From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Tue, 25 May 2021 15:22:29 +0200 Subject: [PATCH] mokutil: use EVP_Digest()* functions instead of the deprecated SHA1_*() The SHA1_*() functions have been deprecated since OpenSSL 3.0, this leads to compile errors when building with -Werror=deprecated-declarations, i.e: mokutil.c: In function 'print_x509': mokutil.c:424:9: error: 'SHA1_Init' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] 424 | SHA1_Init (&ctx); | ^~~~~~~~~ ... instead, the EVP_Digest*() functions could be used. Port to them and avoid these build failures with the latest OpenSSL 3.0 version. Signed-off-by: Javier Martinez Canillas --- src/mokutil.c | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/src/mokutil.c b/src/mokutil.c index 9153b10..0fd2dc3 100644 --- a/src/mokutil.c +++ b/src/mokutil.c @@ -405,8 +405,10 @@ print_x509 (char *cert, int cert_size) { X509 *X509cert; BIO *cert_bio; - SHA_CTX ctx; - uint8_t fingerprint[SHA_DIGEST_LENGTH]; + EVP_MD_CTX *ctx; + const EVP_MD *md; + unsigned int md_len; + unsigned char fingerprint[EVP_MAX_MD_SIZE]; cert_bio = BIO_new (BIO_s_mem ()); BIO_write (cert_bio, cert, cert_size); @@ -418,22 +420,48 @@ print_x509 (char *cert, int cert_size) X509cert = d2i_X509_bio (cert_bio, NULL); if (X509cert == NULL) { fprintf (stderr, "Invalid X509 certificate\n"); - return -1; + goto cleanup_bio; } - SHA1_Init (&ctx); - SHA1_Update (&ctx, cert, cert_size); - SHA1_Final (fingerprint, &ctx); + md = EVP_get_digestbyname ("SHA1"); + if(md == NULL) { + fprintf (stderr, "Failed to get SHA1 digest\n"); + goto cleanup_bio; + } + + ctx = EVP_MD_CTX_create (); + if (ctx == NULL) { + fprintf (stderr, "Failed to create digest context\n"); + goto cleanup_bio; + } + + if (!EVP_DigestInit_ex (ctx, md, NULL)) { + fprintf (stderr, "Failed to initialize digest context\n"); + goto cleanup_ctx; + } + + if (!EVP_DigestUpdate (ctx, cert, cert_size)) { + fprintf (stderr, "Failed to hash into the digest context\n"); + goto cleanup_ctx; + } + + if (!EVP_DigestFinal_ex (ctx, fingerprint, &md_len)) { + fprintf (stderr, "Failed to get digest value\n"); + goto cleanup_ctx; + } printf ("SHA1 Fingerprint: "); - for (unsigned int i = 0; i < SHA_DIGEST_LENGTH; i++) { + for (unsigned int i = 0; i < md_len; i++) { printf ("%02x", fingerprint[i]); - if (i < SHA_DIGEST_LENGTH - 1) + if (i < md_len - 1) printf (":"); } printf ("\n"); X509_print_fp (stdout, X509cert); +cleanup_ctx: + EVP_MD_CTX_destroy (ctx); +cleanup_bio: BIO_free (cert_bio); return 0;