diff options
-rw-r--r-- | LIBTLS_VERSION | 2 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | include/compat/sys/socket.h | 1 | ||||
-rw-r--r-- | include/tls.h | 22 | ||||
-rw-r--r-- | tls.sym | 7 | ||||
-rw-r--r-- | tls_internal.h | 24 |
6 files changed, 27 insertions, 31 deletions
diff --git a/LIBTLS_VERSION b/LIBTLS_VERSION index 27179fd..4afa027 100644 --- a/LIBTLS_VERSION +++ b/LIBTLS_VERSION @@ -1 +1 @@ -24:1:0 +25:0:0 diff --git a/VERSION b/VERSION index 6f711e8..8b7c8d3 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -3.5.1 +3.5.2 diff --git a/include/compat/sys/socket.h b/include/compat/sys/socket.h index 10eb05f..2f0b197 100644 --- a/include/compat/sys/socket.h +++ b/include/compat/sys/socket.h @@ -10,6 +10,7 @@ #endif #if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) +#define NEED_SOCKET_FLAGS #define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ #define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]); diff --git a/include/tls.h b/include/tls.h index 429c171..0c9e497 100644 --- a/include/tls.h +++ b/include/tls.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.h,v 1.61 2022/02/01 17:18:38 jsing Exp $ */ +/* $OpenBSD: tls.h,v 1.62 2022/03/24 15:56:34 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -79,10 +79,6 @@ typedef SSIZE_T ssize_t; #define TLS_MAX_SESSION_ID_LENGTH 32 #define TLS_TICKET_KEY_SIZE 48 -#define TLS_PADDING_NONE 0 -#define TLS_PADDING_RSA_PKCS1 1 -#define TLS_PADDING_RSA_X9_31 2 - struct tls; struct tls_config; @@ -90,9 +86,6 @@ typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen, void *_cb_arg); typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf, size_t _buflen, void *_cb_arg); -typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, - const uint8_t *_input, size_t _input_len, int _padding_type, - uint8_t **_out_signature, size_t *_out_signature_len); int tls_init(void); @@ -149,8 +142,6 @@ int tls_config_set_ocsp_staple_file(struct tls_config *_config, int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols); int tls_config_set_session_fd(struct tls_config *_config, int _session_fd); int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth); -int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb, - void *_cb_arg); void tls_config_prefer_ciphers_client(struct tls_config *_config); void tls_config_prefer_ciphers_server(struct tls_config *_config); @@ -228,17 +219,6 @@ time_t tls_peer_ocsp_revocation_time(struct tls *_ctx); time_t tls_peer_ocsp_this_update(struct tls *_ctx); const char *tls_peer_ocsp_url(struct tls *_ctx); -struct tls_signer* tls_signer_new(void); -void tls_signer_free(struct tls_signer * _signer); -const char *tls_signer_error(struct tls_signer * _signer); -int tls_signer_add_keypair_file(struct tls_signer *_signer, - const char *_cert_file, const char *_key_file); -int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, - size_t _cert_len, const uint8_t *_key, size_t _key_len); -int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, - const uint8_t *_input, size_t _input_len, int _padding_type, - uint8_t **_out_signature, size_t *_out_signature_len); - #ifdef __cplusplus } #endif diff --git a/tls.sym b/tls.sym index 54d8dd7..42c039d 100644 --- a/tls.sym +++ b/tls.sym @@ -43,7 +43,6 @@ tls_config_set_protocols tls_config_set_session_id tls_config_set_session_lifetime tls_config_set_session_fd -tls_config_set_sign_cb tls_config_set_verify_depth tls_config_skip_private_key_check tls_config_use_fake_private_key @@ -88,11 +87,5 @@ tls_peer_ocsp_url tls_read tls_reset tls_server -tls_signer_add_keypair_file -tls_signer_add_keypair_mem -tls_signer_error -tls_signer_free -tls_signer_new -tls_signer_sign tls_unload_file tls_write diff --git a/tls_internal.h b/tls_internal.h index e3f177d..a0680f4 100644 --- a/tls_internal.h +++ b/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.79 2022/01/25 21:51:24 eric Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> @@ -74,6 +74,10 @@ struct tls_ticket_key { time_t time; }; +typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); + struct tls_config { struct tls_error error; @@ -292,6 +296,24 @@ int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u); RSA_METHOD *tls_signer_rsa_method(void); EC_KEY_METHOD *tls_signer_ecdsa_method(void); +#define TLS_PADDING_NONE 0 +#define TLS_PADDING_RSA_PKCS1 1 +#define TLS_PADDING_RSA_X9_31 2 + +int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb, + void *_cb_arg); + +struct tls_signer* tls_signer_new(void); +void tls_signer_free(struct tls_signer * _signer); +const char *tls_signer_error(struct tls_signer * _signer); +int tls_signer_add_keypair_file(struct tls_signer *_signer, + const char *_cert_file, const char *_key_file); +int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, + size_t _cert_len, const uint8_t *_key, size_t _key_len); +int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); + __END_HIDDEN_DECLS /* XXX this function is not fully hidden so relayd can use it */ |