diff options
Diffstat (limited to 'src/lib/libtls/tls.c')
-rw-r--r-- | src/lib/libtls/tls.c | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 0e206e2c7e..8f2c7dde05 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls.c,v 1.74 2018/02/08 10:19:31 jsing Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.75 2018/02/10 04:57:35 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -291,6 +291,34 @@ tls_cert_hash(X509 *cert, char **hash) | |||
291 | } | 291 | } |
292 | 292 | ||
293 | int | 293 | int |
294 | tls_cert_pubkey_hash(X509 *cert, char **hash) | ||
295 | { | ||
296 | char d[EVP_MAX_MD_SIZE], *dhex = NULL; | ||
297 | int dlen, rv = -1; | ||
298 | |||
299 | free(*hash); | ||
300 | *hash = NULL; | ||
301 | |||
302 | if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1) | ||
303 | goto err; | ||
304 | |||
305 | if (tls_hex_string(d, dlen, &dhex, NULL) != 0) | ||
306 | goto err; | ||
307 | |||
308 | if (asprintf(hash, "SHA256:%s", dhex) == -1) { | ||
309 | *hash = NULL; | ||
310 | goto err; | ||
311 | } | ||
312 | |||
313 | rv = 0; | ||
314 | |||
315 | err: | ||
316 | free(dhex); | ||
317 | |||
318 | return (rv); | ||
319 | } | ||
320 | |||
321 | int | ||
294 | tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, | 322 | tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, |
295 | struct tls_keypair *keypair, int required) | 323 | struct tls_keypair *keypair, int required) |
296 | { | 324 | { |
@@ -313,9 +341,6 @@ tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, | |||
313 | tls_set_errorx(ctx, "failed to load certificate"); | 341 | tls_set_errorx(ctx, "failed to load certificate"); |
314 | goto err; | 342 | goto err; |
315 | } | 343 | } |
316 | if (tls_keypair_pubkey_hash(keypair, &ctx->error, | ||
317 | &keypair->pubkey_hash) == -1) | ||
318 | goto err; | ||
319 | } | 344 | } |
320 | 345 | ||
321 | if (keypair->key_mem != NULL) { | 346 | if (keypair->key_mem != NULL) { |