From 913a7ee3584b9cdb05b473123b529677f16e4e0b Mon Sep 17 00:00:00 2001 From: June McEnroe Date: Sun, 27 Feb 2022 09:57:33 -0500 Subject: Import LibreSSL 3.5.0 --- include/Makefile.am | 3 +-- include/compat/netinet/ip.h | 2 ++ include/tls.h | 22 +++++++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/Makefile.am b/include/Makefile.am index 4184cf8..aed6721 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -7,6 +7,7 @@ SUBDIRS = openssl noinst_HEADERS = pqueue.h noinst_HEADERS += compat/dirent.h noinst_HEADERS += compat/dirent_msvc.h +noinst_HEADERS += compat/endian.h noinst_HEADERS += compat/err.h noinst_HEADERS += compat/fcntl.h noinst_HEADERS += compat/limits.h @@ -26,8 +27,6 @@ noinst_HEADERS += compat/win32netcompat.h noinst_HEADERS += compat/arpa/inet.h noinst_HEADERS += compat/arpa/nameser.h -noinst_HEADERS += compat/machine/endian.h - noinst_HEADERS += compat/netinet/in.h noinst_HEADERS += compat/netinet/ip.h noinst_HEADERS += compat/netinet/tcp.h diff --git a/include/compat/netinet/ip.h b/include/compat/netinet/ip.h index 6019f7d..29f17f3 100644 --- a/include/compat/netinet/ip.h +++ b/include/compat/netinet/ip.h @@ -8,7 +8,9 @@ #endif #ifndef _WIN32 +#ifdef HAVE_NETINET_IP_H #include_next +#endif #else #include #endif diff --git a/include/tls.h b/include/tls.h index de6d257..429c171 100644 --- a/include/tls.h +++ b/include/tls.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */ +/* $OpenBSD: tls.h,v 1.61 2022/02/01 17:18:38 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -79,6 +79,10 @@ typedef SSIZE_T ssize_t; #define TLS_MAX_SESSION_ID_LENGTH 32 #define TLS_TICKET_KEY_SIZE 48 +#define TLS_PADDING_NONE 0 +#define TLS_PADDING_RSA_PKCS1 1 +#define TLS_PADDING_RSA_X9_31 2 + struct tls; struct tls_config; @@ -86,6 +90,9 @@ typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen, void *_cb_arg); typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf, size_t _buflen, void *_cb_arg); +typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); int tls_init(void); @@ -142,6 +149,8 @@ int tls_config_set_ocsp_staple_file(struct tls_config *_config, int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols); int tls_config_set_session_fd(struct tls_config *_config, int _session_fd); int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth); +int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb, + void *_cb_arg); void tls_config_prefer_ciphers_client(struct tls_config *_config); void tls_config_prefer_ciphers_server(struct tls_config *_config); @@ -219,6 +228,17 @@ time_t tls_peer_ocsp_revocation_time(struct tls *_ctx); time_t tls_peer_ocsp_this_update(struct tls *_ctx); const char *tls_peer_ocsp_url(struct tls *_ctx); +struct tls_signer* tls_signer_new(void); +void tls_signer_free(struct tls_signer * _signer); +const char *tls_signer_error(struct tls_signer * _signer); +int tls_signer_add_keypair_file(struct tls_signer *_signer, + const char *_cert_file, const char *_key_file); +int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, + size_t _cert_len, const uint8_t *_key, size_t _key_len); +int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); + #ifdef __cplusplus } #endif -- cgit 1.4.1