From nobody Mon Feb 9 05:10:53 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+57926+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57926+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1587631616; cv=none; d=zohomail.com; s=zohoarc; b=EfP74Y4xJpEZZNUrX20iTEgB3SE2BJPI5E6/HQXjD5p1yQSFGChZTJT6F8PMG3nVVgtbkLbLUXzgQ6silDNaQg4s7uByzZdaJnm9Ms1dywmHpc7+D4TQRGJR4G+uUWkWZdJkRby7p1Ly00LFtI4wdl6nLfbQ1s123CmHHQv1m7o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587631616; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=8DR5vu30uqehJn619Cp/7GSwEC/KvFBgMDeFcp0bB9o=; b=LQXZSUDgo2N3Q0J8ShXIf+raYtzdx0JY1xEYk+zAc57Fdn6Yl7a/a5nK5LeGdZ/JRb5yOPfe2NRTfzs9ruSNRhrw9Zl778adUMMF9LoqFTBWmEfhRqtbA9Jsgs6qwmSdAiIb61TW30mm72veYUKcSLKnHlW3UHeuojSJ006Qsfc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57926+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1587631616591335.4797901063108; Thu, 23 Apr 2020 01:46:56 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 0ibIYY1788612xjdWSdMfLd4; Thu, 23 Apr 2020 01:46:56 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web12.2640.1587631604102464506 for ; Thu, 23 Apr 2020 01:46:55 -0700 IronPort-SDR: hM6FjQexU8apvk2ytVB7tPEdLG5mFNaUn5q9ZiBKP/ewmnqyxQzkQqCJ8D0mIyjt2LGlxSxBKW bZRSrcGUkhHA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2020 01:46:55 -0700 IronPort-SDR: IyV0FGlzXrkPY4yiBh4tQwnwZkwVH+nNTfg5GZRXb4ZTFqCLC3juxCU0jNkQDUXwfDylRVJKIO YSNQf0IRRW3Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,306,1583222400"; d="scan'208";a="274165505" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga002.jf.intel.com with ESMTP; 23 Apr 2020 01:46:52 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH V2 5/7] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Date: Thu, 23 Apr 2020 16:46:25 +0800 Message-Id: <20200423084627.3384-6-zhichao.gao@intel.com> In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com> References: <20200423084627.3384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: 9xmqB6IVxGh0QI1YpK0B3FQnx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1587631616; bh=Yu7UWLxh7HxBAmHVOjucixULjY7U1Ir9GhodY0FbXps=; h=Cc:Date:From:Reply-To:Subject:To; b=Zfnf6ngESoBDSMEZTGZ0F7P2ZDazYXf2zHJQWXyYw8oej4Q6qG69extOF9R5b0mJ9Yh t2LBMb5ZmqklY2pxfwxeyPdNSmWITBpqwu3fEHHXwFL7fW9ZosXvingNrCqgNjshxniyx m48dckhgZRImIzdQAKcqus8JBK/uG1Xfmmg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 HMAC MD5 is not secure any longer. Remove the HMAC MD5 support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 1 - CryptoPkg/Driver/Crypto.c | 12 +- CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------ .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 ----------- 11 files changed, 9 insertions(+), 642 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Nul= l.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 1f68cc633b..9ddf73f9fa 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,7 +137,6 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index f86fc75650..8844c7a505 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1195,7 +1195,7 @@ CryptoServiceHmacMd5New ( VOID ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), NULL); + return BaseCryptLibServciceNotEnabled ("HmacMd5New"), NULL; } =20 /** @@ -1212,7 +1212,7 @@ CryptoServiceHmacMd5Free ( IN VOID *HmacMd5Ctx ) { - CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, (HmacMd5Ctx)= ); + BaseCryptLibServciceNotEnabled ("HmacMd5Free"); } =20 /** @@ -1239,7 +1239,7 @@ CryptoServiceHmacMd5SetKey ( IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, (HmacM= d5Context, Key, KeySize), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacMd5SetKey"), FALSE; } =20 /** @@ -1264,7 +1264,7 @@ CryptoServiceHmacMd5Duplicate ( OUT VOID *NewHmacMd5Context ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, HmacMd5Duplicate, = (HmacMd5Context, NewHmacMd5Context), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacMd5Duplicate"), FALSE; } =20 /** @@ -1295,7 +1295,7 @@ CryptoServiceHmacMd5Update ( IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, (HmacM= d5Context, Data, DataSize), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacMd5Update"), FALSE; } =20 /** @@ -1327,7 +1327,7 @@ CryptoServiceHmacMd5Final ( OUT UINT8 *HmacValue ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, (HmacMd5= Context, HmacValue), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacMd5Final"), FALSE; } =20 /** diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 98363f740e..eb2808f842 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -880,139 +880,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ); - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 2de8e9c346..33d7c13bff 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -34,7 +34,6 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacMd5.c Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c deleted file mode 100644 index da46ce09f4..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *) HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || KeySize > INT_MAX) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP= _md5(), NULL) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || NewHmacMd5Context =3D=3D NULL) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Con= text) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 digest computation and retrieves the di= gest value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || HmacValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) !=3D 1) { - return FALSE; - } - if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/Crypt= oPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f631f8d879..2a630ef290 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 672e19299c..1642521087 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc3556ae3f..ec9c8e7c05 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external +# HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -39,7 +39,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 04b552f8b7..558ccfc002 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -34,7 +34,6 @@ Hash/CryptSha256Null.c Hash/CryptSha512Null.c Hash/CryptSm3Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/C= ryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57926): https://edk2.groups.io/g/devel/message/57926 Mute This Topic: https://groups.io/mt/73214649/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-