Introduce a signer interface intented to make TLS privsep simpler - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	eric <>	2022-01-25 21:51:24 +0000
committer	eric <>	2022-01-25 21:51:24 +0000
commit	bff2f4430c3c0f9cc4584883118372ffbdcbd1e6 (patch)
tree	f7e1f8bcb82bc7a21b3720f212d7fbf3f1d02872 /src/lib/libssl/s3_lib.c
parent	8916de99091ddb118cea65ab156e1d4825a3d8f6 (diff)
download	openbsd-bff2f4430c3c0f9cc4584883118372ffbdcbd1e6.tar.gz openbsd-bff2f4430c3c0f9cc4584883118372ffbdcbd1e6.tar.bz2 openbsd-bff2f4430c3c0f9cc4584883118372ffbdcbd1e6.zip

Introduce a signer interface intented to make TLS privsep simpler

to implement. Add a tls_config_set_sign_cb() function that allows to register a callback for the signing operation on a tls_config. When used, the context installs fake pivate keys internally, and the callback receives the hash of the public key. Add a tls_signer_*() set of functions to manage tls_signer objects. A tls_signer is an opaque structure on which keys are added. It is used to compute signatures with private keys identified by their associated public key hash. Discussed with and ok jsing@ tb@

Diffstat (limited to 'src/lib/libssl/s3_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: