From 89b2bd01f6fa1e267f57b2ceeb2ffaafb9cdb7c0 Mon Sep 17 00:00:00 2001
From: Petr Gotthard <petr.gotthard@centrum.cz>
Date: Sun, 18 Jul 2021 14:56:18 +0200
Subject: Test: Use EVP_MAC_xxx with OpenSSL 3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Drop support for OpenSSL < 1.1.0 and add support for OpenSSL >= 3.0.0.

The HMAC_Update is deprecated in OpenSSL 3.0, but the replacement
EVP_MAC_update was added in OpenSSL 3.0, so version specific code is
needed.

Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
---
 test/integration/sys-util.c | 50 +++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/test/integration/sys-util.c b/test/integration/sys-util.c
index af83cf55..5865f002 100644
--- a/test/integration/sys-util.c
+++ b/test/integration/sys-util.c
@@ -13,10 +13,13 @@
 #include <string.h>
 #include <assert.h>
 
+#include <openssl/evp.h>
 #include <openssl/sha.h>
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 #include <openssl/hmac.h>
-#include <openssl/evp.h>
-#include <openssl/opensslv.h>
+#else
+#include <openssl/core_names.h>
+#endif
 
 #define LOGMODULE testintegration
 #include "util/log.h"
@@ -489,22 +492,18 @@ hmac(
     TPM2B_DIGEST **buffer_list,
     TPM2B_DIGEST *out)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    HMAC_CTX *ctx;
-#else
-    HMAC_CTX _ctx;
-    HMAC_CTX *ctx = &_ctx;
-#endif
-    EVP_MD *evp;
     int rc = 1, i;
-    unsigned int *buf = NULL, size;
+    unsigned int *buf = NULL;
     uint8_t *buf_ptr;
+    EVP_MD *evp;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    /* HMAC_CTX_new and HMAC_CTX_free are new in openSSL 1.1.0 */
-    ctx = HMAC_CTX_new();
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    unsigned int size;
+    HMAC_CTX *ctx = HMAC_CTX_new();
 #else
-    HMAC_CTX_init(ctx);
+    size_t size;
+    EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+    EVP_MAC_CTX *ctx = EVP_MAC_CTX_new(hmac);
 #endif
 
     if (!ctx)
@@ -538,21 +537,33 @@ hmac(
 
     buf_ptr = (uint8_t *)buf;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     rc = HMAC_Init_ex(ctx, key, key_len, evp, NULL);
 #else
-    rc = HMAC_Init(ctx, key, key_len, evp);
-#endif
+    OSSL_PARAM params[2];
 
+    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
+                                                 (char *)EVP_MD_get0_name(evp), 0);
+    params[1] = OSSL_PARAM_construct_end();
+    rc = EVP_MAC_init(ctx, key, key_len, params);
+#endif
     if (rc != 1)
         goto out;
     for (i = 0; buffer_list[i] != 0; i++) {
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
         rc = HMAC_Update(ctx, buffer_list[i]->buffer, buffer_list[i]->size);
+#else
+        rc = EVP_MAC_update(ctx, buffer_list[i]->buffer, buffer_list[i]->size);
+#endif
         if (rc != 1)
             goto out;
     }
     /* buf_ptr has to be 4 bytes alligned for whatever reason */
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     rc = HMAC_Final(ctx, buf_ptr, &size);
+#else
+    rc = EVP_MAC_final(ctx, buf_ptr, &size, out->size);
+#endif
     if (rc != 1)
         goto out;
 
@@ -561,10 +572,11 @@ hmac(
     memcpy(out->buffer, buf, out->size);
 
 out:
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     HMAC_CTX_free(ctx);
 #else
-    HMAC_CTX_cleanup(ctx);
+    EVP_MAC_CTX_free(ctx);
+    EVP_MAC_free(hmac);
 #endif
 
     if (buf)
-- 
2.26.3