Create public macros for ssl_ticket key,name sizes
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 4d48806..8559309 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -42,12 +42,16 @@
extern "C" {
#endif
+#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 /*!< Max supported key length in bytes */
+#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 /*!< key name length in bytes */
+
/**
* \brief Information for session ticket protection
*/
typedef struct mbedtls_ssl_ticket_key
{
- unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
+ unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
+ /*!< random key identifier */
uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
}
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index e410b6b..b04e184 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -48,9 +48,9 @@
#endif
}
-#define MAX_KEY_BYTES 32 /* 256 bits */
+#define MAX_KEY_BYTES MBEDTLS_SSL_TICKET_MAX_KEY_BYTES
-#define TICKET_KEY_NAME_BYTES 4
+#define TICKET_KEY_NAME_BYTES MBEDTLS_SSL_TICKET_KEY_NAME_BYTES
#define TICKET_IV_BYTES 12
#define TICKET_CRYPT_LEN_BYTES 2
#define TICKET_AUTH_TAG_BYTES 16
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 36db2e8..595300e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2752,9 +2752,8 @@
* (used for external synchronization of session ticket encryption keys)
*/
if( opt.ticket_rotate ) {
- #define MAX_KEY_BYTES 32 /* 256 bits *//* library/ssl_ticket.c */
- unsigned char kbuf[MAX_KEY_BYTES];
- unsigned char name[4]; /* match mbedtls_ssl_ticket_key name[4] */
+ unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES];
+ unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
if( ( ret = rng_get( &rng, name, sizeof( name ) ) ) != 0 ||
( ret = rng_get( &rng, kbuf, sizeof( kbuf ) ) ) != 0 ||
( ret = mbedtls_ssl_ticket_rotate( &ticket_ctx,