Zhichao, The removal of AesEcbEncrypt() and AesEcbDecrypt() should go to patch 5.
Regards, Jian > -----Original Message----- > From: Gao, Zhichao <zhichao....@intel.com> > Sent: Thursday, May 07, 2020 7:58 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.w...@intel.com>; Lu, XiaoyuX <xiaoyux...@intel.com>; > Fu, Siyuan <siyuan...@intel.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; Yao, Jiewen <jiewen....@intel.com> > Subject: [PATCH V3 6/8] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 > > HMAC MD5 is not secure any longer. > Remove the HMAC MD5 support from edk2. > Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the > function is unsupported any long. > > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Xiaoyu Lu <xiaoyux...@intel.com> > Cc: Siyuan Fu <siyuan...@intel.com> > Cc: Michael D Kinney <michael.d.kin...@intel.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Signed-off-by: Zhichao Gao <zhichao....@intel.com> > --- > CryptoPkg/CryptoPkg.dsc | 1 - > CryptoPkg/Driver/Crypto.c | 128 ++--------- > CryptoPkg/Include/Library/BaseCryptLib.h | 203 ---------------- > .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------ > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 ----------- > .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- > .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- > .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 ----------- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------ > CryptoPkg/Private/Protocol/Crypto.h | 117 ++-------- > 16 files changed, 45 insertions(+), 1072 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index 1f68cc633b..9ddf73f9fa 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -137,7 +137,6 @@ > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 > > !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" > - > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam > ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index 341df3b814..dfde1cc005 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -1105,154 +1105,68 @@ CryptoServiceSm3HashAll ( > > //=============================================================== > ====================== > > /** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - @retval NULL This interface is not supported. > + HMAC MD5 is deprecated and unsupported any longer. > + Keep the function field for binary compability. > > **/ > VOID * > EFIAPI > -CryptoServiceHmacMd5New ( > +DeprecatedCryptoServiceHmacMd5New ( > VOID > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), > NULL); > + return BaseCryptLibServciceDeprecated ("HmacMd5New"), NULL; > } > > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. > - > -**/ > VOID > EFIAPI > -CryptoServiceHmacMd5Free ( > +DeprecatedCryptoServiceHmacMd5Free ( > IN VOID *HmacMd5Ctx > ) > { > - CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, > (HmacMd5Ctx)); > + BaseCryptLibServciceDeprecated ("HmacMd5Free"); > } > > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE Key is set successfully. > - @retval FALSE Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacMd5SetKey ( > +DeprecatedCryptoServiceHmacMd5SetKey ( > OUT VOID *HmacMd5Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, > (HmacMd5Context, Key, KeySize), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacMd5SetKey"), FALSE; > } > > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacMd5Duplicate ( > +DeprecatedCryptoServiceHmacMd5Duplicate ( > IN CONST VOID *HmacMd5Context, > OUT VOID *NewHmacMd5Context > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, > HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Context), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacMd5Duplicate"), FALSE; > } > > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specified > size. > - It can be called multiple times to compute the digest of long or > discontinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the data > to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacMd5Update ( > +DeprecatedCryptoServiceHmacMd5Update ( > IN OUT VOID *HmacMd5Context, > IN CONST VOID *Data, > IN UINTN DataSize > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, > (HmacMd5Context, Data, DataSize), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacMd5Update"), FALSE; > } > > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the > HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceHmacMd5Final ( > +DeprecatedCryptoServiceHmacMd5Final ( > IN OUT VOID *HmacMd5Context, > OUT UINT8 *HmacValue > ) > { > - return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, > (HmacMd5Context, HmacValue), FALSE); > + return BaseCryptLibServciceDeprecated ("HmacMd5Final"), FALSE; > } > > /** > @@ -4051,13 +3965,13 @@ CryptoServiceTlsGetCertRevocationList ( > const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { > /// Version > CryptoServiceGetCryptoVersion, > - /// HMAC MD5 > - CryptoServiceHmacMd5New, > - CryptoServiceHmacMd5Free, > - CryptoServiceHmacMd5SetKey, > - CryptoServiceHmacMd5Duplicate, > - CryptoServiceHmacMd5Update, > - CryptoServiceHmacMd5Final, > + /// HMAC MD5 - deprecated and unsupported > + DeprecatedCryptoServiceHmacMd5New, > + DeprecatedCryptoServiceHmacMd5Free, > + DeprecatedCryptoServiceHmacMd5SetKey, > + DeprecatedCryptoServiceHmacMd5Duplicate, > + DeprecatedCryptoServiceHmacMd5Update, > + DeprecatedCryptoServiceHmacMd5Final, > /// HMAC SHA1 > CryptoServiceHmacSha1New, > CryptoServiceHmacSha1Free, > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 621bcfd1c4..b99401661c 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -880,139 +880,6 @@ Sm3HashAll ( > // MAC (Message Authentication Code) Primitive > > //=============================================================== > ====================== > > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - @retval NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ); > - > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ); > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE Key is set successfully. > - @retval FALSE Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ); > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ); > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specified > size. > - It can be called multiple times to compute the digest of long or > discontinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the data > to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ); > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the > HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ); > - > /** > Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 > use. > > @@ -1323,76 +1190,6 @@ AesInit ( > IN UINTN KeyLength > ); > > -/** > - Performs AES encryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > encryption > output. > - > - @retval TRUE AES encryption succeeded. > - @retval FALSE AES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbEncrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > -/** > - Performs AES decryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > decryption > output. > - > - @retval TRUE AES decryption succeeded. > - @retval FALSE AES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbDecrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > /** > Performs AES encryption on a data buffer of the specified size in CBC mode. > > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > index 2de8e9c346..33d7c13bff 100644 > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -34,7 +34,6 @@ > Hash/CryptSha256.c > Hash/CryptSha512.c > Hash/CryptSm3.c > - Hmac/CryptHmacMd5.c > Hmac/CryptHmacSha1.c > Hmac/CryptHmacSha256.c > Kdf/CryptHkdf.c > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > deleted file mode 100644 > index da46ce09f4..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c > +++ /dev/null > @@ -1,216 +0,0 @@ > -/** @file > - HMAC-MD5 Wrapper Implementation over OpenSSL. > - > -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR> > -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > -#include <openssl/hmac.h> > - > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ) > -{ > - // > - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() > - // > - return (VOID *) HMAC_CTX_new (); > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ) > -{ > - // > - // Free OpenSSL HMAC_CTX Context > - // > - HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE Key is set successfully. > - @retval FALSE Key is set unsuccessfully. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - // > - // Check input parameters. > - // > - if (HmacMd5Context == NULL || KeySize > INT_MAX) { > - return FALSE; > - } > - > - if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, > EVP_md5(), NULL) != 1) { > - return FALSE; > - } > - > - return TRUE; > -} > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ) > -{ > - // > - // Check input parameters. > - // > - if (HmacMd5Context == NULL || NewHmacMd5Context == NULL) { > - return FALSE; > - } > - > - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX > *)HmacMd5Context) != 1) { > - return FALSE; > - } > - > - return TRUE; > -} > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specified > size. > - It can be called multiple times to compute the digest of long or > discontinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the data > to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - // > - // Check input parameters. > - // > - if (HmacMd5Context == NULL) { > - return FALSE; > - } > - > - // > - // Check invalid parameters, in case that only DataLength was checked in > OpenSSL > - // > - if (Data == NULL && DataSize != 0) { > - return FALSE; > - } > - > - // > - // OpenSSL HMAC-MD5 digest update > - // > - if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) != 1) { > - return FALSE; > - } > - > - return TRUE; > -} > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 digest computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the > HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ) > -{ > - UINT32 Length; > - > - // > - // Check input parameters. > - // > - if (HmacMd5Context == NULL || HmacValue == NULL) { > - return FALSE; > - } > - > - // > - // OpenSSL HMAC-MD5 digest finalization > - // > - if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) != 1) { > - return FALSE; > - } > - if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) != 1) { > - return FALSE; > - } > - > - return TRUE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > deleted file mode 100644 > index 5de55bf0d5..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c > +++ /dev/null > @@ -1,139 +0,0 @@ > -/** @file > - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. > - > -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR> > -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - Return NULL to indicate this interface is not supported. > - > - @retval NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return NULL; > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - This function will do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ) > -{ > - ASSERT (FALSE); > - return; > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the data > to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the > HMAC- > MD5 digest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > index f631f8d879..2a630ef290 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA > external > +# HMAC-SHA1/SHA256 functions, AES functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, > X.509 > # certificate handler functions, authenticode signature verification > functions, > # PEM handler functions, and pseudorandom number generator functions are > not > @@ -40,7 +40,6 @@ > Hash/CryptSha256.c > Hash/CryptSm3.c > Hash/CryptSha512.c > - Hmac/CryptHmacMd5Null.c > Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > index c906935d3d..95c71a8ae2 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > @@ -6,7 +6,7 @@ > // This external input must be validated carefully to avoid security issues > such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES > +// Note: HMAC-SHA1 functions, AES > // functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, X.509 certificate handler functions, > authenticode > // signature verification functions, PEM handler functions, and pseudorandom > number > @@ -21,5 +21,5 @@ > > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for PEIM" > > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler > functions, authenticode signature verification functions, PEM handler > functions, > and pseudorandom number generator functions are not supported in this > instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, > AES functions, RSA external functions, PKCS#7 SignedData sign functions, > Diffie- > Hellman functions, X.509 certificate handler functions, authenticode signature > verification functions, PEM handler functions, and pseudorandom number > generator functions are not supported in this instance." > > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > index 672e19299c..1642521087 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA > external > +# HMAC-SHA1/SHA256 functions, AES functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and > # authenticode signature verification functions are not supported in this > instance. > # > @@ -40,7 +40,6 @@ > Hash/CryptSha256.c > Hash/CryptSm3.c > Hash/CryptSha512Null.c > - Hmac/CryptHmacMd5Null.c > Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > index 0a3bb1c04f..f7e1acb3a7 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > @@ -6,7 +6,7 @@ > // This external input must be validated carefully to avoid security issues > such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES > +// Note: HMAC-SHA1 functions, AES > // functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification > functions > are > // not supported in this instance. > @@ -20,5 +20,5 @@ > > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for DXE_RUNTIME_DRIVER" > > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode > signature > verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, > AES functions, RSA external functions, PKCS#7 SignedData sign functions, > Diffie- > Hellman functions, and authenticode signature verification functions are not > supported in this instance." > > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > index cc3556ae3f..ec9c8e7c05 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external > +# HMAC-SHA1 functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and > # authenticode signature verification functions are not supported in this > instance. > # > @@ -39,7 +39,6 @@ > Hash/CryptSha256.c > Hash/CryptSm3.c > Hash/CryptSha512Null.c > - Hmac/CryptHmacMd5Null.c > Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256.c > Kdf/CryptHkdfNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > index 2e362c635f..8eb3acac93 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > @@ -6,7 +6,7 @@ > // This external input must be validated carefully to avoid security issues > such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES > +// Note: HMAC-SHA1 functions, AES > // functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification > functions > are > // not supported in this instance. > @@ -20,5 +20,5 @@ > > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for SMM driver" > > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode > signature > verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, > AES functions, RSA external functions, PKCS#7 SignedData sign functions, > Diffie- > Hellman functions, and authenticode signature verification functions are not > supported in this instance." > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > index 04b552f8b7..558ccfc002 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > @@ -34,7 +34,6 @@ > Hash/CryptSha256Null.c > Hash/CryptSha512Null.c > Hash/CryptSm3Null.c > - Hmac/CryptHmacMd5Null.c > Hmac/CryptHmacSha1Null.c > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > deleted file mode 100644 > index 5de55bf0d5..0000000000 > --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c > +++ /dev/null > @@ -1,139 +0,0 @@ > -/** @file > - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. > - > -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR> > -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - Return NULL to indicate this interface is not supported. > - > - @retval NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return NULL; > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - This function will do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ) > -{ > - ASSERT (FALSE); > - return; > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the data > to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the > HMAC- > MD5 digest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index c937f8540d..dfe7fb7e91 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -1015,157 +1015,6 @@ Sm3HashAll ( > // MAC (Message Authentication Code) Primitive > > //=============================================================== > ====================== > > -/** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - @retval NULL This interface is not supported. > - > -**/ > -VOID * > -EFIAPI > -HmacMd5New ( > - VOID > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5New, (), NULL); > -} > - > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. > - > -**/ > -VOID > -EFIAPI > -HmacMd5Free ( > - IN VOID *HmacMd5Ctx > - ) > -{ > - CALL_VOID_CRYPTO_SERVICE (HmacMd5Free, (HmacMd5Ctx)); > -} > - > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE Key is set successfully. > - @retval FALSE Key is set unsuccessfully. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5SetKey ( > - OUT VOID *HmacMd5Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5SetKey, (HmacMd5Context, Key, KeySize), > FALSE); > -} > - > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Duplicate ( > - IN CONST VOID *HmacMd5Context, > - OUT VOID *NewHmacMd5Context > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5Duplicate, (HmacMd5Context, > NewHmacMd5Context), FALSE); > -} > - > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specified > size. > - It can be called multiple times to compute the digest of long or > discontinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the data > to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Update ( > - IN OUT VOID *HmacMd5Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5Update, (HmacMd5Context, Data, > DataSize), FALSE); > -} > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the > HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -HmacMd5Final ( > - IN OUT VOID *HmacMd5Context, > - OUT UINT8 *HmacValue > - ) > -{ > - CALL_CRYPTO_SERVICE (HmacMd5Final, (HmacMd5Context, HmacValue), > FALSE); > -} > - > /** > Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 > use. > > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index e76ff623a5..bd4cd7f383 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -43,135 +43,48 @@ UINTN > // MAC (Message Authentication Code) Primitive > > //=============================================================== > ====================== > /** > - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 > use. > - > - If this interface is not supported, then return NULL. > - > - @return Pointer to the HMAC_CTX context that has been initialized. > - If the allocations fails, HmacMd5New() returns NULL. > - @retval NULL This interface is not supported. > + HMAC MD5 is deprecated and unsupported any longer. > + Keep the function field for binary compability. > > **/ > typedef > VOID* > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_NEW) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW) ( > VOID > ); > > -/** > - Release the specified HMAC_CTX context. > - > - If this interface is not supported, then do nothing. > - > - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. > - > -**/ > typedef > VOID > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FREE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE) ( > IN VOID *HmacMd5Ctx > ); > > -/** > - Set user-supplied key for subsequent use. It must be done before any > - calling to HmacMd5Update(). > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. > - @param[in] Key Pointer to the user-supplied key. > - @param[in] KeySize Key size in bytes. > - > - @retval TRUE HMAC-MD5 context initialization succeeded. > - @retval FALSE HMAC-MD5 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( > OUT VOID *HmacMd5Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ); > > -/** > - Makes a copy of an existing HMAC-MD5 context. > - > - If HmacMd5Context is NULL, then return FALSE. > - If NewHmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. > - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. > - > - @retval TRUE HMAC-MD5 context copy succeeded. > - @retval FALSE HMAC-MD5 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( > IN CONST VOID *HmacMd5Context, > OUT VOID *NewHmacMd5Context > ); > > -/** > - Digests the input data and updates HMAC-MD5 context. > - > - This function performs HMAC-MD5 digest on a data buffer of the specified > size. > - It can be called multiple times to compute the digest of long or > discontinuous > data streams. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[in] Data Pointer to the buffer containing the data > to be > digested. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE HMAC-MD5 data digest succeeded. > - @retval FALSE HMAC-MD5 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_UPDATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE) ( > IN OUT VOID *HmacMd5Context, > IN CONST VOID *Data, > IN UINTN DataSize > ); > > - > -/** > - Completes computation of the HMAC-MD5 digest value. > - > - This function completes HMAC-MD5 hash computation and retrieves the > digest value into > - the specified memory. After this function has been called, the HMAC-MD5 > context cannot > - be used again. > - HMAC-MD5 context should be initialized by HmacMd5New(), and should not > be finalized by > - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. > - > - If HmacMd5Context is NULL, then return FALSE. > - If HmacValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. > - @param[out] HmacValue Pointer to a buffer that receives the > HMAC- > MD5 digest > - value (16 bytes). > - > - @retval TRUE HMAC-MD5 digest computation succeeded. > - @retval FALSE HMAC-MD5 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FINAL) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL) ( > IN OUT VOID *HmacMd5Context, > OUT UINT8 *HmacValue > ); > @@ -3618,13 +3531,13 @@ EFI_STATUS > struct _EDKII_CRYPTO_PROTOCOL { > /// Version > EDKII_CRYPTO_GET_VERSION GetVersion; > - /// HMAC MD5 > - EDKII_CRYPTO_HMAC_MD5_NEW HmacMd5New; > - EDKII_CRYPTO_HMAC_MD5_FREE HmacMd5Free; > - EDKII_CRYPTO_HMAC_MD5_SET_KEY HmacMd5SetKey; > - EDKII_CRYPTO_HMAC_MD5_DUPLICATE HmacMd5Duplicate; > - EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update; > - EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final; > + /// HMAC MD5 - deprecated and unsupported > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW > DeprecatedHmacMd5New; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE > DeprecatedHmacMd5Free; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY > DeprecatedHmacMd5SetKey; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE > DeprecatedHmacMd5Duplicate; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE > DeprecatedHmacMd5Update; > + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL > DeprecatedHmacMd5Final; > /// HMAC SHA1 > EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; > EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; > -- > 2.21.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#58890): https://edk2.groups.io/g/devel/message/58890 Mute This Topic: https://groups.io/mt/74041197/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
