diff options
| author | Lennart Poettering <lennart@poettering.net> | 2021-09-29 09:47:08 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-09-29 15:04:14 +0200 |
| commit | 18f568b8e64b48f6aee204cc6384b4796cd27eb0 (patch) | |
| tree | a969aedf32c534f5b1aabf78871d7b519a9cc54f /src | |
| parent | 14bb72953458caace048b55ead7ea06a592b864f (diff) | |
| download | systemd-18f568b8e64b48f6aee204cc6384b4796cd27eb0.tar.gz | |
creds-util: switch to OpenSSL 3.0 APIs
Let's switch from the low-level SHA256 APIs to EVP APIs. The former are
deprecated on OpenSSL 3.0, the latter are supported both by old
OpenSSL and by OpenSSL 3.0, hence are the better choice.
Fixes: #20775
Diffstat (limited to 'src')
| -rw-r--r-- | src/shared/creds-util.c | 18 | ||||
| -rw-r--r-- | src/shared/openssl-util.h | 1 |
2 files changed, 14 insertions, 5 deletions
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c index d1ca3778b7..b764198b76 100644 --- a/src/shared/creds-util.c +++ b/src/shared/creds-util.c @@ -401,7 +401,8 @@ static int sha256_hash_host_and_tpm2_key( size_t tpm2_key_size, uint8_t ret[static SHA256_DIGEST_LENGTH]) { - SHA256_CTX sha256_context; + _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *md = NULL; + unsigned l; assert(host_key_size == 0 || host_key); assert(tpm2_key_size == 0 || tpm2_key); @@ -409,18 +410,25 @@ static int sha256_hash_host_and_tpm2_key( /* Combines the host key and the TPM2 HMAC hash into a SHA256 hash value we'll use as symmetric encryption key. */ - if (SHA256_Init(&sha256_context) != 1) + md = EVP_MD_CTX_new(); + if (!md) + return log_oom(); + + if (EVP_DigestInit_ex(md, EVP_sha256(), NULL) != 1) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initial SHA256 context."); - if (host_key && SHA256_Update(&sha256_context, host_key, host_key_size) != 1) + if (host_key && EVP_DigestUpdate(md, host_key, host_key_size) != 1) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash host key."); - if (tpm2_key && SHA256_Update(&sha256_context, tpm2_key, tpm2_key_size) != 1) + if (tpm2_key && EVP_DigestUpdate(md, tpm2_key, tpm2_key_size) != 1) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash TPM2 key."); - if (SHA256_Final(ret, &sha256_context) != 1) + assert(EVP_MD_CTX_size(md) == SHA256_DIGEST_LENGTH); + + if (EVP_DigestFinal_ex(md, ret, &l) != 1) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize SHA256 hash."); + assert(l == SHA256_DIGEST_LENGTH); return 0; } diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h index 66441c232c..5840d57d16 100644 --- a/src/shared/openssl-util.h +++ b/src/shared/openssl-util.h @@ -17,6 +17,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL); static inline void sk_X509_free_allp(STACK_OF(X509) **sk) { if (!sk || !*sk) |