static int tlsmgr_key(VSTRING *buffer, int timeout)
{
TLS_TICKET_KEY *key;
TLS_TICKET_KEY tmp;
unsigned char *name;
time_t now = time((time_t *) 0);
/* In tlsmgr requests we encode null key names as empty strings. */
name = LEN(buffer) ? (unsigned char *) STR(buffer) : 0;
/*
* Each key's encrypt and subsequent decrypt-only timeout is half of the
* total session timeout.
*/
timeout /= 2;
/* Attempt to locate existing key */
if ((key = tls_scache_key(name, now, timeout)) == 0) {
if (name == 0) {
/* Create new encryption key */
if (RAND_bytes(tmp.name, TLS_TICKET_NAMELEN) <= 0
|| RAND_bytes(tmp.bits, TLS_TICKET_KEYLEN) <= 0
|| RAND_bytes(tmp.hmac, TLS_TICKET_MACLEN) <= 0)
return (TLS_MGR_STAT_ERR);
tmp.tout = now + timeout - 1;
key = tls_scache_key_rotate(&tmp);
} else {
/* No matching decryption key found */
return (TLS_MGR_STAT_ERR);
}
}
/* Return value overrites name buffer */
vstring_memcpy(buffer, (char *) key, sizeof(*key));
return (TLS_MGR_STAT_OK);
}
int tls_mgr_lookup(const char *unused_type, const char *key, VSTRING *buf)
{
VSTRING *s;
if (tls_cache == 0)
return TLS_MGR_STAT_ERR;
if ((s = (VSTRING *) htable_find(tls_cache, key)) == 0)
return TLS_MGR_STAT_ERR;
vstring_memcpy(buf, vstring_str(s), VSTRING_LEN(s));
++cache_hits;
return (TLS_MGR_STAT_OK);
}
int tls_mgr_update(const char *unused_type, const char *key,
const char *buf, ssize_t len)
{
HTABLE_INFO *ent;
VSTRING *s;
if (tls_cache == 0)
return TLS_MGR_STAT_ERR;
if ((ent = htable_locate(tls_cache, key)) == 0) {
s = vstring_alloc(len);
ent = htable_enter(tls_cache, key, (char *) s);
} else {
s = (VSTRING *) ent->value;
}
vstring_memcpy(s, buf, len);
++cache_count;
return (TLS_MGR_STAT_OK);
}
