From 8939d3351d8d03ff84a3c509af4c82920b1bc4d4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 23 Sep 2022 15:01:15 +0200 Subject: [PATCH] openssl-util: Add x509_fingerprint() --- src/shared/openssl-util.c | 19 +++++++++++++++++++ src/shared/openssl-util.h | 5 +++++ 2 files changed, 24 insertions(+) diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c index e4ee09102cd..c7fcbd9ea48 100644 --- a/src/shared/openssl-util.c +++ b/src/shared/openssl-util.c @@ -195,3 +195,22 @@ int string_hashsum( } # endif #endif + +int x509_fingerprint(X509 *cert, uint8_t buffer[static SHA256_DIGEST_SIZE]) { +#if HAVE_OPENSSL + _cleanup_free_ uint8_t *der = NULL; + int dersz; + + assert(cert); + + dersz = i2d_X509(cert, &der); + if (dersz < 0) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert PEM certificate to DER format: %s", + ERR_error_string(ERR_get_error(), NULL)); + + sha256_direct(der, dersz, buffer); + return 0; +#else + return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "openssl is not supported, cannot calculate X509 fingerprint: %m"); +#endif +} diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h index a73b6da09f8..4fa0a959665 100644 --- a/src/shared/openssl-util.h +++ b/src/shared/openssl-util.h @@ -2,6 +2,9 @@ #pragma once #include "macro.h" +#include "sha256.h" + +#define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE #if HAVE_OPENSSL # include @@ -68,6 +71,8 @@ static inline void *EVP_PKEY_free(EVP_PKEY *p) { DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL); +int x509_fingerprint(X509 *cert, uint8_t buffer[static X509_FINGERPRINT_SIZE]); + #if PREFER_OPENSSL /* The openssl definition */ typedef const EVP_MD* hash_md_t; -- 2.47.3