diff options
| author | Michael Brown | 2015-08-02 15:08:38 +0200 |
|---|---|---|
| committer | Michael Brown | 2015-08-02 15:17:24 +0200 |
| commit | fc7885ed9e0a30e62f7a05274d412f2375554a17 (patch) | |
| tree | 600ec40f5a0660e780eccd208f0d9ce9d0c0e816 | |
| parent | [tls] Do not access beyond the end of a 24-bit integer (diff) | |
| download | ipxe-fc7885ed9e0a30e62f7a05274d412f2375554a17.tar.gz ipxe-fc7885ed9e0a30e62f7a05274d412f2375554a17.tar.xz ipxe-fc7885ed9e0a30e62f7a05274d412f2375554a17.zip | |
[tls] Report supported signature algorithms in ClientHello
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/include/ipxe/tls.h | 3 | ||||
| -rw-r--r-- | src/net/tls.c | 25 |
2 files changed, 28 insertions, 0 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index b32fd865..7c500749 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -101,6 +101,9 @@ struct tls_header { #define TLS_MAX_FRAGMENT_LENGTH_2048 3 #define TLS_MAX_FRAGMENT_LENGTH_4096 4 +/* TLS signature algorithms extension */ +#define TLS_SIGNATURE_ALGORITHMS 13 + /** TLS RX state machine state */ enum tls_rx_state { TLS_RX_HEADER = 0, diff --git a/src/net/tls.c b/src/net/tls.c index 58e958b0..79aa5d97 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -857,6 +857,14 @@ struct tls_signature_hash_algorithm tls_signature_hash_algorithms[] = { { .code = { .signature = TLS_RSA_ALGORITHM, + .hash = TLS_SHA1_ALGORITHM, + }, + .pubkey = &rsa_algorithm, + .digest = &sha1_algorithm, + }, + { + .code = { + .signature = TLS_RSA_ALGORITHM, .hash = TLS_SHA256_ALGORITHM, }, .pubkey = &rsa_algorithm, @@ -1001,6 +1009,13 @@ static int tls_send_client_hello ( struct tls_session *tls ) { struct { uint8_t max; } __attribute__ (( packed )) max_fragment_length; + uint16_t signature_algorithms_type; + uint16_t signature_algorithms_len; + struct { + uint16_t len; + struct tls_signature_hash_id + code[TLS_NUM_SIG_HASH_ALGORITHMS]; + } __attribute__ (( packed )) signature_algorithms; } __attribute__ (( packed )) extensions; } __attribute__ (( packed )) hello; unsigned int i; @@ -1032,6 +1047,16 @@ static int tls_send_client_hello ( struct tls_session *tls ) { = htons ( sizeof ( hello.extensions.max_fragment_length ) ); hello.extensions.max_fragment_length.max = TLS_MAX_FRAGMENT_LENGTH_4096; + hello.extensions.signature_algorithms_type + = htons ( TLS_SIGNATURE_ALGORITHMS ); + hello.extensions.signature_algorithms_len + = htons ( sizeof ( hello.extensions.signature_algorithms ) ); + hello.extensions.signature_algorithms.len + = htons ( sizeof ( hello.extensions.signature_algorithms.code)); + for ( i = 0 ; i < TLS_NUM_SIG_HASH_ALGORITHMS ; i++ ) { + hello.extensions.signature_algorithms.code[i] + = tls_signature_hash_algorithms[i].code; + } return tls_send_handshake ( tls, &hello, sizeof ( hello ) ); } |