From nobody Sat Nov 2 12:25:19 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490275232510405.101968776793; Thu, 23 Mar 2017 06:20:32 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 991698038F; Thu, 23 Mar 2017 06:20:15 -0700 (PDT) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 13ADB80385 for ; Thu, 23 Mar 2017 06:20:14 -0700 (PDT) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga105.jf.intel.com with ESMTP; 23 Mar 2017 06:20:13 -0700 Received: from shwde6388.ccr.corp.intel.com ([10.239.9.17]) by fmsmga002.fm.intel.com with ESMTP; 23 Mar 2017 06:20:11 -0700 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,210,1486454400"; d="scan'208";a="1146042228" From: Qin Long To: edk2-devel@lists.01.org Date: Thu, 23 Mar 2017 21:19:30 +0800 Message-Id: <20170323131932.6168-10-qin.long@intel.com> X-Mailer: git-send-email 2.11.1.windows.1 In-Reply-To: <20170323131932.6168-1-qin.long@intel.com> References: <20170323131932.6168-1-qin.long@intel.com> Subject: [edk2] [PATCH v2 09/11] CryptoPkg: Update HMAC Wrapper with opaque HMAC_CTX object. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: ard.biesheuvel@linaro.org, ting.ye@intel.com, ronald.cron@arm.com, jiaxin.wu@intel.com, glin@suse.com, lersek@redhat.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" OpenSSL-1.1.xx makes most data structures opaque. This patch updated HMAC Wrapper implementation with opaque HMAC_CTX object. The HmacXXGetContextSize() is marked as deprecated, and updated to use the fixed HMAC_CTX size, which is just kept for compatibility. New APIs (HmacXXNew(), HmacXXFree()) were added as the recommended HMAC_CTX usage interfaces for HMAC-XXXX operations. Cc: Ting Ye Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Gary Lin Cc: Ronald Cron Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long Tested-by: Laszlo Ersek --- CryptoPkg/Include/Library/BaseCryptLib.h | 93 ++++++++++++++++++= +++- CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 77 +++++++++++++++--- .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c | 40 +++++++++- .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 75 +++++++++++++++-- .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 40 +++++++++- .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 75 +++++++++++++++-- .../BaseCryptLib/Hmac/CryptHmacSha256Null.c | 40 +++++++++- 7 files changed, 411 insertions(+), 29 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 9cc4776c30..9f0f202668 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -4,7 +4,7 @@ primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI secur= ity functionality enabling. =20 -Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -897,6 +897,8 @@ Sha512HashAll ( =20 /** Retrieves the size, in bytes, of the context buffer required for HMAC-MD= 5 operations. + (NOTE: This API is deprecated. + Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.) =20 If this interface is not supported, then return zero. =20 @@ -911,6 +913,36 @@ HmacMd5GetContextSize ( ); =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. + + If this interface is not supported, then return NULL. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacMd5New() returns NULL. + @retval NULL This interface is not supported. + +**/ +VOID * +EFIAPI +HmacMd5New ( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + If this interface is not supported, then do nothing. + + @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacMd5Free ( + IN VOID *HmacMd5Ctx + ); + +/** Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 c= ontext for subsequent use. =20 @@ -1015,6 +1047,8 @@ HmacMd5Final ( =20 /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A1 operations. + (NOTE: This API is deprecated. + Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operatio= ns.) =20 If this interface is not supported, then return zero. =20 @@ -1029,6 +1063,36 @@ HmacSha1GetContextSize ( ); =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. + + If this interface is not supported, then return NULL. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha1New() returns NULL. + @return NULL This interface is not supported. + +**/ +VOID * +EFIAPI +HmacSha1New ( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + If this interface is not supported, then do nothing. + + @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha1Free ( + IN VOID *HmacSha1Ctx + ); + +/** Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1= context for subsequent use. =20 @@ -1133,6 +1197,8 @@ HmacSha1Final ( =20 /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations. + (NOTE: This API is deprecated. + Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context op= erations.) =20 If this interface is not supported, then return zero. =20 @@ -1147,6 +1213,31 @@ HmacSha256GetContextSize ( ); =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha256New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ); + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ); + +/** Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SH= A256 context for subsequent use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c index 61750616c8..ff7b8e5466 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -1,7 +1,7 @@ /** @file HMAC-MD5 Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -15,8 +15,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHE= R EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include =20 +#define HMAC_MD5_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ + sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK + /** Retrieves the size, in bytes, of the context buffer required for HMAC-MD= 5 operations. + (NOTE: This API is deprecated. + Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.) =20 @return The size, in bytes, of the context buffer required for HMAC-MD5= operations. =20 @@ -29,8 +34,49 @@ HmacMd5GetContextSize ( { // // Retrieves the OpenSSL HMAC-MD5 Context Size + // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just = use the + // fixed size as a workaround to make this API work for compatibil= ity. + // We should retire HmacMd5GetContextSize() in future, and use Hma= cMd5New() + // and HmacMd5Free() for context allocation and release. // - return (UINTN) (sizeof (HMAC_CTX)); + return (UINTN) HMAC_MD5_CTX_SIZE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacMd5New() returns NULL. + +**/ +VOID * +EFIAPI +HmacMd5New ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *) HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacMd5Free ( + IN VOID *HmacMd5Ctx + ) +{ + // + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); } =20 /** @@ -65,8 +111,13 @@ HmacMd5Init ( // // OpenSSL HMAC-MD5 Context Initialization // - HMAC_CTX_init (HmacMd5Context); - HMAC_Init_ex (HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL); + memset(HmacMd5Context, 0, HMAC_MD5_CTX_SIZE); + if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { + return FALSE; + } + if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP= _md5(), NULL) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -97,8 +148,10 @@ HmacMd5Duplicate ( if (HmacMd5Context =3D=3D NULL || NewHmacMd5Context =3D=3D NULL) { return FALSE; } - =20 - CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX)); + + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Con= text) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -146,7 +199,9 @@ HmacMd5Update ( // // OpenSSL HMAC-MD5 digest update // - HMAC_Update (HmacMd5Context, Data, DataSize); + if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -190,8 +245,12 @@ HmacMd5Final ( // // OpenSSL HMAC-MD5 digest finalization // - HMAC_Final (HmacMd5Context, HmacValue, &Length); - HMAC_CTX_cleanup (HmacMd5Context); + if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) !=3D 1) { + return FALSE; + } + if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { + return FALSE; + } =20 return TRUE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/Crypt= oPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c index b4bdde0433..bfe68ab916 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c @@ -1,7 +1,7 @@ /** @file HMAC-MD5 Wrapper Implementation which does not provide real capabilities. =20 -Copyright (c) 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -16,6 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. =20 /** Retrieves the size, in bytes, of the context buffer required for HMAC-MD= 5 operations. + (NOTE: This API is deprecated. + Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.) =20 Return zero to indicate this interface is not supported. =20 @@ -33,6 +35,42 @@ HmacMd5GetContextSize ( } =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. + + Return NULL to indicate this interface is not supported. + + @retval NULL This interface is not supported. + +**/ +VOID * +EFIAPI +HmacMd5New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacMd5Free ( + IN VOID *HmacMd5Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 c= ontext for subsequent use.=20 =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPk= g/Library/BaseCryptLib/Hmac/CryptHmacSha1.c index e6602586ac..09c5867d53 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA1 Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -15,8 +15,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHE= R EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include =20 +#define HMAC_SHA1_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \ + sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK + /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A1 operations. + (NOTE: This API is deprecated. + Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operatio= ns.) =20 @return The size, in bytes, of the context buffer required for HMAC-SHA= 1 operations. =20 @@ -29,8 +34,49 @@ HmacSha1GetContextSize ( { // // Retrieves the OpenSSL HMAC-SHA1 Context Size + // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just = use the + // fixed size as a workaround to make this API work for compatibil= ity. + // We should retire HmacSha15GetContextSize() in future, and use H= macSha1New() + // and HmacSha1Free() for context allocation and release. + // + return (UINTN) HMAC_SHA1_CTX_SIZE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha1New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha1New ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *) HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha1Free ( + IN VOID *HmacSha1Ctx + ) +{ // - return (UINTN) (sizeof (HMAC_CTX)); + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx); } =20 /** @@ -65,8 +111,13 @@ HmacSha1Init ( // // OpenSSL HMAC-SHA1 Context Initialization // - HMAC_CTX_init (HmacSha1Context); - HMAC_Init_ex (HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL); + memset(HmacSha1Context, 0, HMAC_SHA1_CTX_SIZE); + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { + return FALSE; + } + if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EV= P_sha1(), NULL) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -98,7 +149,9 @@ HmacSha1Duplicate ( return FALSE; } =20 - CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX)); + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1C= ontext) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -146,7 +199,9 @@ HmacSha1Update ( // // OpenSSL HMAC-SHA1 digest update // - HMAC_Update (HmacSha1Context, Data, DataSize); + if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -190,8 +245,12 @@ HmacSha1Final ( // // OpenSSL HMAC-SHA1 digest finalization // - HMAC_Final (HmacSha1Context, HmacValue, &Length); - HMAC_CTX_cleanup (HmacSha1Context); + if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) !=3D 1)= { + return FALSE; + } + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { + return FALSE; + } =20 return TRUE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/Cryp= toPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c index b31d0d1402..466c4885c3 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA1 Wrapper Implementation which does not provide real capabilitie= s. =20 =20 -Copyright (c) 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -16,6 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. =20 /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A1 operations. + (NOTE: This API is deprecated. + Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operatio= ns.) =20 Return zero to indicate this interface is not supported. =20 @@ -33,6 +35,42 @@ HmacSha1GetContextSize ( } =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. + + Return NULL to indicate this interface is not supported. + + @return NULL This interface is not supported.. + +**/ +VOID * +EFIAPI +HmacSha1New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. + +**/ +VOID +EFIAPI +HmacSha1Free ( + IN VOID *HmacSha1Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1= context for subsequent use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/Crypto= Pkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c index 7726e404f6..d6b3ae4883 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -15,8 +15,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHE= R EXPRESS OR IMPLIED. #include "InternalCryptLib.h" #include =20 +#define HMAC_SHA256_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) += \ + sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK + /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations. + (NOTE: This API is deprecated. + Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context op= erations.) =20 @return The size, in bytes, of the context buffer required for HMAC-SHA= 256 operations. =20 @@ -29,8 +34,49 @@ HmacSha256GetContextSize ( { // // Retrieves the OpenSSL HMAC-SHA256 Context Size + // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just = use the + // fixed size as a workaround to make this API work for compatibil= ity. + // We should retire HmacSha256GetContextSize() in future, and use = HmacSha256New() + // and HmacSha256Free() for context allocation and release. + // + return (UINTN)HMAC_SHA256_CTX_SIZE; +} + +/** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. + + @return Pointer to the HMAC_CTX context that has been initialized. + If the allocations fails, HmacSha256New() returns NULL. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + // + // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() + // + return (VOID *) HMAC_CTX_new (); +} + +/** + Release the specified HMAC_CTX context. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ // - return (UINTN) (sizeof (HMAC_CTX)); + // Free OpenSSL HMAC_CTX Context + // + HMAC_CTX_free ((HMAC_CTX *)HmacSha256Ctx); } =20 /** @@ -65,8 +111,13 @@ HmacSha256Init ( // // OpenSSL HMAC-SHA256 Context Initialization // - HMAC_CTX_init (HmacSha256Context); - HMAC_Init_ex (HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NU= LL); + memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE); + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) !=3D 1) { + return FALSE; + } + if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, = EVP_sha256(), NULL) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -98,7 +149,9 @@ HmacSha256Duplicate ( return FALSE; } =20 - CopyMem (NewHmacSha256Context, HmacSha256Context, sizeof (HMAC_CTX)); + if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha256Context, (HMAC_CTX *)HmacSha= 256Context) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -146,7 +199,9 @@ HmacSha256Update ( // // OpenSSL HMAC-SHA256 digest update // - HMAC_Update (HmacSha256Context, Data, DataSize); + if (HMAC_Update ((HMAC_CTX *)HmacSha256Context, Data, DataSize) !=3D 1) { + return FALSE; + } =20 return TRUE; } @@ -190,8 +245,12 @@ HmacSha256Final ( // // OpenSSL HMAC-SHA256 digest finalization // - HMAC_Final (HmacSha256Context, HmacValue, &Length); - HMAC_CTX_cleanup (HmacSha256Context); + if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) !=3D = 1) { + return FALSE; + } + if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) !=3D 1) { + return FALSE; + } =20 return TRUE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c b/Cr= yptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c index 35abddaa92..1696fa1eb9 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA256 Wrapper Implementation which does not provide real capabilit= ies. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -16,6 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. =20 /** Retrieves the size, in bytes, of the context buffer required for HMAC-SH= A256 operations. + (NOTE: This API is deprecated. + Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context op= erations.) =20 Return zero to indicate this interface is not supported. =20 @@ -33,6 +35,42 @@ HmacSha256GetContextSize ( } =20 /** + Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. + + Return NULL to indicate this interface is not supported. + + @return NULL This interface is not supported.. + +**/ +VOID * +EFIAPI +HmacSha256New ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified HMAC_CTX context. + + This function will do nothing. + + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be release= d. + +**/ +VOID +EFIAPI +HmacSha256Free ( + IN VOID *HmacSha256Ctx + ) +{ + ASSERT (FALSE); + return; +} + +/** Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SH= A256 context for subsequent use. =20 --=20 2.11.1.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel