commit a0adc1bbe473644c9a2b5c149a193843d7bbff80
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon May 25 10:35:16 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon May 25 10:35:16 2015 +0200
tree 67aa404349e6c8889337c55e60dca1ce4f7b2e10
parent 1041a393383092ccc52188a3940e9fe8162e2849

Make cipher used in ssl tickets configurable

include/mbedtls/ssl_ticket.h

diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 42842c5..3612a92 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -70,13 +70,20 @@
  * \param ctx       Context to be set up
  * \param f_rng     RNG callback function
  * \param p_rng     RNG callback context
+ * \param cipher    AEAD cipher to use for ticket protection, eg
+ *                  MBEDTLS_CIPHER_AES_256_GCM or MBEDTLS_CIPHER_AES_256_CCM.
  * \param lifetime  Tickets lifetime in seconds
  *
+ * \note            It is highly recommended to select a cipher that is at
+ *                  least as strong as the the strongest ciphersuite
+ *                  supported. Usually that means a 256-bit key.
+ *
  * \return          0 is successful,
  *                  or a specific MBEDTLS_ERR_XXX error code
  */
 int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+    mbedtls_cipher_type_t cipher,
     uint32_t lifetime );
 
 /**

library/ssl_ticket.c

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 9955060..8994cef 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -61,10 +61,13 @@
  */
 int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+    mbedtls_cipher_type_t cipher,
     uint32_t lifetime )
 {
     int ret;
     unsigned char buf[32];
+    mbedtls_cipher_mode_t mode;
+    size_t key_bits;
 
     ctx->f_rng = f_rng;
     ctx->p_rng = p_rng;
@@ -72,19 +75,32 @@
     ctx->ticket_lifetime = lifetime;
 
     if( ( ret = mbedtls_cipher_setup( &ctx->cipher,
-                mbedtls_cipher_info_from_type(
-                    MBEDTLS_CIPHER_AES_256_GCM ) ) ) != 0 )
+                mbedtls_cipher_info_from_type( cipher) ) ) != 0 )
     {
         goto cleanup;
     }
 
+    mode = mbedtls_cipher_get_cipher_mode( &ctx->cipher );
+    if( mode != MBEDTLS_MODE_GCM && mode != MBEDTLS_MODE_CCM )
+    {
+        ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    key_bits = mbedtls_cipher_get_key_size( &ctx->cipher );
+    if( key_bits > 8 * sizeof( buf ) )
+    {
+        ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
     if( ( ret = f_rng( p_rng, buf, sizeof( buf ) ) != 0 ) )
     {
         goto cleanup;
     }
 
     /* With GCM and CCM, same context can encrypt & decrypt */
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, 256,
+    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, key_bits,
                                        MBEDTLS_ENCRYPT ) ) != 0 )
     {
         goto cleanup;

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 5f66d51..390450b 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1598,6 +1598,7 @@
     {
         if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
                         mbedtls_ctr_drbg_random, &ctr_drbg,
+                        MBEDTLS_CIPHER_AES_256_GCM,
                         opt.ticket_timeout ) ) != 0 )
         {
             mbedtls_printf( " failed\n  ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );