210 lines
7.0 KiB
Diff
210 lines
7.0 KiB
Diff
From 220b7e0afa943693a4fdafd9a5b8d9e38ea4e785 Mon Sep 17 00:00:00 2001
|
|
From: Petr Gotthard <petr.gotthard@centrum.cz>
|
|
Date: Sat, 7 Aug 2021 15:54:51 +0200
|
|
Subject: [PATCH 09/17] openssl: Convert deprecated SHA256|384 digesters to
|
|
EVP_Digest
|
|
|
|
The EVP_Digest function is available since OpenSSL 1.1.0
|
|
|
|
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
|
|
---
|
|
lib/tpm2_identity_util.c | 34 ++++++++++++++++++++++++----------
|
|
lib/tpm2_kdfe.c | 13 +++++++++++--
|
|
lib/tpm2_openssl.c | 17 -----------------
|
|
lib/tpm2_openssl.h | 28 ----------------------------
|
|
lib/tpm2_util.c | 15 +++++++++++----
|
|
5 files changed, 46 insertions(+), 61 deletions(-)
|
|
|
|
diff --git a/lib/tpm2_identity_util.c b/lib/tpm2_identity_util.c
|
|
index a268295f..e0c3f404 100644
|
|
--- a/lib/tpm2_identity_util.c
|
|
+++ b/lib/tpm2_identity_util.c
|
|
@@ -391,11 +391,20 @@ bool tpm2_identity_util_calculate_inner_integrity(TPMI_ALG_HASH name_alg,
|
|
Tss2_MU_UINT16_Marshal(hash_size, marshalled_sensitive_and_name_digest,
|
|
sizeof(uint16_t), &digest_size_info);
|
|
|
|
- digester d = tpm2_openssl_halg_to_digester(name_alg);
|
|
- d(buffer_marshalled_sensitiveArea,
|
|
- marshalled_sensitive_size_info + marshalled_sensitive_size
|
|
- + pubname->size,
|
|
- marshalled_sensitive_and_name_digest + digest_size_info);
|
|
+ const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(name_alg);
|
|
+ if (!md) {
|
|
+ LOG_ERR("Algorithm not supported: %x", name_alg);
|
|
+ return false;
|
|
+ }
|
|
+ int rc = EVP_Digest(buffer_marshalled_sensitiveArea,
|
|
+ marshalled_sensitive_size_info + marshalled_sensitive_size
|
|
+ + pubname->size,
|
|
+ marshalled_sensitive_and_name_digest + digest_size_info,
|
|
+ NULL, md, NULL);
|
|
+ if (!rc) {
|
|
+ LOG_ERR("Hash calculation failed");
|
|
+ return false;
|
|
+ }
|
|
|
|
//Inner integrity
|
|
encrypted_inner_integrity->size = marshalled_sensitive_size_info
|
|
@@ -452,16 +461,21 @@ bool tpm2_identity_create_name(TPM2B_PUBLIC *public, TPM2B_NAME *pubname) {
|
|
&tpmt_marshalled_size);
|
|
|
|
// Step 3 - Hash the data into name just past the alg type.
|
|
- digester d = tpm2_openssl_halg_to_digester(name_alg);
|
|
- if (!d) {
|
|
+ const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(name_alg);
|
|
+ if (!md) {
|
|
+ LOG_ERR("Algorithm not supported: %x", name_alg);
|
|
return false;
|
|
}
|
|
|
|
- d((const unsigned char *) &marshaled_tpmt, tpmt_marshalled_size,
|
|
- pubname->name + hash_offset);
|
|
+ unsigned int hash_size;
|
|
+ int rc = EVP_Digest(&marshaled_tpmt, tpmt_marshalled_size,
|
|
+ pubname->name + hash_offset, &hash_size, md, NULL);
|
|
+ if (!rc) {
|
|
+ LOG_ERR("Hash calculation failed");
|
|
+ return false;
|
|
+ }
|
|
|
|
//Set the name size, UINT16 followed by HASH
|
|
- UINT16 hash_size = tpm2_alg_util_get_hash_size(name_alg);
|
|
pubname->size = hash_size + hash_offset;
|
|
|
|
return true;
|
|
diff --git a/lib/tpm2_kdfe.c b/lib/tpm2_kdfe.c
|
|
index e8aeb04c..aa4d3e0b 100644
|
|
--- a/lib/tpm2_kdfe.c
|
|
+++ b/lib/tpm2_kdfe.c
|
|
@@ -42,13 +42,22 @@ TSS2_RC tpm2_kdfe(
|
|
tpm2_util_concat_buffer(&hash_input, (TPM2B *) party_u);
|
|
tpm2_util_concat_buffer(&hash_input, (TPM2B *) party_v);
|
|
|
|
- digester d = tpm2_openssl_halg_to_digester(hash_alg);
|
|
+ const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(hash_alg);
|
|
+ if (!md) {
|
|
+ LOG_ERR("Algorithm not supported: %x", hash_alg);
|
|
+ return TPM2_RC_HASH;
|
|
+ }
|
|
|
|
for (done = 0, counter = 1; done < bytes; done += hash_size, counter++) {
|
|
counter_be = tpm2_util_hton_32(counter);
|
|
memcpy(hash_input.buffer, &counter_be, 4);
|
|
|
|
- d(hash_input.buffer, hash_input.size, result_key->buffer + done);
|
|
+ int rc = EVP_Digest(hash_input.buffer, hash_input.size,
|
|
+ result_key->buffer + done, NULL, md, NULL);
|
|
+ if (!rc) {
|
|
+ LOG_ERR("Hash calculation failed");
|
|
+ return TPM2_RC_MEMORY;
|
|
+ }
|
|
}
|
|
// truncate the result to the desired size
|
|
result_key->size = bytes;
|
|
diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c
|
|
index 1752525e..cdce92f8 100644
|
|
--- a/lib/tpm2_openssl.c
|
|
+++ b/lib/tpm2_openssl.c
|
|
@@ -368,23 +368,6 @@ out:
|
|
return result;
|
|
}
|
|
|
|
-digester tpm2_openssl_halg_to_digester(TPMI_ALG_HASH halg) {
|
|
-
|
|
- switch (halg) {
|
|
- case TPM2_ALG_SHA1:
|
|
- return SHA1;
|
|
- case TPM2_ALG_SHA256:
|
|
- return SHA256;
|
|
- case TPM2_ALG_SHA384:
|
|
- return SHA384;
|
|
- case TPM2_ALG_SHA512:
|
|
- return SHA512;
|
|
- /* no default */
|
|
- }
|
|
-
|
|
- return NULL;
|
|
-}
|
|
-
|
|
/*
|
|
* Per man openssl(1), handle the following --passin formats:
|
|
* pass:password
|
|
diff --git a/lib/tpm2_openssl.h b/lib/tpm2_openssl.h
|
|
index 642e4635..78cb826a 100644
|
|
--- a/lib/tpm2_openssl.h
|
|
+++ b/lib/tpm2_openssl.h
|
|
@@ -28,23 +28,6 @@
|
|
EC_POINT_get_affine_coordinates_GFp(group, tpm_pub_key, bn_x, bn_y, dmy)
|
|
#endif /* OPENSSL_VERSION_NUMBER >= 0x10101000L */
|
|
|
|
-/**
|
|
- * Function prototype for a hashing routine.
|
|
- *
|
|
- * This is a wrapper around OSSL SHA256|384 and etc digesters.
|
|
- *
|
|
- * @param d
|
|
- * The data to digest.
|
|
- * @param n
|
|
- * The length of the data to digest.
|
|
- * @param md
|
|
- * The output message digest.
|
|
- * @return
|
|
- * A pointer to the digest or NULL on error.
|
|
- */
|
|
-typedef unsigned char *(*digester)(const unsigned char *d, size_t n,
|
|
- unsigned char *md);
|
|
-
|
|
static inline const char *tpm2_openssl_get_err(void) {
|
|
return ERR_error_string(ERR_get_error(), NULL);
|
|
}
|
|
@@ -147,17 +130,6 @@ bool tpm2_openssl_hash_pcr_banks_le(TPMI_ALG_HASH hashAlg,
|
|
bool tpm2_openssl_pcr_extend(TPMI_ALG_HASH halg, BYTE *pcr,
|
|
const BYTE *data, UINT16 length);
|
|
|
|
-/**
|
|
- * Returns a function pointer capable of performing the
|
|
- * given digest from a TPMI_HASH_ALG.
|
|
- *
|
|
- * @param halg
|
|
- * The hashing algorithm to use.
|
|
- * @return
|
|
- * NULL on failure or a valid digester on success.
|
|
- */
|
|
-digester tpm2_openssl_halg_to_digester(TPMI_ALG_HASH halg);
|
|
-
|
|
typedef enum tpm2_openssl_load_rc tpm2_openssl_load_rc;
|
|
enum tpm2_openssl_load_rc {
|
|
lprc_error = 0, /* an error has occurred */
|
|
diff --git a/lib/tpm2_util.c b/lib/tpm2_util.c
|
|
index 4125a4b9..d2c654db 100644
|
|
--- a/lib/tpm2_util.c
|
|
+++ b/lib/tpm2_util.c
|
|
@@ -579,13 +579,20 @@ bool tpm2_util_calc_unique(TPMI_ALG_HASH name_alg,
|
|
memcpy(buf.buffer, seed->buffer, seed->size);
|
|
memcpy(&buf.buffer[seed->size], key->buffer, key->size);
|
|
|
|
- digester d = tpm2_openssl_halg_to_digester(name_alg);
|
|
- if (!d) {
|
|
+ const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(name_alg);
|
|
+ if (!md) {
|
|
+ LOG_ERR("Algorithm not supported: %x", name_alg);
|
|
return false;
|
|
}
|
|
|
|
- unique_data->size = tpm2_alg_util_get_hash_size(name_alg);
|
|
- d(buf.buffer, buf.size, unique_data->buffer);
|
|
+ unsigned int hash_size;
|
|
+ int rc = EVP_Digest(buf.buffer, buf.size, unique_data->buffer, &hash_size,
|
|
+ md, NULL);
|
|
+ if (!rc) {
|
|
+ LOG_ERR("Hash calculation failed");
|
|
+ return false;
|
|
+ }
|
|
+ unique_data->size = hash_size;
|
|
|
|
return true;
|
|
}
|
|
--
|
|
2.31.1
|
|
|