Re: [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface


Yao, Jiewen
 

Hi Laszlo
I disagree to put OPTIONAL for DigestValue, just because NULL is checked.
If we need follow this, then we need add OPTIONAL to almost all pointer, which is unnecessary.

+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
(3) DigestValue should be marked OPTIONAL in my opinion, as NULL is
deliberately permitted (for just freeing the context).




-----Original Message-----
From: Laszlo Ersek <lersek@redhat.com>
Sent: Wednesday, September 16, 2020 7:07 PM
To: devel@edk2.groups.io; Zurcher, Christopher J
<christopher.j.zurcher@intel.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
Lu, XiaoyuX <xiaoyux.lu@intel.com>
Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP
(Envelope) Digest interface

Hello Christopher,

On 09/16/20 02:59, Zurcher, Christopher J wrote:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

The EVP interface should be used in place of discrete digest function
calls.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Christopher J Zurcher <christopher.j.zurcher@intel.com>
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 +
CryptoPkg/Include/Library/BaseCryptLib.h | 129 ++++++++++
CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 257
++++++++++++++++++++
CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 128 ++++++++++
CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c | 128 ++++++++++
9 files changed, 647 insertions(+)
I agree that "CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c"
is necessary. (If I understand correctly, that file was missing from
your v2 posting.)

But "CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c" seems
superfluous. This file is never referenced in the INF files.

The point of this file would be to allow *some* of the Base / Pei /
Runtime / Smm instances to "stub out" the EVP MD functions (i.e. provide
only stub implementations). But this isn't what's happening -- all of
the Base / Pei / Runtime / Smm instances are getting the real deal
("CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c").

(1) So I think "CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c"
should be dropped. Only the Null instance of the library needs null
versions of the new functions. The Base / Pei / Runtime / Smm instances
don't.


diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 4aae2aba95..3968f29412 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -50,6 +50,7 @@
Pk/CryptAuthenticode.c
Pk/CryptTs.c
Pem/CryptPem.c
+ Evp/CryptEvpMd.c

SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index dc28e3a11d..d0b91716d0 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -57,6 +57,7 @@
Pk/CryptTsNull.c
Pem/CryptPemNull.c
Rand/CryptRandNull.c
+ Evp/CryptEvpMd.c

SysCall/CrtWrapper.c
SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 5005beed02..9f3accd35b 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -56,6 +56,7 @@
Pk/CryptAuthenticodeNull.c
Pk/CryptTsNull.c
Pem/CryptPem.c
+ Evp/CryptEvpMd.c

SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91ec3e03bf..420623cdc6 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -54,6 +54,7 @@
Pk/CryptAuthenticodeNull.c
Pk/CryptTsNull.c
Pem/CryptPem.c
+ Evp/CryptEvpMd.c

SysCall/CrtWrapper.c
SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 689af4fedd..542ac2e2e1 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -50,6 +50,7 @@
Pk/CryptTsNull.c
Pem/CryptPemNull.c
Rand/CryptRandNull.c
+ Evp/CryptEvpMdNull.c

[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
b/CryptoPkg/Include/Library/BaseCryptLib.h
index ae9bde9e37..5e1b408b54 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1012,6 +1012,135 @@ HmacSha256Final (
OUT UINT8 *HmacValue
);

+//==============================================================
=======================
+// EVP (Envelope) Primitive
+//==============================================================
=======================
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD
use.
+
+ If DigestName is NULL, then return FALSE.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-
terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return Pointer to the EVP_MD_CTX context that has been allocated and
initialized.
+ If DigestName is invalid, returns NULL.
+ If the allocations fails, returns NULL.
+ If initialization fails, returns NULL.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+ IN CONST CHAR8 *DigestName
+ );
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If NewEvpMdContext is NULL, then return FALSE.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval TRUE EVP_MD context copy succeeded.
+ @retval FALSE EVP_MD context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ );
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ This function performs EVP digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ EVP_MD context should be already correctly initialized by EvpMdInit(), and
should not
+ be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be
digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE EVP data digest succeeded.
+ @retval FALSE EVP data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ This function completes EVP hash computation and retrieves the digest
value into
+ the specified memory. After this function has been called, the EVP context
cannot
+ be used again.
+ EVP context should be already correctly initialized by EvpMdInit(), and
should
+ not be finalized by EvpMdFinal(). Behavior with invalid EVP context is
undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If DigestValue is NULL, free the Context then return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest
value.

(2) Please extend the comment on Digest with the following:

The caller is responsible for providing enough storage for the digest
algorithm selected with EvpMdInit(). Providing EVP_MAX_MD_SIZE bytes
will suffice for storing the digest regardless of the algorithm chosen
in EvpMdInit().

(EVP_MAX_MD_SIZE is a public OpenSSL macro and I think we should openly
advertise it to consumers in edk2.)

+
+ @retval TRUE EVP digest computation succeeded.
+ @retval FALSE EVP digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
(3) DigestValue should be marked OPTIONAL in my opinion, as NULL is
deliberately permitted (for just freeing the context).

+ );
+
+/**
+ Computes the message digest of an input data buffer.
+
+ This function performs the message digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If DigestName is NULL, return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+ If HashValue is NULL, return FALSE.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be
hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest
value.
+
+ @retval TRUE Digest computation succeeded.
+ @retval FALSE Digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ );
+
//===============================================================
======================
// Symmetric Cryptography Primitive
//===============================================================
======================
diff --git a/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
b/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
new file mode 100644
index 0000000000..b2770a9186
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
@@ -0,0 +1,257 @@
+/** @file
+ EVP MD Wrapper Implementation for OpenSSL.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/evp.h>
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD
use.
+
+ If DigestName is NULL, then return FALSE.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-
terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return Pointer to the EVP_MD_CTX context that has been allocated and
initialized.
+ If DigestName is invalid, returns NULL.
+ If the allocations fails, returns NULL.
+ If initialization fails, returns NULL.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+ IN CONST CHAR8 *DigestName
+ )
+{
+ EVP_MD *Digest;
+ VOID *EvpMdContext;
+
+ //
+ // Check input parameters.
+ //
+ if (DigestName == NULL) {
+ return NULL;
+ }
+
+ //
+ // Allocate EVP_MD_CTX Context
+ //
+ EvpMdContext = EVP_MD_CTX_new ();
+ if (EvpMdContext == NULL) {
+ return NULL;
+ }
+
+ Digest = EVP_get_digestbyname (DigestName);
I think this may not compile with gcc (and correctly so). The pointer
returned by EVP_get_digestbyname() is const-qualified, but with the
assignment, we're throwing away the const-ness.

(4) Please const-qualify the "Digest" local pointer.

+ if (Digest == NULL) {
+ return NULL;
+ }
(5) This is a memory leak I believe; "EvpMdContext" is leaked.

For keeping the control flow simple, consider moving
EVP_get_digestbyname() above EVP_MD_CTX_new().

+
+ //
+ // Initialize Context
+ //
+ if (EVP_DigestInit_ex (EvpMdContext, Digest, NULL) != 1) {
+ EVP_MD_CTX_free (EvpMdContext);
+ return NULL;
+ }
+
+ return EvpMdContext;
+}
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If NewEvpMdContext is NULL, then return FALSE.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval TRUE EVP_MD context copy succeeded.
+ @retval FALSE EVP_MD context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (EvpMdContext == NULL || NewEvpMdContext == NULL) {
+ return FALSE;
+ }
+
+ if (EVP_MD_CTX_copy (NewEvpMdContext, EvpMdContext) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
(6) Can you please confirm that the caller is supposed to initialize
"NewEvpMdContext" with EvpMdInit() first, before calling EvpMdDuplicate()?

+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ This function performs EVP digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ EVP_MD context should be already correctly initialized by EvpMdInit(), and
should not
+ be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be
digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE EVP data digest succeeded.
+ @retval FALSE EVP data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (EvpMdContext == NULL) {
+ return FALSE;
+ }
+
+ //
+ // Check invalid parameters, in case only DataLength was checked in
OpenSSL
+ //
+ if (Data == NULL && DataSize != 0) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL EVP digest update
+ //
+ if (EVP_DigestUpdate (EvpMdContext, Data, DataSize) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ This function completes EVP hash computation and retrieves the digest
value into
+ the specified memory. After this function has been called, the EVP context
cannot
+ be used again.
+ EVP context should be already correctly initialized by EvpMdInit(), and
should
+ not be finalized by EvpMdFinal(). Behavior with invalid EVP context is
undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If DigestValue is NULL, free the Context then return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest
value.
+
+ @retval TRUE EVP digest computation succeeded.
+ @retval FALSE EVP digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ )
+{
+ UINT32 Length;
+ BOOLEAN ReturnValue;
+
+ ReturnValue = TRUE;
+
+ //
+ // Check input parameters.
+ //
+ if (EvpMdContext == NULL) {
+ return FALSE;
+ }
+ if (DigestValue == NULL) {
+ EVP_MD_CTX_free (EvpMdContext);
+ return FALSE;
+ }
+
+ //
+ // OpenSSL EVP digest finalization
+ //
+ if (EVP_DigestFinal_ex (EvpMdContext, DigestValue, &Length) != 1) {
+ ReturnValue = FALSE;
+ }

(7) I suggest dropping the "Length" local variable. EVP_DigestFinal_ex()
deals fine with the third parameter being NULL, according to the docs
(and the code).


+
+ //
+ // Free OpenSSL EVP_MD_CTX Context
+ //
+ EVP_MD_CTX_free (EvpMdContext);
+
+ return ReturnValue;
+}
+
+/**
+ Computes the message digest of an input data buffer.
+
+ This function performs the message digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If DigestName is NULL, return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+ If HashValue is NULL, return FALSE.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be
hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest
value.
+
+ @retval TRUE Digest computation succeeded.
+ @retval FALSE Digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ )
+{
+ BOOLEAN Result;
+ VOID *EvpMdContext;
+
+ EvpMdContext = EvpMdInit (DigestName);
+ if (EvpMdContext == NULL) {
+ return FALSE;
+ }
+
+ Result = EvpMdUpdate (EvpMdContext, Data, DataSize);
+ if (Result == FALSE) {
(8) Style: please write (!Result).


+ EvpMdFinal (EvpMdContext, NULL);
+ return FALSE;
+ }
+
+ Result = EvpMdFinal (EvpMdContext, HashValue);
+
+ return Result;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
b/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
new file mode 100644
index 0000000000..038f63801f
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
@@ -0,0 +1,128 @@
+/** @file
+ EVP MD Wrapper Null Library.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD
use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-
terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return NULL This interface is not supported.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+ IN CONST CHAR8 *DigestName
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be
digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest
value.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the message digest of an input data buffer.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be
hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest
value.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c
b/CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c
new file mode 100644
index 0000000000..038f63801f
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c
@@ -0,0 +1,128 @@
+/** @file
+ EVP MD Wrapper Null Library.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD
use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-
terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return NULL This interface is not supported.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+ IN CONST CHAR8 *DigestName
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be
digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest
value.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the message digest of an input data buffer.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be
hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest
value.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
Thanks,
Laszlo

Join devel@edk2.groups.io to automatically receive all group messages.