From 89b2bd01f6fa1e267f57b2ceeb2ffaafb9cdb7c0 Mon Sep 17 00:00:00 2001

From: Petr Gotthard <petr.gotthard@centrum.cz>

Date: Sun, 18 Jul 2021 14:56:18 +0200

Subject: Test: Use EVP_MAC_xxx with OpenSSL 3.0

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Drop support for OpenSSL < 1.1.0 and add support for OpenSSL >= 3.0.0.

The HMAC_Update is deprecated in OpenSSL 3.0, but the replacement

EVP_MAC_update was added in OpenSSL 3.0, so version specific code is

needed.

Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>

---

 test/integration/sys-util.c | 50 +++++++++++++++++++++++--------------

 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/test/integration/sys-util.c b/test/integration/sys-util.c

index af83cf55..5865f002 100644

--- a/test/integration/sys-util.c

+++ b/test/integration/sys-util.c

@@ -13,10 +13,13 @@

 #include <string.h>

 #include <assert.h>

+#include <openssl/evp.h>

 #include <openssl/sha.h>

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

 #include <openssl/hmac.h>

-#include <openssl/evp.h>

-#include <openssl/opensslv.h>

+#else

+#include <openssl/core_names.h>

+#endif

 #define LOGMODULE testintegration

 #include "util/log.h"

@@ -489,22 +492,18 @@ hmac(

     TPM2B_DIGEST **buffer_list,

     TPM2B_DIGEST *out)

 {

-#if OPENSSL_VERSION_NUMBER >= 0x10100000L

-    HMAC_CTX *ctx;

-#else

-    HMAC_CTX _ctx;

-    HMAC_CTX *ctx = &_ctx;

-#endif

-    EVP_MD *evp;

     int rc = 1, i;

-    unsigned int *buf = NULL, size;

+    unsigned int *buf = NULL;

     uint8_t *buf_ptr;

+    EVP_MD *evp;

-#if OPENSSL_VERSION_NUMBER >= 0x10100000L

-    /* HMAC_CTX_new and HMAC_CTX_free are new in openSSL 1.1.0 */

-    ctx = HMAC_CTX_new();

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

+    unsigned int size;

+    HMAC_CTX *ctx = HMAC_CTX_new();

 #else

-    HMAC_CTX_init(ctx);

+    size_t size;

+    EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);

+    EVP_MAC_CTX *ctx = EVP_MAC_CTX_new(hmac);

 #endif

     if (!ctx)

@@ -538,21 +537,33 @@ hmac(

     buf_ptr = (uint8_t *)buf;

-#if OPENSSL_VERSION_NUMBER >= 0x10100000L

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

     rc = HMAC_Init_ex(ctx, key, key_len, evp, NULL);

 #else

-    rc = HMAC_Init(ctx, key, key_len, evp);

-#endif

+    OSSL_PARAM params[2];

+    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,

+                                                 (char *)EVP_MD_get0_name(evp), 0);

+    params[1] = OSSL_PARAM_construct_end();

+    rc = EVP_MAC_init(ctx, key, key_len, params);

+#endif

     if (rc != 1)

         goto out;

     for (i = 0; buffer_list[i] != 0; i++) {

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

         rc = HMAC_Update(ctx, buffer_list[i]->buffer, buffer_list[i]->size);

+#else

+        rc = EVP_MAC_update(ctx, buffer_list[i]->buffer, buffer_list[i]->size);

+#endif

         if (rc != 1)

             goto out;

     }

     /* buf_ptr has to be 4 bytes alligned for whatever reason */

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

     rc = HMAC_Final(ctx, buf_ptr, &size);

+#else

+    rc = EVP_MAC_final(ctx, buf_ptr, &size, out->size);

+#endif

     if (rc != 1)

         goto out;

@@ -561,10 +572,11 @@ hmac(

     memcpy(out->buffer, buf, out->size);

 out:

-#if OPENSSL_VERSION_NUMBER >= 0x10100000L

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

     HMAC_CTX_free(ctx);

 #else

-    HMAC_CTX_cleanup(ctx);

+    EVP_MAC_CTX_free(ctx);

+    EVP_MAC_free(hmac);

 #endif

     if (buf)

-- 

2.26.3