diff options
author | Denys Vlasenko | 2022-09-08 16:31:44 +0200 |
---|---|---|
committer | Denys Vlasenko | 2022-09-08 16:31:44 +0200 |
commit | 9bab580cd4337a3b9daf7d63f1fc863b7a569ae0 (patch) | |
tree | 22c3e4f3f12d89e04960b07a13beeff426ad6a78 | |
parent | 526625bc83e63e6e5a3ec5296a1b868e72b3b01e (diff) | |
download | busybox-9bab580cd4337a3b9daf7d63f1fc863b7a569ae0.zip busybox-9bab580cd4337a3b9daf7d63f1fc863b7a569ae0.tar.gz |
tls: include signature_algorithms extension in client hello message
function old new delta
tls_xread_record 629 645 +16
.rodata 105167 105179 +12
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 28/0) Total: 28 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | networking/tls.c | 91 |
1 files changed, 73 insertions, 18 deletions
diff --git a/networking/tls.c b/networking/tls.c index 415952f..935ca76 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -948,11 +948,46 @@ static int tls_has_buffered_record(tls_state_t *tls) static const char *alert_text(int code) { + //10 unexpected_message + //20 bad_record_mac + //21 decryption_failed + //22 record_overflow + //30 decompression_failure + //40 handshake_failure + //41 no_certificate + //42 bad_certificate + //43 unsupported_certificate + //44 certificate_revoked + //45 certificate_expired + //46 certificate_unknown + //47 illegal_parameter + //48 unknown_ca + //49 access_denied + //50 decode_error + //51 decrypt_error + //52 too_many_cids_requested + //60 export_restriction + //70 protocol_version + //71 insufficient_security + //80 internal_error + //86 inappropriate_fallback + //90 user_canceled + //100 no_renegotiation + //109 missing_extension + //110 unsupported_extension + //111 certificate_unobtainable + //112 unrecognized_name + //113 bad_certificate_status_response + //114 bad_certificate_hash_value + //115 unknown_psk_identity + //116 certificate_required + //120 no_application_protocol switch (code) { case 20: return "bad MAC"; case 50: return "decode error"; - case 51: return "decrypt error"; case 40: return "handshake failure"; + case 51: return "decrypt error"; + case 80: return "internal error"; case 112: return "unrecognized name"; } return itoa(code); @@ -1531,26 +1566,47 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) #endif 0x01,0x00, //not a cipher - comprtypes_len, comprtype }; - static const uint8_t supported_groups[] = { + // https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + static const uint8_t extensions[] = { + // is.gd responds with "handshake failure" to our hello if there's no supported_groups 0x00,0x0a, //extension_type: "supported_groups" - 0x00,2 * (1 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //ext len - 0x00,2 * (0 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //list len + 0x00,2 * (1 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //ext len + 0x00,2 * (0 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //list len #if ALLOW_CURVE_P256 - 0x00,0x17, //curve_secp256r1 (aka P256, aka prime256v1) + 0x00,0x17, //curve_secp256r1 (aka P256, aka prime256v1) #endif - //0x00,0x18, //curve_secp384r1 - //0x00,0x19, //curve_secp521r1 + //0x00,0x18, //curve_secp384r1 + //0x00,0x19, //curve_secp521r1 #if ALLOW_CURVE_X25519 - 0x00,0x1d, //curve_x25519 (RFC 7748) + 0x00,0x1d, //curve_x25519 (RFC 7748) +#endif + //0x00,0x1e, //curve_x448 (RFC 7748) + + //0x00,0x0b,0x00,0x04,0x03,0x00,0x01,0x02, //extension_type: "ec_point_formats" + //0x00,0x16,0x00,0x00, //extension_type: "encrpypt-then-mac" + //0x00,0x17,0x00,0x00, //extension_type: "extended_master" + //0x00,0x23,0x00,0x00, //extension_type: "session_ticket" + + // kojipkgs.fedoraproject.org responds with alert code 80 ("internal error") + // to our hello without signature_algorithms. + // It is satisfied with just 0x04,0x01. + 0x00,0x0d, //extension_type: "signature_algorithms" (RFC5246 section 7.4.1.4.1): +#define SIGALGS (3 + 3 * ENABLE_FEATURE_TLS_SHA1) + 0x00,2 * (1 + SIGALGS), //ext len + 0x00,2 * (0 + SIGALGS), //list len + //Format: two bytes + // byte 1: 0:none,1:md5,2:sha1,3:sha224,4:sha256,5:sha384,6:sha512 + // byte 2: 1:rsa,2:dsa,3:ecdsa + // (note that TLS 1.3 changes this, see RFC8446 section 4.2.3) +#if ENABLE_FEATURE_TLS_SHA1 + 0x02,0x01, //sha1 + rsa + 0x02,0x02, //sha1 + dsa + 0x02,0x03, //sha1 + ecdsa #endif - //0x00,0x1e, //curve_x448 (RFC 7748) + 0x04,0x01, //sha256 + rsa - kojipkgs.fedoraproject.org wants this + 0x04,0x02, //sha256 + dsa + 0x04,0x03, //sha256 + ecdsa }; - //static const uint8_t signature_algorithms[] = { - // 000d - // 0020 - // 001e - // 0601 0602 0603 0501 0502 0503 0401 0402 0403 0301 0302 0303 0201 0202 0203 - //}; struct client_hello { uint8_t type; @@ -1591,8 +1647,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) int sni_len = sni ? strnlen(sni, 127 - 5) : 0; ext_len = 0; - /* is.gd responds with "handshake failure" to our hello if there's no supported_groups element */ - ext_len += sizeof(supported_groups); + ext_len += sizeof(extensions); if (sni_len) ext_len += 9 + sni_len; @@ -1626,7 +1681,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) ptr[8] = sni_len; //name len ptr = mempcpy(&ptr[9], sni, sni_len); } - memcpy(ptr, supported_groups, sizeof(supported_groups)); + memcpy(ptr, extensions, sizeof(extensions)); tls->hsd = xzalloc(sizeof(*tls->hsd)); /* HANDSHAKE HASH: ^^^ + len if need to save saved_client_hello */ |