system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-15 04:24:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

creds-util: switch to OpenSSL 3.0 APIs

Browse source 
Let's switch from the low-level SHA256 APIs to EVP APIs. The former are
deprecated on OpenSSL 3.0, the latter are supported both by old
OpenSSL and by OpenSSL 3.0, hence are the better choice.

Fixes: #20775
This commit is contained in:
Lennart Poettering 2021-09-29 09:47:08 +02:00
parent 14bb729534
commit 18f568b8e6
2 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/shared/creds-util.c
View file

@ -401,7 +401,8 @@ static int sha256_hash_host_and_tpm2_key(
size_t tpm2_key_size,
uint8_t ret[static SHA256_DIGEST_LENGTH]) {
SHA256_CTX sha256_context;
_cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *md = NULL;
unsigned l;
assert(host_key_size == 0 || host_key);
assert(tpm2_key_size == 0 || tpm2_key);
@ -409,18 +410,25 @@ static int sha256_hash_host_and_tpm2_key(
/* Combines the host key and the TPM2 HMAC hash into a SHA256 hash value we'll use as symmetric encryption key. */
if (SHA256_Init(&sha256_context) != 1)
md = EVP_MD_CTX_new();
if (!md)
return log_oom();
if (EVP_DigestInit_ex(md, EVP_sha256(), NULL) != 1)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initial SHA256 context.");
if (host_key && SHA256_Update(&sha256_context, host_key, host_key_size) != 1)
if (host_key && EVP_DigestUpdate(md, host_key, host_key_size) != 1)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash host key.");
if (tpm2_key && SHA256_Update(&sha256_context, tpm2_key, tpm2_key_size) != 1)
if (tpm2_key && EVP_DigestUpdate(md, tpm2_key, tpm2_key_size) != 1)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash TPM2 key.");
if (SHA256_Final(ret, &sha256_context) != 1)
assert(EVP_MD_CTX_size(md) == SHA256_DIGEST_LENGTH);
if (EVP_DigestFinal_ex(md, ret, &l) != 1)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize SHA256 hash.");
assert(l == SHA256_DIGEST_LENGTH);
return 0;
}

1
src/shared/openssl-util.h
View file

@ -17,6 +17,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL);
static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
if (!sk || !*sk)