From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Xiaoyu Lu <xiaoyux.lu@intel.com>, Siyuan Fu <siyuan.fu@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>
Subject: [PATCH V3 6/8] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm
Date: Thu, 7 May 2020 07:57:44 +0800 [thread overview]
Message-ID: <20200506235746.19500-7-zhichao.gao@intel.com> (raw)
In-Reply-To: <20200506235746.19500-1-zhichao.gao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
HMAC MD5 is not secure any longer.
Remove the HMAC MD5 support from edk2.
Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any long.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 1 -
CryptoPkg/Driver/Crypto.c | 128 ++---------
CryptoPkg/Include/Library/BaseCryptLib.h | 203 ----------------
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------
.../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/PeiCryptLib.uni | 4 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.uni | 4 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 -----------
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------
CryptoPkg/Private/Protocol/Crypto.h | 117 ++--------
16 files changed, 45 insertions(+), 1072 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 1f68cc633b..9ddf73f9fa 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,7 +137,6 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 341df3b814..dfde1cc005 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1105,154 +1105,68 @@ CryptoServiceSm3HashAll (
//=====================================================================================
/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
- @retval NULL This interface is not supported.
+ HMAC MD5 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
VOID *
EFIAPI
-CryptoServiceHmacMd5New (
+DeprecatedCryptoServiceHmacMd5New (
VOID
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), NULL);
+ return BaseCryptLibServciceDeprecated ("HmacMd5New"), NULL;
}
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
VOID
EFIAPI
-CryptoServiceHmacMd5Free (
+DeprecatedCryptoServiceHmacMd5Free (
IN VOID *HmacMd5Ctx
)
{
- CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, (HmacMd5Ctx));
+ BaseCryptLibServciceDeprecated ("HmacMd5Free");
}
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceHmacMd5SetKey (
+DeprecatedCryptoServiceHmacMd5SetKey (
OUT VOID *HmacMd5Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, (HmacMd5Context, Key, KeySize), FALSE);
+ return BaseCryptLibServciceDeprecated ("HmacMd5SetKey"), FALSE;
}
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceHmacMd5Duplicate (
+DeprecatedCryptoServiceHmacMd5Duplicate (
IN CONST VOID *HmacMd5Context,
OUT VOID *NewHmacMd5Context
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Context), FALSE);
+ return BaseCryptLibServciceDeprecated ("HmacMd5Duplicate"), FALSE;
}
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceHmacMd5Update (
+DeprecatedCryptoServiceHmacMd5Update (
IN OUT VOID *HmacMd5Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, (HmacMd5Context, Data, DataSize), FALSE);
+ return BaseCryptLibServciceDeprecated ("HmacMd5Update"), FALSE;
}
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceHmacMd5Final (
+DeprecatedCryptoServiceHmacMd5Final (
IN OUT VOID *HmacMd5Context,
OUT UINT8 *HmacValue
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, (HmacMd5Context, HmacValue), FALSE);
+ return BaseCryptLibServciceDeprecated ("HmacMd5Final"), FALSE;
}
/**
@@ -4051,13 +3965,13 @@ CryptoServiceTlsGetCertRevocationList (
const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
/// Version
CryptoServiceGetCryptoVersion,
- /// HMAC MD5
- CryptoServiceHmacMd5New,
- CryptoServiceHmacMd5Free,
- CryptoServiceHmacMd5SetKey,
- CryptoServiceHmacMd5Duplicate,
- CryptoServiceHmacMd5Update,
- CryptoServiceHmacMd5Final,
+ /// HMAC MD5 - deprecated and unsupported
+ DeprecatedCryptoServiceHmacMd5New,
+ DeprecatedCryptoServiceHmacMd5Free,
+ DeprecatedCryptoServiceHmacMd5SetKey,
+ DeprecatedCryptoServiceHmacMd5Duplicate,
+ DeprecatedCryptoServiceHmacMd5Update,
+ DeprecatedCryptoServiceHmacMd5Final,
/// HMAC SHA1
CryptoServiceHmacSha1New,
CryptoServiceHmacSha1Free,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 621bcfd1c4..b99401661c 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -880,139 +880,6 @@ Sm3HashAll (
// MAC (Message Authentication Code) Primitive
//=====================================================================================
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- );
-
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- );
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- );
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- );
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- );
-
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
@@ -1323,76 +1190,6 @@ AesInit (
IN UINTN KeyLength
);
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 2de8e9c346..33d7c13bff 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
- Hmac/CryptHmacMd5.c
Hmac/CryptHmacSha1.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
deleted file mode 100644
index da46ce09f4..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/** @file
- HMAC-MD5 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- //
- // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
- //
- return (VOID *) HMAC_CTX_new ();
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- //
- // Free OpenSSL HMAC_CTX Context
- //
- HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx);
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL || KeySize > INT_MAX) {
- return FALSE;
- }
-
- if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL || NewHmacMd5Context == NULL) {
- return FALSE;
- }
-
- if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-MD5 digest update
- //
- if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 digest computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- UINT32 Length;
-
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL || HmacValue == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-MD5 digest finalization
- //
- if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) != 1) {
- return FALSE;
- }
- if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
deleted file mode 100644
index 5de55bf0d5..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- Return NULL to indicate this interface is not supported.
-
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index f631f8d879..2a630ef290 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index c906935d3d..95c71a8ae2 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -6,7 +6,7 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// Note: HMAC-SHA1 functions, AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
@@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 672e19299c..1642521087 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index 0a3bb1c04f..f7e1acb3a7 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -6,7 +6,7 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// Note: HMAC-SHA1 functions, AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index cc3556ae3f..ec9c8e7c05 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external
+# HMAC-SHA1 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -39,7 +39,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index 2e362c635f..8eb3acac93 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -6,7 +6,7 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// Note: HMAC-SHA1 functions, AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 04b552f8b7..558ccfc002 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256Null.c
Hash/CryptSha512Null.c
Hash/CryptSm3Null.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
deleted file mode 100644
index 5de55bf0d5..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- Return NULL to indicate this interface is not supported.
-
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index c937f8540d..dfe7fb7e91 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1015,157 +1015,6 @@ Sm3HashAll (
// MAC (Message Authentication Code) Primitive
//=====================================================================================
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5New, (), NULL);
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- CALL_VOID_CRYPTO_SERVICE (HmacMd5Free, (HmacMd5Ctx));
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5SetKey, (HmacMd5Context, Key, KeySize), FALSE);
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Context), FALSE);
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5Update, (HmacMd5Context, Data, DataSize), FALSE);
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5Final, (HmacMd5Context, HmacValue), FALSE);
-}
-
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index e76ff623a5..bd4cd7f383 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -43,135 +43,48 @@ UINTN
// MAC (Message Authentication Code) Primitive
//=====================================================================================
/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
- @retval NULL This interface is not supported.
+ HMAC MD5 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
VOID*
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_NEW) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW) (
VOID
);
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
typedef
VOID
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FREE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE) (
IN VOID *HmacMd5Ctx
);
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE HMAC-MD5 context initialization succeeded.
- @retval FALSE HMAC-MD5 context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_SET_KEY) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY) (
OUT VOID *HmacMd5Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
);
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_DUPLICATE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE) (
IN CONST VOID *HmacMd5Context,
OUT VOID *NewHmacMd5Context
);
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_UPDATE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE) (
IN OUT VOID *HmacMd5Context,
IN CONST VOID *Data,
IN UINTN DataSize
);
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FINAL) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL) (
IN OUT VOID *HmacMd5Context,
OUT UINT8 *HmacValue
);
@@ -3618,13 +3531,13 @@ EFI_STATUS
struct _EDKII_CRYPTO_PROTOCOL {
/// Version
EDKII_CRYPTO_GET_VERSION GetVersion;
- /// HMAC MD5
- EDKII_CRYPTO_HMAC_MD5_NEW HmacMd5New;
- EDKII_CRYPTO_HMAC_MD5_FREE HmacMd5Free;
- EDKII_CRYPTO_HMAC_MD5_SET_KEY HmacMd5SetKey;
- EDKII_CRYPTO_HMAC_MD5_DUPLICATE HmacMd5Duplicate;
- EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update;
- EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final;
+ /// HMAC MD5 - deprecated and unsupported
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Free;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5SetKey;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplicate;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final;
/// HMAC SHA1
EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New;
EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free;
--
2.21.0.windows.1
next prev parent reply other threads:[~2020-05-06 23:58 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-06 23:57 [PATCH V3 0/8] CryptoPkg: Retire the deprecated functions Gao, Zhichao
2020-05-06 23:57 ` [PATCH V3 1/8] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm Gao, Zhichao
2020-05-07 7:45 ` [edk2-devel] " Philippe Mathieu-Daudé
2020-05-07 7:48 ` Philippe Mathieu-Daudé
2020-05-08 1:09 ` Gao, Zhichao
2020-05-08 12:59 ` Philippe Mathieu-Daudé
2020-05-06 23:57 ` [PATCH V3 2/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-05-08 15:19 ` Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 3/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-05-08 14:34 ` Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 4/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
2020-05-07 7:51 ` [edk2-devel] " Philippe Mathieu-Daudé
2020-05-08 14:42 ` Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 5/8] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
2020-05-08 14:50 ` Wang, Jian J
2020-05-06 23:57 ` Gao, Zhichao [this message]
2020-05-08 15:03 ` [PATCH V3 6/8] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 7/8] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Gao, Zhichao
2020-05-08 15:11 ` Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 8/8] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao
2020-05-08 15:13 ` Wang, Jian J
2020-05-08 7:23 ` [edk2-devel] [PATCH V3 0/8] CryptoPkg: Retire the deprecated functions Guomin Jiang
2020-05-08 8:00 ` Dong, Eric
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200506235746.19500-7-zhichao.gao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox