static int tls_get_peer_cert_hash(struct tls *ctx, char **hash) { unsigned char d[EVP_MAX_MD_SIZE]; char *dhex = NULL; unsigned int dlen; int rv = -1; *hash = NULL; if (ctx->ssl_peer_cert == NULL) return (0); if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) { tls_set_errorx(ctx, "digest failed"); goto err; } if (tls_hex_string(d, dlen, &dhex, NULL) != 0) { tls_set_errorx(ctx, "digest hex string failed"); goto err; } if (asprintf(hash, "SHA256:%s", dhex) == -1) { tls_set_errorx(ctx, "out of memory"); *hash = NULL; goto err; } rv = 0; err: free(dhex); return (rv); }
static int tls_keypair_pubkey_hash(struct tls_keypair *keypair, char **hash) { BIO *membio = NULL; X509 *cert = NULL; char d[EVP_MAX_MD_SIZE], *dhex = NULL; int dlen, rv = -1; *hash = NULL; if ((membio = BIO_new_mem_buf(keypair->cert_mem, keypair->cert_len)) == NULL) goto err; if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb, NULL)) == NULL) goto err; if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1) goto err; if (tls_hex_string(d, dlen, &dhex, NULL) != 0) goto err; if (asprintf(hash, "SHA256:%s", dhex) == -1) { *hash = NULL; goto err; } rv = 0; err: free(dhex); X509_free(cert); BIO_free(membio); return (rv); }
int tls_cert_hash(X509 *cert, char **hash) { char d[EVP_MAX_MD_SIZE], *dhex = NULL; int dlen, rv = -1; *hash = NULL; if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1) goto err; if (tls_hex_string(d, dlen, &dhex, NULL) != 0) goto err; if (asprintf(hash, "SHA256:%s", dhex) == -1) { *hash = NULL; goto err; } rv = 0; err: free(dhex); return (rv); }