1 files changed, 7 insertions, 25 deletions
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index 5cdd0f77c8..c4d23c308b 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.13 2017/01/09 15:31:20 jsing Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.14 2017/04/05 03:13:53 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -23,7 +23,7 @@
 #include <tls.h>
 #include "tls_internal.h"
-static int
+int
 tls_hex_string(const unsigned char *in, size_t inlen, char **out,
    size_t *outlen)
 {
@@ -56,35 +56,16 @@ tls_hex_string(const unsigned char *in, size_t inlen, char **out,
 static int
 tls_get_peer_cert_hash(struct tls *ctx, char **hash)
 {
-        char d[EVP_MAX_MD_SIZE], *dhex = NULL;
-        int dlen, rv = -1;
        *hash = NULL;
        if (ctx->ssl_peer_cert == NULL)
                return (0);
-        if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) {
+        if (tls_cert_hash(ctx->ssl_peer_cert, hash) == -1) {
-                tls_set_errorx(ctx, "digest failed");
+                tls_set_errorx(ctx, "unable to compute peer certificate hash - out of memory");
-                goto err;
-        }
-        if (tls_hex_string(d, dlen, &dhex, NULL) != 0) {
-                tls_set_errorx(ctx, "digest hex string failed");
-                goto err;
-        }
-        if (asprintf(hash, "SHA256:%s", dhex) == -1) {
-                tls_set_errorx(ctx, "out of memory");
                *hash = NULL;
-                goto err;
+                return -1;
        }
+        return 0;
-        rv = 0;
-err:
-        free(dhex);
-        return (rv);
 }
 static int
@@ -294,3 +275,4 @@ tls_conn_version(struct tls *ctx)
                return (NULL);
        return (ctx->conninfo->version);
 }

diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c index 5cdd0f77c8..c4d23c308b 100644 --- a/src/lib/libtls/tls_conninfo.c +++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_conninfo.c,v 1.13 2017/01/09 15:31:20 jsing Exp $ */	1	/* $OpenBSD: tls_conninfo.c,v 1.14 2017/04/05 03:13:53 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -23,7 +23,7 @@
23	#include <tls.h>	23	#include <tls.h>
24	#include "tls_internal.h"	24	#include "tls_internal.h"
25		25
26	static int	26	int
27	tls_hex_string(const unsigned char in, size_t inlen, char *out,	27	tls_hex_string(const unsigned char in, size_t inlen, char *out,
28	size_t *outlen)	28	size_t *outlen)
29	{	29	{
@@ -56,35 +56,16 @@ tls_hex_string(const unsigned char in, size_t inlen, char *out,
56	static int	56	static int
57	tls_get_peer_cert_hash(struct tls ctx, char *hash)	57	tls_get_peer_cert_hash(struct tls ctx, char *hash)
58	{	58	{
59	char d[EVP_MAX_MD_SIZE], *dhex = NULL;
60	int dlen, rv = -1;
61
62	*hash = NULL;	59	*hash = NULL;
63	if (ctx->ssl_peer_cert == NULL)	60	if (ctx->ssl_peer_cert == NULL)
64	return (0);	61	return (0);
65		62
66	if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) {	63	if (tls_cert_hash(ctx->ssl_peer_cert, hash) == -1) {
67	tls_set_errorx(ctx, "digest failed");	64	tls_set_errorx(ctx, "unable to compute peer certificate hash - out of memory");
68	goto err;
69	}
70
71	if (tls_hex_string(d, dlen, &dhex, NULL) != 0) {
72	tls_set_errorx(ctx, "digest hex string failed");
73	goto err;
74	}
75
76	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
77	tls_set_errorx(ctx, "out of memory");
78	*hash = NULL;	65	*hash = NULL;
79	goto err;	66	return -1;
80	}	67	}
81		68	return 0;
82	rv = 0;
83
84	err:
85	free(dhex);
86
87	return (rv);
88	}	69	}
89		70
90	static int	71	static int
@@ -294,3 +275,4 @@ tls_conn_version(struct tls *ctx)
294	return (NULL);	275	return (NULL);
295	return (ctx->conninfo->version);	276	return (ctx->conninfo->version);
296	}	277	}
		278