From nobody Tue Feb 10 01:16:18 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56448+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56448+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585274216; cv=none; d=zohomail.com; s=zohoarc; b=W+8AYD08V0pVhq5Tr3tpLnNAHj0jaFMBzd19wDYUQIfwlUP4BNO8q1GwW/v+X8gG086PI/24lXIzUuIszO2204TLy/JW/yWrG2+s4mMELbKGv/jMfIW3RU468LdREWPXgWvIvLtjpRxQQLHfnStf6XVO6CHJpMaAfkihU2zF1mo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585274216; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=BJoSadPhg4b8g3HmlQILLgJedbGBm5oln74BRISXzgA=; b=YkGBW2gAtTIi9ZKlMH/h2xxEyKjfaNuqOfbnmJI/hZO1LPTmJmBarAmSJymSab3B8TrngP5Rn6C+ShAWyRBdun23AwsAz9+01VLd8O+Ik+yCTGpiUGaSLaBvfV9lAkLLihijEIF0qKaLvGBd8MPcJpwKMy3YIR35DCWK44AM1Cc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56448+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585274216843319.66497218774987; Thu, 26 Mar 2020 18:56:56 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Hth5YY1788612xzh94t0pjJw; Thu, 26 Mar 2020 18:56:53 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:52 -0700 IronPort-SDR: vsIX45RECs6TgjFSvjIYPCUeFAxMFuN/oGeOs4mP6YgUHWBNk1nAOsHh/hJl79TPHKS3q4H7yM FvwsFGyYY6UQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:52 -0700 IronPort-SDR: ZYkC0p/96gQj9sXac9NFByIeq60Wt7tItKNlMeplDWqPuPN/53l/DyQT4AicwHpqh1jBIOtFcG iD8BldwfYJJA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246853" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:50 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [edk2-devel] [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement Date: Fri, 27 Mar 2020 09:56:29 +0800 Message-Id: <20200327015629.2588-9-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: jERRMaCQqAHS8R9SeOdngfvwx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585274213; bh=LZpJIAxG4Zw2lUNiLiOdN8R3SQBhXrWmYjc7BftLojI=; h=Cc:Date:From:Reply-To:Subject:To; b=MYCJ3PvmbImGeYM0QNE+Zd9wPxijjcuRFGgQFOhLSDcd8WtaZa3OmgG8qz2h26fBXrc abktT5jgUkLGDS0ykCCnZDkLfXBdKF4w0Hr1RJwZ6T6T0feUVuLnu5uh2NtYF07iKN/Bi AkGHABpOAtEz6XbEPRtXKMQHXICZnewWEyM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682 Md5 and SHA1 is not secure any longer but uefi spec need to keep them for backwards compatibility. Use pcd PcdSHA1Enable to control the SHA1 function enablement. When disable the SHA1 functions would not be complied. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 8 ++++++++ CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 +++ .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 +++ CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 +++ CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 2 ++ CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 2 ++ CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +++- .../Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 4 ++++ CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c | 12 ++++++++++++ CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf | 1 + CryptoPkg/Private/Protocol/Crypto.h | 9 ++++++++- 15 files changed, 53 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index b53da85bad..f7902205b3 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -266,6 +266,7 @@ CryptoServiceMd5HashAll ( } #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -423,6 +424,7 @@ CryptoServiceSha1HashAll ( { return CALL_BASECRYPTLIB (Sha1.Services.HashAll, Sha1HashAll, (Data, Dat= aSize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations. @@ -1177,6 +1179,7 @@ CryptoServiceHmacMd5Final ( } #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 @@ -1327,6 +1330,7 @@ CryptoServiceHmacSha1Final ( { return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, (HmacS= ha1Context, HmacValue), FALSE); } +#endif =20 /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. @@ -3820,6 +3824,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacMd5Update, CryptoServiceHmacMd5Final, #endif +#if (FixedPcdGetBool (PcdSHA1Enable)) /// HMAC SHA1 CryptoServiceHmacSha1New, CryptoServiceHmacSha1Free, @@ -3827,6 +3832,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacSha1Duplicate, CryptoServiceHmacSha1Update, CryptoServiceHmacSha1Final, +#endif /// HMAC SHA256 CryptoServiceHmacSha256New, CryptoServiceHmacSha256Free, @@ -3877,6 +3883,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceRsaPkcs1Verify, CryptoServiceRsaGetPrivateKeyFromPem, CryptoServiceRsaGetPublicKeyFromX509, +#if (FixedPcdGetBool (PcdSHA1Enable)) /// Sha1 CryptoServiceSha1GetContextSize, CryptoServiceSha1Init, @@ -3884,6 +3891,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceSha1Update, CryptoServiceSha1Final, CryptoServiceSha1HashAll, +#endif /// Sha256 CryptoServiceSha256GetContextSize, CryptoServiceSha256Init, diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 5c65ef5892..9ffd98096c 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -85,6 +85,7 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable =20 # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPk= g/Library/BaseCryptLib/Hmac/CryptHmacSha1.c index 7593ca55b1..baba6b267c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include +#if (FixedPcdGetBool (PcdSHA1Enable)) #include "InternalCryptLib.h" #include =20 @@ -214,3 +216,4 @@ HmacSha1Final ( =20 return TRUE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/Cryp= toPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c index e8c0f341b7..1314fa1a77 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include +#if (FixedPcdGetBool (PcdSHA1Enable)) #include "InternalCryptLib.h" =20 /** @@ -137,3 +139,4 @@ HmacSha1Final ( ASSERT (FALSE); return FALSE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index cebc74ccf2..b40e76f243 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -78,6 +78,7 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable =20 # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c b/CryptoP= kg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c index a89c1525c1..15e6bc2cb4 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c @@ -7,6 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include "InternalCryptLib.h" +#include #include #include =20 @@ -68,9 +69,11 @@ Pkcs5HashPassword ( // Make sure the digest algorithm is supported. // switch (DigestSize) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case SHA1_DIGEST_SIZE: HashAlg =3D EVP_sha1(); break; +#endif case SHA256_DIGEST_SIZE: HashAlg =3D EVP_sha256(); break; diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/= Library/BaseCryptLib/Pk/CryptRsaBasic.c index 31b78464d2..549ee1b933 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -298,9 +298,11 @@ RsaPkcs1Verify ( break; #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) case SHA1_DIGEST_SIZE: DigestType =3D NID_sha1; break; +#endif =20 case SHA256_DIGEST_SIZE: DigestType =3D NID_sha256; diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Li= brary/BaseCryptLib/Pk/CryptRsaExt.c index 1a50be1d78..60605e3486 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c @@ -336,9 +336,11 @@ RsaPkcs1Sign ( break; #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) case SHA1_DIGEST_SIZE: DigestType =3D NID_sha1; break; +#endif =20 case SHA256_DIGEST_SIZE: DigestType =3D NID_sha256; diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 72d4cd03ab..b6c0be70f2 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -90,6 +90,7 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable =20 # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 21f104c916..7f678eee93 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -89,6 +89,7 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable =20 # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/= CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c index e8c0f341b7..3aac798188 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c @@ -5,7 +5,8 @@ Copyright (c) 2012 - 2020, Intel Corporation. All rights re= served.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ - +#include +#if (FixedPcdGetBool (PcdSHA1Enable)) #include "InternalCryptLib.h" =20 /** @@ -137,3 +138,4 @@ HmacSha1Final ( ASSERT (FALSE); return FALSE; } +#endif diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index cba1e4c8bf..8429fefc0b 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -260,6 +260,7 @@ Md5HashAll ( } #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -417,6 +418,7 @@ Sha1HashAll ( { CALL_CRYPTO_SERVICE (Sha1HashAll, (Data, DataSize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations. @@ -1171,6 +1173,7 @@ HmacMd5Final ( } #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 @@ -1321,6 +1324,7 @@ HmacSha1Final ( { CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context, HmacValue), FALSE); } +#endif =20 /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c b/CryptoPkg/= Library/BaseHashApiLib/BaseHashApiLib.c index f9796b2158..754d75aeb2 100644 --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c @@ -33,9 +33,11 @@ HashApiGetContextSize ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1GetContextSize (); break; +#endif =20 case HASH_ALG_SHA256: return Sha256GetContextSize (); @@ -75,9 +77,11 @@ HashApiInit ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1Init (HashContext); break; +#endif =20 case HASH_ALG_SHA256: return Sha256Init (HashContext); @@ -119,9 +123,11 @@ HashApiDuplicate ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1Duplicate (HashContext, NewHashContext); break; +#endif =20 case HASH_ALG_SHA256: return Sha256Duplicate (HashContext, NewHashContext); @@ -165,9 +171,11 @@ HashApiUpdate ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1Update (HashContext, DataToHash, DataToHashLen); break; +#endif =20 case HASH_ALG_SHA256: return Sha256Update (HashContext, DataToHash, DataToHashLen); @@ -209,9 +217,11 @@ HashApiFinal ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1Final (HashContext, Digest); break; +#endif =20 case HASH_ALG_SHA256: return Sha256Final (HashContext, Digest); @@ -255,9 +265,11 @@ HashApiHashAll ( ) { switch (PcdGet32 (PcdHashApiLibPolicy)) { +#if (FixedPcdGetBool (PcdSHA1Enable)) case HASH_ALG_SHA1: return Sha1HashAll (DataToHash, DataToHashLen, Digest); break; +#endif =20 case HASH_ALG_SHA256: return Sha256HashAll (DataToHash, DataToHashLen, Digest); diff --git a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf b/CryptoPk= g/Library/BaseHashApiLib/BaseHashApiLib.inf index b4d8675ddd..29f7d7abfd 100644 --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf @@ -42,3 +42,4 @@ =20 [Pcd] gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy ## CONSUMES + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable ## CONSUMES diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 527318dc23..3f8c5751a7 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -179,6 +179,7 @@ BOOLEAN ); #endif =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 @@ -315,7 +316,7 @@ BOOLEAN IN OUT VOID *HmacSha1Context, OUT UINT8 *HmacValue ); - +#endif =20 /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. @@ -1537,6 +1538,7 @@ BOOLEAN // SHA //---------------------------------------- =20 +#if (FixedPcdGetBool (PcdSHA1Enable)) /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -1676,6 +1678,7 @@ BOOLEAN IN UINTN DataSize, OUT UINT8 *HashValue ); +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations. @@ -3453,6 +3456,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update; EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final; #endif +#if (FixedPcdGetBool (PcdSHA1Enable)) /// HMAC SHA1 EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; @@ -3460,6 +3464,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_SHA1_DUPLICATE HmacSha1Duplicate; EDKII_CRYPTO_HMAC_SHA1_UPDATE HmacSha1Update; EDKII_CRYPTO_HMAC_SHA1_FINAL HmacSha1Final; +#endif /// HMAC SHA256 EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New; EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free; @@ -3510,6 +3515,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_RSA_PKCS1_VERIFY RsaPkcs1Verify; EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM RsaGetPrivateKeyFromPem; EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509 RsaGetPublicKeyFromX509; +#if (FixedPcdGetBool (PcdSHA1Enable)) /// Sha1 EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE Sha1GetContextSize; EDKII_CRYPTO_SHA1_INIT Sha1Init; @@ -3517,6 +3523,7 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_SHA1_UPDATE Sha1Update; EDKII_CRYPTO_SHA1_FINAL Sha1Final; EDKII_CRYPTO_SHA1_HASH_ALL Sha1HashAll; +#endif /// Sha256 EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE Sha256GetContextSize; EDKII_CRYPTO_SHA256_INIT Sha256Init; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56448): https://edk2.groups.io/g/devel/message/56448 Mute This Topic: https://groups.io/mt/72579470/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-