Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 484ff076912c0ce43234758fd14216b3d7ece6ca / . / include / types / ssl_sock.h
blob: a2fff77f65f4db5406f36fba2d0fc48580854274 [file] [log] [blame]
Emeric Brunfc0421f2012-09-07 17:30:07 +0200[diff] [blame]1/*
2 * include/types/ssl_sock.h
3 * SSL settings for listeners and servers
4 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation, version 2.1
10 * exclusively.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22#ifndef _TYPES_SSL_SOCK_H
23#define _TYPES_SSL_SOCK_H
24
25#include <openssl/ssl.h>
26#include <ebmbtree.h>
27
Christopher Faulet16f45c82018-02-16 11:23:49 +0100[diff] [blame]28#include <common/hathreads.h>
29
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +0200[diff] [blame]30struct pkey_info {
31 uint8_t sig; /* TLSEXT_signature_[rsa,ecdsa,...] */
32 uint16_t bits; /* key size in bits */
33};
34
Emeric Brunfc0421f2012-09-07 17:30:07 +0200[diff] [blame]35struct sni_ctx {
36 SSL_CTX *ctx; /* context associated to the certificate */
37 int order; /* load order for the certificate */
Emmanuel Hocdet05942112017-02-20 16:11:50 +0100[diff] [blame]38 uint8_t neg; /* reject if match */
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +0200[diff] [blame]39 struct pkey_info kinfo; /* pkey info */
Emmanuel Hocdet98263292016-12-29 18:26:15 +0100[diff] [blame]40 struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */
Emeric Brunfc0421f2012-09-07 17:30:07 +0200[diff] [blame]41 struct ebmb_node name; /* node holding the servername value */
42};
43
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200[diff] [blame]44struct tls_version_filter {
45 uint16_t flags; /* ssl options */
46 uint8_t min; /* min TLS version */
47 uint8_t max; /* max TLS version */
48};
49
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200[diff] [blame]50extern struct list tlskeys_reference;
51
Emeric Brun9e754772019-01-10 17:51:55 +0100[diff] [blame]52struct tls_sess_key_128 {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100[diff] [blame]53 unsigned char name[16];
54 unsigned char aes_key[16];
55 unsigned char hmac_key[16];
56} __attribute__((packed));
57
Emeric Brun9e754772019-01-10 17:51:55 +0100[diff] [blame]58struct tls_sess_key_256 {
59 unsigned char name[16];
60 unsigned char aes_key[32];
61 unsigned char hmac_key[32];
62} __attribute__((packed));
63
64union tls_sess_key{
65 unsigned char name[16];
66 struct tls_sess_key_256 key_128;
67 struct tls_sess_key_256 key_256;
68} __attribute__((packed));
69
Nenad Merdanovic146defa2015-05-09 08:46:00 +0200[diff] [blame]70struct tls_keys_ref {
71 struct list list; /* Used to chain refs. */
72 char *filename;
73 int unique_id; /* Each pattern reference have unique id. */
Willy Tarreau17b4aa12018-07-17 10:05:32 +0200[diff] [blame]74 int refcount; /* number of users of this tls_keys_ref. */
Emeric Brun9e754772019-01-10 17:51:55 +0100[diff] [blame]75 union tls_sess_key *tlskeys;
Nenad Merdanovic146defa2015-05-09 08:46:00 +0200[diff] [blame]76 int tls_ticket_enc_index;
Emeric Brun9e754772019-01-10 17:51:55 +0100[diff] [blame]77 int key_size_bits;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100[diff] [blame]78 __decl_hathreads(HA_RWLOCK_T lock); /* lock used to protect the ref */
Nenad Merdanovic146defa2015-05-09 08:46:00 +0200[diff] [blame]79};
80
William Lallemand4f45bb92017-10-30 20:08:51 +0100[diff] [blame]81/* shared ssl session */
82struct sh_ssl_sess_hdr {
83 struct ebmb_node key;
84 unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH];
85};
86
Emeric Brunfc0421f2012-09-07 17:30:07 +0200[diff] [blame]87#endif /* _TYPES_SSL_SOCK_H */