1 files changed, 23 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index bc5044518b..ca1d96f627 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.79 2022/01/25 21:51:24 eric Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -78,6 +78,10 @@ struct tls_ticket_key {
        time_t          time;
 };
+typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash,
+    const uint8_t *_input, size_t _input_len, int _padding_type,
+    uint8_t **_out_signature, size_t *_out_signature_len);
 struct tls_config {
        struct tls_error error;
@@ -296,6 +300,24 @@ int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
 RSA_METHOD *tls_signer_rsa_method(void);
 ECDSA_METHOD *tls_signer_ecdsa_method(void);
+#define TLS_PADDING_NONE                        0
+#define TLS_PADDING_RSA_PKCS1                   1
+#define TLS_PADDING_RSA_X9_31                   2
+int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
+    void *_cb_arg);
+struct tls_signer* tls_signer_new(void);
+void tls_signer_free(struct tls_signer * _signer);
+const char *tls_signer_error(struct tls_signer * _signer);
+int tls_signer_add_keypair_file(struct tls_signer *_signer,
+    const char *_cert_file, const char *_key_file);
+int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len);
+int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash,
+    const uint8_t *_input, size_t _input_len, int _padding_type,
+    uint8_t **_out_signature, size_t *_out_signature_len);
 __END_HIDDEN_DECLS
 /* XXX this function is not fully hidden so relayd can use it */

diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index bc5044518b..ca1d96f627 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_internal.h,v 1.79 2022/01/25 21:51:24 eric Exp $ */	1	/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>	3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -78,6 +78,10 @@ struct tls_ticket_key {
78	time_t time;	78	time_t time;
79	};	79	};
80		80
		81	typedef int (tls_sign_cb)(void _cb_arg, const char *_pubkey_hash,
		82	const uint8_t *_input, size_t _input_len, int _padding_type,
		83	uint8_t *_out_signature, size_t _out_signature_len);
		84
81	struct tls_config {	85	struct tls_config {
82	struct tls_error error;	86	struct tls_error error;
83		87
@@ -296,6 +300,24 @@ int tls_password_cb(char _buf, int _size, int _rwflag, void _u);
296	RSA_METHOD *tls_signer_rsa_method(void);	300	RSA_METHOD *tls_signer_rsa_method(void);
297	ECDSA_METHOD *tls_signer_ecdsa_method(void);	301	ECDSA_METHOD *tls_signer_ecdsa_method(void);
298		302
		303	#define TLS_PADDING_NONE 0
		304	#define TLS_PADDING_RSA_PKCS1 1
		305	#define TLS_PADDING_RSA_X9_31 2
		306
		307	int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
		308	void *_cb_arg);
		309
		310	struct tls_signer* tls_signer_new(void);
		311	void tls_signer_free(struct tls_signer * _signer);
		312	const char tls_signer_error(struct tls_signer _signer);
		313	int tls_signer_add_keypair_file(struct tls_signer *_signer,
		314	const char _cert_file, const char _key_file);
		315	int tls_signer_add_keypair_mem(struct tls_signer _signer, const uint8_t _cert,
		316	size_t _cert_len, const uint8_t *_key, size_t _key_len);
		317	int tls_signer_sign(struct tls_signer _signer, const char _pubkey_hash,
		318	const uint8_t *_input, size_t _input_len, int _padding_type,
		319	uint8_t *_out_signature, size_t _out_signature_len);
		320
299	__END_HIDDEN_DECLS	321	__END_HIDDEN_DECLS
300		322
301	/* XXX this function is not fully hidden so relayd can use it */	323	/* XXX this function is not fully hidden so relayd can use it */