summaryrefslogtreecommitdiff
path: root/src/lib/libtls
diff options
context:
space:
mode:
authortb <>2022-03-24 15:56:34 +0000
committertb <>2022-03-24 15:56:34 +0000
commit802861eb358e01a85c701c1e1abc1535a8d840d8 (patch)
treefc41265c5f8ee8d7447a3653a5447b27117ba0de /src/lib/libtls
parent45eb44d4b416d7f8f4318e1ceb559f6318d5ac41 (diff)
downloadopenbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.tar.gz
openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.tar.bz2
openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.zip
Hide the tls_signer from public visibility. It's not ready yet and
should not be used. It will be revisited after release. ok beck inoguchi jsing
Diffstat (limited to 'src/lib/libtls')
-rw-r--r--src/lib/libtls/Symbols.list7
-rw-r--r--src/lib/libtls/tls.h22
-rw-r--r--src/lib/libtls/tls_internal.h24
3 files changed, 24 insertions, 29 deletions
diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
index 54d8dd7a46..42c039d294 100644
--- a/src/lib/libtls/Symbols.list
+++ b/src/lib/libtls/Symbols.list
@@ -43,7 +43,6 @@ tls_config_set_protocols
43tls_config_set_session_id 43tls_config_set_session_id
44tls_config_set_session_lifetime 44tls_config_set_session_lifetime
45tls_config_set_session_fd 45tls_config_set_session_fd
46tls_config_set_sign_cb
47tls_config_set_verify_depth 46tls_config_set_verify_depth
48tls_config_skip_private_key_check 47tls_config_skip_private_key_check
49tls_config_use_fake_private_key 48tls_config_use_fake_private_key
@@ -88,11 +87,5 @@ tls_peer_ocsp_url
88tls_read 87tls_read
89tls_reset 88tls_reset
90tls_server 89tls_server
91tls_signer_add_keypair_file
92tls_signer_add_keypair_mem
93tls_signer_error
94tls_signer_free
95tls_signer_new
96tls_signer_sign
97tls_unload_file 90tls_unload_file
98tls_write 91tls_write
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 91218b729d..b94a6fa6d0 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.h,v 1.61 2022/02/01 17:18:38 jsing Exp $ */ 1/* $OpenBSD: tls.h,v 1.62 2022/03/24 15:56:34 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -72,10 +72,6 @@ extern "C" {
72#define TLS_MAX_SESSION_ID_LENGTH 32 72#define TLS_MAX_SESSION_ID_LENGTH 32
73#define TLS_TICKET_KEY_SIZE 48 73#define TLS_TICKET_KEY_SIZE 48
74 74
75#define TLS_PADDING_NONE 0
76#define TLS_PADDING_RSA_PKCS1 1
77#define TLS_PADDING_RSA_X9_31 2
78
79struct tls; 75struct tls;
80struct tls_config; 76struct tls_config;
81 77
@@ -83,9 +79,6 @@ typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen,
83 void *_cb_arg); 79 void *_cb_arg);
84typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf, 80typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf,
85 size_t _buflen, void *_cb_arg); 81 size_t _buflen, void *_cb_arg);
86typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash,
87 const uint8_t *_input, size_t _input_len, int _padding_type,
88 uint8_t **_out_signature, size_t *_out_signature_len);
89 82
90int tls_init(void); 83int tls_init(void);
91 84
@@ -142,8 +135,6 @@ int tls_config_set_ocsp_staple_file(struct tls_config *_config,
142int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols); 135int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
143int tls_config_set_session_fd(struct tls_config *_config, int _session_fd); 136int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
144int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth); 137int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
145int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
146 void *_cb_arg);
147 138
148void tls_config_prefer_ciphers_client(struct tls_config *_config); 139void tls_config_prefer_ciphers_client(struct tls_config *_config);
149void tls_config_prefer_ciphers_server(struct tls_config *_config); 140void tls_config_prefer_ciphers_server(struct tls_config *_config);
@@ -221,17 +212,6 @@ time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
221time_t tls_peer_ocsp_this_update(struct tls *_ctx); 212time_t tls_peer_ocsp_this_update(struct tls *_ctx);
222const char *tls_peer_ocsp_url(struct tls *_ctx); 213const char *tls_peer_ocsp_url(struct tls *_ctx);
223 214
224struct tls_signer* tls_signer_new(void);
225void tls_signer_free(struct tls_signer * _signer);
226const char *tls_signer_error(struct tls_signer * _signer);
227int tls_signer_add_keypair_file(struct tls_signer *_signer,
228 const char *_cert_file, const char *_key_file);
229int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert,
230 size_t _cert_len, const uint8_t *_key, size_t _key_len);
231int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash,
232 const uint8_t *_input, size_t _input_len, int _padding_type,
233 uint8_t **_out_signature, size_t *_out_signature_len);
234
235#ifdef __cplusplus 215#ifdef __cplusplus
236} 216}
237#endif 217#endif
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index bc5044518b..ca1d96f627 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_internal.h,v 1.79 2022/01/25 21:51:24 eric Exp $ */ 1/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -78,6 +78,10 @@ struct tls_ticket_key {
78 time_t time; 78 time_t time;
79}; 79};
80 80
81typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash,
82 const uint8_t *_input, size_t _input_len, int _padding_type,
83 uint8_t **_out_signature, size_t *_out_signature_len);
84
81struct tls_config { 85struct tls_config {
82 struct tls_error error; 86 struct tls_error error;
83 87
@@ -296,6 +300,24 @@ int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
296RSA_METHOD *tls_signer_rsa_method(void); 300RSA_METHOD *tls_signer_rsa_method(void);
297ECDSA_METHOD *tls_signer_ecdsa_method(void); 301ECDSA_METHOD *tls_signer_ecdsa_method(void);
298 302
303#define TLS_PADDING_NONE 0
304#define TLS_PADDING_RSA_PKCS1 1
305#define TLS_PADDING_RSA_X9_31 2
306
307int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
308 void *_cb_arg);
309
310struct tls_signer* tls_signer_new(void);
311void tls_signer_free(struct tls_signer * _signer);
312const char *tls_signer_error(struct tls_signer * _signer);
313int tls_signer_add_keypair_file(struct tls_signer *_signer,
314 const char *_cert_file, const char *_key_file);
315int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert,
316 size_t _cert_len, const uint8_t *_key, size_t _key_len);
317int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash,
318 const uint8_t *_input, size_t _input_len, int _padding_type,
319 uint8_t **_out_signature, size_t *_out_signature_len);
320
299__END_HIDDEN_DECLS 321__END_HIDDEN_DECLS
300 322
301/* XXX this function is not fully hidden so relayd can use it */ 323/* XXX this function is not fully hidden so relayd can use it */