARSSL_CIPHER_ID_NONE = 0,
|
POLARSSL_CIPHER_ID_NONE = 0,
|
||||||
|
POLARSSL_CIPHER_ID_NULL,
|
||||||
POLARSSL_CIPHER_ID_AES,
|
POLARSSL_CIPHER_ID_AES,
|
||||||
POLARSSL_CIPHER_ID_DES,
|
POLARSSL_CIPHER_ID_DES,
|
||||||
POLARSSL_CIPHER_ID_3DES,
|
POLARSSL_CIPHER_ID_3DES,
|
||||||
@ -56,6 +57,7 @@ typedef enum {
|
|||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
POLARSSL_CIPHER_NONE = 0,
|
POLARSSL_CIPHER_NONE = 0,
|
||||||
|
POLARSSL_CIPHER_NULL,
|
||||||
POLARSSL_CIPHER_AES_128_CBC,
|
POLARSSL_CIPHER_AES_128_CBC,
|
||||||
POLARSSL_CIPHER_AES_192_CBC,
|
POLARSSL_CIPHER_AES_192_CBC,
|
||||||
POLARSSL_CIPHER_AES_256_CBC,
|
POLARSSL_CIPHER_AES_256_CBC,
|
||||||
@ -81,6 +83,7 @@ typedef enum {
|
|||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
POLARSSL_MODE_NONE = 0,
|
POLARSSL_MODE_NONE = 0,
|
||||||
|
POLARSSL_MODE_NULL,
|
||||||
POLARSSL_MODE_CBC,
|
POLARSSL_MODE_CBC,
|
||||||
POLARSSL_MODE_CFB128,
|
POLARSSL_MODE_CFB128,
|
||||||
POLARSSL_MODE_OFB,
|
POLARSSL_MODE_OFB,
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
*
|
*
|
||||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2011, Brainspark B.V.
|
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
@ -84,6 +84,10 @@ extern const cipher_info_t des_ede3_cbc_info;
|
|||||||
|
|
||||||
#endif /* defined(POLARSSL_DES_C) */
|
#endif /* defined(POLARSSL_DES_C) */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
extern const cipher_info_t null_cipher_info;
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -129,6 +129,23 @@
|
|||||||
*/
|
*/
|
||||||
#define POLARSSL_CIPHER_MODE_CTR
|
#define POLARSSL_CIPHER_MODE_CTR
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
*
|
||||||
|
* Enable NULL cipher.
|
||||||
|
* Warning: Only do so when you know what you are doing. This allows for
|
||||||
|
* encryption or channels without any security!
|
||||||
|
*
|
||||||
|
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
|
||||||
|
* the following ciphersuites:
|
||||||
|
* SSL_RSA_NULL_MD5
|
||||||
|
* SSL_RSA_NULL_SHA
|
||||||
|
* SSL_RSA_NULL_SHA256
|
||||||
|
*
|
||||||
|
* Uncomment this macro to enable the NULL cipher and ciphersuites
|
||||||
|
#define POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def POLARSSL_DEBUG_MSG
|
* \def POLARSSL_DEBUG_MSG
|
||||||
*
|
*
|
||||||
@ -138,6 +155,21 @@
|
|||||||
*/
|
*/
|
||||||
#define POLARSSL_DEBUG_MSG
|
#define POLARSSL_DEBUG_MSG
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
|
||||||
|
*
|
||||||
|
* Enable weak ciphersuites in SSL / TLS (like RC4_40)
|
||||||
|
* Warning: Only do so when you know what you are doing. This allows for
|
||||||
|
* channels without virtually no security at all!
|
||||||
|
*
|
||||||
|
* This enables the following ciphersuites:
|
||||||
|
* SSL_RSA_DES_SHA
|
||||||
|
* SSL_EDH_RSA_DES_SHA
|
||||||
|
*
|
||||||
|
* Uncomment this macro to enable weak ciphersuites
|
||||||
|
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
|
||||||
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def POLARSSL_GENPRIME
|
* \def POLARSSL_GENPRIME
|
||||||
*
|
*
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
*
|
*
|
||||||
* \brief SSL/TLS functions.
|
* \brief SSL/TLS functions.
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
@ -110,6 +110,12 @@
|
|||||||
/*
|
/*
|
||||||
* Supported ciphersuites
|
* Supported ciphersuites
|
||||||
*/
|
*/
|
||||||
|
#define SSL_RSA_NULL_MD5 0x01 /**< Weak! */
|
||||||
|
#define SSL_RSA_NULL_SHA 0x02 /**< Weak! */
|
||||||
|
#define SSL_RSA_NULL_SHA256 0x3B /**< Weak! */
|
||||||
|
#define SSL_RSA_DES_SHA 0x09 /**< Weak! */
|
||||||
|
#define SSL_EDH_RSA_DES_SHA 0x15 /**< Weak! */
|
||||||
|
|
||||||
#define SSL_RSA_RC4_128_MD5 0x04
|
#define SSL_RSA_RC4_128_MD5 0x04
|
||||||
#define SSL_RSA_RC4_128_SHA 0x05
|
#define SSL_RSA_RC4_128_SHA 0x05
|
||||||
#define SSL_RSA_DES_168_SHA 0x0A
|
#define SSL_RSA_DES_168_SHA 0x0A
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
*
|
*
|
||||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
@ -86,6 +86,10 @@ static const int supported_ciphers[] = {
|
|||||||
POLARSSL_CIPHER_DES_EDE3_CBC,
|
POLARSSL_CIPHER_DES_EDE3_CBC,
|
||||||
#endif /* defined(POLARSSL_DES_C) */
|
#endif /* defined(POLARSSL_DES_C) */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
POLARSSL_CIPHER_NULL,
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -164,6 +168,11 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
|
|||||||
return &des_ede3_cbc_info;
|
return &des_ede3_cbc_info;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
case POLARSSL_CIPHER_NULL:
|
||||||
|
return &null_cipher_info;
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -237,6 +246,12 @@ const cipher_info_t *cipher_info_from_string( const char *cipher_name )
|
|||||||
if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
|
if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
|
||||||
return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
|
return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
if( !strcasecmp( "NULL", cipher_name ) )
|
||||||
|
return cipher_info_from_type( POLARSSL_CIPHER_NULL );
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -274,6 +289,11 @@ int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
|
|||||||
ctx->key_length = key_length;
|
ctx->key_length = key_length;
|
||||||
ctx->operation = operation;
|
ctx->operation = operation;
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
|
||||||
|
return 0;
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* For CFB128 and CTR mode always use the encryption key schedule
|
* For CFB128 and CTR mode always use the encryption key schedule
|
||||||
*/
|
*/
|
||||||
@ -318,6 +338,15 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
|
|||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
|
||||||
|
{
|
||||||
|
memcpy( output, input, ilen );
|
||||||
|
*olen = ilen;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
|
if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
@ -465,7 +494,8 @@ int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen)
|
|||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
|
||||||
if( POLARSSL_MODE_CFB128 == ctx->cipher_info->mode ||
|
if( POLARSSL_MODE_CFB128 == ctx->cipher_info->mode ||
|
||||||
POLARSSL_MODE_CTR == ctx->cipher_info->mode )
|
POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
|
||||||
|
POLARSSL_MODE_NULL == ctx->cipher_info->mode )
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
*
|
*
|
||||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2011, Brainspark B.V.
|
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
@ -549,4 +549,38 @@ const cipher_info_t des_ede3_cbc_info = {
|
|||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
static void * null_ctx_alloc( void )
|
||||||
|
{
|
||||||
|
return (void *) 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void null_ctx_free( void *ctx )
|
||||||
|
{
|
||||||
|
((void) ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
const cipher_base_t null_base_info = {
|
||||||
|
POLARSSL_CIPHER_ID_NULL,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
null_ctx_alloc,
|
||||||
|
null_ctx_free
|
||||||
|
};
|
||||||
|
|
||||||
|
const cipher_info_t null_cipher_info = {
|
||||||
|
POLARSSL_CIPHER_NULL,
|
||||||
|
POLARSSL_MODE_NULL,
|
||||||
|
0,
|
||||||
|
"NULL",
|
||||||
|
1,
|
||||||
|
1,
|
||||||
|
&null_base_info
|
||||||
|
};
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* SSLv3/TLSv1 client-side functions
|
* SSLv3/TLSv1 client-side functions
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
@ -342,7 +342,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
|
||||||
|
|
||||||
if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
|
if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_SHA &&
|
||||||
|
ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
|
||||||
ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
|
ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
|
||||||
ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
|
ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
|
||||||
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
||||||
@ -536,7 +537,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
|
||||||
|
|
||||||
if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
|
if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_SHA ||
|
||||||
|
ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
|
||||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
||||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
||||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* SSLv3/TLSv1 server-side functions
|
* SSLv3/TLSv1 server-side functions
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
@ -544,7 +544,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
||||||
|
|
||||||
if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
|
if( ssl->session->ciphersuite != SSL_EDH_RSA_DES_SHA &&
|
||||||
|
ssl->session->ciphersuite != SSL_EDH_RSA_DES_168_SHA &&
|
||||||
ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
|
ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
|
||||||
ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
|
ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
|
||||||
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
|
||||||
@ -716,7 +717,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
|
if( ssl->session->ciphersuite == SSL_EDH_RSA_DES_SHA ||
|
||||||
|
ssl->session->ciphersuite == SSL_EDH_RSA_DES_168_SHA ||
|
||||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
|
||||||
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
|
||||||
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* SSLv3/TLSv1 shared functions
|
* SSLv3/TLSv1 shared functions
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||||
*
|
*
|
||||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
@ -41,6 +41,7 @@
|
|||||||
#include "polarssl/des.h"
|
#include "polarssl/des.h"
|
||||||
#include "polarssl/debug.h"
|
#include "polarssl/debug.h"
|
||||||
#include "polarssl/ssl.h"
|
#include "polarssl/ssl.h"
|
||||||
|
#include "polarssl/sha2.h"
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
@ -277,6 +278,33 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
case SSL_RSA_NULL_MD5:
|
||||||
|
ssl->keylen = 0; ssl->minlen = 0;
|
||||||
|
ssl->ivlen = 0; ssl->maclen = 16;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SSL_RSA_NULL_SHA:
|
||||||
|
ssl->keylen = 0; ssl->minlen = 0;
|
||||||
|
ssl->ivlen = 0; ssl->maclen = 20;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SSL_RSA_NULL_SHA256:
|
||||||
|
ssl->keylen = 0; ssl->minlen = 0;
|
||||||
|
ssl->ivlen = 0; ssl->maclen = 32;
|
||||||
|
break;
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
case SSL_RSA_DES_SHA:
|
||||||
|
case SSL_EDH_RSA_DES_SHA:
|
||||||
|
ssl->keylen = 8; ssl->minlen = 8;
|
||||||
|
ssl->ivlen = 8; ssl->maclen = 20;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available",
|
SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available",
|
||||||
ssl_get_ciphersuite( ssl ) ) );
|
ssl_get_ciphersuite( ssl ) ) );
|
||||||
@ -366,6 +394,23 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
case SSL_RSA_NULL_MD5:
|
||||||
|
case SSL_RSA_NULL_SHA:
|
||||||
|
case SSL_RSA_NULL_SHA256:
|
||||||
|
break;
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
case SSL_RSA_DES_SHA:
|
||||||
|
case SSL_EDH_RSA_DES_SHA:
|
||||||
|
des_setkey_enc( (des_context *) ssl->ctx_enc, key1 );
|
||||||
|
des_setkey_dec( (des_context *) ssl->ctx_dec, key2 );
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
}
|
}
|
||||||
@ -521,7 +566,12 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
if( ssl->maclen == 20 )
|
if( ssl->maclen == 20 )
|
||||||
sha1_hmac( ssl->mac_enc, 20,
|
sha1_hmac( ssl->mac_enc, 20,
|
||||||
ssl->out_ctr, ssl->out_msglen + 13,
|
ssl->out_ctr, ssl->out_msglen + 13,
|
||||||
ssl->out_msg + ssl->out_msglen );
|
ssl->out_msg + ssl->out_msglen );
|
||||||
|
|
||||||
|
if( ssl->maclen == 32 )
|
||||||
|
sha2_hmac( ssl->mac_enc, 32,
|
||||||
|
ssl->out_ctr, ssl->out_msglen + 13,
|
||||||
|
ssl->out_msg + ssl->out_msglen, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_DEBUG_BUF( 4, "computed mac",
|
SSL_DEBUG_BUF( 4, "computed mac",
|
||||||
@ -535,7 +585,6 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
|
|
||||||
if( ssl->ivlen == 0 )
|
if( ssl->ivlen == 0 )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_ARC4_C)
|
|
||||||
padlen = 0;
|
padlen = 0;
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
||||||
@ -545,12 +594,23 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||||
ssl->out_msg, ssl->out_msglen );
|
ssl->out_msg, ssl->out_msglen );
|
||||||
|
|
||||||
arc4_crypt( (arc4_context *) ssl->ctx_enc,
|
#if defined(POLARSSL_ARC4_C)
|
||||||
ssl->out_msglen, ssl->out_msg,
|
if( ssl->session->ciphersuite == SSL_RSA_RC4_128_MD5 ||
|
||||||
ssl->out_msg );
|
ssl->session->ciphersuite == SSL_RSA_RC4_128_SHA )
|
||||||
#else
|
{
|
||||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
arc4_crypt( (arc4_context *) ssl->ctx_enc,
|
||||||
|
ssl->out_msglen, ssl->out_msg,
|
||||||
|
ssl->out_msg );
|
||||||
|
} else
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
if( ssl->session->ciphersuite == SSL_RSA_NULL_MD5 ||
|
||||||
|
ssl->session->ciphersuite == SSL_RSA_NULL_SHA ||
|
||||||
|
ssl->session->ciphersuite == SSL_RSA_NULL_SHA256 )
|
||||||
|
{
|
||||||
|
} else
|
||||||
|
#endif
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -605,11 +665,21 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
|
|
||||||
switch( ssl->ivlen )
|
switch( ssl->ivlen )
|
||||||
{
|
{
|
||||||
case 8:
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
des3_crypt_cbc( (des3_context *) ssl->ctx_enc,
|
case 8:
|
||||||
DES_ENCRYPT, enc_msglen,
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
ssl->iv_enc, enc_msg, enc_msg );
|
if( ssl->session->ciphersuite == SSL_RSA_DES_SHA ||
|
||||||
|
ssl->session->ciphersuite == SSL_EDH_RSA_DES_SHA )
|
||||||
|
{
|
||||||
|
des_crypt_cbc( (des_context *) ssl->ctx_enc,
|
||||||
|
DES_ENCRYPT, enc_msglen,
|
||||||
|
ssl->iv_enc, enc_msg, enc_msg );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
des3_crypt_cbc( (des3_context *) ssl->ctx_enc,
|
||||||
|
DES_ENCRYPT, enc_msglen,
|
||||||
|
ssl->iv_enc, enc_msg, enc_msg );
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -650,10 +720,15 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* TODO: Use digest version when integrated!
|
||||||
|
*/
|
||||||
|
#define POLARSSL_SSL_MAX_MAC_SIZE 32
|
||||||
|
|
||||||
static int ssl_decrypt_buf( ssl_context *ssl )
|
static int ssl_decrypt_buf( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
size_t i, padlen;
|
size_t i, padlen;
|
||||||
unsigned char tmp[20];
|
unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
|
SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
|
||||||
|
|
||||||
@ -668,12 +743,22 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
padlen = 0;
|
padlen = 0;
|
||||||
arc4_crypt( (arc4_context *) ssl->ctx_dec,
|
if( ssl->session->ciphersuite == SSL_RSA_RC4_128_MD5 ||
|
||||||
|
ssl->session->ciphersuite == SSL_RSA_RC4_128_SHA )
|
||||||
|
{
|
||||||
|
arc4_crypt( (arc4_context *) ssl->ctx_dec,
|
||||||
ssl->in_msglen, ssl->in_msg,
|
ssl->in_msglen, ssl->in_msg,
|
||||||
ssl->in_msg );
|
ssl->in_msg );
|
||||||
#else
|
} else
|
||||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
if( ssl->session->ciphersuite == SSL_RSA_NULL_MD5 ||
|
||||||
|
ssl->session->ciphersuite == SSL_RSA_NULL_SHA ||
|
||||||
|
ssl->session->ciphersuite == SSL_RSA_NULL_SHA256 )
|
||||||
|
{
|
||||||
|
} else
|
||||||
|
#endif
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -712,9 +797,19 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
case 8:
|
case 8:
|
||||||
des3_crypt_cbc( (des3_context *) ssl->ctx_dec,
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
DES_DECRYPT, dec_msglen,
|
if( ssl->session->ciphersuite == SSL_RSA_DES_SHA ||
|
||||||
ssl->iv_dec, dec_msg, dec_msg_result );
|
ssl->session->ciphersuite == SSL_EDH_RSA_DES_SHA )
|
||||||
|
{
|
||||||
|
des_crypt_cbc( (des_context *) ssl->ctx_dec,
|
||||||
|
DES_DECRYPT, dec_msglen,
|
||||||
|
ssl->iv_dec, dec_msg, dec_msg_result );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
des3_crypt_cbc( (des3_context *) ssl->ctx_dec,
|
||||||
|
DES_DECRYPT, dec_msglen,
|
||||||
|
ssl->iv_dec, dec_msg, dec_msg_result );
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -790,7 +885,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
|
ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
|
||||||
ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
|
ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
|
||||||
|
|
||||||
memcpy( tmp, ssl->in_msg + ssl->in_msglen, 20 );
|
memcpy( tmp, ssl->in_msg + ssl->in_msglen, POLARSSL_SSL_MAX_MAC_SIZE );
|
||||||
|
|
||||||
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
|
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
|
||||||
{
|
{
|
||||||
@ -798,7 +893,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
ssl_mac_md5( ssl->mac_dec,
|
ssl_mac_md5( ssl->mac_dec,
|
||||||
ssl->in_msg, ssl->in_msglen,
|
ssl->in_msg, ssl->in_msglen,
|
||||||
ssl->in_ctr, ssl->in_msgtype );
|
ssl->in_ctr, ssl->in_msgtype );
|
||||||
else
|
else if( ssl->maclen == 20 )
|
||||||
ssl_mac_sha1( ssl->mac_dec,
|
ssl_mac_sha1( ssl->mac_dec,
|
||||||
ssl->in_msg, ssl->in_msglen,
|
ssl->in_msg, ssl->in_msglen,
|
||||||
ssl->in_ctr, ssl->in_msgtype );
|
ssl->in_ctr, ssl->in_msgtype );
|
||||||
@ -809,10 +904,14 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
|||||||
md5_hmac( ssl->mac_dec, 16,
|
md5_hmac( ssl->mac_dec, 16,
|
||||||
ssl->in_ctr, ssl->in_msglen + 13,
|
ssl->in_ctr, ssl->in_msglen + 13,
|
||||||
ssl->in_msg + ssl->in_msglen );
|
ssl->in_msg + ssl->in_msglen );
|
||||||
else
|
else if( ssl->maclen == 20 )
|
||||||
sha1_hmac( ssl->mac_dec, 20,
|
sha1_hmac( ssl->mac_dec, 20,
|
||||||
ssl->in_ctr, ssl->in_msglen + 13,
|
ssl->in_ctr, ssl->in_msglen + 13,
|
||||||
ssl->in_msg + ssl->in_msglen );
|
ssl->in_msg + ssl->in_msglen );
|
||||||
|
else if( ssl->maclen == 32 )
|
||||||
|
sha2_hmac( ssl->mac_dec, 32,
|
||||||
|
ssl->in_ctr, ssl->in_msglen + 13,
|
||||||
|
ssl->in_msg + ssl->in_msglen, 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->maclen );
|
SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->maclen );
|
||||||
@ -1991,6 +2090,24 @@ const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
|
|||||||
return( "SSL-EDH-RSA-CAMELLIA-256-SHA" );
|
return( "SSL-EDH-RSA-CAMELLIA-256-SHA" );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
case SSL_RSA_NULL_MD5:
|
||||||
|
return( "SSL-RSA-NULL-MD5" );
|
||||||
|
case SSL_RSA_NULL_SHA:
|
||||||
|
return( "SSL-RSA-NULL-SHA" );
|
||||||
|
case SSL_RSA_NULL_SHA256:
|
||||||
|
return( "SSL-RSA-NULL-SHA256" );
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
case SSL_RSA_DES_SHA:
|
||||||
|
return( "SSL-RSA-DES-SHA" );
|
||||||
|
case SSL_EDH_RSA_DES_SHA:
|
||||||
|
return( "SSL-EDH-RSA-DES-SHA" );
|
||||||
|
#endif
|
||||||
|
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -2036,6 +2153,24 @@ int ssl_get_ciphersuite_id( const char *ciphersuite_name )
|
|||||||
return( SSL_EDH_RSA_CAMELLIA_256_SHA );
|
return( SSL_EDH_RSA_CAMELLIA_256_SHA );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-MD5"))
|
||||||
|
return( SSL_RSA_NULL_MD5 );
|
||||||
|
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-SHA"))
|
||||||
|
return( SSL_RSA_NULL_SHA );
|
||||||
|
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-NULL-SHA256"))
|
||||||
|
return( SSL_RSA_NULL_SHA256 );
|
||||||
|
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-DES-SHA"))
|
||||||
|
return( SSL_RSA_DES_SHA );
|
||||||
|
if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-DES-SHA"))
|
||||||
|
return( SSL_EDH_RSA_DES_SHA );
|
||||||
|
#endif
|
||||||
|
#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -144,6 +144,9 @@ int main( int argc, char *argv[] )
|
|||||||
if( argc == 0 )
|
if( argc == 0 )
|
||||||
{
|
{
|
||||||
usage:
|
usage:
|
||||||
|
if( ret == 0 )
|
||||||
|
ret = 1;
|
||||||
|
|
||||||
printf( USAGE );
|
printf( USAGE );
|
||||||
|
|
||||||
list = ssl_list_ciphersuites();
|
list = ssl_list_ciphersuites();
|
||||||
@ -153,7 +156,6 @@ int main( int argc, char *argv[] )
|
|||||||
list++;
|
list++;
|
||||||
}
|
}
|
||||||
printf("\n");
|
printf("\n");
|
||||||
ret = 1;
|
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -210,8 +212,10 @@ int main( int argc, char *argv[] )
|
|||||||
opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
|
opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
|
||||||
|
|
||||||
if( opt.force_ciphersuite[0] <= 0 )
|
if( opt.force_ciphersuite[0] <= 0 )
|
||||||
|
{
|
||||||
|
ret = 2;
|
||||||
goto usage;
|
goto usage;
|
||||||
|
}
|
||||||
opt.force_ciphersuite[1] = 0;
|
opt.force_ciphersuite[1] = 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -84,6 +84,15 @@ int my_ciphersuites[] =
|
|||||||
SSL_RSA_DES_168_SHA,
|
SSL_RSA_DES_168_SHA,
|
||||||
SSL_RSA_RC4_128_SHA,
|
SSL_RSA_RC4_128_SHA,
|
||||||
SSL_RSA_RC4_128_MD5,
|
SSL_RSA_RC4_128_MD5,
|
||||||
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
|
SSL_EDH_RSA_DES_SHA,
|
||||||
|
SSL_RSA_DES_SHA,
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
SSL_RSA_NULL_MD5,
|
||||||
|
SSL_RSA_NULL_SHA,
|
||||||
|
SSL_RSA_NULL_SHA256,
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -206,6 +215,8 @@ int main( int argc, char *argv[] )
|
|||||||
((void) argc);
|
((void) argc);
|
||||||
((void) argv);
|
((void) argv);
|
||||||
|
|
||||||
|
memset( &ssl, 0, sizeof( ssl_context ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 1. Load the certificates and private RSA key
|
* 1. Load the certificates and private RSA key
|
||||||
*/
|
*/
|
||||||
@ -448,7 +459,6 @@ reset:
|
|||||||
len = ret;
|
len = ret;
|
||||||
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
|
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
|
||||||
|
|
||||||
ssl_close_notify( &ssl );
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
goto reset;
|
goto reset;
|
||||||
|
|
||||||
|
@ -34,6 +34,7 @@ add_test_suite(camellia)
|
|||||||
add_test_suite(cipher cipher.aes)
|
add_test_suite(cipher cipher.aes)
|
||||||
add_test_suite(cipher cipher.camellia)
|
add_test_suite(cipher cipher.camellia)
|
||||||
add_test_suite(cipher cipher.des)
|
add_test_suite(cipher cipher.des)
|
||||||
|
add_test_suite(cipher cipher.null)
|
||||||
add_test_suite(ctr_drbg)
|
add_test_suite(ctr_drbg)
|
||||||
add_test_suite(debug)
|
add_test_suite(debug)
|
||||||
add_test_suite(des)
|
add_test_suite(des)
|
||||||
|
@ -12,8 +12,8 @@ LDFLAGS += -L../library -lpolarssl $(SYS_LDFLAGS)
|
|||||||
APPS = test_suite_aes test_suite_arc4 \
|
APPS = test_suite_aes test_suite_arc4 \
|
||||||
test_suite_base64 test_suite_camellia \
|
test_suite_base64 test_suite_camellia \
|
||||||
test_suite_cipher.aes test_suite_cipher.camellia \
|
test_suite_cipher.aes test_suite_cipher.camellia \
|
||||||
test_suite_cipher.des test_suite_ctr_drbg \
|
test_suite_cipher.des test_suite_cipher.null \
|
||||||
test_suite_debug \
|
test_suite_ctr_drbg test_suite_debug \
|
||||||
test_suite_des test_suite_dhm \
|
test_suite_des test_suite_dhm \
|
||||||
test_suite_error test_suite_hmac_shax \
|
test_suite_error test_suite_hmac_shax \
|
||||||
test_suite_md test_suite_mdx \
|
test_suite_md test_suite_mdx \
|
||||||
@ -38,6 +38,10 @@ test_suite_cipher.des.c : suites/test_suite_cipher.function suites/test_suite_ci
|
|||||||
echo " Generate $@"
|
echo " Generate $@"
|
||||||
scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.des
|
scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.des
|
||||||
|
|
||||||
|
test_suite_cipher.null.c : suites/test_suite_cipher.function suites/test_suite_cipher.null.data scripts/generate_code.pl suites/helpers.function
|
||||||
|
echo " Generate $@"
|
||||||
|
scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.null
|
||||||
|
|
||||||
%.c : suites/%.function suites/%.data scripts/generate_code.pl suites/helpers.function
|
%.c : suites/%.function suites/%.data scripts/generate_code.pl suites/helpers.function
|
||||||
echo " Generate $@"
|
echo " Generate $@"
|
||||||
scripts/generate_code.pl suites $* $*
|
scripts/generate_code.pl suites $* $*
|
||||||
@ -66,11 +70,15 @@ test_suite_cipher.camellia: test_suite_cipher.camellia.c ../library/libpolarssl.
|
|||||||
echo " CC $@.c"
|
echo " CC $@.c"
|
||||||
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
|
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
|
||||||
|
|
||||||
test_suite_ctr_drbg: test_suite_ctr_drbg.c ../library/libpolarssl.a
|
test_suite_cipher.des: test_suite_cipher.des.c ../library/libpolarssl.a
|
||||||
echo " CC $@.c"
|
echo " CC $@.c"
|
||||||
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
|
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
|
||||||
|
|
||||||
test_suite_cipher.des: test_suite_cipher.des.c ../library/libpolarssl.a
|
test_suite_cipher.null: test_suite_cipher.null.c ../library/libpolarssl.a
|
||||||
|
echo " CC $@.c"
|
||||||
|
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
|
||||||
|
|
||||||
|
test_suite_ctr_drbg: test_suite_ctr_drbg.c ../library/libpolarssl.a
|
||||||
echo " CC $@.c"
|
echo " CC $@.c"
|
||||||
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
|
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
|
||||||
|
|
||||||
|
136
tests/compat.sh
Normal file
136
tests/compat.sh
Normal file
@ -0,0 +1,136 @@
|
|||||||
|
killall -q openssl ssl_server
|
||||||
|
|
||||||
|
openssl s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL &
|
||||||
|
PROCESS_ID=$!
|
||||||
|
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
CIPHERS=" \
|
||||||
|
SSL-EDH-RSA-AES-128-SHA \
|
||||||
|
SSL-EDH-RSA-AES-256-SHA \
|
||||||
|
SSL-EDH-RSA-CAMELLIA-128-SHA \
|
||||||
|
SSL-EDH-RSA-CAMELLIA-256-SHA \
|
||||||
|
SSL-EDH-RSA-DES-168-SHA \
|
||||||
|
SSL-RSA-AES-256-SHA \
|
||||||
|
SSL-RSA-CAMELLIA-256-SHA \
|
||||||
|
SSL-RSA-AES-128-SHA \
|
||||||
|
SSL-RSA-CAMELLIA-128-SHA \
|
||||||
|
SSL-RSA-DES-168-SHA \
|
||||||
|
SSL-RSA-RC4-128-SHA \
|
||||||
|
SSL-RSA-RC4-128-MD5 \
|
||||||
|
SSL-RSA-NULL-MD5 \
|
||||||
|
SSL-RSA-NULL-SHA \
|
||||||
|
SSL-RSA-DES-SHA \
|
||||||
|
SSL-EDH-RSA-DES-SHA \
|
||||||
|
"
|
||||||
|
|
||||||
|
# Not supported by OpenSSL: SSL-RSA-NULL-SHA256
|
||||||
|
for i in $CIPHERS;
|
||||||
|
do
|
||||||
|
RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
|
||||||
|
EXIT=$?
|
||||||
|
echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
|
||||||
|
if [ "$EXIT" = "2" ];
|
||||||
|
then
|
||||||
|
echo Ciphersuite not supported in client
|
||||||
|
elif [ "$EXIT" != "0" ];
|
||||||
|
then
|
||||||
|
echo Failed
|
||||||
|
echo $RESULT
|
||||||
|
else
|
||||||
|
echo Success
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
kill $PROCESS_ID
|
||||||
|
|
||||||
|
../programs/ssl/ssl_server > /dev/null &
|
||||||
|
PROCESS_ID=$!
|
||||||
|
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
CIPHERS=" \
|
||||||
|
DHE-RSA-AES128-SHA \
|
||||||
|
DHE-RSA-AES256-SHA \
|
||||||
|
DHE-RSA-CAMELLIA128-SHA \
|
||||||
|
DHE-RSA-CAMELLIA256-SHA \
|
||||||
|
EDH-RSA-DES-CBC3-SHA \
|
||||||
|
AES256-SHA \
|
||||||
|
CAMELLIA256-SHA \
|
||||||
|
AES128-SHA \
|
||||||
|
CAMELLIA128-SHA \
|
||||||
|
DES-CBC3-SHA \
|
||||||
|
RC4-SHA \
|
||||||
|
RC4-MD5 \
|
||||||
|
NULL-MD5 \
|
||||||
|
NULL-SHA \
|
||||||
|
DES-CBC-SHA \
|
||||||
|
EDH-RSA-DES-CBC-SHA \
|
||||||
|
"
|
||||||
|
|
||||||
|
# Not supported by OpenSSL: NULL-SHA256
|
||||||
|
for i in $CIPHERS;
|
||||||
|
do
|
||||||
|
RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | openssl s_client -cipher $i 2>&1)"
|
||||||
|
EXIT=$?
|
||||||
|
echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
|
||||||
|
|
||||||
|
if [ "$EXIT" != "0" ];
|
||||||
|
then
|
||||||
|
SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
|
||||||
|
if [ "X$SUPPORTED" != "X" ]
|
||||||
|
then
|
||||||
|
echo "Ciphersuite not supported in server"
|
||||||
|
else
|
||||||
|
echo Failed
|
||||||
|
echo $RESULT
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo Success
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
kill $PROCESS_ID
|
||||||
|
|
||||||
|
../programs/ssl/ssl_server > /dev/null &
|
||||||
|
PROCESS_ID=$!
|
||||||
|
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
CIPHERS=" \
|
||||||
|
SSL-RSA-RC4-128-SHA \
|
||||||
|
SSL-RSA-NULL-MD5 \
|
||||||
|
SSL-EDH-RSA-AES-128-SHA \
|
||||||
|
SSL-EDH-RSA-AES-256-SHA \
|
||||||
|
SSL-EDH-RSA-CAMELLIA-128-SHA \
|
||||||
|
SSL-EDH-RSA-CAMELLIA-256-SHA \
|
||||||
|
SSL-EDH-RSA-DES-168-SHA \
|
||||||
|
SSL-RSA-NULL-SHA \
|
||||||
|
SSL-RSA-AES-256-SHA \
|
||||||
|
SSL-RSA-CAMELLIA-256-SHA \
|
||||||
|
SSL-RSA-AES-128-SHA \
|
||||||
|
SSL-RSA-CAMELLIA-128-SHA \
|
||||||
|
SSL-RSA-DES-168-SHA \
|
||||||
|
SSL-RSA-RC4-128-MD5 \
|
||||||
|
SSL-RSA-DES-SHA \
|
||||||
|
SSL-EDH-RSA-DES-SHA \
|
||||||
|
SSL-RSA-NULL-SHA256 \
|
||||||
|
"
|
||||||
|
|
||||||
|
for i in $CIPHERS;
|
||||||
|
do
|
||||||
|
RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
|
||||||
|
EXIT=$?
|
||||||
|
echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
|
||||||
|
if [ "$EXIT" = "2" ];
|
||||||
|
then
|
||||||
|
echo Ciphersuite not supported in client
|
||||||
|
elif [ "$EXIT" != "0" ];
|
||||||
|
then
|
||||||
|
echo Failed
|
||||||
|
echo $RESULT
|
||||||
|
else
|
||||||
|
echo Success
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
kill $PROCESS_ID
|
||||||
|
|
102
tests/suites/test_suite_cipher.null.data
Normal file
102
tests/suites/test_suite_cipher.null.data
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
Cipher Selftest
|
||||||
|
depends_on:POLARSSL_SELF_TEST
|
||||||
|
cipher_selftest:
|
||||||
|
|
||||||
|
Decrypt empty buffer
|
||||||
|
dec_empty_buf:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 0 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:0
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 1 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:1
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 2 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:2
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 7 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:7
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 8 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:8
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 9 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:9
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 15 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:15
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 16 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:16
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 31 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:31
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 32 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:32
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 33 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:33
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 47 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:47
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 48 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:48
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 49 bytes
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:49
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 1 bytes in multiple parts 1
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:1:0:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 1 bytes in multiple parts 2
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:0:1:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 16 bytes in multiple parts 1
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:16:0:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 16 bytes in multiple parts 2
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:0:16:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 16 bytes in multiple parts 3
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:1:15:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 16 bytes in multiple parts 4
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:15:1:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 22 bytes in multiple parts 1
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:15:7:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 22 bytes in multiple parts 1
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:16:6:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 22 bytes in multiple parts 1
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:17:6:
|
||||||
|
|
||||||
|
NULL Encrypt and decrypt 32 bytes in multiple parts 1
|
||||||
|
depends_on:POLARSSL_CIPHER_NULL_CIPHER
|
||||||
|
enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:16:16:
|
Loading…
Reference in New Issue
Block a user