diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 4d48806bb..855930953 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -42,12 +42,16 @@ extern "C" { #endif +#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 /*!< Max supported key length in bytes */ +#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 /*!< key name length in bytes */ + /** * \brief Information for session ticket protection */ typedef struct mbedtls_ssl_ticket_key { - unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */ + unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES]; + /*!< random key identifier */ uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */ mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */ } diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index e410b6b90..b04e18477 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -48,9 +48,9 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) #endif } -#define MAX_KEY_BYTES 32 /* 256 bits */ +#define MAX_KEY_BYTES MBEDTLS_SSL_TICKET_MAX_KEY_BYTES -#define TICKET_KEY_NAME_BYTES 4 +#define TICKET_KEY_NAME_BYTES MBEDTLS_SSL_TICKET_KEY_NAME_BYTES #define TICKET_IV_BYTES 12 #define TICKET_CRYPT_LEN_BYTES 2 #define TICKET_AUTH_TAG_BYTES 16 diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 36db2e819..595300e85 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2752,9 +2752,8 @@ int main( int argc, char *argv[] ) * (used for external synchronization of session ticket encryption keys) */ if( opt.ticket_rotate ) { - #define MAX_KEY_BYTES 32 /* 256 bits *//* library/ssl_ticket.c */ - unsigned char kbuf[MAX_KEY_BYTES]; - unsigned char name[4]; /* match mbedtls_ssl_ticket_key name[4] */ + unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES]; + unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES]; if( ( ret = rng_get( &rng, name, sizeof( name ) ) ) != 0 || ( ret = rng_get( &rng, kbuf, sizeof( kbuf ) ) ) != 0 || ( ret = mbedtls_ssl_ticket_rotate( &ticket_ctx,