From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.3855.1579144270467588854 for ; Wed, 15 Jan 2020 19:11:10 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jian.j.wang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2020 19:11:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,324,1574150400"; d="scan'208";a="255969682" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga001.fm.intel.com with ESMTP; 15 Jan 2020 19:11:08 -0800 Received: from fmsmsx111.amr.corp.intel.com (10.18.116.5) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 15 Jan 2020 19:11:08 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by fmsmsx111.amr.corp.intel.com (10.18.116.5) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 15 Jan 2020 19:11:08 -0800 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.210]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.245]) with mapi id 14.03.0439.000; Thu, 16 Jan 2020 11:11:06 +0800 From: "Wang, Jian J" To: Laszlo Ersek , "devel@edk2.groups.io" CC: "Lu, XiaoyuX" Subject: Re: [PATCH v2] CryptoPkg/BaseCryptLib: remove HmacXxxGetContextSize interface Thread-Topic: [PATCH v2] CryptoPkg/BaseCryptLib: remove HmacXxxGetContextSize interface Thread-Index: AQHVyr9cbUEg8wrVLEq8oe3Gxd69wqfsnlOA Date: Thu, 16 Jan 2020 03:11:05 +0000 Message-ID: References: <20200114062626.1248-1-jian.j.wang@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNDdmM2VkNGEtMzdkYy00NzhhLWExZTctMTM0YTBhZmZlOTM5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiV1FyTmdsWWJyWXA1Y3l4MUVXbkoxZmpIRGJNQlFzNkFyckVQVnVXXC9QRVdRbFgxZ0FmbGkrb2l2NENFVUlpM3MifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Laszlo, Thanks for the comments. I'll send v3 to include all your suggestions. Regards, Jian > -----Original Message----- > From: Laszlo Ersek > Sent: Tuesday, January 14, 2020 5:45 PM > To: Wang, Jian J ; devel@edk2.groups.io > Cc: Lu, XiaoyuX > Subject: Re: [PATCH v2] CryptoPkg/BaseCryptLib: remove > HmacXxxGetContextSize interface >=20 > On 01/14/20 07:26, Jian J Wang wrote: > >> v2 changes: > >> - change HmacXxxInit to HmacXxxSetKey > >> - remove calling to HMAC_CTX_reset() since HmacXxxNew() has done it > >> already and user-supplied context is not supported any longer. > >> - update comments affected by above change > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1792 > > > > Hmac(Md5|Sha1|Sha256)GetContextSize() use a deprecated macro > > HMAC_MAX_MD_CBLOCK defined in openssl. They should be dropped to > > avoid misuses in the future. For context allocation and release, > > use HmacXxxNew() and HmacXxxFree() instead. > > > > Considering that HmacXxxInit() has no use cases, remove the calling > > to memset() and HMAC_CTX_reset() to drop the support of user supplied > > context buffer. The only functionality left is to set user supplied > > key for HMAC. To avoid confusion, change the the its name to > > HmacXxxSetKey. > > > > Cc: Xiaoyu Lu > > Cc: Laszlo Ersek > > Signed-off-by: Jian J Wang > > --- > > CryptoPkg/Include/Library/BaseCryptLib.h | 111 +++++------------- > > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 58 ++------- > > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 28 +---- > > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 59 ++-------- > > .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 28 +---- > > .../BaseCryptLib/Hmac/CryptHmacSha256.c | 58 ++------- > > .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 28 +---- > > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 20 ---- > > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 20 ---- > > .../Hmac/CryptHmacSha256Null.c | 20 ---- > > 10 files changed, 72 insertions(+), 358 deletions(-) > > > > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > > index 8fe303a0b3..b93f1b9009 100644 > > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > > @@ -1025,23 +1025,6 @@ Sm3HashAll ( > > // MAC (Message Authentication Code) Primitive > > > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-MD5 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context > operations.) > > - > > - If this interface is not supported, then return zero. > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -MD5 > operations. > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacMd5GetContextSize ( > > - VOID > > - ); > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-M= D5 > use. > > > > @@ -1073,24 +1056,24 @@ HmacMd5Free ( > > ); > > > > /** > > - Initializes user-supplied memory pointed by HmacMd5Context as HMAC- > MD5 context for > > - subsequent use. > > + Set user-supplied key for subsequent use. It must be done before any > > + calling to HmacMd5Update(). > > > > If HmacMd5Context is NULL, then return FALSE. > > If this interface is not supported, then return FALSE. > > > > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context being > initialized. > > + @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > - @retval TRUE HMAC-MD5 context initialization succeeded. > > - @retval FALSE HMAC-MD5 context initialization failed. > > + @retval TRUE Key is set succeefully. > > + @retval FALSE Key is set unsucceefully. >=20 > (1) Please fix the typos: it should be "successfully" and "unsuccessfully= ". >=20 > > @retval FALSE This interface is not supported. > > > > **/ > > BOOLEAN > > EFIAPI > > -HmacMd5Init ( > > +HmacMd5SetKey ( > > OUT VOID *HmacMd5Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > @@ -1123,8 +1106,8 @@ HmacMd5Duplicate ( > > > > This function performs HMAC-MD5 digest on a data buffer of the speci= fied > size. > > It can be called multiple times to compute the digest of long or dis= continuous > data streams. > > - HMAC-MD5 context should be already correctly initialized by HmacMd5I= nit(), > and should not be > > - finalized by HmacMd5Final(). Behavior with invalid context is undefi= ned. > > + HMAC-MD5 context should be initialized by HmacMd5New(), and should n= ot > be finalized by > > + HmacMd5Final(). Behavior with invalid context is undefined. > > > > If HmacMd5Context is NULL, then return FALSE. > > If this interface is not supported, then return FALSE. > > @@ -1152,8 +1135,8 @@ HmacMd5Update ( > > This function completes HMAC-MD5 hash computation and retrieves the > digest value into > > the specified memory. After this function has been called, the HMAC-= MD5 > context cannot > > be used again. > > - HMAC-MD5 context should be already correctly initialized by HmacMd5I= nit(), > and should not be > > - finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context = is > undefined. > > + HMAC-MD5 context should be initialized by HmacMd5New(), and should n= ot > be finalized by > > + HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > > > > If HmacMd5Context is NULL, then return FALSE. > > If HmacValue is NULL, then return FALSE. > > @@ -1175,23 +1158,6 @@ HmacMd5Final ( > > OUT UINT8 *HmacValue > > ); > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA1 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context > operations.) > > - > > - If this interface is not supported, then return zero. > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -SHA1 > operations. > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha1GetContextSize ( > > - VOID > > - ); > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-S= HA1 > use. > > > > @@ -1223,24 +1189,24 @@ HmacSha1Free ( > > ); > > > > /** > > - Initializes user-supplied memory pointed by HmacSha1Context as HMAC- > SHA1 context for > > - subsequent use. > > + Set user-supplied key for subsequent use. It must be done before any > > + calling to HmacSha1Update(). > > > > If HmacSha1Context is NULL, then return FALSE. > > If this interface is not supported, then return FALSE. > > > > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being > initialized. > > + @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > - @retval TRUE HMAC-SHA1 context initialization succeeded. > > - @retval FALSE HMAC-SHA1 context initialization failed. > > + @retval TRUE The Key is set succeefully. > > + @retval FALSE The Key is set unsucceefully. >=20 > (2) Same as (1). >=20 > > @retval FALSE This interface is not supported. > > > > **/ > > BOOLEAN > > EFIAPI > > -HmacSha1Init ( > > +HmacSha1SetKey ( > > OUT VOID *HmacSha1Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > @@ -1273,8 +1239,8 @@ HmacSha1Duplicate ( > > > > This function performs HMAC-SHA1 digest on a data buffer of the spec= ified > size. > > It can be called multiple times to compute the digest of long or dis= continuous > data streams. > > - HMAC-SHA1 context should be already correctly initialized by HmacSha= 1Init(), > and should not > > - be finalized by HmacSha1Final(). Behavior with invalid context is un= defined. > > + HMAC-SHA1 context should be initialized by HmacSha1New(), and should > not be finalized by > > + HmacSha1Final(). Behavior with invalid context is undefined. > > > > If HmacSha1Context is NULL, then return FALSE. > > If this interface is not supported, then return FALSE. > > @@ -1302,8 +1268,8 @@ HmacSha1Update ( > > This function completes HMAC-SHA1 hash computation and retrieves the > digest value into > > the specified memory. After this function has been called, the HMAC-= SHA1 > context cannot > > be used again. > > - HMAC-SHA1 context should be already correctly initialized by HmacSha= 1Init(), > and should > > - not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 > context is undefined. > > + HMAC-SHA1 context should be initialized by HmacSha1New(), and should > not be finalized > > + by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undef= ined. > > > > If HmacSha1Context is NULL, then return FALSE. > > If HmacValue is NULL, then return FALSE. > > @@ -1325,23 +1291,6 @@ HmacSha1Final ( > > OUT UINT8 *HmacValue > > ); > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA256 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Contex= t > operations.) > > - > > - If this interface is not supported, then return zero. > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -SHA256 > operations. > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha256GetContextSize ( > > - VOID > > - ); > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC- > SHA256 use. > > > > @@ -1368,24 +1317,24 @@ HmacSha256Free ( > > ); > > > > /** > > - Initializes user-supplied memory pointed by HmacSha256Context as HMA= C- > SHA256 context for > > - subsequent use. > > + Set user-supplied key for subsequent use. It must be done before any > > + calling to HmacSha256Update(). > > > > If HmacSha256Context is NULL, then return FALSE. > > If this interface is not supported, then return FALSE. > > > > - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being > initialized. > > + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > - @retval TRUE HMAC-SHA256 context initialization succeeded. > > - @retval FALSE HMAC-SHA256 context initialization failed. > > + @retval TRUE The Key is set succeefully. > > + @retval FALSE The Key is set unsucceefully. >=20 > (3) Same as (1). >=20 > > @retval FALSE This interface is not supported. > > > > **/ > > BOOLEAN > > EFIAPI > > -HmacSha256Init ( > > +HmacSha256SetKey ( > > OUT VOID *HmacSha256Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > @@ -1418,8 +1367,8 @@ HmacSha256Duplicate ( > > > > This function performs HMAC-SHA256 digest on a data buffer of the > specified size. > > It can be called multiple times to compute the digest of long or dis= continuous > data streams. > > - HMAC-SHA256 context should be already correctly initialized by > HmacSha256Init(), and should not > > - be finalized by HmacSha256Final(). Behavior with invalid context is = undefined. > > + HMAC-SHA256 context should be initialized by HmacSha256New(), and > should not be finalized > > + by HmacSha256Final(). Behavior with invalid context is undefined. > > > > If HmacSha256Context is NULL, then return FALSE. > > If this interface is not supported, then return FALSE. > > @@ -1447,8 +1396,8 @@ HmacSha256Update ( > > This function completes HMAC-SHA256 hash computation and retrieves t= he > digest value into > > the specified memory. After this function has been called, the HMAC-= SHA256 > context cannot > > be used again. > > - HMAC-SHA256 context should be already correctly initialized by > HmacSha256Init(), and should > > - not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SH= A256 > context is undefined. > > + HMAC-SHA256 context should be initialized by HmacSha256New(), and > should not be finalized > > + by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is > undefined. > > > > If HmacSha256Context is NULL, then return FALSE. > > If HmacValue is NULL, then return FALSE. > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > > index 19e9fbeae6..f0609e61d7 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > > @@ -9,37 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include "InternalCryptLib.h" > > #include > > > > -// > > -// NOTE: OpenSSL redefines the size of HMAC_CTX at > crypto/hmac/hmac_lcl.h > > -// #define HMAC_MAX_MD_CBLOCK_SIZE 144 > > -// > > -#define HMAC_MD5_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int= ) + \ > > - sizeof(unsigned char) * 144) > > - > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-MD5 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context > operations.) > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -MD5 > operations. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacMd5GetContextSize ( > > - VOID > > - ) > > -{ > > - // > > - // Retrieves the OpenSSL HMAC-MD5 Context Size > > - // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we j= ust > use the > > - // fixed size as a workaround to make this API work for compat= ibility. > > - // We should retire HmacMd5GetContextSize() in future, and use > HmacMd5New() > > - // and HmacMd5Free() for context allocation and release. > > - // > > - return (UINTN) HMAC_MD5_CTX_SIZE; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-M= D5 > use. > > > > @@ -78,22 +47,22 @@ HmacMd5Free ( > > } > > > > /** > > - Initializes user-supplied memory pointed by HmacMd5Context as HMAC- > MD5 context for > > - subsequent use. > > + Set user-supplied key for subsequent use. It must be done before any > > + calling to HmacMd5Update(). > > > > If HmacMd5Context is NULL, then return FALSE. > > > > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context being > initialized. > > + @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > - @retval TRUE HMAC-MD5 context initialization succeeded. > > - @retval FALSE HMAC-MD5 context initialization failed. > > + @retval TRUE Key is set succeefully. > > + @retval FALSE Key is set unsucceefully. >=20 > (4) Same as (1). >=20 > > > > **/ > > BOOLEAN > > EFIAPI > > -HmacMd5Init ( > > +HmacMd5SetKey ( > > OUT VOID *HmacMd5Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > @@ -106,13 +75,6 @@ HmacMd5Init ( > > return FALSE; > > } > > > > - // > > - // OpenSSL HMAC-MD5 Context Initialization > > - // > > - memset(HmacMd5Context, 0, HMAC_MD5_CTX_SIZE); > > - if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { > > - return FALSE; > > - } > > if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, > EVP_md5(), NULL) !=3D 1) { > > return FALSE; > > } > > @@ -159,8 +121,8 @@ HmacMd5Duplicate ( > > > > This function performs HMAC-MD5 digest on a data buffer of the speci= fied > size. > > It can be called multiple times to compute the digest of long or dis= continuous > data streams. > > - HMAC-MD5 context should be already correctly initialized by HmacMd5I= nit(), > and should not be > > - finalized by HmacMd5Final(). Behavior with invalid context is undefi= ned. > > + HMAC-MD5 context should be initialized by HmacMd5New(), and should n= ot > be finalized by > > + HmacMd5Final(). Behavior with invalid context is undefined. > > > > If HmacMd5Context is NULL, then return FALSE. > > > > @@ -210,8 +172,8 @@ HmacMd5Update ( > > This function completes HMAC-MD5 digest computation and retrieves th= e > digest value into > > the specified memory. After this function has been called, the HMAC-= MD5 > context cannot > > be used again. > > - HMAC-MD5 context should be already correctly initialized by HmacMd5I= nit(), > and should not be > > - finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context = is > undefined. > > + HMAC-MD5 context should be initialized by HmacMd5New(), and should n= ot > be finalized by > > + HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > > > > If HmacMd5Context is NULL, then return FALSE. > > If HmacValue is NULL, then return FALSE. > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > > index 3aafed874b..9da132eeee 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-MD5 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacMd5GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-M= D5 > use. > > > > @@ -65,12 +45,12 @@ HmacMd5Free ( > > } > > > > /** > > - Initializes user-supplied memory pointed by HmacMd5Context as HMAC- > MD5 context for > > - subsequent use. > > + Set user-supplied key for subsequent use. It must be done before any > > + calling to HmacMd5Update(). > > > > Return FALSE to indicate this interface is not supported. > > > > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context being > initialized. > > + @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > @@ -79,7 +59,7 @@ HmacMd5Free ( > > **/ > > BOOLEAN > > EFIAPI > > -HmacMd5Init ( > > +HmacMd5SetKey ( > > OUT VOID *HmacMd5Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > > index 7d7df9640e..1bb5edfbd1 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > > @@ -9,38 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include "InternalCryptLib.h" > > #include > > > > -// > > -// NOTE: OpenSSL redefines the size of HMAC_CTX at > crypto/hmac/hmac_lcl.h > > -// #define HMAC_MAX_MD_CBLOCK_SIZE 144 > > -// > > -// > > -#define HMAC_SHA1_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned in= t) + \ > > - sizeof(unsigned char) * 144) > > - > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA1 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context > operations.) > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -SHA1 > operations. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha1GetContextSize ( > > - VOID > > - ) > > -{ > > - // > > - // Retrieves the OpenSSL HMAC-SHA1 Context Size > > - // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we j= ust > use the > > - // fixed size as a workaround to make this API work for compat= ibility. > > - // We should retire HmacSha15GetContextSize() in future, and u= se > HmacSha1New() > > - // and HmacSha1Free() for context allocation and release. > > - // > > - return (UINTN) HMAC_SHA1_CTX_SIZE; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-S= HA1 > use. > > > > @@ -79,22 +47,22 @@ HmacSha1Free ( > > } > > > > /** > > - Initializes user-supplied memory pointed by HmacSha1Context as HMAC- > SHA1 context for > > - subsequent use. > > + Set user-supplied key for subsequent use. It must be done before any > > + calling to HmacSha1Update(). > > > > If HmacSha1Context is NULL, then return FALSE. > > > > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being > initialized. > > + @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > - @retval TRUE HMAC-SHA1 context initialization succeeded. > > - @retval FALSE HMAC-SHA1 context initialization failed. > > + @retval TRUE The Key is set succeefully. > > + @retval FALSE The Key is set unsucceefully. >=20 > (5) Same as (1). >=20 > > > > **/ > > BOOLEAN > > EFIAPI > > -HmacSha1Init ( > > +HmacSha1SetKey ( > > OUT VOID *HmacSha1Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > @@ -107,13 +75,6 @@ HmacSha1Init ( > > return FALSE; > > } > > > > - // > > - // OpenSSL HMAC-SHA1 Context Initialization > > - // > > - memset(HmacSha1Context, 0, HMAC_SHA1_CTX_SIZE); > > - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { > > - return FALSE; > > - } > > if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize= , > EVP_sha1(), NULL) !=3D 1) { > > return FALSE; > > } > > @@ -160,8 +121,8 @@ HmacSha1Duplicate ( > > > > This function performs HMAC-SHA1 digest on a data buffer of the spec= ified > size. > > It can be called multiple times to compute the digest of long or dis= continuous > data streams. > > - HMAC-SHA1 context should be already correctly initialized by HmacSha= 1Init(), > and should not > > - be finalized by HmacSha1Final(). Behavior with invalid context is un= defined. > > + HMAC-SHA1 context should be initialized by HmacSha1New(), and should > not be finalized by > > + HmacSha1Final(). Behavior with invalid context is undefined. > > > > If HmacSha1Context is NULL, then return FALSE. > > > > @@ -211,8 +172,8 @@ HmacSha1Update ( > > This function completes HMAC-SHA1 digest computation and retrieves t= he > digest value into > > the specified memory. After this function has been called, the HMAC-= SHA1 > context cannot > > be used again. > > - HMAC-SHA1 context should be already correctly initialized by HmacSha= 1Init(), > and should > > - not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 > context is undefined. > > + HMAC-SHA1 context should be initialized by HmacSha1New(), and should > not be finalized by > > + HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefine= d. > > > > If HmacSha1Context is NULL, then return FALSE. > > If HmacValue is NULL, then return FALSE. > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > > index 547aa484ea..2c26e9d514 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA1 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha1GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-S= HA1 > use. > > > > @@ -65,12 +45,12 @@ HmacSha1Free ( > > } > > > > /** > > - Initializes user-supplied memory pointed by HmacSha1Context as HMAC- > SHA1 context for > > - subsequent use. > > + Set user-supplied key for subsequent use. It must be done before any > > + calling to HmacSha1Update(). > > > > Return FALSE to indicate this interface is not supported. > > > > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being > initialized. > > + @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > @@ -79,7 +59,7 @@ HmacSha1Free ( > > **/ > > BOOLEAN > > EFIAPI > > -HmacSha1Init ( > > +HmacSha1SetKey ( > > OUT VOID *HmacSha1Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > > index f24443e745..930248e39f 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c > > @@ -9,37 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include "InternalCryptLib.h" > > #include > > > > -// > > -// NOTE: OpenSSL redefines the size of HMAC_CTX at > crypto/hmac/hmac_lcl.h > > -// #define HMAC_MAX_MD_CBLOCK_SIZE 144 > > -// > > -#define HMAC_SHA256_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned = int) + > \ > > - sizeof(unsigned char) * 144) > > - > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA256 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Contex= t > operations.) > > - > > - @return The size, in bytes, of the context buffer required for HMAC= -SHA256 > operations. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha256GetContextSize ( > > - VOID > > - ) > > -{ > > - // > > - // Retrieves the OpenSSL HMAC-SHA256 Context Size > > - // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we j= ust > use the > > - // fixed size as a workaround to make this API work for compat= ibility. > > - // We should retire HmacSha256GetContextSize() in future, and = use > HmacSha256New() > > - // and HmacSha256Free() for context allocation and release. > > - // > > - return (UINTN)HMAC_SHA256_CTX_SIZE; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC- > SHA256 use. > > > > @@ -78,22 +47,22 @@ HmacSha256Free ( > > } > > > > /** > > - Initializes user-supplied memory pointed by HmacSha256Context as HMA= C- > SHA256 context for > > - subsequent use. > > + Set user-supplied key for subsequent use. It must be done before any > > + calling to HmacSha256Update(). > > > > If HmacSha256Context is NULL, then return FALSE. > > > > - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being > initialized. > > + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > - @retval TRUE HMAC-SHA256 context initialization succeeded. > > - @retval FALSE HMAC-SHA256 context initialization failed. > > + @retval TRUE The Key is set succeefully. > > + @retval FALSE The Key is set unsucceefully. >=20 > (6) Same as (1). >=20 > > > > **/ > > BOOLEAN > > EFIAPI > > -HmacSha256Init ( > > +HmacSha256SetKey ( > > OUT VOID *HmacSha256Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > @@ -106,13 +75,6 @@ HmacSha256Init ( > > return FALSE; > > } > > > > - // > > - // OpenSSL HMAC-SHA256 Context Initialization > > - // > > - memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE); > > - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) !=3D 1) { > > - return FALSE; > > - } > > if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySi= ze, > EVP_sha256(), NULL) !=3D 1) { > > return FALSE; > > } > > @@ -159,8 +121,8 @@ HmacSha256Duplicate ( > > > > This function performs HMAC-SHA256 digest on a data buffer of the > specified size. > > It can be called multiple times to compute the digest of long or dis= continuous > data streams. > > - HMAC-SHA256 context should be already correctly initialized by > HmacSha256Init(), and should not > > - be finalized by HmacSha256Final(). Behavior with invalid context is = undefined. > > + HMAC-SHA256 context should be initialized by HmacSha256New(), and > should not be finalized > > + by HmacSha256Final(). Behavior with invalid context is undefined. > > > > If HmacSha256Context is NULL, then return FALSE. > > > > @@ -210,8 +172,8 @@ HmacSha256Update ( > > This function completes HMAC-SHA256 hash computation and retrieves t= he > digest value into > > the specified memory. After this function has been called, the HMAC-= SHA256 > context cannot > > be used again. > > - HMAC-SHA256 context should be already correctly initialized by > HmacSha256Init(), and should > > - not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SH= A256 > context is undefined. > > + HMAC-SHA256 context should be initialized by HmacSha256New(), and > should not be finalized > > + by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is > undefined. > > > > If HmacSha256Context is NULL, then return FALSE. > > If HmacValue is NULL, then return FALSE. > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c > > index f0a4420e27..1af625ec9f 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA256 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Contex= t > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha256GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC- > SHA256 use. > > > > @@ -65,12 +45,12 @@ HmacSha256Free ( > > } > > > > /** > > - Initializes user-supplied memory pointed by HmacSha256Context as HMA= C- > SHA256 context for > > - subsequent use. > > + Set user-supplied key for subsequent use. It must be done before any > > + calling to HmacSha256Update(). > > > > Return FALSE to indicate this interface is not supported. > > > > - @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being > initialized. > > + @param[out] HmacSha256Context Pointer to HMAC-SHA256 context. > > @param[in] Key Pointer to the user-supplied key. > > @param[in] KeySize Key size in bytes. > > > > @@ -79,7 +59,7 @@ HmacSha256Free ( > > **/ > > BOOLEAN > > EFIAPI > > -HmacSha256Init ( > > +HmacSha256SetKey ( > > OUT VOID *HmacSha256Context, > > IN CONST UINT8 *Key, > > IN UINTN KeySize > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > > index 3aafed874b..205dc9e474 100644 > > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > > +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-MD5 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacMd5GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-M= D5 > use. > > >=20 > (7) You missed the Init -> SetKey rename, and the according comment > changes, in this file. >=20 > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.= c > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c > > index 547aa484ea..542350f15a 100644 > > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c > > +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA1 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha1GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC-S= HA1 > use. > > >=20 > (8) Same as (7). >=20 > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Nul= l.c > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c > > index f0a4420e27..f8074cc617 100644 > > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c > > +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha256Null.c > > @@ -8,26 +8,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include "InternalCryptLib.h" > > > > -/** > > - Retrieves the size, in bytes, of the context buffer required for HMA= C-SHA256 > operations. > > - (NOTE: This API is deprecated. > > - Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Contex= t > operations.) > > - > > - Return zero to indicate this interface is not supported. > > - > > - @retval 0 This interface is not supported. > > - > > -**/ > > -UINTN > > -EFIAPI > > -HmacSha256GetContextSize ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return 0; > > -} > > - > > /** > > Allocates and initializes one HMAC_CTX context for subsequent HMAC- > SHA256 use. > > > > >=20 > (9) Same as (7). >=20 > (10) I think this patch is very difficult to review; it is too large, > doing too many things at the same time. Here's how I propose splitting > it up: >=20 > * Patch#1: > - rename Init to SetKey, updating the lib class header and all the > library instances too, > - update all comments that refer to Init, as well, > - update the non-Null implementations of the SetKey function (removing > memset() and the HMAC_CTX_reset()). >=20 > This patch should be called: >=20 > CryptoPkg/BaseCryptLib: replace HmacXxxInit API with HmacXxxSetKey >=20 > The commit message should mention that we will no longer support > user-supplied memory for contexts, and so the Init interface is replaced > with SetKey, which will only operate on contexts created with New. >=20 > * Patch#2: > - everything else >=20 > and it should be called: >=20 > CryptoPkg/BaseCryptLib: remove HmacXxxGetContextSize interface >=20 > Thanks > Laszlo