From: ben-skyportsystems <b...@skyportsystems.com>
Newer versions of OpenSSL (v1.1.0+) do not allow direct manipulation of
evp_md_ctx structs, so manage the object lifecycles by functions.
Signed-off-by: Ben Warren <b...@skyportsystems.com>
---
lcptools-v2/hash.c | 36 ++++++++++++++++++++----------------
lcptools/hash.c | 18 ++++++++++--------
lcptools/mlehash.c | 10 ++++++----
tb_polgen/commands.c | 26 ++++++++++++++++----------
tb_polgen/hash.c | 18 ++++++++++--------
5 files changed, 62 insertions(+), 46 deletions(-)
diff --git a/lcptools-v2/hash.c b/lcptools-v2/hash.c
index e8e8d72..0fbaecc 100644
--- a/lcptools-v2/hash.c
+++ b/lcptools-v2/hash.c
@@ -82,33 +82,36 @@ bool hash_buffer(const unsigned char* buf, size_t size,
tb_hash_t *hash,
return false;
if ( hash_alg == TB_HALG_SHA1 ) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
md = EVP_sha1();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buf, size);
- EVP_DigestFinal(&ctx, hash->sha1, NULL);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, buf, size);
+ EVP_DigestFinal(ctx, hash->sha1, NULL);
+ EVP_MD_CTX_destroy(ctx);
return true;
}
else if (hash_alg == TB_HALG_SHA256) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
md = EVP_sha256();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buf, size);
- EVP_DigestFinal(&ctx, hash->sha256, NULL);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, buf, size);
+ EVP_DigestFinal(ctx, hash->sha256, NULL);
+ EVP_MD_CTX_destroy(ctx);
return true;
}
else if (hash_alg == TB_HALG_SHA384) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
md = EVP_sha384();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buf, size);
- EVP_DigestFinal(&ctx, hash->sha384, NULL);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, buf, size);
+ EVP_DigestFinal(ctx, hash->sha384, NULL);
+ EVP_MD_CTX_destroy(ctx);
return true;
}
else
@@ -129,15 +132,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t
*hash2, uint16_t hash_alg)
return false;
if ( hash_alg == TB_HALG_SHA1 ) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1));
memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1));
md = EVP_sha1();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buf, 2*sizeof(hash1->sha1));
- EVP_DigestFinal(&ctx, hash1->sha1, NULL);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1));
+ EVP_DigestFinal(ctx, hash1->sha1, NULL);
+ EVP_MD_CTX_destroy(ctx);
return true;
}
else
diff --git a/lcptools/hash.c b/lcptools/hash.c
index 8f666ac..86338ea 100644
--- a/lcptools/hash.c
+++ b/lcptools/hash.c
@@ -74,13 +74,14 @@ bool hash_buffer(const unsigned char* buf, size_t size,
tb_hash_t *hash,
return false;
if ( hash_alg == TB_HALG_SHA1_LG ) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
md = EVP_sha1();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buf, size);
- EVP_DigestFinal(&ctx, hash->sha1, NULL);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, buf, size);
+ EVP_DigestFinal(ctx, hash->sha1, NULL);
+ EVP_MD_CTX_destroy(ctx);
return true;
}
else
@@ -101,15 +102,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t
*hash2, uint16_t hash_alg)
return false;
if ( hash_alg == TB_HALG_SHA1_LG ) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1));
memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1));
md = EVP_sha1();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buf, 2*sizeof(hash1->sha1));
- EVP_DigestFinal(&ctx, hash1->sha1, NULL);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1));
+ EVP_DigestFinal(ctx, hash1->sha1, NULL);
+ EVP_MD_CTX_destroy(ctx);
return true;
}
else
diff --git a/lcptools/mlehash.c b/lcptools/mlehash.c
index dc9ddb1..e727c29 100644
--- a/lcptools/mlehash.c
+++ b/lcptools/mlehash.c
@@ -336,7 +336,7 @@ int main(int argc, char* argv[])
bool help = false;
char *mle_file;
extern int optind; /* current index of get_opt() */
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
char *cmdline = NULL;
@@ -418,10 +418,10 @@ int main(int argc, char* argv[])
/* SHA-1 the MLE portion of the image */
md = EVP_sha1();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, exp_start + mle_hdr->mle_start_off,
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, exp_start + mle_hdr->mle_start_off,
mle_hdr->mle_end_off - mle_hdr->mle_start_off);
- EVP_DigestFinal(&ctx, (unsigned char *)hash, NULL);
+ EVP_DigestFinal(ctx, (unsigned char *)hash, NULL);
log_info("SHA-1 = ");
/* we always print the hash regardless of verbose mode */
@@ -432,11 +432,13 @@ int main(int argc, char* argv[])
}
printf("\n");
+ EVP_MD_CTX_destroy(ctx);
free(base);
free(exp_start);
return 0;
error:
+ EVP_MD_CTX_destroy(ctx);
free(base);
free(exp_start);
return 1;
diff --git a/tb_polgen/commands.c b/tb_polgen/commands.c
index 69353a5..892c737 100644
--- a/tb_polgen/commands.c
+++ b/tb_polgen/commands.c
@@ -55,7 +55,6 @@ static bool hash_file(const char *filename, bool unzip,
tb_hash_t *hash)
{
FILE *f;
static char buf[1024];
- EVP_MD_CTX ctx;
const EVP_MD *md;
int read_cnt;
@@ -69,8 +68,9 @@ static bool hash_file(const char *filename, bool unzip,
tb_hash_t *hash)
return false;
}
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
md = EVP_sha1();
- EVP_DigestInit(&ctx, md);
+ EVP_DigestInit(ctx, md);
do {
if ( unzip )
read_cnt = gzread((gzFile)f, buf, sizeof(buf));
@@ -79,15 +79,16 @@ static bool hash_file(const char *filename, bool unzip,
tb_hash_t *hash)
if ( read_cnt == 0 )
break;
- EVP_DigestUpdate(&ctx, buf, read_cnt);
+ EVP_DigestUpdate(ctx, buf, read_cnt);
} while ( true );
- EVP_DigestFinal(&ctx, hash->sha1, NULL);
+ EVP_DigestFinal(ctx, hash->sha1, NULL);
if ( unzip )
gzclose((gzFile)f);
else
fclose(f);
+ EVP_MD_CTX_destroy(ctx);
return true;
}
@@ -165,17 +166,17 @@ bool do_add(const param_data_t *params)
/* hash command line and files */
if ( params->hash_type == TB_HTYPE_IMAGE ) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
tb_hash_t final_hash, hash;
/* hash command line */
info_msg("hashing command line \"%s\"...\n", params->cmdline);
md = EVP_sha1();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, (unsigned char *)params->cmdline,
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, (unsigned char *)params->cmdline,
strlen(params->cmdline));
- EVP_DigestFinal(&ctx, (unsigned char *)&final_hash, NULL);
+ EVP_DigestFinal(ctx, (unsigned char *)&final_hash, NULL);
if ( verbose ) {
info_msg("hash is...");
print_hash(&final_hash, TB_HALG_SHA1);
@@ -183,15 +184,19 @@ bool do_add(const param_data_t *params)
/* hash file */
info_msg("hashing image file %s...\n", params->image_file);
- if ( !hash_file(params->image_file, true, &hash) )
+ if ( !hash_file(params->image_file, true, &hash) ) {
+ EVP_MD_CTX_destroy(ctx);
return false;
+ }
if ( verbose ) {
info_msg("hash is...");
print_hash(&hash, TB_HALG_SHA1);
}
- if ( !extend_hash(&final_hash, &hash, TB_HALG_SHA1) )
+ if ( !extend_hash(&final_hash, &hash, TB_HALG_SHA1) ) {
+ EVP_MD_CTX_destroy(ctx);
return false;
+ }
if ( verbose ) {
info_msg("cummulative hash is...");
@@ -200,6 +205,7 @@ bool do_add(const param_data_t *params)
if ( !add_hash(pol_entry, &final_hash) ) {
error_msg("cannot add another hash\n");
+ EVP_MD_CTX_destroy(ctx);
return false;
}
}
diff --git a/tb_polgen/hash.c b/tb_polgen/hash.c
index f6ffb38..8ae06ab 100644
--- a/tb_polgen/hash.c
+++ b/tb_polgen/hash.c
@@ -83,13 +83,14 @@ bool hash_buffer(const unsigned char* buf, size_t size,
tb_hash_t *hash,
}
if ( hash_alg == TB_HALG_SHA1 ) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
md = EVP_sha1();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buf, size);
- EVP_DigestFinal(&ctx, hash->sha1, NULL);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, buf, size);
+ EVP_DigestFinal(ctx, hash->sha1, NULL);
+ EVP_MD_CTX_destroy(ctx);
return true;
}
else {
@@ -114,15 +115,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t
*hash2, uint16_t hash_alg)
}
if ( hash_alg == TB_HALG_SHA1 ) {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1));
memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1));
md = EVP_sha1();
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buf, 2*sizeof(hash1->sha1));
- EVP_DigestFinal(&ctx, hash1->sha1, NULL);
+ EVP_DigestInit(ctx, md);
+ EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1));
+ EVP_DigestFinal(ctx, hash1->sha1, NULL);
+ EVP_MD_CTX_destroy(ctx);
return true;
}
else {
--
2.6.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
