rpms / tpm2-tools

Clone
Source Code
GIT

Files

  1.   28a59a9050a7c4d5a7b7e31bf38a3eb80d9665e6
  2.   SOURCES
  3.   0010-openssl-Convert-deprecated-SHA256-384-digesters-to-E.patch
Blob Blame History Raw 
From 220b7e0afa943693a4fdafd9a5b8d9e38ea4e785 Mon Sep 17 00:00:00 2001
From: Petr Gotthard <petr.gotthard@centrum.cz>
Date: Sat, 7 Aug 2021 15:54:51 +0200
Subject: [PATCH 09/17] openssl: Convert deprecated SHA256|384 digesters to
 EVP_Digest

The EVP_Digest function is available since OpenSSL 1.1.0

Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
---
 lib/tpm2_identity_util.c | 34 ++++++++++++++++++++++++----------
 lib/tpm2_kdfe.c          | 13 +++++++++++--
 lib/tpm2_openssl.c       | 17 -----------------
 lib/tpm2_openssl.h       | 28 ----------------------------
 lib/tpm2_util.c          | 15 +++++++++++----
 5 files changed, 46 insertions(+), 61 deletions(-)

diff --git a/lib/tpm2_identity_util.c b/lib/tpm2_identity_util.c
index a268295f..e0c3f404 100644
--- a/lib/tpm2_identity_util.c
+++ b/lib/tpm2_identity_util.c
@@ -391,11 +391,20 @@ bool tpm2_identity_util_calculate_inner_integrity(TPMI_ALG_HASH name_alg,
     Tss2_MU_UINT16_Marshal(hash_size, marshalled_sensitive_and_name_digest,
             sizeof(uint16_t), &digest_size_info);
 
-    digester d = tpm2_openssl_halg_to_digester(name_alg);
-    d(buffer_marshalled_sensitiveArea,
-            marshalled_sensitive_size_info + marshalled_sensitive_size
-                    + pubname->size,
-            marshalled_sensitive_and_name_digest + digest_size_info);
+    const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(name_alg);
+    if (!md) {
+        LOG_ERR("Algorithm not supported: %x", name_alg);
+        return false;
+    }
+    int rc = EVP_Digest(buffer_marshalled_sensitiveArea,
+                        marshalled_sensitive_size_info + marshalled_sensitive_size
+                            + pubname->size,
+                        marshalled_sensitive_and_name_digest + digest_size_info,
+                        NULL, md, NULL);
+    if (!rc) {
+        LOG_ERR("Hash calculation failed");
+        return false;
+    }
 
     //Inner integrity
     encrypted_inner_integrity->size = marshalled_sensitive_size_info
@@ -452,16 +461,21 @@ bool tpm2_identity_create_name(TPM2B_PUBLIC *public, TPM2B_NAME *pubname) {
             &tpmt_marshalled_size);
 
     // Step 3 - Hash the data into name just past the alg type.
-    digester d = tpm2_openssl_halg_to_digester(name_alg);
-    if (!d) {
+    const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(name_alg);
+    if (!md) {
+        LOG_ERR("Algorithm not supported: %x", name_alg);
         return false;
     }
 
-    d((const unsigned char *) &marshaled_tpmt, tpmt_marshalled_size,
-            pubname->name + hash_offset);
+    unsigned int hash_size;
+    int rc = EVP_Digest(&marshaled_tpmt, tpmt_marshalled_size,
+                        pubname->name + hash_offset, &hash_size, md, NULL);
+    if (!rc) {
+        LOG_ERR("Hash calculation failed");
+        return false;
+    }
 
     //Set the name size, UINT16 followed by HASH
-    UINT16 hash_size = tpm2_alg_util_get_hash_size(name_alg);
     pubname->size = hash_size + hash_offset;
 
     return true;
diff --git a/lib/tpm2_kdfe.c b/lib/tpm2_kdfe.c
index e8aeb04c..aa4d3e0b 100644
--- a/lib/tpm2_kdfe.c
+++ b/lib/tpm2_kdfe.c
@@ -42,13 +42,22 @@ TSS2_RC tpm2_kdfe(
     tpm2_util_concat_buffer(&hash_input, (TPM2B *) party_u);
     tpm2_util_concat_buffer(&hash_input, (TPM2B *) party_v);
 
-    digester d = tpm2_openssl_halg_to_digester(hash_alg);
+    const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(hash_alg);
+    if (!md) {
+        LOG_ERR("Algorithm not supported: %x", hash_alg);
+        return TPM2_RC_HASH;
+    }
 
     for (done = 0, counter = 1; done < bytes; done += hash_size, counter++) {
         counter_be = tpm2_util_hton_32(counter);
         memcpy(hash_input.buffer, &counter_be, 4);
 
-        d(hash_input.buffer, hash_input.size, result_key->buffer + done);
+        int rc = EVP_Digest(hash_input.buffer, hash_input.size,
+                            result_key->buffer + done, NULL, md, NULL);
+        if (!rc) {
+            LOG_ERR("Hash calculation failed");
+            return TPM2_RC_MEMORY;
+        }
     }
     // truncate the result to the desired size
     result_key->size = bytes;
diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c
index 1752525e..cdce92f8 100644
--- a/lib/tpm2_openssl.c
+++ b/lib/tpm2_openssl.c
@@ -368,23 +368,6 @@ out:
     return result;
 }
 
-digester tpm2_openssl_halg_to_digester(TPMI_ALG_HASH halg) {
-
-    switch (halg) {
-    case TPM2_ALG_SHA1:
-        return SHA1;
-    case TPM2_ALG_SHA256:
-        return SHA256;
-    case TPM2_ALG_SHA384:
-        return SHA384;
-    case TPM2_ALG_SHA512:
-        return SHA512;
-        /* no default */
-    }
-
-    return NULL;
-}
-
 /*
  * Per man openssl(1), handle the following --passin formats:
  *     pass:password
diff --git a/lib/tpm2_openssl.h b/lib/tpm2_openssl.h
index 642e4635..78cb826a 100644
--- a/lib/tpm2_openssl.h
+++ b/lib/tpm2_openssl.h
@@ -28,23 +28,6 @@
         EC_POINT_get_affine_coordinates_GFp(group, tpm_pub_key, bn_x, bn_y, dmy)
 #endif /* OPENSSL_VERSION_NUMBER >= 0x10101000L */
 
-/**
- * Function prototype for a hashing routine.
- *
- * This is a wrapper around OSSL SHA256|384 and etc digesters.
- *
- * @param d
- *  The data to digest.
- * @param n
- *  The length of the data to digest.
- * @param md
- *  The output message digest.
- * @return
- * A pointer to the digest or NULL on error.
- */
-typedef unsigned char *(*digester)(const unsigned char *d, size_t n,
-        unsigned char *md);
-
 static inline const char *tpm2_openssl_get_err(void) {
     return ERR_error_string(ERR_get_error(), NULL);
 }
@@ -147,17 +130,6 @@ bool tpm2_openssl_hash_pcr_banks_le(TPMI_ALG_HASH hashAlg,
 bool tpm2_openssl_pcr_extend(TPMI_ALG_HASH halg, BYTE *pcr,
         const BYTE *data, UINT16 length);
 
-/**
- * Returns a function pointer capable of performing the
- * given digest from a TPMI_HASH_ALG.
- *
- * @param halg
- *  The hashing algorithm to use.
- * @return
- *  NULL on failure or a valid digester on success.
- */
-digester tpm2_openssl_halg_to_digester(TPMI_ALG_HASH halg);
-
 typedef enum tpm2_openssl_load_rc tpm2_openssl_load_rc;
 enum tpm2_openssl_load_rc {
     lprc_error = 0, /* an error has occurred */
diff --git a/lib/tpm2_util.c b/lib/tpm2_util.c
index 4125a4b9..d2c654db 100644
--- a/lib/tpm2_util.c
+++ b/lib/tpm2_util.c
@@ -579,13 +579,20 @@ bool tpm2_util_calc_unique(TPMI_ALG_HASH name_alg,
     memcpy(buf.buffer, seed->buffer, seed->size);
     memcpy(&buf.buffer[seed->size], key->buffer, key->size);
 
-    digester d = tpm2_openssl_halg_to_digester(name_alg);
-    if (!d) {
+    const EVP_MD *md = tpm2_openssl_halg_from_tpmhalg(name_alg);
+    if (!md) {
+        LOG_ERR("Algorithm not supported: %x", name_alg);
         return false;
     }
 
-    unique_data->size = tpm2_alg_util_get_hash_size(name_alg);
-    d(buf.buffer, buf.size, unique_data->buffer);
+    unsigned int hash_size;
+    int rc = EVP_Digest(buf.buffer, buf.size, unique_data->buffer, &hash_size,
+                        md, NULL);
+    if (!rc) {
+        LOG_ERR("Hash calculation failed");
+        return false;
+    }
+    unique_data->size = hash_size;
 
     return true;
 }
-- 
2.31.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation