|
|
2c1758 |
commit 5377d25a6cbe3d07afcd08276ad7e90f62cad0c9
|
|
|
2c1758 |
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
Date: Wed Jun 30 13:51:02 2021 +0200
|
|
|
2c1758 |
|
|
|
2c1758 |
COMMON: mech_sha: Remove deprecated OpenSSL functions
|
|
|
2c1758 |
|
|
|
2c1758 |
All low level SHA functions are deprecated in OpenSSL 3.0.
|
|
|
2c1758 |
Update the code to not use any of those.
|
|
|
2c1758 |
|
|
|
2c1758 |
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
|
|
|
2c1758 |
diff --git a/usr/lib/common/h_extern.h b/usr/lib/common/h_extern.h
|
|
|
2c1758 |
index 314613a5..b3b965bf 100644
|
|
|
2c1758 |
--- a/usr/lib/common/h_extern.h
|
|
|
2c1758 |
+++ b/usr/lib/common/h_extern.h
|
|
|
2c1758 |
@@ -1543,7 +1543,7 @@ CK_RV aes_cfb_decrypt_final(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
|
2c1758 |
// SHA mechanisms
|
|
|
2c1758 |
//
|
|
|
2c1758 |
|
|
|
2c1758 |
-void sw_sha1_init(DIGEST_CONTEXT *ctx);
|
|
|
2c1758 |
+CK_RV sw_sha1_init(DIGEST_CONTEXT *ctx);
|
|
|
2c1758 |
|
|
|
2c1758 |
CK_RV sw_sha1_hash(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
|
|
|
2c1758 |
CK_ULONG in_data_len, CK_BYTE *out_data,
|
|
|
2c1758 |
diff --git a/usr/lib/common/mech_sha.c b/usr/lib/common/mech_sha.c
|
|
|
2c1758 |
index 0b9b7b28..1c81abe2 100644
|
|
|
2c1758 |
--- a/usr/lib/common/mech_sha.c
|
|
|
2c1758 |
+++ b/usr/lib/common/mech_sha.c
|
|
|
2c1758 |
@@ -38,30 +38,49 @@
|
|
|
2c1758 |
#include "tok_spec_struct.h"
|
|
|
2c1758 |
#include "trace.h"
|
|
|
2c1758 |
|
|
|
2c1758 |
-#include <openssl/sha.h>
|
|
|
2c1758 |
+#include <openssl/evp.h>
|
|
|
2c1758 |
#include <openssl/crypto.h>
|
|
|
2c1758 |
|
|
|
2c1758 |
//
|
|
|
2c1758 |
// Software SHA-1 implementation (OpenSSL based)
|
|
|
2c1758 |
//
|
|
|
2c1758 |
|
|
|
2c1758 |
-void sw_sha1_init(DIGEST_CONTEXT *ctx)
|
|
|
2c1758 |
+static void sw_sha1_free(STDLL_TokData_t *tokdata, SESSION *sess,
|
|
|
2c1758 |
+ CK_BYTE *context, CK_ULONG context_len)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
- ctx->context_len = sizeof(SHA_CTX);
|
|
|
2c1758 |
- ctx->context = (CK_BYTE *) malloc(sizeof(SHA_CTX));
|
|
|
2c1758 |
+ UNUSED(tokdata);
|
|
|
2c1758 |
+ UNUSED(sess);
|
|
|
2c1758 |
+ UNUSED(context_len);
|
|
|
2c1758 |
+
|
|
|
2c1758 |
+ EVP_MD_CTX_free((EVP_MD_CTX *)context);
|
|
|
2c1758 |
+}
|
|
|
2c1758 |
+
|
|
|
2c1758 |
+CK_RV sw_sha1_init(DIGEST_CONTEXT *ctx)
|
|
|
2c1758 |
+{
|
|
|
2c1758 |
+ ctx->context_len = 1;
|
|
|
2c1758 |
+ ctx->context = (CK_BYTE *)EVP_MD_CTX_new();
|
|
|
2c1758 |
if (ctx->context == NULL) {
|
|
|
2c1758 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
|
2c1758 |
- // TODO: propagate error up?
|
|
|
2c1758 |
- return;
|
|
|
2c1758 |
+ return CKR_HOST_MEMORY;
|
|
|
2c1758 |
+ }
|
|
|
2c1758 |
+
|
|
|
2c1758 |
+ if (!EVP_DigestInit_ex((EVP_MD_CTX *)ctx->context, EVP_sha1(), NULL)) {
|
|
|
2c1758 |
+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
|
2c1758 |
+ EVP_MD_CTX_free((EVP_MD_CTX *)ctx->context);
|
|
|
2c1758 |
+ return CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
- SHA1_Init((SHA_CTX *)ctx->context);
|
|
|
2c1758 |
+ ctx->state_unsaveable = CK_TRUE;
|
|
|
2c1758 |
+ ctx->context_free_func = sw_sha1_free;
|
|
|
2c1758 |
+
|
|
|
2c1758 |
+ return CKR_OK;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
CK_RV sw_sha1_hash(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
|
|
|
2c1758 |
CK_ULONG in_data_len, CK_BYTE *out_data,
|
|
|
2c1758 |
CK_ULONG *out_data_len)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
+ unsigned int len;
|
|
|
2c1758 |
|
|
|
2c1758 |
if (!ctx || !out_data_len) {
|
|
|
2c1758 |
TRACE_ERROR("%s received bad argument(s)\n", __func__);
|
|
|
2c1758 |
@@ -76,43 +95,60 @@ CK_RV sw_sha1_hash(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
|
|
|
2c1758 |
if (ctx->context == NULL)
|
|
|
2c1758 |
return CKR_OPERATION_NOT_INITIALIZED;
|
|
|
2c1758 |
|
|
|
2c1758 |
- SHA1_Update((SHA_CTX *)ctx->context, in_data, in_data_len);
|
|
|
2c1758 |
- SHA1_Final(out_data, (SHA_CTX *)ctx->context);
|
|
|
2c1758 |
- *out_data_len = SHA1_HASH_SIZE;
|
|
|
2c1758 |
+ len = *out_data_len;
|
|
|
2c1758 |
+ if (!EVP_DigestUpdate((EVP_MD_CTX *)ctx->context, in_data, in_data_len) ||
|
|
|
2c1758 |
+ !EVP_DigestFinal((EVP_MD_CTX *)ctx->context, out_data, &len)) {
|
|
|
2c1758 |
+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
|
2c1758 |
+ return CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
+ }
|
|
|
2c1758 |
+
|
|
|
2c1758 |
+ *out_data_len = len;
|
|
|
2c1758 |
|
|
|
2c1758 |
- if (ctx->context_free_func != NULL)
|
|
|
2c1758 |
- ctx->context_free_func(ctx->context, ctx->context_len);
|
|
|
2c1758 |
- else
|
|
|
2c1758 |
- free(ctx->context);
|
|
|
2c1758 |
+ EVP_MD_CTX_free((EVP_MD_CTX *)ctx->context);
|
|
|
2c1758 |
ctx->context = NULL;
|
|
|
2c1758 |
+ ctx->context_free_func = NULL;
|
|
|
2c1758 |
|
|
|
2c1758 |
return CKR_OK;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
-CK_RV sw_sha1_update(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
|
|
|
2c1758 |
- CK_ULONG in_data_len)
|
|
|
2c1758 |
+static CK_RV sw_sha1_update(DIGEST_CONTEXT *ctx, CK_BYTE *in_data,
|
|
|
2c1758 |
+ CK_ULONG in_data_len)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
if (ctx->context == NULL)
|
|
|
2c1758 |
return CKR_OPERATION_NOT_INITIALIZED;
|
|
|
2c1758 |
|
|
|
2c1758 |
- SHA1_Update((SHA_CTX *)ctx->context, in_data, in_data_len);
|
|
|
2c1758 |
+ if (!EVP_DigestUpdate((EVP_MD_CTX *)ctx->context, in_data, in_data_len)) {
|
|
|
2c1758 |
+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
|
2c1758 |
+ return CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
+ }
|
|
|
2c1758 |
+
|
|
|
2c1758 |
return CKR_OK;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
-CK_RV sw_sha1_final(DIGEST_CONTEXT *ctx, CK_BYTE *out_data,
|
|
|
2c1758 |
- CK_ULONG *out_data_len)
|
|
|
2c1758 |
+static CK_RV sw_sha1_final(DIGEST_CONTEXT *ctx, CK_BYTE *out_data,
|
|
|
2c1758 |
+ CK_ULONG *out_data_len)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
+ unsigned int len;
|
|
|
2c1758 |
+
|
|
|
2c1758 |
if (ctx->context == NULL)
|
|
|
2c1758 |
return CKR_OPERATION_NOT_INITIALIZED;
|
|
|
2c1758 |
|
|
|
2c1758 |
- SHA1_Final(out_data, (SHA_CTX *)ctx->context);
|
|
|
2c1758 |
- *out_data_len = SHA1_HASH_SIZE;
|
|
|
2c1758 |
+ if (*out_data_len < SHA1_HASH_SIZE) {
|
|
|
2c1758 |
+ TRACE_ERROR("%s\n", ock_err(ERR_BUFFER_TOO_SMALL));
|
|
|
2c1758 |
+ return CKR_BUFFER_TOO_SMALL;
|
|
|
2c1758 |
+ }
|
|
|
2c1758 |
+
|
|
|
2c1758 |
+ len = *out_data_len;
|
|
|
2c1758 |
+ if (!EVP_DigestFinal((EVP_MD_CTX *)ctx->context, out_data, &len)) {
|
|
|
2c1758 |
+ TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED));
|
|
|
2c1758 |
+ return CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
+ }
|
|
|
2c1758 |
+
|
|
|
2c1758 |
+ *out_data_len = len;
|
|
|
2c1758 |
|
|
|
2c1758 |
- if (ctx->context_free_func != NULL)
|
|
|
2c1758 |
- ctx->context_free_func(ctx->context, ctx->context_len);
|
|
|
2c1758 |
- else
|
|
|
2c1758 |
- free(ctx->context);
|
|
|
2c1758 |
+ EVP_MD_CTX_free((EVP_MD_CTX *)ctx->context);
|
|
|
2c1758 |
ctx->context = NULL;
|
|
|
2c1758 |
+ ctx->context_free_func = NULL;
|
|
|
2c1758 |
|
|
|
2c1758 |
return CKR_OK;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
@@ -134,8 +170,7 @@ CK_RV sha_init(STDLL_TokData_t *tokdata, SESSION *sess, DIGEST_CONTEXT *ctx,
|
|
|
2c1758 |
* supported. JML
|
|
|
2c1758 |
*/
|
|
|
2c1758 |
if (mech->mechanism == CKM_SHA_1) {
|
|
|
2c1758 |
- sw_sha1_init(ctx);
|
|
|
2c1758 |
- return CKR_OK;
|
|
|
2c1758 |
+ return sw_sha1_init(ctx);
|
|
|
2c1758 |
} else {
|
|
|
2c1758 |
return CKR_MECHANISM_INVALID;
|
|
|
2c1758 |
}
|