- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index a37fd56..48c766f 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -34,6 +34,7 @@
add_test_suite(cipher cipher.aes)
add_test_suite(cipher cipher.camellia)
add_test_suite(cipher cipher.des)
+add_test_suite(cipher cipher.null)
add_test_suite(ctr_drbg)
add_test_suite(debug)
add_test_suite(des)
diff --git a/tests/Makefile b/tests/Makefile
index 8ecf346..990637d 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -12,8 +12,8 @@
APPS = test_suite_aes test_suite_arc4 \
test_suite_base64 test_suite_camellia \
test_suite_cipher.aes test_suite_cipher.camellia \
- test_suite_cipher.des test_suite_ctr_drbg \
- test_suite_debug \
+ test_suite_cipher.des test_suite_cipher.null \
+ test_suite_ctr_drbg test_suite_debug \
test_suite_des test_suite_dhm \
test_suite_error test_suite_hmac_shax \
test_suite_md test_suite_mdx \
@@ -38,6 +38,10 @@
echo " Generate $@"
scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.des
+test_suite_cipher.null.c : suites/test_suite_cipher.function suites/test_suite_cipher.null.data scripts/generate_code.pl suites/helpers.function
+ echo " Generate $@"
+ scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.null
+
%.c : suites/%.function suites/%.data scripts/generate_code.pl suites/helpers.function
echo " Generate $@"
scripts/generate_code.pl suites $* $*
@@ -66,11 +70,15 @@
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
-test_suite_ctr_drbg: test_suite_ctr_drbg.c ../library/libpolarssl.a
+test_suite_cipher.des: test_suite_cipher.des.c ../library/libpolarssl.a
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
-test_suite_cipher.des: test_suite_cipher.des.c ../library/libpolarssl.a
+test_suite_cipher.null: test_suite_cipher.null.c ../library/libpolarssl.a
+ echo " CC $@.c"
+ $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
+
+test_suite_ctr_drbg: test_suite_ctr_drbg.c ../library/libpolarssl.a
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
diff --git a/tests/compat.sh b/tests/compat.sh
new file mode 100644
index 0000000..ab84899
--- /dev/null
+++ b/tests/compat.sh
@@ -0,0 +1,136 @@
+killall -q openssl ssl_server
+
+openssl s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL &
+PROCESS_ID=$!
+
+sleep 1
+
+CIPHERS=" \
+ SSL-EDH-RSA-AES-128-SHA \
+ SSL-EDH-RSA-AES-256-SHA \
+ SSL-EDH-RSA-CAMELLIA-128-SHA \
+ SSL-EDH-RSA-CAMELLIA-256-SHA \
+ SSL-EDH-RSA-DES-168-SHA \
+ SSL-RSA-AES-256-SHA \
+ SSL-RSA-CAMELLIA-256-SHA \
+ SSL-RSA-AES-128-SHA \
+ SSL-RSA-CAMELLIA-128-SHA \
+ SSL-RSA-DES-168-SHA \
+ SSL-RSA-RC4-128-SHA \
+ SSL-RSA-RC4-128-MD5 \
+ SSL-RSA-NULL-MD5 \
+ SSL-RSA-NULL-SHA \
+ SSL-RSA-DES-SHA \
+ SSL-EDH-RSA-DES-SHA \
+ "
+
+# Not supported by OpenSSL: SSL-RSA-NULL-SHA256
+for i in $CIPHERS;
+do
+ RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
+ EXIT=$?
+ echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
+ if [ "$EXIT" = "2" ];
+ then
+ echo Ciphersuite not supported in client
+ elif [ "$EXIT" != "0" ];
+ then
+ echo Failed
+ echo $RESULT
+ else
+ echo Success
+ fi
+done
+kill $PROCESS_ID
+
+../programs/ssl/ssl_server > /dev/null &
+PROCESS_ID=$!
+
+sleep 1
+
+CIPHERS=" \
+ DHE-RSA-AES128-SHA \
+ DHE-RSA-AES256-SHA \
+ DHE-RSA-CAMELLIA128-SHA \
+ DHE-RSA-CAMELLIA256-SHA \
+ EDH-RSA-DES-CBC3-SHA \
+ AES256-SHA \
+ CAMELLIA256-SHA \
+ AES128-SHA \
+ CAMELLIA128-SHA \
+ DES-CBC3-SHA \
+ RC4-SHA \
+ RC4-MD5 \
+ NULL-MD5 \
+ NULL-SHA \
+ DES-CBC-SHA \
+ EDH-RSA-DES-CBC-SHA \
+ "
+
+# Not supported by OpenSSL: NULL-SHA256
+for i in $CIPHERS;
+do
+ RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | openssl s_client -cipher $i 2>&1)"
+ EXIT=$?
+ echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
+
+ if [ "$EXIT" != "0" ];
+ then
+ SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
+ if [ "X$SUPPORTED" != "X" ]
+ then
+ echo "Ciphersuite not supported in server"
+ else
+ echo Failed
+ echo $RESULT
+ fi
+ else
+ echo Success
+ fi
+done
+
+kill $PROCESS_ID
+
+../programs/ssl/ssl_server > /dev/null &
+PROCESS_ID=$!
+
+sleep 1
+
+CIPHERS=" \
+ SSL-RSA-RC4-128-SHA \
+ SSL-RSA-NULL-MD5 \
+ SSL-EDH-RSA-AES-128-SHA \
+ SSL-EDH-RSA-AES-256-SHA \
+ SSL-EDH-RSA-CAMELLIA-128-SHA \
+ SSL-EDH-RSA-CAMELLIA-256-SHA \
+ SSL-EDH-RSA-DES-168-SHA \
+ SSL-RSA-NULL-SHA \
+ SSL-RSA-AES-256-SHA \
+ SSL-RSA-CAMELLIA-256-SHA \
+ SSL-RSA-AES-128-SHA \
+ SSL-RSA-CAMELLIA-128-SHA \
+ SSL-RSA-DES-168-SHA \
+ SSL-RSA-RC4-128-MD5 \
+ SSL-RSA-DES-SHA \
+ SSL-EDH-RSA-DES-SHA \
+ SSL-RSA-NULL-SHA256 \
+ "
+
+for i in $CIPHERS;
+do
+ RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
+ EXIT=$?
+ echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
+ if [ "$EXIT" = "2" ];
+ then
+ echo Ciphersuite not supported in client
+ elif [ "$EXIT" != "0" ];
+ then
+ echo Failed
+ echo $RESULT
+ else
+ echo Success
+ fi
+done
+kill $PROCESS_ID
+
diff --git a/tests/suites/test_suite_cipher.null.data b/tests/suites/test_suite_cipher.null.data
new file mode 100644
index 0000000..96aa36a
--- /dev/null
+++ b/tests/suites/test_suite_cipher.null.data
@@ -0,0 +1,102 @@
+Cipher Selftest
+depends_on:POLARSSL_SELF_TEST
+cipher_selftest:
+
+Decrypt empty buffer
+dec_empty_buf:
+
+NULL Encrypt and decrypt 0 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:0
+
+NULL Encrypt and decrypt 1 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:1
+
+NULL Encrypt and decrypt 2 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:2
+
+NULL Encrypt and decrypt 7 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:7
+
+NULL Encrypt and decrypt 8 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:8
+
+NULL Encrypt and decrypt 9 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:9
+
+NULL Encrypt and decrypt 15 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:15
+
+NULL Encrypt and decrypt 16 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:16
+
+NULL Encrypt and decrypt 31 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:31
+
+NULL Encrypt and decrypt 32 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:32
+
+NULL Encrypt and decrypt 33 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:33
+
+NULL Encrypt and decrypt 47 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:47
+
+NULL Encrypt and decrypt 48 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:48
+
+NULL Encrypt and decrypt 49 bytes
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf:POLARSSL_CIPHER_NULL:NULL:0:49
+
+NULL Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:1:0:
+
+NULL Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:0:1:
+
+NULL Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:16:0:
+
+NULL Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:0:16:
+
+NULL Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:1:15:
+
+NULL Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:15:1:
+
+NULL Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:15:7:
+
+NULL Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:16:6:
+
+NULL Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:17:6:
+
+NULL Encrypt and decrypt 32 bytes in multiple parts 1
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+enc_dec_buf_multipart:POLARSSL_CIPHER_NULL:0:16:16: