Kaspar Brand wrote:
+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0 +#define TICK_KEYS_LEN sizeof(((SSL_CTX *)0)->tlsext_tick_key_name) \ + + sizeof(((SSL_CTX *)0)->tlsext_tick_hmac_key) \ + + sizeof(((SSL_CTX *)0)->tlsext_tick_aes_key) + unsigned char tlsext_tick_keys[TICK_KEYS_LEN]; + RAND_pseudo_bytes(tlsext_tick_keys, TICK_KEYS_LEN); +#endif + A few comments about that: These are cryptographic keys (or at least the HMAC and AES keys are) so you should use RAND_bytes(), not RAND_pseudo_bytes(). Don't dereference the structures directly as at some point the sizes might change, the structure made opaque or a different mechanism used for storing keys (e.g. HSM support). The approved way is to call: SSL_CTX_set_tlsext_ticket_keys(sc->server->ssl_ctx, NULL, -1) which will return the combined length of all keys. Finally: + sid_ctx = ap_md5_binary(c->pool, (unsigned char*)sc->vhost_id, + sc->vhost_id_len); should we be using MD5 now if it can be avoided? Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org
