diff options
-rw-r--r-- | doc/manual/tls.rst | 4 | ||||
-rw-r--r-- | doc/relnotes/index.rst | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_record.cpp | 22 | ||||
-rw-r--r-- | src/lib/tls/tls_record.h | 4 | ||||
-rw-r--r-- | src/lib/tls/tls_suite_info.cpp | 29 | ||||
-rwxr-xr-x | src/scripts/tls_suite_info.py | 8 |
6 files changed, 13 insertions, 56 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 16fced4ea..26ac6a801 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -527,11 +527,11 @@ policy settings from a file. Also allowed (though currently experimental): "AES-128/OCB(12)", "AES-256/OCB(12)" - Also allowed (although **not recommended**): "SEED", "3DES", "RC4" + Also allowed (although **not recommended**): "SEED", "3DES" .. note:: - RC4 will never be negotiated in DTLS due to protocol limitations + Support for the broken RC4 cipher was removed in 1.11.17 .. cpp:function:: std::vector<std::string> allowed_macs() const diff --git a/doc/relnotes/index.rst b/doc/relnotes/index.rst index 896b70479..f94a0bfea 100644 --- a/doc/relnotes/index.rst +++ b/doc/relnotes/index.rst @@ -8,6 +8,8 @@ Series 1.11 .. toctree:: :maxdepth: 1 + 1_11_17 + 1_11_16 1_11_15 1_11_14 1_11_13 diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 6ccb31165..fb8079bdc 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -1,6 +1,6 @@ /* * TLS Record Handling -* (C) 2012,2013,2014 Jack Lloyd +* (C) 2012,2013,2014,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -73,11 +73,6 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, if(version.supports_explicit_cbc_ivs()) m_iv_size = m_block_size; } - else if(StreamCipher* sc = get_stream_cipher(cipher_algo)) - { - m_stream_cipher.reset(sc); - m_stream_cipher->set_key(cipher_key); - } else throw Invalid_Argument("Unknown TLS cipher " + cipher_algo); @@ -236,11 +231,7 @@ void write_record(secure_vector<byte>& output, BOTAN_ASSERT_EQUAL(buf_size + header_size, output.size(), "Output buffer is sized properly"); - if(StreamCipher* sc = cs->stream_cipher()) - { - sc->cipher1(&output[header_size], buf_size); - } - else if(BlockCipher* bc = cs->block_cipher()) + if(BlockCipher* bc = cs->block_cipher()) { secure_vector<byte>& cbc_state = cs->cbc_state(); @@ -388,17 +379,12 @@ void decrypt_record(secure_vector<byte>& output, } else { - // GenericBlockCipher / GenericStreamCipher case + // GenericBlockCipher case volatile bool padding_bad = false; size_t pad_size = 0; - if(StreamCipher* sc = cs.stream_cipher()) - { - sc->cipher1(record_contents, record_len); - // no padding to check or remove - } - else if(BlockCipher* bc = cs.block_cipher()) + if(BlockCipher* bc = cs.block_cipher()) { cbc_decrypt_record(record_contents, record_len, cs, *bc); diff --git a/src/lib/tls/tls_record.h b/src/lib/tls/tls_record.h index 46f87a9af..d7aa82e71 100644 --- a/src/lib/tls/tls_record.h +++ b/src/lib/tls/tls_record.h @@ -12,7 +12,6 @@ #include <botan/tls_version.h> #include <botan/aead.h> #include <botan/block_cipher.h> -#include <botan/stream_cipher.h> #include <botan/mac.h> #include <vector> #include <chrono> @@ -53,8 +52,6 @@ class Connection_Cipher_State BlockCipher* block_cipher() { return m_block_cipher.get(); } - StreamCipher* stream_cipher() { return m_stream_cipher.get(); } - MessageAuthenticationCode* mac() { return m_mac.get(); } secure_vector<byte>& cbc_state() { return m_block_cipher_cbc_state; } @@ -82,7 +79,6 @@ class Connection_Cipher_State std::chrono::system_clock::time_point m_start_time; std::unique_ptr<BlockCipher> m_block_cipher; secure_vector<byte> m_block_cipher_cbc_state; - std::unique_ptr<StreamCipher> m_stream_cipher; std::unique_ptr<MessageAuthenticationCode> m_mac; std::unique_ptr<AEAD_Mode> m_aead; diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp index 02d277173..cb5c1d4c5 100644 --- a/src/lib/tls/tls_suite_info.cpp +++ b/src/lib/tls/tls_suite_info.cpp @@ -3,7 +3,7 @@ * * This file was automatically generated from the IANA assignments * (tls-parameters.txt hash 4bc98b6f75ad5b63952b5f457fa7adbfef60f095) -* by ./src/scripts/tls_suite_info.py on 2015-01-30 +* by ./src/scripts/tls_suite_info.py on 2015-05-11 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -108,9 +108,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xC091: // DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC091, "", "DHE_PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0x008E: // DHE_PSK_WITH_RC4_128_SHA - return Ciphersuite(0x008E, "", "DHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20); - case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20); @@ -213,9 +210,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xC085: // DH_anon_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC085, "", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0x0018: // DH_anon_WITH_RC4_128_MD5 - return Ciphersuite(0x0018, "", "DH", "RC4", 16, 0, 0, "MD5", 16); - case 0x009B: // DH_anon_WITH_SEED_CBC_SHA return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, 0, "SHA-1", 20); @@ -273,9 +267,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xCC14: // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 return Ciphersuite(0xCC14, "ECDSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); - case 0xC007: // ECDHE_ECDSA_WITH_RC4_128_SHA - return Ciphersuite(0xC007, "ECDSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20); - case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20); @@ -303,9 +294,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); - case 0xC033: // ECDHE_PSK_WITH_RC4_128_SHA - return Ciphersuite(0xC033, "", "ECDHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20); - case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); @@ -348,9 +336,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xCC13: // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 return Ciphersuite(0xCC13, "RSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); - case 0xC011: // ECDHE_RSA_WITH_RC4_128_SHA - return Ciphersuite(0xC011, "RSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20); - case 0xC017: // ECDH_anon_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); @@ -360,9 +345,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xC019: // ECDH_anon_WITH_AES_256_CBC_SHA return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); - case 0xC016: // ECDH_anon_WITH_RC4_128_SHA - return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20); - case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8 return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); @@ -420,9 +402,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xC08F: // PSK_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC08F, "", "PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0x008A: // PSK_WITH_RC4_128_SHA - return Ciphersuite(0x008A, "", "PSK", "RC4", 16, 0, 0, "SHA-1", 20); - case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, 0, "SHA-1", 20); @@ -474,12 +453,6 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xC07B: // RSA_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC07B, "RSA", "RSA", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); - case 0x0004: // RSA_WITH_RC4_128_MD5 - return Ciphersuite(0x0004, "RSA", "RSA", "RC4", 16, 0, 0, "MD5", 16); - - case 0x0005: // RSA_WITH_RC4_128_SHA - return Ciphersuite(0x0005, "RSA", "RSA", "RC4", 16, 0, 0, "SHA-1", 20); - case 0x0096: // RSA_WITH_SEED_CBC_SHA return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, 0, "SHA-1", 20); diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index c9044084f..8589ddeec 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -200,7 +200,7 @@ def main(args = None): if args is None: args = sys.argv - weak_crypto = ['EXPORT', 'RC2', 'IDEA', '_DES_', 'WITH_NULL'] + weak_crypto = ['EXPORT', 'RC2', 'IDEA', 'RC4', '_DES_', 'WITH_NULL'] static_dh = ['ECDH_ECDSA', 'ECDH_RSA', 'DH_DSS', 'DH_RSA'] # not supported protocol_goop = ['SCSV', 'KRB5'] maybe_someday = ['ARIA', 'RSA_PSK'] @@ -245,14 +245,14 @@ def main(args = None): # From http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01 define_custom_ciphersuite('DHE_DSS_WITH_RC4_128_SHA', '0066') - if options.with_chacha and False: + if options.with_chacha: # Google servers - draft-agl-tls-chacha20poly1305-04 define_custom_ciphersuite('ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC13') define_custom_ciphersuite('ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CC14') define_custom_ciphersuite('DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC15') - if options.with_chacha: - # Provisional IETF ChaCha suites: + if options.with_chacha and False: + # Provisional IETF ChaCha suites define_custom_ciphersuite('RSA_WITH_CHACHA20_POLY1305_SHA256', 'CD30') define_custom_ciphersuite('ECDSA_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CD31') define_custom_ciphersuite('ECDSA_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CD32') |