diff options
author | Michael Brown <mcb30@ipxe.org> | 2015-08-02 14:08:38 +0100 |
---|---|---|
committer | Michael Brown <mcb30@ipxe.org> | 2015-08-02 14:17:24 +0100 |
commit | fc7885ed9e0a30e62f7a05274d412f2375554a17 (patch) | |
tree | 600ec40f5a0660e780eccd208f0d9ce9d0c0e816 /src/net | |
parent | 1ac743411192af0a83043c9135039a1f1269608e (diff) | |
download | ipxe-fc7885ed9e0a30e62f7a05274d412f2375554a17.zip ipxe-fc7885ed9e0a30e62f7a05274d412f2375554a17.tar.gz ipxe-fc7885ed9e0a30e62f7a05274d412f2375554a17.tar.bz2 |
[tls] Report supported signature algorithms in ClientHello
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/net')
-rw-r--r-- | src/net/tls.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/net/tls.c b/src/net/tls.c index 58e958b..79aa5d9 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -857,6 +857,14 @@ struct tls_signature_hash_algorithm tls_signature_hash_algorithms[] = { { .code = { .signature = TLS_RSA_ALGORITHM, + .hash = TLS_SHA1_ALGORITHM, + }, + .pubkey = &rsa_algorithm, + .digest = &sha1_algorithm, + }, + { + .code = { + .signature = TLS_RSA_ALGORITHM, .hash = TLS_SHA256_ALGORITHM, }, .pubkey = &rsa_algorithm, @@ -1001,6 +1009,13 @@ static int tls_send_client_hello ( struct tls_session *tls ) { struct { uint8_t max; } __attribute__ (( packed )) max_fragment_length; + uint16_t signature_algorithms_type; + uint16_t signature_algorithms_len; + struct { + uint16_t len; + struct tls_signature_hash_id + code[TLS_NUM_SIG_HASH_ALGORITHMS]; + } __attribute__ (( packed )) signature_algorithms; } __attribute__ (( packed )) extensions; } __attribute__ (( packed )) hello; unsigned int i; @@ -1032,6 +1047,16 @@ static int tls_send_client_hello ( struct tls_session *tls ) { = htons ( sizeof ( hello.extensions.max_fragment_length ) ); hello.extensions.max_fragment_length.max = TLS_MAX_FRAGMENT_LENGTH_4096; + hello.extensions.signature_algorithms_type + = htons ( TLS_SIGNATURE_ALGORITHMS ); + hello.extensions.signature_algorithms_len + = htons ( sizeof ( hello.extensions.signature_algorithms ) ); + hello.extensions.signature_algorithms.len + = htons ( sizeof ( hello.extensions.signature_algorithms.code)); + for ( i = 0 ; i < TLS_NUM_SIG_HASH_ALGORITHMS ; i++ ) { + hello.extensions.signature_algorithms.code[i] + = tls_signature_hash_algorithms[i].code; + } return tls_send_handshake ( tls, &hello, sizeof ( hello ) ); } |