[tls] Allow for the existence of anonymous named groups

The RFC 3526 FFDHE groups may plausibly be used by TLS servers, but do
not have IANA-assigned codes.

Allow for the existence of TLS named groups that have no code value
(and can therefore be identified only by matching the group parameter
values).

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/include/ipxe/tls.h

@@ -255,6 +255,15 @@ struct tls_named_group {
 #define __tls_named_group( pref )					\
 	__table_entry ( TLS_NAMED_GROUPS, pref )
 
+/** Declare a TLS anonymous named group */
+#define __tls_anon_named_group __tls_named_group ( 98 )
+
+/** Number of non-anonymous TLS named groups */
+#define TLS_NUM_NAMED_GROUPS						\
+	( ( unsigned int )						\
+	  ( __table_entries ( TLS_NAMED_GROUPS, 97 )			\
+	    - table_start ( TLS_NAMED_GROUPS ) ) )
+
 /** A TLS cipher specification */
 struct tls_cipherspec {
 	/** Cipher suite */

src/net/tls.c

@@ -993,9 +993,6 @@ tls_find_signature_hash ( unsigned int code ) {
  ******************************************************************************
  */
 
-/** Number of supported named key exchange groups */
-#define TLS_NUM_NAMED_GROUPS table_num_entries ( TLS_NAMED_GROUPS )
-
 /**
  * Identify named key exchange group
  *
@@ -1008,7 +1005,7 @@ tls_find_named_group ( unsigned int named_group ) {
 
 	/* Identify named group */
 	for_each_table_entry ( group, TLS_NAMED_GROUPS ) {
-		if ( group->code == named_group )
+		if ( group->code && ( group->code == named_group ) )
 			return group;
 	}
 
@@ -1252,9 +1249,12 @@ static int tls_client_hello ( struct tls_connection *tls,
 			= htons ( sizeof ( named_group_ext->data ) );
 		named_group_ext->data.len
 			= htons ( sizeof ( named_group_ext->data.code ) );
-		i = 0 ; for_each_table_entry ( group, TLS_NAMED_GROUPS )
+		i = 0 ; for_each_table_entry ( group, TLS_NAMED_GROUPS ) {
+			if ( group->code )
 				named_group_ext->data.code[i++] = group->code;
 		}
+		assert ( i == TLS_NUM_NAMED_GROUPS );
+	}
 
 	return action ( tls, &hello, sizeof ( hello ) );
 }