openssl-util: Add x509_fingerprint()

2024-09-06 00:41:36 +00:00 · 2022-09-23 15:01:15 +02:00 · 2022-09-23 15:01:15 +02:00 · 8939d3351d
parent bc958a19e3
commit 8939d3351d
2 changed files with 24 additions and 0 deletions
--- a/src/shared/openssl-util.c
+++ b/src/shared/openssl-util.c
@ -195,3 +195,22 @@ int string_hashsum(
 }
 #  endif
 #endif
+
+int x509_fingerprint(X509 *cert, uint8_t buffer[static SHA256_DIGEST_SIZE]) {
+#if HAVE_OPENSSL
+        _cleanup_free_ uint8_t *der = NULL;
+        int dersz;
+
+        assert(cert);
+
+        dersz = i2d_X509(cert, &der);
+        if (dersz < 0)
+                return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert PEM certificate to DER format: %s",
+                                       ERR_error_string(ERR_get_error(), NULL));
+
+        sha256_direct(der, dersz, buffer);
+        return 0;
+#else
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "openssl is not supported, cannot calculate X509 fingerprint: %m");
+#endif
+}
--- a/src/shared/openssl-util.h
+++ b/src/shared/openssl-util.h
@ -2,6 +2,9 @@
 #pragma once

 #include "macro.h"
+#include "sha256.h"
+
+#define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE

 #if HAVE_OPENSSL
 #  include <openssl/bio.h>
@ -68,6 +71,8 @@ static inline void *EVP_PKEY_free(EVP_PKEY *p) {
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);

+int x509_fingerprint(X509 *cert, uint8_t buffer[static X509_FINGERPRINT_SIZE]);
+
 #if PREFER_OPENSSL
 /* The openssl definition */
 typedef const EVP_MD* hash_md_t;