openssl-util: Add x509_fingerprint()

diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c
index e4ee09102cdae0b35c914208a05ade3f419e78ee..c7fcbd9ea48f4659739f91fec519938eb7cb0db0 100644 (file)
--- a/src/shared/openssl-util.c
+++ b/src/shared/openssl-util.c
@@ -195,3 +195,22 @@ int string_hashsum(
 }
 #  endif
 #endif
+
+int x509_fingerprint(X509 *cert, uint8_t buffer[static SHA256_DIGEST_SIZE]) {
+#if HAVE_OPENSSL
+        _cleanup_free_ uint8_t *der = NULL;
+        int dersz;
+
+        assert(cert);
+
+        dersz = i2d_X509(cert, &der);
+        if (dersz < 0)
+                return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert PEM certificate to DER format: %s",
+                                       ERR_error_string(ERR_get_error(), NULL));
+
+        sha256_direct(der, dersz, buffer);
+        return 0;
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "openssl is not supported, cannot calculate X509 fingerprint: %m");
+#endif
+}

diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h
index a73b6da09f831fae5a6fc5cc1d055d904b87d8e1..4fa0a959665f7180cecdb3bc08855897bc4ea9ec 100644 (file)
--- a/src/shared/openssl-util.h
+++ b/src/shared/openssl-util.h
@@ -2,6 +2,9 @@
 #pragma once
 
 #include "macro.h"
+#include "sha256.h"
+
+#define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE
 
 #if HAVE_OPENSSL
 #  include <openssl/bio.h>
@@ -68,6 +71,8 @@ static inline void *EVP_PKEY_free(EVP_PKEY *p) {
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
 
+int x509_fingerprint(X509 *cert, uint8_t buffer[static X509_FINGERPRINT_SIZE]);
+
 #if PREFER_OPENSSL
 /* The openssl definition */
 typedef const EVP_MD* hash_md_t;