chantra / rpms / tpm2-tools

Forked from rpms/tpm2-tools 2 years ago
Clone

Blame SOURCES/0010-openssl-Convert-deprecated-SHA256-384-digesters-to-E.patch

28a59a
From 220b7e0afa943693a4fdafd9a5b8d9e38ea4e785 Mon Sep 17 00:00:00 2001
28a59a
From: Petr Gotthard <petr.gotthard@centrum.cz>
28a59a
Date: Sat, 7 Aug 2021 15:54:51 +0200
28a59a
Subject: [PATCH 09/17] openssl: Convert deprecated SHA256|384 digesters to
28a59a
 EVP_Digest
28a59a
28a59a
The EVP_Digest function is available since OpenSSL 1.1.0
28a59a
28a59a
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
28a59a
---
28a59a
 lib/tpm2_identity_util.c | 34 ++++++++++++++++++++++++----------
28a59a
 lib/tpm2_kdfe.c          | 13 +++++++++++--
28a59a
 lib/tpm2_openssl.c       | 17 -----------------
28a59a
 lib/tpm2_openssl.h       | 28 ----------------------------
28a59a
 lib/tpm2_util.c          | 15 +++++++++++----
28a59a
 5 files changed, 46 insertions(+), 61 deletions(-)
28a59a
28a59a
diff --git a/lib/tpm2_identity_util.c b/lib/tpm2_identity_util.c
28a59a
index a268295f..e0c3f404 100644
28a59a
--- a/lib/tpm2_identity_util.c
28a59a
+++ b/lib/tpm2_identity_util.c
28a59a
@@ -391,11 +391,20 @@ bool tpm2_identity_util_calculate_inner_integrity(TPMI_ALG_HASH name_alg,
28a59a
     Tss2_MU_UINT16_Marshal(hash_size, marshalled_sensitive_and_name_digest,
28a59a
             sizeof(uint16_t), &digest_size_info);
28a59a
 
28a59a
-    digester d = tpm2_openssl_halg_to_digester(name_alg);
28a59a
-    d(buffer_marshalled_sensitiveArea,
28a59a
-            marshalled_sensitive_size_info + marshalled_sensitive_size
28a59a
-                    + pubname->size,
28a59a
-            marshalled_sensitive_and_name_digest + digest_size_info);
28a59a
+    const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(name_alg);
28a59a
+    if (!md) {
28a59a
+        LOG_ERR("Algorithm not supported: %x", name_alg);
28a59a
+        return false;
28a59a
+    }
28a59a
+    int rc = EVP_Digest(buffer_marshalled_sensitiveArea,
28a59a
+                        marshalled_sensitive_size_info + marshalled_sensitive_size
28a59a
+                            + pubname->size,
28a59a
+                        marshalled_sensitive_and_name_digest + digest_size_info,
28a59a
+                        NULL, md, NULL);
28a59a
+    if (!rc) {
28a59a
+        LOG_ERR("Hash calculation failed");
28a59a
+        return false;
28a59a
+    }
28a59a
 
28a59a
     //Inner integrity
28a59a
     encrypted_inner_integrity->size = marshalled_sensitive_size_info
28a59a
@@ -452,16 +461,21 @@ bool tpm2_identity_create_name(TPM2B_PUBLIC *public, TPM2B_NAME *pubname) {
28a59a
             &tpmt_marshalled_size);
28a59a
 
28a59a
     // Step 3 - Hash the data into name just past the alg type.
28a59a
-    digester d = tpm2_openssl_halg_to_digester(name_alg);
28a59a
-    if (!d) {
28a59a
+    const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(name_alg);
28a59a
+    if (!md) {
28a59a
+        LOG_ERR("Algorithm not supported: %x", name_alg);
28a59a
         return false;
28a59a
     }
28a59a
 
28a59a
-    d((const unsigned char *) &marshaled_tpmt, tpmt_marshalled_size,
28a59a
-            pubname->name + hash_offset);
28a59a
+    unsigned int hash_size;
28a59a
+    int rc = EVP_Digest(&marshaled_tpmt, tpmt_marshalled_size,
28a59a
+                        pubname->name + hash_offset, &hash_size, md, NULL);
28a59a
+    if (!rc) {
28a59a
+        LOG_ERR("Hash calculation failed");
28a59a
+        return false;
28a59a
+    }
28a59a
 
28a59a
     //Set the name size, UINT16 followed by HASH
28a59a
-    UINT16 hash_size = tpm2_alg_util_get_hash_size(name_alg);
28a59a
     pubname->size = hash_size + hash_offset;
28a59a
 
28a59a
     return true;
28a59a
diff --git a/lib/tpm2_kdfe.c b/lib/tpm2_kdfe.c
28a59a
index e8aeb04c..aa4d3e0b 100644
28a59a
--- a/lib/tpm2_kdfe.c
28a59a
+++ b/lib/tpm2_kdfe.c
28a59a
@@ -42,13 +42,22 @@ TSS2_RC tpm2_kdfe(
28a59a
     tpm2_util_concat_buffer(&hash_input, (TPM2B *) party_u);
28a59a
     tpm2_util_concat_buffer(&hash_input, (TPM2B *) party_v);
28a59a
 
28a59a
-    digester d = tpm2_openssl_halg_to_digester(hash_alg);
28a59a
+    const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(hash_alg);
28a59a
+    if (!md) {
28a59a
+        LOG_ERR("Algorithm not supported: %x", hash_alg);
28a59a
+        return TPM2_RC_HASH;
28a59a
+    }
28a59a
 
28a59a
     for (done = 0, counter = 1; done < bytes; done += hash_size, counter++) {
28a59a
         counter_be = tpm2_util_hton_32(counter);
28a59a
         memcpy(hash_input.buffer, &counter_be, 4);
28a59a
 
28a59a
-        d(hash_input.buffer, hash_input.size, result_key->buffer + done);
28a59a
+        int rc = EVP_Digest(hash_input.buffer, hash_input.size,
28a59a
+                            result_key->buffer + done, NULL, md, NULL);
28a59a
+        if (!rc) {
28a59a
+            LOG_ERR("Hash calculation failed");
28a59a
+            return TPM2_RC_MEMORY;
28a59a
+        }
28a59a
     }
28a59a
     // truncate the result to the desired size
28a59a
     result_key->size = bytes;
28a59a
diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c
28a59a
index 1752525e..cdce92f8 100644
28a59a
--- a/lib/tpm2_openssl.c
28a59a
+++ b/lib/tpm2_openssl.c
28a59a
@@ -368,23 +368,6 @@ out:
28a59a
     return result;
28a59a
 }
28a59a
 
28a59a
-digester tpm2_openssl_halg_to_digester(TPMI_ALG_HASH halg) {
28a59a
-
28a59a
-    switch (halg) {
28a59a
-    case TPM2_ALG_SHA1:
28a59a
-        return SHA1;
28a59a
-    case TPM2_ALG_SHA256:
28a59a
-        return SHA256;
28a59a
-    case TPM2_ALG_SHA384:
28a59a
-        return SHA384;
28a59a
-    case TPM2_ALG_SHA512:
28a59a
-        return SHA512;
28a59a
-        /* no default */
28a59a
-    }
28a59a
-
28a59a
-    return NULL;
28a59a
-}
28a59a
-
28a59a
 /*
28a59a
  * Per man openssl(1), handle the following --passin formats:
28a59a
  *     pass:password
28a59a
diff --git a/lib/tpm2_openssl.h b/lib/tpm2_openssl.h
28a59a
index 642e4635..78cb826a 100644
28a59a
--- a/lib/tpm2_openssl.h
28a59a
+++ b/lib/tpm2_openssl.h
28a59a
@@ -28,23 +28,6 @@
28a59a
         EC_POINT_get_affine_coordinates_GFp(group, tpm_pub_key, bn_x, bn_y, dmy)
28a59a
 #endif /* OPENSSL_VERSION_NUMBER >= 0x10101000L */
28a59a
 
28a59a
-/**
28a59a
- * Function prototype for a hashing routine.
28a59a
- *
28a59a
- * This is a wrapper around OSSL SHA256|384 and etc digesters.
28a59a
- *
28a59a
- * @param d
28a59a
- *  The data to digest.
28a59a
- * @param n
28a59a
- *  The length of the data to digest.
28a59a
- * @param md
28a59a
- *  The output message digest.
28a59a
- * @return
28a59a
- * A pointer to the digest or NULL on error.
28a59a
- */
28a59a
-typedef unsigned char *(*digester)(const unsigned char *d, size_t n,
28a59a
-        unsigned char *md);
28a59a
-
28a59a
 static inline const char *tpm2_openssl_get_err(void) {
28a59a
     return ERR_error_string(ERR_get_error(), NULL);
28a59a
 }
28a59a
@@ -147,17 +130,6 @@ bool tpm2_openssl_hash_pcr_banks_le(TPMI_ALG_HASH hashAlg,
28a59a
 bool tpm2_openssl_pcr_extend(TPMI_ALG_HASH halg, BYTE *pcr,
28a59a
         const BYTE *data, UINT16 length);
28a59a
 
28a59a
-/**
28a59a
- * Returns a function pointer capable of performing the
28a59a
- * given digest from a TPMI_HASH_ALG.
28a59a
- *
28a59a
- * @param halg
28a59a
- *  The hashing algorithm to use.
28a59a
- * @return
28a59a
- *  NULL on failure or a valid digester on success.
28a59a
- */
28a59a
-digester tpm2_openssl_halg_to_digester(TPMI_ALG_HASH halg);
28a59a
-
28a59a
 typedef enum tpm2_openssl_load_rc tpm2_openssl_load_rc;
28a59a
 enum tpm2_openssl_load_rc {
28a59a
     lprc_error = 0, /* an error has occurred */
28a59a
diff --git a/lib/tpm2_util.c b/lib/tpm2_util.c
28a59a
index 4125a4b9..d2c654db 100644
28a59a
--- a/lib/tpm2_util.c
28a59a
+++ b/lib/tpm2_util.c
28a59a
@@ -579,13 +579,20 @@ bool tpm2_util_calc_unique(TPMI_ALG_HASH name_alg,
28a59a
     memcpy(buf.buffer, seed->buffer, seed->size);
28a59a
     memcpy(&buf.buffer[seed->size], key->buffer, key->size);
28a59a
 
28a59a
-    digester d = tpm2_openssl_halg_to_digester(name_alg);
28a59a
-    if (!d) {
28a59a
+    const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(name_alg);
28a59a
+    if (!md) {
28a59a
+        LOG_ERR("Algorithm not supported: %x", name_alg);
28a59a
         return false;
28a59a
     }
28a59a
 
28a59a
-    unique_data->size = tpm2_alg_util_get_hash_size(name_alg);
28a59a
-    d(buf.buffer, buf.size, unique_data->buffer);
28a59a
+    unsigned int hash_size;
28a59a
+    int rc = EVP_Digest(buf.buffer, buf.size, unique_data->buffer, &hash_size,
28a59a
+                        md, NULL);
28a59a
+    if (!rc) {
28a59a
+        LOG_ERR("Hash calculation failed");
28a59a
+        return false;
28a59a
+    }
28a59a
+    unique_data->size = hash_size;
28a59a
 
28a59a
     return true;
28a59a
 }
28a59a
-- 
28a59a
2.31.1
28a59a