CryptoPkg: Add HMAC algorithms for signature/keymgmt

Some parts and versions of TLS require HMAC. This adds the missing HMAC algorithms to the UEFI provider. One entry in the default signature algorithms and one in the key management algorithms. Source of these entries is the default OpenSSL provider, defltprov.c, included in the OpenSSL library. This change was required to connect to some TLS servers depending on the used ciphers. Signed-off-by: Sebastian Witt <[email protected]>
YangGangUEFI · Jan 14, 2025 · 7c1562f · 7c1562f
1 parent 8b87eb9
commit 7c1562f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c b/CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c
@@ -193,6 +193,7 @@ static const OSSL_ALGORITHM deflt_signature[] = {
 #ifndef OPENSSL_NO_EC
     { PROV_NAMES_ECDSA, "provider=default", ossl_ecdsa_signature_functions },
 #endif
+    { PROV_NAMES_HMAC, "provider=default", ossl_mac_legacy_hmac_signature_functions },
 
     { NULL, NULL, NULL }
 };
@@ -222,6 +223,8 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
       PROV_DESCS_TLS1_PRF_SIGN },
     { PROV_NAMES_HKDF, "provider=default", ossl_kdf_keymgmt_functions,
       PROV_DESCS_HKDF_SIGN },
+    { PROV_NAMES_HMAC, "provider=default", ossl_mac_legacy_keymgmt_functions,
+      PROV_DESCS_HMAC_SIGN },
 
     { NULL, NULL, NULL }
 };