sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-26 09:23:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

[tls] Add support for the Extended Master Secret

Browse Source 
RFC 7627 defines the Extended Master Secret (EMS) as an alternative
calculation that uses the digest of all handshake messages rather than
just the client and server random bytes.

Add support for negotiating the Extended Master Secret extension and
performing the relevant calculation of the master secret.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2025-10-12 22:26:49 +01:00
parent d6656106e9
commit ab64bc5b8d
2 changed files with 55 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/include/ipxe/tls.h
View File

@@ -134,6 +134,9 @@ struct tls_header {
/* TLS signature algorithms extension */
#define TLS_SIGNATURE_ALGORITHMS 13
/* TLS extended master secret extension */
#define TLS_EXTENDED_MASTER_SECRET 23
/* TLS session ticket extension */
#define TLS_SESSION_TICKET 35
@@ -452,6 +455,8 @@ struct tls_connection {
uint8_t *handshake_ctx;
/** Secure renegotiation flag */
int secure_renegotiation;
/** Extended master secret flag */
int extended_master_secret;
/** Verification data */
struct tls_verify_data verify;