Introduce macros for max-{IV,block,key}-size for ciphers used in TLS
See the documentation in ssl_internal.h that this commit introduces
for more information.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 8a6c8eb..8827e0b 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -227,17 +227,24 @@
};
/** Maximum length of any IV, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers. */
+/* This should ideally be derived automatically from list of ciphers.
+ * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
+ * in ssl_internal.h. */
#define MBEDTLS_MAX_IV_LENGTH 16
/** Maximum block size of any cipher, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers. */
+/* This should ideally be derived automatically from list of ciphers.
+ * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
+ * in ssl_internal.h. */
#define MBEDTLS_MAX_BLOCK_LENGTH 16
/** Maximum key length, in Bytes. */
/* This should ideally be derived automatically from list of ciphers.
* For now, only check whether XTS is enabled which uses 64 Byte keys,
- * and use 32 Bytes as an upper bound for the maximum key length otherwise. */
+ * and use 32 Bytes as an upper bound for the maximum key length otherwise.
+ * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
+ * in ssl_internal.h, which however deliberately ignores the case of XTS
+ * since the latter isn't used in SSL/TLS. */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
#define MBEDTLS_MAX_KEY_LENGTH 64
#else