Hide the tls_signer from public visibility. It's not ready yet and

should not be used. It will be revisited after release. ok beck inoguchi jsing
author: tb <> 2022-03-24 15:56:34 +0000
committer: tb <> 2022-03-24 15:56:34 +0000
commit: 802861eb358e01a85c701c1e1abc1535a8d840d8 (patch)
tree: fc41265c5f8ee8d7447a3653a5447b27117ba0de /src/lib/libtls
parent: 45eb44d4b416d7f8f4318e1ceb559f6318d5ac41 (diff)
download: openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.tar.gz
openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.tar.bz2
openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.zip
3 files changed, 24 insertions, 29 deletions
diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
index 54d8dd7a46..42c039d294 100644
--- a/src/lib/libtls/Symbols.list
+++ b/src/lib/libtls/Symbols.list
@@ -43,7 +43,6 @@ tls_config_set_protocols
 tls_config_set_session_id
 tls_config_set_session_lifetime
 tls_config_set_session_fd
-tls_config_set_sign_cb
 tls_config_set_verify_depth
 tls_config_skip_private_key_check
 tls_config_use_fake_private_key
@@ -88,11 +87,5 @@ tls_peer_ocsp_url
 tls_read
 tls_reset
 tls_server
-tls_signer_add_keypair_file
-tls_signer_add_keypair_mem
-tls_signer_error
-tls_signer_free
-tls_signer_new
-tls_signer_sign
 tls_unload_file
 tls_write
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 91218b729d..b94a6fa6d0 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.61 2022/02/01 17:18:38 jsing Exp $ */
+/* $OpenBSD: tls.h,v 1.62 2022/03/24 15:56:34 tb Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -72,10 +72,6 @@ extern "C" {
 #define TLS_MAX_SESSION_ID_LENGTH               32
 #define TLS_TICKET_KEY_SIZE                     48
-#define TLS_PADDING_NONE                        0
-#define TLS_PADDING_RSA_PKCS1                   1
-#define TLS_PADDING_RSA_X9_31                   2
 struct tls;
 struct tls_config;
@@ -83,9 +79,6 @@ typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen,
    void *_cb_arg);
 typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf,
    size_t _buflen, void *_cb_arg);
-typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash,
-    const uint8_t *_input, size_t _input_len, int _padding_type,
-    uint8_t **_out_signature, size_t *_out_signature_len);
 int tls_init(void);
@@ -142,8 +135,6 @@ int tls_config_set_ocsp_staple_file(struct tls_config *_config,
 int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
 int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
 int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
-int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
-    void *_cb_arg);
 void tls_config_prefer_ciphers_client(struct tls_config *_config);
 void tls_config_prefer_ciphers_server(struct tls_config *_config);
@@ -221,17 +212,6 @@ time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
 time_t tls_peer_ocsp_this_update(struct tls *_ctx);
 const char *tls_peer_ocsp_url(struct tls *_ctx);
-struct tls_signer* tls_signer_new(void);
-void tls_signer_free(struct tls_signer * _signer);
-const char *tls_signer_error(struct tls_signer * _signer);
-int tls_signer_add_keypair_file(struct tls_signer *_signer,
-    const char *_cert_file, const char *_key_file);
-int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert,
-    size_t _cert_len, const uint8_t *_key, size_t _key_len);
-int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash,
-    const uint8_t *_input, size_t _input_len, int _padding_type,
-    uint8_t **_out_signature, size_t *_out_signature_len);
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index bc5044518b..ca1d96f627 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.79 2022/01/25 21:51:24 eric Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -78,6 +78,10 @@ struct tls_ticket_key {
        time_t          time;
 };
+typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash,
+    const uint8_t *_input, size_t _input_len, int _padding_type,
+    uint8_t **_out_signature, size_t *_out_signature_len);
 struct tls_config {
        struct tls_error error;
@@ -296,6 +300,24 @@ int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
 RSA_METHOD *tls_signer_rsa_method(void);
 ECDSA_METHOD *tls_signer_ecdsa_method(void);
+#define TLS_PADDING_NONE                        0
+#define TLS_PADDING_RSA_PKCS1                   1
+#define TLS_PADDING_RSA_X9_31                   2
+int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
+    void *_cb_arg);
+struct tls_signer* tls_signer_new(void);
+void tls_signer_free(struct tls_signer * _signer);
+const char *tls_signer_error(struct tls_signer * _signer);
+int tls_signer_add_keypair_file(struct tls_signer *_signer,
+    const char *_cert_file, const char *_key_file);
+int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len);
+int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash,
+    const uint8_t *_input, size_t _input_len, int _padding_type,
+    uint8_t **_out_signature, size_t *_out_signature_len);
 __END_HIDDEN_DECLS
 /* XXX this function is not fully hidden so relayd can use it */
author	tb <>	2022-03-24 15:56:34 +0000
committer	tb <>	2022-03-24 15:56:34 +0000
commit	802861eb358e01a85c701c1e1abc1535a8d840d8 (patch)
tree	fc41265c5f8ee8d7447a3653a5447b27117ba0de /src/lib/libtls
parent	45eb44d4b416d7f8f4318e1ceb559f6318d5ac41 (diff)
download	openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.tar.gz openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.tar.bz2 openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.zip