powerel9
/
tpm2-tss
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
58 KiB
Tree: 22dac4d7d9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '22dac4d7d9'
${ noResults }
tpm2-tss/SOURCES/0009-FAPI-Change-SHA256_Upd...

124 lines
4.5 KiB
Raw Blame History

From 75da8bd937e6bca14832240321a679634159f75b Mon Sep 17 00:00:00 2001
From: Petr Gotthard <petr.gotthard@centrum.cz>
Date: Sun, 18 Jul 2021 13:12:56 +0200
Subject: FAPI: Change SHA256_Update to EVP_DigestUpdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Although the EVP_DigestUpdate functions are available in all OpenSSL
versions and the EVP_DigestFinal_ex was added in OpenSSL 0.9.7, the
EVP_MD_CTX_new was introduced in OpenSSL 1.1.0.
The SHA256_Update function is deprecated in OpenSSL 3.0.0.
This PR should work with OpenSSL 1.1.0 through 3.0.0.
- Compared to the upstream commit f4f528ff the changes related to the
unit test are omitted.
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
---
src/tss2-fapi/ifapi_get_intl_cert.c | 43 +++++++++++++++++------------
1 file changed, 25 insertions(+), 18 deletions(-)
diff --git a/src/tss2-fapi/ifapi_get_intl_cert.c b/src/tss2-fapi/ifapi_get_intl_cert.c
index 2fb17fd0..9290a17e 100644
--- a/src/tss2-fapi/ifapi_get_intl_cert.c
+++ b/src/tss2-fapi/ifapi_get_intl_cert.c
@@ -52,21 +52,26 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) {
return NULL;
}
- SHA256_CTX sha256;
- int is_success = SHA256_Init(&sha256);
+ EVP_MD_CTX *sha256ctx = EVP_MD_CTX_new();
+ if (!sha256ctx) {
+ LOG_ERROR("EVP_MD_CTX_new failed");
+ goto err;
+ }
+
+ int is_success = EVP_DigestInit(sha256ctx, EVP_sha256());
if (!is_success) {
- LOG_ERROR("SHA256_Init failed");
+ LOG_ERROR("EVP_DigestInit failed");
goto err;
}
switch (ek_public->publicArea.type) {
case TPM2_ALG_RSA:
/* Add public key to the hash. */
- is_success = SHA256_Update(&sha256,
- ek_public->publicArea.unique.rsa.buffer,
- ek_public->publicArea.unique.rsa.size);
+ is_success = EVP_DigestUpdate(sha256ctx,
+ ek_public->publicArea.unique.rsa.buffer,
+ ek_public->publicArea.unique.rsa.size);
if (!is_success) {
- LOG_ERROR("SHA256_Update failed");
+ LOG_ERROR("EVP_DigestUpdate failed");
goto err;
}
@@ -77,28 +82,28 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) {
}
/* Exponent 65537 will be added. */
BYTE buf[3] = { 0x1, 0x00, 0x01 };
- is_success = SHA256_Update(&sha256, buf, sizeof(buf));
+ is_success = EVP_DigestUpdate(sha256ctx, buf, sizeof(buf));
if (!is_success) {
- LOG_ERROR("SHA256_Update failed");
+ LOG_ERROR("EVP_DigestUpdate failed");
goto err;
}
break;
case TPM2_ALG_ECC:
- is_success = SHA256_Update(&sha256,
- ek_public->publicArea.unique.ecc.x.buffer,
- ek_public->publicArea.unique.ecc.x.size);
+ is_success = EVP_DigestUpdate(sha256ctx,
+ ek_public->publicArea.unique.ecc.x.buffer,
+ ek_public->publicArea.unique.ecc.x.size);
if (!is_success) {
- LOG_ERROR("SHA256_Update failed");
+ LOG_ERROR("EVP_DigestUpdate failed");
goto err;
}
/* Add public key to the hash. */
- is_success = SHA256_Update(&sha256,
- ek_public->publicArea.unique.ecc.y.buffer,
- ek_public->publicArea.unique.ecc.y.size);
+ is_success = EVP_DigestUpdate(sha256ctx,
+ ek_public->publicArea.unique.ecc.y.buffer,
+ ek_public->publicArea.unique.ecc.y.size);
if (!is_success) {
- LOG_ERROR("SHA256_Update failed");
+ LOG_ERROR("EVP_DigestUpdate failed");
goto err;
}
break;
@@ -108,17 +113,19 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) {
goto err;
}
- is_success = SHA256_Final(hash, &sha256);
+ is_success = EVP_DigestFinal_ex(sha256ctx, hash, NULL);
if (!is_success) {
LOG_ERROR("SHA256_Final failed");
goto err;
}
+ EVP_MD_CTX_free(sha256ctx);
LOG_TRACE("public-key-hash:");
LOG_TRACE(" sha256: ");
LOGBLOB_TRACE(&hash[0], SHA256_DIGEST_LENGTH, "Hash");
return hash;
err:
+ EVP_MD_CTX_free(sha256ctx);
free(hash);
return NULL;
}
--
2.26.3