Kaspar Brand wrote: > Dr Stephen Henson wrote: >> A few comments about that: > > Thanks for the review! > >> These are cryptographic keys (or at least the HMAC and AES keys are) so you >> should use RAND_bytes(), not RAND_pseudo_bytes(). > > Ok - when looking at ssl_lib.c:SSL_CTX_new(), I didn't realize that > RAND_pseudo_bytes() is only used for tlsext_tick_key_name. Changed > accordingly. > >> Don't dereference the structures directly as at some point the sizes might >> change, the structure made opaque or a different mechanism used for storing >> keys >> (e.g. HSM support). > > I was looking at a way to determine the size at compile time, but if you > think that's an unsafe method (note: it's only expected to work for > 0.9.8f through 0.9.8l), then let's change it. >
These things have a habit of persisting far longer than their expected lifetime ;-) >> The approved way is to call: >> >> SSL_CTX_set_tlsext_ticket_keys(sc->server->ssl_ctx, NULL, -1) >> >> which will return the combined length of all keys. > > Did that - does v3 of the patch (attached) look better? Is it ok to use > apr_palloc here? > Yes that looks better. There is an alternative technique if it is easier to find a "base" SSL_CTX, you can retrieve the auto generated keys using SSL_CTX_get_tlsext_ticket_keys() and then copy to the new context as above. Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org
