From d67cbd4e6dc7ac83fd0c06a382a89d12f921628a Mon Sep 17 00:00:00 2001

From: Petr Gotthard <petr.gotthard@centrum.cz>

Date: Sun, 15 Aug 2021 11:54:00 +0200

Subject: [PATCH 11/17] openssl: Use EVP_MAC_update instead HMAC_Update on

 OpenSSL >= 3.0.0

The HMAC_Update is deprecated in OpenSSL 3.0, but the replacement

EVP_MAC_update was added in OpenSSL 3.0, so version specific code is

needed.

Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>

---

 lib/tpm2_kdfa.c | 35 +++++++++++++++++++++++++++++++++++

 1 file changed, 35 insertions(+)

diff --git a/lib/tpm2_kdfa.c b/lib/tpm2_kdfa.c

index c8d0a2e1..5eb8d558 100644

--- a/lib/tpm2_kdfa.c

+++ b/lib/tpm2_kdfa.c

@@ -2,6 +2,13 @@

 #include <string.h>

+#include <openssl/evp.h>

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

+#include <openssl/hmac.h>

+#else

+#include <openssl/core_names.h>

+#endif

+

 #include "log.h"

 #include "tpm2_kdfa.h"

 #include "tpm2_openssl.h"

@@ -40,13 +47,27 @@ TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label,

         return TPM2_RC_HASH;

     }

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

     HMAC_CTX *ctx = HMAC_CTX_new();

+#else

+    EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);

+    EVP_MAC_CTX *ctx = EVP_MAC_CTX_new(hmac);

+#endif

     if (!ctx) {

         LOG_ERR("HMAC context allocation failed");

         return TPM2_RC_MEMORY;

     }

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

     int rc = HMAC_Init_ex(ctx, key->buffer, key->size, md, NULL);

+#else

+    OSSL_PARAM params[2];

+

+    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,

+                                                 (char *)EVP_MD_get0_name(md), 0);

+    params[1] = OSSL_PARAM_construct_end();

+    int rc = EVP_MAC_init(ctx, key->buffer, key->size, params);

+#endif

     if (!rc) {

         LOG_ERR("HMAC Init failed: %s", ERR_error_string(rc, NULL));

         rval = TPM2_RC_MEMORY;

@@ -71,7 +92,11 @@ TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label,

         int c;

         for (c = 0; c < j; c++) {

             TPM2B_DIGEST *digest = buffer_list[c];

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

             int rc = HMAC_Update(ctx, digest->buffer, digest->size);

+#else

+            int rc = EVP_MAC_update(ctx, digest->buffer, digest->size);

+#endif

             if (!rc) {

                 LOG_ERR("HMAC Update failed: %s", ERR_error_string(rc, NULL));

                 rval = TPM2_RC_MEMORY;

@@ -79,8 +104,13 @@ TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label,

             }

         }

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

         unsigned size = sizeof(tmpResult.buffer);

         int rc = HMAC_Final(ctx, tmpResult.buffer, &size);

+#else

+        size_t size;

+        int rc = EVP_MAC_final(ctx, tmpResult.buffer, &size, sizeof(tmpResult.buffer));

+#endif

         if (!rc) {

             LOG_ERR("HMAC Final failed: %s", ERR_error_string(rc, NULL));

             rval = TPM2_RC_MEMORY;

@@ -100,7 +130,12 @@ TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label,

     result_key->size = bytes;

 err:

+#if OPENSSL_VERSION_NUMBER < 0x30000000L

     HMAC_CTX_free(ctx);

+#else

+    EVP_MAC_CTX_free(ctx);

+    EVP_MAC_free(hmac);

+#endif

     return rval;

 }

-- 

2.31.1