/** @file\r
HMAC-SHA1 Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
#include <openssl/hmac.h>\r
\r
+//\r
+// NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h\r
+// #define HMAC_MAX_MD_CBLOCK_SIZE 144\r
+//\r
+//\r
+#define HMAC_SHA1_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int) + \\r
+ sizeof(unsigned char) * 144)\r
+\r
/**\r
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.\r
+ (NOTE: This API is deprecated.\r
+ Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.)\r
\r
@return The size, in bytes, of the context buffer required for HMAC-SHA1 operations.\r
\r
{\r
//\r
// Retrieves the OpenSSL HMAC-SHA1 Context Size\r
+ // NOTE: HMAC_CTX object was made opaque in openssl-1.1.x, here we just use the\r
+ // fixed size as a workaround to make this API work for compatibility.\r
+ // We should retire HmacSha15GetContextSize() in future, and use HmacSha1New()\r
+ // and HmacSha1Free() for context allocation and release.\r
+ //\r
+ return (UINTN) HMAC_SHA1_CTX_SIZE;\r
+}\r
+\r
+/**\r
+ Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.\r
+\r
+ @return Pointer to the HMAC_CTX context that has been initialized.\r
+ If the allocations fails, HmacSha1New() returns NULL.\r
+\r
+**/\r
+VOID *\r
+EFIAPI\r
+HmacSha1New (\r
+ VOID\r
+ )\r
+{\r
+ //\r
+ // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()\r
+ //\r
+ return (VOID *) HMAC_CTX_new ();\r
+}\r
+\r
+/**\r
+ Release the specified HMAC_CTX context.\r
+\r
+ @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+HmacSha1Free (\r
+ IN VOID *HmacSha1Ctx\r
+ )\r
+{\r
//\r
- return (UINTN) (sizeof (HMAC_CTX));\r
+ // Free OpenSSL HMAC_CTX Context\r
+ //\r
+ HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx);\r
}\r
\r
/**\r
- Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for\r
- subsequent use.\r
+ Set user-supplied key for subsequent use. It must be done before any\r
+ calling to HmacSha1Update().\r
\r
If HmacSha1Context is NULL, then return FALSE.\r
\r
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized.\r
+ @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.\r
@param[in] Key Pointer to the user-supplied key.\r
@param[in] KeySize Key size in bytes.\r
\r
- @retval TRUE HMAC-SHA1 context initialization succeeded.\r
- @retval FALSE HMAC-SHA1 context initialization failed.\r
+ @retval TRUE The Key is set successfully.\r
+ @retval FALSE The Key is set unsuccessfully.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
-HmacSha1Init (\r
+HmacSha1SetKey (\r
OUT VOID *HmacSha1Context,\r
IN CONST UINT8 *Key,\r
IN UINTN KeySize\r
//\r
// Check input parameters.\r
//\r
- if (HmacSha1Context == NULL) {\r
+ if (HmacSha1Context == NULL || KeySize > INT_MAX) {\r
return FALSE;\r
}\r
\r
- //\r
- // OpenSSL HMAC-SHA1 Context Initialization\r
- //\r
- HMAC_CTX_init (HmacSha1Context);\r
- HMAC_Init_ex (HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL);\r
+ if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL) != 1) {\r
+ return FALSE;\r
+ }\r
\r
return TRUE;\r
}\r
return FALSE;\r
}\r
\r
- CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX));\r
+ if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1Context) != 1) {\r
+ return FALSE;\r
+ }\r
\r
return TRUE;\r
}\r
\r
This function performs HMAC-SHA1 digest on a data buffer of the specified size.\r
It can be called multiple times to compute the digest of long or discontinuous data streams.\r
- HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should not\r
- be finalized by HmacSha1Final(). Behavior with invalid context is undefined.\r
+ HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by\r
+ HmacSha1Final(). Behavior with invalid context is undefined.\r
\r
If HmacSha1Context is NULL, then return FALSE.\r
\r
//\r
// OpenSSL HMAC-SHA1 digest update\r
//\r
- HMAC_Update (HmacSha1Context, Data, DataSize);\r
+ if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) != 1) {\r
+ return FALSE;\r
+ }\r
\r
return TRUE;\r
}\r
This function completes HMAC-SHA1 digest computation and retrieves the digest value into\r
the specified memory. After this function has been called, the HMAC-SHA1 context cannot\r
be used again.\r
- HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should\r
- not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.\r
+ HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by\r
+ HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.\r
\r
If HmacSha1Context is NULL, then return FALSE.\r
If HmacValue is NULL, then return FALSE.\r
//\r
// OpenSSL HMAC-SHA1 digest finalization\r
//\r
- HMAC_Final (HmacSha1Context, HmacValue, &Length);\r
- HMAC_CTX_cleanup (HmacSha1Context);\r
+ if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) != 1) {\r
+ return FALSE;\r
+ }\r
+ if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) {\r
+ return FALSE;\r
+ }\r
\r
return TRUE;\r
}\r