static int
tls_get_peer_cert_hash(struct tls *ctx, char **hash)
{
unsigned char d[EVP_MAX_MD_SIZE];
char *dhex = NULL;
unsigned int dlen;
int rv = -1;
*hash = NULL;
if (ctx->ssl_peer_cert == NULL)
return (0);
if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) {
tls_set_errorx(ctx, "digest failed");
goto err;
}
if (tls_hex_string(d, dlen, &dhex, NULL) != 0) {
tls_set_errorx(ctx, "digest hex string failed");
goto err;
}
if (asprintf(hash, "SHA256:%s", dhex) == -1) {
tls_set_errorx(ctx, "out of memory");
*hash = NULL;
goto err;
}
rv = 0;
err:
free(dhex);
return (rv);
}
static int
tls_keypair_pubkey_hash(struct tls_keypair *keypair, char **hash)
{
BIO *membio = NULL;
X509 *cert = NULL;
char d[EVP_MAX_MD_SIZE], *dhex = NULL;
int dlen, rv = -1;
*hash = NULL;
if ((membio = BIO_new_mem_buf(keypair->cert_mem,
keypair->cert_len)) == NULL)
goto err;
if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb,
NULL)) == NULL)
goto err;
if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
goto err;
if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
goto err;
if (asprintf(hash, "SHA256:%s", dhex) == -1) {
*hash = NULL;
goto err;
}
rv = 0;
err:
free(dhex);
X509_free(cert);
BIO_free(membio);
return (rv);
}
int
tls_cert_hash(X509 *cert, char **hash)
{
char d[EVP_MAX_MD_SIZE], *dhex = NULL;
int dlen, rv = -1;
*hash = NULL;
if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1)
goto err;
if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
goto err;
if (asprintf(hash, "SHA256:%s", dhex) == -1) {
*hash = NULL;
goto err;
}
rv = 0;
err:
free(dhex);
return (rv);
}
