diff --git a/Makefile-test.am b/Makefile-test.am index 8b45f4619..7ea9397f4 100644 --- a/Makefile-test.am +++ b/Makefile-test.am @@ -701,7 +701,7 @@ test_unit_fapi_get_intl_cert_CFLAGS = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS) test_unit_fapi_get_intl_cert_LDADD = $(CMOCKA_LIBS) $(TESTS_LDADD) test_unit_fapi_get_intl_cert_LDFLAGS = $(TESTS_LDFLAGS) $(JSONC_LIBS) $(CURL_LIBS) \ -Wl,--wrap=ifapi_get_curl_buffer \ - -Wl,--wrap=SHA256_Update + -Wl,--wrap=EVP_DigestUpdate test_unit_fapi_get_intl_cert_SOURCES = test/unit/fapi-get-intl-cert.c \ src/tss2-fapi/ifapi_get_intl_cert.c \ src/tss2-fapi/ifapi_json_deserialize.c \ diff --git a/src/tss2-fapi/ifapi_get_intl_cert.c b/src/tss2-fapi/ifapi_get_intl_cert.c index b66e06508..726e9b2c1 100644 --- a/src/tss2-fapi/ifapi_get_intl_cert.c +++ b/src/tss2-fapi/ifapi_get_intl_cert.c @@ -53,21 +53,26 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) { return NULL; } - SHA256_CTX sha256; - int is_success = SHA256_Init(&sha256); + EVP_MD_CTX *sha256ctx = EVP_MD_CTX_new(); + if (!sha256ctx) { + LOG_ERROR("EVP_MD_CTX_new failed"); + goto err; + } + + int is_success = EVP_DigestInit(sha256ctx, EVP_sha256()); if (!is_success) { - LOG_ERROR("SHA256_Init failed"); + LOG_ERROR("EVP_DigestInit failed"); goto err; } switch (ek_public->publicArea.type) { case TPM2_ALG_RSA: /* Add public key to the hash. */ - is_success = SHA256_Update(&sha256, - ek_public->publicArea.unique.rsa.buffer, - ek_public->publicArea.unique.rsa.size); + is_success = EVP_DigestUpdate(sha256ctx, + ek_public->publicArea.unique.rsa.buffer, + ek_public->publicArea.unique.rsa.size); if (!is_success) { - LOG_ERROR("SHA256_Update failed"); + LOG_ERROR("EVP_DigestUpdate failed"); goto err; } @@ -78,28 +83,28 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) { } /* Exponent 65537 will be added. */ BYTE buf[3] = { 0x1, 0x00, 0x01 }; - is_success = SHA256_Update(&sha256, buf, sizeof(buf)); + is_success = EVP_DigestUpdate(sha256ctx, buf, sizeof(buf)); if (!is_success) { - LOG_ERROR("SHA256_Update failed"); + LOG_ERROR("EVP_DigestUpdate failed"); goto err; } break; case TPM2_ALG_ECC: - is_success = SHA256_Update(&sha256, - ek_public->publicArea.unique.ecc.x.buffer, - ek_public->publicArea.unique.ecc.x.size); + is_success = EVP_DigestUpdate(sha256ctx, + ek_public->publicArea.unique.ecc.x.buffer, + ek_public->publicArea.unique.ecc.x.size); if (!is_success) { - LOG_ERROR("SHA256_Update failed"); + LOG_ERROR("EVP_DigestUpdate failed"); goto err; } /* Add public key to the hash. */ - is_success = SHA256_Update(&sha256, - ek_public->publicArea.unique.ecc.y.buffer, - ek_public->publicArea.unique.ecc.y.size); + is_success = EVP_DigestUpdate(sha256ctx, + ek_public->publicArea.unique.ecc.y.buffer, + ek_public->publicArea.unique.ecc.y.size); if (!is_success) { - LOG_ERROR("SHA256_Update failed"); + LOG_ERROR("EVP_DigestUpdate failed"); goto err; } break; @@ -109,17 +114,19 @@ static unsigned char *hash_ek_public(TPM2B_PUBLIC *ek_public) { goto err; } - is_success = SHA256_Final(hash, &sha256); + is_success = EVP_DigestFinal_ex(sha256ctx, hash, NULL); if (!is_success) { LOG_ERROR("SHA256_Final failed"); goto err; } + EVP_MD_CTX_free(sha256ctx); LOG_TRACE("public-key-hash:"); LOG_TRACE(" sha256: "); LOGBLOB_TRACE(&hash[0], SHA256_DIGEST_LENGTH, "Hash"); return hash; err: + EVP_MD_CTX_free(sha256ctx); free(hash); return NULL; } diff --git a/test/unit/fapi-get-intl-cert.c b/test/unit/fapi-get-intl-cert.c index 1099a64fd..10c6acdf4 100644 --- a/test/unit/fapi-get-intl-cert.c +++ b/test/unit/fapi-get-intl-cert.c @@ -15,7 +15,7 @@ #include #include #include -#include +#include #include #include @@ -124,7 +124,7 @@ __wrap_ifapi_get_curl_buffer(unsigned char * url, unsigned char ** buffer, size_t *buffer_size) { UNUSED(url); - *buffer = (unsigned char *)strdup(mock_json_cert); ; + *buffer = (unsigned char *)strdup(mock_json_cert); *buffer_size = strlen(mock_json_cert) + 1; return 0; } @@ -132,22 +132,22 @@ __wrap_ifapi_get_curl_buffer(unsigned char * url, unsigned char ** buffer, /* * Wrapper function for updating the hash of EK public data. */ -size_t wrap_SHA256_update_test = 0; +size_t wrap_EVP_DigestUpdate_test = 0; int -__real_SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +__real_EVP_DigestUpdate(EVP_MD_CTX *c, const void *data, size_t len); int -__wrap_SHA256_Update(SHA256_CTX *c, const void *data, size_t len) +__wrap_EVP_DigestUpdate(EVP_MD_CTX *c, const void *data, size_t len) { - if (!wrap_SHA256_update_test) { - return __real_SHA256_Update(c, data, len); - } else if (wrap_SHA256_update_test == 1) { - wrap_SHA256_update_test = 0; + if (!wrap_EVP_DigestUpdate_test) { + return __real_EVP_DigestUpdate(c, data, len); + } else if (wrap_EVP_DigestUpdate_test == 1) { + wrap_EVP_DigestUpdate_test = 0; return mock_type(int); } else { - wrap_SHA256_update_test--; - return __real_SHA256_Update(c, data, len); + wrap_EVP_DigestUpdate_test--; + return __real_EVP_DigestUpdate(c, data, len); } } @@ -213,21 +213,21 @@ check_get_intl_cert_sha_error(void **state) { unsigned char *cert_buf = NULL; size_t cert_size; TSS2_RC r; - will_return_always(__wrap_SHA256_Update, 0); + will_return_always(__wrap_EVP_DigestUpdate, 0); mock_json_cert = valid_json_cert; - wrap_SHA256_update_test = 1; + wrap_EVP_DigestUpdate_test = 1; r = ifapi_get_intl_ek_certificate(ctx, &eccPublic, &cert_buf, &cert_size); assert_int_equal(r,TSS2_FAPI_RC_NO_CERT); - wrap_SHA256_update_test = 1; + wrap_EVP_DigestUpdate_test = 1; r = ifapi_get_intl_ek_certificate(ctx, &rsaPublic, &cert_buf, &cert_size); assert_int_equal(r,TSS2_FAPI_RC_NO_CERT); - wrap_SHA256_update_test = 2; + wrap_EVP_DigestUpdate_test = 2; r = ifapi_get_intl_ek_certificate(ctx, &eccPublic, &cert_buf, &cert_size); assert_int_equal(r,TSS2_FAPI_RC_NO_CERT); - wrap_SHA256_update_test = 2; + wrap_EVP_DigestUpdate_test = 2; r = ifapi_get_intl_ek_certificate(ctx, &rsaPublic, &cert_buf, &cert_size); assert_int_equal(r,TSS2_FAPI_RC_NO_CERT);