CryptoPkg/BaseCryptLib: replace HmacXxxInit API with HmacXxxSetKey

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1792

HmacXxxInit() is supposed to be initialize user supplied buffer as HMAC
context, as well as user supplied key. Currently it has no real use cases.

Due to BZ1792, the user has no way to get correct size of context buffer
after it's fixed, and then cannot make use of HmacXxxInit to initialize
it.

So it's decided to replace it with HmacXxxSetKey to keep the functionality
of supplying a key to HMAC, but drop all other initialization works. The
user can still get HMAC context via HmacXxxNew interface, which hides the
details about the context.

Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>

1 files changed, 10 insertions, 17 deletions

diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
index f24443e745..f8fd0b172a 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
@@ -78,22 +78,22 @@ HmacSha256Free (
 }

 

 /**

-  Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for

-  subsequent use.

+  Set user-supplied key for subsequent use. It must be done before any

+  calling to HmacSha256Update().

 

   If HmacSha256Context is NULL, then return FALSE.

 

-  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context being initialized.

+  @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context.

   @param[in]   Key                Pointer to the user-supplied key.

   @param[in]   KeySize            Key size in bytes.

 

-  @retval TRUE   HMAC-SHA256 context initialization succeeded.

-  @retval FALSE  HMAC-SHA256 context initialization failed.

+  @retval TRUE   The Key is set successfully.

+  @retval FALSE  The Key is set unsuccessfully.

 

 **/

 BOOLEAN

 EFIAPI

-HmacSha256Init (

+HmacSha256SetKey (

   OUT  VOID         *HmacSha256Context,

   IN   CONST UINT8  *Key,

   IN   UINTN        KeySize

@@ -106,13 +106,6 @@ HmacSha256Init (
     return FALSE;

   }

 

-  //

-  // OpenSSL HMAC-SHA256 Context Initialization

-  //

-  memset(HmacSha256Context, 0, HMAC_SHA256_CTX_SIZE);

-  if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {

-    return FALSE;

-  }

   if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL) != 1) {

     return FALSE;

   }

@@ -159,8 +152,8 @@ HmacSha256Duplicate (
 

   This function performs HMAC-SHA256 digest on a data buffer of the specified size.

   It can be called multiple times to compute the digest of long or discontinuous data streams.

-  HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not

-  be finalized by HmacSha256Final(). Behavior with invalid context is undefined.

+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized

+  by HmacSha256Final(). Behavior with invalid context is undefined.

 

   If HmacSha256Context is NULL, then return FALSE.

 

@@ -210,8 +203,8 @@ HmacSha256Update (
   This function completes HMAC-SHA256 hash computation and retrieves the digest value into

   the specified memory. After this function has been called, the HMAC-SHA256 context cannot

   be used again.

-  HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should

-  not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.

+  HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized

+  by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.

 

   If HmacSha256Context is NULL, then return FALSE.

   If HmacValue is NULL, then return FALSE.