From 45b280a53eccd46bfbaf1b9b51c095b7ce2c2184 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 10 Jul 2019 14:32:14 -0500
Subject: [PATCH] RSA Null MD5 cipher suite 1. Add the cipher suite
 TLS_RSA_WITH_NULL_MD5 for use with the sniffer. 2. Added
 TLS_RSA_WITH_NULL_MD5 to the suite test.

---
 src/internal.c     | 12 ++++++++++++
 src/keys.c         | 17 +++++++++++++++++
 tests/test.conf    | 24 ++++++++++++++++++++++++
 wolfssl/internal.h |  4 ++++
 4 files changed, 57 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 37511e71c..07035e2e7 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2702,6 +2702,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     }
 #endif
 
+#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
+    if (tls && haveRSA) {
+        suites->suites[idx++] = CIPHER_BYTE;
+        suites->suites[idx++] = TLS_RSA_WITH_NULL_MD5;
+    }
+#endif
+
 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
     if (tls && haveRSA) {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -8096,6 +8103,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
                 return 1;
             break;
 
+        case TLS_RSA_WITH_NULL_MD5 :
         case TLS_RSA_WITH_NULL_SHA :
         case TLS_RSA_WITH_NULL_SHA256 :
             if (requirement == REQUIRES_RSA)
@@ -16322,6 +16330,10 @@ static const CipherSuiteInfo cipher_names[] =
     SUITE_INFO("AES256-SHA","TLS_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA),
 #endif
 
+#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
+    SUITE_INFO("NULL-MD5","TLS_RSA_WITH_NULL_MD5",CIPHER_BYTE,TLS_RSA_WITH_NULL_MD5),
+#endif
+
 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
     SUITE_INFO("NULL-SHA","TLS_RSA_WITH_NULL_SHA",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA),
 #endif
diff --git a/src/keys.c b/src/keys.c
index 2ece71752..9289ada29 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -1294,6 +1294,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
         break;
 #endif
 
+#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
+    case TLS_RSA_WITH_NULL_MD5 :
+        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
+        ssl->specs.cipher_type           = stream;
+        ssl->specs.mac_algorithm         = md5_mac;
+        ssl->specs.kea                   = rsa_kea;
+        ssl->specs.sig_algo              = rsa_sa_algo;
+        ssl->specs.hash_size             = WC_MD5_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_MD5;
+        ssl->specs.static_ecdh           = 0;
+        ssl->specs.key_size              = 0;
+        ssl->specs.block_size            = 0;
+        ssl->specs.iv_size               = 0;
+
+        break;
+#endif
+
 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
     case TLS_RSA_WITH_NULL_SHA :
         ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
diff --git a/tests/test.conf b/tests/test.conf
index 64e8b48ee..43092d16b 100644
--- a/tests/test.conf
+++ b/tests/test.conf
@@ -1397,6 +1397,30 @@
 -v 3
 -l PSK-NULL-SHA256
 
+# server TLSv1.0 RSA-NULL-MD5
+-v 1
+-l NULL-MD5
+
+# client TLSv1.0 RSA-NULL-MD5
+-v 1
+-l NULL-MD5
+
+# server TLSv1.1 RSA-NULL-MD5
+-v 2
+-l NULL-MD5
+
+# client TLSv1.1 RSA-NULL-MD5
+-v 2
+-l NULL-MD5
+
+# server TLSv1.2 RSA-NULL-MD5
+-v 3
+-l NULL-MD5
+
+# client TLSv1.2 RSA-NULL-MD5
+-v 3
+-l NULL-MD5
+
 # server TLSv1.0 RSA-NULL-SHA
 -v 1
 -l NULL-SHA
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 2f408f1b2..a1dbe8ec1 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -422,6 +422,9 @@
     #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
         #if !defined(NO_RSA)
             #if defined(WOLFSSL_STATIC_RSA)
+                #ifndef NO_MD5
+                    #define BUILD_TLS_RSA_WITH_NULL_MD5
+                #endif
                 #if !defined(NO_SHA)
                     #define BUILD_TLS_RSA_WITH_NULL_SHA
                 #endif
@@ -921,6 +924,7 @@ enum {
     TLS_DH_anon_WITH_AES_128_CBC_SHA  = 0x34,
     TLS_RSA_WITH_AES_256_CBC_SHA      = 0x35,
     TLS_RSA_WITH_AES_128_CBC_SHA      = 0x2F,
+    TLS_RSA_WITH_NULL_MD5             = 0x01,
     TLS_RSA_WITH_NULL_SHA             = 0x02,
     TLS_PSK_WITH_AES_256_CBC_SHA      = 0x8d,
     TLS_PSK_WITH_AES_128_CBC_SHA256   = 0xae,