aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2018-12-10 16:14:58 +0100
committerDenys Vlasenko <vda.linux@googlemail.com>2018-12-10 16:14:58 +0100
commit71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933 (patch)
treeb3fd3e6b7ab5315852d9530f2e930159ea860852
parentdafbc2cdb8825ed36a25f9a6275d5226f35d3bd3 (diff)
downloadbusybox-w32-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.tar.gz
busybox-w32-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.tar.bz2
busybox-w32-71fa5b0a4c3cce55460de2f6d49e3a4a63f1b933.zip
tls: introduce FEATURE_TLS_SHA1 to make SHA1 code optional
When disabled: function old new delta xwrite_encrypted 580 579 -1 prf_hmac_sha256 222 217 -5 hmac_begin 158 149 -9 static.ciphers 32 20 -12 tls_handshake 2115 2095 -20 hmac 87 61 -26 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/6 up/down: 0/-73) Total: -73 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat
-rw-r--r--networking/Config.src11
-rw-r--r--networking/tls.c36
2 files changed, 41 insertions, 6 deletions
diff --git a/networking/Config.src b/networking/Config.src
index 2ce5287de..04d644bc9 100644
--- a/networking/Config.src
+++ b/networking/Config.src
@@ -46,6 +46,17 @@ config VERBOSE_RESOLUTION_ERRORS
46 "can't resolve 'hostname.com'" and want to know more. 46 "can't resolve 'hostname.com'" and want to know more.
47 This may increase size of your executable a bit. 47 This may increase size of your executable a bit.
48 48
49config FEATURE_TLS_SHA1
50 bool "In TLS code, support ciphers which use deprecated SHA1"
51 depends on TLS
52 default n
53 help
54 Selecting this option increases interoperability with very old
55 servers, but slightly increases code size.
56
57 Most TLS servers support SHA256 today (2018), since SHA1 is
58 considered possibly insecure (although not yet definitely broken).
59
49INSERT 60INSERT
50 61
51source networking/udhcp/Config.in 62source networking/udhcp/Config.in
diff --git a/networking/tls.c b/networking/tls.c
index b0eb7b90c..3efb0519d 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -6,6 +6,8 @@
6//config:config TLS 6//config:config TLS
7//config: bool #No description makes it a hidden option 7//config: bool #No description makes it a hidden option
8//config: default n 8//config: default n
9//Note:
10//Config.src also defines FEATURE_TLS_SHA1 option
9 11
10//kbuild:lib-$(CONFIG_TLS) += tls.o 12//kbuild:lib-$(CONFIG_TLS) += tls.o
11//kbuild:lib-$(CONFIG_TLS) += tls_pstm.o 13//kbuild:lib-$(CONFIG_TLS) += tls_pstm.o
@@ -394,7 +396,7 @@ static void hash_handshake(tls_state_t *tls, const char *fmt, const void *buffer
394 dump_hex(fmt, buffer, len); 396 dump_hex(fmt, buffer, len);
395 dbg(" (%u bytes) ", (int)len); 397 dbg(" (%u bytes) ", (int)len);
396 len = sha_peek(&tls->hsd->handshake_hash_ctx, h); 398 len = sha_peek(&tls->hsd->handshake_hash_ctx, h);
397 if (len == SHA1_OUTSIZE) 399 if (ENABLE_FEATURE_TLS_SHA1 && len == SHA1_OUTSIZE)
398 dump_hex("sha1:%s\n", h, len); 400 dump_hex("sha1:%s\n", h, len);
399 else 401 else
400 if (len == SHA256_OUTSIZE) 402 if (len == SHA256_OUTSIZE)
@@ -421,6 +423,11 @@ typedef struct hmac_precomputed {
421} hmac_precomputed_t; 423} hmac_precomputed_t;
422 424
423typedef void md5sha_begin_func(md5sha_ctx_t *ctx) FAST_FUNC; 425typedef void md5sha_begin_func(md5sha_ctx_t *ctx) FAST_FUNC;
426#if !ENABLE_FEATURE_TLS_SHA1
427#define hmac_begin(pre,key,key_size,begin) \
428 hmac_begin(pre,key,key_size)
429#define begin sha256_begin
430#endif
424static void hmac_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned key_size, md5sha_begin_func *begin) 431static void hmac_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned key_size, md5sha_begin_func *begin)
425{ 432{
426 uint8_t key_xor_ipad[SHA_INSIZE]; 433 uint8_t key_xor_ipad[SHA_INSIZE];
@@ -461,6 +468,7 @@ static void hmac_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned key_size,
461 md5sha_hash(&pre->hashed_key_xor_ipad, key_xor_ipad, SHA_INSIZE); 468 md5sha_hash(&pre->hashed_key_xor_ipad, key_xor_ipad, SHA_INSIZE);
462 md5sha_hash(&pre->hashed_key_xor_opad, key_xor_opad, SHA_INSIZE); 469 md5sha_hash(&pre->hashed_key_xor_opad, key_xor_opad, SHA_INSIZE);
463} 470}
471#undef begin
464 472
465static unsigned hmac_sha_precomputed_v( 473static unsigned hmac_sha_precomputed_v(
466 hmac_precomputed_t *pre, 474 hmac_precomputed_t *pre,
@@ -498,6 +506,10 @@ static unsigned hmac_sha_precomputed(hmac_precomputed_t *pre_init, uint8_t *out,
498 return len; 506 return len;
499} 507}
500 508
509#if !ENABLE_FEATURE_TLS_SHA1
510#define hmac(tls,out,key,key_size,...) \
511 hmac(out,key,key_size, __VA_ARGS__)
512#endif
501static unsigned hmac(tls_state_t *tls, uint8_t *out, uint8_t *key, unsigned key_size, ...) 513static unsigned hmac(tls_state_t *tls, uint8_t *out, uint8_t *key, unsigned key_size, ...)
502{ 514{
503 hmac_precomputed_t pre; 515 hmac_precomputed_t pre;
@@ -507,7 +519,7 @@ static unsigned hmac(tls_state_t *tls, uint8_t *out, uint8_t *key, unsigned key_
507 va_start(va, key_size); 519 va_start(va, key_size);
508 520
509 hmac_begin(&pre, key, key_size, 521 hmac_begin(&pre, key, key_size,
510 (tls->MAC_size == SHA256_OUTSIZE) 522 (ENABLE_FEATURE_TLS_SHA1 || tls->MAC_size == SHA256_OUTSIZE)
511 ? sha256_begin 523 ? sha256_begin
512 : sha1_begin 524 : sha1_begin
513 ); 525 );
@@ -1466,15 +1478,17 @@ static ALWAYS_INLINE void fill_handshake_record_hdr(void *buf, unsigned type, un
1466 1478
1467static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) 1479static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
1468{ 1480{
1469#define NUM_CIPHERS (13 + ALLOW_RSA_NULL_SHA256) 1481#define NUM_CIPHERS (7 + 6 * ENABLE_FEATURE_TLS_SHA1 + ALLOW_RSA_NULL_SHA256)
1470 static const uint8_t ciphers[] = { 1482 static const uint8_t ciphers[] = {
1471 0x00,(1 + NUM_CIPHERS) * 2, //len16_be 1483 0x00,(1 + NUM_CIPHERS) * 2, //len16_be
1472 0x00,0xFF, //not a cipher - TLS_EMPTY_RENEGOTIATION_INFO_SCSV 1484 0x00,0xFF, //not a cipher - TLS_EMPTY_RENEGOTIATION_INFO_SCSV
1473 /* ^^^^^^ RFC 5746 Renegotiation Indication Extension - some servers will refuse to work with us otherwise */ 1485 /* ^^^^^^ RFC 5746 Renegotiation Indication Extension - some servers will refuse to work with us otherwise */
1486#if ENABLE_FEATURE_TLS_SHA1
1474 0xC0,0x09, // 1 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - ok: wget https://is.gd/ 1487 0xC0,0x09, // 1 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - ok: wget https://is.gd/
1475 0xC0,0x0A, // 2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ok: wget https://is.gd/ 1488 0xC0,0x0A, // 2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ok: wget https://is.gd/
1476 0xC0,0x13, // 3 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA 1489 0xC0,0x13, // 3 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA
1477 0xC0,0x14, // 4 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES256-SHA (might fail with older openssl) 1490 0xC0,0x14, // 4 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES256-SHA (might fail with older openssl)
1491#endif
1478 0xC0,0x23, // 5 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ok: wget https://is.gd/ 1492 0xC0,0x23, // 5 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ok: wget https://is.gd/
1479 // 0xC0,0x24, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet 1493 // 0xC0,0x24, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet
1480 0xC0,0x27, // 6 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA256 1494 0xC0,0x27, // 6 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA256
@@ -1485,12 +1499,16 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
1485 0xC0,0x2F, // 8 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-GCM-SHA256 1499 0xC0,0x2F, // 8 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-GCM-SHA256
1486 // 0xC0,0x30, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - openssl s_server ... -cipher ECDHE-RSA-AES256-GCM-SHA384: "decryption failed or bad record mac" 1500 // 0xC0,0x30, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - openssl s_server ... -cipher ECDHE-RSA-AES256-GCM-SHA384: "decryption failed or bad record mac"
1487 //possibly these too: 1501 //possibly these too:
1502#if ENABLE_FEATURE_TLS_SHA1
1488 // 0xC0,0x35, // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 1503 // 0xC0,0x35, // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
1489 // 0xC0,0x36, // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 1504 // 0xC0,0x36, // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
1505#endif
1490 // 0xC0,0x37, // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 1506 // 0xC0,0x37, // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
1491 // 0xC0,0x38, // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet 1507 // 0xC0,0x38, // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet
1508#if ENABLE_FEATURE_TLS_SHA1
1492 0x00,0x2F, // 9 TLS_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher AES128-SHA 1509 0x00,0x2F, // 9 TLS_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher AES128-SHA
1493 0x00,0x35, //10 TLS_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher AES256-SHA 1510 0x00,0x35, //10 TLS_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher AES256-SHA
1511#endif
1494 0x00,0x3C, //11 TLS_RSA_WITH_AES_128_CBC_SHA256 - ok: openssl s_server ... -cipher AES128-SHA256 1512 0x00,0x3C, //11 TLS_RSA_WITH_AES_128_CBC_SHA256 - ok: openssl s_server ... -cipher AES128-SHA256
1495 0x00,0x3D, //12 TLS_RSA_WITH_AES_256_CBC_SHA256 - ok: openssl s_server ... -cipher AES256-SHA256 1513 0x00,0x3D, //12 TLS_RSA_WITH_AES_256_CBC_SHA256 - ok: openssl s_server ... -cipher AES256-SHA256
1496 0x00,0x9C, //13 TLS_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher AES128-GCM-SHA256 1514 0x00,0x9C, //13 TLS_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher AES128-GCM-SHA256
@@ -1669,10 +1687,12 @@ static void get_server_hello(tls_state_t *tls)
1669 1687
1670 /* Set up encryption params based on selected cipher */ 1688 /* Set up encryption params based on selected cipher */
1671#if 0 1689#if 0
1690#if ENABLE_FEATURE_TLS_SHA1
1672 0xC0,0x09, // 1 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - ok: wget https://is.gd/ 1691 0xC0,0x09, // 1 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - ok: wget https://is.gd/
1673 0xC0,0x0A, // 2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ok: wget https://is.gd/ 1692 0xC0,0x0A, // 2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ok: wget https://is.gd/
1674 0xC0,0x13, // 3 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA 1693 0xC0,0x13, // 3 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA
1675 0xC0,0x14, // 4 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES256-SHA (might fail with older openssl) 1694 0xC0,0x14, // 4 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES256-SHA (might fail with older openssl)
1695#endif
1676 0xC0,0x23, // 5 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ok: wget https://is.gd/ 1696 0xC0,0x23, // 5 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ok: wget https://is.gd/
1677 // 0xC0,0x24, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet 1697 // 0xC0,0x24, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet
1678 0xC0,0x27, // 6 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA256 1698 0xC0,0x27, // 6 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA256
@@ -1682,12 +1702,16 @@ static void get_server_hello(tls_state_t *tls)
1682 0xC0,0x2F, // 8 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-GCM-SHA256 1702 0xC0,0x2F, // 8 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-GCM-SHA256
1683 // 0xC0,0x30, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - openssl s_server ... -cipher ECDHE-RSA-AES256-GCM-SHA384: "decryption failed or bad record mac" 1703 // 0xC0,0x30, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - openssl s_server ... -cipher ECDHE-RSA-AES256-GCM-SHA384: "decryption failed or bad record mac"
1684 //possibly these too: 1704 //possibly these too:
1705#if ENABLE_FEATURE_TLS_SHA1
1685 // 0xC0,0x35, // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 1706 // 0xC0,0x35, // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
1686 // 0xC0,0x36, // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 1707 // 0xC0,0x36, // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
1708#endif
1687 // 0xC0,0x37, // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 1709 // 0xC0,0x37, // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
1688 // 0xC0,0x38, // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet 1710 // 0xC0,0x38, // TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet
1711#if ENABLE_FEATURE_TLS_SHA1
1689 0x00,0x2F, // 9 TLS_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher AES128-SHA 1712 0x00,0x2F, // 9 TLS_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher AES128-SHA
1690 0x00,0x35, //10 TLS_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher AES256-SHA 1713 0x00,0x35, //10 TLS_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher AES256-SHA
1714#endif
1691 0x00,0x3C, //11 TLS_RSA_WITH_AES_128_CBC_SHA256 - ok: openssl s_server ... -cipher AES128-SHA256 1715 0x00,0x3C, //11 TLS_RSA_WITH_AES_128_CBC_SHA256 - ok: openssl s_server ... -cipher AES128-SHA256
1692 0x00,0x3D, //12 TLS_RSA_WITH_AES_256_CBC_SHA256 - ok: openssl s_server ... -cipher AES256-SHA256 1716 0x00,0x3D, //12 TLS_RSA_WITH_AES_256_CBC_SHA256 - ok: openssl s_server ... -cipher AES256-SHA256
1693 0x00,0x9C, //13 TLS_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher AES128-GCM-SHA256 1717 0x00,0x9C, //13 TLS_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher AES128-GCM-SHA256
@@ -1706,7 +1730,7 @@ static void get_server_hello(tls_state_t *tls)
1706 /* Odd numbered C0xx use AES128 (even ones use AES256) */ 1730 /* Odd numbered C0xx use AES128 (even ones use AES256) */
1707 tls->key_size = AES128_KEYSIZE; 1731 tls->key_size = AES128_KEYSIZE;
1708 } 1732 }
1709 if (cipherid1 <= 0x14) { 1733 if (ENABLE_FEATURE_TLS_SHA1 && cipherid1 <= 0x14) {
1710 tls->MAC_size = SHA1_OUTSIZE; 1734 tls->MAC_size = SHA1_OUTSIZE;
1711 } else 1735 } else
1712 if (cipherid1 >= 0x2B && cipherid1 <= 0x30) { 1736 if (cipherid1 >= 0x2B && cipherid1 <= 0x30) {
@@ -1717,13 +1741,13 @@ static void get_server_hello(tls_state_t *tls)
1717 } 1741 }
1718 } else { 1742 } else {
1719 /* All 00xx are RSA */ 1743 /* All 00xx are RSA */
1720 if (cipherid1 == 0x2F 1744 if ((ENABLE_FEATURE_TLS_SHA1 && cipherid1 == 0x2F)
1721 || cipherid1 == 0x3C 1745 || cipherid1 == 0x3C
1722 || cipherid1 == 0x9C 1746 || cipherid1 == 0x9C
1723 ) { 1747 ) {
1724 tls->key_size = AES128_KEYSIZE; 1748 tls->key_size = AES128_KEYSIZE;
1725 } 1749 }
1726 if (cipherid1 <= 0x35) { 1750 if (ENABLE_FEATURE_TLS_SHA1 && cipherid1 <= 0x35) {
1727 tls->MAC_size = SHA1_OUTSIZE; 1751 tls->MAC_size = SHA1_OUTSIZE;
1728 } else 1752 } else
1729 if (cipherid1 == 0x9C /*|| cipherid1 == 0x9D*/) { 1753 if (cipherid1 == 0x9C /*|| cipherid1 == 0x9D*/) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 15:39:07 +0000