rpms/tpm2-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity
1ec5ef1702
tpm2-tools/0008-openssl-Replace-SHA256_CTX-by-EVP_MD_CTX.patch
Štěpán Horáček d8b5733ac7 tpm2-tools: Fix segfault and add support for OpenSSL 3 
The segfault was caused by calling tpm2 command on ppc64le without any
additional arguments.

Resolves: rhbz#1989617

Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
2021-10-05 12:20:18 +02:00

105 lines
3.4 KiB
Diff
Raw Blame History

From 59f35567cf810d9eafdeedced5dc5571d9b33dfd Mon Sep 17 00:00:00 2001
From: Petr Gotthard <petr.gotthard@centrum.cz>
Date: Sat, 7 Aug 2021 12:26:15 +0200
Subject: [PATCH 07/17] openssl: Replace SHA256_CTX by EVP_MD_CTX
The EVP_MD_CTX_new() was introduced in OpenSSL 1.1.0 and
the SHA256_CTX was deprecated in OpenSSL 3.0.0.
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
---
tools/tpm2_getekcertificate.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/tools/tpm2_getekcertificate.c b/tools/tpm2_getekcertificate.c
index b480dbc3..81600b61 100644
--- a/tools/tpm2_getekcertificate.c
+++ b/tools/tpm2_getekcertificate.c
@@ -63,20 +63,20 @@ static unsigned char *hash_ek_public(void) {
return NULL;
}
- SHA256_CTX sha256;
- int is_success = SHA256_Init(&sha256);
+ EVP_MD_CTX *sha256 = EVP_MD_CTX_new();
+ int is_success = EVP_DigestInit(sha256, EVP_sha256());
if (!is_success) {
- LOG_ERR("SHA256_Init failed");
+ LOG_ERR("EVP_DigestInit failed");
goto err;
}
switch (ctx.out_public->publicArea.type) {
case TPM2_ALG_RSA:
- is_success = SHA256_Update(&sha256,
+ is_success = EVP_DigestUpdate(sha256,
ctx.out_public->publicArea.unique.rsa.buffer,
ctx.out_public->publicArea.unique.rsa.size);
if (!is_success) {
- LOG_ERR("SHA256_Update failed");
+ LOG_ERR("EVP_DigestUpdate failed");
goto err;
}
@@ -85,27 +85,27 @@ static unsigned char *hash_ek_public(void) {
goto err;
}
BYTE buf[3] = { 0x1, 0x00, 0x01 }; // Exponent
- is_success = SHA256_Update(&sha256, buf, sizeof(buf));
+ is_success = EVP_DigestUpdate(sha256, buf, sizeof(buf));
if (!is_success) {
- LOG_ERR("SHA256_Update failed");
+ LOG_ERR("EVP_DigestUpdate failed");
goto err;
}
break;
case TPM2_ALG_ECC:
- is_success = SHA256_Update(&sha256,
+ is_success = EVP_DigestUpdate(sha256,
ctx.out_public->publicArea.unique.ecc.x.buffer,
ctx.out_public->publicArea.unique.ecc.x.size);
if (!is_success) {
- LOG_ERR("SHA256_Update failed");
+ LOG_ERR("EVP_DigestUpdate failed");
goto err;
}
- is_success = SHA256_Update(&sha256,
+ is_success = EVP_DigestUpdate(sha256,
ctx.out_public->publicArea.unique.ecc.y.buffer,
ctx.out_public->publicArea.unique.ecc.y.size);
if (!is_success) {
- LOG_ERR("SHA256_Update failed");
+ LOG_ERR("EVP_DigestUpdate failed");
goto err;
}
break;
@@ -115,12 +115,13 @@ static unsigned char *hash_ek_public(void) {
goto err;
}
- is_success = SHA256_Final(hash, &sha256);
+ is_success = EVP_DigestFinal_ex(sha256, hash, NULL);
if (!is_success) {
- LOG_ERR("SHA256_Final failed");
+ LOG_ERR("EVP_DigestFinal failed");
goto err;
}
+ EVP_MD_CTX_free(sha256);
if (ctx.verbose) {
tpm2_tool_output("public-key-hash:\n");
tpm2_tool_output(" sha256: ");
@@ -134,6 +135,7 @@ static unsigned char *hash_ek_public(void) {
return hash;
err:
free(hash);
+ EVP_MD_CTX_free(sha256);
return NULL;
}
--
2.31.1
Reference in New Issue View Git Blame Copy Permalink