Merge branch 'master' of github.com:cyassl/cyassl

cyassl/internal.h

@@ -160,8 +160,12 @@ void c32to24(word32 in, word24 out);
     #endif
 #endif
 
-#if !defined(NO_TLS) && !defined(NO_PSK) && defined(HAVE_NULL_CIPHER)
+#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
+    #define BUILD_TLS_RSA_WITH_NULL_SHA
+    #define BUILD_TLS_RSA_WITH_NULL_SHA256
+    #if !defined(NO_PSK)
         #define BUILD_TLS_PSK_WITH_NULL_SHA
+    #endif
 #endif
 
 #if !defined(NO_HC128) && !defined(NO_TLS)
@@ -269,6 +273,7 @@ enum {
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA  = 0x33,
     TLS_RSA_WITH_AES_256_CBC_SHA      = 0x35,
     TLS_RSA_WITH_AES_128_CBC_SHA      = 0x2F,
+    TLS_RSA_WITH_NULL_SHA             = 0x02,
     TLS_PSK_WITH_AES_256_CBC_SHA      = 0x8d,
     TLS_PSK_WITH_AES_128_CBC_SHA      = 0x8c,
     TLS_PSK_WITH_NULL_SHA             = 0x2c,
@@ -312,6 +317,7 @@ enum {
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
     TLS_RSA_WITH_AES_256_CBC_SHA256     = 0x3d,
     TLS_RSA_WITH_AES_128_CBC_SHA256     = 0x3c,
+    TLS_RSA_WITH_NULL_SHA256            = 0x3b,
 
     /* AES-GCM */
     TLS_RSA_WITH_AES_128_GCM_SHA256          = 0x9c,

src/internal.c

@@ -828,6 +828,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
     }
 #endif
 
+#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
+    if (tls && haveRSA) {
+        suites->suites[idx++] = 0; 
+        suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
+    }
+#endif
+
+#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
+    if (tls && haveRSA) {
+        suites->suites[idx++] = 0; 
+        suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
+    }
+#endif
+
 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
     if (tls && havePSK) {
         suites->suites[idx++] = 0; 
@@ -4428,6 +4442,14 @@ const char* const cipher_names[] =
     "AES256-SHA",
 #endif
 
+#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
+    "NULL-SHA",
+#endif
+
+#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
+    "NULL-SHA256",
+#endif
+
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
     "DHE-RSA-AES128-SHA",
 #endif
@@ -4632,6 +4654,14 @@ int cipher_name_idx[] =
     TLS_RSA_WITH_AES_256_CBC_SHA,
 #endif
 
+#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
+    TLS_RSA_WITH_NULL_SHA,
+#endif
+
+#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
+    TLS_RSA_WITH_NULL_SHA256,
+#endif
+
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,    
 #endif
@@ -6701,6 +6731,12 @@ int SetCipherList(Suites* s, const char* list)
                 return 1;
             break;
 
+        case TLS_RSA_WITH_NULL_SHA :
+        case TLS_RSA_WITH_NULL_SHA256 :
+            if (requirement == REQUIRES_RSA)
+                return 1;
+            break;
+
         case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
             if (requirement == REQUIRES_NTRU)
                 return 1;

src/keys.c

@@ -568,6 +568,38 @@ int SetCipherSpecs(CYASSL* ssl)
         break;
 #endif
 
+#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
+    case TLS_RSA_WITH_NULL_SHA :
+        ssl->specs.bulk_cipher_algorithm = cipher_null;
+        ssl->specs.cipher_type           = stream;
+        ssl->specs.mac_algorithm         = sha_mac;
+        ssl->specs.kea                   = rsa_kea;
+        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.static_ecdh           = 0;
+        ssl->specs.key_size              = 0;
+        ssl->specs.block_size            = 0;
+        ssl->specs.iv_size               = 0;
+
+        break;
+#endif
+
+#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
+    case TLS_RSA_WITH_NULL_SHA256 :
+        ssl->specs.bulk_cipher_algorithm = cipher_null;
+        ssl->specs.cipher_type           = stream;
+        ssl->specs.mac_algorithm         = sha256_mac;
+        ssl->specs.kea                   = rsa_kea;
+        ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.static_ecdh           = 0;
+        ssl->specs.key_size              = 0;
+        ssl->specs.block_size            = 0;
+        ssl->specs.iv_size               = 0;
+
+        break;
+#endif
+
 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
     case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
         ssl->specs.bulk_cipher_algorithm = aes;

src/ssl.c

@@ -5289,6 +5289,10 @@ int CyaSSL_set_compression(CYASSL* ssl)
                     return "TLS_RSA_WITH_AES_128_CBC_SHA256";
                 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
                     return "TLS_RSA_WITH_AES_256_CBC_SHA256";
+                case TLS_RSA_WITH_NULL_SHA :
+                    return "TLS_RSA_WITH_NULL_SHA";
+                case TLS_RSA_WITH_NULL_SHA256 :
+                    return "TLS_RSA_WITH_NULL_SHA256";
                 case TLS_PSK_WITH_AES_128_CBC_SHA :
                     return "TLS_PSK_WITH_AES_128_CBC_SHA";
                 case TLS_PSK_WITH_AES_256_CBC_SHA :

tests/suites.c

@@ -250,6 +250,17 @@ int SuiteTest(void)
     }
 #endif
 
+#ifdef HAVE_NULL_CIPHER
+    /* add rsa null cipher suites */
+    strcpy(argv0[1], "tests/test-null.conf");
+    printf("starting null cipher suite tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        exit(EXIT_FAILURE);  
+    }
+#endif
+
 #ifdef HAVE_HC128 
     /* add hc128 extra suites */
     strcpy(argv0[1], "tests/test-hc128.conf");

tests/test-null.conf

@@ -0,0 +1,48 @@
+# server TLSv1.0 RSA-NULL-SHA
+-v 1
+-l NULL-SHA
+
+# client TLSv1.0 RSA-NULL-SHA
+-v 1
+-l NULL-SHA
+
+# server TLSv1.1 RSA-NULL-SHA
+-v 2
+-l NULL-SHA
+
+# client TLSv1.1 RSA-NULL-SHA
+-v 2
+-l NULL-SHA
+
+# server TLSv1.2 RSA-NULL-SHA
+-v 3
+-l NULL-SHA
+
+# client TLSv1.2 RSA-NULL-SHA
+-v 3
+-l NULL-SHA
+
+# server TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l NULL-SHA256
+
+# client TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l NULL-SHA256
+
+# server TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l NULL-SHA256
+
+# client TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l NULL-SHA256
+
+# server TLSv1.2 RSA-NULL-SHA256
+-v 3
+-l NULL-SHA256
+
+# client TLSv1.2 RSA-NULL-SHA256
+-v 3
+-l NULL-SHA256
+