From: tb Date: Thu, 24 Mar 2022 15:56:34 +0000 (+0000) Subject: Hide the tls_signer from public visibility. It's not ready yet and X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=fd9951f7e9b9d37ab7d490f585cd8a18e227d5e3;p=openbsd Hide the tls_signer from public visibility. It's not ready yet and should not be used. It will be revisited after release. ok beck inoguchi jsing --- diff --git a/lib/libtls/Symbols.list b/lib/libtls/Symbols.list index 54d8dd7a465..42c039d2945 100644 --- a/lib/libtls/Symbols.list +++ b/lib/libtls/Symbols.list @@ -43,7 +43,6 @@ tls_config_set_protocols tls_config_set_session_id tls_config_set_session_lifetime tls_config_set_session_fd -tls_config_set_sign_cb tls_config_set_verify_depth tls_config_skip_private_key_check tls_config_use_fake_private_key @@ -88,11 +87,5 @@ tls_peer_ocsp_url tls_read tls_reset tls_server -tls_signer_add_keypair_file -tls_signer_add_keypair_mem -tls_signer_error -tls_signer_free -tls_signer_new -tls_signer_sign tls_unload_file tls_write diff --git a/lib/libtls/tls.h b/lib/libtls/tls.h index 91218b729d7..b94a6fa6d05 100644 --- a/lib/libtls/tls.h +++ b/lib/libtls/tls.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.h,v 1.61 2022/02/01 17:18:38 jsing Exp $ */ +/* $OpenBSD: tls.h,v 1.62 2022/03/24 15:56:34 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -72,10 +72,6 @@ extern "C" { #define TLS_MAX_SESSION_ID_LENGTH 32 #define TLS_TICKET_KEY_SIZE 48 -#define TLS_PADDING_NONE 0 -#define TLS_PADDING_RSA_PKCS1 1 -#define TLS_PADDING_RSA_X9_31 2 - struct tls; struct tls_config; @@ -83,9 +79,6 @@ typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen, void *_cb_arg); typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf, size_t _buflen, void *_cb_arg); -typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, - const uint8_t *_input, size_t _input_len, int _padding_type, - uint8_t **_out_signature, size_t *_out_signature_len); int tls_init(void); @@ -142,8 +135,6 @@ int tls_config_set_ocsp_staple_file(struct tls_config *_config, int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols); int tls_config_set_session_fd(struct tls_config *_config, int _session_fd); int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth); -int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb, - void *_cb_arg); void tls_config_prefer_ciphers_client(struct tls_config *_config); void tls_config_prefer_ciphers_server(struct tls_config *_config); @@ -221,17 +212,6 @@ time_t tls_peer_ocsp_revocation_time(struct tls *_ctx); time_t tls_peer_ocsp_this_update(struct tls *_ctx); const char *tls_peer_ocsp_url(struct tls *_ctx); -struct tls_signer* tls_signer_new(void); -void tls_signer_free(struct tls_signer * _signer); -const char *tls_signer_error(struct tls_signer * _signer); -int tls_signer_add_keypair_file(struct tls_signer *_signer, - const char *_cert_file, const char *_key_file); -int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, - size_t _cert_len, const uint8_t *_key, size_t _key_len); -int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, - const uint8_t *_input, size_t _input_len, int _padding_type, - uint8_t **_out_signature, size_t *_out_signature_len); - #ifdef __cplusplus } #endif diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h index bc5044518b3..ca1d96f627e 100644 --- a/lib/libtls/tls_internal.h +++ b/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.79 2022/01/25 21:51:24 eric Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * Copyright (c) 2014 Joel Sing @@ -78,6 +78,10 @@ struct tls_ticket_key { time_t time; }; +typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); + struct tls_config { struct tls_error error; @@ -296,6 +300,24 @@ int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u); RSA_METHOD *tls_signer_rsa_method(void); ECDSA_METHOD *tls_signer_ecdsa_method(void); +#define TLS_PADDING_NONE 0 +#define TLS_PADDING_RSA_PKCS1 1 +#define TLS_PADDING_RSA_X9_31 2 + +int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb, + void *_cb_arg); + +struct tls_signer* tls_signer_new(void); +void tls_signer_free(struct tls_signer * _signer); +const char *tls_signer_error(struct tls_signer * _signer); +int tls_signer_add_keypair_file(struct tls_signer *_signer, + const char *_cert_file, const char *_key_file); +int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, + size_t _cert_len, const uint8_t *_key, size_t _key_len); +int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); + __END_HIDDEN_DECLS /* XXX this function is not fully hidden so relayd can use it */