From nobody Sat Feb 7 02:56:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+57922+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57922+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1587631606; cv=none; d=zohomail.com; s=zohoarc; b=i/eOWNbTnbHY64g9TVUT6FAd/t5+g+w/w6AqmbfGv/CJy8bS9nUpYxCcMwHrrHT3UpaZEGzEHX8TT8OMmQMctixVC6cEyX9+5tBODGy/lFTrxTrSkTv6JuzBub3Y4+wF8XWt9OwHaf5bd/lRw/8O+pheR8Rq7uW+/jdPkK/J1sQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587631606; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=pwhJRHa4Zuh1ipT07PiqdmkwmVYfA4P1g+tcQs3zVj4=; b=WCGQfJjv3EJ/oC2gvjNNfsP687I7VapPefwdfwlkuzL2/S/85B4cAdrTrhIHMQcqbJJti2I1DhIxqFFsPZwcuTirT9TcstMVnnfb6g2UrrfHWzQ8sj/gcMNNVPbtC35wMPcDygNOk2ji3vjrkkGFvpD5EzFVaFcCsfWgsnb0xNY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57922+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1587631606192508.2447915508318; Thu, 23 Apr 2020 01:46:46 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id lEjkYY1788612xUqQWJMjGdR; Thu, 23 Apr 2020 01:46:45 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web12.2640.1587631604102464506 for ; Thu, 23 Apr 2020 01:46:45 -0700 IronPort-SDR: ZmLJurw+gpEGWL4oqUZ0gw1AqSF4eTc7eefX+HJoutVzpJ8YVSVuKkMZHm3xppYnfHvY3Ahbgm wFAHhSNeqgOQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2020 01:46:45 -0700 IronPort-SDR: 1Rq0SKjRXYpvuOcfFMkZnaB+PfqssNgr5R/Z5mPSm9RtQ0GNw9UCAIeYWaIj3gfPxY7BbXT6fW gAXHnhUcyZ7w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,306,1583222400"; d="scan'208";a="274165453" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga002.jf.intel.com with ESMTP; 23 Apr 2020 01:46:42 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH V2 1/7] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Date: Thu, 23 Apr 2020 16:46:21 +0800 Message-Id: <20200423084627.3384-2-zhichao.gao@intel.com> In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com> References: <20200423084627.3384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: VmvpVDXGOtRccSx6kHQGnhfwx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1587631605; bh=HK6NHMbgGbcG0MhygZRNjVRIU1PtEXYbVlM7ahWG8RA=; h=Cc:Date:From:Reply-To:Subject:To; b=YTZAdl6pv2nqpevJp3Ee2s+ahBLLfOJK6yApjqlR0PyUZWRc8V7rVoLpX4sg5mGK1QZ ZvFzWrh96IHApiVDySkwGozW9gfmO6vZFwO6WFmFt7O2bjGIgHWFLj95EhPaq5tgIj+aQ wq0IFYsJHx6D1g56Ppi7e0lulUaW73BN7Pc= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 MD4 is not secure any longer. Remove the MD4 support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 1 - CryptoPkg/Driver/Crypto.c | 12 +- CryptoPkg/Include/Library/BaseCryptLib.h | 145 ------------ .../Library/BaseCryptLib/BaseCryptLib.inf | 3 +- .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------------------ .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 5 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 5 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----------- .../Library/Include/openssl/opensslconf.h | 3 + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 - .../Library/OpensslLib/OpensslLibCrypto.inf | 3 - 14 files changed, 16 insertions(+), 679 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index f79ff331cf..6ed7046563 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -140,7 +140,6 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 35bf2d3d92..e191cf16e4 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -120,7 +120,7 @@ CryptoServiceMd4GetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, Md4GetContextSize= , (), 0); + return BaseCryptLibServciceNotEnabled ("Md4GetContextSize"), 0; } =20 /** @@ -143,7 +143,7 @@ CryptoServiceMd4Init ( OUT VOID *Md4Context ) { - return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), FALS= E); + return BaseCryptLibServciceNotEnabled ("Md4Init"), FALSE; } =20 /** @@ -168,7 +168,7 @@ CryptoServiceMd4Duplicate ( OUT VOID *NewMd4Context ) { - return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, (Md4Cont= ext, NewMd4Context), FALSE); + return BaseCryptLibServciceNotEnabled ("Md4Duplicate"), FALSE; } =20 /** @@ -199,7 +199,7 @@ CryptoServiceMd4Update ( IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, (Md4Context, D= ata, DataSize), FALSE); + return BaseCryptLibServciceNotEnabled ("Md4Update"), FALSE; } =20 /** @@ -231,7 +231,7 @@ CryptoServiceMd4Final ( OUT UINT8 *HashValue ) { - return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, Has= hValue), FALSE); + return BaseCryptLibServciceNotEnabled ("Md4Final"), FALSE; } =20 /** @@ -260,7 +260,7 @@ CryptoServiceMd4HashAll ( OUT UINT8 *HashValue ) { - return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, DataS= ize, HashValue), FALSE); + return BaseCryptLibServciceNotEnabled ("Md4HashAll"), FALSE; } =20 /** diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 5e8f2e0a10..c862f0334f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include =20 -/// -/// MD4 digest size in bytes -/// -#define MD4_DIGEST_SIZE 16 - /// /// MD5 digest size in bytes /// @@ -77,146 +72,6 @@ typedef enum { // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ); - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ); - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ); - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ); - /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index a63ad66b4f..22992e7d43 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -6,7 +6,7 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All righ= ts reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -29,7 +29,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Lib= rary/BaseCryptLib/Hash/CryptMd4.c deleted file mode 100644 index bc02da07b0..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c +++ /dev/null @@ -1,223 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - // - // Retrieves the OpenSSL MD4 Context Size - // - return (UINTN) (sizeof (MD4_CTX)); -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Context Initialization - // - return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context)); -} - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL || NewMd4Context =3D=3D NULL) { - return FALSE; - } - - CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX)); - - return TRUE; -} - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Update - // - return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize)); -} - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL || HashValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Finalization - // - return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context)); -} - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (HashValue =3D=3D NULL) { - return FALSE; - } - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Computation. - // - if (MD4 (Data, DataSize, HashValue) =3D=3D NULL) { - return FALSE; - } else { - return TRUE; - } -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c b/CryptoPkg= /Library/BaseCryptLib/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabiliti= es. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index c836c257f8..e9add0127d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -6,14 +6,14 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, +# Note: # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not # supported in this instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -35,7 +35,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index e5b8ececc1..0a2eb03232 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All righ= ts reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -35,7 +35,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc0b65fd25..139983075e 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA exter= nal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -34,7 +34,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 9b4991cbb0..b03681b146 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -29,7 +29,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5Null.c Hash/CryptSha1Null.c Hash/CryptSha256Null.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c b/Crypt= oPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabiliti= es. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index bd34e53ef2..95a1943ee2 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -241,6 +241,9 @@ extern "C" { #ifndef OPENSSL_NO_AFALGENG # define OPENSSL_NO_AFALGENG #endif +#ifndef OPENSSL_NO_MD4 +# define OPENSSL_NO_MD4 +#endif =20 =20 /* diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 9ed0175553..10710e4a7c 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -294,8 +294,6 @@ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c - $(OPENSSL_PATH)/crypto/md4/md4_one.c $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c @@ -525,7 +523,6 @@ $(OPENSSL_PATH)/crypto/evp/evp_locl.h $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h $(OPENSSL_PATH)/crypto/md5/md5_locl.h $(OPENSSL_PATH)/crypto/modes/modes_lcl.h $(OPENSSL_PATH)/crypto/objects/obj_dat.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 03da266627..d9782a3098 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -294,8 +294,6 @@ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c - $(OPENSSL_PATH)/crypto/md4/md4_one.c $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c @@ -525,7 +523,6 @@ $(OPENSSL_PATH)/crypto/evp/evp_locl.h $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h $(OPENSSL_PATH)/crypto/md5/md5_locl.h $(OPENSSL_PATH)/crypto/modes/modes_lcl.h $(OPENSSL_PATH)/crypto/objects/obj_dat.h --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57922): https://edk2.groups.io/g/devel/message/57922 Mute This Topic: https://groups.io/mt/73214644/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Feb 7 02:56:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+57923+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57923+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1587631608; cv=none; d=zohomail.com; s=zohoarc; b=jZi+qojsrzsRKbR5grzxs6PcsJT9QU7XaDT5VI7DJYVs7oY5T/B0b2Uw6QgLv8yTIZRUEryucYog8E9hJCxc5dVNM0X64yq4ZBe+U5A9TguTUwZmb2aCEZ/smgj7CsJQPgJR6WGoI6ujRTJN31rfSQZEb9oFExqkjzGLk3MPuOM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587631608; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=kTHGQre1UZdJchj6vUP4Ohw5TefACrX2hjZIFqeiaw4=; b=oAh6Xg0h+yu3gRk/pt35Wah9mq8QtcDGrtKtfYsvk7wQq6uModghCkeTXVdOFPlqdZRCtXvwTEDW6mZUeAmHk2Crtd6X9IhOqlw7ApNoT4+CE8+BK4nhE4znFrYyeo9veYQLOUDo61bHuQRn7fLW22tghZYbd1v/jRZPnUoboEQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57923+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1587631608778279.9070733396635; Thu, 23 Apr 2020 01:46:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id vfFSYY1788612xVzYs6zUjtp; Thu, 23 Apr 2020 01:46:48 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web12.2640.1587631604102464506 for ; Thu, 23 Apr 2020 01:46:48 -0700 IronPort-SDR: XCL31SLbT56Hh1xORoGnh3gISU1zjFooY6l70ipQGr6QrfYShbw69RRqIijk5aG9b4kVrBBy5N rG4gq/wqu5tw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2020 01:46:47 -0700 IronPort-SDR: p/DFHsNKP9ADTR9bdSWjk1jsXjd1FOnOu/Q0kwvi7eJUMNuUjj5IuexSEqDi4O+jmPXmKYBdNj mLN8F4UBlhbg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,306,1583222400"; d="scan'208";a="274165458" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga002.jf.intel.com with ESMTP; 23 Apr 2020 01:46:45 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH V2 2/7] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Date: Thu, 23 Apr 2020 16:46:22 +0800 Message-Id: <20200423084627.3384-3-zhichao.gao@intel.com> In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com> References: <20200423084627.3384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: uavIAn0a3djT9sID2XGXt009x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1587631608; bh=+AtLlu0h+c8cEops/kyE0yMHOkbiizNjEARdzeYyDt8=; h=Cc:Date:From:Reply-To:Subject:To; b=AlxcIihUW775AQ18yDraIRxmPgy2qKDl+78KGHQqpmDncTu4JhhVy4Pw2wkyhwwOAuM Ci0sTRP5WKTH6lWML2a74sypirJpwD4QFH/nAHFOs5w+Gi4OFGlJsk16rp35usX80BD9A xNXGoi/pshjg3A1jinB/6hiB5BaIFihDuSM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 ARC4 is not secure any longer. Remove the ARC4 support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 10 +- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------------------ .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----------- .../Library/Include/openssl/opensslconf.h | 3 + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 - .../Library/OpensslLib/OpensslLibCrypto.inf | 3 - 12 files changed, 11 insertions(+), 472 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null= .c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index e191cf16e4..068efd1dbb 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -2071,7 +2071,7 @@ CryptoServiceArc4GetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize, Arc4GetContextSi= ze, (), 0); + return BaseCryptLibServciceNotEnabled ("Arc4GetContextSize"), 0; } =20 /** @@ -2103,7 +2103,7 @@ CryptoServiceArc4Init ( IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, Ke= y, KeySize), FALSE); + return BaseCryptLibServciceNotEnabled ("Arc4Init"), FALSE; } =20 /** @@ -2138,7 +2138,7 @@ CryptoServiceArc4Encrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Conte= xt, Input, InputSize, Output), FALSE); + return BaseCryptLibServciceNotEnabled ("Arc4Encrypt"), FALSE; } =20 /** @@ -2173,7 +2173,7 @@ CryptoServiceArc4Decrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Conte= xt, Input, InputSize, Output), FALSE); + return BaseCryptLibServciceNotEnabled ("Arc4Decrypt"), FALSE; } =20 /** @@ -2200,7 +2200,7 @@ CryptoServiceArc4Reset ( IN OUT VOID *Arc4Context ) { - return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context),= FALSE); + return BaseCryptLibServciceNotEnabled ("Arc4Reset"), FALSE; } =20 //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 22992e7d43..da38ea552f 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -40,7 +40,6 @@ Kdf/CryptHkdf.c Cipher/CryptAes.c Cipher/CryptTdes.c - Cipher/CryptArc4.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/= Library/BaseCryptLib/Cipher/CryptArc4.c deleted file mode 100644 index 388d312bed..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c +++ /dev/null @@ -1,205 +0,0 @@ -/** @file - ARC4 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - // - // Memory for 2 copies of RC4_KEY is allocated, one for working copy, an= d the other - // for backup copy. When Arc4Reset() is called, we can use the backup co= py to restore - // the working copy to the initial state. - // - return (UINTN) (2 * sizeof (RC4_KEY)); -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Key =3D=3D NULL || (KeySize < 5 || KeySiz= e > 256)) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4_set_key (Rc4Key, (UINT32) KeySize, Key); - - CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY)); - - return TRUE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL |= | InputSize > INT_MAX) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); - - return TRUE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL |= | InputSize > INT_MAX) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); - - return TRUE; -} - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY)); - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c b/Crypto= Pkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c deleted file mode 100644 index 1f09bfa30e..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c +++ /dev/null @@ -1,124 +0,0 @@ -/** @file - ARC4 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Resets the ARC4 context to the initial state. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index e9add0127d..f43953b78c 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -46,7 +46,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 0a2eb03232..f1eb099b67 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -46,7 +46,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 139983075e..3a94655775 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA exter= nal +# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -45,7 +45,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAes.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index b03681b146..a205c9005d 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -40,7 +40,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c b/Cr= yptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c deleted file mode 100644 index 1f09bfa30e..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c +++ /dev/null @@ -1,124 +0,0 @@ -/** @file - ARC4 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Resets the ARC4 context to the initial state. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index 95a1943ee2..005691ff46 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -244,6 +244,9 @@ extern "C" { #ifndef OPENSSL_NO_MD4 # define OPENSSL_NO_MD4 #endif +#ifndef OPENSSL_NO_RC4 +# define OPENSSL_NO_RC4 +#endif =20 =20 /* diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 10710e4a7c..dfaefd1c08 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -374,8 +374,6 @@ $(OPENSSL_PATH)/crypto/rand/rand_unix.c $(OPENSSL_PATH)/crypto/rand/rand_vms.c $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c @@ -531,7 +529,6 @@ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h $(OPENSSL_PATH)/crypto/rand/rand_lcl.h - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h $(OPENSSL_PATH)/crypto/sha/sha_locl.h $(OPENSSL_PATH)/crypto/siphash/siphash_local.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index d9782a3098..080e1d9305 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -374,8 +374,6 @@ $(OPENSSL_PATH)/crypto/rand/rand_unix.c $(OPENSSL_PATH)/crypto/rand/rand_vms.c $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c @@ -531,7 +529,6 @@ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h $(OPENSSL_PATH)/crypto/rand/rand_lcl.h - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h $(OPENSSL_PATH)/crypto/sha/sha_locl.h $(OPENSSL_PATH)/crypto/siphash/siphash_local.h --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57923): https://edk2.groups.io/g/devel/message/57923 Mute This Topic: https://groups.io/mt/73214645/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Feb 7 02:56:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+57924+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57924+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1587631611; cv=none; d=zohomail.com; s=zohoarc; b=FZOjwioDj8WVvGrgUdW523uWTqoVxqQq6wb2oGngi3oXI6glkazVHlFrzuuJbMaRLg5UGsdenyejlYu1ZnDtdr4ZZNTnvrB3nPTBdUfOJFxKecxWfniv2ydGquP5PFzhv/PGhFESG0jVbD793B8BEKXqD5UL6d2ksfp3wWmnS4M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587631611; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=JF1RZ1HRgG8YSKSFLGvg7UhX7la+THqWPyFDk32MeF4=; b=PPLil5w40IZ6TEifjV6z+ZFLwbvq4ESfuEXmNGyyLjDaIIV4j33cY0UjIi9uDOc0bBzCGr4H1jmwFuZ4vGLZx7fstcfZCbelSe2vEn/pxuaeBiRBzGwn4qJ4qapENwsNwsoAHfOKLL23wDnCyecoxyprF/2w141ReFRW/Ww7MgQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57924+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1587631611236620.2904717953271; Thu, 23 Apr 2020 01:46:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id PBHiYY1788612xk2hCaiioWR; Thu, 23 Apr 2020 01:46:50 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web12.2640.1587631604102464506 for ; Thu, 23 Apr 2020 01:46:50 -0700 IronPort-SDR: nxdUEn3TKs80cqqgcPxKlPmYB01NPNZw9mC+gG2rJpAE0W+khVfnQDTByx48I/itqabDk6W3HV SfjiBwGPRN9Q== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2020 01:46:50 -0700 IronPort-SDR: eqrXy68/fWy7MQFbszPjCvh/SCyBQhMRFNXRKzZtYEa0a09N8jYNFCcyYW6OygSRs9DrvTxPPs ZdSaG6JDRKAg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,306,1583222400"; d="scan'208";a="274165468" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga002.jf.intel.com with ESMTP; 23 Apr 2020 01:46:47 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH V2 3/7] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Date: Thu, 23 Apr 2020 16:46:23 +0800 Message-Id: <20200423084627.3384-4-zhichao.gao@intel.com> In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com> References: <20200423084627.3384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: jvFPtIzju4wPnVcBq4wSXrN7x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1587631610; bh=tIBN6d/PrQ+U+uvKan6lH8sYmc6ANPW7s1np8e++rnw=; h=Cc:Date:From:Reply-To:Subject:To; b=RnoIjwAgP97kek8AGT4n14AOcmGTO2L2pkynCsWpwUW43uIPo4KRO5EmyBUmQ2RFupM ElcIz2CUyrglFaP0e5r1wHTFyhdUWbfw/z7Y4/B1BuBIHmPuUaRdj0SnDykXz9TWrYLrH yf/LO3Sgx+NxhRHLbEUXYpYyG5008M8mqOo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Tdes is not secure any longer. Remove the Tdes support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 12 +- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------ .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -------- .../Library/Include/openssl/opensslconf.h | 3 + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 21 - .../Library/OpensslLib/OpensslLibCrypto.inf | 21 - 13 files changed, 14 insertions(+), 745 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull= .c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 068efd1dbb..14f3dd7de0 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1646,7 +1646,7 @@ CryptoServiceTdesGetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSi= ze, (), 0); + return BaseCryptLibServciceNotEnabled ("TdesGetContextSize"), 0; } =20 /** @@ -1682,7 +1682,7 @@ CryptoServiceTdesInit ( IN UINTN KeyLength ) { - return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Ke= y, KeyLength), FALSE); + return BaseCryptLibServciceNotEnabled ("TdesInit"), FALSE; } =20 /** @@ -1720,7 +1720,7 @@ CryptoServiceTdesEcbEncrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (Tde= sContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServciceNotEnabled ("TdesEcbEncrypt"), FALSE; } =20 /** @@ -1758,7 +1758,7 @@ CryptoServiceTdesEcbDecrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (Tde= sContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServciceNotEnabled ("TdesEcbDecrypt"), FALSE; } =20 /** @@ -1800,7 +1800,7 @@ CryptoServiceTdesCbcEncrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServciceNotEnabled ("TdesCbcEncrypt"), FALSE; } =20 /** @@ -1842,7 +1842,7 @@ CryptoServiceTdesCbcDecrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServciceNotEnabled ("TdesCbcDecrypt"), FALSE; } =20 /** diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index da38ea552f..2de8e9c346 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c - Cipher/CryptTdes.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/= Library/BaseCryptLib/Cipher/CryptTdes.c deleted file mode 100644 index fd799f3398..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c +++ /dev/null @@ -1,364 +0,0 @@ -/** @file - TDES Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - // - // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and = K3 each. - // - return (UINTN) (3 * sizeof (DES_key_schedule)); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Key =3D=3D NULL || (KeyLength !=3D 64 && = KeyLength !=3D 128 && KeyLength !=3D 192)) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - // - // If input Key is a weak key, return error. - // - if (DES_is_weak_key ((const_DES_cblock *) Key) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule); - - if (KeyLength =3D=3D 64) { - CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule)); - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1); - - if (KeyLength =3D=3D 128) { - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2); - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_ENCRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_DECRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_ENCRYPT - ); - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_DECRYPT - ); - - return TRUE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/Crypto= Pkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f43953b78c..f631f8d879 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Libr= ary/BaseCryptLib/Pem/CryptPem.c index 75a133bd0c..6f7e1971f8 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c @@ -1,7 +1,7 @@ /** @file PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over O= penSSL. =20 -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem ( =20 // // Add possible block-cipher descriptor for PEM data decryption. - // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted= PEM. + // NOTE: Only support most popular ciphers AES for the encrypted PEM. // - if (EVP_add_cipher (EVP_des_ede3_cbc ()) =3D=3D 0) { - return FALSE; - } if (EVP_add_cipher (EVP_aes_128_cbc ()) =3D=3D 0) { return FALSE; } diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index f1eb099b67..672e19299c 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 3a94655775..cc3556ae3f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external +# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -44,7 +44,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index a205c9005d..04b552f8b7 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c b/Cr= yptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index 005691ff46..15db916d88 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -247,6 +247,9 @@ extern "C" { #ifndef OPENSSL_NO_RC4 # define OPENSSL_NO_RC4 #endif +#ifndef OPENSSL_NO_DES +# define OPENSSL_NO_DES +#endif =20 =20 /* diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index dfaefd1c08..d66f1cb03f 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -178,25 +178,6 @@ $(OPENSSL_PATH)/crypto/cryptlib.c $(OPENSSL_PATH)/crypto/ctype.c $(OPENSSL_PATH)/crypto/cversion.c - $(OPENSSL_PATH)/crypto/des/cbc_cksm.c - $(OPENSSL_PATH)/crypto/des/cbc_enc.c - $(OPENSSL_PATH)/crypto/des/cfb64ede.c - $(OPENSSL_PATH)/crypto/des/cfb64enc.c - $(OPENSSL_PATH)/crypto/des/cfb_enc.c - $(OPENSSL_PATH)/crypto/des/des_enc.c - $(OPENSSL_PATH)/crypto/des/ecb3_enc.c - $(OPENSSL_PATH)/crypto/des/ecb_enc.c - $(OPENSSL_PATH)/crypto/des/fcrypt.c - $(OPENSSL_PATH)/crypto/des/fcrypt_b.c - $(OPENSSL_PATH)/crypto/des/ofb64ede.c - $(OPENSSL_PATH)/crypto/des/ofb64enc.c - $(OPENSSL_PATH)/crypto/des/ofb_enc.c - $(OPENSSL_PATH)/crypto/des/pcbc_enc.c - $(OPENSSL_PATH)/crypto/des/qud_cksm.c - $(OPENSSL_PATH)/crypto/des/rand_key.c - $(OPENSSL_PATH)/crypto/des/set_key.c - $(OPENSSL_PATH)/crypto/des/str2key.c - $(OPENSSL_PATH)/crypto/des/xcbc_enc.c $(OPENSSL_PATH)/crypto/dh/dh_ameth.c $(OPENSSL_PATH)/crypto/dh/dh_asn1.c $(OPENSSL_PATH)/crypto/dh/dh_check.c @@ -514,8 +495,6 @@ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h $(OPENSSL_PATH)/crypto/conf/conf_def.h $(OPENSSL_PATH)/crypto/conf/conf_lcl.h - $(OPENSSL_PATH)/crypto/des/des_locl.h - $(OPENSSL_PATH)/crypto/des/spr.h $(OPENSSL_PATH)/crypto/dh/dh_locl.h $(OPENSSL_PATH)/crypto/dso/dso_locl.h $(OPENSSL_PATH)/crypto/evp/evp_locl.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 080e1d9305..5788d13cf7 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -178,25 +178,6 @@ $(OPENSSL_PATH)/crypto/cryptlib.c $(OPENSSL_PATH)/crypto/ctype.c $(OPENSSL_PATH)/crypto/cversion.c - $(OPENSSL_PATH)/crypto/des/cbc_cksm.c - $(OPENSSL_PATH)/crypto/des/cbc_enc.c - $(OPENSSL_PATH)/crypto/des/cfb64ede.c - $(OPENSSL_PATH)/crypto/des/cfb64enc.c - $(OPENSSL_PATH)/crypto/des/cfb_enc.c - $(OPENSSL_PATH)/crypto/des/des_enc.c - $(OPENSSL_PATH)/crypto/des/ecb3_enc.c - $(OPENSSL_PATH)/crypto/des/ecb_enc.c - $(OPENSSL_PATH)/crypto/des/fcrypt.c - $(OPENSSL_PATH)/crypto/des/fcrypt_b.c - $(OPENSSL_PATH)/crypto/des/ofb64ede.c - $(OPENSSL_PATH)/crypto/des/ofb64enc.c - $(OPENSSL_PATH)/crypto/des/ofb_enc.c - $(OPENSSL_PATH)/crypto/des/pcbc_enc.c - $(OPENSSL_PATH)/crypto/des/qud_cksm.c - $(OPENSSL_PATH)/crypto/des/rand_key.c - $(OPENSSL_PATH)/crypto/des/set_key.c - $(OPENSSL_PATH)/crypto/des/str2key.c - $(OPENSSL_PATH)/crypto/des/xcbc_enc.c $(OPENSSL_PATH)/crypto/dh/dh_ameth.c $(OPENSSL_PATH)/crypto/dh/dh_asn1.c $(OPENSSL_PATH)/crypto/dh/dh_check.c @@ -514,8 +495,6 @@ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h $(OPENSSL_PATH)/crypto/conf/conf_def.h $(OPENSSL_PATH)/crypto/conf/conf_lcl.h - $(OPENSSL_PATH)/crypto/des/des_locl.h - $(OPENSSL_PATH)/crypto/des/spr.h $(OPENSSL_PATH)/crypto/dh/dh_locl.h $(OPENSSL_PATH)/crypto/dso/dso_locl.h $(OPENSSL_PATH)/crypto/evp/evp_locl.h --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57924): https://edk2.groups.io/g/devel/message/57924 Mute This Topic: https://groups.io/mt/73214647/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Feb 7 02:56:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+57925+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57925+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1587631613; cv=none; d=zohomail.com; s=zohoarc; b=GksQ6R82opx2gVB1vc+b2hK9auSEE60kqmChy1tsoKii3IUtLckynghdS+2RWbTjiE5ip4vjTN2rbS1od8EidEiTUxblinqcBsbsWIepw0eshyy1lTCwgxwUq70+Fdesx+Eono64e984Zi3tz/TYtZrs77NPE18pyfzM1GJoB5k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587631613; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=jHMov9IWbaAAUWsbgHQ4zellW6NbxXfEv7ivoi784v4=; b=P6Ivw8L4/8gc7lb4Dd+arNYcvp6ECJE4wpK1u5R5ZjRdGOD05Sg1dkj/aHFga7ldn/gSPXXM9JQOhcNUhhHukuK/39SZoaa/yzRbYYmkd1XPPaNhNVdSogP/U9MbYlkJANfbPRy1I0rWB1mFVGodTEdSY/E/L7xoX12Fp63Q4jc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57925+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1587631613649189.4699332675666; Thu, 23 Apr 2020 01:46:53 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 62VgYY1788612xQemPmy8nZt; Thu, 23 Apr 2020 01:46:53 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web12.2640.1587631604102464506 for ; Thu, 23 Apr 2020 01:46:52 -0700 IronPort-SDR: WmyeKrh+NWnE4ieE79wdQn6HI9Svh7hJjfzUu4iBnyvb+CDiMYbhKg6WW0dYkn1tIHIdPNpucr 2whzbSOvJEnA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2020 01:46:52 -0700 IronPort-SDR: 7cacx2LELypaVeilEMmlv+gBb+pCG6yxg0mjgdUWNwInECpMQm/+V2ekyQcsRiw/3gDXhpeKNL YjP9zbRc/y1Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,306,1583222400"; d="scan'208";a="274165484" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga002.jf.intel.com with ESMTP; 23 Apr 2020 01:46:50 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH V2 4/7] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Date: Thu, 23 Apr 2020 16:46:24 +0800 Message-Id: <20200423084627.3384-5-zhichao.gao@intel.com> In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com> References: <20200423084627.3384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: 4sspywYx0gFyD2qsSEjTVa38x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1587631613; bh=JlT+ov0ByyeCSaPtVGJDHpOz0UBJwSCVtiaA0Qz3Txs=; h=Cc:Date:From:Reply-To:Subject:To; b=eL60P0W07/RAGz99RFA4ZDTDfRIYW+QavW/j6Laz0+3kUxAmL4oK/AyTeV4waH1Nbov 1wyMSOQcizM2HDMbIlzaIledjoFmDzF5e0FhFeQvgdhPBDzV5pbuzJ9ruOPNlZtJOdXLI sUmpg8xcYJjEujbeUgw7xAS4wyv4PgtYLgw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Aes Ecb mode is not secure any longer. Remove the Aes Ecb mode support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 45 +++---- CryptoPkg/Driver/Crypto.c | 4 +- CryptoPkg/Include/Library/BaseCryptLib.h | 70 ----------- .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ------------------ .../BaseCryptLib/Cipher/CryptAesNull.c | 52 -------- .../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 -------- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 - .../Library/OpensslLib/OpensslLibCrypto.inf | 1 - 8 files changed, 26 insertions(+), 313 deletions(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 6ed7046563..1f68cc633b 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,27 +137,30 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Ge= tContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.In= it | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 14f3dd7de0..f86fc75650 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1931,7 +1931,7 @@ CryptoServiceAesEcbEncrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt, (AesCo= ntext, Input, InputSize, Output), FALSE); + return BaseCryptLibServciceNotEnabled ("AesEcbEncrypt"), FALSE; } =20 /** @@ -1969,7 +1969,7 @@ CryptoServiceAesEcbDecrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt, (AesCo= ntext, Input, InputSize, Output), FALSE); + return BaseCryptLibServciceNotEnabled ("AesEcbDecrypt"), FALSE; } =20 /** diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index c862f0334f..98363f740e 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1326,76 +1326,6 @@ TdesInit ( IN UINTN KeyLength ); =20 -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - /** Performs TDES encryption on a data buffer of the specified size in CBC m= ode. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/L= ibrary/BaseCryptLib/Cipher/CryptAes.c index 2515b34bb8..914cffb211 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c @@ -78,120 +78,6 @@ AesInit ( return TRUE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - AES_KEY *AesKey; - - // - // Check input parameters. - // - if (AesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % AES_BLOC= K_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - AesKey =3D (AES_KEY *) AesContext; - - // - // Perform AES data encryption with ECB mode (block-by-block) - // - while (InputSize > 0) { - AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT); - Input +=3D AES_BLOCK_SIZE; - Output +=3D AES_BLOCK_SIZE; - InputSize -=3D AES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - AES_KEY *AesKey; - - // - // Check input parameters. - // - if (AesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % AES_BLOC= K_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - AesKey =3D (AES_KEY *) AesContext; - - // - // Perform AES data decryption with ECB mode (block-by-block) - // - while (InputSize > 0) { - AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT); - Input +=3D AES_BLOCK_SIZE; - Output +=3D AES_BLOCK_SIZE; - InputSize -=3D AES_BLOCK_SIZE; - } - - return TRUE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoP= kg/Library/BaseCryptLib/Cipher/CryptAesNull.c index a82adacf4f..d235422e7a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c @@ -50,58 +50,6 @@ AesInit ( return FALSE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c b/Cry= ptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c index a82adacf4f..d235422e7a 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c @@ -50,58 +50,6 @@ AesInit ( return FALSE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index d66f1cb03f..c8ec9454bd 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -29,7 +29,6 @@ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c $(OPENSSL_PATH)/crypto/aes/aes_cfb.c $(OPENSSL_PATH)/crypto/aes/aes_core.c - $(OPENSSL_PATH)/crypto/aes/aes_ecb.c $(OPENSSL_PATH)/crypto/aes/aes_ige.c $(OPENSSL_PATH)/crypto/aes/aes_misc.c $(OPENSSL_PATH)/crypto/aes/aes_ofb.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 5788d13cf7..2f232e3e12 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -29,7 +29,6 @@ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c $(OPENSSL_PATH)/crypto/aes/aes_cfb.c $(OPENSSL_PATH)/crypto/aes/aes_core.c - $(OPENSSL_PATH)/crypto/aes/aes_ecb.c $(OPENSSL_PATH)/crypto/aes/aes_ige.c $(OPENSSL_PATH)/crypto/aes/aes_misc.c $(OPENSSL_PATH)/crypto/aes/aes_ofb.c --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57925): https://edk2.groups.io/g/devel/message/57925 Mute This Topic: https://groups.io/mt/73214648/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Feb 7 02:56:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+57926+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57926+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1587631616; cv=none; d=zohomail.com; s=zohoarc; b=EfP74Y4xJpEZZNUrX20iTEgB3SE2BJPI5E6/HQXjD5p1yQSFGChZTJT6F8PMG3nVVgtbkLbLUXzgQ6silDNaQg4s7uByzZdaJnm9Ms1dywmHpc7+D4TQRGJR4G+uUWkWZdJkRby7p1Ly00LFtI4wdl6nLfbQ1s123CmHHQv1m7o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587631616; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=8DR5vu30uqehJn619Cp/7GSwEC/KvFBgMDeFcp0bB9o=; b=LQXZSUDgo2N3Q0J8ShXIf+raYtzdx0JY1xEYk+zAc57Fdn6Yl7a/a5nK5LeGdZ/JRb5yOPfe2NRTfzs9ruSNRhrw9Zl778adUMMF9LoqFTBWmEfhRqtbA9Jsgs6qwmSdAiIb61TW30mm72veYUKcSLKnHlW3UHeuojSJ006Qsfc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57926+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1587631616591335.4797901063108; Thu, 23 Apr 2020 01:46:56 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 0ibIYY1788612xjdWSdMfLd4; Thu, 23 Apr 2020 01:46:56 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web12.2640.1587631604102464506 for ; Thu, 23 Apr 2020 01:46:55 -0700 IronPort-SDR: hM6FjQexU8apvk2ytVB7tPEdLG5mFNaUn5q9ZiBKP/ewmnqyxQzkQqCJ8D0mIyjt2LGlxSxBKW bZRSrcGUkhHA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2020 01:46:55 -0700 IronPort-SDR: IyV0FGlzXrkPY4yiBh4tQwnwZkwVH+nNTfg5GZRXb4ZTFqCLC3juxCU0jNkQDUXwfDylRVJKIO YSNQf0IRRW3Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,306,1583222400"; d="scan'208";a="274165505" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga002.jf.intel.com with ESMTP; 23 Apr 2020 01:46:52 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH V2 5/7] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Date: Thu, 23 Apr 2020 16:46:25 +0800 Message-Id: <20200423084627.3384-6-zhichao.gao@intel.com> In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com> References: <20200423084627.3384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: 9xmqB6IVxGh0QI1YpK0B3FQnx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1587631616; bh=Yu7UWLxh7HxBAmHVOjucixULjY7U1Ir9GhodY0FbXps=; h=Cc:Date:From:Reply-To:Subject:To; b=Zfnf6ngESoBDSMEZTGZ0F7P2ZDazYXf2zHJQWXyYw8oej4Q6qG69extOF9R5b0mJ9Yh t2LBMb5ZmqklY2pxfwxeyPdNSmWITBpqwu3fEHHXwFL7fW9ZosXvingNrCqgNjshxniyx m48dckhgZRImIzdQAKcqus8JBK/uG1Xfmmg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 HMAC MD5 is not secure any longer. Remove the HMAC MD5 support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 1 - CryptoPkg/Driver/Crypto.c | 12 +- CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------ .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 ----------- 11 files changed, 9 insertions(+), 642 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Nul= l.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 1f68cc633b..9ddf73f9fa 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,7 +137,6 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index f86fc75650..8844c7a505 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1195,7 +1195,7 @@ CryptoServiceHmacMd5New ( VOID ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), NULL); + return BaseCryptLibServciceNotEnabled ("HmacMd5New"), NULL; } =20 /** @@ -1212,7 +1212,7 @@ CryptoServiceHmacMd5Free ( IN VOID *HmacMd5Ctx ) { - CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, (HmacMd5Ctx)= ); + BaseCryptLibServciceNotEnabled ("HmacMd5Free"); } =20 /** @@ -1239,7 +1239,7 @@ CryptoServiceHmacMd5SetKey ( IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, (HmacM= d5Context, Key, KeySize), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacMd5SetKey"), FALSE; } =20 /** @@ -1264,7 +1264,7 @@ CryptoServiceHmacMd5Duplicate ( OUT VOID *NewHmacMd5Context ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, HmacMd5Duplicate, = (HmacMd5Context, NewHmacMd5Context), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacMd5Duplicate"), FALSE; } =20 /** @@ -1295,7 +1295,7 @@ CryptoServiceHmacMd5Update ( IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, (HmacM= d5Context, Data, DataSize), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacMd5Update"), FALSE; } =20 /** @@ -1327,7 +1327,7 @@ CryptoServiceHmacMd5Final ( OUT UINT8 *HmacValue ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, (HmacMd5= Context, HmacValue), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacMd5Final"), FALSE; } =20 /** diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 98363f740e..eb2808f842 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -880,139 +880,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ); - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 2de8e9c346..33d7c13bff 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -34,7 +34,6 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacMd5.c Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c deleted file mode 100644 index da46ce09f4..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *) HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || KeySize > INT_MAX) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP= _md5(), NULL) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || NewHmacMd5Context =3D=3D NULL) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Con= text) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 digest computation and retrieves the di= gest value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || HmacValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) !=3D 1) { - return FALSE; - } - if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/Crypt= oPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f631f8d879..2a630ef290 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 672e19299c..1642521087 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc3556ae3f..ec9c8e7c05 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external +# HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -39,7 +39,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 04b552f8b7..558ccfc002 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -34,7 +34,6 @@ Hash/CryptSha256Null.c Hash/CryptSha512Null.c Hash/CryptSm3Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/C= ryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57926): https://edk2.groups.io/g/devel/message/57926 Mute This Topic: https://groups.io/mt/73214649/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Feb 7 02:56:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+57927+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57927+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1587631641; cv=none; d=zohomail.com; s=zohoarc; b=hFeh5waUQ1YOF6gwhsybIMvE/TwK6Ii0AhOdDdI0RtSEWmrCkg6lKEG9If6ea7WQGDoarCE0LwZp2nozoRd2DrjJPsTWey79Ub6OtH9EtZSEBRWGL/qx50+X7qWX8VxNdH13/rUjVD45cG4qKvCADaKBwUeLupEU+JckXIoH8X0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587631641; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=tMJtoiaSrM1MRl2n5msNrbmubUtu6HGDe0oLPt54r9U=; b=cZfm+na3Lm1k8aPI6biOPtwPmYbFFDs1xAX+P5aPH3geMdl7UWpgdXiPSVi0wS8hJXW+vgUzrW3iRmqsviEn3YjG4egEQs3Q/VA8Z1skhHyukUVL+TDHo/zWzad+Wl4hNRARePQlNx1RnZpMg0bJS0qvrLSG9ljbF40kwgyoZ7g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57927+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1587631641097131.86346941244574; Thu, 23 Apr 2020 01:47:21 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QyOTYY1788612xrv1IxSOwdm; Thu, 23 Apr 2020 01:47:20 -0700 X-Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.2688.1587631640076617174 for ; Thu, 23 Apr 2020 01:47:20 -0700 IronPort-SDR: kaaopL6VertDqRyGgFo2WmAJ7HFklg5oSKFM7X5BUEO4XiLhmWWr5bnJslSN5EA9x79SLDnTVs Aag077z+2G9w== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2020 01:46:57 -0700 IronPort-SDR: KnB73Zb3adNun6yKrfF1Vh/8uEuZb8P81xExLhlNy8/TcujuZ4rulEQee9tKewoMPddAWggG94 N9lrnxSc7i2A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,306,1583222400"; d="scan'208";a="274165515" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga002.jf.intel.com with ESMTP; 23 Apr 2020 01:46:55 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH V2 6/7] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Date: Thu, 23 Apr 2020 16:46:26 +0800 Message-Id: <20200423084627.3384-7-zhichao.gao@intel.com> In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com> References: <20200423084627.3384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: U7ZbTEBOx8J14d8Z7ZVXInJFx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1587631640; bh=RIQ7P4ixaJeKozpahB0VQp8HNn5EL7OSdfUT3ac4a88=; h=Cc:Date:From:Reply-To:Subject:To; b=D+iLYneAHhvj7CB1/4nAqEUbeu2ux6dhYg8F/FOisLthsr9KcalTDIMOS7FLX/mwUOT 9tawrB18SjBqstT+Eha4qj2qnb7mjjkollWUsrddaT4nQ5F82B5OmliRmqGsr+L2iians Io55dMGBDxgrJVn6LKwGnC6xEG+HH1DOmjg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 HMAC SHA1 is not secure any longer. Remove the HMAC SHA1 support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 3 - CryptoPkg/Driver/Crypto.c | 12 +- CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ------------------ .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 4 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 ----------- 11 files changed, 9 insertions(+), 645 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu= ll.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 9ddf73f9fa..1af78468a1 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,7 +137,6 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -163,7 +162,6 @@ !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -178,7 +176,6 @@ !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_DXE_MIN_SMM - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs1v2Encrypt | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs5HashPassword | TRUE diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 8844c7a505..e0544d44ca 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1346,7 +1346,7 @@ CryptoServiceHmacSha1New ( VOID ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.New, HmacSha1New, (), NULL); + return BaseCryptLibServciceNotEnabled ("HmacSha1New"), NULL; } =20 /** @@ -1363,7 +1363,7 @@ CryptoServiceHmacSha1Free ( IN VOID *HmacSha1Ctx ) { - CALL_VOID_BASECRYPTLIB (HmacSha1.Services.Free, HmacSha1Free, (HmacSha1C= tx)); + BaseCryptLibServciceNotEnabled ("HmacSha1Free"); } =20 /** @@ -1390,7 +1390,7 @@ CryptoServiceHmacSha1SetKey ( IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.SetKey, HmacSha1SetKey, (Hma= cSha1Context, Key, KeySize), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacSha1SetKey"), FALSE; } =20 /** @@ -1415,7 +1415,7 @@ CryptoServiceHmacSha1Duplicate ( OUT VOID *NewHmacSha1Context ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Duplicate, HmacSha1Duplicate= , (HmacSha1Context, NewHmacSha1Context), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacSha1Duplicate"), FALSE; } =20 /** @@ -1446,7 +1446,7 @@ CryptoServiceHmacSha1Update ( IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Update, HmacSha1Update, (Hma= cSha1Context, Data, DataSize), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacSha1Update"), FALSE; } =20 /** @@ -1478,7 +1478,7 @@ CryptoServiceHmacSha1Final ( OUT UINT8 *HmacValue ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, (HmacS= ha1Context, HmacValue), FALSE); + return BaseCryptLibServciceNotEnabled ("HmacSha1Final"), FALSE; } =20 /** diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index eb2808f842..7d0056d5bd 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -880,139 +880,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ); - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the dig= est value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 33d7c13bff..4aae2aba95 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -34,7 +34,6 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPk= g/Library/BaseCryptLib/Hmac/CryptHmacSha1.c deleted file mode 100644 index 7593ca55b1..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *) HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL || KeySize > INT_MAX) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EV= P_sha1(), NULL) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL || NewHmacSha1Context =3D=3D NULL) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1C= ontext) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA1 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 digest computation and retrieves the d= igest value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL || HmacValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA1 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) !=3D 1)= { - return FALSE; - } - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/Cryp= toPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c deleted file mode 100644 index e8c0f341b7..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation which does not provide real capabilitie= s. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 2a630ef290..dc28e3a11d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-SHA1/SHA256 functions, AES functions, RSA external +# HMAC-SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 1642521087..5005beed02 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-SHA1/SHA256 functions, AES functions, RSA external +# HMAC-SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index ec9c8e7c05..91ec3e03bf 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,8 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-SHA1 functions, RSA external -# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and +# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellma= n functions, and # authenticode signature verification functions are not supported in this= instance. # # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
@@ -39,7 +38,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 558ccfc002..689af4fedd 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -34,7 +34,6 @@ Hash/CryptSha256Null.c Hash/CryptSha512Null.c Hash/CryptSm3Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/= CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c deleted file mode 100644 index e8c0f341b7..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation which does not provide real capabilitie= s. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57927): https://edk2.groups.io/g/devel/message/57927 Mute This Topic: https://groups.io/mt/73214651/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Feb 7 02:56:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+57928+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57928+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1587631641; cv=none; d=zohomail.com; s=zohoarc; b=DsvHYvKz/xY0yS+n8tJFpwc+oioiOikxoM72IWsKCuas9+n1fgikBYO7Y2WiUhHFi6iV4jA9glrxlG3SbBx3aVeT0EKGkvPox4oB4UEI++OgOKvDM285+EW2ygJnse+korSWpLdtkbLl000E1GMCiaM3M7jLA2yQvtCGxugPcJc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587631641; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=FXyUuob1ZlMh8Vg3XKscVQUwHoWMQFUTnZ6AXMGZJYk=; b=eqdcxt3G+S1rlo0YGdttLXLUIVQS232Oc0WSCAUxY/LfYY/8j+VvCvK1sN2DB08NJ7g2uvCjTEFQ6Yxydm18mFWvMTP/UCK7SoI6Snz14XacLScUmGJasxicAudd0np4bqLDKg50kNneXR7Uc/y8IdVFLZRsvwjXTgjxH/I82v0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+57928+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1587631641643642.5659836902705; Thu, 23 Apr 2020 01:47:21 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id BtkMYY1788612xms4CLNmwKa; Thu, 23 Apr 2020 01:47:21 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.2688.1587631640076617174 for ; Thu, 23 Apr 2020 01:47:20 -0700 IronPort-SDR: fKbqG6B7wId70pxe9PgvMcEqtETzM4XYLCcMJ5vsEiTzFwRSp55sYw/H1m5GM2/Edj3FY1H/5R 9T5aJIX/zPfQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2020 01:46:59 -0700 IronPort-SDR: BJiMRPPB9eZwonBCWhKzqOGC2lD5EWuhlQDzekut1Fn69e65E0ZwwDdk7ApiFYHh+yE5WKMz2K qjqd0Em4/plw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,306,1583222400"; d="scan'208";a="274165524" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga002.jf.intel.com with ESMTP; 23 Apr 2020 01:46:58 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver Date: Thu, 23 Apr 2020 16:46:27 +0800 Message-Id: <20200423084627.3384-8-zhichao.gao@intel.com> In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com> References: <20200423084627.3384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: oWMkJnRUkRSt2eVCKxWFOzOwx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1587631641; bh=vFKzLYfmvRHZYe6srMRF6QZPBO/clRSScLh4msCXpyU=; h=Cc:Date:From:Reply-To:Subject:To; b=FV+lJRSgIUKhhanjRaPNZC2gJRT0CQ6YjGL7Sp6uDqoUyyPPrsXSx1bpZllBcBmLV21 3APFjqreXVdbm68DdIFUvYZiJSHj3Hn2IOhuTJ0r1Vw/xOlo29AeEEktGubUlvWhu9Wkk T2j9vUP7h3pDvWyzdRrNcdRAxFvCC1g0+/I= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Update the Crypto Version to 7: 1. Retire below deprecated functions: MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1 Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Zhichao Gao --- CryptoPkg/Private/Protocol/Crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 40c387e002..667ca1ef07 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -20,7 +20,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be /// increased. /// -#define EDKII_CRYPTO_VERSION 6 +#define EDKII_CRYPTO_VERSION 7 =20 /// /// EDK II Crypto Protocol forward declaration --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#57928): https://edk2.groups.io/g/devel/message/57928 Mute This Topic: https://groups.io/mt/73214653/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-