Introduce macros for max-{IV,block,key}-size for ciphers used in TLS

See the documentation in ssl_internal.h that this commit introduces for more information. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2025-11-05 08:10:38 +03:00 · 2020-09-08 11:29:11 +01:00
parent 815869ac9c
commit 1588983ef0
2 changed files with 36 additions and 7 deletions
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -227,17 +227,24 @@ enum {
 };

 /** Maximum length of any IV, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers. */
+/* This should ideally be derived automatically from list of ciphers.
+ * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
+ * in ssl_internal.h. */
 #define MBEDTLS_MAX_IV_LENGTH      16

 /** Maximum block size of any cipher, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers. */
+/* This should ideally be derived automatically from list of ciphers.
+ * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
+ * in ssl_internal.h. */
 #define MBEDTLS_MAX_BLOCK_LENGTH   16

 /** Maximum key length, in Bytes. */
 /* This should ideally be derived automatically from list of ciphers.
 * For now, only check whether XTS is enabled which uses 64 Byte keys,
- * and use 32 Bytes as an upper bound for the maximum key length otherwise. */
+ * and use 32 Bytes as an upper bound for the maximum key length otherwise.
+ * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
+ * in ssl_internal.h, which however deliberately ignores the case of XTS
+ * since the latter isn't used in SSL/TLS. */
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
 #define MBEDTLS_MAX_KEY_LENGTH     64
 #else