git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Emeric Brun <ebrun@haproxy.com>
	Thu, 10 Jan 2019 16:51:55 +0000 (17:51 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Mon, 14 Jan 2019 18:32:58 +0000 (19:32 +0100)
commit	9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
tree	afa7179bb91af927ad94e00925266173e209202a	tree
parent	09852f70e0ed0f23cf9287b1ce55bb6a60112f32	commit \| diff

MINOR: ssl: add support of aes256 bits ticket keys on file and cli.

Openssl switched from aes128 to aes256 since may 2016 to compute
tls ticket secrets used by default. But Haproxy still handled only
128 bits keys for both tls key file and CLI.

This patch permit the user to set aes256 keys throught CLI or
the key file (80 bytes encoded in base64) in the same way that
aes128 keys were handled (48 bytes encoded in base64):
- first 16 bytes for the key name
- next 16/32 bytes for aes 128/256 key bits key
- last 16/32 bytes for hmac 128/256 bits

Both sizes are now supported (but keys from same file must be
of the same size and can but updated via CLI only using a key of
the same size).

Note: This feature need the fix "dec func ignores padding for output
size checking."

doc/configuration.txt		diff \| blob \| blame \| history
doc/management.txt		diff \| blob \| blame \| history
include/proto/ssl_sock.h		diff \| blob \| blame \| history
include/types/ssl_sock.h		diff \| blob \| blame \| history
src/ssl_sock.c		diff \| blob \| blame \| history