Remove RC4 (and all support for stream ciphers) from TLS

6 files changed, 13 insertions, 56 deletions

diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index 16fced4ea..26ac6a801 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -527,11 +527,11 @@ policy settings from a file.
      Also allowed (though currently experimental): "AES-128/OCB(12)",
      "AES-256/OCB(12)"
 
-     Also allowed (although **not recommended**): "SEED", "3DES", "RC4"
+     Also allowed (although **not recommended**): "SEED", "3DES"
 
      .. note::
 
-        RC4 will never be negotiated in DTLS due to protocol limitations
+        Support for the broken RC4 cipher was removed in 1.11.17
 
  .. cpp:function:: std::vector<std::string> allowed_macs() const
 
diff --git a/doc/relnotes/index.rst b/doc/relnotes/index.rst
index 896b70479..f94a0bfea 100644
--- a/doc/relnotes/index.rst
+++ b/doc/relnotes/index.rst
@@ -8,6 +8,8 @@ Series 1.11
 .. toctree::
    :maxdepth: 1
 
+   1_11_17
+   1_11_16
    1_11_15
    1_11_14
    1_11_13
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index 6ccb31165..fb8079bdc 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -1,6 +1,6 @@
 /*
 * TLS Record Handling
-* (C) 2012,2013,2014 Jack Lloyd
+* (C) 2012,2013,2014,2015 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -73,11 +73,6 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
       if(version.supports_explicit_cbc_ivs())
          m_iv_size = m_block_size;
       }
-   else if(StreamCipher* sc = get_stream_cipher(cipher_algo))
-      {
-      m_stream_cipher.reset(sc);
-      m_stream_cipher->set_key(cipher_key);
-      }
    else
       throw Invalid_Argument("Unknown TLS cipher " + cipher_algo);
 
@@ -236,11 +231,7 @@ void write_record(secure_vector<byte>& output,
    BOTAN_ASSERT_EQUAL(buf_size + header_size, output.size(),
                       "Output buffer is sized properly");
 
-   if(StreamCipher* sc = cs->stream_cipher())
-      {
-      sc->cipher1(&output[header_size], buf_size);
-      }
-   else if(BlockCipher* bc = cs->block_cipher())
+   if(BlockCipher* bc = cs->block_cipher())
       {
       secure_vector<byte>& cbc_state = cs->cbc_state();
 
@@ -388,17 +379,12 @@ void decrypt_record(secure_vector<byte>& output,
       }
    else
       {
-      // GenericBlockCipher / GenericStreamCipher case
+      // GenericBlockCipher case
 
       volatile bool padding_bad = false;
       size_t pad_size = 0;
 
-      if(StreamCipher* sc = cs.stream_cipher())
-         {
-         sc->cipher1(record_contents, record_len);
-         // no padding to check or remove
-         }
-      else if(BlockCipher* bc = cs.block_cipher())
+      if(BlockCipher* bc = cs.block_cipher())
          {
          cbc_decrypt_record(record_contents, record_len, cs, *bc);
 
diff --git a/src/lib/tls/tls_record.h b/src/lib/tls/tls_record.h
index 46f87a9af..d7aa82e71 100644
--- a/src/lib/tls/tls_record.h
+++ b/src/lib/tls/tls_record.h
@@ -12,7 +12,6 @@
 #include <botan/tls_version.h>
 #include <botan/aead.h>
 #include <botan/block_cipher.h>
-#include <botan/stream_cipher.h>
 #include <botan/mac.h>
 #include <vector>
 #include <chrono>
@@ -53,8 +52,6 @@ class Connection_Cipher_State
 
       BlockCipher* block_cipher() { return m_block_cipher.get(); }
 
-      StreamCipher* stream_cipher() { return m_stream_cipher.get(); }
-
       MessageAuthenticationCode* mac() { return m_mac.get(); }
 
       secure_vector<byte>& cbc_state() { return m_block_cipher_cbc_state; }
@@ -82,7 +79,6 @@ class Connection_Cipher_State
       std::chrono::system_clock::time_point m_start_time;
       std::unique_ptr<BlockCipher> m_block_cipher;
       secure_vector<byte> m_block_cipher_cbc_state;
-      std::unique_ptr<StreamCipher> m_stream_cipher;
       std::unique_ptr<MessageAuthenticationCode> m_mac;
 
       std::unique_ptr<AEAD_Mode> m_aead;
diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp
index 02d277173..cb5c1d4c5 100644
--- a/src/lib/tls/tls_suite_info.cpp
+++ b/src/lib/tls/tls_suite_info.cpp
@@ -3,7 +3,7 @@
 *
 * This file was automatically generated from the IANA assignments
 * (tls-parameters.txt hash 4bc98b6f75ad5b63952b5f457fa7adbfef60f095)
-* by ./src/scripts/tls_suite_info.py on 2015-01-30
+* by ./src/scripts/tls_suite_info.py on 2015-05-11
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -108,9 +108,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
       case 0xC091: // DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
          return Ciphersuite(0xC091, "", "DHE_PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
 
-      case 0x008E: // DHE_PSK_WITH_RC4_128_SHA
-         return Ciphersuite(0x008E, "", "DHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20);
-
       case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA
          return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20);
 
@@ -213,9 +210,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
       case 0xC085: // DH_anon_WITH_CAMELLIA_256_GCM_SHA384
          return Ciphersuite(0xC085, "", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
 
-      case 0x0018: // DH_anon_WITH_RC4_128_MD5
-         return Ciphersuite(0x0018, "", "DH", "RC4", 16, 0, 0, "MD5", 16);
-
       case 0x009B: // DH_anon_WITH_SEED_CBC_SHA
          return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, 0, "SHA-1", 20);
 
@@ -273,9 +267,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
       case 0xCC14: // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
          return Ciphersuite(0xCC14, "ECDSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256");
 
-      case 0xC007: // ECDHE_ECDSA_WITH_RC4_128_SHA
-         return Ciphersuite(0xC007, "ECDSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20);
-
       case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
          return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20);
 
@@ -303,9 +294,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
       case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
          return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48);
 
-      case 0xC033: // ECDHE_PSK_WITH_RC4_128_SHA
-         return Ciphersuite(0xC033, "", "ECDHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20);
-
       case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
          return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20);
 
@@ -348,9 +336,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
       case 0xCC13: // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
          return Ciphersuite(0xCC13, "RSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256");
 
-      case 0xC011: // ECDHE_RSA_WITH_RC4_128_SHA
-         return Ciphersuite(0xC011, "RSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20);
-
       case 0xC017: // ECDH_anon_WITH_3DES_EDE_CBC_SHA
          return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20);
 
@@ -360,9 +345,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
       case 0xC019: // ECDH_anon_WITH_AES_256_CBC_SHA
          return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20);
 
-      case 0xC016: // ECDH_anon_WITH_RC4_128_SHA
-         return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20);
-
       case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8
          return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
 
@@ -420,9 +402,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
       case 0xC08F: // PSK_WITH_CAMELLIA_256_GCM_SHA384
          return Ciphersuite(0xC08F, "", "PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
 
-      case 0x008A: // PSK_WITH_RC4_128_SHA
-         return Ciphersuite(0x008A, "", "PSK", "RC4", 16, 0, 0, "SHA-1", 20);
-
       case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA
          return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, 0, "SHA-1", 20);
 
@@ -474,12 +453,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
       case 0xC07B: // RSA_WITH_CAMELLIA_256_GCM_SHA384
          return Ciphersuite(0xC07B, "RSA", "RSA", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
 
-      case 0x0004: // RSA_WITH_RC4_128_MD5
-         return Ciphersuite(0x0004, "RSA", "RSA", "RC4", 16, 0, 0, "MD5", 16);
-
-      case 0x0005: // RSA_WITH_RC4_128_SHA
-         return Ciphersuite(0x0005, "RSA", "RSA", "RC4", 16, 0, 0, "SHA-1", 20);
-
       case 0x0096: // RSA_WITH_SEED_CBC_SHA
          return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, 0, "SHA-1", 20);
 
diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py
index c9044084f..8589ddeec 100755
--- a/src/scripts/tls_suite_info.py
+++ b/src/scripts/tls_suite_info.py
@@ -200,7 +200,7 @@ def main(args = None):
     if args is None:
         args = sys.argv
 
-    weak_crypto = ['EXPORT', 'RC2', 'IDEA', '_DES_', 'WITH_NULL']
+    weak_crypto = ['EXPORT', 'RC2', 'IDEA', 'RC4', '_DES_', 'WITH_NULL']
     static_dh = ['ECDH_ECDSA', 'ECDH_RSA', 'DH_DSS', 'DH_RSA'] # not supported
     protocol_goop = ['SCSV', 'KRB5']
     maybe_someday = ['ARIA', 'RSA_PSK']
@@ -245,14 +245,14 @@ def main(args = None):
     # From http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01
     define_custom_ciphersuite('DHE_DSS_WITH_RC4_128_SHA', '0066')
 
-    if options.with_chacha and False:
+    if options.with_chacha:
         # Google servers - draft-agl-tls-chacha20poly1305-04
         define_custom_ciphersuite('ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC13')
         define_custom_ciphersuite('ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CC14')
         define_custom_ciphersuite('DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC15')
 
-    if options.with_chacha:
-        # Provisional IETF ChaCha suites:
+    if options.with_chacha and False:
+        # Provisional IETF ChaCha suites
         define_custom_ciphersuite('RSA_WITH_CHACHA20_POLY1305_SHA256', 'CD30')
         define_custom_ciphersuite('ECDSA_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CD31')
         define_custom_ciphersuite('ECDSA_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CD32')