tls: include signature_algorithms extension in client hello message

function old new delta tls_xread_record 629 645 +16 .rodata 105167 105179 +12 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 28/0) Total: 28 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2022-09-08 16:31:44 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2022-09-08 16:31:44 +0200
commit: 9bab580cd4337a3b9daf7d63f1fc863b7a569ae0 (patch)
tree: 22c3e4f3f12d89e04960b07a13beeff426ad6a78
parent: 526625bc83e63e6e5a3ec5296a1b868e72b3b01e (diff)
download: busybox-w32-9bab580cd4337a3b9daf7d63f1fc863b7a569ae0.tar.gz
busybox-w32-9bab580cd4337a3b9daf7d63f1fc863b7a569ae0.tar.bz2
busybox-w32-9bab580cd4337a3b9daf7d63f1fc863b7a569ae0.zip
1 files changed, 73 insertions, 18 deletions
diff --git a/networking/tls.c b/networking/tls.c
index 415952f16..935ca76a4 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -948,11 +948,46 @@ static int tls_has_buffered_record(tls_state_t *tls)
 static const char *alert_text(int code)
 {
+        //10 unexpected_message
+        //20 bad_record_mac
+        //21 decryption_failed
+        //22 record_overflow
+        //30 decompression_failure
+        //40 handshake_failure
+        //41 no_certificate
+        //42 bad_certificate
+        //43 unsupported_certificate
+        //44 certificate_revoked
+        //45 certificate_expired
+        //46 certificate_unknown
+        //47 illegal_parameter
+        //48 unknown_ca
+        //49 access_denied
+        //50 decode_error
+        //51 decrypt_error
+        //52 too_many_cids_requested
+        //60 export_restriction
+        //70 protocol_version
+        //71 insufficient_security
+        //80 internal_error
+        //86 inappropriate_fallback
+        //90 user_canceled
+        //100 no_renegotiation
+        //109 missing_extension
+        //110 unsupported_extension
+        //111 certificate_unobtainable
+        //112 unrecognized_name
+        //113 bad_certificate_status_response
+        //114 bad_certificate_hash_value
+        //115 unknown_psk_identity
+        //116 certificate_required
+        //120 no_application_protocol
        switch (code) {
        case 20:  return "bad MAC";
        case 50:  return "decode error";
-        case 51:  return "decrypt error";
        case 40:  return "handshake failure";
+        case 51:  return "decrypt error";
+        case 80:  return "internal error";
        case 112: return "unrecognized name";
        }
        return itoa(code);
@@ -1531,26 +1566,47 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
 #endif
                0x01,0x00, //not a cipher - comprtypes_len, comprtype
        };
-        static const uint8_t supported_groups[] = {
+        // https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+        static const uint8_t extensions[] = {
+                // is.gd responds with "handshake failure" to our hello if there's no supported_groups
                0x00,0x0a, //extension_type: "supported_groups"
-                0x00,2 * (1 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //ext len
+                        0x00,2 * (1 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //ext len
-                0x00,2 * (0 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //list len
+                        0x00,2 * (0 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //list len
 #if ALLOW_CURVE_P256
-                0x00,0x17, //curve_secp256r1 (aka P256, aka prime256v1)
+                        0x00,0x17, //curve_secp256r1 (aka P256, aka prime256v1)
 #endif
-                //0x00,0x18, //curve_secp384r1
+                        //0x00,0x18, //curve_secp384r1
-                //0x00,0x19, //curve_secp521r1
+                        //0x00,0x19, //curve_secp521r1
 #if ALLOW_CURVE_X25519
-                0x00,0x1d, //curve_x25519 (RFC 7748)
+                        0x00,0x1d, //curve_x25519 (RFC 7748)
+#endif
+                        //0x00,0x1e, //curve_x448 (RFC 7748)
+                //0x00,0x0b,0x00,0x04,0x03,0x00,0x01,0x02, //extension_type: "ec_point_formats"
+                //0x00,0x16,0x00,0x00, //extension_type: "encrpypt-then-mac"
+                //0x00,0x17,0x00,0x00, //extension_type: "extended_master"
+                //0x00,0x23,0x00,0x00, //extension_type: "session_ticket"
+                // kojipkgs.fedoraproject.org responds with alert code 80 ("internal error")
+                // to our hello without signature_algorithms.
+                // It is satisfied with just 0x04,0x01.
+                0x00,0x0d, //extension_type: "signature_algorithms" (RFC5246 section 7.4.1.4.1):
+#define SIGALGS (3 + 3 * ENABLE_FEATURE_TLS_SHA1)
+                        0x00,2 * (1 + SIGALGS), //ext len
+                        0x00,2 * (0 + SIGALGS), //list len
+                        //Format: two bytes
+                        // byte 1: 0:none,1:md5,2:sha1,3:sha224,4:sha256,5:sha384,6:sha512
+                        // byte 2: 1:rsa,2:dsa,3:ecdsa
+                        // (note that TLS 1.3 changes this, see RFC8446 section 4.2.3)
+#if ENABLE_FEATURE_TLS_SHA1
+                        0x02,0x01, //sha1 + rsa
+                        0x02,0x02, //sha1 + dsa
+                        0x02,0x03, //sha1 + ecdsa
 #endif
-                //0x00,0x1e, //curve_x448 (RFC 7748)
+                        0x04,0x01, //sha256 + rsa - kojipkgs.fedoraproject.org wants this
+                        0x04,0x02, //sha256 + dsa
+                        0x04,0x03, //sha256 + ecdsa
        };
-        //static const uint8_t signature_algorithms[] = {
-        //      000d
-        //      0020
-        //      001e
-        //      0601 0602 0603 0501 0502 0503 0401 0402 0403 0301 0302 0303 0201 0202 0203
-        //};
        struct client_hello {
                uint8_t type;
@@ -1591,8 +1647,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
        int sni_len = sni ? strnlen(sni, 127 - 5) : 0;
        ext_len = 0;
-        /* is.gd responds with "handshake failure" to our hello if there's no supported_groups element */
+        ext_len += sizeof(extensions);
-        ext_len += sizeof(supported_groups);
        if (sni_len)
                ext_len += 9 + sni_len;
@@ -1626,7 +1681,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
                ptr[8] = sni_len;         //name len
                ptr = mempcpy(&ptr[9], sni, sni_len);
        }
-        memcpy(ptr, supported_groups, sizeof(supported_groups));
+        memcpy(ptr, extensions, sizeof(extensions));
        tls->hsd = xzalloc(sizeof(*tls->hsd));
        /* HANDSHAKE HASH: ^^^ + len if need to save saved_client_hello */
author	Denys Vlasenko <vda.linux@googlemail.com>	2022-09-08 16:31:44 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2022-09-08 16:31:44 +0200
commit	9bab580cd4337a3b9daf7d63f1fc863b7a569ae0 (patch)
tree	22c3e4f3f12d89e04960b07a13beeff426ad6a78
parent	526625bc83e63e6e5a3ec5296a1b868e72b3b01e (diff)
download	busybox-w32-9bab580cd4337a3b9daf7d63f1fc863b7a569ae0.tar.gz busybox-w32-9bab580cd4337a3b9daf7d63f1fc863b7a569ae0.tar.bz2 busybox-w32-9bab580cd4337a3b9daf7d63f1fc863b7a569ae0.zip

diff --git a/networking/tls.c b/networking/tls.c index 415952f16..935ca76a4 100644 --- a/networking/tls.c +++ b/networking/tls.c
@@ -948,11 +948,46 @@ static int tls_has_buffered_record(tls_state_t *tls)
948		948
949	static const char *alert_text(int code)	949	static const char *alert_text(int code)
950	{	950	{
		951	//10 unexpected_message
		952	//20 bad_record_mac
		953	//21 decryption_failed
		954	//22 record_overflow
		955	//30 decompression_failure
		956	//40 handshake_failure
		957	//41 no_certificate
		958	//42 bad_certificate
		959	//43 unsupported_certificate
		960	//44 certificate_revoked
		961	//45 certificate_expired
		962	//46 certificate_unknown
		963	//47 illegal_parameter
		964	//48 unknown_ca
		965	//49 access_denied
		966	//50 decode_error
		967	//51 decrypt_error
		968	//52 too_many_cids_requested
		969	//60 export_restriction
		970	//70 protocol_version
		971	//71 insufficient_security
		972	//80 internal_error
		973	//86 inappropriate_fallback
		974	//90 user_canceled
		975	//100 no_renegotiation
		976	//109 missing_extension
		977	//110 unsupported_extension
		978	//111 certificate_unobtainable
		979	//112 unrecognized_name
		980	//113 bad_certificate_status_response
		981	//114 bad_certificate_hash_value
		982	//115 unknown_psk_identity
		983	//116 certificate_required
		984	//120 no_application_protocol
951	switch (code) {	985	switch (code) {
952	case 20: return "bad MAC";	986	case 20: return "bad MAC";
953	case 50: return "decode error";	987	case 50: return "decode error";
954	case 51: return "decrypt error";
955	case 40: return "handshake failure";	988	case 40: return "handshake failure";
		989	case 51: return "decrypt error";
		990	case 80: return "internal error";
956	case 112: return "unrecognized name";	991	case 112: return "unrecognized name";
957	}	992	}
958	return itoa(code);	993	return itoa(code);
@@ -1531,26 +1566,47 @@ static void send_client_hello_and_alloc_hsd(tls_state_t tls, const char sni)
1531	#endif	1566	#endif
1532	0x01,0x00, //not a cipher - comprtypes_len, comprtype	1567	0x01,0x00, //not a cipher - comprtypes_len, comprtype
1533	};	1568	};
1534	static const uint8_t supported_groups[] = {	1569	// https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
		1570	static const uint8_t extensions[] = {
		1571	// is.gd responds with "handshake failure" to our hello if there's no supported_groups
1535	0x00,0x0a, //extension_type: "supported_groups"	1572	0x00,0x0a, //extension_type: "supported_groups"
1536	0x00,2 * (1 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //ext len	1573	0x00,2 * (1 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //ext len
1537	0x00,2 * (0 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //list len	1574	0x00,2 * (0 + ALLOW_CURVE_P256 + ALLOW_CURVE_X25519), //list len
1538	#if ALLOW_CURVE_P256	1575	#if ALLOW_CURVE_P256
1539	0x00,0x17, //curve_secp256r1 (aka P256, aka prime256v1)	1576	0x00,0x17, //curve_secp256r1 (aka P256, aka prime256v1)
1540	#endif	1577	#endif
1541	//0x00,0x18, //curve_secp384r1	1578	//0x00,0x18, //curve_secp384r1
1542	//0x00,0x19, //curve_secp521r1	1579	//0x00,0x19, //curve_secp521r1
1543	#if ALLOW_CURVE_X25519	1580	#if ALLOW_CURVE_X25519
1544	0x00,0x1d, //curve_x25519 (RFC 7748)	1581	0x00,0x1d, //curve_x25519 (RFC 7748)
		1582	#endif
		1583	//0x00,0x1e, //curve_x448 (RFC 7748)
		1584
		1585	//0x00,0x0b,0x00,0x04,0x03,0x00,0x01,0x02, //extension_type: "ec_point_formats"
		1586	//0x00,0x16,0x00,0x00, //extension_type: "encrpypt-then-mac"
		1587	//0x00,0x17,0x00,0x00, //extension_type: "extended_master"
		1588	//0x00,0x23,0x00,0x00, //extension_type: "session_ticket"
		1589
		1590	// kojipkgs.fedoraproject.org responds with alert code 80 ("internal error")
		1591	// to our hello without signature_algorithms.
		1592	// It is satisfied with just 0x04,0x01.
		1593	0x00,0x0d, //extension_type: "signature_algorithms" (RFC5246 section 7.4.1.4.1):
		1594	#define SIGALGS (3 + 3 * ENABLE_FEATURE_TLS_SHA1)
		1595	0x00,2 * (1 + SIGALGS), //ext len
		1596	0x00,2 * (0 + SIGALGS), //list len
		1597	//Format: two bytes
		1598	// byte 1: 0:none,1:md5,2:sha1,3:sha224,4:sha256,5:sha384,6:sha512
		1599	// byte 2: 1:rsa,2:dsa,3:ecdsa
		1600	// (note that TLS 1.3 changes this, see RFC8446 section 4.2.3)
		1601	#if ENABLE_FEATURE_TLS_SHA1
		1602	0x02,0x01, //sha1 + rsa
		1603	0x02,0x02, //sha1 + dsa
		1604	0x02,0x03, //sha1 + ecdsa
1545	#endif	1605	#endif
1546	//0x00,0x1e, //curve_x448 (RFC 7748)	1606	0x04,0x01, //sha256 + rsa - kojipkgs.fedoraproject.org wants this
		1607	0x04,0x02, //sha256 + dsa
		1608	0x04,0x03, //sha256 + ecdsa
1547	};	1609	};
1548	//static const uint8_t signature_algorithms[] = {
1549	// 000d
1550	// 0020
1551	// 001e
1552	// 0601 0602 0603 0501 0502 0503 0401 0402 0403 0301 0302 0303 0201 0202 0203
1553	//};
1554		1610
1555	struct client_hello {	1611	struct client_hello {
1556	uint8_t type;	1612	uint8_t type;
@@ -1591,8 +1647,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t tls, const char sni)
1591	int sni_len = sni ? strnlen(sni, 127 - 5) : 0;	1647	int sni_len = sni ? strnlen(sni, 127 - 5) : 0;
1592		1648
1593	ext_len = 0;	1649	ext_len = 0;
1594	/* is.gd responds with "handshake failure" to our hello if there's no supported_groups element */	1650	ext_len += sizeof(extensions);
1595	ext_len += sizeof(supported_groups);
1596	if (sni_len)	1651	if (sni_len)
1597	ext_len += 9 + sni_len;	1652	ext_len += 9 + sni_len;
1598		1653
@@ -1626,7 +1681,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t tls, const char sni)
1626	ptr[8] = sni_len; //name len	1681	ptr[8] = sni_len; //name len
1627	ptr = mempcpy(&ptr[9], sni, sni_len);	1682	ptr = mempcpy(&ptr[9], sni, sni_len);
1628	}	1683	}
1629	memcpy(ptr, supported_groups, sizeof(supported_groups));	1684	memcpy(ptr, extensions, sizeof(extensions));
1630		1685
1631	tls->hsd = xzalloc(sizeof(*tls->hsd));	1686	tls->hsd = xzalloc(sizeof(*tls->hsd));
1632	/* HANDSHAKE HASH: ^^^ + len if need to save saved_client_hello */	1687	/* HANDSHAKE HASH: ^^^ + len if need to save saved_client_hello */