Introduce a signer interface intented to make TLS privsep simpler

to implement.

Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.

Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.

Discussed with and ok jsing@ tb@

1 files changed, 6 insertions, 0 deletions

diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
index 42c039d294..d00e5e0ce6 100644
--- a/src/lib/libtls/Symbols.list
+++ b/src/lib/libtls/Symbols.list
@@ -43,6 +43,7 @@ tls_config_set_protocols
 tls_config_set_session_id
 tls_config_set_session_lifetime
 tls_config_set_session_fd
+tls_config_set_sign_cb
 tls_config_set_verify_depth
 tls_config_skip_private_key_check
 tls_config_use_fake_private_key
@@ -87,5 +88,10 @@ tls_peer_ocsp_url
 tls_read
 tls_reset
 tls_server
+tls_signer_add_keypair_file
+tls_signer_add_keypair_mem
+tls_signer_free
+tls_signer_new
+tls_signer_sign
 tls_unload_file
 tls_write