From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glin@suse.com>
Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 5076D21DFA917
 for <edk2-devel@lists.01.org>; Mon, 27 Mar 2017 02:56:43 -0700 (PDT)
Received: from emea4-mta.ukb.novell.com ([10.120.13.87])
 by smtp.nue.novell.com with ESMTP (TLS encrypted);
 Mon, 27 Mar 2017 11:56:41 +0200
Received: from GaryWorkstation (nwb-a10-snat.microfocus.com [10.120.13.201])
 by emea4-mta.ukb.novell.com with ESMTP (TLS encrypted);
 Mon, 27 Mar 2017 10:56:24 +0100
Date: Mon, 27 Mar 2017 17:56:17 +0800
From: Gary Lin <glin@suse.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: Qin Long <qin.long@intel.com>, edk2-devel@lists.01.org,
 ting.ye@intel.com, jiaxin.wu@intel.com, ard.biesheuvel@linaro.org,
 ronald.cron@arm.com, Moso.Lee@citrix.com, thomas.palmer@hpe.com
Message-ID: <20170327095617.ukr35artwmmlm6tz@GaryWorkstation>
References: <20170323131932.6168-1-qin.long@intel.com>
 <20170323131932.6168-10-qin.long@intel.com>
 <c8e953a2-49d8-8736-d513-3a80370883e1@redhat.com>
MIME-Version: 1.0
In-Reply-To: <c8e953a2-49d8-8736-d513-3a80370883e1@redhat.com>
User-Agent: Mutt/1.6.2 (2016-07-01)
Subject: Re: [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 09:56:43 -0000
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Mar 23, 2017 at 07:37:08PM +0100, Laszlo Ersek wrote:
> On 03/23/17 14:19, Qin Long wrote:
> > OpenSSL-1.1.xx makes most data structures opaque.
> > This patch updated HMAC Wrapper implementation with opaque
> > HMAC_CTX object.
> > The HmacXXGetContextSize() is marked as deprecated, and updated
> > to use the fixed HMAC_CTX size, which is just kept for compatibility.
> > New APIs (HmacXXNew(), HmacXXFree()) were added  as the recommended
> > HMAC_CTX usage interfaces for HMAC-XXXX operations.
> > 
> > Cc: Ting Ye <ting.ye@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > Cc: Gary Lin <glin@suse.com>
> > Cc: Ronald Cron <ronald.cron@arm.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Qin Long <qin.long@intel.com>
> > ---
> >  CryptoPkg/Include/Library/BaseCryptLib.h           | 93 +++++++++++++++++++++-
> >  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 77 +++++++++++++++---
> >  .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c   | 40 +++++++++-
> >  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      | 75 +++++++++++++++--
> >  .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c  | 40 +++++++++-
> >  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    | 75 +++++++++++++++--
> >  .../BaseCryptLib/Hmac/CryptHmacSha256Null.c        | 40 +++++++++-
> >  7 files changed, 411 insertions(+), 29 deletions(-)
> 
> I think the code modified in this patch is exercised as part of Secure
> Boot image verification (SHA1, SHA256), so:
> 
Actually, Secure Boot has nothing to do with HMAC, and the current HMAC
user is only CryptoPkg/Application/Cryptest/HmacVerify.c
The hash functions come from CryptoPkg/Library/BaseCryptLib/Hash/.

Gary Lin

> Tested-by: Laszlo Ersek <lersek@redhat.com>
> 
> (Tested as described in
> <http://mid.mail-archive.com/4410fa53-b0e4-d64a-7b95-8a430a4c7b06@redhat.com>.)
> 
> Thanks!
> Laszlo
>