commit 5e0b2375b20ea1e82f95770f68ae416a8c0de62f
author Adriana Kobylak <anoo@us.ibm.com> Wed Dec 08 21:59:30 2021 +0000
committer Adriana Kobylak <anoo@us.ibm.com> Thu Dec 09 19:44:13 2021 +0000
tree 3e6fa20f0c1f2dbe26697b8fe8cf0c34ce9b9900
parent 3ce1a4cbd2f3ba7c11a48d0f180710a83a1f5c10

openssl: stop using deprecated SHA512_* functions

The openssl/sha.h header is deprecated for OpenSSL 3 along with all the
functions in it.  Switch to use the EVP_MD interfaces.

Tested: CI passes.

Change-Id: Icd7a83683e7b9778343b8e14bfcdeb31b9d5144a
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

test/test_version.cpp

diff --git a/test/test_version.cpp b/test/test_version.cpp
index a44edd8..523b52a 100644
--- a/test/test_version.cpp
+++ b/test/test_version.cpp
@@ -1,22 +1,30 @@
 #include "version.hpp"
 
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #include <gtest/gtest.h>
 
 using namespace openpower::software::updater;
 
+using EVP_MD_CTX_Ptr =
+    std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_free)>;
+
 /** @brief Make sure we correctly get the Id from getId()*/
 TEST(VersionTest, TestGetId)
 {
+
     auto version = "test-id";
-    unsigned char digest[SHA512_DIGEST_LENGTH];
-    SHA512_CTX ctx;
-    SHA512_Init(&ctx);
-    SHA512_Update(&ctx, version, strlen(version));
-    SHA512_Final(digest, &ctx);
-    char mdString[SHA512_DIGEST_LENGTH * 2 + 1];
-    for (int i = 0; i < SHA512_DIGEST_LENGTH; i++)
+    unsigned char digest[EVP_MAX_MD_SIZE];
+    unsigned int digest_count = 0;
+
+    EVP_MD_CTX_Ptr ctx(EVP_MD_CTX_new(), &::EVP_MD_CTX_free);
+
+    EVP_DigestInit(ctx.get(), EVP_sha512());
+    EVP_DigestUpdate(ctx.get(), version, strlen(version));
+    EVP_DigestFinal(ctx.get(), digest, &digest_count);
+
+    char mdString[EVP_MAX_MD_SIZE * 2 + 1];
+    for (decltype(digest_count) i = 0; i < digest_count; i++)
     {
         snprintf(&mdString[i * 2], 3, "%02x", (unsigned int)digest[i]);
     }

version.cpp

diff --git a/version.cpp b/version.cpp
index ec23955..d480c43 100644
--- a/version.cpp
+++ b/version.cpp
@@ -3,7 +3,7 @@
 #include "item_updater.hpp"
 #include "xyz/openbmc_project/Common/error.hpp"
 
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #include <phosphor-logging/elog-errors.hpp>
 #include <phosphor-logging/log.hpp>
@@ -25,6 +25,9 @@
 using namespace phosphor::logging;
 using Argument = xyz::openbmc_project::Common::InvalidArgument;
 
+using EVP_MD_CTX_Ptr =
+    std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_free)>;
+
 std::string Version::getId(const std::string& version)
 {
 
@@ -34,20 +37,20 @@
         return {};
     }
 
-    unsigned char digest[SHA512_DIGEST_LENGTH];
-    SHA512_CTX ctx;
-    SHA512_Init(&ctx);
-    SHA512_Update(&ctx, version.c_str(), strlen(version.c_str()));
-    SHA512_Final(digest, &ctx);
-    char mdString[SHA512_DIGEST_LENGTH * 2 + 1];
-    for (int i = 0; i < SHA512_DIGEST_LENGTH; i++)
-    {
-        snprintf(&mdString[i * 2], 3, "%02x", (unsigned int)digest[i]);
-    }
+    std::array<unsigned char, EVP_MAX_MD_SIZE> digest{};
+    EVP_MD_CTX_Ptr ctx(EVP_MD_CTX_new(), &::EVP_MD_CTX_free);
 
-    // Only need 8 hex digits.
-    std::string hexId = std::string(mdString);
-    return (hexId.substr(0, 8));
+    EVP_DigestInit(ctx.get(), EVP_sha512());
+    EVP_DigestUpdate(ctx.get(), version.c_str(), strlen(version.c_str()));
+    EVP_DigestFinal(ctx.get(), digest.data(), nullptr);
+
+    // We are only using the first 8 characters.
+    char mdString[9];
+    snprintf(mdString, sizeof(mdString), "%02x%02x%02x%02x",
+             (unsigned int)digest[0], (unsigned int)digest[1],
+             (unsigned int)digest[2], (unsigned int)digest[3]);
+
+    return mdString;
 }
 
 std::map<std::string, std::string>