From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.3534.1578537631879842067 for ; Wed, 08 Jan 2020 18:40:31 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: jian.j.wang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jan 2020 18:40:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,412,1571727600"; d="scan'208";a="303733153" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga001.jf.intel.com with ESMTP; 08 Jan 2020 18:40:30 -0800 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 8 Jan 2020 18:40:30 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 8 Jan 2020 18:40:30 -0800 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.210]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.30]) with mapi id 14.03.0439.000; Thu, 9 Jan 2020 10:40:28 +0800 From: "Wang, Jian J" To: Laszlo Ersek , "devel@edk2.groups.io" CC: "Lu, XiaoyuX" Subject: Re: [PATCH] CryptoPkg/BaseCryptLib: deprecate HmacXxxGetContextSize interface Thread-Topic: [PATCH] CryptoPkg/BaseCryptLib: deprecate HmacXxxGetContextSize interface Thread-Index: AQHVxg3FwUti2CW6eku6rPZVfSIeR6fhmHeA Date: Thu, 9 Jan 2020 02:40:28 +0000 Message-ID: References: <20200108072650.1353-1-jian.j.wang@intel.com> <74e5fa4b-9932-c25d-f71f-699000eaaff9@redhat.com> In-Reply-To: <74e5fa4b-9932-c25d-f71f-699000eaaff9@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMDMzMDk2ZDQtZWMwMS00YmVkLWFlZTAtYjA4ODlhZWU2YWRmIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoieVNCMmF0RTdzbEowcDlzNmdJakxxTFdZM3lRbndjQUowRlBGeTUxXC9hZUlUWDJ4TXdjK2hmeE5YUW9XSGIrQWMifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Laszlo, > -----Original Message----- > From: Laszlo Ersek > Sent: Wednesday, January 08, 2020 6:24 PM > To: Wang, Jian J ; devel@edk2.groups.io > Cc: Lu, XiaoyuX > Subject: Re: [PATCH] CryptoPkg/BaseCryptLib: deprecate > HmacXxxGetContextSize interface >=20 > On 01/08/20 08:26, Jian J Wang wrote: > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1792 > > > > Hmac(Md5|Sha1|Sha256)GetContextSize() use a deprecated macro > > HMAC_MAX_MD_CBLOCK defined in openssl. They should be dropped to > > avoid misuses in the future. For context allocation and release, > > use HmacXxxNew() and HmacXxxFree() instead. >=20 > This sounds good, but the subject line is incorrect. >=20 > We are deleting the Hmac(Md5|Sha1|Sha256)GetContextSize() functions > right now, because they have been deprecated for a long time already. >=20 > (1) Therefore, the subject should not say "deprecate", but "delete". You're right. I'll change it. >=20 > > Since HmacXxxNew will zero allocated context buffer, the calling > > to memset() in HmacXxxInit is safe to be removed. >=20 > This is wrong, the memset() is not safe to remove. The > Hmac(Md5|Sha1|Sha256)Init functions are *alternatives* to > Hmac(Md5|Sha1|Sha256)New. >=20 > Consider the (recommended, modern) HmacSha256New() function. The > non-Null implementation is in > "CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c": >=20 > > VOID * > > EFIAPI > > HmacSha256New ( > > VOID > > ) > > { > > // > > // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() > > // > > return (VOID *) HMAC_CTX_new (); > > } >=20 > Let's see what HMAC_CTX_new() does -- it is implemented in > "CryptoPkg/Library/OpensslLib/openssl/crypto/hmac/hmac.c": >=20 > > HMAC_CTX *HMAC_CTX_new(void) > > { > > HMAC_CTX *ctx =3D OPENSSL_zalloc(sizeof(HMAC_CTX)); > > > > if (ctx !=3D NULL) { > > if (!HMAC_CTX_reset(ctx)) { > > HMAC_CTX_free(ctx); > > return NULL; > > } > > } > > return ctx; > > } >=20 > Okay, so this is safe: we have first an OPENSSL_zalloc() call, which > clears the allocated memory, and then we have a HMAC_CTX_reset() > function call. Good. >=20 > Now compare the HmacSha256Init() function (again in > "CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c"): >=20 > > /** > > Initializes user-supplied memory pointed by HmacSha256Context as HMAC= - > SHA256 context for > > subsequent use. > > > > If HmacSha256Context is NULL, then return FALSE. > > > > @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being > initialized. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > @retval TRUE HMAC-SHA256 context initialization succeeded. > > @retval FALSE HMAC-SHA256 context initialization failed. > > > > **/ > > BOOLEAN > > EFIAPI > > HmacSha256Init ( > > OUT VOID *HmacSha256Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > ) > > { > > // > > // Check input parameters. > > // > > if (HmacSha256Context =3D=3D NULL || KeySize > INT_MAX) { > > return FALSE; > > } > > > > // > > // OpenSSL HMAC-SHA256 Context Initialization > > // > > memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE); > > if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) !=3D 1) { > > return FALSE; > > } > > if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySiz= e, > EVP_sha256(), NULL) !=3D 1) { > > return FALSE; > > } > > > > return TRUE; > > } >=20 > As the leading comment says, "HmacSha256Context" is user-supplied > memory. If you remove the memset() call from the function, then > HMAC_CTX_reset() will be invoked on user-supplied memory that may not > have been cleared. Then HMAC_CTX_reset() will be called on garbage. >=20 You're right, if the user can supply a chunk of memory with *appropriate* size as HmacContext. Since we deleted the macro HMAC_XXX_CTX_SIZE, it's impossible for user to do that now. HMAC_CTX is a forward declaration. MSVC refuses to give result of sizeof (HMAC_CTX). The user cannot know how many bytes needed by HMAC_CTX. Therefore there's no such use cases any longer. I think we could update the comments to enforce the use of HmacXxxNew() to get context. User supplied-memory is not acceptable. We can still keep the HMAC_CTX_reset line so that the user can still re-use the context got before by HmacXxxNew(). I think HMAC_CTX_reset works well with an empty Context or init-ed Context. > (2) The only way that I can see for fixing this problem is to remove the > Hmac(Md5|Sha1|Sha256)Init functions too. >=20 > I think that is safe to do, because I can't see any callers in the edk2 > codebase. >=20 > One tricky part is that the leading comments of the > Hmac(Md5|Sha1|Sha256)(Update|Final) functions refer to > Hmac(Md5|Sha1|Sha256)Init. In other words, we do not have code > references to Hmac(Md5|Sha1|Sha256)Init, but we have documentation > references. This means that those comments should be updated as well -- > they should refer to Hmac(Md5|Sha1|Sha256)New instead. >=20 The Init interface is needed to supply user's key for HMAC. It seems the on= ly way to do that. I suggest to keep it. > (3) In case we'd like to continue providing functions that accept "Key" > and "KeySize", for HMAC context initialization, then those functions > will have to call HMAC_CTX_new() internally. Meaning that they can no > longer take user-supplied memory; the context will have to be allocated > inside OpenSSL, and returned to the caller. Yes, the variable encryption feature I'm working on needs to supply user supplied key. I think it'd be better to keep it. Like I suggested above, we should not allow user-supplied context and it's almost impossible for use to supply correct size of context. Thanks for the comments.=20 Regards, Jian >=20 > Thanks > Laszlo >=20 > > > > Cc: Xiaoyu Lu > > Cc: Laszlo Ersek > > Signed-off-by: Jian J Wang > > --- > > CryptoPkg/Include/Library/BaseCryptLib.h | 51 ------------------- > > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 32 ------------ > > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 20 -------- > > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 33 ------------ > > .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 20 -------- > > .../BaseCryptLib/Hmac/CryptHmacSha256.c | 32 ------------ > > .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 20 -------- > > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 20 -------- > > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 20 -------- > > .../Hmac/CryptHmacSha256Null.c | 20 -------- > > 10 files changed, 268 deletions(-) > > > > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > > index 8fe303a0b3..ffe606fa3f 100644 > > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > > @@ -1025,23 +1025,6 @@ Sm3HashAll ( > > // MAC (Message Authentication Code) Primitive > > > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-MD5 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context > operations.) > > - > > - If this interface is not supported, then return zero. > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -MD5 > operations. > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacMd5GetContextSize ( > > - VOID > > - ); > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-M= D5 > use. > > > > @@ -1175,23 +1158,6 @@ HmacMd5Final ( > > OUT UINT8 *HmacValue > > ); > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA1 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context > operations.) > > - > > - If this interface is not supported, then return zero. > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -SHA1 > operations. > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha1GetContextSize ( > > - VOID > > - ); > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-S= HA1 > use. > > > > @@ -1325,23 +1291,6 @@ HmacSha1Final ( > > OUT UINT8 *HmacValue > > ); > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA256 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Contex= t > operations.) > > - > > - If this interface is not supported, then return zero. > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -SHA256 > operations. > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha256GetContextSize ( > > - VOID > > - ); > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC- > SHA256 use. > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > > index 19e9fbeae6..819842392b 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > > @@ -9,37 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include "InternalCryptLib.h" > > #include > > > > -// > > -// NOTE: OpenSSL redefines the size of HMAC_CTX at > crypto/hmac/hmac_lcl.h > > -// #define HMAC_MAX_MD_CBLOCK_SIZE 144 > > -// > > -#define HMAC_MD5_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int= ) + \ > > - sizeof(unsigned char) * 144) > > - > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-MD5 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context > operations.) > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -MD5 > operations. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacMd5GetContextSize ( > > - VOID > > - ) > > -{ > > - // > > - // Retrieves the OpenSSL HMAC-MD5 Context Size > > - // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we j= ust > use the > > - // fixed size as a workaround to make this API work for compat= ibility. > > - // We should retire HmacMd5GetContextSize() in future, and use > HmacMd5New() > > - // and HmacMd5Free() for context allocation and release. > > - // > > - return (UINTN) HMAC_MD5_CTX_SIZE; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-M= D5 > use. > > > > @@ -109,7 +78,6 @@ HmacMd5Init ( > > // > > // OpenSSL HMAC-MD5 Context Initialization > > // > > - memset(HmacMd5Context, 0, HMAC_MD5_CTX_SIZE); > > if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { > > return FALSE; > > } > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > > index 3aafed874b..205dc9e474 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-MD5 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacMd5GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-M= D5 > use. > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > > index 7d7df9640e..f45ecebc6d 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > > @@ -9,38 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include "InternalCryptLib.h" > > #include > > > > -// > > -// NOTE: OpenSSL redefines the size of HMAC_CTX at > crypto/hmac/hmac_lcl.h > > -// #define HMAC_MAX_MD_CBLOCK_SIZE 144 > > -// > > -// > > -#define HMAC_SHA1_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned in= t) + \ > > - sizeof(unsigned char) * 144) > > - > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA1 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context > operations.) > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -SHA1 > operations. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha1GetContextSize ( > > - VOID > > - ) > > -{ > > - // > > - // Retrieves the OpenSSL HMAC-SHA1 Context Size > > - // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we j= ust > use the > > - // fixed size as a workaround to make this API work for compat= ibility. > > - // We should retire HmacSha15GetContextSize() in future, and u= se > HmacSha1New() > > - // and HmacSha1Free() for context allocation and release. > > - // > > - return (UINTN) HMAC_SHA1_CTX_SIZE; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-S= HA1 > use. > > > > @@ -110,7 +78,6 @@ HmacSha1Init ( > > // > > // OpenSSL HMAC-SHA1 Context Initialization > > // > > - memset(HmacSha1Context, 0, HMAC_SHA1_CTX_SIZE); > > if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { > > return FALSE; > > } > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > > index 547aa484ea..542350f15a 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA1 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha1GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-S= HA1 > use. > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > > index f24443e745..446d629d74 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > > @@ -9,37 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include "InternalCryptLib.h" > > #include > > > > -// > > -// NOTE: OpenSSL redefines the size of HMAC_CTX at > crypto/hmac/hmac_lcl.h > > -// #define HMAC_MAX_MD_CBLOCK_SIZE 144 > > -// > > -#define HMAC_SHA256_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned = int) + > \ > > - sizeof(unsigned char) * 144) > > - > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA256 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Contex= t > operations.) > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -SHA256 > operations. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha256GetContextSize ( > > - VOID > > - ) > > -{ > > - // > > - // Retrieves the OpenSSL HMAC-SHA256 Context Size > > - // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we j= ust > use the > > - // fixed size as a workaround to make this API work for compat= ibility. > > - // We should retire HmacSha256GetContextSize() in future, and = use > HmacSha256New() > > - // and HmacSha256Free() for context allocation and release. > > - // > > - return (UINTN)HMAC_SHA256_CTX_SIZE; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC- > SHA256 use. > > > > @@ -109,7 +78,6 @@ HmacSha256Init ( > > // > > // OpenSSL HMAC-SHA256 Context Initialization > > // > > - memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE); > > if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) !=3D 1) { > > return FALSE; > > } > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c > > index f0a4420e27..f8074cc617 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA256 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Contex= t > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha256GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC- > SHA256 use. > > > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > > index 3aafed874b..205dc9e474 100644 > > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > > +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-MD5 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacMd5GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-M= D5 > use. > > > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.= c > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c > > index 547aa484ea..542350f15a 100644 > > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c > > +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA1 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha1GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-S= HA1 > use. > > > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Nul= l.c > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c > > index f0a4420e27..f8074cc617 100644 > > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c > > +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA256 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Contex= t > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha256GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC- > SHA256 use. > > > >