1 files changed, 40 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_keypair.c b/src/lib/libtls/tls_keypair.c
index eef92b3b24..2ab584bbcd 100644
--- a/src/lib/libtls/tls_keypair.c
+++ b/src/lib/libtls/tls_keypair.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_keypair.c,v 1.1 2018/02/08 05:56:49 jsing Exp $ */
+/* $OpenBSD: tls_keypair.c,v 1.2 2018/02/08 08:09:10 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -144,3 +144,42 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
        return (rv);
 }
+int
+tls_keypair_pubkey_hash(struct tls_keypair *keypair, char **hash)
+{
+        BIO *membio = NULL;
+        X509 *cert = NULL;
+        char d[EVP_MAX_MD_SIZE], *dhex = NULL;
+        int dlen, rv = -1;
+        free(*hash);
+        *hash = NULL;
+        if ((membio = BIO_new_mem_buf(keypair->cert_mem,
+            keypair->cert_len)) == NULL)
+                goto err;
+        if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb,
+            NULL)) == NULL)
+                goto err;
+        if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
+                goto err;
+        if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
+                goto err;
+        if (asprintf(hash, "SHA256:%s", dhex) == -1) {
+                *hash = NULL;
+                goto err;
+        }
+        rv = 0;
+ err:
+        free(dhex);
+        X509_free(cert);
+        BIO_free(membio);
+        return (rv);
+}

diff --git a/src/lib/libtls/tls_keypair.c b/src/lib/libtls/tls_keypair.c index eef92b3b24..2ab584bbcd 100644 --- a/src/lib/libtls/tls_keypair.c +++ b/src/lib/libtls/tls_keypair.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_keypair.c,v 1.1 2018/02/08 05:56:49 jsing Exp $ */	1	/* $OpenBSD: tls_keypair.c,v 1.2 2018/02/08 08:09:10 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -144,3 +144,42 @@ tls_keypair_load_cert(struct tls_keypair keypair, struct tls_error error,
144		144
145	return (rv);	145	return (rv);
146	}	146	}
		147
		148	int
		149	tls_keypair_pubkey_hash(struct tls_keypair keypair, char *hash)
		150	{
		151	BIO *membio = NULL;
		152	X509 *cert = NULL;
		153	char d[EVP_MAX_MD_SIZE], *dhex = NULL;
		154	int dlen, rv = -1;
		155
		156	free(*hash);
		157	*hash = NULL;
		158
		159	if ((membio = BIO_new_mem_buf(keypair->cert_mem,
		160	keypair->cert_len)) == NULL)
		161	goto err;
		162	if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb,
		163	NULL)) == NULL)
		164	goto err;
		165
		166	if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
		167	goto err;
		168
		169	if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
		170	goto err;
		171
		172	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
		173	*hash = NULL;
		174	goto err;
		175	}
		176
		177	rv = 0;
		178
		179	err:
		180	free(dhex);
		181	X509_free(cert);
		182	BIO_free(membio);
		183
		184	return (rv);
		185	}