basic/openssl-util: Add sha256 hash wrapper

src/shared/openssl-util.c

@@ -4,6 +4,43 @@
 #include "alloc-util.h"
 
 #if HAVE_OPENSSL
+int openssl_hash(const EVP_MD *alg,
+                 const void *msg,
+                 size_t msg_len,
+                 uint8_t *ret_hash,
+                 size_t *ret_hash_len) {
+
+        _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *ctx = NULL;
+        unsigned len;
+        int r;
+
+        ctx = EVP_MD_CTX_new();
+        if (!ctx)
+                /* This function just calls OPENSSL_zalloc, so failure
+                 * here is almost certainly a failed allocation. */
+                return -ENOMEM;
+
+        /* The documentation claims EVP_DigestInit behaves just like
+         * EVP_DigestInit_ex if passed NULL, except it also calls
+         * EVP_MD_CTX_reset, which deinitializes the context. */
+        r = EVP_DigestInit_ex(ctx, alg, NULL);
+        if (r == 0)
+                return -EIO;
+
+        r = EVP_DigestUpdate(ctx, msg, msg_len);
+        if (r == 0)
+                return -EIO;
+
+        r = EVP_DigestFinal_ex(ctx, ret_hash, &len);
+        if (r == 0)
+                return -EIO;
+
+        if (ret_hash_len)
+                *ret_hash_len = len;
+
+        return 0;
+}
+
 int rsa_encrypt_bytes(
                 EVP_PKEY *pkey,
                 const void *decrypted_key,

src/shared/openssl-util.h

@@ -36,6 +36,8 @@ static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
         sk_X509_pop_free(*sk, X509_free);
 }
 
+int openssl_hash(const EVP_MD *alg, const void *msg, size_t msg_len, uint8_t *ret_hash, size_t *ret_hash_len);
+
 int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);
 
 int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size);