From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 23 Sep 2022 13:01:15 +0000 (+0200)
Subject: openssl-util: Add x509_fingerprint()
X-Git-Tag: v252-rc1~98^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8939d3351d8d03ff84a3c509af4c82920b1bc4d4;p=thirdparty%2Fsystemd.git

openssl-util: Add x509_fingerprint()
---

diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c
index e4ee09102cd..c7fcbd9ea48 100644
--- a/src/shared/openssl-util.c
+++ b/src/shared/openssl-util.c
@@ -195,3 +195,22 @@ int string_hashsum(
 }
 #  endif
 #endif
+
+int x509_fingerprint(X509 *cert, uint8_t buffer[static SHA256_DIGEST_SIZE]) {
+#if HAVE_OPENSSL
+        _cleanup_free_ uint8_t *der = NULL;
+        int dersz;
+
+        assert(cert);
+
+        dersz = i2d_X509(cert, &der);
+        if (dersz < 0)
+                return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert PEM certificate to DER format: %s",
+                                       ERR_error_string(ERR_get_error(), NULL));
+
+        sha256_direct(der, dersz, buffer);
+        return 0;
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "openssl is not supported, cannot calculate X509 fingerprint: %m");
+#endif
+}
diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h
index a73b6da09f8..4fa0a959665 100644
--- a/src/shared/openssl-util.h
+++ b/src/shared/openssl-util.h
@@ -2,6 +2,9 @@
 #pragma once
 
 #include "macro.h"
+#include "sha256.h"
+
+#define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE
 
 #if HAVE_OPENSSL
 #  include <openssl/bio.h>
@@ -68,6 +71,8 @@ static inline void *EVP_PKEY_free(EVP_PKEY *p) {
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
 
+int x509_fingerprint(X509 *cert, uint8_t buffer[static X509_FINGERPRINT_SIZE]);
+
 #if PREFER_OPENSSL
 /* The openssl definition */
 typedef const EVP_MD* hash_md_t;