diff options
Diffstat (limited to 'src/lib/libtls/tls_peer.c')
| -rw-r--r-- | src/lib/libtls/tls_peer.c | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c new file mode 100644 index 0000000000..e2a2c7b141 --- /dev/null +++ b/src/lib/libtls/tls_peer.c | |||
| @@ -0,0 +1,87 @@ | |||
| 1 | /* $OpenBSD: tls_peer.c,v 1.1 2015/09/11 11:28:01 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 16 | */ | ||
| 17 | |||
| 18 | #include <stdio.h> | ||
| 19 | |||
| 20 | #include <openssl/x509.h> | ||
| 21 | |||
| 22 | #include <tls.h> | ||
| 23 | #include "tls_internal.h" | ||
| 24 | |||
| 25 | static int | ||
| 26 | tls_hex_string(const unsigned char *in, size_t inlen, char **out, | ||
| 27 | size_t *outlen) | ||
| 28 | { | ||
| 29 | static const char hex[] = "0123456789abcdef"; | ||
| 30 | size_t i, len; | ||
| 31 | char *p; | ||
| 32 | |||
| 33 | if (outlen != NULL) | ||
| 34 | *outlen = 0; | ||
| 35 | |||
| 36 | if (inlen >= SIZE_MAX) | ||
| 37 | return (-1); | ||
| 38 | if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL) | ||
| 39 | return (-1); | ||
| 40 | |||
| 41 | p = *out; | ||
| 42 | len = 0; | ||
| 43 | for (i = 0; i < inlen; i++) { | ||
| 44 | p[len++] = hex[(in[i] >> 4) & 0x0f]; | ||
| 45 | p[len++] = hex[in[i] & 0x0f]; | ||
| 46 | } | ||
| 47 | p[len++] = 0; | ||
| 48 | |||
| 49 | if (outlen != NULL) | ||
| 50 | *outlen = len; | ||
| 51 | |||
| 52 | return (0); | ||
| 53 | } | ||
| 54 | |||
| 55 | int | ||
| 56 | tls_peer_cert_hash(struct tls *ctx, char **hash) | ||
| 57 | { | ||
| 58 | char d[EVP_MAX_MD_SIZE], *dhex = NULL; | ||
| 59 | int dlen, rv = -1; | ||
| 60 | |||
| 61 | *hash = NULL; | ||
| 62 | if (ctx->ssl_peer_cert == NULL) | ||
| 63 | return (0); | ||
| 64 | |||
| 65 | if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) { | ||
| 66 | tls_set_errorx(ctx, "digest failed"); | ||
| 67 | goto err; | ||
| 68 | } | ||
| 69 | |||
| 70 | if (tls_hex_string(d, dlen, &dhex, NULL) != 0) { | ||
| 71 | tls_set_errorx(ctx, "digest hex string failed"); | ||
| 72 | goto err; | ||
| 73 | } | ||
| 74 | |||
| 75 | if (asprintf(hash, "SHA256:%s", dhex) == -1) { | ||
| 76 | tls_set_errorx(ctx, "out of memory"); | ||
| 77 | *hash = NULL; | ||
| 78 | goto err; | ||
| 79 | } | ||
| 80 | |||
| 81 | rv = 0; | ||
| 82 | |||
| 83 | err: | ||
| 84 | free(dhex); | ||
| 85 | |||
| 86 | return (rv); | ||
| 87 | } | ||