Between travis/ci and OpenSSL v3 a large number of deprecated warnings are being emitted when compiling ima-evm-utils. Start addressing these deprecated warnings by replacing the low level SHA1 and HMAC calls with the EVP_ functions. IMA signature version 1 also uses low level calls, but instead of fixing it, deprecate it as nobody should be using it anyway. OpenSSL v3 deprecates "engine" support, causing a lot of warnings. Since turning off engine support affects PKCS11 and Streebog, define a "--enable-engine" configuration option. In addition address some static analysis warnings and other cleanup. Mimi Zohar (11): travis: use the distro OpenSSL version on jammy travis: update dist=focal Update configure.ac to address a couple of obsolete warnings Deprecate IMA signature version 1 Replace the low level SHA1 calls when calculating the TPM 1.2 PCRs Replace the low level HMAC calls when calculating the EVM HMAC Add missing EVP_MD_CTX_free() call in calc_evm_hash() Deprecate use of OpenSSL 3 "engine" support Fix potential use after free in read_tpm_banks() Limit the file hash algorithm name length Missing template data size lower bounds checking .travis.yml | 4 +- acinclude.m4 | 2 +- configure.ac | 25 ++++- m4/manpage-docbook-xsl.m4 | 2 +- src/Makefile.am | 18 ++++ src/evmctl.c | 219 ++++++++++++++++++++++++++++---------- src/imaevm.h | 2 + src/libimaevm.c | 29 ++++- tests/functions.sh | 11 +- tests/ima_hash.test | 9 ++ tests/sign_verify.test | 28 +++-- 11 files changed, 277 insertions(+), 72 deletions(-) -- 2.31.1
