src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2018-02-08 08:09:11 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2018-02-08 08:09:11 +0000
commit	2e6cc7553940ad639f317a08b875503efa1a0390 (patch)
tree	a90e3f67518974cfeba06df4ad6d536b1968f530
parent	caf6db16c1c7f3cb62f9b38f0cc5e5c4985a87d5 (diff)

Move tls_keypair_pubkey_hash() to the keypair file.

Diffstat

-rw-r--r--

lib/libtls/tls.c

-rw-r--r--

lib/libtls/tls_internal.h

-rw-r--r--

lib/libtls/tls_keypair.c

3 files changed, 43 insertions, 43 deletions

diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c
index 95fdb8bc4b9..fdf4a981a86 100644
--- a/lib/libtls/tls.c
+++ b/lib/libtls/tls.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls.c,v 1.72 2018/02/08 08:04:12 jsing Exp $ */

+/* $OpenBSD: tls.c,v 1.73 2018/02/08 08:09:10 jsing Exp $ */

@@ -290,46 +290,6 @@ tls_cert_hash(X509 *cert, char **hash)

return (rv);

}

-static int

-tls_keypair_pubkey_hash(struct tls_keypair *keypair, char **hash)

- BIO *membio = NULL;

- X509 *cert = NULL;

- char d[EVP_MAX_MD_SIZE], *dhex = NULL;

- int dlen, rv = -1;

- free(*hash);

- *hash = NULL;

- if ((membio = BIO_new_mem_buf(keypair->cert_mem,

- keypair->cert_len)) == NULL)

- goto err;

- if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb,

- NULL)) == NULL)

- goto err;

- if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)

- goto err;

- if (tls_hex_string(d, dlen, &dhex, NULL) != 0)

- goto err;

- if (asprintf(hash, "SHA256:%s", dhex) == -1) {

- *hash = NULL;

- goto err;

- }

- rv = 0;

- err:

- free(dhex);

- X509_free(cert);

- BIO_free(membio);

- return (rv);

int

tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,

struct tls_keypair *keypair, int required)

diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h
index 67a31b2efd2..8a164d2e3a5 100644
--- a/lib/libtls/tls_internal.h
+++ b/lib/libtls/tls_internal.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls_internal.h,v 1.66 2018/02/08 05:56:49 jsing Exp $ */

+/* $OpenBSD: tls_internal.h,v 1.67 2018/02/08 08:09:10 jsing Exp $ */

@@ -214,6 +214,7 @@ void tls_keypair_clear(struct tls_keypair *_keypair);

void tls_keypair_free(struct tls_keypair *_keypair);

int tls_keypair_load_cert(struct tls_keypair *_keypair,

struct tls_error *_error, X509 **_cert);

+int tls_keypair_pubkey_hash(struct tls_keypair *_keypair, char **_hash);

struct tls_sni_ctx *tls_sni_ctx_new(void);

void tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx);

diff --git a/lib/libtls/tls_keypair.c b/lib/libtls/tls_keypair.c
index eef92b3b24f..2ab584bbcd6 100644
--- a/lib/libtls/tls_keypair.c
+++ b/lib/libtls/tls_keypair.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls_keypair.c,v 1.1 2018/02/08 05:56:49 jsing Exp $ */

+/* $OpenBSD: tls_keypair.c,v 1.2 2018/02/08 08:09:10 jsing Exp $ */

@@ -144,3 +144,42 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,

return (rv);

}

+int

+tls_keypair_pubkey_hash(struct tls_keypair *keypair, char **hash)

+ BIO *membio = NULL;

+ X509 *cert = NULL;

+ char d[EVP_MAX_MD_SIZE], *dhex = NULL;

+ int dlen, rv = -1;

+ free(*hash);

+ *hash = NULL;

+ if ((membio = BIO_new_mem_buf(keypair->cert_mem,

+ keypair->cert_len)) == NULL)

+ goto err;

+ if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb,

+ NULL)) == NULL)

+ goto err;

+ if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)

+ goto err;

+ if (tls_hex_string(d, dlen, &dhex, NULL) != 0)

+ goto err;

+ if (asprintf(hash, "SHA256:%s", dhex) == -1) {

+ *hash = NULL;

+ goto err;

+ }

+ rv = 0;

+ err:

+ free(dhex);

+ X509_free(cert);

+ BIO_free(membio);

+ return (rv);