From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Xiaoyu Lu <xiaoyux.lu@intel.com>, Siyuan Fu <siyuan.fu@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Laszlo Ersek <lersek@redhat.com>
Subject: [PATCH V2 6/7] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
Date: Thu, 23 Apr 2020 16:46:26 +0800 [thread overview]
Message-ID: <20200423084627.3384-7-zhichao.gao@intel.com> (raw)
In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
HMAC SHA1 is not secure any longer.
Remove the HMAC SHA1 support from edk2.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 3 -
CryptoPkg/Driver/Crypto.c | 12 +-
CryptoPkg/Include/Library/BaseCryptLib.h | 133 -----------
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ------------------
.../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 4 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 -----------
11 files changed, 9 insertions(+), 645 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 9ddf73f9fa..1af78468a1 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,7 +137,6 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -163,7 +162,6 @@
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -178,7 +176,6 @@
!endif
!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 8844c7a505..e0544d44ca 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1346,7 +1346,7 @@ CryptoServiceHmacSha1New (
VOID
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.New, HmacSha1New, (), NULL);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1New"), NULL;
}
/**
@@ -1363,7 +1363,7 @@ CryptoServiceHmacSha1Free (
IN VOID *HmacSha1Ctx
)
{
- CALL_VOID_BASECRYPTLIB (HmacSha1.Services.Free, HmacSha1Free, (HmacSha1Ctx));
+ BaseCryptLibServciceNotEnabled ("HmacSha1Free");
}
/**
@@ -1390,7 +1390,7 @@ CryptoServiceHmacSha1SetKey (
IN UINTN KeySize
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.SetKey, HmacSha1SetKey, (HmacSha1Context, Key, KeySize), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1SetKey"), FALSE;
}
/**
@@ -1415,7 +1415,7 @@ CryptoServiceHmacSha1Duplicate (
OUT VOID *NewHmacSha1Context
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.Duplicate, HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Context), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1Duplicate"), FALSE;
}
/**
@@ -1446,7 +1446,7 @@ CryptoServiceHmacSha1Update (
IN UINTN DataSize
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.Update, HmacSha1Update, (HmacSha1Context, Data, DataSize), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1Update"), FALSE;
}
/**
@@ -1478,7 +1478,7 @@ CryptoServiceHmacSha1Final (
OUT UINT8 *HmacValue
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, (HmacSha1Context, HmacValue), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1Final"), FALSE;
}
/**
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index eb2808f842..7d0056d5bd 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -880,139 +880,6 @@ Sm3HashAll (
// MAC (Message Authentication Code) Primitive
//=====================================================================================
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha1New() returns NULL.
- @return NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- );
-
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- );
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- );
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- If HmacSha1Context is NULL, then return FALSE.
- If NewHmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval TRUE HMAC-SHA1 context copy succeeded.
- @retval FALSE HMAC-SHA1 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- );
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- This function performs HMAC-SHA1 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA1 data digest succeeded.
- @retval FALSE HMAC-SHA1 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- This function completes HMAC-SHA1 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA1 context cannot
- be used again.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized
- by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval TRUE HMAC-SHA1 digest computation succeeded.
- @retval FALSE HMAC-SHA1 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- );
-
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 33d7c13bff..4aae2aba95 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
- Hmac/CryptHmacSha1.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
deleted file mode 100644
index 7593ca55b1..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/** @file
- HMAC-SHA1 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha1New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- //
- // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
- //
- return (VOID *) HMAC_CTX_new ();
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- //
- // Free OpenSSL HMAC_CTX Context
- //
- HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx);
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- If HmacSha1Context is NULL, then return FALSE.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL || KeySize > INT_MAX) {
- return FALSE;
- }
-
- if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- If HmacSha1Context is NULL, then return FALSE.
- If NewHmacSha1Context is NULL, then return FALSE.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval TRUE HMAC-SHA1 context copy succeeded.
- @retval FALSE HMAC-SHA1 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL || NewHmacSha1Context == NULL) {
- return FALSE;
- }
-
- if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- This function performs HMAC-SHA1 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA1 data digest succeeded.
- @retval FALSE HMAC-SHA1 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA1 digest update
- //
- if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- This function completes HMAC-SHA1 digest computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA1 context cannot
- be used again.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval TRUE HMAC-SHA1 digest computation succeeded.
- @retval FALSE HMAC-SHA1 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- UINT32 Length;
-
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL || HmacValue == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA1 digest finalization
- //
- if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) != 1) {
- return FALSE;
- }
- if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
deleted file mode 100644
index e8c0f341b7..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 2a630ef290..dc28e3a11d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 1642521087..5005beed02 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index ec9c8e7c05..91ec3e03bf 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,8 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-SHA1 functions, RSA external
-# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
@@ -39,7 +38,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 558ccfc002..689af4fedd 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256Null.c
Hash/CryptSha512Null.c
Hash/CryptSm3Null.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
deleted file mode 100644
index e8c0f341b7..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
--
2.21.0.windows.1
next prev parent reply other threads:[~2020-04-23 8:47 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 1/7] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 2/7] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 3/7] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 4/7] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 5/7] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Gao, Zhichao
2020-04-23 8:46 ` Gao, Zhichao [this message]
2020-04-23 8:46 ` [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao
2020-04-25 9:44 ` Siyuan, Fu
2020-04-25 13:48 ` Yao, Jiewen
2020-04-26 6:43 ` Gao, Zhichao
2020-04-26 6:48 ` Yao, Jiewen
2020-04-27 0:31 ` [edk2-devel] " Gao, Zhichao
2020-04-27 0:41 ` Siyuan, Fu
2020-04-23 9:31 ` [edk2-devel] [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Yao, Jiewen
2020-04-23 9:58 ` Gao, Zhichao
2020-04-24 13:25 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200423084627.3384-7-zhichao.gao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox