From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=fail (domain: intel.com, ip: <nil>, mailfrom: xiaoyux.lu@intel.com)
Received: from mga14.intel.com (mga14.intel.com [])
 by groups.io with SMTP; Mon, 29 Apr 2019 01:15:59 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Apr 2019 01:15:59 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.60,409,1549958400"; 
   d="scan'208";a="154652255"
Received: from xiaoyu-dev.sh.intel.com ([10.239.47.11])
  by orsmga002.jf.intel.com with ESMTP; 29 Apr 2019 01:15:57 -0700
From: "Xiaoyu lu" <xiaoyux.lu@intel.com>
To: devel@edk2.groups.io
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Ting Ye <ting.ye@intel.com>
Subject: [PATCH 3/3] CryptoPkg/BaseCryptLib: updata HMAC_ctx size
Date: Mon, 29 Apr 2019 04:15:27 -0400
Message-Id: <1556525727-14875-4-git-send-email-xiaoyux.lu@intel.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1556525727-14875-1-git-send-email-xiaoyux.lu@intel.com>
References: <1556525727-14875-1-git-send-email-xiaoyux.lu@intel.com>

From: Xiaoyu Lu <xiaoyux.lu@intel.com>

Openssl internally redefines the size of HMAC_CTX,
but there is no external definition.
So add an additional nubmer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
---
 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c    | 11 ++++++++++-
 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c   | 12 ++++++++++--
 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 12 ++++++++++--
 3 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
index 3134806..3ffb8e2 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
@@ -9,8 +9,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "InternalCryptLib.h"
 #include <openssl/hmac.h>
 
+//
+// NOTE: HMAC_MAX_MD_CBLOCK is deprecated.
+//       #define HMAC_MAX_MD_CBLOCK 128
+//       Openssl redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h
+//       #define HMAC_MAX_MD_CBLOCK_SIZE     144
+//       But we need to compatible with previous API.
+//       So fix it with correct size 144-128 = 16.
+//
 #define HMAC_MD5_CTX_SIZE    sizeof(void *) * 4 + sizeof(unsigned int) + \
-                             sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
+                             sizeof(unsigned char) * (HMAC_MAX_MD_CBLOCK + 16)
+
 
 /**
   Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
index bbe3df4..e59602e 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
@@ -9,8 +9,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "InternalCryptLib.h"
 #include <openssl/hmac.h>
 
-#define HMAC_SHA1_CTX_SIZE   sizeof(void *) * 4 + sizeof(unsigned int) + \
-                             sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
+//
+// NOTE: HMAC_MAX_MD_CBLOCK is deprecated.
+//       #define HMAC_MAX_MD_CBLOCK 128
+//       Openssl redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h
+//       #define HMAC_MAX_MD_CBLOCK_SIZE     144
+//       But we need to compatible with previous API.
+//       So fix it with correct size 144-128 = 16.
+//
+#define  HMAC_SHA1_CTX_SIZE   sizeof(void *) * 4 + sizeof(unsigned int) + \
+                             sizeof(unsigned char) * (HMAC_MAX_MD_CBLOCK + 16)
 
 /**
   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
index ac9084f..8d0570b 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
@@ -9,8 +9,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "InternalCryptLib.h"
 #include <openssl/hmac.h>
 
-#define HMAC_SHA256_CTX_SIZE   sizeof(void *) * 4 + sizeof(unsigned int) + \
-                               sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
+//
+// NOTE: HMAC_MAX_MD_CBLOCK is deprecated.
+//       #define HMAC_MAX_MD_CBLOCK 128
+//       Openssl redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h
+//       #define HMAC_MAX_MD_CBLOCK_SIZE     144
+//       But we need to compatible with previous API.
+//       So fix it with correct size 144-128 = 16.
+//
+#define HMAC_SHA256_CTX_SIZE    sizeof(void *) * 4 + sizeof(unsigned int) + \
+                             sizeof(unsigned char) * (HMAC_MAX_MD_CBLOCK + 16)
 
 /**
   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
-- 
2.7.4