Added PSK NULL ciphers from RFC4785

include/polarssl/ssl_ciphersuites.h

@@ -49,6 +49,10 @@ extern "C" {
 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x0A
 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x16
 
+#define TLS_PSK_WITH_NULL_SHA                    0x2C
+#define TLS_DHE_PSK_WITH_NULL_SHA                0x2D
+#define TLS_RSA_PSK_WITH_NULL_SHA                0x2E
+
 #define TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
 #define TLS_RSA_WITH_AES_256_CBC_SHA             0x35

library/ssl_ciphersuites.c

@@ -118,6 +118,9 @@ static const int ciphersuite_preference[] =
     TLS_RSA_WITH_NULL_SHA256,
     TLS_RSA_WITH_NULL_SHA,
     TLS_RSA_WITH_NULL_MD5,
+    TLS_PSK_WITH_NULL_SHA,
+    TLS_DHE_PSK_WITH_NULL_SHA,
+    TLS_RSA_PSK_WITH_NULL_SHA,
 
     0
 };
@@ -487,8 +490,8 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
 #endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
 
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
-#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
     { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
       POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
@@ -506,9 +509,33 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
       POLARSSL_CIPHERSUITE_WEAK },
-#endif /* POLARSSL_CIPHER_NULL_CIPHER */
 #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
 
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+    { TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
+      POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+      POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    { TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
+      POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+      POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    { TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
+      POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+      POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#endif /* POLARSSL_CIPHER_NULL_CIPHER */
+
 #if defined(POLARSSL_DES_C)
 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
     { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",

tests/compat.sh

@@ -205,6 +205,8 @@ P_CIPHERS="$P_CIPHERS                        \
     TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA        \
     TLS-DHE-PSK-WITH-AES-128-CBC-SHA         \
     TLS-DHE-PSK-WITH-AES-256-CBC-SHA         \
+    TLS-PSK-WITH-NULL-SHA                    \
+    TLS-DHE-PSK-WITH-NULL-SHA                \
     "
 
 for i in $P_CIPHERS;