From nobody Mon Feb 9 23:03:27 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59639+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59639+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517628; cv=none; d=zohomail.com; s=zohoarc; b=YJqWcpOlkQ+HJKpNccjnkEC4SPT6ZiFRZC71i7muccrUj1lc8zjMzJI5MVkDkwUhF5yrPgzht99MATebRTgNxU7PTfTVx7f15zQSq85QE/XAnnCA2f3fy5wGyxwf75Bp4Vwujz/hezlchTNZFO5YFqVwpNeLHvjV0yczGv0i7VY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517628; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qFaf5utkcTFmC3puP//6/Kdq82Hy8AS0TLF9Oo4swzU=; b=ROE3zTfOkrWTQDg/xQst7vc0mO0zykgiZVsiWexcDhCHkxMwvG7dC8YOTzMW97iEDyFZjSB8Ij4W2oz92iAr7FGL+HVoh+IwJQoBg5k88fiW54JgOkFwpuOjA/e0J9tgebjiG/1ZI64GSwj9z314KjSfAiAx3iF97Gg5fbG1ui4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59639+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517628346737.8389257756778; Thu, 14 May 2020 21:40:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id GYA1YY1788612xEvam17Txu6; Thu, 14 May 2020 21:40:27 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:26 -0700 IronPort-SDR: gJpuvHCF+STJcLaHoOkgg9GisS+eGArvFA00lSS49Ktsd4nLqI2ZTUSmzMUDIChi6u8urCk5vt ECw97TsnZoIw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:25 -0700 IronPort-SDR: +t3lY2KRfWIVYcUhaL1T9p7YK20zbuw8Lm8Nx+QKDjCziTURz+mjhH0enAWgC1wzjg8MGEkOxC c5biXXmkiwXw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317528" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:22 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 10/13] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Date: Fri, 15 May 2020 12:39:45 +0800 Message-Id: <20200515043948.15028-11-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: k7wGr5M4LcU1ey6KOzjALqJcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517627; bh=S/+QVYFUkNi5carBynFcCo7H4bUaed3dfvt8uguEmxk=; h=Cc:Date:From:Reply-To:Subject:To; b=JKzv0xkZexI8zyVYG10i7bZib5YXBzvZfKBXDdy6F+gMroMGdNYT+zShUTQ//teiKQw GBYmQRamdHddPNd2RiMoDrAznRUuIdMbZlHkCCby+vN1ZLaSKe0gyT9U+fIsU66iGl/jl jPAQkprMdToY8ghQFLYYxyh8jAUEYR9aBEE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 HMAC MD5 is not secure any longer. Remove the HMAC MD5 support from edk2. Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 1 - CryptoPkg/Driver/Crypto.c | 96 +++----- CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------ .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------ CryptoPkg/Private/Protocol/Crypto.h | 117 ++-------- 16 files changed, 55 insertions(+), 960 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Nul= l.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 1f68cc633b..9ddf73f9fa 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,7 +137,6 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 1337fea42a..1cd5923ce2 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1160,154 +1160,120 @@ CryptoServiceSm3HashAll ( //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. @retval NULL This interface is not supported. =20 **/ VOID * EFIAPI -CryptoServiceHmacMd5New ( +DeprecatedCryptoServiceHmacMd5New ( VOID ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), NULL); + return BaseCryptLibServiceDeprecated ("HmacMd5New"), NULL; } =20 /** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. =20 **/ VOID EFIAPI -CryptoServiceHmacMd5Free ( +DeprecatedCryptoServiceHmacMd5Free ( IN VOID *HmacMd5Ctx ) { - CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, (HmacMd5Ctx)= ); + BaseCryptLibServiceDeprecated ("HmacMd5Free"); } =20 /** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] HmacMd5Context Pointer to HMAC-MD5 context. @param[in] Key Pointer to the user-supplied key. @param[in] KeySize Key size in bytes. =20 - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5SetKey ( +DeprecatedCryptoServiceHmacMd5SetKey ( OUT VOID *HmacMd5Context, IN CONST UINT8 *Key, IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, (HmacM= d5Context, Key, KeySize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5SetKey"), FALSE; } =20 /** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. =20 - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5Duplicate ( +DeprecatedCryptoServiceHmacMd5Duplicate ( IN CONST VOID *HmacMd5Context, OUT VOID *NewHmacMd5Context ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, HmacMd5Duplicate, = (HmacMd5Context, NewHmacMd5Context), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5Duplicate"), FALSE; } =20 /** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[in] Data Pointer to the buffer containing the da= ta to be digested. @param[in] DataSize Size of Data buffer in bytes. =20 - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5Update ( +DeprecatedCryptoServiceHmacMd5Update ( IN OUT VOID *HmacMd5Context, IN CONST VOID *Data, IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, (HmacM= d5Context, Data, DataSize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5Update"), FALSE; } =20 /** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest value (16 bytes). =20 - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5Final ( +DeprecatedCryptoServiceHmacMd5Final ( IN OUT VOID *HmacMd5Context, OUT UINT8 *HmacValue ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, (HmacMd5= Context, HmacValue), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5Final"), FALSE; } =20 /** @@ -4234,13 +4200,13 @@ CryptoServiceTlsGetCertRevocationList ( const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { /// Version CryptoServiceGetCryptoVersion, - /// HMAC MD5 - CryptoServiceHmacMd5New, - CryptoServiceHmacMd5Free, - CryptoServiceHmacMd5SetKey, - CryptoServiceHmacMd5Duplicate, - CryptoServiceHmacMd5Update, - CryptoServiceHmacMd5Final, + /// HMAC MD5 - deprecated and unsupported + DeprecatedCryptoServiceHmacMd5New, + DeprecatedCryptoServiceHmacMd5Free, + DeprecatedCryptoServiceHmacMd5SetKey, + DeprecatedCryptoServiceHmacMd5Duplicate, + DeprecatedCryptoServiceHmacMd5Update, + DeprecatedCryptoServiceHmacMd5Final, /// HMAC SHA1 CryptoServiceHmacSha1New, CryptoServiceHmacSha1Free, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 86175c7a8a..b99401661c 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -880,139 +880,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ); - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 2de8e9c346..33d7c13bff 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -34,7 +34,6 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacMd5.c Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c deleted file mode 100644 index da46ce09f4..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *) HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || KeySize > INT_MAX) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP= _md5(), NULL) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || NewHmacMd5Context =3D=3D NULL) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Con= text) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 digest computation and retrieves the di= gest value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || HmacValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) !=3D 1) { - return FALSE; - } - if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/Crypt= oPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f631f8d879..2a630ef290 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index c906935d3d..95c71a8ae2 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// Note: HMAC-SHA1 functions, AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certific= ate handler functions, authenticode signature verification functions, PEM h= andler functions, and pseudorandom number generator functions are not suppo= rted in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, X.509 certificate handler function= s, authenticode signature verification functions, PEM handler functions, an= d pseudorandom number generator functions are not supported in this instanc= e." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 672e19299c..1642521087 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index 0a3bb1c04f..f7e1acb3a7 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// Note: HMAC-SHA1 functions, AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc3556ae3f..ec9c8e7c05 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external +# HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -39,7 +39,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 2e362c635f..8eb3acac93 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// Note: HMAC-SHA1 functions, AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 04b552f8b7..558ccfc002 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -34,7 +34,6 @@ Hash/CryptSha256Null.c Hash/CryptSha512Null.c Hash/CryptSm3Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/C= ryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index c937f8540d..dfe7fb7e91 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1015,157 +1015,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5New, (), NULL); -} - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - CALL_VOID_CRYPTO_SERVICE (HmacMd5Free, (HmacMd5Ctx)); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5SetKey, (HmacMd5Context, Key, KeySize), FALS= E); -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Contex= t), FALSE); -} - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5Update, (HmacMd5Context, Data, DataSize), FA= LSE); -} - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5Final, (HmacMd5Context, HmacValue), FALSE); -} - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index e76ff623a5..bd4cd7f383 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -43,135 +43,48 @@ UINTN // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef VOID* -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_NEW) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW) ( VOID ); =20 -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ typedef VOID -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FREE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE) ( IN VOID *HmacMd5Ctx ); =20 -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE HMAC-MD5 context initialization succeeded. - @retval FALSE HMAC-MD5 context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( OUT VOID *HmacMd5Context, IN CONST UINT8 *Key, IN UINTN KeySize ); =20 -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( IN CONST VOID *HmacMd5Context, OUT VOID *NewHmacMd5Context ); =20 -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_UPDATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE) ( IN OUT VOID *HmacMd5Context, IN CONST VOID *Data, IN UINTN DataSize ); =20 - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FINAL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL) ( IN OUT VOID *HmacMd5Context, OUT UINT8 *HmacValue ); @@ -3618,13 +3531,13 @@ EFI_STATUS struct _EDKII_CRYPTO_PROTOCOL { /// Version EDKII_CRYPTO_GET_VERSION GetVersion; - /// HMAC MD5 - EDKII_CRYPTO_HMAC_MD5_NEW HmacMd5New; - EDKII_CRYPTO_HMAC_MD5_FREE HmacMd5Free; - EDKII_CRYPTO_HMAC_MD5_SET_KEY HmacMd5SetKey; - EDKII_CRYPTO_HMAC_MD5_DUPLICATE HmacMd5Duplicate; - EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update; - EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final; + /// HMAC MD5 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Free; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5SetKey; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplica= te; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final; /// HMAC SHA1 EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59639): https://edk2.groups.io/g/devel/message/59639 Mute This Topic: https://groups.io/mt/74221333/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-