sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

HMAC MD5 is not secure any longer.
Remove the HMAC MD5 support from edk2.
Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
This commit is contained in:
Zhichao Gao
2020-04-23 15:04:37 +08:00
committed by mergify[bot]
parent 89db28b9c9
commit b6174e2d09
16 changed files with 55 additions and 960 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
View File

@@ -1,216 +0,0 @@
/** @file
HMAC-MD5 Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
#include <openssl/hmac.h>
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
@return Pointer to the HMAC_CTX context that has been initialized.
If the allocations fails, HmacMd5New() returns NULL.
**/
VOID *
EFIAPI
HmacMd5New (
VOID
)
{
//
// Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
//
return (VOID *) HMAC_CTX_new ();
}
/**
Release the specified HMAC_CTX context.
@param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
HmacMd5Free (
IN VOID *HmacMd5Ctx
)
{
//
// Free OpenSSL HMAC_CTX Context
//
HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx);
}
/**
Set user-supplied key for subsequent use. It must be done before any
calling to HmacMd5Update().
If HmacMd5Context is NULL, then return FALSE.
@param[out] HmacMd5Context Pointer to HMAC-MD5 context.
@param[in] Key Pointer to the user-supplied key.
@param[in] KeySize Key size in bytes.
@retval TRUE Key is set successfully.
@retval FALSE Key is set unsuccessfully.
**/
BOOLEAN
EFIAPI
HmacMd5SetKey (
OUT VOID *HmacMd5Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
//
// Check input parameters.
//
if (HmacMd5Context == NULL || KeySize > INT_MAX) {
return FALSE;
}
if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL) != 1) {
return FALSE;
}
return TRUE;
}
/**
Makes a copy of an existing HMAC-MD5 context.
If HmacMd5Context is NULL, then return FALSE.
If NewHmacMd5Context is NULL, then return FALSE.
@param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
@param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
@retval TRUE HMAC-MD5 context copy succeeded.
@retval FALSE HMAC-MD5 context copy failed.
**/
BOOLEAN
EFIAPI
HmacMd5Duplicate (
IN CONST VOID *HmacMd5Context,
OUT VOID *NewHmacMd5Context
)
{
//
// Check input parameters.
//
if (HmacMd5Context == NULL || NewHmacMd5Context == NULL) {
return FALSE;
}
if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Context) != 1) {
return FALSE;
}
return TRUE;
}
/**
Digests the input data and updates HMAC-MD5 context.
This function performs HMAC-MD5 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
HmacMd5Final(). Behavior with invalid context is undefined.
If HmacMd5Context is NULL, then return FALSE.
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
@param[in] Data Pointer to the buffer containing the data to be digested.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE HMAC-MD5 data digest succeeded.
@retval FALSE HMAC-MD5 data digest failed.
**/
BOOLEAN
EFIAPI
HmacMd5Update (
IN OUT VOID *HmacMd5Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
//
// Check input parameters.
//
if (HmacMd5Context == NULL) {
return FALSE;
}
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
return FALSE;
}
//
// OpenSSL HMAC-MD5 digest update
//
if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) != 1) {
return FALSE;
}
return TRUE;
}
/**
Completes computation of the HMAC-MD5 digest value.
This function completes HMAC-MD5 digest computation and retrieves the digest value into
the specified memory. After this function has been called, the HMAC-MD5 context cannot
be used again.
HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
If HmacMd5Context is NULL, then return FALSE.
If HmacValue is NULL, then return FALSE.
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
@param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
value (16 bytes).
@retval TRUE HMAC-MD5 digest computation succeeded.
@retval FALSE HMAC-MD5 digest computation failed.
**/
BOOLEAN
EFIAPI
HmacMd5Final (
IN OUT VOID *HmacMd5Context,
OUT UINT8 *HmacValue
)
{
UINT32 Length;
//
// Check input parameters.
//
if (HmacMd5Context == NULL || HmacValue == NULL) {
return FALSE;
}
//
// OpenSSL HMAC-MD5 digest finalization
//
if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) != 1) {
return FALSE;
}
if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) != 1) {
return FALSE;
}
return TRUE;
}

139
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
View File

@@ -1,139 +0,0 @@
/** @file
HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
Return NULL to indicate this interface is not supported.
@retval NULL This interface is not supported.
**/
VOID *
EFIAPI
HmacMd5New (
VOID
)
{
ASSERT (FALSE);
return NULL;
}
/**
Release the specified HMAC_CTX context.
This function will do nothing.
@param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
HmacMd5Free (
IN VOID *HmacMd5Ctx
)
{
ASSERT (FALSE);
return;
}
/**
Set user-supplied key for subsequent use. It must be done before any
calling to HmacMd5Update().
Return FALSE to indicate this interface is not supported.
@param[out] HmacMd5Context Pointer to HMAC-MD5 context.
@param[in] Key Pointer to the user-supplied key.
@param[in] KeySize Key size in bytes.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
HmacMd5SetKey (
OUT VOID *HmacMd5Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Makes a copy of an existing HMAC-MD5 context.
Return FALSE to indicate this interface is not supported.
@param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
@param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
HmacMd5Duplicate (
IN CONST VOID *HmacMd5Context,
OUT VOID *NewHmacMd5Context
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Digests the input data and updates HMAC-MD5 context.
Return FALSE to indicate this interface is not supported.
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
@param[in] Data Pointer to the buffer containing the data to be digested.
@param[in] DataSize Size of Data buffer in bytes.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
HmacMd5Update (
IN OUT VOID *HmacMd5Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Completes computation of the HMAC-MD5 digest value.
Return FALSE to indicate this interface is not supported.
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
@param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
value (16 bytes).
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
HmacMd5Final (
IN OUT VOID *HmacMd5Context,
OUT UINT8 *HmacValue
)
{
ASSERT (FALSE);
return FALSE;
}