commit d59675d92c74d99a36d6f35d34b9f2e1bd189931
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue May 19 15:28:00 2015 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed May 20 11:14:57 2015 +0200
tree fbd8e4a53e88b5c7e690d8280520e21cbfc71299
parent 2ff873c0fade1a3ef083ea89e742745a77f68c28

Move to callback for session tickets

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 25a4deb..8241100 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5146,56 +5146,6 @@
     return( 0 );
 }
 
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static void ssl_ticket_keys_free( mbedtls_ssl_ticket_keys *tkeys )
-{
-    mbedtls_aes_free( &tkeys->enc );
-    mbedtls_aes_free( &tkeys->dec );
-
-    mbedtls_zeroize( tkeys, sizeof(mbedtls_ssl_ticket_keys) );
-}
-
-/*
- * Allocate and initialize ticket keys
- */
-static int ssl_ticket_keys_init( mbedtls_ssl_config *conf )
-{
-    int ret;
-    mbedtls_ssl_ticket_keys *tkeys;
-    unsigned char buf[16];
-
-    if( conf->ticket_keys != NULL )
-        return( 0 );
-
-    tkeys = mbedtls_malloc( sizeof(mbedtls_ssl_ticket_keys) );
-    if( tkeys == NULL )
-        return( MBEDTLS_ERR_SSL_MALLOC_FAILED );
-
-    mbedtls_aes_init( &tkeys->enc );
-    mbedtls_aes_init( &tkeys->dec );
-
-    /* Temporary WIP! Using hardcoded keys. This is to remove the dependency
-     * on the RNG and allow puttint the keys in conf. Key generation will soon
-     * be move outside the main SSL module anyway. */
-
-    memset( tkeys->key_name, 'x', 16 );
-    memset( tkeys->mac_key, 0x2a, 16 );
-    memset( buf, 0x2a, 16 );
-
-    if( ( ret = mbedtls_aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 ||
-        ( ret = mbedtls_aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 )
-    {
-        ssl_ticket_keys_free( tkeys );
-        mbedtls_free( tkeys );
-        return( ret );
-    }
-
-    conf->ticket_keys = tkeys;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
 /*
  * SSL set accessors
  */
@@ -5691,20 +5641,17 @@
 {
     conf->session_tickets = use_tickets;
 
-#if defined(MBEDTLS_SSL_CLI_C)
-    if( conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-        return( 0 );
-#endif
-
-    if( use_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
-        return( 0 );
-
-    return( ssl_ticket_keys_init( conf ) );
+    return( 0 );
 }
 
-void mbedtls_ssl_conf_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime )
+void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
+        mbedtls_ssl_ticket_write_t *f_ticket_write,
+        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+        void *p_ticket )
 {
-    conf->ticket_keys->ticket_lifetime = lifetime;
+    conf->f_ticket_write = f_ticket_write;
+    conf->f_ticket_parse = f_ticket_parse;
+    conf->p_ticket       = p_ticket;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
@@ -6699,11 +6646,6 @@
     conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
 #endif
 
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    ssl_ticket_keys_init( &conf );
-    conf->ticket_keys->ticket_lifetime = MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME;
-#endif
-
 #if defined(MBEDTLS_SSL_SET_CURVES)
     conf->curve_list = mbedtls_ecp_grp_id_list( );
 #endif
@@ -6765,14 +6707,6 @@
     }
 #endif
 
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( conf->ticket_keys )
-    {
-        ssl_ticket_keys_free( conf->ticket_keys );
-        mbedtls_free( conf->ticket_keys );
-    }
-#endif
-
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     ssl_key_cert_free( conf->key_cert );
 #endif