TLS client: Add signature_algorithms extension into ClientHello
Since we support only SHA256 (and not the default SHA1) with TLS v1.2, the signature_algorithms extensions needs to be added into ClientHello. This fixes interop issues with the current version of OpenSSL that uses the default SHA1 hash if ClientHello does not specify allowed signature algorithms. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
9e8809a717
commit
0aed9156ef
3 changed files with 35 additions and 5 deletions
|
@ -691,18 +691,16 @@ int tlsv1_client_hello_ext(struct tlsv1_client *conn, int ext_type,
|
||||||
if (data == NULL || data_len == 0)
|
if (data == NULL || data_len == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
pos = conn->client_hello_ext = os_malloc(6 + data_len);
|
pos = conn->client_hello_ext = os_malloc(4 + data_len);
|
||||||
if (pos == NULL)
|
if (pos == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
WPA_PUT_BE16(pos, 4 + data_len);
|
|
||||||
pos += 2;
|
|
||||||
WPA_PUT_BE16(pos, ext_type);
|
WPA_PUT_BE16(pos, ext_type);
|
||||||
pos += 2;
|
pos += 2;
|
||||||
WPA_PUT_BE16(pos, data_len);
|
WPA_PUT_BE16(pos, data_len);
|
||||||
pos += 2;
|
pos += 2;
|
||||||
os_memcpy(pos, data, data_len);
|
os_memcpy(pos, data, data_len);
|
||||||
conn->client_hello_ext_len = 6 + data_len;
|
conn->client_hello_ext_len = 4 + data_len;
|
||||||
|
|
||||||
if (ext_type == TLS_EXT_PAC_OPAQUE) {
|
if (ext_type == TLS_EXT_PAC_OPAQUE) {
|
||||||
conn->session_ticket_included = 1;
|
conn->session_ticket_included = 1;
|
||||||
|
|
|
@ -47,6 +47,7 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
|
||||||
u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;
|
u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;
|
||||||
struct os_time now;
|
struct os_time now;
|
||||||
size_t len, i;
|
size_t len, i;
|
||||||
|
u8 *ext_start;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Send ClientHello");
|
wpa_printf(MSG_DEBUG, "TLSv1: Send ClientHello");
|
||||||
*out_len = 0;
|
*out_len = 0;
|
||||||
|
@ -61,7 +62,7 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
|
||||||
wpa_hexdump(MSG_MSGDUMP, "TLSv1: client_random",
|
wpa_hexdump(MSG_MSGDUMP, "TLSv1: client_random",
|
||||||
conn->client_random, TLS_RANDOM_LEN);
|
conn->client_random, TLS_RANDOM_LEN);
|
||||||
|
|
||||||
len = 100 + conn->num_cipher_suites * 2 + conn->client_hello_ext_len;
|
len = 150 + conn->num_cipher_suites * 2 + conn->client_hello_ext_len;
|
||||||
hello = os_malloc(len);
|
hello = os_malloc(len);
|
||||||
if (hello == NULL)
|
if (hello == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -101,12 +102,42 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
|
||||||
*pos++ = 1;
|
*pos++ = 1;
|
||||||
*pos++ = TLS_COMPRESSION_NULL;
|
*pos++ = TLS_COMPRESSION_NULL;
|
||||||
|
|
||||||
|
/* Extension */
|
||||||
|
ext_start = pos;
|
||||||
|
pos += 2;
|
||||||
|
|
||||||
|
#ifdef CONFIG_TLSV12
|
||||||
|
if (conn->rl.tls_version >= TLS_VERSION_1_2) {
|
||||||
|
/*
|
||||||
|
* Add signature_algorithms extension since we support only
|
||||||
|
* SHA256 (and not the default SHA1) with TLSv1.2.
|
||||||
|
*/
|
||||||
|
/* ExtensionsType extension_type = signature_algorithms(13) */
|
||||||
|
WPA_PUT_BE16(pos, TLS_EXT_SIGNATURE_ALGORITHMS);
|
||||||
|
pos += 2;
|
||||||
|
/* opaque extension_data<0..2^16-1> length */
|
||||||
|
WPA_PUT_BE16(pos, 4);
|
||||||
|
pos += 2;
|
||||||
|
/* supported_signature_algorithms<2..2^16-2> length */
|
||||||
|
WPA_PUT_BE16(pos, 2);
|
||||||
|
pos += 2;
|
||||||
|
/* supported_signature_algorithms */
|
||||||
|
*pos++ = TLS_HASH_ALG_SHA256;
|
||||||
|
*pos++ = TLS_SIGN_ALG_RSA;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_TLSV12 */
|
||||||
|
|
||||||
if (conn->client_hello_ext) {
|
if (conn->client_hello_ext) {
|
||||||
os_memcpy(pos, conn->client_hello_ext,
|
os_memcpy(pos, conn->client_hello_ext,
|
||||||
conn->client_hello_ext_len);
|
conn->client_hello_ext_len);
|
||||||
pos += conn->client_hello_ext_len;
|
pos += conn->client_hello_ext_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (pos == ext_start + 2)
|
||||||
|
pos -= 2; /* no extensions */
|
||||||
|
else
|
||||||
|
WPA_PUT_BE16(ext_start, pos - ext_start - 2);
|
||||||
|
|
||||||
WPA_PUT_BE24(hs_length, pos - hs_length - 3);
|
WPA_PUT_BE24(hs_length, pos - hs_length - 3);
|
||||||
tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
|
tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
|
||||||
|
|
||||||
|
|
|
@ -169,6 +169,7 @@ enum {
|
||||||
#define TLS_EXT_TRUSTED_CA_KEYS 3 /* RFC 4366 */
|
#define TLS_EXT_TRUSTED_CA_KEYS 3 /* RFC 4366 */
|
||||||
#define TLS_EXT_TRUNCATED_HMAC 4 /* RFC 4366 */
|
#define TLS_EXT_TRUNCATED_HMAC 4 /* RFC 4366 */
|
||||||
#define TLS_EXT_STATUS_REQUEST 5 /* RFC 4366 */
|
#define TLS_EXT_STATUS_REQUEST 5 /* RFC 4366 */
|
||||||
|
#define TLS_EXT_SIGNATURE_ALGORITHMS 13 /* RFC 5246 */
|
||||||
#define TLS_EXT_SESSION_TICKET 35 /* RFC 4507 */
|
#define TLS_EXT_SESSION_TICKET 35 /* RFC 4507 */
|
||||||
|
|
||||||
#define TLS_EXT_PAC_OPAQUE TLS_EXT_SESSION_TICKET /* EAP-FAST terminology */
|
#define TLS_EXT_PAC_OPAQUE TLS_EXT_SESSION_TICKET /* EAP-FAST terminology */
|
||||||
|
|
Loading…
Reference in a new issue