From 028aac99a397f591de6cc6f6f2b4763f55aa8962 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Tue, 11 Oct 2022 13:47:06 +0100 Subject: [tls] Generate pre-master secret at point of sending ClientKeyExchange The pre-master secret is currently constructed at the time of instantiating the TLS connection. This precludes the use of key exchange mechanisms such as Ephemeral Diffie-Hellman (DHE), which require a ServerKeyExchange message to exchange additional key material before the pre-master secret can be constructed. Allow for the use of such cipher suites by deferring generation of the master secret until the point of sending the ClientKeyExchange message. Signed-off-by: Michael Brown --- src/include/ipxe/tls.h | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) (limited to 'src/include/ipxe/tls.h') diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index 8b03579cc..65608970a 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -48,6 +48,9 @@ struct tls_header { /** TLS version 1.2 */ #define TLS_VERSION_TLS_1_2 0x0303 +/** Maximum supported TLS version */ +#define TLS_VERSION_MAX TLS_VERSION_TLS_1_2 + /** Change cipher content type */ #define TLS_TYPE_CHANGE_CIPHER 20 @@ -209,14 +212,6 @@ struct tls_signature_hash_algorithm { #define __tls_sig_hash_algorithm \ __table_entry ( TLS_SIG_HASH_ALGORITHMS, 01 ) -/** TLS pre-master secret */ -struct tls_pre_master_secret { - /** TLS version */ - uint16_t version; - /** Random data */ - uint8_t random[46]; -} __attribute__ (( packed )); - /** TLS client random data */ struct tls_client_random { /** GMT Unix time */ @@ -309,8 +304,6 @@ struct tls_connection { struct tls_cipherspec rx_cipherspec; /** Next RX cipher specification */ struct tls_cipherspec rx_cipherspec_pending; - /** Premaster secret */ - struct tls_pre_master_secret pre_master_secret; /** Master secret */ uint8_t master_secret[48]; /** Server random bytes */ -- cgit