1 files changed, 87 insertions, 0 deletions
diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c
new file mode 100644
index 0000000000..e2a2c7b141
--- /dev/null
+++ b/src/lib/libtls/tls_peer.c
@@ -0,0 +1,87 @@
+/* $OpenBSD: tls_peer.c,v 1.1 2015/09/11 11:28:01 jsing Exp $ */
+/*
+ * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <stdio.h>
+#include <openssl/x509.h>
+#include <tls.h>
+#include "tls_internal.h"
+static int
+tls_hex_string(const unsigned char *in, size_t inlen, char **out,
+    size_t *outlen)
+{
+        static const char hex[] = "0123456789abcdef";
+        size_t i, len;
+        char *p;
+        if (outlen != NULL)
+                *outlen = 0;
+        if (inlen >= SIZE_MAX)
+                return (-1);
+        if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL)
+                return (-1);
+        p = *out;
+        len = 0;
+        for (i = 0; i < inlen; i++) {
+                p[len++] = hex[(in[i] >> 4) & 0x0f];
+                p[len++] = hex[in[i] & 0x0f];
+        }
+        p[len++] = 0;
+        if (outlen != NULL)
+                *outlen = len;
+        return (0);
+}
+int
+tls_peer_cert_hash(struct tls *ctx, char **hash)
+{
+        char d[EVP_MAX_MD_SIZE], *dhex = NULL;
+        int dlen, rv = -1;
+        *hash = NULL;
+        if (ctx->ssl_peer_cert == NULL)
+                return (0);
+        if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) {
+                tls_set_errorx(ctx, "digest failed");
+                goto err;
+        }
+        if (tls_hex_string(d, dlen, &dhex, NULL) != 0) {
+                tls_set_errorx(ctx, "digest hex string failed");
+                goto err;
+        }
+        if (asprintf(hash, "SHA256:%s", dhex) == -1) {
+                tls_set_errorx(ctx, "out of memory");
+                *hash = NULL;
+                goto err;
+        }
+        rv = 0;
+err:
+        free(dhex);
+        return (rv);
+}

diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c new file mode 100644 index 0000000000..e2a2c7b141 --- /dev/null +++ b/src/lib/libtls/tls_peer.c
@@ -0,0 +1,87 @@
	1	/* $OpenBSD: tls_peer.c,v 1.1 2015/09/11 11:28:01 jsing Exp $ */
	2	/*
	3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include <stdio.h>
	19
	20	#include <openssl/x509.h>
	21
	22	#include <tls.h>
	23	#include "tls_internal.h"
	24
	25	static int
	26	tls_hex_string(const unsigned char in, size_t inlen, char *out,
	27	size_t *outlen)
	28	{
	29	static const char hex[] = "0123456789abcdef";
	30	size_t i, len;
	31	char *p;
	32
	33	if (outlen != NULL)
	34	*outlen = 0;
	35
	36	if (inlen >= SIZE_MAX)
	37	return (-1);
	38	if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL)
	39	return (-1);
	40
	41	p = *out;
	42	len = 0;
	43	for (i = 0; i < inlen; i++) {
	44	p[len++] = hex[(in[i] >> 4) & 0x0f];
	45	p[len++] = hex[in[i] & 0x0f];
	46	}
	47	p[len++] = 0;
	48
	49	if (outlen != NULL)
	50	*outlen = len;
	51
	52	return (0);
	53	}
	54
	55	int
	56	tls_peer_cert_hash(struct tls ctx, char *hash)
	57	{
	58	char d[EVP_MAX_MD_SIZE], *dhex = NULL;
	59	int dlen, rv = -1;
	60
	61	*hash = NULL;
	62	if (ctx->ssl_peer_cert == NULL)
	63	return (0);
	64
	65	if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) {
	66	tls_set_errorx(ctx, "digest failed");
	67	goto err;
	68	}
	69
	70	if (tls_hex_string(d, dlen, &dhex, NULL) != 0) {
	71	tls_set_errorx(ctx, "digest hex string failed");
	72	goto err;
	73	}
	74
	75	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
	76	tls_set_errorx(ctx, "out of memory");
	77	*hash = NULL;
	78	goto err;
	79	}
	80
	81	rv = 0;
	82
	83	err:
	84	free(dhex);
	85
	86	return (rv);
	87	}