From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Gao, Zhichao" <zhichao.gao@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Lu, XiaoyuX" <xiaoyux.lu@intel.com>,
"Fu, Siyuan" <siyuan.fu@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>
Subject: Re: [PATCH V3 7/8] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
Date: Fri, 8 May 2020 15:11:45 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C510003625A84389@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <20200506235746.19500-8-zhichao.gao@intel.com>
Just a typo (see below). With it addressed,
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: Thursday, May 07, 2020 7:58 AM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Fu, Siyuan <siyuan.fu@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH V3 7/8] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
>
> HMAC SHA1 is not secure any longer.
> Remove the HMAC SHA1 support from edk2.
> Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the
> function is unsupported any long.
'long' --> 'longer'
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
> CryptoPkg/CryptoPkg.dsc | 3 -
> CryptoPkg/Driver/Crypto.c | 128 ++---------
> CryptoPkg/Include/Library/BaseCryptLib.h | 133 -----------
> .../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
> .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ------------------
> .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 -----------
> .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
> .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +-
> .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
> .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +-
> .../Library/BaseCryptLib/SmmCryptLib.inf | 4 +-
> .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +-
> .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
> .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 -----------
> .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------
> CryptoPkg/Private/Protocol/Crypto.h | 121 ++--------
> 16 files changed, 45 insertions(+), 1009 deletions(-)
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
>
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index 9ddf73f9fa..1af78468a1 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -137,7 +137,6 @@
> gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
>
> !if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
>
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam
> ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> @@ -163,7 +162,6 @@
> !endif
>
> !if $(CRYPTO_SERVICES) == MIN_PEI
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
>
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam
> ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
> @@ -178,7 +176,6 @@
> !endif
>
> !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
> -
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family
> | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
>
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam
> ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
>
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkc
> s1v2Encrypt | TRUE
>
> gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkc
> s5HashPassword | TRUE
> diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
> index dfde1cc005..95172de981 100644
> --- a/CryptoPkg/Driver/Crypto.c
> +++ b/CryptoPkg/Driver/Crypto.c
> @@ -1170,154 +1170,68 @@ DeprecatedCryptoServiceHmacMd5Final (
> }
>
> /**
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1
> use.
> -
> - If this interface is not supported, then return NULL.
> -
> - @return Pointer to the HMAC_CTX context that has been initialized.
> - If the allocations fails, HmacSha1New() returns NULL.
> - @return NULL This interface is not supported.
> + HMAC SHA1 is deprecated and unsupported any longer.
> + Keep the function field for binary compability.
>
> **/
> VOID *
> EFIAPI
> -CryptoServiceHmacSha1New (
> +DeprecatedCryptoServiceHmacSha1New (
> VOID
> )
> {
> - return CALL_BASECRYPTLIB (HmacSha1.Services.New, HmacSha1New, (),
> NULL);
> + return BaseCryptLibServciceDeprecated ("HmacSha1New"), NULL;
> }
>
> -/**
> - Release the specified HMAC_CTX context.
> -
> - If this interface is not supported, then do nothing.
> -
> - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
> -
> -**/
> VOID
> EFIAPI
> -CryptoServiceHmacSha1Free (
> +DeprecatedCryptoServiceHmacSha1Free (
> IN VOID *HmacSha1Ctx
> )
> {
> - CALL_VOID_BASECRYPTLIB (HmacSha1.Services.Free, HmacSha1Free,
> (HmacSha1Ctx));
> + BaseCryptLibServciceDeprecated ("HmacSha1Free");
> }
>
> -/**
> - Set user-supplied key for subsequent use. It must be done before any
> - calling to HmacSha1Update().
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
> - @param[in] Key Pointer to the user-supplied key.
> - @param[in] KeySize Key size in bytes.
> -
> - @retval TRUE The Key is set successfully.
> - @retval FALSE The Key is set unsuccessfully.
> - @retval FALSE This interface is not supported.
> -
> -**/
> BOOLEAN
> EFIAPI
> -CryptoServiceHmacSha1SetKey (
> +DeprecatedCryptoServiceHmacSha1SetKey (
> OUT VOID *HmacSha1Context,
> IN CONST UINT8 *Key,
> IN UINTN KeySize
> )
> {
> - return CALL_BASECRYPTLIB (HmacSha1.Services.SetKey, HmacSha1SetKey,
> (HmacSha1Context, Key, KeySize), FALSE);
> + return BaseCryptLibServciceDeprecated ("HmacSha1SetKey"), FALSE;
> }
>
> -/**
> - Makes a copy of an existing HMAC-SHA1 context.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If NewHmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being
> copied.
> - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
> -
> - @retval TRUE HMAC-SHA1 context copy succeeded.
> - @retval FALSE HMAC-SHA1 context copy failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> BOOLEAN
> EFIAPI
> -CryptoServiceHmacSha1Duplicate (
> +DeprecatedCryptoServiceHmacSha1Duplicate (
> IN CONST VOID *HmacSha1Context,
> OUT VOID *NewHmacSha1Context
> )
> {
> - return CALL_BASECRYPTLIB (HmacSha1.Services.Duplicate,
> HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Context), FALSE);
> + return BaseCryptLibServciceDeprecated ("HmacSha1Duplicate"), FALSE;
> }
>
> -/**
> - Digests the input data and updates HMAC-SHA1 context.
> -
> - This function performs HMAC-SHA1 digest on a data buffer of the specified
> size.
> - It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized by
> - HmacSha1Final(). Behavior with invalid context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
> - @param[in] DataSize Size of Data buffer in bytes.
> -
> - @retval TRUE HMAC-SHA1 data digest succeeded.
> - @retval FALSE HMAC-SHA1 data digest failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> BOOLEAN
> EFIAPI
> -CryptoServiceHmacSha1Update (
> +DeprecatedCryptoServiceHmacSha1Update (
> IN OUT VOID *HmacSha1Context,
> IN CONST VOID *Data,
> IN UINTN DataSize
> )
> {
> - return CALL_BASECRYPTLIB (HmacSha1.Services.Update, HmacSha1Update,
> (HmacSha1Context, Data, DataSize), FALSE);
> + return BaseCryptLibServciceDeprecated ("HmacSha1Update"), FALSE;
> }
>
> -/**
> - Completes computation of the HMAC-SHA1 digest value.
> -
> - This function completes HMAC-SHA1 hash computation and retrieves the
> digest value into
> - the specified memory. After this function has been called, the HMAC-SHA1
> context cannot
> - be used again.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized
> - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If HmacValue is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA1 digest
> - value (20 bytes).
> -
> - @retval TRUE HMAC-SHA1 digest computation succeeded.
> - @retval FALSE HMAC-SHA1 digest computation failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> BOOLEAN
> EFIAPI
> -CryptoServiceHmacSha1Final (
> +DeprecatedCryptoServiceHmacSha1Final (
> IN OUT VOID *HmacSha1Context,
> OUT UINT8 *HmacValue
> )
> {
> - return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final,
> (HmacSha1Context, HmacValue), FALSE);
> + return BaseCryptLibServciceDeprecated ("HmacSha1Final"), FALSE;
> }
>
> /**
> @@ -3972,13 +3886,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
> DeprecatedCryptoServiceHmacMd5Duplicate,
> DeprecatedCryptoServiceHmacMd5Update,
> DeprecatedCryptoServiceHmacMd5Final,
> - /// HMAC SHA1
> - CryptoServiceHmacSha1New,
> - CryptoServiceHmacSha1Free,
> - CryptoServiceHmacSha1SetKey,
> - CryptoServiceHmacSha1Duplicate,
> - CryptoServiceHmacSha1Update,
> - CryptoServiceHmacSha1Final,
> + /// HMAC SHA1 - deprecated and unsupported
> + DeprecatedCryptoServiceHmacSha1New,
> + DeprecatedCryptoServiceHmacSha1Free,
> + DeprecatedCryptoServiceHmacSha1SetKey,
> + DeprecatedCryptoServiceHmacSha1Duplicate,
> + DeprecatedCryptoServiceHmacSha1Update,
> + DeprecatedCryptoServiceHmacSha1Final,
> /// HMAC SHA256
> CryptoServiceHmacSha256New,
> CryptoServiceHmacSha256Free,
> diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> b/CryptoPkg/Include/Library/BaseCryptLib.h
> index b99401661c..1b1ffa75ef 100644
> --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> @@ -880,139 +880,6 @@ Sm3HashAll (
> // MAC (Message Authentication Code) Primitive
>
> //===============================================================
> ======================
>
> -/**
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1
> use.
> -
> - If this interface is not supported, then return NULL.
> -
> - @return Pointer to the HMAC_CTX context that has been initialized.
> - If the allocations fails, HmacSha1New() returns NULL.
> - @return NULL This interface is not supported.
> -
> -**/
> -VOID *
> -EFIAPI
> -HmacSha1New (
> - VOID
> - );
> -
> -/**
> - Release the specified HMAC_CTX context.
> -
> - If this interface is not supported, then do nothing.
> -
> - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
> -
> -**/
> -VOID
> -EFIAPI
> -HmacSha1Free (
> - IN VOID *HmacSha1Ctx
> - );
> -
> -/**
> - Set user-supplied key for subsequent use. It must be done before any
> - calling to HmacSha1Update().
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
> - @param[in] Key Pointer to the user-supplied key.
> - @param[in] KeySize Key size in bytes.
> -
> - @retval TRUE The Key is set successfully.
> - @retval FALSE The Key is set unsuccessfully.
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1SetKey (
> - OUT VOID *HmacSha1Context,
> - IN CONST UINT8 *Key,
> - IN UINTN KeySize
> - );
> -
> -/**
> - Makes a copy of an existing HMAC-SHA1 context.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If NewHmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being
> copied.
> - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
> -
> - @retval TRUE HMAC-SHA1 context copy succeeded.
> - @retval FALSE HMAC-SHA1 context copy failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Duplicate (
> - IN CONST VOID *HmacSha1Context,
> - OUT VOID *NewHmacSha1Context
> - );
> -
> -/**
> - Digests the input data and updates HMAC-SHA1 context.
> -
> - This function performs HMAC-SHA1 digest on a data buffer of the specified
> size.
> - It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized by
> - HmacSha1Final(). Behavior with invalid context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
> - @param[in] DataSize Size of Data buffer in bytes.
> -
> - @retval TRUE HMAC-SHA1 data digest succeeded.
> - @retval FALSE HMAC-SHA1 data digest failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Update (
> - IN OUT VOID *HmacSha1Context,
> - IN CONST VOID *Data,
> - IN UINTN DataSize
> - );
> -
> -/**
> - Completes computation of the HMAC-SHA1 digest value.
> -
> - This function completes HMAC-SHA1 hash computation and retrieves the
> digest value into
> - the specified memory. After this function has been called, the HMAC-SHA1
> context cannot
> - be used again.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized
> - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If HmacValue is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA1 digest
> - value (20 bytes).
> -
> - @retval TRUE HMAC-SHA1 digest computation succeeded.
> - @retval FALSE HMAC-SHA1 digest computation failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Final (
> - IN OUT VOID *HmacSha1Context,
> - OUT UINT8 *HmacValue
> - );
> -
> /**
> Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256
> use.
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> index 33d7c13bff..4aae2aba95 100644
> --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> @@ -34,7 +34,6 @@
> Hash/CryptSha256.c
> Hash/CryptSha512.c
> Hash/CryptSm3.c
> - Hmac/CryptHmacSha1.c
> Hmac/CryptHmacSha256.c
> Kdf/CryptHkdf.c
> Cipher/CryptAes.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> deleted file mode 100644
> index 7593ca55b1..0000000000
> --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> +++ /dev/null
> @@ -1,216 +0,0 @@
> -/** @file
> - HMAC-SHA1 Wrapper Implementation over OpenSSL.
> -
> -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> -
> -**/
> -
> -#include "InternalCryptLib.h"
> -#include <openssl/hmac.h>
> -
> -/**
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1
> use.
> -
> - @return Pointer to the HMAC_CTX context that has been initialized.
> - If the allocations fails, HmacSha1New() returns NULL.
> -
> -**/
> -VOID *
> -EFIAPI
> -HmacSha1New (
> - VOID
> - )
> -{
> - //
> - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
> - //
> - return (VOID *) HMAC_CTX_new ();
> -}
> -
> -/**
> - Release the specified HMAC_CTX context.
> -
> - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
> -
> -**/
> -VOID
> -EFIAPI
> -HmacSha1Free (
> - IN VOID *HmacSha1Ctx
> - )
> -{
> - //
> - // Free OpenSSL HMAC_CTX Context
> - //
> - HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx);
> -}
> -
> -/**
> - Set user-supplied key for subsequent use. It must be done before any
> - calling to HmacSha1Update().
> -
> - If HmacSha1Context is NULL, then return FALSE.
> -
> - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
> - @param[in] Key Pointer to the user-supplied key.
> - @param[in] KeySize Key size in bytes.
> -
> - @retval TRUE The Key is set successfully.
> - @retval FALSE The Key is set unsuccessfully.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1SetKey (
> - OUT VOID *HmacSha1Context,
> - IN CONST UINT8 *Key,
> - IN UINTN KeySize
> - )
> -{
> - //
> - // Check input parameters.
> - //
> - if (HmacSha1Context == NULL || KeySize > INT_MAX) {
> - return FALSE;
> - }
> -
> - if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize,
> EVP_sha1(), NULL) != 1) {
> - return FALSE;
> - }
> -
> - return TRUE;
> -}
> -
> -/**
> - Makes a copy of an existing HMAC-SHA1 context.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If NewHmacSha1Context is NULL, then return FALSE.
> -
> - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being
> copied.
> - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
> -
> - @retval TRUE HMAC-SHA1 context copy succeeded.
> - @retval FALSE HMAC-SHA1 context copy failed.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Duplicate (
> - IN CONST VOID *HmacSha1Context,
> - OUT VOID *NewHmacSha1Context
> - )
> -{
> - //
> - // Check input parameters.
> - //
> - if (HmacSha1Context == NULL || NewHmacSha1Context == NULL) {
> - return FALSE;
> - }
> -
> - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX
> *)HmacSha1Context) != 1) {
> - return FALSE;
> - }
> -
> - return TRUE;
> -}
> -
> -/**
> - Digests the input data and updates HMAC-SHA1 context.
> -
> - This function performs HMAC-SHA1 digest on a data buffer of the specified
> size.
> - It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized by
> - HmacSha1Final(). Behavior with invalid context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
> - @param[in] DataSize Size of Data buffer in bytes.
> -
> - @retval TRUE HMAC-SHA1 data digest succeeded.
> - @retval FALSE HMAC-SHA1 data digest failed.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Update (
> - IN OUT VOID *HmacSha1Context,
> - IN CONST VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - //
> - // Check input parameters.
> - //
> - if (HmacSha1Context == NULL) {
> - return FALSE;
> - }
> -
> - //
> - // Check invalid parameters, in case that only DataLength was checked in
> OpenSSL
> - //
> - if (Data == NULL && DataSize != 0) {
> - return FALSE;
> - }
> -
> - //
> - // OpenSSL HMAC-SHA1 digest update
> - //
> - if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) != 1) {
> - return FALSE;
> - }
> -
> - return TRUE;
> -}
> -
> -/**
> - Completes computation of the HMAC-SHA1 digest value.
> -
> - This function completes HMAC-SHA1 digest computation and retrieves the
> digest value into
> - the specified memory. After this function has been called, the HMAC-SHA1
> context cannot
> - be used again.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized by
> - HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If HmacValue is NULL, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA1 digest
> - value (20 bytes).
> -
> - @retval TRUE HMAC-SHA1 digest computation succeeded.
> - @retval FALSE HMAC-SHA1 digest computation failed.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Final (
> - IN OUT VOID *HmacSha1Context,
> - OUT UINT8 *HmacValue
> - )
> -{
> - UINT32 Length;
> -
> - //
> - // Check input parameters.
> - //
> - if (HmacSha1Context == NULL || HmacValue == NULL) {
> - return FALSE;
> - }
> -
> - //
> - // OpenSSL HMAC-SHA1 digest finalization
> - //
> - if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) != 1) {
> - return FALSE;
> - }
> - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) {
> - return FALSE;
> - }
> -
> - return TRUE;
> -}
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> deleted file mode 100644
> index e8c0f341b7..0000000000
> --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> +++ /dev/null
> @@ -1,139 +0,0 @@
> -/** @file
> - HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
> -
> -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> -
> -**/
> -
> -#include "InternalCryptLib.h"
> -
> -/**
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1
> use.
> -
> - Return NULL to indicate this interface is not supported.
> -
> - @return NULL This interface is not supported..
> -
> -**/
> -VOID *
> -EFIAPI
> -HmacSha1New (
> - VOID
> - )
> -{
> - ASSERT (FALSE);
> - return NULL;
> -}
> -
> -/**
> - Release the specified HMAC_CTX context.
> -
> - This function will do nothing.
> -
> - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
> -
> -**/
> -VOID
> -EFIAPI
> -HmacSha1Free (
> - IN VOID *HmacSha1Ctx
> - )
> -{
> - ASSERT (FALSE);
> - return;
> -}
> -
> -/**
> - Set user-supplied key for subsequent use. It must be done before any
> - calling to HmacSha1Update().
> -
> - Return FALSE to indicate this interface is not supported.
> -
> - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
> - @param[in] Key Pointer to the user-supplied key.
> - @param[in] KeySize Key size in bytes.
> -
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1SetKey (
> - OUT VOID *HmacSha1Context,
> - IN CONST UINT8 *Key,
> - IN UINTN KeySize
> - )
> -{
> - ASSERT (FALSE);
> - return FALSE;
> -}
> -
> -/**
> - Makes a copy of an existing HMAC-SHA1 context.
> -
> - Return FALSE to indicate this interface is not supported.
> -
> - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being
> copied.
> - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
> -
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Duplicate (
> - IN CONST VOID *HmacSha1Context,
> - OUT VOID *NewHmacSha1Context
> - )
> -{
> - ASSERT (FALSE);
> - return FALSE;
> -}
> -
> -/**
> - Digests the input data and updates HMAC-SHA1 context.
> -
> - Return FALSE to indicate this interface is not supported.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
> - @param[in] DataSize Size of Data buffer in bytes.
> -
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Update (
> - IN OUT VOID *HmacSha1Context,
> - IN CONST VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - ASSERT (FALSE);
> - return FALSE;
> -}
> -
> -/**
> - Completes computation of the HMAC-SHA1 digest value.
> -
> - Return FALSE to indicate this interface is not supported.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA1 digest
> - value (20 bytes).
> -
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Final (
> - IN OUT VOID *HmacSha1Context,
> - OUT UINT8 *HmacValue
> - )
> -{
> - ASSERT (FALSE);
> - return FALSE;
> -}
> diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> index 2a630ef290..dc28e3a11d 100644
> --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> @@ -7,7 +7,7 @@
> # buffer overflow or integer overflow.
> #
> # Note:
> -# HMAC-SHA1/SHA256 functions, AES functions, RSA external
> +# HMAC-SHA256 functions, AES functions, RSA external
> # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
> # certificate handler functions, authenticode signature verification functions,
> # PEM handler functions, and pseudorandom number generator functions are
> not
> @@ -40,7 +40,6 @@
> Hash/CryptSha256.c
> Hash/CryptSm3.c
> Hash/CryptSha512.c
> - Hmac/CryptHmacSha1Null.c
> Hmac/CryptHmacSha256Null.c
> Kdf/CryptHkdfNull.c
> Cipher/CryptAesNull.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
> b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
> index 95c71a8ae2..20ae64e8bf 100644
> --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
> +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
> @@ -6,7 +6,7 @@
> // This external input must be validated carefully to avoid security issues such as
> // buffer overflow or integer overflow.
> //
> -// Note: HMAC-SHA1 functions, AES
> +// Note: AES
> // functions, RSA external functions, PKCS#7 SignedData sign functions,
> // Diffie-Hellman functions, X.509 certificate handler functions, authenticode
> // signature verification functions, PEM handler functions, and pseudorandom
> number
> @@ -21,5 +21,5 @@
>
> #string STR_MODULE_ABSTRACT #language en-US "Cryptographic
> Library Instance for PEIM"
>
> -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This
> module requires additional review when modified. This library will have external
> input - signature. This external input must be validated carefully to avoid security
> issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions,
> AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-
> Hellman functions, X.509 certificate handler functions, authenticode signature
> verification functions, PEM handler functions, and pseudorandom number
> generator functions are not supported in this instance."
> +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This
> module requires additional review when modified. This library will have external
> input - signature. This external input must be validated carefully to avoid security
> issues such as buffer overflow or integer overflow. Note: AES functions, RSA
> external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions,
> X.509 certificate handler functions, authenticode signature verification functions,
> PEM handler functions, and pseudorandom number generator functions are not
> supported in this instance."
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> index 1642521087..5005beed02 100644
> --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> @@ -7,7 +7,7 @@
> # buffer overflow or integer overflow.
> #
> # Note: SHA-384 Digest functions, SHA-512 Digest functions,
> -# HMAC-SHA1/SHA256 functions, AES functions, RSA external
> +# HMAC-SHA256 functions, AES functions, RSA external
> # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
> # authenticode signature verification functions are not supported in this
> instance.
> #
> @@ -40,7 +40,6 @@
> Hash/CryptSha256.c
> Hash/CryptSm3.c
> Hash/CryptSha512Null.c
> - Hmac/CryptHmacSha1Null.c
> Hmac/CryptHmacSha256Null.c
> Kdf/CryptHkdfNull.c
> Cipher/CryptAesNull.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
> b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
> index f7e1acb3a7..0cf378c5ab 100644
> --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
> +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
> @@ -6,7 +6,7 @@
> // This external input must be validated carefully to avoid security issues such as
> // buffer overflow or integer overflow.
> //
> -// Note: HMAC-SHA1 functions, AES
> +// Note: AES
> // functions, RSA external functions, PKCS#7 SignedData sign functions,
> // Diffie-Hellman functions, and authenticode signature verification functions
> are
> // not supported in this instance.
> @@ -20,5 +20,5 @@
>
> #string STR_MODULE_ABSTRACT #language en-US "Cryptographic
> Library Instance for DXE_RUNTIME_DRIVER"
>
> -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This
> module requires additional review when modified. This library will have external
> input - signature. This external input must be validated carefully to avoid security
> issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions,
> AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-
> Hellman functions, and authenticode signature verification functions are not
> supported in this instance."
> +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This
> module requires additional review when modified. This library will have external
> input - signature. This external input must be validated carefully to avoid security
> issues such as buffer overflow or integer overflow. Note: AES functions, RSA
> external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions,
> and authenticode signature verification functions are not supported in this
> instance."
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> index ec9c8e7c05..91ec3e03bf 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> @@ -7,8 +7,7 @@
> # buffer overflow or integer overflow.
> #
> # Note: SHA-384 Digest functions, SHA-512 Digest functions,
> -# HMAC-SHA1 functions, RSA external
> -# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
> +# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman
> functions, and
> # authenticode signature verification functions are not supported in this
> instance.
> #
> # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> @@ -39,7 +38,6 @@
> Hash/CryptSha256.c
> Hash/CryptSm3.c
> Hash/CryptSha512Null.c
> - Hmac/CryptHmacSha1Null.c
> Hmac/CryptHmacSha256.c
> Kdf/CryptHkdfNull.c
> Cipher/CryptAes.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
> b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
> index 8eb3acac93..f0c33abbcf 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
> +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
> @@ -6,7 +6,7 @@
> // This external input must be validated carefully to avoid security issues such as
> // buffer overflow or integer overflow.
> //
> -// Note: HMAC-SHA1 functions, AES
> +// Note: AES
> // functions, RSA external functions, PKCS#7 SignedData sign functions,
> // Diffie-Hellman functions, and authenticode signature verification functions
> are
> // not supported in this instance.
> @@ -20,5 +20,5 @@
>
> #string STR_MODULE_ABSTRACT #language en-US "Cryptographic
> Library Instance for SMM driver"
>
> -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This
> module requires additional review when modified. This library will have external
> input - signature. This external input must be validated carefully to avoid security
> issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions,
> AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-
> Hellman functions, and authenticode signature verification functions are not
> supported in this instance."
> +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This
> module requires additional review when modified. This library will have external
> input - signature. This external input must be validated carefully to avoid security
> issues such as buffer overflow or integer overflow. Note: AES functions, RSA
> external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions,
> and authenticode signature verification functions are not supported in this
> instance."
>
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> index 558ccfc002..689af4fedd 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> @@ -34,7 +34,6 @@
> Hash/CryptSha256Null.c
> Hash/CryptSha512Null.c
> Hash/CryptSm3Null.c
> - Hmac/CryptHmacSha1Null.c
> Hmac/CryptHmacSha256Null.c
> Kdf/CryptHkdfNull.c
> Cipher/CryptAesNull.c
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
> b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
> deleted file mode 100644
> index e8c0f341b7..0000000000
> --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
> +++ /dev/null
> @@ -1,139 +0,0 @@
> -/** @file
> - HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
> -
> -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> -
> -**/
> -
> -#include "InternalCryptLib.h"
> -
> -/**
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1
> use.
> -
> - Return NULL to indicate this interface is not supported.
> -
> - @return NULL This interface is not supported..
> -
> -**/
> -VOID *
> -EFIAPI
> -HmacSha1New (
> - VOID
> - )
> -{
> - ASSERT (FALSE);
> - return NULL;
> -}
> -
> -/**
> - Release the specified HMAC_CTX context.
> -
> - This function will do nothing.
> -
> - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
> -
> -**/
> -VOID
> -EFIAPI
> -HmacSha1Free (
> - IN VOID *HmacSha1Ctx
> - )
> -{
> - ASSERT (FALSE);
> - return;
> -}
> -
> -/**
> - Set user-supplied key for subsequent use. It must be done before any
> - calling to HmacSha1Update().
> -
> - Return FALSE to indicate this interface is not supported.
> -
> - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
> - @param[in] Key Pointer to the user-supplied key.
> - @param[in] KeySize Key size in bytes.
> -
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1SetKey (
> - OUT VOID *HmacSha1Context,
> - IN CONST UINT8 *Key,
> - IN UINTN KeySize
> - )
> -{
> - ASSERT (FALSE);
> - return FALSE;
> -}
> -
> -/**
> - Makes a copy of an existing HMAC-SHA1 context.
> -
> - Return FALSE to indicate this interface is not supported.
> -
> - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being
> copied.
> - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
> -
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Duplicate (
> - IN CONST VOID *HmacSha1Context,
> - OUT VOID *NewHmacSha1Context
> - )
> -{
> - ASSERT (FALSE);
> - return FALSE;
> -}
> -
> -/**
> - Digests the input data and updates HMAC-SHA1 context.
> -
> - Return FALSE to indicate this interface is not supported.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
> - @param[in] DataSize Size of Data buffer in bytes.
> -
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Update (
> - IN OUT VOID *HmacSha1Context,
> - IN CONST VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - ASSERT (FALSE);
> - return FALSE;
> -}
> -
> -/**
> - Completes computation of the HMAC-SHA1 digest value.
> -
> - Return FALSE to indicate this interface is not supported.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA1 digest
> - value (20 bytes).
> -
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Final (
> - IN OUT VOID *HmacSha1Context,
> - OUT UINT8 *HmacValue
> - )
> -{
> - ASSERT (FALSE);
> - return FALSE;
> -}
> diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> index dfe7fb7e91..a614b61ed4 100644
> --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> @@ -1015,157 +1015,6 @@ Sm3HashAll (
> // MAC (Message Authentication Code) Primitive
>
> //===============================================================
> ======================
>
> -/**
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1
> use.
> -
> - If this interface is not supported, then return NULL.
> -
> - @return Pointer to the HMAC_CTX context that has been initialized.
> - If the allocations fails, HmacSha1New() returns NULL.
> - @return NULL This interface is not supported.
> -
> -**/
> -VOID *
> -EFIAPI
> -HmacSha1New (
> - VOID
> - )
> -{
> - CALL_CRYPTO_SERVICE (HmacSha1New, (), NULL);
> -}
> -
> -/**
> - Release the specified HMAC_CTX context.
> -
> - If this interface is not supported, then do nothing.
> -
> - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
> -
> -**/
> -VOID
> -EFIAPI
> -HmacSha1Free (
> - IN VOID *HmacSha1Ctx
> - )
> -{
> - CALL_VOID_CRYPTO_SERVICE (HmacSha1Free, (HmacSha1Ctx));
> -}
> -
> -/**
> - Set user-supplied key for subsequent use. It must be done before any
> - calling to HmacSha1Update().
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
> - @param[in] Key Pointer to the user-supplied key.
> - @param[in] KeySize Key size in bytes.
> -
> - @retval TRUE The Key is set successfully.
> - @retval FALSE The Key is set unsuccessfully.
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1SetKey (
> - OUT VOID *HmacSha1Context,
> - IN CONST UINT8 *Key,
> - IN UINTN KeySize
> - )
> -{
> - CALL_CRYPTO_SERVICE (HmacSha1SetKey, (HmacSha1Context, Key, KeySize),
> FALSE);
> -}
> -
> -/**
> - Makes a copy of an existing HMAC-SHA1 context.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If NewHmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being
> copied.
> - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
> -
> - @retval TRUE HMAC-SHA1 context copy succeeded.
> - @retval FALSE HMAC-SHA1 context copy failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Duplicate (
> - IN CONST VOID *HmacSha1Context,
> - OUT VOID *NewHmacSha1Context
> - )
> -{
> - CALL_CRYPTO_SERVICE (HmacSha1Duplicate, (HmacSha1Context,
> NewHmacSha1Context), FALSE);
> -}
> -
> -/**
> - Digests the input data and updates HMAC-SHA1 context.
> -
> - This function performs HMAC-SHA1 digest on a data buffer of the specified
> size.
> - It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized by
> - HmacSha1Final(). Behavior with invalid context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
> - @param[in] DataSize Size of Data buffer in bytes.
> -
> - @retval TRUE HMAC-SHA1 data digest succeeded.
> - @retval FALSE HMAC-SHA1 data digest failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Update (
> - IN OUT VOID *HmacSha1Context,
> - IN CONST VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - CALL_CRYPTO_SERVICE (HmacSha1Update, (HmacSha1Context, Data,
> DataSize), FALSE);
> -}
> -
> -/**
> - Completes computation of the HMAC-SHA1 digest value.
> -
> - This function completes HMAC-SHA1 hash computation and retrieves the
> digest value into
> - the specified memory. After this function has been called, the HMAC-SHA1
> context cannot
> - be used again.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized
> - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If HmacValue is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA1 digest
> - value (20 bytes).
> -
> - @retval TRUE HMAC-SHA1 digest computation succeeded.
> - @retval FALSE HMAC-SHA1 digest computation failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -HmacSha1Final (
> - IN OUT VOID *HmacSha1Context,
> - OUT UINT8 *HmacValue
> - )
> -{
> - CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context, HmacValue),
> FALSE);
> -}
> -
> /**
> Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256
> use.
>
> diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> b/CryptoPkg/Private/Protocol/Crypto.h
> index bd4cd7f383..d167390774 100644
> --- a/CryptoPkg/Private/Protocol/Crypto.h
> +++ b/CryptoPkg/Private/Protocol/Crypto.h
> @@ -89,140 +89,49 @@ BOOLEAN
> OUT UINT8 *HmacValue
> );
>
> -
> /**
> - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1
> use.
> -
> - If this interface is not supported, then return NULL.
> -
> - @return Pointer to the HMAC_CTX context that has been initialized.
> - If the allocations fails, HmacSha1New() returns NULL.
> - @return NULL This interface is not supported.
> + HMAC SHA1 is deprecated and unsupported any longer.
> + Keep the function field for binary compability.
>
> **/
> typedef
> VOID*
> -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_NEW) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW) (
> VOID
> );
>
> -/**
> - Release the specified HMAC_CTX context.
> -
> - If this interface is not supported, then do nothing.
> -
> - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
> -
> -**/
> typedef
> VOID
> -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FREE) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE) (
> IN VOID *HmacSha1Ctx
> );
>
> -
> -/**
> - Set user-supplied key for subsequent use. It must be done before any
> - calling to HmacSha1Update().
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
> - @param[in] Key Pointer to the user-supplied key.
> - @param[in] KeySize Key size in bytes.
> -
> - @retval TRUE The Key is set successfully.
> - @retval FALSE The Key is set unsuccessfully.
> - @retval FALSE This interface is not supported.
> -
> -**/
> typedef
> BOOLEAN
> -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_SET_KEY) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY) (
> OUT VOID *HmacSha1Context,
> IN CONST UINT8 *Key,
> IN UINTN KeySize
> );
>
> -
> -/**
> - Makes a copy of an existing HMAC-SHA1 context.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If NewHmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being
> copied.
> - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
> -
> - @retval TRUE HMAC-SHA1 context copy succeeded.
> - @retval FALSE HMAC-SHA1 context copy failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> typedef
> BOOLEAN
> -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) (
> IN CONST VOID *HmacSha1Context,
> OUT VOID *NewHmacSha1Context
> );
>
> -
> -/**
> - Digests the input data and updates HMAC-SHA1 context.
> -
> - This function performs HMAC-SHA1 digest on a data buffer of the specified
> size.
> - It can be called multiple times to compute the digest of long or discontinuous
> data streams.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized by
> - HmacSha1Final(). Behavior with invalid context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[in] Data Pointer to the buffer containing the data to be
> digested.
> - @param[in] DataSize Size of Data buffer in bytes.
> -
> - @retval TRUE HMAC-SHA1 data digest succeeded.
> - @retval FALSE HMAC-SHA1 data digest failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> typedef
> BOOLEAN
> -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_UPDATE) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE) (
> IN OUT VOID *HmacSha1Context,
> IN CONST VOID *Data,
> IN UINTN DataSize
> );
>
> -
> -/**
> - Completes computation of the HMAC-SHA1 digest value.
> -
> - This function completes HMAC-SHA1 hash computation and retrieves the
> digest value into
> - the specified memory. After this function has been called, the HMAC-SHA1
> context cannot
> - be used again.
> - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not
> be finalized
> - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
> -
> - If HmacSha1Context is NULL, then return FALSE.
> - If HmacValue is NULL, then return FALSE.
> - If this interface is not supported, then return FALSE.
> -
> - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
> - @param[out] HmacValue Pointer to a buffer that receives the HMAC-
> SHA1 digest
> - value (20 bytes).
> -
> - @retval TRUE HMAC-SHA1 digest computation succeeded.
> - @retval FALSE HMAC-SHA1 digest computation failed.
> - @retval FALSE This interface is not supported.
> -
> -**/
> typedef
> BOOLEAN
> -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FINAL) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL) (
> IN OUT VOID *HmacSha1Context,
> OUT UINT8 *HmacValue
> );
> @@ -3538,13 +3447,13 @@ struct _EDKII_CRYPTO_PROTOCOL {
> DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE
> DeprecatedHmacMd5Duplicate;
> DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE
> DeprecatedHmacMd5Update;
> DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL
> DeprecatedHmacMd5Final;
> - /// HMAC SHA1
> - EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New;
> - EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free;
> - EDKII_CRYPTO_HMAC_SHA1_SET_KEY HmacSha1SetKey;
> - EDKII_CRYPTO_HMAC_SHA1_DUPLICATE HmacSha1Duplicate;
> - EDKII_CRYPTO_HMAC_SHA1_UPDATE HmacSha1Update;
> - EDKII_CRYPTO_HMAC_SHA1_FINAL HmacSha1Final;
> + /// HMAC SHA1 - deprecated and unsupported
> + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW
> DeprecatedHmacSha1New;
> + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE
> DeprecatedHmacSha1Free;
> + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY
> DeprecatedHmacSha1SetKey;
> + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE
> DeprecatedHmacSha1Duplicate;
> + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE
> DeprecatedHmacSha1Update;
> + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL
> DeprecatedHmacSha1Final;
> /// HMAC SHA256
> EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New;
> EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free;
> --
> 2.21.0.windows.1
next prev parent reply other threads:[~2020-05-08 15:11 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-06 23:57 [PATCH V3 0/8] CryptoPkg: Retire the deprecated functions Gao, Zhichao
2020-05-06 23:57 ` [PATCH V3 1/8] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm Gao, Zhichao
2020-05-07 7:45 ` [edk2-devel] " Philippe Mathieu-Daudé
2020-05-07 7:48 ` Philippe Mathieu-Daudé
2020-05-08 1:09 ` Gao, Zhichao
2020-05-08 12:59 ` Philippe Mathieu-Daudé
2020-05-06 23:57 ` [PATCH V3 2/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-05-08 15:19 ` Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 3/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-05-08 14:34 ` Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 4/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
2020-05-07 7:51 ` [edk2-devel] " Philippe Mathieu-Daudé
2020-05-08 14:42 ` Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 5/8] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
2020-05-08 14:50 ` Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 6/8] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Gao, Zhichao
2020-05-08 15:03 ` Wang, Jian J
2020-05-06 23:57 ` [PATCH V3 7/8] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Gao, Zhichao
2020-05-08 15:11 ` Wang, Jian J [this message]
2020-05-06 23:57 ` [PATCH V3 8/8] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao
2020-05-08 15:13 ` Wang, Jian J
2020-05-08 7:23 ` [edk2-devel] [PATCH V3 0/8] CryptoPkg: Retire the deprecated functions Guomin Jiang
2020-05-08 8:00 ` Dong, Eric
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C510003625A84389@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox