From 5bc45eb57d3df492a992eb97f4f9efadef0b060c Mon Sep 17 00:00:00 2001
From: eric <>
Date: Tue, 25 Jan 2022 21:51:24 +0000
Subject: Introduce a signer interface intented to make TLS privsep simpler to
 implement.

Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.

Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.

Discussed with and ok jsing@ tb@
---
 src/lib/libtls/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/libtls/Makefile')

diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
index 23a6ed1f2a..78ff99b585 100644
--- a/src/lib/libtls/Makefile
+++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.36 2020/06/09 16:53:53 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.37 2022/01/25 21:51:24 eric Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -35,6 +35,7 @@ SRCS=	tls.c \
 	tls_keypair.c \
 	tls_peer.c \
 	tls_server.c \
+	tls_signer.c \
 	tls_util.c \
 	tls_ocsp.c \
 	tls_verify.c
-- 
cgit v1.2.3-55-g6feb