From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web12.12401.1588950713708647965 for ; Fri, 08 May 2020 08:11:54 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jian.j.wang@intel.com) IronPort-SDR: beG15pm8ZtBPCbflzLNIXujbbUO/BZG2mygneZ8Rjj3hcszxuw6w9NmCxtPqw+2XOPbLzR3kyC HGvJM/tGWeJg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2020 08:11:52 -0700 IronPort-SDR: 7HsAzlmx4673irr/VeTsjsb6KiYlt/ObNJcnLCjEa18h0FA+JR3RuymaRnzr2yQILgEETnzy0S Ub3BB/E+Z1zQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,368,1583222400"; d="scan'208";a="296160632" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2020 08:11:51 -0700 Received: from fmsmsx163.amr.corp.intel.com (10.18.125.72) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 8 May 2020 08:11:49 -0700 Received: from shsmsx108.ccr.corp.intel.com (10.239.4.97) by fmsmsx163.amr.corp.intel.com (10.18.125.72) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 8 May 2020 08:11:49 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.200]) by SHSMSX108.ccr.corp.intel.com ([169.254.8.95]) with mapi id 14.03.0439.000; Fri, 8 May 2020 23:11:46 +0800 From: "Wang, Jian J" To: "Gao, Zhichao" , "devel@edk2.groups.io" CC: "Lu, XiaoyuX" , "Fu, Siyuan" , "Kinney, Michael D" , "Yao, Jiewen" Subject: Re: [PATCH V3 7/8] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Thread-Topic: [PATCH V3 7/8] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Thread-Index: AQHWJAI2UF00BmQxrE2X0eI4MfgfB6ieTZvA Date: Fri, 8 May 2020 15:11:45 +0000 Message-ID: References: <20200506235746.19500-1-zhichao.gao@intel.com> <20200506235746.19500-8-zhichao.gao@intel.com> In-Reply-To: <20200506235746.19500-8-zhichao.gao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Just a typo (see below). With it addressed, Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Gao, Zhichao > Sent: Thursday, May 07, 2020 7:58 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Fu, Siyuan ; Kinney, Michael D > ; Yao, Jiewen > Subject: [PATCH V3 7/8] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorith= m >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 >=20 > HMAC SHA1 is not secure any longer. > Remove the HMAC SHA1 support from edk2. > Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the > function is unsupported any long. 'long' --> 'longer' >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Siyuan Fu > Cc: Michael D Kinney > Cc: Jiewen Yao > Signed-off-by: Zhichao Gao > --- > CryptoPkg/CryptoPkg.dsc | 3 - > CryptoPkg/Driver/Crypto.c | 128 ++--------- > CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- > .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ------------------ > .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 ----------- > .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- > .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 4 +- > .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 ----------- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------ > CryptoPkg/Private/Protocol/Crypto.h | 121 ++-------- > 16 files changed, 45 insertions(+), 1009 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c >=20 > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index 9ddf73f9fa..1af78468a1 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -137,7 +137,6 @@ > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 >=20 > !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" > - > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam > ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > @@ -163,7 +162,6 @@ > !endif >=20 > !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI > - > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam > ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > @@ -178,7 +176,6 @@ > !endif >=20 > !if $(CRYPTO_SERVICES) =3D=3D MIN_DXE_MIN_SMM > - > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam > ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pk= c > s1v2Encrypt | TRUE >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pk= c > s5HashPassword | TRUE > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index dfde1cc005..95172de981 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -1170,154 +1170,68 @@ DeprecatedCryptoServiceHmacMd5Final ( > } >=20 > /** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 1 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacSha1New() returns NULL. > - @return NULL This interface is not supported. > + HMAC SHA1 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > VOID * > EFIAPI > -CryptoServiceHmacSha1New ( > +DeprecatedCryptoServiceHmacSha1New ( > VOID > ) > { > - return CALL_BASECRYPTLIB (HmacSha1.Services.New, HmacSha1New, (), > NULL); > + return BaseCryptLibServciceDeprecated ("HmacSha1New"), NULL; > } >=20 > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be release= d. > - > -**/ > VOID > EFIAPI > -CryptoServiceHmacSha1Free ( > +DeprecatedCryptoServiceHmacSha1Free ( > IN VOID *HmacSha1Ctx > ) > { > - CALL_VOID_BASECRYPTLIB (HmacSha1.Services.Free, HmacSha1Free, > (HmacSha1Ctx)); > + BaseCryptLibServciceDeprecated ("HmacSha1Free"); > } >=20 > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacSha1Update(). > - > - If HmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE The Key is set successfully. > - @retval FALSE The Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacSha1SetKey ( > +DeprecatedCryptoServiceHmacSha1SetKey ( > OUT VOID *HmacSha1Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ) > { > - return CALL_BASECRYPTLIB (HmacSha1.Services.SetKey, HmacSha1SetKey, > (HmacSha1Context, Key, KeySize), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacSha1SetKey"), FALSE; > } >=20 > -/** > - Makes a copy of an existing HMAC-SHA1 context. > - > - If HmacSha1Context is NULL, then return FALSE. > - If NewHmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being > copied. > - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. > - > - @retval TRUE HMAC-SHA1 context copy succeeded. > - @retval FALSE HMAC-SHA1 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacSha1Duplicate ( > +DeprecatedCryptoServiceHmacSha1Duplicate ( > IN CONST VOID *HmacSha1Context, > OUT VOID *NewHmacSha1Context > ) > { > - return CALL_BASECRYPTLIB (HmacSha1.Services.Duplicate, > HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Context), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacSha1Duplicate"), FALSE; > } >=20 > -/** > - Digests the input data and updates HMAC-SHA1 context. > - > - This function performs HMAC-SHA1 digest on a data buffer of the specif= ied > size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized by > - HmacSha1Final(). Behavior with invalid context is undefined. > - > - If HmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-SHA1 data digest succeeded. > - @retval FALSE HMAC-SHA1 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacSha1Update ( > +DeprecatedCryptoServiceHmacSha1Update ( > IN OUT VOID *HmacSha1Context, > IN CONST VOID *Data, > IN UINTN DataSize > ) > { > - return CALL_BASECRYPTLIB (HmacSha1.Services.Update, HmacSha1Update, > (HmacSha1Context, Data, DataSize), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacSha1Update"), FALSE; > } >=20 > -/** > - Completes computation of the HMAC-SHA1 digest value. > - > - This function completes HMAC-SHA1 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-SH= A1 > context cannot > - be used again. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized > - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefin= ed. > - > - If HmacSha1Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[out] HmacValue Pointer to a buffer that receives th= e HMAC- > SHA1 digest > - value (20 bytes). > - > - @retval TRUE HMAC-SHA1 digest computation succeeded. > - @retval FALSE HMAC-SHA1 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacSha1Final ( > +DeprecatedCryptoServiceHmacSha1Final ( > IN OUT VOID *HmacSha1Context, > OUT UINT8 *HmacValue > ) > { > - return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, > (HmacSha1Context, HmacValue), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacSha1Final"), FALSE; > } >=20 > /** > @@ -3972,13 +3886,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { > DeprecatedCryptoServiceHmacMd5Duplicate, > DeprecatedCryptoServiceHmacMd5Update, > DeprecatedCryptoServiceHmacMd5Final, > - /// HMAC SHA1 > - CryptoServiceHmacSha1New, > - CryptoServiceHmacSha1Free, > - CryptoServiceHmacSha1SetKey, > - CryptoServiceHmacSha1Duplicate, > - CryptoServiceHmacSha1Update, > - CryptoServiceHmacSha1Final, > + /// HMAC SHA1 - deprecated and unsupported > + DeprecatedCryptoServiceHmacSha1New, > + DeprecatedCryptoServiceHmacSha1Free, > + DeprecatedCryptoServiceHmacSha1SetKey, > + DeprecatedCryptoServiceHmacSha1Duplicate, > + DeprecatedCryptoServiceHmacSha1Update, > + DeprecatedCryptoServiceHmacSha1Final, > /// HMAC SHA256 > CryptoServiceHmacSha256New, > CryptoServiceHmacSha256Free, > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index b99401661c..1b1ffa75ef 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -880,139 +880,6 @@ Sm3HashAll ( > // MAC (Message Authentication Code) Primitive >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 1 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacSha1New() returns NULL. > - @return NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacSha1New ( > - VOID > - ); > - > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be release= d. > - > -**/ > -VOID > -EFIAPI > -HmacSha1Free ( > - IN VOID *HmacSha1Ctx > - ); > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacSha1Update(). > - > - If HmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE The Key is set successfully. > - @retval FALSE The Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1SetKey ( > - OUT VOID *HmacSha1Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ); > - > -/** > - Makes a copy of an existing HMAC-SHA1 context. > - > - If HmacSha1Context is NULL, then return FALSE. > - If NewHmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being > copied. > - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. > - > - @retval TRUE HMAC-SHA1 context copy succeeded. > - @retval FALSE HMAC-SHA1 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Duplicate ( > - IN CONST VOID *HmacSha1Context, > - OUT VOID *NewHmacSha1Context > - ); > - > -/** > - Digests the input data and updates HMAC-SHA1 context. > - > - This function performs HMAC-SHA1 digest on a data buffer of the specif= ied > size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized by > - HmacSha1Final(). Behavior with invalid context is undefined. > - > - If HmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-SHA1 data digest succeeded. > - @retval FALSE HMAC-SHA1 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Update ( > - IN OUT VOID *HmacSha1Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ); > - > -/** > - Completes computation of the HMAC-SHA1 digest value. > - > - This function completes HMAC-SHA1 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-SH= A1 > context cannot > - be used again. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized > - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefin= ed. > - > - If HmacSha1Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[out] HmacValue Pointer to a buffer that receives th= e HMAC- > SHA1 digest > - value (20 bytes). > - > - @retval TRUE HMAC-SHA1 digest computation succeeded. > - @retval FALSE HMAC-SHA1 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Final ( > - IN OUT VOID *HmacSha1Context, > - OUT UINT8 *HmacValue > - ); > - > /** > Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 256 > use. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > index 33d7c13bff..4aae2aba95 100644 > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -34,7 +34,6 @@ > Hash/CryptSha256.c > Hash/CryptSha512.c > Hash/CryptSm3.c > - Hmac/CryptHmacSha1.c > Hmac/CryptHmacSha256.c > Kdf/CryptHkdf.c > Cipher/CryptAes.c > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > deleted file mode 100644 > index 7593ca55b1..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c > +++ /dev/null > @@ -1,216 +0,0 @@ > -/** @file > - HMAC-SHA1 Wrapper Implementation over OpenSSL. > - > -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > -#include > - > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 1 > use. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacSha1New() returns NULL. > - > -**/ > -VOID * > -EFIAPI > -HmacSha1New ( > - VOID > - ) > -{ > - // > - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() > - // > - return (VOID *) HMAC_CTX_new (); > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be release= d. > - > -**/ > -VOID > -EFIAPI > -HmacSha1Free ( > - IN VOID *HmacSha1Ctx > - ) > -{ > - // > - // Free OpenSSL HMAC_CTX Context > - // > - HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx); > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacSha1Update(). > - > - If HmacSha1Context is NULL, then return FALSE. > - > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE The Key is set successfully. > - @retval FALSE The Key is set unsuccessfully. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1SetKey ( > - OUT VOID *HmacSha1Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - // > - // Check input parameters. > - // > - if (HmacSha1Context =3D=3D NULL || KeySize > INT_MAX) { > - return FALSE; > - } > - > - if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, > EVP_sha1(), NULL) !=3D 1) { > - return FALSE; > - } > - > - return TRUE; > -} > - > -/** > - Makes a copy of an existing HMAC-SHA1 context. > - > - If HmacSha1Context is NULL, then return FALSE. > - If NewHmacSha1Context is NULL, then return FALSE. > - > - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being > copied. > - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. > - > - @retval TRUE HMAC-SHA1 context copy succeeded. > - @retval FALSE HMAC-SHA1 context copy failed. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Duplicate ( > - IN CONST VOID *HmacSha1Context, > - OUT VOID *NewHmacSha1Context > - ) > -{ > - // > - // Check input parameters. > - // > - if (HmacSha1Context =3D=3D NULL || NewHmacSha1Context =3D=3D NULL) { > - return FALSE; > - } > - > - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX > *)HmacSha1Context) !=3D 1) { > - return FALSE; > - } > - > - return TRUE; > -} > - > -/** > - Digests the input data and updates HMAC-SHA1 context. > - > - This function performs HMAC-SHA1 digest on a data buffer of the specif= ied > size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized by > - HmacSha1Final(). Behavior with invalid context is undefined. > - > - If HmacSha1Context is NULL, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-SHA1 data digest succeeded. > - @retval FALSE HMAC-SHA1 data digest failed. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Update ( > - IN OUT VOID *HmacSha1Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - // > - // Check input parameters. > - // > - if (HmacSha1Context =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // Check invalid parameters, in case that only DataLength was checked = in > OpenSSL > - // > - if (Data =3D=3D NULL && DataSize !=3D 0) { > - return FALSE; > - } > - > - // > - // OpenSSL HMAC-SHA1 digest update > - // > - if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) !=3D 1) = { > - return FALSE; > - } > - > - return TRUE; > -} > - > -/** > - Completes computation of the HMAC-SHA1 digest value. > - > - This function completes HMAC-SHA1 digest computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-SH= A1 > context cannot > - be used again. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized by > - HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. > - > - If HmacSha1Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[out] HmacValue Pointer to a buffer that receives th= e HMAC- > SHA1 digest > - value (20 bytes). > - > - @retval TRUE HMAC-SHA1 digest computation succeeded. > - @retval FALSE HMAC-SHA1 digest computation failed. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Final ( > - IN OUT VOID *HmacSha1Context, > - OUT UINT8 *HmacValue > - ) > -{ > - UINT32 Length; > - > - // > - // Check input parameters. > - // > - if (HmacSha1Context =3D=3D NULL || HmacValue =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // OpenSSL HMAC-SHA1 digest finalization > - // > - if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) !=3D = 1) { > - return FALSE; > - } > - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { > - return FALSE; > - } > - > - return TRUE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > deleted file mode 100644 > index e8c0f341b7..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c > +++ /dev/null > @@ -1,139 +0,0 @@ > -/** @file > - HMAC-SHA1 Wrapper Implementation which does not provide real capabilit= ies. > - > -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 1 > use. > - > - Return NULL to indicate this interface is not supported. > - > - @return NULL This interface is not supported.. > - > -**/ > -VOID * > -EFIAPI > -HmacSha1New ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return NULL; > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - This function will do nothing. > - > - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be release= d. > - > -**/ > -VOID > -EFIAPI > -HmacSha1Free ( > - IN VOID *HmacSha1Ctx > - ) > -{ > - ASSERT (FALSE); > - return; > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacSha1Update(). > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1SetKey ( > - OUT VOID *HmacSha1Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing HMAC-SHA1 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being > copied. > - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Duplicate ( > - IN CONST VOID *HmacSha1Context, > - OUT VOID *NewHmacSha1Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates HMAC-SHA1 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Update ( > - IN OUT VOID *HmacSha1Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the HMAC-SHA1 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[out] HmacValue Pointer to a buffer that receives th= e HMAC- > SHA1 digest > - value (20 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Final ( > - IN OUT VOID *HmacSha1Context, > - OUT UINT8 *HmacValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > index 2a630ef290..dc28e3a11d 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: > -# HMAC-SHA1/SHA256 functions, AES functions, RSA external > +# HMAC-SHA256 functions, AES functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , X.509 > # certificate handler functions, authenticode signature verification fu= nctions, > # PEM handler functions, and pseudorandom number generator functions ar= e > not > @@ -40,7 +40,6 @@ > Hash/CryptSha256.c > Hash/CryptSm3.c > Hash/CryptSha512.c > - Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > index 95c71a8ae2..20ae64e8bf 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > @@ -6,7 +6,7 @@ > // This external input must be validated carefully to avoid security iss= ues such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-SHA1 functions, AES > +// Note: AES > // functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, X.509 certificate handler functions, authen= ticode > // signature verification functions, PEM handler functions, and pseudora= ndom > number > @@ -21,5 +21,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for PEIM" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 funct= ions, > AES functions, RSA external functions, PKCS#7 SignedData sign functions, = Diffie- > Hellman functions, X.509 certificate handler functions, authenticode sign= ature > verification functions, PEM handler functions, and pseudorandom number > generator functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: AES functions, = RSA > external functions, PKCS#7 SignedData sign functions, Diffie-Hellman func= tions, > X.509 certificate handler functions, authenticode signature verification = functions, > PEM handler functions, and pseudorandom number generator functions are no= t > supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > index 1642521087..5005beed02 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-SHA1/SHA256 functions, AES functions, RSA external > +# HMAC-SHA256 functions, AES functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , and > # authenticode signature verification functions are not supported in th= is > instance. > # > @@ -40,7 +40,6 @@ > Hash/CryptSha256.c > Hash/CryptSm3.c > Hash/CryptSha512Null.c > - Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > index f7e1acb3a7..0cf378c5ab 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > @@ -6,7 +6,7 @@ > // This external input must be validated carefully to avoid security iss= ues such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-SHA1 functions, AES > +// Note: AES > // functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification fun= ctions > are > // not supported in this instance. > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for DXE_RUNTIME_DRIVER" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 funct= ions, > AES functions, RSA external functions, PKCS#7 SignedData sign functions, = Diffie- > Hellman functions, and authenticode signature verification functions are = not > supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: AES functions, = RSA > external functions, PKCS#7 SignedData sign functions, Diffie-Hellman func= tions, > and authenticode signature verification functions are not supported in th= is > instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > index ec9c8e7c05..91ec3e03bf 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > @@ -7,8 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-SHA1 functions, RSA external > -# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , and > +# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hell= man > functions, and > # authenticode signature verification functions are not supported in th= is > instance. > # > # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. > @@ -39,7 +38,6 @@ > Hash/CryptSha256.c > Hash/CryptSm3.c > Hash/CryptSha512Null.c > - Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256.c > Kdf/CryptHkdfNull.c > Cipher/CryptAes.c > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > index 8eb3acac93..f0c33abbcf 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > @@ -6,7 +6,7 @@ > // This external input must be validated carefully to avoid security iss= ues such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-SHA1 functions, AES > +// Note: AES > // functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification fun= ctions > are > // not supported in this instance. > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for SMM driver" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 funct= ions, > AES functions, RSA external functions, PKCS#7 SignedData sign functions, = Diffie- > Hellman functions, and authenticode signature verification functions are = not > supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: AES functions, = RSA > external functions, PKCS#7 SignedData sign functions, Diffie-Hellman func= tions, > and authenticode signature verification functions are not supported in th= is > instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > index 558ccfc002..689af4fedd 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > @@ -34,7 +34,6 @@ > Hash/CryptSha256Null.c > Hash/CryptSha512Null.c > Hash/CryptSm3Null.c > - Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c > deleted file mode 100644 > index e8c0f341b7..0000000000 > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c > +++ /dev/null > @@ -1,139 +0,0 @@ > -/** @file > - HMAC-SHA1 Wrapper Implementation which does not provide real capabilit= ies. > - > -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 1 > use. > - > - Return NULL to indicate this interface is not supported. > - > - @return NULL This interface is not supported.. > - > -**/ > -VOID * > -EFIAPI > -HmacSha1New ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return NULL; > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - This function will do nothing. > - > - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be release= d. > - > -**/ > -VOID > -EFIAPI > -HmacSha1Free ( > - IN VOID *HmacSha1Ctx > - ) > -{ > - ASSERT (FALSE); > - return; > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacSha1Update(). > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1SetKey ( > - OUT VOID *HmacSha1Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing HMAC-SHA1 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being > copied. > - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Duplicate ( > - IN CONST VOID *HmacSha1Context, > - OUT VOID *NewHmacSha1Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates HMAC-SHA1 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Update ( > - IN OUT VOID *HmacSha1Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the HMAC-SHA1 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[out] HmacValue Pointer to a buffer that receives th= e HMAC- > SHA1 digest > - value (20 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Final ( > - IN OUT VOID *HmacSha1Context, > - OUT UINT8 *HmacValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index dfe7fb7e91..a614b61ed4 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -1015,157 +1015,6 @@ Sm3HashAll ( > // MAC (Message Authentication Code) Primitive >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 1 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacSha1New() returns NULL. > - @return NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacSha1New ( > - VOID > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacSha1New, (), NULL); > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be release= d. > - > -**/ > -VOID > -EFIAPI > -HmacSha1Free ( > - IN VOID *HmacSha1Ctx > - ) > -{ > - CALL_VOID_CRYPTO_SERVICE (HmacSha1Free, (HmacSha1Ctx)); > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacSha1Update(). > - > - If HmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE The Key is set successfully. > - @retval FALSE The Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1SetKey ( > - OUT VOID *HmacSha1Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacSha1SetKey, (HmacSha1Context, Key, KeySize), > FALSE); > -} > - > -/** > - Makes a copy of an existing HMAC-SHA1 context. > - > - If HmacSha1Context is NULL, then return FALSE. > - If NewHmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being > copied. > - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. > - > - @retval TRUE HMAC-SHA1 context copy succeeded. > - @retval FALSE HMAC-SHA1 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Duplicate ( > - IN CONST VOID *HmacSha1Context, > - OUT VOID *NewHmacSha1Context > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacSha1Duplicate, (HmacSha1Context, > NewHmacSha1Context), FALSE); > -} > - > -/** > - Digests the input data and updates HMAC-SHA1 context. > - > - This function performs HMAC-SHA1 digest on a data buffer of the specif= ied > size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized by > - HmacSha1Final(). Behavior with invalid context is undefined. > - > - If HmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-SHA1 data digest succeeded. > - @retval FALSE HMAC-SHA1 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Update ( > - IN OUT VOID *HmacSha1Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacSha1Update, (HmacSha1Context, Data, > DataSize), FALSE); > -} > - > -/** > - Completes computation of the HMAC-SHA1 digest value. > - > - This function completes HMAC-SHA1 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-SH= A1 > context cannot > - be used again. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized > - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefin= ed. > - > - If HmacSha1Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[out] HmacValue Pointer to a buffer that receives th= e HMAC- > SHA1 digest > - value (20 bytes). > - > - @retval TRUE HMAC-SHA1 digest computation succeeded. > - @retval FALSE HMAC-SHA1 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacSha1Final ( > - IN OUT VOID *HmacSha1Context, > - OUT UINT8 *HmacValue > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context, HmacValue), > FALSE); > -} > - > /** > Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 256 > use. >=20 > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index bd4cd7f383..d167390774 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -89,140 +89,49 @@ BOOLEAN > OUT UINT8 *HmacValue > ); >=20 > - > /** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA= 1 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacSha1New() returns NULL. > - @return NULL This interface is not supported. > + HMAC SHA1 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > typedef > VOID* > -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_NEW) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW) ( > VOID > ); >=20 > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be release= d. > - > -**/ > typedef > VOID > -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FREE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE) ( > IN VOID *HmacSha1Ctx > ); >=20 > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacSha1Update(). > - > - If HmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE The Key is set successfully. > - @retval FALSE The Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_SET_KEY) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY) ( > OUT VOID *HmacSha1Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ); >=20 > - > -/** > - Makes a copy of an existing HMAC-SHA1 context. > - > - If HmacSha1Context is NULL, then return FALSE. > - If NewHmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being > copied. > - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. > - > - @retval TRUE HMAC-SHA1 context copy succeeded. > - @retval FALSE HMAC-SHA1 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) ( > IN CONST VOID *HmacSha1Context, > OUT VOID *NewHmacSha1Context > ); >=20 > - > -/** > - Digests the input data and updates HMAC-SHA1 context. > - > - This function performs HMAC-SHA1 digest on a data buffer of the specif= ied > size. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized by > - HmacSha1Final(). Behavior with invalid context is undefined. > - > - If HmacSha1Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[in] Data Pointer to the buffer containing the = data to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-SHA1 data digest succeeded. > - @retval FALSE HMAC-SHA1 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_UPDATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE) ( > IN OUT VOID *HmacSha1Context, > IN CONST VOID *Data, > IN UINTN DataSize > ); >=20 > - > -/** > - Completes computation of the HMAC-SHA1 digest value. > - > - This function completes HMAC-SHA1 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-SH= A1 > context cannot > - be used again. > - HMAC-SHA1 context should be initialized by HmacSha1New(), and should n= ot > be finalized > - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefin= ed. > - > - If HmacSha1Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. > - @param[out] HmacValue Pointer to a buffer that receives th= e HMAC- > SHA1 digest > - value (20 bytes). > - > - @retval TRUE HMAC-SHA1 digest computation succeeded. > - @retval FALSE HMAC-SHA1 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FINAL) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL) ( > IN OUT VOID *HmacSha1Context, > OUT UINT8 *HmacValue > ); > @@ -3538,13 +3447,13 @@ struct _EDKII_CRYPTO_PROTOCOL { > DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE > DeprecatedHmacMd5Duplicate; > DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE > DeprecatedHmacMd5Update; > DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL > DeprecatedHmacMd5Final; > - /// HMAC SHA1 > - EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; > - EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; > - EDKII_CRYPTO_HMAC_SHA1_SET_KEY HmacSha1SetKey; > - EDKII_CRYPTO_HMAC_SHA1_DUPLICATE HmacSha1Duplicate; > - EDKII_CRYPTO_HMAC_SHA1_UPDATE HmacSha1Update; > - EDKII_CRYPTO_HMAC_SHA1_FINAL HmacSha1Final; > + /// HMAC SHA1 - deprecated and unsupported > + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW > DeprecatedHmacSha1New; > + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE > DeprecatedHmacSha1Free; > + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY > DeprecatedHmacSha1SetKey; > + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE > DeprecatedHmacSha1Duplicate; > + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE > DeprecatedHmacSha1Update; > + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL > DeprecatedHmacSha1Final; > /// HMAC SHA256 > EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New; > EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free; > -- > 2.21.0.windows.1