early-access version 2698

2022-04-24 22:29:35 +02:00
parent c96f949832
commit caa0c2911b
486 changed files with 37806 additions and 14362 deletions
--- a/externals/libressl/tls/tls_internal.h
+++ b/externals/libressl/tls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.77 2019/11/16 21:39:52 beck Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -78,6 +78,10 @@ struct tls_ticket_key {
 	time_t		time;
 };

+typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash,
+    const uint8_t *_input, size_t _input_len, int _padding_type,
+    uint8_t **_out_signature, size_t *_out_signature_len);
+
 struct tls_config {
 	struct tls_error error;

@@ -111,6 +115,9 @@ struct tls_config {
 	int verify_name;
 	int verify_time;
 	int skip_private_key_check;
+	int use_fake_private_key;
+	tls_sign_cb sign_cb;
+	void *sign_cb_arg;
 };

 struct tls_conninfo {
@@ -290,9 +297,31 @@ int tls_cert_pubkey_hash(X509 *_cert, char **_hash);

 int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);

+RSA_METHOD *tls_signer_rsa_method(void);
+ECDSA_METHOD *tls_signer_ecdsa_method(void);
+
+#define TLS_PADDING_NONE			0
+#define TLS_PADDING_RSA_PKCS1			1
+#define TLS_PADDING_RSA_X9_31			2
+
+int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
+    void *_cb_arg);
+
+struct tls_signer* tls_signer_new(void);
+void tls_signer_free(struct tls_signer * _signer);
+const char *tls_signer_error(struct tls_signer * _signer);
+int tls_signer_add_keypair_file(struct tls_signer *_signer,
+    const char *_cert_file, const char *_key_file);
+int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len);
+int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash,
+    const uint8_t *_input, size_t _input_len, int _padding_type,
+    uint8_t **_out_signature, size_t *_out_signature_len);
+
 __END_HIDDEN_DECLS

 /* XXX this function is not fully hidden so relayd can use it */
 void tls_config_skip_private_key_check(struct tls_config *config);
+void tls_config_use_fake_private_key(struct tls_config *config);

 #endif /* HEADER_TLS_INTERNAL_H */