mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:55:29 +00:00
Make cipher used in ssl tickets configurable
This commit is contained in:
parent
1041a39338
commit
a0adc1bbe4
|
@ -70,13 +70,20 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
|
|||
* \param ctx Context to be set up
|
||||
* \param f_rng RNG callback function
|
||||
* \param p_rng RNG callback context
|
||||
* \param cipher AEAD cipher to use for ticket protection, eg
|
||||
* MBEDTLS_CIPHER_AES_256_GCM or MBEDTLS_CIPHER_AES_256_CCM.
|
||||
* \param lifetime Tickets lifetime in seconds
|
||||
*
|
||||
* \note It is highly recommended to select a cipher that is at
|
||||
* least as strong as the the strongest ciphersuite
|
||||
* supported. Usually that means a 256-bit key.
|
||||
*
|
||||
* \return 0 is successful,
|
||||
* or a specific MBEDTLS_ERR_XXX error code
|
||||
*/
|
||||
int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
mbedtls_cipher_type_t cipher,
|
||||
uint32_t lifetime );
|
||||
|
||||
/**
|
||||
|
|
|
@ -61,10 +61,13 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
|
|||
*/
|
||||
int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
mbedtls_cipher_type_t cipher,
|
||||
uint32_t lifetime )
|
||||
{
|
||||
int ret;
|
||||
unsigned char buf[32];
|
||||
mbedtls_cipher_mode_t mode;
|
||||
size_t key_bits;
|
||||
|
||||
ctx->f_rng = f_rng;
|
||||
ctx->p_rng = p_rng;
|
||||
|
@ -72,19 +75,32 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
|||
ctx->ticket_lifetime = lifetime;
|
||||
|
||||
if( ( ret = mbedtls_cipher_setup( &ctx->cipher,
|
||||
mbedtls_cipher_info_from_type(
|
||||
MBEDTLS_CIPHER_AES_256_GCM ) ) ) != 0 )
|
||||
mbedtls_cipher_info_from_type( cipher) ) ) != 0 )
|
||||
{
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
mode = mbedtls_cipher_get_cipher_mode( &ctx->cipher );
|
||||
if( mode != MBEDTLS_MODE_GCM && mode != MBEDTLS_MODE_CCM )
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
key_bits = mbedtls_cipher_get_key_size( &ctx->cipher );
|
||||
if( key_bits > 8 * sizeof( buf ) )
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( ( ret = f_rng( p_rng, buf, sizeof( buf ) ) != 0 ) )
|
||||
{
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* With GCM and CCM, same context can encrypt & decrypt */
|
||||
if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, 256,
|
||||
if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, key_bits,
|
||||
MBEDTLS_ENCRYPT ) ) != 0 )
|
||||
{
|
||||
goto cleanup;
|
||||
|
|
|
@ -1598,6 +1598,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg,
|
||||
MBEDTLS_CIPHER_AES_256_GCM,
|
||||
opt.ticket_timeout ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
|
||||
|
|
Loading…
Reference in a new issue