Create public macros for ssl_ticket key,name sizes

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This commit is contained in:
Glenn Strauss 2022-02-09 15:24:56 -05:00
parent e328245618
commit a941b62985
3 changed files with 9 additions and 6 deletions

View file

@ -42,12 +42,16 @@
extern "C" { extern "C" {
#endif #endif
#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 /*!< Max supported key length in bytes */
#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 /*!< key name length in bytes */
/** /**
* \brief Information for session ticket protection * \brief Information for session ticket protection
*/ */
typedef struct mbedtls_ssl_ticket_key typedef struct mbedtls_ssl_ticket_key
{ {
unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */ unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
/*!< random key identifier */
uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */ uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */ mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
} }

View file

@ -48,9 +48,9 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
#endif #endif
} }
#define MAX_KEY_BYTES 32 /* 256 bits */ #define MAX_KEY_BYTES MBEDTLS_SSL_TICKET_MAX_KEY_BYTES
#define TICKET_KEY_NAME_BYTES 4 #define TICKET_KEY_NAME_BYTES MBEDTLS_SSL_TICKET_KEY_NAME_BYTES
#define TICKET_IV_BYTES 12 #define TICKET_IV_BYTES 12
#define TICKET_CRYPT_LEN_BYTES 2 #define TICKET_CRYPT_LEN_BYTES 2
#define TICKET_AUTH_TAG_BYTES 16 #define TICKET_AUTH_TAG_BYTES 16

View file

@ -2752,9 +2752,8 @@ int main( int argc, char *argv[] )
* (used for external synchronization of session ticket encryption keys) * (used for external synchronization of session ticket encryption keys)
*/ */
if( opt.ticket_rotate ) { if( opt.ticket_rotate ) {
#define MAX_KEY_BYTES 32 /* 256 bits *//* library/ssl_ticket.c */ unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES];
unsigned char kbuf[MAX_KEY_BYTES]; unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
unsigned char name[4]; /* match mbedtls_ssl_ticket_key name[4] */
if( ( ret = rng_get( &rng, name, sizeof( name ) ) ) != 0 || if( ( ret = rng_get( &rng, name, sizeof( name ) ) ) != 0 ||
( ret = rng_get( &rng, kbuf, sizeof( kbuf ) ) ) != 0 || ( ret = rng_get( &rng, kbuf, sizeof( kbuf ) ) ) != 0 ||
( ret = mbedtls_ssl_ticket_rotate( &ticket_ctx, ( ret = mbedtls_ssl_ticket_rotate( &ticket_ctx,