You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
124 lines
4.5 KiB
124 lines
4.5 KiB
From 75da8bd937e6bca14832240321a679634159f75b Mon Sep 17 00:00:00 2001 |
|
From: Petr Gotthard <petr.gotthard@centrum.cz> |
|
Date: Sun, 18 Jul 2021 13:12:56 +0200 |
|
Subject: FAPI: Change SHA256_Update to EVP_DigestUpdate |
|
MIME-Version: 1.0 |
|
Content-Type: text/plain; charset=UTF-8 |
|
Content-Transfer-Encoding: 8bit |
|
|
|
Although the EVP_DigestUpdate functions are available in all OpenSSL |
|
versions and the EVP_DigestFinal_ex was added in OpenSSL 0.9.7, the |
|
EVP_MD_CTX_new was introduced in OpenSSL 1.1.0. |
|
The SHA256_Update function is deprecated in OpenSSL 3.0.0. |
|
|
|
This PR should work with OpenSSL 1.1.0 through 3.0.0. |
|
|
|
- Compared to the upstream commit f4f528ff the changes related to the |
|
unit test are omitted. |
|
|
|
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz> |
|
--- |
|
src/tss2-fapi/ifapi_get_intl_cert.c | 43 +++++++++++++++++------------ |
|
1 file changed, 25 insertions(+), 18 deletions(-) |
|
|
|
diff --git a/src/tss2-fapi/ifapi_get_intl_cert.c b/src/tss2-fapi/ifapi_get_intl_cert.c |
|
index 2fb17fd0..9290a17e 100644 |
|
--- a/src/tss2-fapi/ifapi_get_intl_cert.c |
|
+++ b/src/tss2-fapi/ifapi_get_intl_cert.c |
|
@@ -52,21 +52,26 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) { |
|
return NULL; |
|
} |
|
|
|
- SHA256_CTX sha256; |
|
- int is_success = SHA256_Init(&sha256); |
|
+ EVP_MD_CTX *sha256ctx = EVP_MD_CTX_new(); |
|
+ if (!sha256ctx) { |
|
+ LOG_ERROR("EVP_MD_CTX_new failed"); |
|
+ goto err; |
|
+ } |
|
+ |
|
+ int is_success = EVP_DigestInit(sha256ctx, EVP_sha256()); |
|
if (!is_success) { |
|
- LOG_ERROR("SHA256_Init failed"); |
|
+ LOG_ERROR("EVP_DigestInit failed"); |
|
goto err; |
|
} |
|
|
|
switch (ek_public->publicArea.type) { |
|
case TPM2_ALG_RSA: |
|
/* Add public key to the hash. */ |
|
- is_success = SHA256_Update(&sha256, |
|
- ek_public->publicArea.unique.rsa.buffer, |
|
- ek_public->publicArea.unique.rsa.size); |
|
+ is_success = EVP_DigestUpdate(sha256ctx, |
|
+ ek_public->publicArea.unique.rsa.buffer, |
|
+ ek_public->publicArea.unique.rsa.size); |
|
if (!is_success) { |
|
- LOG_ERROR("SHA256_Update failed"); |
|
+ LOG_ERROR("EVP_DigestUpdate failed"); |
|
goto err; |
|
} |
|
|
|
@@ -77,28 +82,28 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) { |
|
} |
|
/* Exponent 65537 will be added. */ |
|
BYTE buf[3] = { 0x1, 0x00, 0x01 }; |
|
- is_success = SHA256_Update(&sha256, buf, sizeof(buf)); |
|
+ is_success = EVP_DigestUpdate(sha256ctx, buf, sizeof(buf)); |
|
if (!is_success) { |
|
- LOG_ERROR("SHA256_Update failed"); |
|
+ LOG_ERROR("EVP_DigestUpdate failed"); |
|
goto err; |
|
} |
|
break; |
|
|
|
case TPM2_ALG_ECC: |
|
- is_success = SHA256_Update(&sha256, |
|
- ek_public->publicArea.unique.ecc.x.buffer, |
|
- ek_public->publicArea.unique.ecc.x.size); |
|
+ is_success = EVP_DigestUpdate(sha256ctx, |
|
+ ek_public->publicArea.unique.ecc.x.buffer, |
|
+ ek_public->publicArea.unique.ecc.x.size); |
|
if (!is_success) { |
|
- LOG_ERROR("SHA256_Update failed"); |
|
+ LOG_ERROR("EVP_DigestUpdate failed"); |
|
goto err; |
|
} |
|
|
|
/* Add public key to the hash. */ |
|
- is_success = SHA256_Update(&sha256, |
|
- ek_public->publicArea.unique.ecc.y.buffer, |
|
- ek_public->publicArea.unique.ecc.y.size); |
|
+ is_success = EVP_DigestUpdate(sha256ctx, |
|
+ ek_public->publicArea.unique.ecc.y.buffer, |
|
+ ek_public->publicArea.unique.ecc.y.size); |
|
if (!is_success) { |
|
- LOG_ERROR("SHA256_Update failed"); |
|
+ LOG_ERROR("EVP_DigestUpdate failed"); |
|
goto err; |
|
} |
|
break; |
|
@@ -108,17 +113,19 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) { |
|
goto err; |
|
} |
|
|
|
- is_success = SHA256_Final(hash, &sha256); |
|
+ is_success = EVP_DigestFinal_ex(sha256ctx, hash, NULL); |
|
if (!is_success) { |
|
LOG_ERROR("SHA256_Final failed"); |
|
goto err; |
|
} |
|
|
|
+ EVP_MD_CTX_free(sha256ctx); |
|
LOG_TRACE("public-key-hash:"); |
|
LOG_TRACE(" sha256: "); |
|
LOGBLOB_TRACE(&hash[0], SHA256_DIGEST_LENGTH, "Hash"); |
|
return hash; |
|
err: |
|
+ EVP_MD_CTX_free(sha256ctx); |
|
free(hash); |
|
return NULL; |
|
} |
|
-- |
|
2.26.3 |
|
|
|
|