From 59f35567cf810d9eafdeedced5dc5571d9b33dfd Mon Sep 17 00:00:00 2001

From: Petr Gotthard <petr.gotthard@centrum.cz>

Date: Sat, 7 Aug 2021 12:26:15 +0200

Subject: [PATCH 07/17] openssl: Replace SHA256_CTX by EVP_MD_CTX

The EVP_MD_CTX_new() was introduced in OpenSSL 1.1.0 and

the SHA256_CTX was deprecated in OpenSSL 3.0.0.

Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>

---

 tools/tpm2_getekcertificate.c | 28 +++++++++++++++-------------

 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/tools/tpm2_getekcertificate.c b/tools/tpm2_getekcertificate.c

index b480dbc3..81600b61 100644

--- a/tools/tpm2_getekcertificate.c

+++ b/tools/tpm2_getekcertificate.c

@@ -63,20 +63,20 @@ static unsigned char *hash_ek_public(void) {

         return NULL;

     }

-    SHA256_CTX sha256;

-    int is_success = SHA256_Init(&sha256);

+    EVP_MD_CTX *sha256 = EVP_MD_CTX_new();

+    int is_success = EVP_DigestInit(sha256, EVP_sha256());

     if (!is_success) {

-        LOG_ERR("SHA256_Init failed");

+        LOG_ERR("EVP_DigestInit failed");

         goto err;

     }

     switch (ctx.out_public->publicArea.type) {

     case TPM2_ALG_RSA:

-        is_success = SHA256_Update(&sha256,

+        is_success = EVP_DigestUpdate(sha256,

                 ctx.out_public->publicArea.unique.rsa.buffer,

                 ctx.out_public->publicArea.unique.rsa.size);

         if (!is_success) {

-            LOG_ERR("SHA256_Update failed");

+            LOG_ERR("EVP_DigestUpdate failed");

             goto err;

         }

@@ -85,27 +85,27 @@ static unsigned char *hash_ek_public(void) {

             goto err;

         }

         BYTE buf[3] = { 0x1, 0x00, 0x01 }; // Exponent

-        is_success = SHA256_Update(&sha256, buf, sizeof(buf));

+        is_success = EVP_DigestUpdate(sha256, buf, sizeof(buf));

         if (!is_success) {

-            LOG_ERR("SHA256_Update failed");

+            LOG_ERR("EVP_DigestUpdate failed");

             goto err;

         }

         break;

     case TPM2_ALG_ECC:

-        is_success = SHA256_Update(&sha256,

+        is_success = EVP_DigestUpdate(sha256,

                 ctx.out_public->publicArea.unique.ecc.x.buffer,

                 ctx.out_public->publicArea.unique.ecc.x.size);

         if (!is_success) {

-            LOG_ERR("SHA256_Update failed");

+            LOG_ERR("EVP_DigestUpdate failed");

             goto err;

         }

-        is_success = SHA256_Update(&sha256,

+        is_success = EVP_DigestUpdate(sha256,

                 ctx.out_public->publicArea.unique.ecc.y.buffer,

                 ctx.out_public->publicArea.unique.ecc.y.size);

         if (!is_success) {

-            LOG_ERR("SHA256_Update failed");

+            LOG_ERR("EVP_DigestUpdate failed");

             goto err;

         }

         break;

@@ -115,12 +115,13 @@ static unsigned char *hash_ek_public(void) {

         goto err;

     }

-    is_success = SHA256_Final(hash, &sha256);

+    is_success = EVP_DigestFinal_ex(sha256, hash, NULL);

     if (!is_success) {

-        LOG_ERR("SHA256_Final failed");

+        LOG_ERR("EVP_DigestFinal failed");

         goto err;

     }

+    EVP_MD_CTX_free(sha256);

     if (ctx.verbose) {

         tpm2_tool_output("public-key-hash:\n");

         tpm2_tool_output("  sha256: ");

@@ -134,6 +135,7 @@ static unsigned char *hash_ek_public(void) {

     return hash;

 err:

     free(hash);

+    EVP_MD_CTX_free(sha256);

     return NULL;

 }

-- 

2.31.1