diff options
author | tb <> | 2022-03-24 15:56:34 +0000 |
---|---|---|
committer | tb <> | 2022-03-24 15:56:34 +0000 |
commit | 802861eb358e01a85c701c1e1abc1535a8d840d8 (patch) | |
tree | fc41265c5f8ee8d7447a3653a5447b27117ba0de /src/lib/libtls | |
parent | 45eb44d4b416d7f8f4318e1ceb559f6318d5ac41 (diff) | |
download | openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.tar.gz openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.tar.bz2 openbsd-802861eb358e01a85c701c1e1abc1535a8d840d8.zip |
Hide the tls_signer from public visibility. It's not ready yet and
should not be used. It will be revisited after release.
ok beck inoguchi jsing
Diffstat (limited to 'src/lib/libtls')
-rw-r--r-- | src/lib/libtls/Symbols.list | 7 | ||||
-rw-r--r-- | src/lib/libtls/tls.h | 22 | ||||
-rw-r--r-- | src/lib/libtls/tls_internal.h | 24 |
3 files changed, 24 insertions, 29 deletions
diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list index 54d8dd7a46..42c039d294 100644 --- a/src/lib/libtls/Symbols.list +++ b/src/lib/libtls/Symbols.list | |||
@@ -43,7 +43,6 @@ tls_config_set_protocols | |||
43 | tls_config_set_session_id | 43 | tls_config_set_session_id |
44 | tls_config_set_session_lifetime | 44 | tls_config_set_session_lifetime |
45 | tls_config_set_session_fd | 45 | tls_config_set_session_fd |
46 | tls_config_set_sign_cb | ||
47 | tls_config_set_verify_depth | 46 | tls_config_set_verify_depth |
48 | tls_config_skip_private_key_check | 47 | tls_config_skip_private_key_check |
49 | tls_config_use_fake_private_key | 48 | tls_config_use_fake_private_key |
@@ -88,11 +87,5 @@ tls_peer_ocsp_url | |||
88 | tls_read | 87 | tls_read |
89 | tls_reset | 88 | tls_reset |
90 | tls_server | 89 | tls_server |
91 | tls_signer_add_keypair_file | ||
92 | tls_signer_add_keypair_mem | ||
93 | tls_signer_error | ||
94 | tls_signer_free | ||
95 | tls_signer_new | ||
96 | tls_signer_sign | ||
97 | tls_unload_file | 90 | tls_unload_file |
98 | tls_write | 91 | tls_write |
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h index 91218b729d..b94a6fa6d0 100644 --- a/src/lib/libtls/tls.h +++ b/src/lib/libtls/tls.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls.h,v 1.61 2022/02/01 17:18:38 jsing Exp $ */ | 1 | /* $OpenBSD: tls.h,v 1.62 2022/03/24 15:56:34 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -72,10 +72,6 @@ extern "C" { | |||
72 | #define TLS_MAX_SESSION_ID_LENGTH 32 | 72 | #define TLS_MAX_SESSION_ID_LENGTH 32 |
73 | #define TLS_TICKET_KEY_SIZE 48 | 73 | #define TLS_TICKET_KEY_SIZE 48 |
74 | 74 | ||
75 | #define TLS_PADDING_NONE 0 | ||
76 | #define TLS_PADDING_RSA_PKCS1 1 | ||
77 | #define TLS_PADDING_RSA_X9_31 2 | ||
78 | |||
79 | struct tls; | 75 | struct tls; |
80 | struct tls_config; | 76 | struct tls_config; |
81 | 77 | ||
@@ -83,9 +79,6 @@ typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen, | |||
83 | void *_cb_arg); | 79 | void *_cb_arg); |
84 | typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf, | 80 | typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf, |
85 | size_t _buflen, void *_cb_arg); | 81 | size_t _buflen, void *_cb_arg); |
86 | typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, | ||
87 | const uint8_t *_input, size_t _input_len, int _padding_type, | ||
88 | uint8_t **_out_signature, size_t *_out_signature_len); | ||
89 | 82 | ||
90 | int tls_init(void); | 83 | int tls_init(void); |
91 | 84 | ||
@@ -142,8 +135,6 @@ int tls_config_set_ocsp_staple_file(struct tls_config *_config, | |||
142 | int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols); | 135 | int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols); |
143 | int tls_config_set_session_fd(struct tls_config *_config, int _session_fd); | 136 | int tls_config_set_session_fd(struct tls_config *_config, int _session_fd); |
144 | int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth); | 137 | int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth); |
145 | int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb, | ||
146 | void *_cb_arg); | ||
147 | 138 | ||
148 | void tls_config_prefer_ciphers_client(struct tls_config *_config); | 139 | void tls_config_prefer_ciphers_client(struct tls_config *_config); |
149 | void tls_config_prefer_ciphers_server(struct tls_config *_config); | 140 | void tls_config_prefer_ciphers_server(struct tls_config *_config); |
@@ -221,17 +212,6 @@ time_t tls_peer_ocsp_revocation_time(struct tls *_ctx); | |||
221 | time_t tls_peer_ocsp_this_update(struct tls *_ctx); | 212 | time_t tls_peer_ocsp_this_update(struct tls *_ctx); |
222 | const char *tls_peer_ocsp_url(struct tls *_ctx); | 213 | const char *tls_peer_ocsp_url(struct tls *_ctx); |
223 | 214 | ||
224 | struct tls_signer* tls_signer_new(void); | ||
225 | void tls_signer_free(struct tls_signer * _signer); | ||
226 | const char *tls_signer_error(struct tls_signer * _signer); | ||
227 | int tls_signer_add_keypair_file(struct tls_signer *_signer, | ||
228 | const char *_cert_file, const char *_key_file); | ||
229 | int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, | ||
230 | size_t _cert_len, const uint8_t *_key, size_t _key_len); | ||
231 | int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, | ||
232 | const uint8_t *_input, size_t _input_len, int _padding_type, | ||
233 | uint8_t **_out_signature, size_t *_out_signature_len); | ||
234 | |||
235 | #ifdef __cplusplus | 215 | #ifdef __cplusplus |
236 | } | 216 | } |
237 | #endif | 217 | #endif |
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index bc5044518b..ca1d96f627 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls_internal.h,v 1.79 2022/01/25 21:51:24 eric Exp $ */ | 1 | /* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> |
4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
@@ -78,6 +78,10 @@ struct tls_ticket_key { | |||
78 | time_t time; | 78 | time_t time; |
79 | }; | 79 | }; |
80 | 80 | ||
81 | typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, | ||
82 | const uint8_t *_input, size_t _input_len, int _padding_type, | ||
83 | uint8_t **_out_signature, size_t *_out_signature_len); | ||
84 | |||
81 | struct tls_config { | 85 | struct tls_config { |
82 | struct tls_error error; | 86 | struct tls_error error; |
83 | 87 | ||
@@ -296,6 +300,24 @@ int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u); | |||
296 | RSA_METHOD *tls_signer_rsa_method(void); | 300 | RSA_METHOD *tls_signer_rsa_method(void); |
297 | ECDSA_METHOD *tls_signer_ecdsa_method(void); | 301 | ECDSA_METHOD *tls_signer_ecdsa_method(void); |
298 | 302 | ||
303 | #define TLS_PADDING_NONE 0 | ||
304 | #define TLS_PADDING_RSA_PKCS1 1 | ||
305 | #define TLS_PADDING_RSA_X9_31 2 | ||
306 | |||
307 | int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb, | ||
308 | void *_cb_arg); | ||
309 | |||
310 | struct tls_signer* tls_signer_new(void); | ||
311 | void tls_signer_free(struct tls_signer * _signer); | ||
312 | const char *tls_signer_error(struct tls_signer * _signer); | ||
313 | int tls_signer_add_keypair_file(struct tls_signer *_signer, | ||
314 | const char *_cert_file, const char *_key_file); | ||
315 | int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, | ||
316 | size_t _cert_len, const uint8_t *_key, size_t _key_len); | ||
317 | int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, | ||
318 | const uint8_t *_input, size_t _input_len, int _padding_type, | ||
319 | uint8_t **_out_signature, size_t *_out_signature_len); | ||
320 | |||
299 | __END_HIDDEN_DECLS | 321 | __END_HIDDEN_DECLS |
300 | 322 | ||
301 | /* XXX this function is not fully hidden so relayd can use it */ | 323 | /* XXX this function is not fully hidden so relayd can use it */ |