Add TLS_PSK tests

Fix a bug which rejected any short server key exchanges. These can
occur with a plain PSK with short or empty identity hints.

Disable SHA-224 by default.

Remove some vestigal RC4 cruft.

Push more on the TLS corruption tests.

3 files changed, 5 insertions, 14 deletions

diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp
index 3fcdb5ab2..50caf3288 100644
--- a/src/lib/tls/msg_server_kex.cpp
+++ b/src/lib/tls/msg_server_kex.cpp
@@ -1,6 +1,6 @@
 /*
 * Server Key Exchange Message
-* (C) 2004-2010,2012 Jack Lloyd
+* (C) 2004-2010,2012,2015 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -145,9 +145,6 @@ Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf,
                                          Protocol_Version version) :
    m_kex_key(nullptr), m_srp_params(nullptr)
    {
-   if(buf.size() < 6)
-      throw Decoding_Error("Server_Key_Exchange: Packet corrupted");
-
    TLS_Data_Reader reader("ServerKeyExchange", buf);
 
    /*
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index d8dd2c828..7d1af71ef 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -1,6 +1,6 @@
 /*
 * Policies for TLS
-* (C) 2004-2010,2012 Jack Lloyd
+* (C) 2004-2010,2012,2015 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -44,7 +44,7 @@ std::vector<std::string> Policy::allowed_signature_hashes() const
       "SHA-512",
       "SHA-384",
       "SHA-256",
-      "SHA-224",
+      //"SHA-224",
       //"SHA-1",
       //"MD5",
       };
@@ -282,9 +282,6 @@ std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version,
       if(!have_srp && suite.kex_algo() == "SRP_SHA")
          continue;
 
-      if(version.is_datagram_protocol() && suite.cipher_algo() == "RC4")
-         continue;
-
       if(!version.supports_aead_modes() && suite.mac_algo() == "AEAD")
          continue;
 
diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp
index cb5c1d4c5..5aff035b9 100644
--- a/src/lib/tls/tls_suite_info.cpp
+++ b/src/lib/tls/tls_suite_info.cpp
@@ -2,8 +2,8 @@
 * TLS cipher suite information
 *
 * This file was automatically generated from the IANA assignments
-* (tls-parameters.txt hash 4bc98b6f75ad5b63952b5f457fa7adbfef60f095)
-* by ./src/scripts/tls_suite_info.py on 2015-05-11
+* (tls-parameters.txt hash 6a934405ed41aa4d6113dad17f815867741430ac)
+* by ./src/scripts/tls_suite_info.py on 2015-11-13
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -57,9 +57,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
       case 0xC081: // DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
          return Ciphersuite(0xC081, "DSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
 
-      case 0x0066: // DHE_DSS_WITH_RC4_128_SHA
-         return Ciphersuite(0x0066, "DSA", "DH", "RC4", 16, 0, 0, "SHA-1", 20);
-
       case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA
          return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20);