From nobody Sat Nov 2 14:40:28 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490111859423582.9714063213144; Tue, 21 Mar 2017 08:57:39 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 8717480472; Tue, 21 Mar 2017 08:57:36 -0700 (PDT) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2150B80380 for ; Tue, 21 Mar 2017 08:57:35 -0700 (PDT) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Mar 2017 08:57:34 -0700 Received: from qlong-mobl1.ccr.corp.intel.com ([10.255.31.111]) by orsmga002.jf.intel.com with ESMTP; 21 Mar 2017 08:57:31 -0700 X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=intel; t=1490111855; x=1521647855; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=/zdJH1aqq+aNAlDqp7AG21OkXsm2GZH/KIj3kWbn/XU=; b=D+N5mtmAuCnjYp/Txy2Z1aV/PQGKd3tKLooGLPSAY11vVWh7X33Nn/nR 124K8St0u/U+h3mwvQ3ALo1AGeyjpg==; X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,198,1486454400"; d="scan'208";a="63202366" From: Qin Long To: edk2-devel@lists.01.org Date: Tue, 21 Mar 2017 23:56:10 +0800 Message-Id: <20170321155612.1192-8-qin.long@intel.com> X-Mailer: git-send-email 2.11.1.windows.1 In-Reply-To: <20170321155612.1192-1-qin.long@intel.com> References: <20170321155612.1192-1-qin.long@intel.com> Subject: [edk2] [PATCH v1 7/9] CryptoPkg: Update HMAC Wrapper implementation with opaque HMAC_CTX object. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: ard.biesheuvel@linaro.org, ting.ye@intel.com, ronald.cron@arm.com, jiaxin.wu@intel.com, glin@suse.com, lersek@redhat.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" OpenSSL-1.1.xx makes most data structures opaque. This patch updated HMAC Wrapper implementation with opaque HMAC_CTX object. The HmacXXGetContextSize() was updated to use the fixed HMAC_CTX size, which is just kept for compatibility. And add new APIs (HmacXXNew(), HmacXXFree()) as the recommended HMAC_CTX usage interfaces for HMAC-XXXX operations. Cc: Ting Ye Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Gary Lin Cc: Ronald Cron Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/Include/Library/BaseCryptLib.h | 87 ++++++++++++++++++= +++- CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 75 ++++++++++++++++--- .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c | 38 +++++++++- .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 73 ++++++++++++++++-- .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 38 +++++++++- .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 73 ++++++++++++++++-- .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 38 +++++++++- 7 files changed, 393 insertions(+), 29 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 9cc4776c30..d3d4961ea4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -4,7 +4,7 @@ primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI secur= ity functionality enabling. =20 -Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -911,6 +911,36 @@ HmacMd5GetContextSize ( ); =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. + + If this interface is not supported, then return NULL. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacMd5New() returns NULL. + @retval NULL This interface is not supported. + +**/ +VOID * +EFIAPI +HmacMd5New ( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + If this interface is not supported, then do nothing. + + @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacMd5Free ( + IN VOID *HmacMd5Ctx + ); + +/** Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 c= ontext for subsequent use. =20 @@ -1029,6 +1059,36 @@ HmacSha1GetContextSize ( ); =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. + + If this interface is not supported, then return NULL. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha1New() returns NULL. + @return NULL This interface is not supported. + +**/ +VOID * +EFIAPI +HmacSha1New ( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + If this interface is not supported, then do nothing. + + @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha1Free ( + IN VOID *HmacSha1Ctx + ); + +/** Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1= context for subsequent use. =20 @@ -1147,6 +1207,31 @@ HmacSha256GetContextSize ( ); =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha256New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ); + +/** Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SH= A256 context for subsequent use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c index 61750616c8..cb1019387c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -1,7 +1,7 @@ /** @file HMAC-MD5 Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -15,6 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include =20 +#define HMAC_MD5_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ + sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK + /** Retrieves the size, in bytes, of the context buffer required for HMAC-MD= 5 operations. =20 @@ -29,8 +32,49 @@ HmacMd5GetContextSize ( { // // Retrieves the OpenSSL HMAC-MD5 Context Size + // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just = use the + // fixed size as a workaround to make this API work for compatibil= ity. + // We should retire HmacMd5GetContextSize() in future, and use Hma= cMd5New() + // and HmacMd5Free() for context allocation and release. // - return (UINTN) (sizeof (HMAC_CTX)); + return (UINTN) HMAC_MD5_CTX_SIZE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacMd5New() returns NULL. + +**/ +VOID * +EFIAPI +HmacMd5New ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *) HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacMd5Free ( + IN VOID *HmacMd5Ctx + ) +{ + // + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); } =20 /** @@ -65,8 +109,13 @@ HmacMd5Init ( // // OpenSSL HMAC-MD5 Context Initialization // - HMAC_CTX_init (HmacMd5Context); - HMAC_Init_ex (HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL); + memset(HmacMd5Context, 0, HMAC_MD5_CTX_SIZE); + if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { + return FALSE; + } + if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP= _md5(), NULL) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -97,8 +146,10 @@ HmacMd5Duplicate ( if (HmacMd5Context =3D=3D NULL || NewHmacMd5Context =3D=3D NULL) { return FALSE; } - =20 - CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX)); + + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Con= text) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -146,7 +197,9 @@ HmacMd5Update ( // // OpenSSL HMAC-MD5 digest update // - HMAC_Update (HmacMd5Context, Data, DataSize); + if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -190,8 +243,12 @@ HmacMd5Final ( // // OpenSSL HMAC-MD5 digest finalization // - HMAC_Final (HmacMd5Context, HmacValue, &Length); - HMAC_CTX_cleanup (HmacMd5Context); + if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) !=3D 1) { + return FALSE; + } + if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { + return FALSE; + } =20 return TRUE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/Crypt= oPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c index b4bdde0433..53ce4d9976 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c @@ -1,7 +1,7 @@ /** @file HMAC-MD5 Wrapper Implementation which does not provide real capabilities. =20 -Copyright (c) 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -33,6 +33,42 @@ HmacMd5GetContextSize ( } =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. + + Return NULL to indicate this interface is not supported. + + @retval NULL This interface is not supported. + +**/ +VOID * +EFIAPI +HmacMd5New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacMd5Free ( + IN VOID *HmacMd5Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 c= ontext for subsequent use.=20 =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPk= g/Library/BaseCryptLib/Hmac/CryptHmacSha1.c index e6602586ac..9d25aef5b6 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA1 Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -15,6 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include =20 +#define HMAC_SHA1_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ + sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK + /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A1 operations. =20 @@ -29,8 +32,49 @@ HmacSha1GetContextSize ( { // // Retrieves the OpenSSL HMAC-SHA1 Context Size + // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just = use the + // fixed size as a workaround to make this API work for compatibil= ity. + // We should retire HmacSha15GetContextSize() in future, and use H= macSha1New() + // and HmacSha1Free() for context allocation and release. + // + return (UINTN) HMAC_SHA1_CTX_SIZE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha1New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha1New ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *) HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha1Free ( + IN VOID *HmacSha1Ctx + ) +{ // - return (UINTN) (sizeof (HMAC_CTX)); + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx); } =20 /** @@ -65,8 +109,13 @@ HmacSha1Init ( // // OpenSSL HMAC-SHA1 Context Initialization // - HMAC_CTX_init (HmacSha1Context); - HMAC_Init_ex (HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL); + memset(HmacSha1Context, 0, HMAC_SHA1_CTX_SIZE); + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { + return FALSE; + } + if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EV= P_sha1(), NULL) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -98,7 +147,9 @@ HmacSha1Duplicate ( return FALSE; } =20 - CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX)); + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1C= ontext) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -146,7 +197,9 @@ HmacSha1Update ( // // OpenSSL HMAC-SHA1 digest update // - HMAC_Update (HmacSha1Context, Data, DataSize); + if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -190,8 +243,12 @@ HmacSha1Final ( // // OpenSSL HMAC-SHA1 digest finalization // - HMAC_Final (HmacSha1Context, HmacValue, &Length); - HMAC_CTX_cleanup (HmacSha1Context); + if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) !=3D 1)= { + return FALSE; + } + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { + return FALSE; + } =20 return TRUE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/Cryp= toPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c index b31d0d1402..c11c183160 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA1 Wrapper Implementation which does not provide real capabilitie= s. =20 =20 -Copyright (c) 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -33,6 +33,42 @@ HmacSha1GetContextSize ( } =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. + + Return NULL to indicate this interface is not supported. + + @return NULL This interface is not supported.. + +**/ +VOID * +EFIAPI +HmacSha1New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha1Free ( + IN VOID *HmacSha1Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1= context for subsequent use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/Crypto= Pkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c index 7726e404f6..f1ae890526 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -15,6 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include =20 +#define HMAC_SHA256_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) += \ + sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK + /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations. =20 @@ -29,8 +32,49 @@ HmacSha256GetContextSize ( { // // Retrieves the OpenSSL HMAC-SHA256 Context Size + // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just = use the + // fixed size as a workaround to make this API work for compatibil= ity. + // We should retire HmacSha256GetContextSize() in future, and use = HmacSha256New() + // and HmacSha256Free() for context allocation and release. + // + return (UINTN)HMAC_SHA256_CTX_SIZE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha256New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *) HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ // - return (UINTN) (sizeof (HMAC_CTX)); + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx); } =20 /** @@ -65,8 +109,13 @@ HmacSha256Init ( // // OpenSSL HMAC-SHA256 Context Initialization // - HMAC_CTX_init (HmacSha256Context); - HMAC_Init_ex (HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NU= LL); + memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE); + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) !=3D 1) { + return FALSE; + } + if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, = EVP_sha256(), NULL) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -98,7 +147,9 @@ HmacSha256Duplicate ( return FALSE; } =20 - CopyMem (NewHmacSha256Context, HmacSha256Context, sizeof (HMAC_CTX)); + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha= 256Context) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -146,7 +197,9 @@ HmacSha256Update ( // // OpenSSL HMAC-SHA256 digest update // - HMAC_Update (HmacSha256Context, Data, DataSize); + if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -190,8 +243,12 @@ HmacSha256Final ( // // OpenSSL HMAC-SHA256 digest finalization // - HMAC_Final (HmacSha256Context, HmacValue, &Length); - HMAC_CTX_cleanup (HmacSha256Context); + if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) !=3D = 1) { + return FALSE; + } + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) !=3D 1) { + return FALSE; + } =20 return TRUE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/Cr= yptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c index 35abddaa92..dde6afa2f0 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 Wrapper Implementation which does not provide real capabilit= ies. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -33,6 +33,42 @@ HmacSha256GetContextSize ( } =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. + + Return NULL to indicate this interface is not supported. + + @return NULL This interface is not supported.. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SH= A256 context for subsequent use. =20 --=20 2.11.1.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel