commit a941b6298555296222fa1c862cfc5d131074c1fd
author Glenn Strauss <gstrauss@gluelogic.com> Wed Feb 09 15:24:56 2022 -0500
committer Glenn Strauss <gstrauss@gluelogic.com> Wed Feb 09 15:28:28 2022 -0500
tree 71e53b23b4c6154fee97413a249876df3aa44fe4
parent e3282456183984a9ed1679c23e683d9dd50dded2

Create public macros for ssl_ticket key,name sizes

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

include/mbedtls/ssl_ticket.h

diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 4d48806..8559309 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -42,12 +42,16 @@
 extern "C" {
 #endif
 
+#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32          /*!< Max supported key length in bytes */
+#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4          /*!< key name length in bytes */
+
 /**
  * \brief   Information for session ticket protection
  */
 typedef struct mbedtls_ssl_ticket_key
 {
-    unsigned char MBEDTLS_PRIVATE(name)[4];          /*!< random key identifier              */
+    unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
+                                                     /*!< random key identifier              */
     uint32_t MBEDTLS_PRIVATE(generation_time);       /*!< key generation timestamp (seconds) */
     mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx);   /*!< context for auth enc/decryption    */
 }

library/ssl_ticket.c

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index e410b6b..b04e184 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -48,9 +48,9 @@
 #endif
 }
 
-#define MAX_KEY_BYTES 32    /* 256 bits */
+#define MAX_KEY_BYTES           MBEDTLS_SSL_TICKET_MAX_KEY_BYTES
 
-#define TICKET_KEY_NAME_BYTES    4
+#define TICKET_KEY_NAME_BYTES   MBEDTLS_SSL_TICKET_KEY_NAME_BYTES
 #define TICKET_IV_BYTES         12
 #define TICKET_CRYPT_LEN_BYTES   2
 #define TICKET_AUTH_TAG_BYTES   16

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 36db2e8..595300e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2752,9 +2752,8 @@
          * (used for external synchronization of session ticket encryption keys)
          */
         if( opt.ticket_rotate ) {
-            #define MAX_KEY_BYTES 32    /* 256 bits *//* library/ssl_ticket.c */
-            unsigned char kbuf[MAX_KEY_BYTES];
-            unsigned char name[4]; /* match mbedtls_ssl_ticket_key name[4] */
+            unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES];
+            unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
             if( ( ret = rng_get( &rng, name, sizeof( name ) ) ) != 0 ||
                 ( ret = rng_get( &rng, kbuf, sizeof( kbuf ) ) ) != 0 ||
                 ( ret = mbedtls_ssl_ticket_rotate( &ticket_ctx,