|
 |
a56c8e |
From 75da8bd937e6bca14832240321a679634159f75b Mon Sep 17 00:00:00 2001
|
|
|
a56c8e |
From: Petr Gotthard <petr.gotthard@centrum.cz>
|
|
|
a56c8e |
Date: Sun, 18 Jul 2021 13:12:56 +0200
|
|
|
a56c8e |
Subject: FAPI: Change SHA256_Update to EVP_DigestUpdate
|
|
|
a56c8e |
MIME-Version: 1.0
|
|
|
a56c8e |
Content-Type: text/plain; charset=UTF-8
|
|
|
a56c8e |
Content-Transfer-Encoding: 8bit
|
|
|
a56c8e |
|
|
|
a56c8e |
Although the EVP_DigestUpdate functions are available in all OpenSSL
|
|
|
a56c8e |
versions and the EVP_DigestFinal_ex was added in OpenSSL 0.9.7, the
|
|
|
a56c8e |
EVP_MD_CTX_new was introduced in OpenSSL 1.1.0.
|
|
|
a56c8e |
The SHA256_Update function is deprecated in OpenSSL 3.0.0.
|
|
|
a56c8e |
|
|
|
a56c8e |
This PR should work with OpenSSL 1.1.0 through 3.0.0.
|
|
|
a56c8e |
|
|
|
a56c8e |
- Compared to the upstream commit f4f528ff the changes related to the
|
|
|
a56c8e |
unit test are omitted.
|
|
|
a56c8e |
|
|
|
a56c8e |
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
|
|
|
a56c8e |
---
|
|
|
a56c8e |
src/tss2-fapi/ifapi_get_intl_cert.c | 43 +++++++++++++++++------------
|
|
|
a56c8e |
1 file changed, 25 insertions(+), 18 deletions(-)
|
|
|
a56c8e |
|
|
|
a56c8e |
diff --git a/src/tss2-fapi/ifapi_get_intl_cert.c b/src/tss2-fapi/ifapi_get_intl_cert.c
|
|
|
a56c8e |
index 2fb17fd0..9290a17e 100644
|
|
|
a56c8e |
--- a/src/tss2-fapi/ifapi_get_intl_cert.c
|
|
|
a56c8e |
+++ b/src/tss2-fapi/ifapi_get_intl_cert.c
|
|
|
a56c8e |
@@ -52,21 +52,26 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) {
|
|
|
a56c8e |
return NULL;
|
|
|
a56c8e |
}
|
|
|
a56c8e |
|
|
|
a56c8e |
- SHA256_CTX sha256;
|
|
|
a56c8e |
- int is_success = SHA256_Init(&sha256);
|
|
|
a56c8e |
+ EVP_MD_CTX *sha256ctx = EVP_MD_CTX_new();
|
|
|
a56c8e |
+ if (!sha256ctx) {
|
|
|
a56c8e |
+ LOG_ERROR("EVP_MD_CTX_new failed");
|
|
|
a56c8e |
+ goto err;
|
|
|
a56c8e |
+ }
|
|
|
a56c8e |
+
|
|
|
a56c8e |
+ int is_success = EVP_DigestInit(sha256ctx, EVP_sha256());
|
|
|
a56c8e |
if (!is_success) {
|
|
|
a56c8e |
- LOG_ERROR("SHA256_Init failed");
|
|
|
a56c8e |
+ LOG_ERROR("EVP_DigestInit failed");
|
|
|
a56c8e |
goto err;
|
|
|
a56c8e |
}
|
|
|
a56c8e |
|
|
|
a56c8e |
switch (ek_public->publicArea.type) {
|
|
|
a56c8e |
case TPM2_ALG_RSA:
|
|
|
a56c8e |
/* Add public key to the hash. */
|
|
|
a56c8e |
- is_success = SHA256_Update(&sha256,
|
|
|
a56c8e |
- ek_public->publicArea.unique.rsa.buffer,
|
|
|
a56c8e |
- ek_public->publicArea.unique.rsa.size);
|
|
|
a56c8e |
+ is_success = EVP_DigestUpdate(sha256ctx,
|
|
|
a56c8e |
+ ek_public->publicArea.unique.rsa.buffer,
|
|
|
a56c8e |
+ ek_public->publicArea.unique.rsa.size);
|
|
|
a56c8e |
if (!is_success) {
|
|
|
a56c8e |
- LOG_ERROR("SHA256_Update failed");
|
|
|
a56c8e |
+ LOG_ERROR("EVP_DigestUpdate failed");
|
|
|
a56c8e |
goto err;
|
|
|
a56c8e |
}
|
|
|
a56c8e |
|
|
|
a56c8e |
@@ -77,28 +82,28 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) {
|
|
|
a56c8e |
}
|
|
|
a56c8e |
/* Exponent 65537 will be added. */
|
|
|
a56c8e |
BYTE buf[3] = { 0x1, 0x00, 0x01 };
|
|
|
a56c8e |
- is_success = SHA256_Update(&sha256, buf, sizeof(buf));
|
|
|
a56c8e |
+ is_success = EVP_DigestUpdate(sha256ctx, buf, sizeof(buf));
|
|
|
a56c8e |
if (!is_success) {
|
|
|
a56c8e |
- LOG_ERROR("SHA256_Update failed");
|
|
|
a56c8e |
+ LOG_ERROR("EVP_DigestUpdate failed");
|
|
|
a56c8e |
goto err;
|
|
|
a56c8e |
}
|
|
|
a56c8e |
break;
|
|
|
a56c8e |
|
|
|
a56c8e |
case TPM2_ALG_ECC:
|
|
|
a56c8e |
- is_success = SHA256_Update(&sha256,
|
|
|
a56c8e |
- ek_public->publicArea.unique.ecc.x.buffer,
|
|
|
a56c8e |
- ek_public->publicArea.unique.ecc.x.size);
|
|
|
a56c8e |
+ is_success = EVP_DigestUpdate(sha256ctx,
|
|
|
a56c8e |
+ ek_public->publicArea.unique.ecc.x.buffer,
|
|
|
a56c8e |
+ ek_public->publicArea.unique.ecc.x.size);
|
|
|
a56c8e |
if (!is_success) {
|
|
|
a56c8e |
- LOG_ERROR("SHA256_Update failed");
|
|
|
a56c8e |
+ LOG_ERROR("EVP_DigestUpdate failed");
|
|
|
a56c8e |
goto err;
|
|
|
a56c8e |
}
|
|
|
a56c8e |
|
|
|
a56c8e |
/* Add public key to the hash. */
|
|
|
a56c8e |
- is_success = SHA256_Update(&sha256,
|
|
|
a56c8e |
- ek_public->publicArea.unique.ecc.y.buffer,
|
|
|
a56c8e |
- ek_public->publicArea.unique.ecc.y.size);
|
|
|
a56c8e |
+ is_success = EVP_DigestUpdate(sha256ctx,
|
|
|
a56c8e |
+ ek_public->publicArea.unique.ecc.y.buffer,
|
|
|
a56c8e |
+ ek_public->publicArea.unique.ecc.y.size);
|
|
|
a56c8e |
if (!is_success) {
|
|
|
a56c8e |
- LOG_ERROR("SHA256_Update failed");
|
|
|
a56c8e |
+ LOG_ERROR("EVP_DigestUpdate failed");
|
|
|
a56c8e |
goto err;
|
|
|
a56c8e |
}
|
|
|
a56c8e |
break;
|
|
|
a56c8e |
@@ -108,17 +113,19 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) {
|
|
|
a56c8e |
goto err;
|
|
|
a56c8e |
}
|
|
|
a56c8e |
|
|
|
a56c8e |
- is_success = SHA256_Final(hash, &sha256);
|
|
|
a56c8e |
+ is_success = EVP_DigestFinal_ex(sha256ctx, hash, NULL);
|
|
|
a56c8e |
if (!is_success) {
|
|
|
a56c8e |
LOG_ERROR("SHA256_Final failed");
|
|
|
a56c8e |
goto err;
|
|
|
a56c8e |
}
|
|
|
a56c8e |
|
|
|
a56c8e |
+ EVP_MD_CTX_free(sha256ctx);
|
|
|
a56c8e |
LOG_TRACE("public-key-hash:");
|
|
|
a56c8e |
LOG_TRACE(" sha256: ");
|
|
|
a56c8e |
LOGBLOB_TRACE(&hash[0], SHA256_DIGEST_LENGTH, "Hash");
|
|
|
a56c8e |
return hash;
|
|
|
a56c8e |
err:
|
|
|
a56c8e |
+ EVP_MD_CTX_free(sha256ctx);
|
|
|
a56c8e |
free(hash);
|
|
|
a56c8e |
return NULL;
|
|
|
a56c8e |
}
|
|
|
a56c8e |
--
|
|
|
a56c8e |
2.26.3
|
|
|
a56c8e |
|