TLS client: Add signature_algorithms extension into ClientHello

Since we support only SHA256 (and not the default SHA1) with TLS v1.2,
the signature_algorithms extensions needs to be added into ClientHello.
This fixes interop issues with the current version of OpenSSL that uses
the default SHA1 hash if ClientHello does not specify allowed signature
algorithms.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/tls/tlsv1_client.c b/src/tls/tlsv1_client.c
index a6f0587e34c57854693d3bf093dcea518bc48837..2fa43add76fc9d182bbf68a56b4ace6636159766 100644 (file)
--- a/src/tls/tlsv1_client.c
+++ b/src/tls/tlsv1_client.c
@@ -691,18 +691,16 @@ int tlsv1_client_hello_ext(struct tlsv1_client *conn, int ext_type,
        if (data == NULL || data_len == 0)
                return 0;
 
-       pos = conn->client_hello_ext = os_malloc(6 + data_len);
+       pos = conn->client_hello_ext = os_malloc(4 + data_len);
        if (pos == NULL)
                return -1;
 
-       WPA_PUT_BE16(pos, 4 + data_len);
-       pos += 2;
        WPA_PUT_BE16(pos, ext_type);
        pos += 2;
        WPA_PUT_BE16(pos, data_len);
        pos += 2;
        os_memcpy(pos, data, data_len);
-       conn->client_hello_ext_len = 6 + data_len;
+       conn->client_hello_ext_len = 4 + data_len;
 
        if (ext_type == TLS_EXT_PAC_OPAQUE) {
                conn->session_ticket_included = 1;

diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c
index c5a4d4e96020f42ae63a6750385efbd4fd8fb8b2..e02437172a16d56b15fe8551fae03f3703508f5c 100644 (file)
--- a/src/tls/tlsv1_client_write.c
+++ b/src/tls/tlsv1_client_write.c
@@ -47,6 +47,7 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
        u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;
        struct os_time now;
        size_t len, i;
+       u8 *ext_start;
 
        wpa_printf(MSG_DEBUG, "TLSv1: Send ClientHello");
        *out_len = 0;
@@ -61,7 +62,7 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
        wpa_hexdump(MSG_MSGDUMP, "TLSv1: client_random",
                    conn->client_random, TLS_RANDOM_LEN);
 
-       len = 100 + conn->num_cipher_suites * 2 + conn->client_hello_ext_len;
+       len = 150 + conn->num_cipher_suites * 2 + conn->client_hello_ext_len;
        hello = os_malloc(len);
        if (hello == NULL)
                return NULL;
@@ -101,12 +102,42 @@ u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
        *pos++ = 1;
        *pos++ = TLS_COMPRESSION_NULL;
 
+       /* Extension */
+       ext_start = pos;
+       pos += 2;
+
+#ifdef CONFIG_TLSV12
+       if (conn->rl.tls_version >= TLS_VERSION_1_2) {
+               /*
+                * Add signature_algorithms extension since we support only
+                * SHA256 (and not the default SHA1) with TLSv1.2.
+                */
+               /* ExtensionsType extension_type = signature_algorithms(13) */
+               WPA_PUT_BE16(pos, TLS_EXT_SIGNATURE_ALGORITHMS);
+               pos += 2;
+               /* opaque extension_data<0..2^16-1> length */
+               WPA_PUT_BE16(pos, 4);
+               pos += 2;
+               /* supported_signature_algorithms<2..2^16-2> length */
+               WPA_PUT_BE16(pos, 2);
+               pos += 2;
+               /* supported_signature_algorithms */
+               *pos++ = TLS_HASH_ALG_SHA256;
+               *pos++ = TLS_SIGN_ALG_RSA;
+       }
+#endif /* CONFIG_TLSV12 */
+
        if (conn->client_hello_ext) {
                os_memcpy(pos, conn->client_hello_ext,
                          conn->client_hello_ext_len);
                pos += conn->client_hello_ext_len;
        }
 
+       if (pos == ext_start + 2)
+               pos -= 2; /* no extensions */
+       else
+               WPA_PUT_BE16(ext_start, pos - ext_start - 2);
+
        WPA_PUT_BE24(hs_length, pos - hs_length - 3);
        tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
 

diff --git a/src/tls/tlsv1_common.h b/src/tls/tlsv1_common.h
index 26e68af166069c6fde1e1217eb65c629430de9c5..e2a5d4ce239b0fc3a7d32b4130ec6a3e1dc2d731 100644 (file)
--- a/src/tls/tlsv1_common.h
+++ b/src/tls/tlsv1_common.h
@@ -169,6 +169,7 @@ enum {
 #define TLS_EXT_TRUSTED_CA_KEYS                        3 /* RFC 4366 */
 #define TLS_EXT_TRUNCATED_HMAC                 4 /* RFC 4366 */
 #define TLS_EXT_STATUS_REQUEST                 5 /* RFC 4366 */
+#define TLS_EXT_SIGNATURE_ALGORITHMS           13 /* RFC 5246 */
 #define TLS_EXT_SESSION_TICKET                 35 /* RFC 4507 */
 
 #define TLS_EXT_PAC_OPAQUE TLS_EXT_SESSION_TICKET /* EAP-FAST terminology */