9 files changed, 9 insertions, 369 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 33d7c13bff..4aae2aba95 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -34,7 +34,6 @@
   Hash/CryptSha256.c
   Hash/CryptSha512.c
   Hash/CryptSm3.c
-  Hmac/CryptHmacSha1.c
   Hmac/CryptHmacSha256.c
   Kdf/CryptHkdf.c
   Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
deleted file mode 100644
index 7593ca55b1..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/** @file
-  HMAC-SHA1 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
-  @return  Pointer to the HMAC_CTX context that has been initialized.
-           If the allocations fails, HmacSha1New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
-  VOID
-  )
-{
-  //
-  // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
-  //
-  return (VOID *) HMAC_CTX_new ();
-}
-
-/**
-  Release the specified HMAC_CTX context.
-
-  @param[in]  HmacSha1Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
-  IN  VOID  *HmacSha1Ctx
-  )
-{
-  //
-  // Free OpenSSL HMAC_CTX Context
-  //
-  HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx);
-}
-
-/**
-  Set user-supplied key for subsequent use. It must be done before any
-  calling to HmacSha1Update().
-
-  If HmacSha1Context is NULL, then return FALSE.
-
-  @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context.
-  @param[in]   Key              Pointer to the user-supplied key.
-  @param[in]   KeySize          Key size in bytes.
-
-  @retval TRUE   The Key is set successfully.
-  @retval FALSE  The Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
-  OUT  VOID         *HmacSha1Context,
-  IN   CONST UINT8  *Key,
-  IN   UINTN        KeySize
-  )
-{
-  //
-  // Check input parameters.
-  //
-  if (HmacSha1Context == NULL || KeySize > INT_MAX) {
-    return FALSE;
-  }
-
-  if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL) != 1) {
-    return FALSE;
-  }
-
-  return TRUE;
-}
-
-/**
-  Makes a copy of an existing HMAC-SHA1 context.
-
-  If HmacSha1Context is NULL, then return FALSE.
-  If NewHmacSha1Context is NULL, then return FALSE.
-
-  @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.
-  @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.
-
-  @retval TRUE   HMAC-SHA1 context copy succeeded.
-  @retval FALSE  HMAC-SHA1 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
-  IN   CONST VOID  *HmacSha1Context,
-  OUT  VOID        *NewHmacSha1Context
-  )
-{
-  //
-  // Check input parameters.
-  //
-  if (HmacSha1Context == NULL || NewHmacSha1Context == NULL) {
-    return FALSE;
-  }
-
-  if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1Context) != 1) {
-    return FALSE;
-  }
-
-  return TRUE;
-}
-
-/**
-  Digests the input data and updates HMAC-SHA1 context.
-
-  This function performs HMAC-SHA1 digest on a data buffer of the specified size.
-  It can be called multiple times to compute the digest of long or discontinuous data streams.
-  HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
-  HmacSha1Final(). Behavior with invalid context is undefined.
-
-  If HmacSha1Context is NULL, then return FALSE.
-
-  @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.
-  @param[in]       Data            Pointer to the buffer containing the data to be digested.
-  @param[in]       DataSize        Size of Data buffer in bytes.
-
-  @retval TRUE   HMAC-SHA1 data digest succeeded.
-  @retval FALSE  HMAC-SHA1 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
-  IN OUT  VOID        *HmacSha1Context,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  )
-{
-  //
-  // Check input parameters.
-  //
-  if (HmacSha1Context == NULL) {
-    return FALSE;
-  }
-
-  //
-  // Check invalid parameters, in case that only DataLength was checked in OpenSSL
-  //
-  if (Data == NULL && DataSize != 0) {
-    return FALSE;
-  }
-
-  //
-  // OpenSSL HMAC-SHA1 digest update
-  //
-  if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) != 1) {
-    return FALSE;
-  }
-
-  return TRUE;
-}
-
-/**
-  Completes computation of the HMAC-SHA1 digest value.
-
-  This function completes HMAC-SHA1 digest computation and retrieves the digest value into
-  the specified memory. After this function has been called, the HMAC-SHA1 context cannot
-  be used again.
-  HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
-  HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
-  If HmacSha1Context is NULL, then return FALSE.
-  If HmacValue is NULL, then return FALSE.
-
-  @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.
-  @param[out]      HmacValue        Pointer to a buffer that receives the HMAC-SHA1 digest
-                                    value (20 bytes).
-
-  @retval TRUE   HMAC-SHA1 digest computation succeeded.
-  @retval FALSE  HMAC-SHA1 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
-  IN OUT  VOID   *HmacSha1Context,
-  OUT     UINT8  *HmacValue
-  )
-{
-  UINT32  Length;
-
-  //
-  // Check input parameters.
-  //
-  if (HmacSha1Context == NULL || HmacValue == NULL) {
-    return FALSE;
-  }
-
-  //
-  // OpenSSL HMAC-SHA1 digest finalization
-  //
-  if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) != 1) {
-    return FALSE;
-  }
-  if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) {
-    return FALSE;
-  }
-
-  return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
deleted file mode 100644
index e8c0f341b7..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
-  HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
-  Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
-  Return NULL to indicate this interface is not supported.
-
-  @return  NULL  This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
-  VOID
-  )
-{
-  ASSERT (FALSE);
-  return NULL;
-}
-
-/**
-  Release the specified HMAC_CTX context.
-
-  This function will do nothing.
-
-  @param[in]  HmacSha1Ctx  Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
-  IN  VOID  *HmacSha1Ctx
-  )
-{
-  ASSERT (FALSE);
-  return;
-}
-
-/**
-  Set user-supplied key for subsequent use. It must be done before any
-  calling to HmacSha1Update().
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context.
-  @param[in]   Key              Pointer to the user-supplied key.
-  @param[in]   KeySize          Key size in bytes.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
-  OUT  VOID         *HmacSha1Context,
-  IN   CONST UINT8  *Key,
-  IN   UINTN        KeySize
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Makes a copy of an existing HMAC-SHA1 context.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.
-  @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
-  IN   CONST VOID  *HmacSha1Context,
-  OUT  VOID        *NewHmacSha1Context
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Digests the input data and updates HMAC-SHA1 context.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.
-  @param[in]       Data            Pointer to the buffer containing the data to be digested.
-  @param[in]       DataSize        Size of Data buffer in bytes.
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
-  IN OUT  VOID        *HmacSha1Context,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
-
-/**
-  Completes computation of the HMAC-SHA1 digest value.
-
-  Return FALSE to indicate this interface is not supported.
-
-  @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.
-  @param[out]      HmacValue        Pointer to a buffer that receives the HMAC-SHA1 digest
-                                    value (20 bytes).
-
-  @retval FALSE  This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
-  IN OUT  VOID   *HmacSha1Context,
-  OUT     UINT8  *HmacValue
-  )
-{
-  ASSERT (FALSE);
-  return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 2a630ef290..dc28e3a11d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
 #  buffer overflow or integer overflow.
 #
 #  Note:
-#  HMAC-SHA1/SHA256 functions, AES functions, RSA external
+#  HMAC-SHA256 functions, AES functions, RSA external
 #  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
 #  certificate handler functions, authenticode signature verification functions,
 #  PEM handler functions, and pseudorandom number generator functions are not
@@ -40,7 +40,6 @@
   Hash/CryptSha256.c
   Hash/CryptSm3.c
   Hash/CryptSha512.c
-  Hmac/CryptHmacSha1Null.c
   Hmac/CryptHmacSha256Null.c
   Kdf/CryptHkdfNull.c
   Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index 95c71a8ae2..20ae64e8bf 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -6,7 +6,7 @@
 // This external input must be validated carefully to avoid security issues such as
 // buffer overflow or integer overflow.
 //
-// Note: HMAC-SHA1 functions, AES
+// Note: AES
 // functions, RSA external functions, PKCS#7 SignedData sign functions,
 // Diffie-Hellman functions, X.509 certificate handler functions, authenticode
 // signature verification functions, PEM handler functions, and pseudorandom number
@@ -21,5 +21,5 @@
 
 #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for PEIM"
 
-#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
 
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 1642521087..5005beed02 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
 #  buffer overflow or integer overflow.
 #
 #  Note: SHA-384 Digest functions, SHA-512 Digest functions,
-#  HMAC-SHA1/SHA256 functions, AES functions, RSA external
+#  HMAC-SHA256 functions, AES functions, RSA external
 #  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
 #  authenticode signature verification functions are not supported in this instance.
 #
@@ -40,7 +40,6 @@
   Hash/CryptSha256.c
   Hash/CryptSm3.c
   Hash/CryptSha512Null.c
-  Hmac/CryptHmacSha1Null.c
   Hmac/CryptHmacSha256Null.c
   Kdf/CryptHkdfNull.c
   Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index f7e1acb3a7..0cf378c5ab 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -6,7 +6,7 @@
 // This external input must be validated carefully to avoid security issues such as
 // buffer overflow or integer overflow.
 //
-// Note: HMAC-SHA1 functions, AES
+// Note: AES
 // functions, RSA external functions, PKCS#7 SignedData sign functions,
 // Diffie-Hellman functions, and authenticode signature verification functions are
 // not supported in this instance.
@@ -20,5 +20,5 @@
 
 #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
 
-#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
 
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index ec9c8e7c05..91ec3e03bf 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,8 +7,7 @@
 #  buffer overflow or integer overflow.
 #
 #  Note: SHA-384 Digest functions, SHA-512 Digest functions,
-#  HMAC-SHA1 functions, RSA external
-#  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+#  RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
 #  authenticode signature verification functions are not supported in this instance.
 #
 #  Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
@@ -39,7 +38,6 @@
   Hash/CryptSha256.c
   Hash/CryptSm3.c
   Hash/CryptSha512Null.c
-  Hmac/CryptHmacSha1Null.c
   Hmac/CryptHmacSha256.c
   Kdf/CryptHkdfNull.c
   Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index 8eb3acac93..f0c33abbcf 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -6,7 +6,7 @@
 // This external input must be validated carefully to avoid security issues such as
 // buffer overflow or integer overflow.
 //
-// Note: HMAC-SHA1 functions, AES
+// Note: AES
 // functions, RSA external functions, PKCS#7 SignedData sign functions,
 // Diffie-Hellman functions, and authenticode signature verification functions are
 // not supported in this instance.
@@ -20,5 +20,5 @@
 
 #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for SMM driver"
 
-#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."