From: ben-skyportsystems <b...@skyportsystems.com> Newer versions of OpenSSL (v1.1.0+) do not allow direct manipulation of evp_md_ctx structs, so manage the object lifecycles by functions.
Signed-off-by: Ben Warren <b...@skyportsystems.com> --- lcptools-v2/hash.c | 36 ++++++++++++++++++++---------------- lcptools/hash.c | 18 ++++++++++-------- lcptools/mlehash.c | 10 ++++++---- tb_polgen/commands.c | 26 ++++++++++++++++---------- tb_polgen/hash.c | 18 ++++++++++-------- 5 files changed, 62 insertions(+), 46 deletions(-) diff --git a/lcptools-v2/hash.c b/lcptools-v2/hash.c index e8e8d72..0fbaecc 100644 --- a/lcptools-v2/hash.c +++ b/lcptools-v2/hash.c @@ -82,33 +82,36 @@ bool hash_buffer(const unsigned char* buf, size_t size, tb_hash_t *hash, return false; if ( hash_alg == TB_HALG_SHA1 ) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; md = EVP_sha1(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, buf, size); - EVP_DigestFinal(&ctx, hash->sha1, NULL); + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, buf, size); + EVP_DigestFinal(ctx, hash->sha1, NULL); + EVP_MD_CTX_destroy(ctx); return true; } else if (hash_alg == TB_HALG_SHA256) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; md = EVP_sha256(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, buf, size); - EVP_DigestFinal(&ctx, hash->sha256, NULL); + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, buf, size); + EVP_DigestFinal(ctx, hash->sha256, NULL); + EVP_MD_CTX_destroy(ctx); return true; } else if (hash_alg == TB_HALG_SHA384) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; md = EVP_sha384(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, buf, size); - EVP_DigestFinal(&ctx, hash->sha384, NULL); + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, buf, size); + EVP_DigestFinal(ctx, hash->sha384, NULL); + EVP_MD_CTX_destroy(ctx); return true; } else @@ -129,15 +132,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t *hash2, uint16_t hash_alg) return false; if ( hash_alg == TB_HALG_SHA1 ) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1)); memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1)); md = EVP_sha1(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, buf, 2*sizeof(hash1->sha1)); - EVP_DigestFinal(&ctx, hash1->sha1, NULL); + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1)); + EVP_DigestFinal(ctx, hash1->sha1, NULL); + EVP_MD_CTX_destroy(ctx); return true; } else diff --git a/lcptools/hash.c b/lcptools/hash.c index 8f666ac..86338ea 100644 --- a/lcptools/hash.c +++ b/lcptools/hash.c @@ -74,13 +74,14 @@ bool hash_buffer(const unsigned char* buf, size_t size, tb_hash_t *hash, return false; if ( hash_alg == TB_HALG_SHA1_LG ) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; md = EVP_sha1(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, buf, size); - EVP_DigestFinal(&ctx, hash->sha1, NULL); + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, buf, size); + EVP_DigestFinal(ctx, hash->sha1, NULL); + EVP_MD_CTX_destroy(ctx); return true; } else @@ -101,15 +102,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t *hash2, uint16_t hash_alg) return false; if ( hash_alg == TB_HALG_SHA1_LG ) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1)); memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1)); md = EVP_sha1(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, buf, 2*sizeof(hash1->sha1)); - EVP_DigestFinal(&ctx, hash1->sha1, NULL); + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1)); + EVP_DigestFinal(ctx, hash1->sha1, NULL); + EVP_MD_CTX_destroy(ctx); return true; } else diff --git a/lcptools/mlehash.c b/lcptools/mlehash.c index dc9ddb1..e727c29 100644 --- a/lcptools/mlehash.c +++ b/lcptools/mlehash.c @@ -336,7 +336,7 @@ int main(int argc, char* argv[]) bool help = false; char *mle_file; extern int optind; /* current index of get_opt() */ - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; char *cmdline = NULL; @@ -418,10 +418,10 @@ int main(int argc, char* argv[]) /* SHA-1 the MLE portion of the image */ md = EVP_sha1(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, exp_start + mle_hdr->mle_start_off, + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, exp_start + mle_hdr->mle_start_off, mle_hdr->mle_end_off - mle_hdr->mle_start_off); - EVP_DigestFinal(&ctx, (unsigned char *)hash, NULL); + EVP_DigestFinal(ctx, (unsigned char *)hash, NULL); log_info("SHA-1 = "); /* we always print the hash regardless of verbose mode */ @@ -432,11 +432,13 @@ int main(int argc, char* argv[]) } printf("\n"); + EVP_MD_CTX_destroy(ctx); free(base); free(exp_start); return 0; error: + EVP_MD_CTX_destroy(ctx); free(base); free(exp_start); return 1; diff --git a/tb_polgen/commands.c b/tb_polgen/commands.c index 69353a5..892c737 100644 --- a/tb_polgen/commands.c +++ b/tb_polgen/commands.c @@ -55,7 +55,6 @@ static bool hash_file(const char *filename, bool unzip, tb_hash_t *hash) { FILE *f; static char buf[1024]; - EVP_MD_CTX ctx; const EVP_MD *md; int read_cnt; @@ -69,8 +68,9 @@ static bool hash_file(const char *filename, bool unzip, tb_hash_t *hash) return false; } + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); md = EVP_sha1(); - EVP_DigestInit(&ctx, md); + EVP_DigestInit(ctx, md); do { if ( unzip ) read_cnt = gzread((gzFile)f, buf, sizeof(buf)); @@ -79,15 +79,16 @@ static bool hash_file(const char *filename, bool unzip, tb_hash_t *hash) if ( read_cnt == 0 ) break; - EVP_DigestUpdate(&ctx, buf, read_cnt); + EVP_DigestUpdate(ctx, buf, read_cnt); } while ( true ); - EVP_DigestFinal(&ctx, hash->sha1, NULL); + EVP_DigestFinal(ctx, hash->sha1, NULL); if ( unzip ) gzclose((gzFile)f); else fclose(f); + EVP_MD_CTX_destroy(ctx); return true; } @@ -165,17 +166,17 @@ bool do_add(const param_data_t *params) /* hash command line and files */ if ( params->hash_type == TB_HTYPE_IMAGE ) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; tb_hash_t final_hash, hash; /* hash command line */ info_msg("hashing command line \"%s\"...\n", params->cmdline); md = EVP_sha1(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, (unsigned char *)params->cmdline, + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, (unsigned char *)params->cmdline, strlen(params->cmdline)); - EVP_DigestFinal(&ctx, (unsigned char *)&final_hash, NULL); + EVP_DigestFinal(ctx, (unsigned char *)&final_hash, NULL); if ( verbose ) { info_msg("hash is..."); print_hash(&final_hash, TB_HALG_SHA1); @@ -183,15 +184,19 @@ bool do_add(const param_data_t *params) /* hash file */ info_msg("hashing image file %s...\n", params->image_file); - if ( !hash_file(params->image_file, true, &hash) ) + if ( !hash_file(params->image_file, true, &hash) ) { + EVP_MD_CTX_destroy(ctx); return false; + } if ( verbose ) { info_msg("hash is..."); print_hash(&hash, TB_HALG_SHA1); } - if ( !extend_hash(&final_hash, &hash, TB_HALG_SHA1) ) + if ( !extend_hash(&final_hash, &hash, TB_HALG_SHA1) ) { + EVP_MD_CTX_destroy(ctx); return false; + } if ( verbose ) { info_msg("cummulative hash is..."); @@ -200,6 +205,7 @@ bool do_add(const param_data_t *params) if ( !add_hash(pol_entry, &final_hash) ) { error_msg("cannot add another hash\n"); + EVP_MD_CTX_destroy(ctx); return false; } } diff --git a/tb_polgen/hash.c b/tb_polgen/hash.c index f6ffb38..8ae06ab 100644 --- a/tb_polgen/hash.c +++ b/tb_polgen/hash.c @@ -83,13 +83,14 @@ bool hash_buffer(const unsigned char* buf, size_t size, tb_hash_t *hash, } if ( hash_alg == TB_HALG_SHA1 ) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; md = EVP_sha1(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, buf, size); - EVP_DigestFinal(&ctx, hash->sha1, NULL); + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, buf, size); + EVP_DigestFinal(ctx, hash->sha1, NULL); + EVP_MD_CTX_destroy(ctx); return true; } else { @@ -114,15 +115,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t *hash2, uint16_t hash_alg) } if ( hash_alg == TB_HALG_SHA1 ) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1)); memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1)); md = EVP_sha1(); - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, buf, 2*sizeof(hash1->sha1)); - EVP_DigestFinal(&ctx, hash1->sha1, NULL); + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1)); + EVP_DigestFinal(ctx, hash1->sha1, NULL); + EVP_MD_CTX_destroy(ctx); return true; } else { -- 2.6.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel