sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-07-01 00:04:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

[tls] Allow for the existence of anonymous named groups

Browse Source 
The RFC 3526 FFDHE groups may plausibly be used by TLS servers, but do
not have IANA-assigned codes.

Allow for the existence of TLS named groups that have no code value
(and can therefore be identified only by matching the group parameter
values).

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2026-06-17 15:06:15 +01:00
parent 416920c656
commit daee5deba8
2 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/include/ipxe/tls.h
+9
View File
@@ -255,6 +255,15 @@ struct tls_named_group {
#define __tls_named_group( pref ) \ #define __tls_named_group( pref ) \
__table_entry ( TLS_NAMED_GROUPS, pref ) __table_entry ( TLS_NAMED_GROUPS, pref )
/** Declare a TLS anonymous named group */
#define __tls_anon_named_group __tls_named_group ( 98 )
/** Number of non-anonymous TLS named groups */
#define TLS_NUM_NAMED_GROUPS \
( ( unsigned int ) \
( __table_entries ( TLS_NAMED_GROUPS, 97 ) \
- table_start ( TLS_NAMED_GROUPS ) ) )
/** A TLS cipher specification */ /** A TLS cipher specification */
struct tls_cipherspec { struct tls_cipherspec {
/** Cipher suite */ /** Cipher suite */
src/net/tls.c
+5 -5
View File
@@ -993,9 +993,6 @@ tls_find_signature_hash ( unsigned int code ) {
****************************************************************************** ******************************************************************************
*/ */
/** Number of supported named key exchange groups */
#define TLS_NUM_NAMED_GROUPS table_num_entries ( TLS_NAMED_GROUPS )
/** /**
* Identify named key exchange group * Identify named key exchange group
* *
@@ -1008,7 +1005,7 @@ tls_find_named_group ( unsigned int named_group ) {
/* Identify named group */ /* Identify named group */
for_each_table_entry ( group, TLS_NAMED_GROUPS ) { for_each_table_entry ( group, TLS_NAMED_GROUPS ) {
if ( group->code == named_group ) if ( group->code && ( group->code == named_group ) )
return group; return group;
} }
@@ -1252,9 +1249,12 @@ static int tls_client_hello ( struct tls_connection *tls,
= htons ( sizeof ( named_group_ext->data ) ); = htons ( sizeof ( named_group_ext->data ) );
named_group_ext->data.len named_group_ext->data.len
= htons ( sizeof ( named_group_ext->data.code ) ); = htons ( sizeof ( named_group_ext->data.code ) );
i = 0 ; for_each_table_entry ( group, TLS_NAMED_GROUPS ) i = 0 ; for_each_table_entry ( group, TLS_NAMED_GROUPS ) {
if ( group->code )
named_group_ext->data.code[i++] = group->code; named_group_ext->data.code[i++] = group->code;
} }
assert ( i == TLS_NUM_NAMED_GROUPS );
}
return action ( tls, &hello, sizeof ( hello ) ); return action ( tls, &hello, sizeof ( hello ) );
} }