From 59f35567cf810d9eafdeedced5dc5571d9b33dfd Mon Sep 17 00:00:00 2001
From: Petr Gotthard <petr.gotthard@centrum.cz>
Date: Sat, 7 Aug 2021 12:26:15 +0200
Subject: [PATCH 07/17] openssl: Replace SHA256_CTX by EVP_MD_CTX

The EVP_MD_CTX_new() was introduced in OpenSSL 1.1.0 and
the SHA256_CTX was deprecated in OpenSSL 3.0.0.

Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
---
 tools/tpm2_getekcertificate.c | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/tools/tpm2_getekcertificate.c b/tools/tpm2_getekcertificate.c
index b480dbc3..81600b61 100644
--- a/tools/tpm2_getekcertificate.c
+++ b/tools/tpm2_getekcertificate.c
@@ -63,20 +63,20 @@ static unsigned char *hash_ek_public(void) {
         return NULL;
     }
 
-    SHA256_CTX sha256;
-    int is_success = SHA256_Init(&sha256);
+    EVP_MD_CTX *sha256 = EVP_MD_CTX_new();
+    int is_success = EVP_DigestInit(sha256, EVP_sha256());
     if (!is_success) {
-        LOG_ERR("SHA256_Init failed");
+        LOG_ERR("EVP_DigestInit failed");
         goto err;
     }
 
     switch (ctx.out_public->publicArea.type) {
     case TPM2_ALG_RSA:
-        is_success = SHA256_Update(&sha256,
+        is_success = EVP_DigestUpdate(sha256,
                 ctx.out_public->publicArea.unique.rsa.buffer,
                 ctx.out_public->publicArea.unique.rsa.size);
         if (!is_success) {
-            LOG_ERR("SHA256_Update failed");
+            LOG_ERR("EVP_DigestUpdate failed");
             goto err;
         }
 
@@ -85,27 +85,27 @@ static unsigned char *hash_ek_public(void) {
             goto err;
         }
         BYTE buf[3] = { 0x1, 0x00, 0x01 }; // Exponent
-        is_success = SHA256_Update(&sha256, buf, sizeof(buf));
+        is_success = EVP_DigestUpdate(sha256, buf, sizeof(buf));
         if (!is_success) {
-            LOG_ERR("SHA256_Update failed");
+            LOG_ERR("EVP_DigestUpdate failed");
             goto err;
         }
         break;
 
     case TPM2_ALG_ECC:
-        is_success = SHA256_Update(&sha256,
+        is_success = EVP_DigestUpdate(sha256,
                 ctx.out_public->publicArea.unique.ecc.x.buffer,
                 ctx.out_public->publicArea.unique.ecc.x.size);
         if (!is_success) {
-            LOG_ERR("SHA256_Update failed");
+            LOG_ERR("EVP_DigestUpdate failed");
             goto err;
         }
 
-        is_success = SHA256_Update(&sha256,
+        is_success = EVP_DigestUpdate(sha256,
                 ctx.out_public->publicArea.unique.ecc.y.buffer,
                 ctx.out_public->publicArea.unique.ecc.y.size);
         if (!is_success) {
-            LOG_ERR("SHA256_Update failed");
+            LOG_ERR("EVP_DigestUpdate failed");
             goto err;
         }
         break;
@@ -115,12 +115,13 @@ static unsigned char *hash_ek_public(void) {
         goto err;
     }
 
-    is_success = SHA256_Final(hash, &sha256);
+    is_success = EVP_DigestFinal_ex(sha256, hash, NULL);
     if (!is_success) {
-        LOG_ERR("SHA256_Final failed");
+        LOG_ERR("EVP_DigestFinal failed");
         goto err;
     }
 
+    EVP_MD_CTX_free(sha256);
     if (ctx.verbose) {
         tpm2_tool_output("public-key-hash:\n");
         tpm2_tool_output("  sha256: ");
@@ -134,6 +135,7 @@ static unsigned char *hash_ek_public(void) {
     return hash;
 err:
     free(hash);
+    EVP_MD_CTX_free(sha256);
     return NULL;
 }
 
-- 
2.31.1