From fc169a6fb2e56d66fc2937e348e9858352ef4b39 Mon Sep 17 00:00:00 2001
From: Kevin Kuehler <kevin@segfault.fun>
Date: Thu, 10 Dec 2020 16:08:11 -0800
Subject: [PATCH] basic/openssl-util: Add sha256 hash wrapper

---
 src/shared/openssl-util.c | 37 +++++++++++++++++++++++++++++++++++++
 src/shared/openssl-util.h |  2 ++
 2 files changed, 39 insertions(+)

diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c
index bd728e6c7c7..75fed19f2e2 100644
--- a/src/shared/openssl-util.c
+++ b/src/shared/openssl-util.c
@@ -4,6 +4,43 @@
 #include "alloc-util.h"
 
 #if HAVE_OPENSSL
+int openssl_hash(const EVP_MD *alg,
+                 const void *msg,
+                 size_t msg_len,
+                 uint8_t *ret_hash,
+                 size_t *ret_hash_len) {
+
+        _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *ctx = NULL;
+        unsigned len;
+        int r;
+
+        ctx = EVP_MD_CTX_new();
+        if (!ctx)
+                /* This function just calls OPENSSL_zalloc, so failure
+                 * here is almost certainly a failed allocation. */
+                return -ENOMEM;
+
+        /* The documentation claims EVP_DigestInit behaves just like
+         * EVP_DigestInit_ex if passed NULL, except it also calls
+         * EVP_MD_CTX_reset, which deinitializes the context. */
+        r = EVP_DigestInit_ex(ctx, alg, NULL);
+        if (r == 0)
+                return -EIO;
+
+        r = EVP_DigestUpdate(ctx, msg, msg_len);
+        if (r == 0)
+                return -EIO;
+
+        r = EVP_DigestFinal_ex(ctx, ret_hash, &len);
+        if (r == 0)
+                return -EIO;
+
+        if (ret_hash_len)
+                *ret_hash_len = len;
+
+        return 0;
+}
+
 int rsa_encrypt_bytes(
                 EVP_PKEY *pkey,
                 const void *decrypted_key,
diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h
index eca56d1729d..6eaf581195c 100644
--- a/src/shared/openssl-util.h
+++ b/src/shared/openssl-util.h
@@ -36,6 +36,8 @@ static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
         sk_X509_pop_free(*sk, X509_free);
 }
 
+int openssl_hash(const EVP_MD *alg, const void *msg, size_t msg_len, uint8_t *ret_hash, size_t *ret_hash_len);
+
 int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);
 
 int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size);
-- 
2.47.3