From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.85.128.68, mailfrom: philmd@redhat.com) Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by groups.io with SMTP; Mon, 29 Apr 2019 07:28:34 -0700 Received: by mail-wm1-f68.google.com with SMTP id y5so15179344wma.2 for ; Mon, 29 Apr 2019 07:28:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=xjrofOLnrLwmHWMdr41BI3urRxQG+8tO/NqP/rT3PA8=; b=Bs4Rhtcl9xHyqzwZmPJ7EJxLbNchi8/XZu1MHKJ4MDf2lRBZFbxL94KUGRCa8dGY67 quPZy/NS0KRqXEPY0KopfZ6IkLUCR07QsVHNoNuVgSguIM6PjN+GjYYHBiy3rhJ4IlMU AdTjO946nNbav+l6BfI7gViJ6APh5YB7dbKcdBcZqYZuBCpUtLE0CvBnGu3Dsw73HaPk 2sRO1M1BJGZJkWp0H46PDtnk6DPtUvtLRheK40GRcEFdkzSFsZMzCiHmd7p+ymDSYX1Q cwiJBo281gHbWzoPYMHGiXGnnCnkxxn9GsQEQpYdNjZZm0cFla2hhAIOvzOjKkrc47IC Ldgw== X-Gm-Message-State: APjAAAWFiSePXHyxuMxIM6YQoGyQpWPByS2ZfVHoo3fNoG/2rxm8HrbE rOzJPKysG7Qby8v6gDIWRY9HvA== X-Google-Smtp-Source: APXvYqwqAl0S3a6a0vRWmm2YiZ290d8ucdeljFRuUV+DPV0azKhc8Gxy6fbuxhmsqoUT4RSU4joNQg== X-Received: by 2002:a1c:4102:: with SMTP id o2mr16668268wma.91.1556548112502; Mon, 29 Apr 2019 07:28:32 -0700 (PDT) Return-Path: Received: from [192.168.1.33] (193.red-88-21-103.staticip.rima-tde.net. [88.21.103.193]) by smtp.gmail.com with ESMTPSA id s22sm4489941wrb.44.2019.04.29.07.28.31 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 29 Apr 2019 07:28:31 -0700 (PDT) Subject: Re: [edk2-devel] [PATCH 3/3] CryptoPkg/BaseCryptLib: updata HMAC_ctx size To: devel@edk2.groups.io, xiaoyux.lu@intel.com Cc: Jian J Wang , Ting Ye , Laszlo Ersek References: <1556525727-14875-1-git-send-email-xiaoyux.lu@intel.com> <1556525727-14875-4-git-send-email-xiaoyux.lu@intel.com> From: =?UTF-8?B?UGhpbGlwcGUgTWF0aGlldS1EYXVkw6k=?= Openpgp: id=89C1E78F601EE86C867495CBA2A3FD6EDEADC0DE; url=http://pgp.mit.edu/pks/lookup?op=get&search=0xA2A3FD6EDEADC0DE Message-ID: <14237558-7b28-cc59-1cc5-1c19f543ecf0@redhat.com> Date: Mon, 29 Apr 2019 16:28:30 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <1556525727-14875-4-git-send-email-xiaoyux.lu@intel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Hi Xiaoyu, Small typos: "update" in subject. Maybe better described as "Make HMAC_CTX_SIZE backward compatible"? On 4/29/19 10:15 AM, Xiaoyu lu wrote: > From: Xiaoyu Lu > > Openssl internally redefines the size of HMAC_CTX, "OpenSSL"? > but there is no external definition. > So add an additional nubmer. "number" > > Cc: Jian J Wang > Cc: Ting Ye Can you add the reference? "Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1089" > Signed-off-by: Xiaoyu Lu > --- > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 11 ++++++++++- > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 12 ++++++++++-- > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 12 ++++++++++-- > 3 files changed, 30 insertions(+), 5 deletions(-) > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > index 3134806..3ffb8e2 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > @@ -9,8 +9,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include "InternalCryptLib.h" > #include > > +// > +// NOTE: HMAC_MAX_MD_CBLOCK is deprecated. > +// #define HMAC_MAX_MD_CBLOCK 128 > +// Openssl redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h OpenSSL > +// #define HMAC_MAX_MD_CBLOCK_SIZE 144 > +// But we need to compatible with previous API. > +// So fix it with correct size 144-128 = 16. > +// > #define HMAC_MD5_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ > - sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK > + sizeof(unsigned char) * (HMAC_MAX_MD_CBLOCK + 16) Can you put this expression between parenthesis? (and the other ones). > + > > /** > Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations. > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > index bbe3df4..e59602e 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > @@ -9,8 +9,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include "InternalCryptLib.h" > #include > > -#define HMAC_SHA1_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ > - sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK > +// > +// NOTE: HMAC_MAX_MD_CBLOCK is deprecated. > +// #define HMAC_MAX_MD_CBLOCK 128 > +// Openssl redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h Ditto, > +// #define HMAC_MAX_MD_CBLOCK_SIZE 144 > +// But we need to compatible with previous API. > +// So fix it with correct size 144-128 = 16. > +// > +#define HMAC_SHA1_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ > + sizeof(unsigned char) * (HMAC_MAX_MD_CBLOCK + 16) > > /** > Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations. > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > index ac9084f..8d0570b 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > @@ -9,8 +9,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include "InternalCryptLib.h" > #include > > -#define HMAC_SHA256_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ > - sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK > +// > +// NOTE: HMAC_MAX_MD_CBLOCK is deprecated. > +// #define HMAC_MAX_MD_CBLOCK 128 > +// Openssl redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h Ditto. Thanks! > +// #define HMAC_MAX_MD_CBLOCK_SIZE 144 > +// But we need to compatible with previous API. > +// So fix it with correct size 144-128 = 16. > +// > +#define HMAC_SHA256_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ > + sizeof(unsigned char) * (HMAC_MAX_MD_CBLOCK + 16) > > /** > Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations. >