From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.12359.1588950196529428644 for ; Fri, 08 May 2020 08:03:16 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jian.j.wang@intel.com) IronPort-SDR: 9Q7yOfY3FqRO+lwGz/+XzQzPtkNXJ7myQuWuPM1nhMupuW1krjWWMH9ysCgE29HwqblUW67G/S LJfPZ6KElr7g== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2020 08:03:15 -0700 IronPort-SDR: /Qa1DzuJ9dakNi/hPCLOYjKh1C97LJEqQuTLzJ7NuyVWtQHKTYGZXo5cJQUH8WgWW/d9Fy8FXp D5W/MmFPLqaw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,367,1583222400"; d="scan'208";a="296156319" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2020 08:03:15 -0700 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 8 May 2020 08:03:14 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 8 May 2020 08:03:14 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.200]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.210]) with mapi id 14.03.0439.000; Fri, 8 May 2020 23:03:10 +0800 From: "Wang, Jian J" To: "Gao, Zhichao" , "devel@edk2.groups.io" CC: "Lu, XiaoyuX" , "Fu, Siyuan" , "Kinney, Michael D" , "Yao, Jiewen" Subject: Re: [PATCH V3 6/8] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Thread-Topic: [PATCH V3 6/8] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Thread-Index: AQHWJAI0cMU3r5F3uEy/+6gO62mSX6ieSzqA Date: Fri, 8 May 2020 15:03:09 +0000 Message-ID: References: <20200506235746.19500-1-zhichao.gao@intel.com> <20200506235746.19500-7-zhichao.gao@intel.com> In-Reply-To: <20200506235746.19500-7-zhichao.gao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Zhichao, The removal of AesEcbEncrypt() and AesEcbDecrypt() should go to patch 5. Regards, Jian > -----Original Message----- > From: Gao, Zhichao > Sent: Thursday, May 07, 2020 7:58 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Fu, Siyuan ; Kinney, Michael D > ; Yao, Jiewen > Subject: [PATCH V3 6/8] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 >=20 > HMAC MD5 is not secure any longer. > Remove the HMAC MD5 support from edk2. > Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the > function is unsupported any long. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Siyuan Fu > Cc: Michael D Kinney > Cc: Jiewen Yao > Signed-off-by: Zhichao Gao > --- > CryptoPkg/CryptoPkg.dsc | 1 - > CryptoPkg/Driver/Crypto.c | 128 ++--------- > CryptoPkg/Include/Library/BaseCryptLib.h | 203 ---------------- > .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------ > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 ----------- > .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- > .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- > .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 ----------- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------ > CryptoPkg/Private/Protocol/Crypto.h | 117 ++-------- > 16 files changed, 45 insertions(+), 1072 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c >=20 > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index 1f68cc633b..9ddf73f9fa 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -137,7 +137,6 @@ > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 >=20 > !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" > - > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam > ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index 341df3b814..dfde1cc005 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -1105,154 +1105,68 @@ CryptoServiceSm3HashAll ( >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > /** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - @retval NULL This interface is not supported. > + HMAC MD5 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > VOID * > EFIAPI > -CryptoServiceHmacMd5New ( > +DeprecatedCryptoServiceHmacMd5New ( > VOID > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), > NULL); > + return BaseCryptLibServciceDeprecated ("HmacMd5New"), NULL; > } >=20 > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released= . > - > -**/ > VOID > EFIAPI > -CryptoServiceHmacMd5Free ( > +DeprecatedCryptoServiceHmacMd5Free ( > IN VOID *HmacMd5Ctx > ) > { > - CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, > (HmacMd5Ctx)); > + BaseCryptLibServciceDeprecated ("HmacMd5Free"); > } >=20 > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE Key is set successfully. > - @retval FALSE Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacMd5SetKey ( > +DeprecatedCryptoServiceHmacMd5SetKey ( > OUT VOID *HmacMd5Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, > (HmacMd5Context, Key, KeySize), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacMd5SetKey"), FALSE; > } >=20 > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copie= d. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacMd5Duplicate ( > +DeprecatedCryptoServiceHmacMd5Duplicate ( > IN CONST VOID *HmacMd5Context, > OUT VOID *NewHmacMd5Context > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, > HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Context), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacMd5Duplicate"), FALSE; > } >=20 > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specifi= ed size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacMd5Update ( > +DeprecatedCryptoServiceHmacMd5Update ( > IN OUT VOID *HmacMd5Context, > IN CONST VOID *Data, > IN UINTN DataSize > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, > (HmacMd5Context, Data, DataSize), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacMd5Update"), FALSE; > } >=20 > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD= 5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the= HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacMd5Final ( > +DeprecatedCryptoServiceHmacMd5Final ( > IN OUT VOID *HmacMd5Context, > OUT UINT8 *HmacValue > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, > (HmacMd5Context, HmacValue), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacMd5Final"), FALSE; > } >=20 > /** > @@ -4051,13 +3965,13 @@ CryptoServiceTlsGetCertRevocationList ( > const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { > /// Version > CryptoServiceGetCryptoVersion, > - /// HMAC MD5 > - CryptoServiceHmacMd5New, > - CryptoServiceHmacMd5Free, > - CryptoServiceHmacMd5SetKey, > - CryptoServiceHmacMd5Duplicate, > - CryptoServiceHmacMd5Update, > - CryptoServiceHmacMd5Final, > + /// HMAC MD5 - deprecated and unsupported > + DeprecatedCryptoServiceHmacMd5New, > + DeprecatedCryptoServiceHmacMd5Free, > + DeprecatedCryptoServiceHmacMd5SetKey, > + DeprecatedCryptoServiceHmacMd5Duplicate, > + DeprecatedCryptoServiceHmacMd5Update, > + DeprecatedCryptoServiceHmacMd5Final, > /// HMAC SHA1 > CryptoServiceHmacSha1New, > CryptoServiceHmacSha1Free, > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 621bcfd1c4..b99401661c 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -880,139 +880,6 @@ Sm3HashAll ( > // MAC (Message Authentication Code) Primitive >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - @retval NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ); > - > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released= . > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ); > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE Key is set successfully. > - @retval FALSE Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ); > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copie= d. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ); > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specifi= ed size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ); > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD= 5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the= HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ); > - > /** > Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 1 > use. >=20 > @@ -1323,76 +1190,6 @@ AesInit ( > IN UINTN KeyLength > ); >=20 > -/** > - Performs AES encryption on a data buffer of the specified size in ECB = mode. > - > - This function performs AES encryption on data buffer pointed by Input,= of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function doe= s not > perform > - padding. Caller must perform padding, if necessary, to ensure valid in= put data > size. > - AesContext should be already correctly initialized by AesInit(). Behav= ior with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FAL= SE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to = be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES enc= ryption > output. > - > - @retval TRUE AES encryption succeeded. > - @retval FALSE AES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbEncrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > -/** > - Performs AES decryption on a data buffer of the specified size in ECB = mode. > - > - This function performs AES decryption on data buffer pointed by Input,= of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function doe= s not > perform > - padding. Caller must perform padding, if necessary, to ensure valid in= put data > size. > - AesContext should be already correctly initialized by AesInit(). Behav= ior with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FAL= SE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to = be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES dec= ryption > output. > - > - @retval TRUE AES decryption succeeded. > - @retval FALSE AES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbDecrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > /** > Performs AES encryption on a data buffer of the specified size in CBC = mode. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > index 2de8e9c346..33d7c13bff 100644 > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -34,7 +34,6 @@ > Hash/CryptSha256.c > Hash/CryptSha512.c > Hash/CryptSm3.c > - Hmac/CryptHmacMd5.c > Hmac/CryptHmacSha1.c > Hmac/CryptHmacSha256.c > Kdf/CryptHkdf.c > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > deleted file mode 100644 > index da46ce09f4..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > +++ /dev/null > @@ -1,216 +0,0 @@ > -/** @file > - HMAC-MD5 Wrapper Implementation over OpenSSL. > - > -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > -#include > - > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ) > -{ > - // > - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() > - // > - return (VOID *) HMAC_CTX_new (); > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released= . > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ) > -{ > - // > - // Free OpenSSL HMAC_CTX Context > - // > - HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE Key is set successfully. > - @retval FALSE Key is set unsuccessfully. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - // > - // Check input parameters. > - // > - if (HmacMd5Context =3D=3D NULL || KeySize > INT_MAX) { > - return FALSE; > - } > - > - if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, > EVP_md5(), NULL) !=3D 1) { > - return FALSE; > - } > - > - return TRUE; > -} > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copie= d. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ) > -{ > - // > - // Check input parameters. > - // > - if (HmacMd5Context =3D=3D NULL || NewHmacMd5Context =3D=3D NULL) { > - return FALSE; > - } > - > - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX > *)HmacMd5Context) !=3D 1) { > - return FALSE; > - } > - > - return TRUE; > -} > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specifi= ed size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - // > - // Check input parameters. > - // > - if (HmacMd5Context =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // Check invalid parameters, in case that only DataLength was checked = in > OpenSSL > - // > - if (Data =3D=3D NULL && DataSize !=3D 0) { > - return FALSE; > - } > - > - // > - // OpenSSL HMAC-MD5 digest update > - // > - if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) !=3D 1) { > - return FALSE; > - } > - > - return TRUE; > -} > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 digest computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD= 5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the= HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ) > -{ > - UINT32 Length; > - > - // > - // Check input parameters. > - // > - if (HmacMd5Context =3D=3D NULL || HmacValue =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // OpenSSL HMAC-MD5 digest finalization > - // > - if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) !=3D 1= ) { > - return FALSE; > - } > - if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { > - return FALSE; > - } > - > - return TRUE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > deleted file mode 100644 > index 5de55bf0d5..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > +++ /dev/null > @@ -1,139 +0,0 @@ > -/** @file > - HMAC-MD5 Wrapper Implementation which does not provide real capabiliti= es. > - > -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - Return NULL to indicate this interface is not supported. > - > - @retval NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return NULL; > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - This function will do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released= . > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ) > -{ > - ASSERT (FALSE); > - return; > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copie= d. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the= HMAC- > MD5 digest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > index f631f8d879..2a630ef290 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA > external > +# HMAC-SHA1/SHA256 functions, AES functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , X.509 > # certificate handler functions, authenticode signature verification fu= nctions, > # PEM handler functions, and pseudorandom number generator functions ar= e > not > @@ -40,7 +40,6 @@ > Hash/CryptSha256.c > Hash/CryptSm3.c > Hash/CryptSha512.c > - Hmac/CryptHmacMd5Null.c > Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > index c906935d3d..95c71a8ae2 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > @@ -6,7 +6,7 @@ > // This external input must be validated carefully to avoid security iss= ues such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES > +// Note: HMAC-SHA1 functions, AES > // functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, X.509 certificate handler functions, authen= ticode > // signature verification functions, PEM handler functions, and pseudora= ndom > number > @@ -21,5 +21,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for PEIM" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, X.509 certificate ha= ndler > functions, authenticode signature verification functions, PEM handler fun= ctions, > and pseudorandom number generator functions are not supported in this > instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 funct= ions, > AES functions, RSA external functions, PKCS#7 SignedData sign functions, = Diffie- > Hellman functions, X.509 certificate handler functions, authenticode sign= ature > verification functions, PEM handler functions, and pseudorandom number > generator functions are not supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > index 672e19299c..1642521087 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA > external > +# HMAC-SHA1/SHA256 functions, AES functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , and > # authenticode signature verification functions are not supported in th= is > instance. > # > @@ -40,7 +40,6 @@ > Hash/CryptSha256.c > Hash/CryptSm3.c > Hash/CryptSha512Null.c > - Hmac/CryptHmacMd5Null.c > Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > index 0a3bb1c04f..f7e1acb3a7 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > @@ -6,7 +6,7 @@ > // This external input must be validated carefully to avoid security iss= ues such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES > +// Note: HMAC-SHA1 functions, AES > // functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification fun= ctions > are > // not supported in this instance. > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for DXE_RUNTIME_DRIVER" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode sig= nature > verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 funct= ions, > AES functions, RSA external functions, PKCS#7 SignedData sign functions, = Diffie- > Hellman functions, and authenticode signature verification functions are = not > supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > index cc3556ae3f..ec9c8e7c05 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external > +# HMAC-SHA1 functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , and > # authenticode signature verification functions are not supported in th= is > instance. > # > @@ -39,7 +39,6 @@ > Hash/CryptSha256.c > Hash/CryptSm3.c > Hash/CryptSha512Null.c > - Hmac/CryptHmacMd5Null.c > Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256.c > Kdf/CryptHkdfNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > index 2e362c635f..8eb3acac93 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > @@ -6,7 +6,7 @@ > // This external input must be validated carefully to avoid security iss= ues such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES > +// Note: HMAC-SHA1 functions, AES > // functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification fun= ctions > are > // not supported in this instance. > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for SMM driver" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode sig= nature > verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 funct= ions, > AES functions, RSA external functions, PKCS#7 SignedData sign functions, = Diffie- > Hellman functions, and authenticode signature verification functions are = not > supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > index 04b552f8b7..558ccfc002 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > @@ -34,7 +34,6 @@ > Hash/CryptSha256Null.c > Hash/CryptSha512Null.c > Hash/CryptSm3Null.c > - Hmac/CryptHmacMd5Null.c > Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > deleted file mode 100644 > index 5de55bf0d5..0000000000 > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > +++ /dev/null > @@ -1,139 +0,0 @@ > -/** @file > - HMAC-MD5 Wrapper Implementation which does not provide real capabiliti= es. > - > -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - Return NULL to indicate this interface is not supported. > - > - @retval NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return NULL; > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - This function will do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released= . > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ) > -{ > - ASSERT (FALSE); > - return; > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copie= d. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the= HMAC- > MD5 digest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index c937f8540d..dfe7fb7e91 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -1015,157 +1015,6 @@ Sm3HashAll ( > // MAC (Message Authentication Code) Primitive >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - @retval NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5New, (), NULL); > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released= . > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ) > -{ > - CALL_VOID_CRYPTO_SERVICE (HmacMd5Free, (HmacMd5Ctx)); > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE Key is set successfully. > - @retval FALSE Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5SetKey, (HmacMd5Context, Key, KeySize), > FALSE); > -} > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copie= d. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5Duplicate, (HmacMd5Context, > NewHmacMd5Context), FALSE); > -} > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specifi= ed size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5Update, (HmacMd5Context, Data, > DataSize), FALSE); > -} > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD= 5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the= HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5Final, (HmacMd5Context, HmacValue), > FALSE); > -} > - > /** > Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 1 > use. >=20 > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index e76ff623a5..bd4cd7f383 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -43,135 +43,48 @@ UINTN > // MAC (Message Authentication Code) Primitive >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > /** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - @retval NULL This interface is not supported. > + HMAC MD5 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > typedef > VOID* > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_NEW) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW) ( > VOID > ); >=20 > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released= . > - > -**/ > typedef > VOID > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FREE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE) ( > IN VOID *HmacMd5Ctx > ); >=20 > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE HMAC-MD5 context initialization succeeded. > - @retval FALSE HMAC-MD5 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( > OUT VOID *HmacMd5Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ); >=20 > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copie= d. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( > IN CONST VOID *HmacMd5Context, > OUT VOID *NewHmacMd5Context > ); >=20 > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specifi= ed size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_UPDATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE) ( > IN OUT VOID *HmacMd5Context, > IN CONST VOID *Data, > IN UINTN DataSize > ); >=20 > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD= 5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the= HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FINAL) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL) ( > IN OUT VOID *HmacMd5Context, > OUT UINT8 *HmacValue > ); > @@ -3618,13 +3531,13 @@ EFI_STATUS > struct _EDKII_CRYPTO_PROTOCOL { > /// Version > EDKII_CRYPTO_GET_VERSION GetVersion; > - /// HMAC MD5 > - EDKII_CRYPTO_HMAC_MD5_NEW HmacMd5New; > - EDKII_CRYPTO_HMAC_MD5_FREE HmacMd5Free; > - EDKII_CRYPTO_HMAC_MD5_SET_KEY HmacMd5SetKey; > - EDKII_CRYPTO_HMAC_MD5_DUPLICATE HmacMd5Duplicate; > - EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update; > - EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final; > + /// HMAC MD5 - deprecated and unsupported > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW > DeprecatedHmacMd5New; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE > DeprecatedHmacMd5Free; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY > DeprecatedHmacMd5SetKey; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE > DeprecatedHmacMd5Duplicate; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE > DeprecatedHmacMd5Update; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL > DeprecatedHmacMd5Final; > /// HMAC SHA1 > EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; > EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; > -- > 2.21.0.windows.1