From 50cd47813c1c9da3ef135b2008dd59d6ce8185bf Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Thu, 8 Feb 2018 08:09:10 +0000
Subject: [PATCH] Move tls_keypair_pubkey_hash() to the keypair file.

---
 lib/libtls/tls.c          | 42 +--------------------------------------
 lib/libtls/tls_internal.h |  3 ++-
 lib/libtls/tls_keypair.c  | 41 +++++++++++++++++++++++++++++++++++++-
 3 files changed, 43 insertions(+), 43 deletions(-)

diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c
index 95fdb8bc4b9..fdf4a981a86 100644
--- a/lib/libtls/tls.c
+++ b/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.72 2018/02/08 08:04:12 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.73 2018/02/08 08:09:10 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -290,46 +290,6 @@ tls_cert_hash(X509 *cert, char **hash)
 	return (rv);
 }
 
-static int
-tls_keypair_pubkey_hash(struct tls_keypair *keypair, char **hash)
-{
-	BIO *membio = NULL;
-	X509 *cert = NULL;
-	char d[EVP_MAX_MD_SIZE], *dhex = NULL;
-	int dlen, rv = -1;
-
-	free(*hash);
-	*hash = NULL;
-
-	if ((membio = BIO_new_mem_buf(keypair->cert_mem,
-	    keypair->cert_len)) == NULL)
-		goto err;
-	if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb,
-	    NULL)) == NULL)
-		goto err;
-
-	if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
-		goto err;
-
-	if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
-		goto err;
-
-	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
-		*hash = NULL;
-		goto err;
-	}
-
-	rv = 0;
-
- err:
-	free(dhex);
-	X509_free(cert);
-	BIO_free(membio);
-
-	return (rv);
-}
-
-
 int
 tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
     struct tls_keypair *keypair, int required)
diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h
index 67a31b2efd2..8a164d2e3a5 100644
--- a/lib/libtls/tls_internal.h
+++ b/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.66 2018/02/08 05:56:49 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.67 2018/02/08 08:09:10 jsing Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -214,6 +214,7 @@ void tls_keypair_clear(struct tls_keypair *_keypair);
 void tls_keypair_free(struct tls_keypair *_keypair);
 int tls_keypair_load_cert(struct tls_keypair *_keypair,
     struct tls_error *_error, X509 **_cert);
+int tls_keypair_pubkey_hash(struct tls_keypair *_keypair, char **_hash);
 
 struct tls_sni_ctx *tls_sni_ctx_new(void);
 void tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx);
diff --git a/lib/libtls/tls_keypair.c b/lib/libtls/tls_keypair.c
index eef92b3b24f..2ab584bbcd6 100644
--- a/lib/libtls/tls_keypair.c
+++ b/lib/libtls/tls_keypair.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_keypair.c,v 1.1 2018/02/08 05:56:49 jsing Exp $ */
+/* $OpenBSD: tls_keypair.c,v 1.2 2018/02/08 08:09:10 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -144,3 +144,42 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
 
 	return (rv);
 }
+
+int
+tls_keypair_pubkey_hash(struct tls_keypair *keypair, char **hash)
+{
+	BIO *membio = NULL;
+	X509 *cert = NULL;
+	char d[EVP_MAX_MD_SIZE], *dhex = NULL;
+	int dlen, rv = -1;
+
+	free(*hash);
+	*hash = NULL;
+
+	if ((membio = BIO_new_mem_buf(keypair->cert_mem,
+	    keypair->cert_len)) == NULL)
+		goto err;
+	if ((cert = PEM_read_bio_X509_AUX(membio, NULL, tls_password_cb,
+	    NULL)) == NULL)
+		goto err;
+
+	if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
+		goto err;
+
+	if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
+		goto err;
+
+	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
+		*hash = NULL;
+		goto err;
+	}
+
+	rv = 0;
+
+ err:
+	free(dhex);
+	X509_free(cert);
+	BIO_free(membio);
+
+	return (rv);
+}
-- 
2.20.1