From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web12.4921.1578468412617761154 for ; Tue, 07 Jan 2020 23:26:52 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jian.j.wang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Jan 2020 23:26:51 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,409,1571727600"; d="scan'208";a="215870720" Received: from shwdeopensfp777.ccr.corp.intel.com ([10.239.158.78]) by orsmga008.jf.intel.com with ESMTP; 07 Jan 2020 23:26:50 -0800 From: "Wang, Jian J" To: devel@edk2.groups.io Cc: Xiaoyu Lu , Laszlo Ersek Subject: [PATCH] CryptoPkg/BaseCryptLib: deprecate HmacXxxGetContextSize interface Date: Wed, 8 Jan 2020 15:26:50 +0800 Message-Id: <20200108072650.1353-1-jian.j.wang@intel.com> X-Mailer: git-send-email 2.24.0.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1792 Hmac(Md5|Sha1|Sha256)GetContextSize() use a deprecated macro HMAC_MAX_MD_CBLOCK defined in openssl. They should be dropped to avoid misuses in the future. For context allocation and release, use HmacXxxNew() and HmacXxxFree() instead. Since HmacXxxNew will zero allocated context buffer, the calling to memset() in HmacXxxInit is safe to be removed. Cc: Xiaoyu Lu Cc: Laszlo Ersek Signed-off-by: Jian J Wang --- CryptoPkg/Include/Library/BaseCryptLib.h | 51 ------------------- .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 32 ------------ .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 20 -------- .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 33 ------------ .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 20 -------- .../BaseCryptLib/Hmac/CryptHmacSha256.c | 32 ------------ .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 20 -------- .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 20 -------- .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 20 -------- .../Hmac/CryptHmacSha256Null.c | 20 -------- 10 files changed, 268 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 8fe303a0b3..ffe606fa3f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1025,23 +1025,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive=0D //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D =0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-MD= 5 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.= )=0D -=0D - If this interface is not supported, then return zero.=0D -=0D - @return The size, in bytes, of the context buffer required for HMAC-MD5= operations.=0D - @retval 0 This interface is not supported.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacMd5GetContextSize (=0D - VOID=0D - );=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se.=0D =0D @@ -1175,23 +1158,6 @@ HmacMd5Final ( OUT UINT8 *HmacValue=0D );=0D =0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A1 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operatio= ns.)=0D -=0D - If this interface is not supported, then return zero.=0D -=0D - @return The size, in bytes, of the context buffer required for HMAC-SHA= 1 operations.=0D - @retval 0 This interface is not supported.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacSha1GetContextSize (=0D - VOID=0D - );=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use.=0D =0D @@ -1325,23 +1291,6 @@ HmacSha1Final ( OUT UINT8 *HmacValue=0D );=0D =0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context op= erations.)=0D -=0D - If this interface is not supported, then return zero.=0D -=0D - @return The size, in bytes, of the context buffer required for HMAC-SHA= 256 operations.=0D - @retval 0 This interface is not supported.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacSha256GetContextSize (=0D - VOID=0D - );=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use.=0D =0D diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c index 19e9fbeae6..819842392b 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -9,37 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h"=0D #include =0D =0D -//=0D -// NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h= =0D -// #define HMAC_MAX_MD_CBLOCK_SIZE 144=0D -//=0D -#define HMAC_MD5_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int) + = \=0D - sizeof(unsigned char) * 144)=0D -=0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-MD= 5 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.= )=0D -=0D - @return The size, in bytes, of the context buffer required for HMAC-MD5= operations.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacMd5GetContextSize (=0D - VOID=0D - )=0D -{=0D - //=0D - // Retrieves the OpenSSL HMAC-MD5 Context Size=0D - // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just = use the=0D - // fixed size as a workaround to make this API work for compatibil= ity.=0D - // We should retire HmacMd5GetContextSize() in future, and use Hma= cMd5New()=0D - // and HmacMd5Free() for context allocation and release.=0D - //=0D - return (UINTN) HMAC_MD5_CTX_SIZE;=0D -}=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se.=0D =0D @@ -109,7 +78,6 @@ HmacMd5Init ( //=0D // OpenSSL HMAC-MD5 Context Initialization=0D //=0D - memset(HmacMd5Context, 0, HMAC_MD5_CTX_SIZE);=0D if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) {=0D return FALSE;=0D }=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/Crypt= oPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c index 3aafed874b..205dc9e474 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =0D #include "InternalCryptLib.h"=0D =0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-MD= 5 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.= )=0D -=0D - Return zero to indicate this interface is not supported.=0D -=0D - @retval 0 This interface is not supported.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacMd5GetContextSize (=0D - VOID=0D - )=0D -{=0D - ASSERT (FALSE);=0D - return 0;=0D -}=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se.=0D =0D diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPk= g/Library/BaseCryptLib/Hmac/CryptHmacSha1.c index 7d7df9640e..f45ecebc6d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -9,38 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h"=0D #include =0D =0D -//=0D -// NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h= =0D -// #define HMAC_MAX_MD_CBLOCK_SIZE 144=0D -//=0D -//=0D -#define HMAC_SHA1_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int) += \=0D - sizeof(unsigned char) * 144)=0D -=0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A1 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operatio= ns.)=0D -=0D - @return The size, in bytes, of the context buffer required for HMAC-SHA= 1 operations.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacSha1GetContextSize (=0D - VOID=0D - )=0D -{=0D - //=0D - // Retrieves the OpenSSL HMAC-SHA1 Context Size=0D - // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just = use the=0D - // fixed size as a workaround to make this API work for compatibil= ity.=0D - // We should retire HmacSha15GetContextSize() in future, and use H= macSha1New()=0D - // and HmacSha1Free() for context allocation and release.=0D - //=0D - return (UINTN) HMAC_SHA1_CTX_SIZE;=0D -}=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use.=0D =0D @@ -110,7 +78,6 @@ HmacSha1Init ( //=0D // OpenSSL HMAC-SHA1 Context Initialization=0D //=0D - memset(HmacSha1Context, 0, HMAC_SHA1_CTX_SIZE);=0D if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) {=0D return FALSE;=0D }=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/Cryp= toPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c index 547aa484ea..542350f15a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =0D #include "InternalCryptLib.h"=0D =0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A1 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operatio= ns.)=0D -=0D - Return zero to indicate this interface is not supported.=0D -=0D - @retval 0 This interface is not supported.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacSha1GetContextSize (=0D - VOID=0D - )=0D -{=0D - ASSERT (FALSE);=0D - return 0;=0D -}=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use.=0D =0D diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/Crypto= Pkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c index f24443e745..446d629d74 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c @@ -9,37 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h"=0D #include =0D =0D -//=0D -// NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h= =0D -// #define HMAC_MAX_MD_CBLOCK_SIZE 144=0D -//=0D -#define HMAC_SHA256_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int)= + \=0D - sizeof(unsigned char) * 144)=0D -=0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context op= erations.)=0D -=0D - @return The size, in bytes, of the context buffer required for HMAC-SHA= 256 operations.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacSha256GetContextSize (=0D - VOID=0D - )=0D -{=0D - //=0D - // Retrieves the OpenSSL HMAC-SHA256 Context Size=0D - // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just = use the=0D - // fixed size as a workaround to make this API work for compatibil= ity.=0D - // We should retire HmacSha256GetContextSize() in future, and use = HmacSha256New()=0D - // and HmacSha256Free() for context allocation and release.=0D - //=0D - return (UINTN)HMAC_SHA256_CTX_SIZE;=0D -}=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use.=0D =0D @@ -109,7 +78,6 @@ HmacSha256Init ( //=0D // OpenSSL HMAC-SHA256 Context Initialization=0D //=0D - memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE);=0D if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) !=3D 1) {=0D return FALSE;=0D }=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/Cr= yptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c index f0a4420e27..f8074cc617 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =0D #include "InternalCryptLib.h"=0D =0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context op= erations.)=0D -=0D - Return zero to indicate this interface is not supported.=0D -=0D - @retval 0 This interface is not supported.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacSha256GetContextSize (=0D - VOID=0D - )=0D -{=0D - ASSERT (FALSE);=0D - return 0;=0D -}=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use.=0D =0D diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/C= ryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c index 3aafed874b..205dc9e474 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =0D #include "InternalCryptLib.h"=0D =0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-MD= 5 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.= )=0D -=0D - Return zero to indicate this interface is not supported.=0D -=0D - @retval 0 This interface is not supported.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacMd5GetContextSize (=0D - VOID=0D - )=0D -{=0D - ASSERT (FALSE);=0D - return 0;=0D -}=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se.=0D =0D diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/= CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c index 547aa484ea..542350f15a 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =0D #include "InternalCryptLib.h"=0D =0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A1 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operatio= ns.)=0D -=0D - Return zero to indicate this interface is not supported.=0D -=0D - @retval 0 This interface is not supported.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacSha1GetContextSize (=0D - VOID=0D - )=0D -{=0D - ASSERT (FALSE);=0D - return 0;=0D -}=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use.=0D =0D diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c = b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c index f0a4420e27..f8074cc617 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =0D #include "InternalCryptLib.h"=0D =0D -/**=0D - Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations.=0D - (NOTE: This API is deprecated.=0D - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context op= erations.)=0D -=0D - Return zero to indicate this interface is not supported.=0D -=0D - @retval 0 This interface is not supported.=0D -=0D -**/=0D -UINTN=0D -EFIAPI=0D -HmacSha256GetContextSize (=0D - VOID=0D - )=0D -{=0D - ASSERT (FALSE);=0D - return 0;=0D -}=0D -=0D /**=0D Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use.=0D =0D --=20 2.24.0.windows.2