diff options
Diffstat (limited to 'src/lib/libtls/tls_peer.c')
-rw-r--r-- | src/lib/libtls/tls_peer.c | 108 |
1 files changed, 18 insertions, 90 deletions
diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c index cd1984f215..3145e500c4 100644 --- a/src/lib/libtls/tls_peer.c +++ b/src/lib/libtls/tls_peer.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls_peer.c,v 1.3 2015/09/11 13:22:39 beck Exp $ */ | 1 | /* $OpenBSD: tls_peer.c,v 1.4 2015/09/12 21:00:38 beck Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> |
4 | * Copyright (c) 2015 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2015 Bob Beck <beck@openbsd.org> |
@@ -23,68 +23,27 @@ | |||
23 | #include <tls.h> | 23 | #include <tls.h> |
24 | #include "tls_internal.h" | 24 | #include "tls_internal.h" |
25 | 25 | ||
26 | static int | 26 | const char * |
27 | tls_hex_string(const unsigned char *in, size_t inlen, char **out, | 27 | tls_peer_cert_hash(struct tls *ctx) |
28 | size_t *outlen) | ||
29 | { | 28 | { |
30 | static const char hex[] = "0123456789abcdef"; | 29 | if (ctx->conninfo) |
31 | size_t i, len; | 30 | return (ctx->conninfo->hash); |
32 | char *p; | 31 | return NULL; |
33 | |||
34 | if (outlen != NULL) | ||
35 | *outlen = 0; | ||
36 | |||
37 | if (inlen >= SIZE_MAX) | ||
38 | return (-1); | ||
39 | if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL) | ||
40 | return (-1); | ||
41 | |||
42 | p = *out; | ||
43 | len = 0; | ||
44 | for (i = 0; i < inlen; i++) { | ||
45 | p[len++] = hex[(in[i] >> 4) & 0x0f]; | ||
46 | p[len++] = hex[in[i] & 0x0f]; | ||
47 | } | ||
48 | p[len++] = 0; | ||
49 | |||
50 | if (outlen != NULL) | ||
51 | *outlen = len; | ||
52 | |||
53 | return (0); | ||
54 | } | 32 | } |
55 | 33 | const char * | |
56 | int | 34 | tls_peer_cert_issuer(struct tls *ctx) |
57 | tls_peer_cert_hash(struct tls *ctx, char **hash) | ||
58 | { | 35 | { |
59 | char d[EVP_MAX_MD_SIZE], *dhex = NULL; | 36 | if (ctx->conninfo) |
60 | int dlen, rv = -1; | 37 | return (ctx->conninfo->issuer); |
61 | 38 | return NULL; | |
62 | *hash = NULL; | 39 | } |
63 | if (ctx->ssl_peer_cert == NULL) | ||
64 | return (0); | ||
65 | |||
66 | if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) { | ||
67 | tls_set_errorx(ctx, "digest failed"); | ||
68 | goto err; | ||
69 | } | ||
70 | |||
71 | if (tls_hex_string(d, dlen, &dhex, NULL) != 0) { | ||
72 | tls_set_errorx(ctx, "digest hex string failed"); | ||
73 | goto err; | ||
74 | } | ||
75 | |||
76 | if (asprintf(hash, "SHA256:%s", dhex) == -1) { | ||
77 | tls_set_errorx(ctx, "out of memory"); | ||
78 | *hash = NULL; | ||
79 | goto err; | ||
80 | } | ||
81 | |||
82 | rv = 0; | ||
83 | |||
84 | err: | ||
85 | free(dhex); | ||
86 | 40 | ||
87 | return (rv); | 41 | const char * |
42 | tls_peer_cert_subject(struct tls *ctx) | ||
43 | { | ||
44 | if (ctx->conninfo) | ||
45 | return (ctx->conninfo->subject); | ||
46 | return NULL; | ||
88 | } | 47 | } |
89 | 48 | ||
90 | int | 49 | int |
@@ -102,34 +61,3 @@ tls_peer_cert_contains_name(struct tls *ctx, const char *name) | |||
102 | return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0); | 61 | return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0); |
103 | } | 62 | } |
104 | 63 | ||
105 | int | ||
106 | tls_peer_cert_issuer(struct tls *ctx, char **issuer) | ||
107 | { | ||
108 | X509_NAME *name = NULL; | ||
109 | |||
110 | *issuer = NULL; | ||
111 | if (ctx->ssl_peer_cert == NULL) | ||
112 | return (-1); | ||
113 | if ((name = X509_get_issuer_name(ctx->ssl_peer_cert)) == NULL) | ||
114 | return (-1); | ||
115 | *issuer = X509_NAME_oneline(name, 0, 0); | ||
116 | if (*issuer == NULL) | ||
117 | return (-1); | ||
118 | return (0); | ||
119 | } | ||
120 | |||
121 | int | ||
122 | tls_peer_cert_subject(struct tls *ctx, char **subject) | ||
123 | { | ||
124 | X509_NAME *name = NULL; | ||
125 | |||
126 | *subject = NULL; | ||
127 | if (ctx->ssl_peer_cert == NULL) | ||
128 | return (-1); | ||
129 | if ((name = X509_get_subject_name(ctx->ssl_peer_cert)) == NULL) | ||
130 | return (-1); | ||
131 | *subject = X509_NAME_oneline(name, 0, 0); | ||
132 | if (*subject == NULL) | ||
133 | return (-1); | ||
134 | return (0); | ||
135 | } | ||