commit 2b49445876e867fe3e25a356e6d11ea68774f275
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed May 06 10:05:11 2015 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu May 07 10:19:13 2015 +0100
tree 75b18c4b25a2b46e68588a56f0652f1869accafa
parent e51bba05cf09aa1f29a82d7727c33474ff79e690

Move session ticket keys to conf

This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!!

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e91d13c..59fce95 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -189,11 +189,11 @@
 
     *tlen = 0;
 
-    if( ssl->ticket_keys == NULL )
+    if( ssl->conf->ticket_keys == NULL )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
     /* Write key name */
-    memcpy( p, ssl->ticket_keys->key_name, 16 );
+    memcpy( p, ssl->conf->ticket_keys->key_name, 16 );
     p += 16;
 
     /* Generate and write IV (with a copy for aes_crypt) */
@@ -224,7 +224,7 @@
         state[i] = (unsigned char) pad_len;
 
     /* Encrypt */
-    if( ( ret = mbedtls_aes_crypt_cbc( &ssl->ticket_keys->enc, MBEDTLS_AES_ENCRYPT,
+    if( ( ret = mbedtls_aes_crypt_cbc( &ssl->conf->ticket_keys->enc, MBEDTLS_AES_ENCRYPT,
                                enc_len, iv, state, state ) ) != 0 )
     {
         return( ret );
@@ -237,7 +237,7 @@
 
     /* Compute and write MAC( key_name + iv + enc_state_len + enc_state ) */
     if( ( ret = mbedtls_md_hmac( mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
-                         ssl->ticket_keys->mac_key, 16,
+                         ssl->conf->ticket_keys->mac_key, 16,
                          start, p - start, p ) ) != 0 )
     {
         return( ret );
@@ -271,7 +271,7 @@
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "session ticket structure", buf, len );
 
-    if( len < 34 || ssl->ticket_keys == NULL )
+    if( len < 34 || ssl->conf->ticket_keys == NULL )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
     enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
@@ -283,12 +283,12 @@
     /* Check name, in constant time though it's not a big secret */
     diff = 0;
     for( i = 0; i < 16; i++ )
-        diff |= key_name[i] ^ ssl->ticket_keys->key_name[i];
+        diff |= key_name[i] ^ ssl->conf->ticket_keys->key_name[i];
     /* don't return yet, check the MAC anyway */
 
     /* Check mac, with constant-time buffer comparison */
     if( ( ret = mbedtls_md_hmac( mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
-                         ssl->ticket_keys->mac_key, 16,
+                         ssl->conf->ticket_keys->mac_key, 16,
                          buf, len - 32, computed_mac ) ) != 0 )
     {
         return( ret );
@@ -303,7 +303,7 @@
         return( MBEDTLS_ERR_SSL_INVALID_MAC );
 
     /* Decrypt */
-    if( ( ret = mbedtls_aes_crypt_cbc( &ssl->ticket_keys->dec, MBEDTLS_AES_DECRYPT,
+    if( ( ret = mbedtls_aes_crypt_cbc( &ssl->conf->ticket_keys->dec, MBEDTLS_AES_DECRYPT,
                                enc_len, iv, ticket, ticket ) ) != 0 )
     {
         return( ret );