From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59527+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59527+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448480; cv=none; d=zohomail.com; s=zohoarc; b=hcbg2okRiWLZEAQNwpVqbFgXAKtF1z0RrTmE9UW97anjgdz10uqmwo9/xhLOpMDqxpbkvT4tNWuV23xV1FHMlzOAqQMKar1d5YNwvWfFcJmEvcU+X+Atah2wgpeUcvrsHff8+CoelnP97MJZYiMp5Ac6ZvYWLaS53N4Fbp1YP5E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448480; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=HioNBWmGLIlc2ntwFBCZkJtQ41SLURmmntQ9Ow7NcYI=; b=HB9Gi8SqhdZbMxHdM1xG2Xtse91uSoRuORFHueCc4YjromxUa0Lchx4ypDKtigJSRp5KAWpDCtkY1AilhHHU6aGwzRS8DQC8BzjQgvnXLsfkjJq9MWVjbCRadeZ+UPaEBBc/mzZXyrr2JkH84O/tVjF8cAm5pu2m/D8J6vxA45U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59527+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448480881749.6756131686204; Thu, 14 May 2020 02:28:00 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id zDyPYY1788612xZoYkNK5zDg; Thu, 14 May 2020 02:28:00 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:00 -0700 IronPort-SDR: q9K/fAMV59v6XoWUrSLajTeJ6pEBEGKvfUiUiZsh3l3AhGVppIDzaCzIsnO+ZpXNexIbAYsRww 034mV5fgOmag== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:27:59 -0700 IronPort-SDR: 2NuyRCcK9gdKNlqqiLrA/tMvWykN27/XQDBn+r1agd72HJbo6KYPq8TKLsyOxnH3Q9bM1fICTg TZCRrKGg980g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840221" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:27:57 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 01/12] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm Date: Thu, 14 May 2020 17:27:41 +0800 Message-Id: <20200514092752.1384-2-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: NhIBmlrEQo2krttufX2FvIwBx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448480; bh=85dep5Cr8sYQCqbYqLyGWlbFjlKN1NvxA2/vEpL0asE=; h=Cc:Date:From:Reply-To:Subject:To; b=V7e/c0jIeQuAcOXSfR9GXaxuqr+TuxEXGCiT3px+Y/1jh541A4ZCgN3vyu53tUuWKrx /ZZjaFN1IUOO3SAL/g9ZYtwk8JID6R1ilbf0SSMgKOd2WT9uTF1VdcP+eVqBun/qrm13o KzYmnQgXOcKu+qcoJuOpUzHoHm15AYufEhM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Add a internal worker function to indicate the deprecated functions. It would print out debug messages and asserts to inform the consumer they are using a deprecated function. Change the Name of BaseCryptLibServciceNotEnabled to correct spelling BaseCryptLibServiceNotEnabled. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 35bf2d3d92..ed0083cccf 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -41,7 +41,7 @@ #define CALL_BASECRYPTLIB(Enable, Function, Args, ErrorReturnValue) \ EDKII_CRYPTO_PCD->Enable \ ? Function Args \ - : (BaseCryptLibServciceNotEnabled (#Function), ErrorReturnValue) + : (BaseCryptLibServiceNotEnabled (#Function), ErrorReturnValue) =20 /** A macro used to call a void BaseCryptLib function if it is enabled. @@ -61,7 +61,7 @@ #define CALL_VOID_BASECRYPTLIB(Enable, Function, Args) \ EDKII_CRYPTO_PCD->Enable \ ? Function Args \ - : BaseCryptLibServciceNotEnabled (#Function) + : BaseCryptLibServiceNotEnabled (#Function) =20 /** Internal worker function that prints a debug message and asserts if a ca= ll is @@ -78,7 +78,7 @@ **/ static VOID -BaseCryptLibServciceNotEnabled ( +BaseCryptLibServiceNotEnabled ( IN CONST CHAR8 *FunctionName ) { @@ -86,6 +86,24 @@ BaseCryptLibServciceNotEnabled ( ASSERT_EFI_ERROR (EFI_UNSUPPORTED); } =20 +/** + Internal worker function that prints a debug message and asserts if a ca= ll is + made to a BaseCryptLib function that is deprecated and unsupported any l= onger. + + @param[in] FunctionName Null-terminated ASCII string that is the name = of an + EDK II Crypto service. + +**/ +static +VOID +BaseCryptLibServiceDeprecated ( + IN CONST CHAR8 *FunctionName + ) +{ + DEBUG ((DEBUG_ERROR, "[%a] Function %a() is deprecated and unsupported a= ny longer\n", gEfiCallerBaseName, FunctionName)); + ASSERT_EFI_ERROR (EFI_UNSUPPORTED); +} + /** Returns the version of the EDK II Crypto Protocol. =20 --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59527): https://edk2.groups.io/g/devel/message/59527 Mute This Topic: https://groups.io/mt/74201276/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59528+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59528+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448484; cv=none; d=zohomail.com; s=zohoarc; b=iye/IT01gq19hDr3X5WR73tfloj9X4VBkqG0Cnsq6vHPfovXsWkh0SrVopY1+eM3vIMQpP8EGmpvxZF0b4S63kfPAagRSGg20S5FJB8jFxL6eSAoh6jAFC1STDj6AK4G0+m77VY5KIoFdRa6uxEF6A1WyXDDJ3Ehrp+hKnWaL88= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448484; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=wM8Usm2/wkWthzED4SCeB6/NMPwOHlz4qrrBRIQ3y2Q=; b=Zn0UHOqmrphE2Z1Pdt1qp3nt7uKKXPQtOYFiQXkc7r8nizNe+A1bPgmhxFkyon00DXxW7VPP0m70PYDbXIge2BX4WPy2qmDQyRgwXvJYbwi7a0SehCWI1zcsAn7K7n1UGqb/C8Qgq7pAk/iQPv6gFuYMw+/J3EHpHv72y8NL854= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59528+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448484264905.291305777099; Thu, 14 May 2020 02:28:04 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id RgvmYY1788612x0uPOipOKni; Thu, 14 May 2020 02:28:03 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:03 -0700 IronPort-SDR: EQM250H9iwcqLxIP7KQiXaqMEO8BIEhW7pqy4vrrLxkHjsj7Rj4+YOcavVP2Jb3qeDR0+nu0F6 jFcIexHzIUSA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:02 -0700 IronPort-SDR: s/5cRmTHpgEEpCKdJUJiKAeh9JfLOkicCgIEVazYsGZ80QJtbVI5IxX7xFz0558MQmY35nWVZK MeAfJrIJTEog== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840240" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:00 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 02/12] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Date: Thu, 14 May 2020 17:27:42 +0800 Message-Id: <20200514092752.1384-3-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: PVlfkfw4LGJhSJmQIafcmIflx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448483; bh=pBDBfK6Z9eAcHhgXxCVTd1u5f7K7DneuBWqA+TAMg88=; h=Cc:Date:From:Reply-To:Subject:To; b=XrxGluJBnHawkde6WGFPy+8VKXNWVdYvbEM50ZCUJnPrCvELKGnVwk5KNQqBLP3NZrx EYJbhhr2z7+7d5UHRIjQoaR1NyuK0vqYMslWH10FqNEYPv+BCFNaiIjKNwGIxaQwpiUyV RjWlksFRMhg+B9aw+QY6t1r+IiJ0ErIxjOU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 MD4 is not secure any longer. Remove the MD4 support from edk2. Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- V5: Remove the incorrect symbol in the commit message Cc list. Add comments for deprecated functions. CryptoPkg/CryptoPkg.dsc | 1 - CryptoPkg/Driver/Crypto.c | 100 +++----- CryptoPkg/Include/Library/BaseCryptLib.h | 145 ------------ .../Library/BaseCryptLib/BaseCryptLib.inf | 3 +- .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------------------ .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 5 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 6 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 5 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 6 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 158 ------------- CryptoPkg/Private/Protocol/Crypto.h | 123 ++-------- 16 files changed, 62 insertions(+), 1011 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index f79ff331cf..6ed7046563 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -140,7 +140,6 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index ed0083cccf..53ee0edea5 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -124,161 +124,123 @@ CryptoServiceGetCryptoVersion ( //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. @retval 0 This interface is not supported. =20 **/ UINTN EFIAPI -CryptoServiceMd4GetContextSize ( +DeprecatedCryptoServiceMd4GetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, Md4GetContextSize= , (), 0); + return BaseCryptLibServiceDeprecated ("Md4GetContextSize"), 0; } =20 /** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] Md4Context Pointer to MD4 context being initialized. =20 - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4Init ( +DeprecatedCryptoServiceMd4Init ( OUT VOID *Md4Context ) { - return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), FALS= E); + return BaseCryptLibServiceDeprecated ("Md4Init"), FALSE; } =20 /** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] Md4Context Pointer to MD4 context being copied. @param[out] NewMd4Context Pointer to new MD4 context. =20 - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4Duplicate ( +DeprecatedCryptoServiceMd4Duplicate ( IN CONST VOID *Md4Context, OUT VOID *NewMd4Context ) { - return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, (Md4Cont= ext, NewMd4Context), FALSE); + return BaseCryptLibServiceDeprecated ("Md4Duplicate"), FALSE; } =20 /** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Md4Context Pointer to the MD4 context. @param[in] Data Pointer to the buffer containing the data t= o be hashed. @param[in] DataSize Size of Data buffer in bytes. =20 - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4Update ( +DeprecatedCryptoServiceMd4Update ( IN OUT VOID *Md4Context, IN CONST VOID *Data, IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, (Md4Context, D= ata, DataSize), FALSE); + return BaseCryptLibServiceDeprecated ("Md4Update"), FALSE; } =20 /** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Md4Context Pointer to the MD4 context. @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest value (16 bytes). =20 - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4Final ( +DeprecatedCryptoServiceMd4Final ( IN OUT VOID *Md4Context, OUT UINT8 *HashValue ) { - return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, Has= hValue), FALSE); + return BaseCryptLibServiceDeprecated ("Md4Final"), FALSE; } =20 /** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] Data Pointer to the buffer containing the data to be= hashed. @param[in] DataSize Size of Data buffer in bytes. @param[out] HashValue Pointer to a buffer that receives the MD4 digest value (16 bytes). =20 - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4HashAll ( +DeprecatedCryptoServiceMd4HashAll ( IN CONST VOID *Data, IN UINTN DataSize, OUT UINT8 *HashValue ) { - return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, DataS= ize, HashValue), FALSE); + return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE; } =20 /** @@ -4440,13 +4402,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacSha256Duplicate, CryptoServiceHmacSha256Update, CryptoServiceHmacSha256Final, - /// Md4 - CryptoServiceMd4GetContextSize, - CryptoServiceMd4Init, - CryptoServiceMd4Duplicate, - CryptoServiceMd4Update, - CryptoServiceMd4Final, - CryptoServiceMd4HashAll, + /// Md4 - deprecated and unsupported + DeprecatedCryptoServiceMd4GetContextSize, + DeprecatedCryptoServiceMd4Init, + DeprecatedCryptoServiceMd4Duplicate, + DeprecatedCryptoServiceMd4Update, + DeprecatedCryptoServiceMd4Final, + DeprecatedCryptoServiceMd4HashAll, /// Md5 CryptoServiceMd5GetContextSize, CryptoServiceMd5Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 5e8f2e0a10..c862f0334f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include =20 -/// -/// MD4 digest size in bytes -/// -#define MD4_DIGEST_SIZE 16 - /// /// MD5 digest size in bytes /// @@ -77,146 +72,6 @@ typedef enum { // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ); - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ); - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ); - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ); - /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index a63ad66b4f..22992e7d43 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -6,7 +6,7 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All righ= ts reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -29,7 +29,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Lib= rary/BaseCryptLib/Hash/CryptMd4.c deleted file mode 100644 index bc02da07b0..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c +++ /dev/null @@ -1,223 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - // - // Retrieves the OpenSSL MD4 Context Size - // - return (UINTN) (sizeof (MD4_CTX)); -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Context Initialization - // - return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context)); -} - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL || NewMd4Context =3D=3D NULL) { - return FALSE; - } - - CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX)); - - return TRUE; -} - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Update - // - return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize)); -} - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL || HashValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Finalization - // - return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context)); -} - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (HashValue =3D=3D NULL) { - return FALSE; - } - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Computation. - // - if (MD4 (Data, DataSize, HashValue) =3D=3D NULL) { - return FALSE; - } else { - return TRUE; - } -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c b/CryptoPkg= /Library/BaseCryptLib/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabiliti= es. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index c836c257f8..e9add0127d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -6,14 +6,14 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, +# Note: # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not # supported in this instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -35,7 +35,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 9937555beb..374bfb3f65 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,13 +6,13 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AE= S/ +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number // generator functions are not supported in this instance. // -// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
// // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: MD4 = Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 f= unctions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-= Hellman functions, X.509 certificate handler functions, authenticode signat= ure verification functions, PEM handler functions, and pseudorandom number = generator functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.5= 09 certificate handler functions, authenticode signature verification funct= ions, PEM handler functions, and pseudorandom number generator functions ar= e not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index e5b8ececc1..0a2eb03232 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All righ= ts reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -35,7 +35,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index c0a16f1b84..b6d751176e 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,12 +6,12 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AE= S/ +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // -// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
// // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: MD4 = Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 f= unctions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-= Hellman functions, and authenticode signature verification functions are no= t supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and= authenticode signature verification functions are not supported in this in= stance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc0b65fd25..139983075e 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA exter= nal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -34,7 +34,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 83485fbb90..b8d7953d2b 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,12 +6,12 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AE= S/ +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // -// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
// // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: MD4 = Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 f= unctions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-= Hellman functions, and authenticode signature verification functions are no= t supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and= authenticode signature verification functions are not supported in this in= stance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 9b4991cbb0..b03681b146 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -29,7 +29,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5Null.c Hash/CryptSha1Null.c Hash/CryptSha256Null.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c b/Crypt= oPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabiliti= es. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index c2a1df9afc..5e470028f4 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -99,164 +99,6 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (Md4GetContextSize, (), 0); -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - CALL_CRYPTO_SERVICE (Md4Init, (Md4Context), FALSE); -} - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - CALL_CRYPTO_SERVICE (Md4Duplicate, (Md4Context, NewMd4Context), FALSE); -} - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - CALL_CRYPTO_SERVICE (Md4Update, (Md4Context, Data, DataSize), FALSE); -} - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - CALL_CRYPTO_SERVICE (Md4Final, (Md4Context, HashValue), FALSE); -} - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - CALL_CRYPTO_SERVICE (Md4HashAll, (Data, DataSize, HashValue), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 40c387e002..ae0f29695c 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -451,145 +451,52 @@ BOOLEAN //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef UINTN -(EFIAPI *EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) ( VOID ); =20 =20 -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_INIT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_INIT) ( OUT VOID *Md4Context ); =20 =20 -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_DUPLICATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE) ( IN CONST VOID *Md4Context, OUT VOID *NewMd4Context ); =20 =20 -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_UPDATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_UPDATE) ( IN OUT VOID *Md4Context, IN CONST VOID *Data, IN UINTN DataSize ); =20 =20 -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_FINAL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_FINAL) ( IN OUT VOID *Md4Context, OUT UINT8 *HashValue ); =20 =20 -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_HASH_ALL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL) ( IN CONST VOID *Data, IN UINTN DataSize, OUT UINT8 *HashValue @@ -4007,13 +3914,13 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate; EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update; EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final; - /// Md4 - EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE Md4GetContextSize; - EDKII_CRYPTO_MD4_INIT Md4Init; - EDKII_CRYPTO_MD4_DUPLICATE Md4Duplicate; - EDKII_CRYPTO_MD4_UPDATE Md4Update; - EDKII_CRYPTO_MD4_FINAL Md4Final; - EDKII_CRYPTO_MD4_HASH_ALL Md4HashAll; + /// Md4 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetContextS= ize; + DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init; + DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE DeprecatedMd4Duplicate; + DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update; + DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final; + DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll; /// Md5 EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize; EDKII_CRYPTO_MD5_INIT Md5Init; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59528): https://edk2.groups.io/g/devel/message/59528 Mute This Topic: https://groups.io/mt/74201277/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59529+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59529+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448486; cv=none; d=zohomail.com; s=zohoarc; b=JIz+HGsRi/gnf7y5y12OKzMoqmxZivS5hPcf5YZxxgH7VlLsmTy6J1xIjFpozkwxDkh2V3yTpmgvdewCYBaChYyXLSIwBqqda7qJmZLx0rJFb05ds00FcwcEG6nPDDN4nY5Ycl3oPg8MKC0pODQAZTyfJtc43OYEXHH/OxWRlTs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448486; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=BiEElGhhRndqPAR82ZtePnJm7Q46EJ9WgS6BpeJC7SU=; b=EJ1ZqlZ0UCncVbKT0jvnoKuCA3fa1ahH35fO54lA4+MxlHCVAUz4kl+DoBPy8QibalfJwxNN+46lv4fLi347GhhErkb8bJZoYrBDn7mJB/O8XAUKll2++ZsFQjzALZ2FKctvAEI3/Ithj9juD/Aj4UI0mg9cN2eFtBSosqicnrY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59529+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 158944848606016.862088190481813; Thu, 14 May 2020 02:28:06 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id JfT0YY1788612xZHCWCKGaBN; Thu, 14 May 2020 02:28:05 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:05 -0700 IronPort-SDR: Kt4Ep6C+d8Y6SqaDhK0CG/SY5k6YNleG1aLVq6QI0Es7CgD+b1o5AlRG+TZEvGgpYalAI+swRo 6ctUwQiupWzA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:05 -0700 IronPort-SDR: OJg1XR3j8KW4rvfxAiS6UeJgWogTrBy1lg3cmI4IErrSNyivUKoQvFCSs3Tmw3JFbLHtbMfiA0 hfR2exzKvU8A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840249" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:03 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 03/12] CryptoPkg/OpensslLib: Set MD4 disable in OpensslLib Date: Thu, 14 May 2020 17:27:43 +0800 Message-Id: <20200514092752.1384-4-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: 4gcZNEHgELRm820gmjX9O7E0x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448485; bh=NbeI6UhfL7zwpU1YnXjXjSr24LRrRdUMd/w+pJt36vs=; h=Cc:Date:From:Reply-To:Subject:To; b=JDLIcakCeDrDyOjhf3pss3vI6tjiXI68CHCyFWcRwn3q34TP6WBSZVzjOkeBsRdF6+M kgkr3qMJy9bhArBnrpOBd3vErui92aZIWnYtRz5vDLTY4Rqk8uHnPvDqWXAyus2kFLTjl TO7Cn1RYVmuG9ckFzTsJjIxN5PJC7fHreqE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 This patch is create by adding the setting "no_md4" of process_files.pl and running it thru perl. It would remove the MD4 from OpensslLib. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 --- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 3 --- CryptoPkg/Library/OpensslLib/process_files.pl | 1 + 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index bd34e53ef2..84672636dc 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -61,6 +61,9 @@ extern "C" { #ifndef OPENSSL_NO_MD2 # define OPENSSL_NO_MD2 #endif +#ifndef OPENSSL_NO_MD4 +# define OPENSSL_NO_MD4 +#endif #ifndef OPENSSL_NO_MDC2 # define OPENSSL_NO_MDC2 #endif diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 9ed0175553..10710e4a7c 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -294,8 +294,6 @@ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c - $(OPENSSL_PATH)/crypto/md4/md4_one.c $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c @@ -525,7 +523,6 @@ $(OPENSSL_PATH)/crypto/evp/evp_locl.h $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h $(OPENSSL_PATH)/crypto/md5/md5_locl.h $(OPENSSL_PATH)/crypto/modes/modes_lcl.h $(OPENSSL_PATH)/crypto/objects/obj_dat.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 03da266627..d9782a3098 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -294,8 +294,6 @@ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c - $(OPENSSL_PATH)/crypto/md4/md4_one.c $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c @@ -525,7 +523,6 @@ $(OPENSSL_PATH)/crypto/evp/evp_locl.h $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h $(OPENSSL_PATH)/crypto/md5/md5_locl.h $(OPENSSL_PATH)/crypto/modes/modes_lcl.h $(OPENSSL_PATH)/crypto/objects/obj_dat.h diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index 4ba25da407..bd4a84da24 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -73,6 +73,7 @@ BEGIN { "no-gost", "no-hw", "no-idea", + "no-md4", "no-mdc2", "no-pic", "no-ocb", --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59529): https://edk2.groups.io/g/devel/message/59529 Mute This Topic: https://groups.io/mt/74201279/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59530+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59530+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448489; cv=none; d=zohomail.com; s=zohoarc; b=b2CwIRpPx5Bf8nvctdAYG+gGWUlaWDG2EsSn825x4f/4Gh0zAmrv07hsfuihyghoqcxSIvOx3U+pH/mbcUQdW6rtAZTMhwzS/vhWrxNATMrRU6hZmf0yKZtZ2JCMNuVbTSuxPhJbhEyfZAAx3I6KQYF93XiJq+68Il0o/hdWFoo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448489; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=V9YHmBkAOk95wuPEKgoZV0CEDG/5TMaA633eP+kDERo=; b=JMirxLLK9DvEl8p7wfe+UQDxIrIs3xeatJAgfUa27DGBBuZyhN7WcW4c7o3RHRSvkyxi82NDk75J1mS8ulUyI+JTNV8OidbvnWoUukV7aOY/30OBBVEMLM64sHA3W5117ccnJo55pSklOern/CozoRXaWbPXTNE9gLA8HE8XdeA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59530+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448489237593.3330497429178; Thu, 14 May 2020 02:28:09 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 3lkEYY1788612xi8CUk3SzwA; Thu, 14 May 2020 02:28:08 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:08 -0700 IronPort-SDR: ij4zis7tbwheZTb1ugoMtQsk5CIH+JYyilksVtqCfNr70AYdEaLbIEv6BAQXWxy95/3B2xiaXK kFHYy2KfIOgw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:08 -0700 IronPort-SDR: jPg3IW/a1ntegPSEoj/D4DIwssPkAOsK10R0XW0GJqss1/3fp0nnTh1Kot2aNK4nTgrXXUmGMx fQyBPF04Y+nQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840274" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:05 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 04/12] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Date: Thu, 14 May 2020 17:27:44 +0800 Message-Id: <20200514092752.1384-5-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: SWF6WgXR0QxykR8Ue4c1RYVmx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448488; bh=tBTS5M1KcnMdynCHbpGEIsBbpemWKUqA5AaMHFpeKkg=; h=Cc:Date:From:Reply-To:Subject:To; b=JEKLkIWUhto6mYRsfzmHH5BZDek4L67srXeUIuolWs+LU8vwub8WCwY67Vw2pnhNJ5G IpZMx6wcnFfGxYkJYgwR4R7aiz682FFwQrm7LHEI0wmHGtpmez/AG7POmbR10rNHrbto0 YykZqJi9V4gm6Yf+GK6uvTqt2XuRtUykTsQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 ARC4 is not secure any longer. Remove the ARC4 support from edk2. Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- V5: Add comments for deprecated functions. CryptoPkg/Driver/Crypto.c | 95 +++----- CryptoPkg/Include/Library/BaseCryptLib.h | 132 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------------------ .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 147 ------------- CryptoPkg/Private/Protocol/Crypto.h | 115 ++-------- 15 files changed, 48 insertions(+), 917 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null= .c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 53ee0edea5..af61482919 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -2037,150 +2037,107 @@ CryptoServiceAesCbcDecrypt ( } =20 /** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. @retval 0 This interface is not supported. =20 **/ UINTN EFIAPI -CryptoServiceArc4GetContextSize ( +DeprecatedCryptoServiceArc4GetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize, Arc4GetContextSi= ze, (), 0); + return BaseCryptLibServiceDeprecated ("Arc4GetContextSize"), 0; } =20 /** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] Arc4Context Pointer to ARC4 context being initialized. @param[in] Key Pointer to the user-supplied ARC4 key. @param[in] KeySize Size of ARC4 key in bytes. =20 - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceArc4Init ( +DeprecatedCryptoServiceArc4Init ( OUT VOID *Arc4Context, IN CONST UINT8 *Key, IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, Ke= y, KeySize), FALSE); + return BaseCryptLibServiceDeprecated ("Arc4Init"), FALSE; } =20 /** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Arc4Context Pointer to the ARC4 context. @param[in] Input Pointer to the buffer containing the data = to be encrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. =20 - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceArc4Encrypt ( +DeprecatedCryptoServiceArc4Encrypt ( IN OUT VOID *Arc4Context, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Conte= xt, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("Arc4Encrypt"), FALSE; } =20 /** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Arc4Context Pointer to the ARC4 context. @param[in] Input Pointer to the buffer containing the data = to be decrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. =20 - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceArc4Decrypt ( +DeprecatedCryptoServiceArc4Decrypt ( IN OUT VOID *Arc4Context, IN UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Conte= xt, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("Arc4Decrypt"), FALSE; } =20 /** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Arc4Context Pointer to the ARC4 context. =20 - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceArc4Reset ( +DeprecatedCryptoServiceArc4Reset ( IN OUT VOID *Arc4Context ) { - return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context),= FALSE); + return BaseCryptLibServiceDeprecated ("Arc4Reset"), FALSE; } =20 //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D @@ -4502,12 +4459,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceAesEcbDecrypt, CryptoServiceAesCbcEncrypt, CryptoServiceAesCbcDecrypt, - /// Arc4 - CryptoServiceArc4GetContextSize, - CryptoServiceArc4Init, - CryptoServiceArc4Encrypt, - CryptoServiceArc4Decrypt, - CryptoServiceArc4Reset, + /// Arc4 - deprecated and unsupported + DeprecatedCryptoServiceArc4GetContextSize, + DeprecatedCryptoServiceArc4Init, + DeprecatedCryptoServiceArc4Encrypt, + DeprecatedCryptoServiceArc4Decrypt, + DeprecatedCryptoServiceArc4Reset, /// SM3 CryptoServiceSm3GetContextSize, CryptoServiceSm3Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index c862f0334f..25e236c4a3 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1667,138 +1667,6 @@ AesCbcDecrypt ( OUT UINT8 *Output ); =20 -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ); - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Asymmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 22992e7d43..da38ea552f 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -40,7 +40,6 @@ Kdf/CryptHkdf.c Cipher/CryptAes.c Cipher/CryptTdes.c - Cipher/CryptArc4.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/= Library/BaseCryptLib/Cipher/CryptArc4.c deleted file mode 100644 index 388d312bed..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c +++ /dev/null @@ -1,205 +0,0 @@ -/** @file - ARC4 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - // - // Memory for 2 copies of RC4_KEY is allocated, one for working copy, an= d the other - // for backup copy. When Arc4Reset() is called, we can use the backup co= py to restore - // the working copy to the initial state. - // - return (UINTN) (2 * sizeof (RC4_KEY)); -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Key =3D=3D NULL || (KeySize < 5 || KeySiz= e > 256)) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4_set_key (Rc4Key, (UINT32) KeySize, Key); - - CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY)); - - return TRUE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL |= | InputSize > INT_MAX) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); - - return TRUE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL |= | InputSize > INT_MAX) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); - - return TRUE; -} - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY)); - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c b/Crypto= Pkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c deleted file mode 100644 index 1f09bfa30e..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c +++ /dev/null @@ -1,124 +0,0 @@ -/** @file - ARC4 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Resets the ARC4 context to the initial state. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index e9add0127d..f43953b78c 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -46,7 +46,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 374bfb3f65..5abd8e8dfb 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -7,7 +7,7 @@ // buffer overflow or integer overflow. // // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, +// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number // generator functions are not supported in this instance. @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.5= 09 certificate handler functions, authenticode signature verification funct= ions, PEM handler functions, and pseudorandom number generator functions ar= e not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 ce= rtificate handler functions, authenticode signature verification functions,= PEM handler functions, and pseudorandom number generator functions are not= supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 0a2eb03232..f1eb099b67 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -46,7 +46,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index b6d751176e..5a48d2a308 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -7,7 +7,7 @@ // buffer overflow or integer overflow. // // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, +// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and= authenticode signature verification functions are not supported in this in= stance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 139983075e..3a94655775 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA exter= nal +# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -45,7 +45,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAes.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index b8d7953d2b..0561f107e8 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -7,7 +7,7 @@ // buffer overflow or integer overflow. // // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, +// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and= authenticode signature verification functions are not supported in this in= stance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index b03681b146..a205c9005d 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -40,7 +40,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c b/Cr= yptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c deleted file mode 100644 index 1f09bfa30e..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c +++ /dev/null @@ -1,124 +0,0 @@ -/** @file - ARC4 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Resets the ARC4 context to the initial state. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 5e470028f4..77915bdb86 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1892,153 +1892,6 @@ AesCbcDecrypt ( CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ivec,= Output), FALSE); } =20 -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (Arc4GetContextSize, (), 0); -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - CALL_CRYPTO_SERVICE (Arc4Init, (Arc4Context, Key, KeySize), FALSE); -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (Arc4Encrypt, (Arc4Context, Input, InputSize, Output= ), FALSE); -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (Arc4Decrypt, (Arc4Context, Input, InputSize, Output= ), FALSE); -} - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - CALL_CRYPTO_SERVICE (Arc4Reset, (Arc4Context), FALSE); -} - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Asymmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index ae0f29695c..f36c5c1aff 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2785,134 +2785,45 @@ BOOLEAN ); =20 /** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef UINTN -(EFIAPI *EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) ( VOID ); =20 -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_INIT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_INIT) ( OUT VOID *Arc4Context, IN CONST UINT8 *Key, IN UINTN KeySize ); =20 -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT) ( IN OUT VOID *Arc4Context, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT) ( IN OUT VOID *Arc4Context, IN UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_RESET) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_RESET) ( IN OUT VOID *Arc4Context ); =20 @@ -4014,12 +3925,12 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt; EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; - /// Arc4 - EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE Arc4GetContextSize; - EDKII_CRYPTO_ARC4_INIT Arc4Init; - EDKII_CRYPTO_ARC4_ENCRYPT Arc4Encrypt; - EDKII_CRYPTO_ARC4_DECRYPT Arc4Decrypt; - EDKII_CRYPTO_ARC4_RESET Arc4Reset; + /// Arc4 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE DeprecatedArc4GetContext= Size; + DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init; + DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encrypt; + DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decrypt; + DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset; /// SM3 EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize; EDKII_CRYPTO_SM3_INIT Sm3Init; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59530): https://edk2.groups.io/g/devel/message/59530 Mute This Topic: https://groups.io/mt/74201280/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59531+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59531+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448491; cv=none; d=zohomail.com; s=zohoarc; b=BcgEaaeSZDijeUQr1pxubzBWm7INU4mc//S828+40g9NnDatWnmbWKUB2QtimXIPyRwlKMNX72Z3B5AEV9DNrEP/NspFQa2+FbzVDPMvRVdiexsR7YC4v8VD1Mw3HRzEquZAn9N/OhC37qv9P9Ob5m8baMkP0+wQ/AnB+Kp82Qk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448491; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=tFuDNheDQykShVBblf73Zqdpyihg8PnZ0GIw0rbBKpE=; b=X2SP+0NpzJ+slzlTZwxPMYmRkecQ1twsrIijRL6VBSzRPHORLADOFwumUHBM43BiL0U71cmhJD6OT2Td379UA+TZBE293VTjz252enKXCQuF4kq0+90wg4ZHnjGo+UBJk24JTXKQsGTzuWRK0UcZNpZ40QC+kH1DhDT9KKOCJ6A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59531+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448491322824.8909276638784; Thu, 14 May 2020 02:28:11 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bHCoYY1788612xwwUyrNfcSB; Thu, 14 May 2020 02:28:11 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:10 -0700 IronPort-SDR: f+6ebOwiTHkasoYo3OMk5s3SceFGtHvGTdB2pwAvpdLz1fj99/d/2rz0yBMKoZrVLR+3PGjo5y qBz2UvnJ71Kw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:10 -0700 IronPort-SDR: mAWcZCxDKmpw5/ANe4JOsDfhdZKRfpt2PuohLvJT09LdePMpKwp3LUwWdHpxSA8vT19Z027QC7 xliX1OdfwfdQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840282" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:08 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 05/12] CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib Date: Thu, 14 May 2020 17:27:45 +0800 Message-Id: <20200514092752.1384-6-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: R3xeClUL1fum69J480REsGGpx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448491; bh=RwMNuzZ2hHSYxtF9HUPxLbJ8iS90yRQLphy5heLBTgs=; h=Cc:Date:From:Reply-To:Subject:To; b=gXKxtfjPapQRrwPgAPRR3aj0/iC9LLfir8qjytRuKdUJ9aej+nCPSXm9kuwM9jbRriS jRzwKbojMhx6R/JePPp+hIVoV998w+fZ7DwjDFSU/zOD6lmPmQWAr8eMZivcziBSInCsp RWLFQQ893emZXbvUSkHvV5NL7kkqx8jdXvI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 This patch is create by adding the setting "no_rc4" of process_files.pl and running it thru perl. It would remove the ARC4 from OpensslLib. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 --- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 3 --- CryptoPkg/Library/OpensslLib/process_files.pl | 1 + 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index 84672636dc..bab07db583 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -73,6 +73,9 @@ extern "C" { #ifndef OPENSSL_NO_RC2 # define OPENSSL_NO_RC2 #endif +#ifndef OPENSSL_NO_RC4 +# define OPENSSL_NO_RC4 +#endif #ifndef OPENSSL_NO_RC5 # define OPENSSL_NO_RC5 #endif diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 10710e4a7c..dfaefd1c08 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -374,8 +374,6 @@ $(OPENSSL_PATH)/crypto/rand/rand_unix.c $(OPENSSL_PATH)/crypto/rand/rand_vms.c $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c @@ -531,7 +529,6 @@ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h $(OPENSSL_PATH)/crypto/rand/rand_lcl.h - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h $(OPENSSL_PATH)/crypto/sha/sha_locl.h $(OPENSSL_PATH)/crypto/siphash/siphash_local.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index d9782a3098..080e1d9305 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -374,8 +374,6 @@ $(OPENSSL_PATH)/crypto/rand/rand_unix.c $(OPENSSL_PATH)/crypto/rand/rand_vms.c $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c @@ -531,7 +529,6 @@ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h $(OPENSSL_PATH)/crypto/rand/rand_lcl.h - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h $(OPENSSL_PATH)/crypto/sha/sha_locl.h $(OPENSSL_PATH)/crypto/siphash/siphash_local.h diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index bd4a84da24..254bc4dbcc 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -80,6 +80,7 @@ BEGIN { "no-poly1305", "no-posix-io", "no-rc2", + "no-rc4", "no-rfc3779", "no-rmd160", "no-scrypt", --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59531): https://edk2.groups.io/g/devel/message/59531 Mute This Topic: https://groups.io/mt/74201282/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59532+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59532+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448494; cv=none; d=zohomail.com; s=zohoarc; b=fjx0GKBNLDQIPYvpFt0gr4VTigflDhGeW0+cytjJAbZvgLCKCf/KlluSTavP1iV2Sd2QiXEZQbNMNm+t75br2j8O7QUa6J9mpbEKqyeIznZ6YsYiA0MsjTnBcd6YeSz/piSHPDXzW98O+kIhMKPuceHp8RL3cvmB4BRRwNQJugM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448494; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=S9h/6t+OlGPjP/2I6fj+afuKnlmQJOWuUJ7r6vZ/mec=; b=PlFluzipJc08EE03BcL48xKZrWK6b76RJzQNcGVNLKmoSFtp6BmfQmkucgZlCgcrJUXYSLPA7z6WFgUBQ3prNRxmB6H3G+Yf+mbqv3HBOhnQtMV1yTReOuxBIxzddg+cFbwSu9JdTf8gOW+h3Yb+QUf9akoUwpHjOAfxDwS/PIo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59532+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448494875886.4197695807497; Thu, 14 May 2020 02:28:14 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id UwIhYY1788612x5Ncs3j6djZ; Thu, 14 May 2020 02:28:14 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:13 -0700 IronPort-SDR: pFzAFZz7HFFoNTcB4AjCTyHm3Qhsg1/mMuREtq2GUDTO6NeeHV1Ok+DKp3tuRbCeMuDNdtSxp1 a41sJRwlkwxA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:13 -0700 IronPort-SDR: koah4trG2hXNZsRc84rrW7ZJUh22rIS+Ae0XxYM9Xr1659QgGDH8NWfMYuVTzT260rPEVDGtFo veDziAD3Xt9g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840302" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:10 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 06/12] CryptoPkg/BaseCryptLib: Retire the TDES algorithm Date: Thu, 14 May 2020 17:27:46 +0800 Message-Id: <20200514092752.1384-7-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: rYAd0GfaX5HCpClW6aQRx1hBx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448494; bh=HDo40lgUZYID7K5FHyrBvZG09ePdLX4ZjvgNo7BvrJw=; h=Cc:Date:From:Reply-To:Subject:To; b=d4Un6hVto6egRE2ruEYH6Qpxzdtl7IDb7OQ78Nk+TkVHT1bY0yhy+FfwMuvjhog1pjC y5tJE/MoRzZIc/6kcuKjSBbbNX1IJZrm8fL0G0oMvGGS+5t6QRrZEXC6VNIPLTmvg6FzQ IFa9/SXNIZYKR3SkQKp5VnMx3UC0iDs3yo4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 TDES is not secure any longer. Remove the Tdes support from edk2. Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- V5: Add comments for deprecated functions. CryptoPkg/Driver/Crypto.c | 138 ++----- CryptoPkg/Include/Library/BaseCryptLib.h | 196 ---------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------ .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 6 +- CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 6 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 214 ---------- CryptoPkg/Private/Protocol/Crypto.h | 169 +------- 16 files changed, 60 insertions(+), 1377 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull= .c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index af61482919..642d0267d9 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1612,152 +1612,94 @@ CryptoServiceHmacSha256Final ( //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - @return The size, in bytes, of the context buffer required for TDES ope= rations. @retval 0 This interface is not supported. =20 **/ UINTN EFIAPI -CryptoServiceTdesGetContextSize ( +DeprecatedCryptoServiceTdesGetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSi= ze, (), 0); + return BaseCryptLibServiceDeprecated ("TdesGetContextSize"), 0; } =20 /** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] TdesContext Pointer to TDES context being initialized. @param[in] Key Pointer to the user-supplied TDES key. @param[in] KeyLength Length of TDES key in bits. =20 - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesInit ( +DeprecatedCryptoServiceTdesInit ( OUT VOID *TdesContext, IN CONST UINT8 *Key, IN UINTN KeyLength ) { - return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Ke= y, KeyLength), FALSE); + return BaseCryptLibServiceDeprecated ("TdesInit"), FALSE; } =20 /** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to b= e encrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. =20 - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesEcbEncrypt ( +DeprecatedCryptoServiceTdesEcbEncrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (Tde= sContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesEcbEncrypt"), FALSE; } =20 /** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to b= e decrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. =20 - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesEcbDecrypt ( +DeprecatedCryptoServiceTdesEcbDecrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (Tde= sContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesEcbDecrypt"), FALSE; } =20 /** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to b= e encrypted. @@ -1765,14 +1707,12 @@ CryptoServiceTdesEcbDecrypt ( @param[in] Ivec Pointer to initialization vector. @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. =20 - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesCbcEncrypt ( +DeprecatedCryptoServiceTdesCbcEncrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -1780,26 +1720,12 @@ CryptoServiceTdesCbcEncrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesCbcEncrypt"), FALSE; } =20 /** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to b= e encrypted. @@ -1807,14 +1733,12 @@ CryptoServiceTdesCbcEncrypt ( @param[in] Ivec Pointer to initialization vector. @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. =20 - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesCbcDecrypt ( +DeprecatedCryptoServiceTdesCbcDecrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -1822,7 +1746,7 @@ CryptoServiceTdesCbcDecrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesCbcDecrypt"), FALSE; } =20 /** @@ -4445,13 +4369,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceX509Free, CryptoServiceX509StackFree, CryptoServiceX509GetTBSCert, - /// TDES - CryptoServiceTdesGetContextSize, - CryptoServiceTdesInit, - CryptoServiceTdesEcbEncrypt, - CryptoServiceTdesEcbDecrypt, - CryptoServiceTdesCbcEncrypt, - CryptoServiceTdesCbcDecrypt, + /// TDES - deprecated and unsupported + DeprecatedCryptoServiceTdesGetContextSize, + DeprecatedCryptoServiceTdesInit, + DeprecatedCryptoServiceTdesEcbEncrypt, + DeprecatedCryptoServiceTdesEcbDecrypt, + DeprecatedCryptoServiceTdesCbcEncrypt, + DeprecatedCryptoServiceTdesCbcDecrypt, /// AES CryptoServiceAesGetContextSize, CryptoServiceAesInit, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 25e236c4a3..621bcfd1c4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1278,202 +1278,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ); - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index da38ea552f..2de8e9c346 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c - Cipher/CryptTdes.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/= Library/BaseCryptLib/Cipher/CryptTdes.c deleted file mode 100644 index fd799f3398..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c +++ /dev/null @@ -1,364 +0,0 @@ -/** @file - TDES Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - // - // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and = K3 each. - // - return (UINTN) (3 * sizeof (DES_key_schedule)); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Key =3D=3D NULL || (KeyLength !=3D 64 && = KeyLength !=3D 128 && KeyLength !=3D 192)) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - // - // If input Key is a weak key, return error. - // - if (DES_is_weak_key ((const_DES_cblock *) Key) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule); - - if (KeyLength =3D=3D 64) { - CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule)); - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1); - - if (KeyLength =3D=3D 128) { - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2); - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_ENCRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_DECRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_ENCRYPT - ); - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_DECRYPT - ); - - return TRUE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/Crypto= Pkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f43953b78c..f631f8d879 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 5abd8e8dfb..c906935d3d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number // generator functions are not supported in this instance. @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 ce= rtificate handler functions, authenticode signature verification functions,= PEM handler functions, and pseudorandom number generator functions are not= supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certific= ate handler functions, authenticode signature verification functions, PEM h= andler functions, and pseudorandom number generator functions are not suppo= rted in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Libr= ary/BaseCryptLib/Pem/CryptPem.c index 75a133bd0c..6f7e1971f8 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c @@ -1,7 +1,7 @@ /** @file PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over O= penSSL. =20 -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem ( =20 // // Add possible block-cipher descriptor for PEM data decryption. - // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted= PEM. + // NOTE: Only support most popular ciphers AES for the encrypted PEM. // - if (EVP_add_cipher (EVP_des_ede3_cbc ()) =3D=3D 0) { - return FALSE; - } if (EVP_add_cipher (EVP_aes_128_cbc ()) =3D=3D 0) { return FALSE; } diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index f1eb099b67..672e19299c 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index 5a48d2a308..0a3bb1c04f 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 3a94655775..cc3556ae3f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external +# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -44,7 +44,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 0561f107e8..2e362c635f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index a205c9005d..04b552f8b7 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c b/Cr= yptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 77915bdb86..43ee4e0841 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1467,220 +1467,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, Out= put), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, Out= put), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ive= c, Output), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ive= c, Output), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index f36c5c1aff..a30660c192 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2396,155 +2396,45 @@ BOOLEAN //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef UINTN -(EFIAPI *EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( VOID ); =20 -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_INIT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_INIT) ( OUT VOID *TdesContext, IN CONST UINT8 *Key, IN UINTN KeyLength ); =20 -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -2552,38 +2442,9 @@ BOOLEAN OUT UINT8 *Output ); =20 -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -3911,13 +3772,13 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_X509_FREE X509Free; EDKII_CRYPTO_X509_STACK_FREE X509StackFree; EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert; - /// TDES - EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE TdesGetContextSize; - EDKII_CRYPTO_TDES_INIT TdesInit; - EDKII_CRYPTO_TDES_ECB_ENCRYPT TdesEcbEncrypt; - EDKII_CRYPTO_TDES_ECB_DECRYPT TdesEcbDecrypt; - EDKII_CRYPTO_TDES_CBC_ENCRYPT TdesCbcEncrypt; - EDKII_CRYPTO_TDES_CBC_DECRYPT TdesCbcDecrypt; + /// TDES - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetContext= Size; + DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncrypt; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt; /// AES EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; EDKII_CRYPTO_AES_INIT AesInit; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59532): https://edk2.groups.io/g/devel/message/59532 Mute This Topic: https://groups.io/mt/74201283/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59533+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59533+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448496; cv=none; d=zohomail.com; s=zohoarc; b=jqMRYqNZ9ko8Y4ArXLof1sgCrE5IajzQxOwX+ZQsLF2exMIN/4WwECiBpsMTeuTlIPsEq1B9glfN2DBzaWc3y/FTyrdq0qZUrM7YF7XT5lm/ofr14GYms6jopvBY9FstYgP3MlZcDUH/J3mcLngr8GSeQDje5d6xLLModLhlSAk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448496; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Z1LI2A4OhnZkkCyt6NAJZqmMU6lc9cF1WVSqHa8fG18=; b=MDAfOvM+rdIkbSHao9LQRHTDsfDW9ucX02gtPV0LiybcnaCAjLpkDRmxm7TkhkovuJtDe6m26UOTqqll0PjmxRN9fx8OP5th8EDlw5MHH/V7UlRi8WkW8p4WKKHKdmna5n9N+3F94B8FEGpcqhZCsq+0GyAPAH4bayaroIuYge8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59533+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448496593957.2492328085029; Thu, 14 May 2020 02:28:16 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id RgS1YY1788612x50PVyHM1C8; Thu, 14 May 2020 02:28:16 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:15 -0700 IronPort-SDR: DhqLrHv55da7QKn1vLodIJXtu738RDHqIOFRdtNFcLbsLjsZ8l2aQDIbidtkR80ST4efiyV19/ Ee8Zch/fk8DQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:15 -0700 IronPort-SDR: 6ILbvisQnfQcxw9dC4Edxbt3nkCGT9aWLIwfBJp9T+YYT+s+837fkgdbuR70S2Fb0XIvl/QRTu x+JhdQC2EWXQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840308" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:13 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 07/12] CryptoPkg/OpensslLib: Set TDES disable in OpensslLib Date: Thu, 14 May 2020 17:27:47 +0800 Message-Id: <20200514092752.1384-8-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: ncnbORPyTy1CnxSTtxcXIkjsx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448496; bh=DQoHXHo3I2pQD+/2lEWbbguHUTNk8xbIFo4Kiyo7GFA=; h=Cc:Date:From:Reply-To:Subject:To; b=sxo2nxZNItz/WpdpS8uHsn6grWdu68fHN0EC5iMpk5+KvLJATNkfkwM/ADLnp2gctgs hpljLyQ3ewQVuA4BieX2ubyTQzw1Bt35DetvhU8M6XZnz667DBjIRC9uGYXuYQaAFgaON yBDipZVxybY/EKlAtDix8cSrBafXzHVeJOQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 This patch is create by adding the setting "no_des" of process_files.pl and running it thru perl. It would remove the TDES from OpensslLib. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- .../Library/Include/openssl/opensslconf.h | 3 +++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 21 ------------------- .../Library/OpensslLib/OpensslLibCrypto.inf | 21 ------------------- CryptoPkg/Library/OpensslLib/process_files.pl | 1 + 4 files changed, 4 insertions(+), 42 deletions(-) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index bab07db583..fc2a7bdec9 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -49,6 +49,9 @@ extern "C" { #ifndef OPENSSL_NO_CT # define OPENSSL_NO_CT #endif +#ifndef OPENSSL_NO_DES +# define OPENSSL_NO_DES +#endif #ifndef OPENSSL_NO_DSA # define OPENSSL_NO_DSA #endif diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index dfaefd1c08..d66f1cb03f 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -178,25 +178,6 @@ $(OPENSSL_PATH)/crypto/cryptlib.c $(OPENSSL_PATH)/crypto/ctype.c $(OPENSSL_PATH)/crypto/cversion.c - $(OPENSSL_PATH)/crypto/des/cbc_cksm.c - $(OPENSSL_PATH)/crypto/des/cbc_enc.c - $(OPENSSL_PATH)/crypto/des/cfb64ede.c - $(OPENSSL_PATH)/crypto/des/cfb64enc.c - $(OPENSSL_PATH)/crypto/des/cfb_enc.c - $(OPENSSL_PATH)/crypto/des/des_enc.c - $(OPENSSL_PATH)/crypto/des/ecb3_enc.c - $(OPENSSL_PATH)/crypto/des/ecb_enc.c - $(OPENSSL_PATH)/crypto/des/fcrypt.c - $(OPENSSL_PATH)/crypto/des/fcrypt_b.c - $(OPENSSL_PATH)/crypto/des/ofb64ede.c - $(OPENSSL_PATH)/crypto/des/ofb64enc.c - $(OPENSSL_PATH)/crypto/des/ofb_enc.c - $(OPENSSL_PATH)/crypto/des/pcbc_enc.c - $(OPENSSL_PATH)/crypto/des/qud_cksm.c - $(OPENSSL_PATH)/crypto/des/rand_key.c - $(OPENSSL_PATH)/crypto/des/set_key.c - $(OPENSSL_PATH)/crypto/des/str2key.c - $(OPENSSL_PATH)/crypto/des/xcbc_enc.c $(OPENSSL_PATH)/crypto/dh/dh_ameth.c $(OPENSSL_PATH)/crypto/dh/dh_asn1.c $(OPENSSL_PATH)/crypto/dh/dh_check.c @@ -514,8 +495,6 @@ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h $(OPENSSL_PATH)/crypto/conf/conf_def.h $(OPENSSL_PATH)/crypto/conf/conf_lcl.h - $(OPENSSL_PATH)/crypto/des/des_locl.h - $(OPENSSL_PATH)/crypto/des/spr.h $(OPENSSL_PATH)/crypto/dh/dh_locl.h $(OPENSSL_PATH)/crypto/dso/dso_locl.h $(OPENSSL_PATH)/crypto/evp/evp_locl.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 080e1d9305..5788d13cf7 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -178,25 +178,6 @@ $(OPENSSL_PATH)/crypto/cryptlib.c $(OPENSSL_PATH)/crypto/ctype.c $(OPENSSL_PATH)/crypto/cversion.c - $(OPENSSL_PATH)/crypto/des/cbc_cksm.c - $(OPENSSL_PATH)/crypto/des/cbc_enc.c - $(OPENSSL_PATH)/crypto/des/cfb64ede.c - $(OPENSSL_PATH)/crypto/des/cfb64enc.c - $(OPENSSL_PATH)/crypto/des/cfb_enc.c - $(OPENSSL_PATH)/crypto/des/des_enc.c - $(OPENSSL_PATH)/crypto/des/ecb3_enc.c - $(OPENSSL_PATH)/crypto/des/ecb_enc.c - $(OPENSSL_PATH)/crypto/des/fcrypt.c - $(OPENSSL_PATH)/crypto/des/fcrypt_b.c - $(OPENSSL_PATH)/crypto/des/ofb64ede.c - $(OPENSSL_PATH)/crypto/des/ofb64enc.c - $(OPENSSL_PATH)/crypto/des/ofb_enc.c - $(OPENSSL_PATH)/crypto/des/pcbc_enc.c - $(OPENSSL_PATH)/crypto/des/qud_cksm.c - $(OPENSSL_PATH)/crypto/des/rand_key.c - $(OPENSSL_PATH)/crypto/des/set_key.c - $(OPENSSL_PATH)/crypto/des/str2key.c - $(OPENSSL_PATH)/crypto/des/xcbc_enc.c $(OPENSSL_PATH)/crypto/dh/dh_ameth.c $(OPENSSL_PATH)/crypto/dh/dh_asn1.c $(OPENSSL_PATH)/crypto/dh/dh_check.c @@ -514,8 +495,6 @@ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h $(OPENSSL_PATH)/crypto/conf/conf_def.h $(OPENSSL_PATH)/crypto/conf/conf_lcl.h - $(OPENSSL_PATH)/crypto/des/des_locl.h - $(OPENSSL_PATH)/crypto/des/spr.h $(OPENSSL_PATH)/crypto/dh/dh_locl.h $(OPENSSL_PATH)/crypto/dso/dso_locl.h $(OPENSSL_PATH)/crypto/evp/evp_locl.h diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index 254bc4dbcc..5ceedf5d37 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -62,6 +62,7 @@ BEGIN { "no-cms", "no-ct", "no-deprecated", + "no-des", "no-dgram", "no-dsa", "no-dynamic-engine", --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59533): https://edk2.groups.io/g/devel/message/59533 Mute This Topic: https://groups.io/mt/74201284/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59534+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59534+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448499; cv=none; d=zohomail.com; s=zohoarc; b=TyLd4Ahdv0gIOqgbG/E3vYOAsh9zc8vAG1Y6BYIJ3XoKbQ6Q/qprMhup5OTQdLz6GROasxLo3IFBPZmhyWimv5JRtXbp5Nek0q0jWp4MHEHx54OW1jaIUy4BWp7izLzIjnA6sq2KQHjZyTAe59Z+jUsNZcgoYcciCpiSgvYtgwU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448499; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Qefksgwh4R/1nyxzhGEVFO5s+0nNMG3b8gzXcqd0FAM=; b=mqBxXX4tB5PSRk0dLk+OIoKm+iDbvWgl1wuXAJ5hSeKy94o6We3pSvpT3628WxkfKYpxVt8J71J7HA5s7bRDJE2xAyK76OgSNiNCf2Q+FDT0hygf8m6CDtkblv9U0LSQgvveIbEVqANYwRW/KE58bmFQ6DaLLzbppd/jW0jpOZQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59534+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448499460166.35959099346326; Thu, 14 May 2020 02:28:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id GymSYY1788612xf5CmI71HZX; Thu, 14 May 2020 02:28:19 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:18 -0700 IronPort-SDR: P6TsWclu55oxrZ8AjbSOFEfTV3+0SSPqs3r/uNGagDsywckaE5Afqkagj/XH4eOParA7hbzuMb ltP59Vu9Z7Ug== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:18 -0700 IronPort-SDR: gZCcZA4VxMpMiqZtj8bDNXzjeQYV4/nRxN9vItmQ4Ja7XQd0QuAq9nqzYYEsJh1l642a2ji6eK zvWLiZsUyUNw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840319" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:15 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 08/12] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Date: Thu, 14 May 2020 17:27:48 +0800 Message-Id: <20200514092752.1384-9-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: dfC2gziu83qQ5XxlpR832jflx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448499; bh=q+FMMEsS9DjRGHUcYePZIRpe/spSLG4IZzZORLdfhFc=; h=Cc:Date:From:Reply-To:Subject:To; b=BGUho4xBRsZj4KrCsVSF+kNpva4szBKJADDxJu4FIqqmTp177mma+Su+iz85rBcAlD8 D6Mn3O8AZ3O+7eYCGP23LCVkMn9d9f3qmKxpWRmm2TSos//jZyxBtPrL81nwTWPSpEB4s puwZO9qJZQeut++pEeE+Gw6MwWV0x6hDrTA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Aes Ecb mode is not secure any longer. Remove the Aes Ecb mode support from edk2. Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- V5: Seprate the change of OpensslLib to another patch. Add comments for deprecated functions. CryptoPkg/CryptoPkg.dsc | 45 +++---- CryptoPkg/Driver/Crypto.c | 50 ++------ CryptoPkg/Include/Library/BaseCryptLib.h | 70 ----------- .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ------------------ .../BaseCryptLib/Cipher/CryptAesNull.c | 52 -------- .../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 -------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 76 ------------ CryptoPkg/Private/Protocol/Crypto.h | 61 ++-------- 8 files changed, 42 insertions(+), 478 deletions(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 6ed7046563..1f68cc633b 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,27 +137,30 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Ge= tContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.In= it | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 642d0267d9..1337fea42a 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1801,79 +1801,51 @@ CryptoServiceAesInit ( } =20 /** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + AES ECB Mode is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be= encrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the AES encry= ption output. =20 - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceAesEcbEncrypt ( +DeprecatedCryptoServiceAesEcbEncrypt ( IN VOID *AesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt, (AesCo= ntext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("AesEcbEncrypt"), FALSE; } =20 /** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + AES ECB Mode is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be= decrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the AES decry= ption output. =20 - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceAesEcbDecrypt ( +DeprecatedCryptoServiceAesEcbDecrypt ( IN VOID *AesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt, (AesCo= ntext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("AesEcbDecrypt"), FALSE; } =20 /** @@ -4376,11 +4348,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { DeprecatedCryptoServiceTdesEcbDecrypt, DeprecatedCryptoServiceTdesCbcEncrypt, DeprecatedCryptoServiceTdesCbcDecrypt, - /// AES + /// AES - ECB mode is deprecated and unsupported CryptoServiceAesGetContextSize, CryptoServiceAesInit, - CryptoServiceAesEcbEncrypt, - CryptoServiceAesEcbDecrypt, + DeprecatedCryptoServiceAesEcbEncrypt, + DeprecatedCryptoServiceAesEcbDecrypt, CryptoServiceAesCbcEncrypt, CryptoServiceAesCbcDecrypt, /// Arc4 - deprecated and unsupported diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 621bcfd1c4..86175c7a8a 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1323,76 +1323,6 @@ AesInit ( IN UINTN KeyLength ); =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/L= ibrary/BaseCryptLib/Cipher/CryptAes.c index 2515b34bb8..914cffb211 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c @@ -78,120 +78,6 @@ AesInit ( return TRUE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - AES_KEY *AesKey; - - // - // Check input parameters. - // - if (AesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % AES_BLOC= K_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - AesKey =3D (AES_KEY *) AesContext; - - // - // Perform AES data encryption with ECB mode (block-by-block) - // - while (InputSize > 0) { - AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT); - Input +=3D AES_BLOCK_SIZE; - Output +=3D AES_BLOCK_SIZE; - InputSize -=3D AES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - AES_KEY *AesKey; - - // - // Check input parameters. - // - if (AesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % AES_BLOC= K_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - AesKey =3D (AES_KEY *) AesContext; - - // - // Perform AES data decryption with ECB mode (block-by-block) - // - while (InputSize > 0) { - AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT); - Input +=3D AES_BLOCK_SIZE; - Output +=3D AES_BLOCK_SIZE; - InputSize -=3D AES_BLOCK_SIZE; - } - - return TRUE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoP= kg/Library/BaseCryptLib/Cipher/CryptAesNull.c index a82adacf4f..d235422e7a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c @@ -50,58 +50,6 @@ AesInit ( return FALSE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c b/Cry= ptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c index a82adacf4f..d235422e7a 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c @@ -50,58 +50,6 @@ AesInit ( return FALSE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 43ee4e0841..c937f8540d 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1518,82 +1518,6 @@ AesInit ( CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, KeyLength), FALSE); } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (AesEcbEncrypt, (AesContext, Input, InputSize, Outpu= t), FALSE); -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (AesEcbDecrypt, (AesContext, Input, InputSize, Outpu= t), FALSE); -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index a30660c192..e76ff623a5 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2498,69 +2498,22 @@ BOOLEAN ); =20 /** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. + AES ECB Mode is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_AES_ECB_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT) ( IN VOID *AesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_AES_ECB_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT) ( IN VOID *AesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -3779,11 +3732,11 @@ struct _EDKII_CRYPTO_PROTOCOL { DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt; DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt; DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt; - /// AES + /// AES - ECB Mode is deprecated and unsupported EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; EDKII_CRYPTO_AES_INIT AesInit; - EDKII_CRYPTO_AES_ECB_ENCRYPT AesEcbEncrypt; - EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt; + DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncrypt; + DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecrypt; EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; /// Arc4 - deprecated and unsupported --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59534): https://edk2.groups.io/g/devel/message/59534 Mute This Topic: https://groups.io/mt/74201285/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59535+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59535+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448501; cv=none; d=zohomail.com; s=zohoarc; b=VYrYCi29Zl/lijpAkuoAmWN8FkhAF98kbvhyXzPpVy+DJKsFx+t0/DfzB8noaVJDTWh+LAnZk8ehBVL3m0f5fqfjYilp+zadNvkIn/j15BuNLLUCIJ5anvYvCl8ctjujrMmMm1CKpaolRJYlw3YdTh6PXdhiaQ5l5tIgRPZsJ1Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448501; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qsVp8rVxIEX5y1kG2JcWPt/nUrDUwzYRCLmRV1mqCcE=; b=iHyWg904bHYpU+MK8Z6wTkA+7nkqi/Ru0f8Fcg6cuuL6lTtLmxeOEM02jIDF8A0wzX8Q4o3ktgo/m3qJwTp1ByncjRqC6j+rsdKnH3v376LPNUZ44Ik6zH3TD253ht9L4JDOYV7Z1e2XGYX5rq9HUHi5HDNeLDZVWNApbzYiPRE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59535+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448501446524.5260142757912; Thu, 14 May 2020 02:28:21 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id GbUwYY1788612x94cmEVvIvw; Thu, 14 May 2020 02:28:21 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:20 -0700 IronPort-SDR: 7kMnGxe4IP77rB7S7jmx2gMf6BNWrLSzkXOQcVaLoRk6yxWvZJbJ9uBMyukdn5NNPSHE0wDLF0 XHHpF4TBXPqw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:20 -0700 IronPort-SDR: 74xwILYvFTQ6Ntb10742M3H0FQhET6mcJoy2+A87VhzzCyjxgtfy1JD4JojP0ZFrOQQ4KI6fjO 0Y62UgLjhX6g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840325" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:18 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 09/12] CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib Date: Thu, 14 May 2020 17:27:49 +0800 Message-Id: <20200514092752.1384-10-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: 20TtVIW2Yn7WnfdIMWurVW5sx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448501; bh=d8ZqCOchGl/nj3Fjuetv4rH2wof+VPTcBb1a8ewqP7k=; h=Cc:Date:From:Reply-To:Subject:To; b=vGuhAqxhpf6HnV8ZhjN2mt3SrTq5ZtLFr+8t9BG+ZY4/T6YR5HgE9zeO1/dj4d6inmD rBtwK1N7diel82t/S9cEK8Oqp5aCG0rgXhcs/njNoV6nQtlQj1SqPDyBZcAi8UhbA3Tmb GuXjFLY57MU1cIQe4kqUI+Am4IDntrrLFA4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Add the unrequired aes_ecb files in process_files.pl and run it thru perl. It would remove the unrequired aes_ecb files from OpensslLib inf. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- V5: Add changes thru process_files.pl. CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 - CryptoPkg/Library/OpensslLib/process_files.pl | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index d66f1cb03f..c8ec9454bd 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -29,7 +29,6 @@ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c $(OPENSSL_PATH)/crypto/aes/aes_cfb.c $(OPENSSL_PATH)/crypto/aes/aes_core.c - $(OPENSSL_PATH)/crypto/aes/aes_ecb.c $(OPENSSL_PATH)/crypto/aes/aes_ige.c $(OPENSSL_PATH)/crypto/aes/aes_misc.c $(OPENSSL_PATH)/crypto/aes/aes_ofb.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 5788d13cf7..2f232e3e12 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -29,7 +29,6 @@ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c $(OPENSSL_PATH)/crypto/aes/aes_cfb.c $(OPENSSL_PATH)/crypto/aes/aes_core.c - $(OPENSSL_PATH)/crypto/aes/aes_ecb.c $(OPENSSL_PATH)/crypto/aes/aes_ige.c $(OPENSSL_PATH)/crypto/aes/aes_misc.c $(OPENSSL_PATH)/crypto/aes/aes_ofb.c diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index 5ceedf5d37..65d07a2aed 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -144,6 +144,7 @@ foreach my $product ((@{$unified_info{libraries}}, next if $s =3D~ "crypto/rand/randfile.c"; next if $s =3D~ "crypto/store/"; next if $s =3D~ "crypto/err/err_all.c"; + next if $s =3D~ "crypto/aes/aes_ecb.c"; =20 if ($product =3D~ "libssl") { push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59535): https://edk2.groups.io/g/devel/message/59535 Mute This Topic: https://groups.io/mt/74201287/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59536+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59536+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448504; cv=none; d=zohomail.com; s=zohoarc; b=MTzC7Zmk0h7xuDO6pBmBKDwqCH0xZXf0DPSZdecbhaXkLpBxeK1oS//puz50tG/zQ2QHByT9kabB6dSxbLAsBiz1u7KFWd3WAd7TSPMFyuk1bI/cs1IYB/QsJFNfrlzu4KETKnIY1bFAFkTreseorhejBynZorUkDOh6ja97Rjs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448504; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=aHM033eUieREbQz2HNp25Akb9A1doDzALriofaSE+Do=; b=Cb+tkqJTE67XSqbVK3RdtqAZxITypZzXJBz5U+iaHjndJpm3qnrUZsjThGf+7CxpZ7z66hfXUqpGYwtg2woh4Hc4pf0sfP/TFmWT+zhApPG7hlxf5g6l+Jt/bpLscl5lBXRWhjZRP1VX4Gszf7pQT8ohlRtR772WcTRVlJ3qFPY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59536+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448504636566.1138850634345; Thu, 14 May 2020 02:28:24 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 9zbIYY1788612xoza4XngFNS; Thu, 14 May 2020 02:28:24 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:23 -0700 IronPort-SDR: isiAS1Xe6SuOB30BZQKD1qfTcCGksd3DXCneGCuFDfGvZgeKg+b7who6jjG31H++tP2BKUfjsC WXBGZTAaiV0A== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:23 -0700 IronPort-SDR: reLZulzvFX2hzvAj7vMsqky6TCQgP+SjuGQ3m7EiMJDD4hzCUAqaya90+4L7X+1pTrbhCnr2Kx rAonkRAvrqXw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840347" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:20 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 10/12] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Date: Thu, 14 May 2020 17:27:50 +0800 Message-Id: <20200514092752.1384-11-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: zJMNX5EBomACWImev2imuN6yx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448504; bh=sL4jk0AWcThmeXLeQ1hccCFPofdtxg8ndve5AOYmwEo=; h=Cc:Date:From:Reply-To:Subject:To; b=afHPkdo+0gkoRDRHtpWtKIufkw7ZMzosTjXSdM6ifk7USPdecN+CC5fCeL4MFnpoBe0 P6Pu6e8pP0uV6XwKgD8phDJQG7kKusKXyWM/E8u0Ml1HDe+GpBzGxbk3x0OB18LawkzK7 /HOLX76Q2KjCxQNOiVqPP5nWBBYsQApzjug= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 HMAC MD5 is not secure any longer. Remove the HMAC MD5 support from edk2. Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- V5: Add comments for deprecated functions. CryptoPkg/CryptoPkg.dsc | 1 - CryptoPkg/Driver/Crypto.c | 96 +++----- CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------ .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------ CryptoPkg/Private/Protocol/Crypto.h | 117 ++-------- 16 files changed, 55 insertions(+), 960 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Nul= l.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 1f68cc633b..9ddf73f9fa 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,7 +137,6 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 1337fea42a..1cd5923ce2 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1160,154 +1160,120 @@ CryptoServiceSm3HashAll ( //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. @retval NULL This interface is not supported. =20 **/ VOID * EFIAPI -CryptoServiceHmacMd5New ( +DeprecatedCryptoServiceHmacMd5New ( VOID ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), NULL); + return BaseCryptLibServiceDeprecated ("HmacMd5New"), NULL; } =20 /** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. =20 **/ VOID EFIAPI -CryptoServiceHmacMd5Free ( +DeprecatedCryptoServiceHmacMd5Free ( IN VOID *HmacMd5Ctx ) { - CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, (HmacMd5Ctx)= ); + BaseCryptLibServiceDeprecated ("HmacMd5Free"); } =20 /** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] HmacMd5Context Pointer to HMAC-MD5 context. @param[in] Key Pointer to the user-supplied key. @param[in] KeySize Key size in bytes. =20 - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5SetKey ( +DeprecatedCryptoServiceHmacMd5SetKey ( OUT VOID *HmacMd5Context, IN CONST UINT8 *Key, IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, (HmacM= d5Context, Key, KeySize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5SetKey"), FALSE; } =20 /** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. =20 - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5Duplicate ( +DeprecatedCryptoServiceHmacMd5Duplicate ( IN CONST VOID *HmacMd5Context, OUT VOID *NewHmacMd5Context ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, HmacMd5Duplicate, = (HmacMd5Context, NewHmacMd5Context), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5Duplicate"), FALSE; } =20 /** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[in] Data Pointer to the buffer containing the da= ta to be digested. @param[in] DataSize Size of Data buffer in bytes. =20 - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5Update ( +DeprecatedCryptoServiceHmacMd5Update ( IN OUT VOID *HmacMd5Context, IN CONST VOID *Data, IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, (HmacM= d5Context, Data, DataSize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5Update"), FALSE; } =20 /** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest value (16 bytes). =20 - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5Final ( +DeprecatedCryptoServiceHmacMd5Final ( IN OUT VOID *HmacMd5Context, OUT UINT8 *HmacValue ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, (HmacMd5= Context, HmacValue), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5Final"), FALSE; } =20 /** @@ -4234,13 +4200,13 @@ CryptoServiceTlsGetCertRevocationList ( const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { /// Version CryptoServiceGetCryptoVersion, - /// HMAC MD5 - CryptoServiceHmacMd5New, - CryptoServiceHmacMd5Free, - CryptoServiceHmacMd5SetKey, - CryptoServiceHmacMd5Duplicate, - CryptoServiceHmacMd5Update, - CryptoServiceHmacMd5Final, + /// HMAC MD5 - deprecated and unsupported + DeprecatedCryptoServiceHmacMd5New, + DeprecatedCryptoServiceHmacMd5Free, + DeprecatedCryptoServiceHmacMd5SetKey, + DeprecatedCryptoServiceHmacMd5Duplicate, + DeprecatedCryptoServiceHmacMd5Update, + DeprecatedCryptoServiceHmacMd5Final, /// HMAC SHA1 CryptoServiceHmacSha1New, CryptoServiceHmacSha1Free, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 86175c7a8a..b99401661c 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -880,139 +880,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ); - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 2de8e9c346..33d7c13bff 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -34,7 +34,6 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacMd5.c Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c deleted file mode 100644 index da46ce09f4..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *) HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || KeySize > INT_MAX) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP= _md5(), NULL) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || NewHmacMd5Context =3D=3D NULL) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Con= text) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 digest computation and retrieves the di= gest value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || HmacValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) !=3D 1) { - return FALSE; - } - if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/Crypt= oPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f631f8d879..2a630ef290 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index c906935d3d..95c71a8ae2 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// Note: HMAC-SHA1 functions, AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certific= ate handler functions, authenticode signature verification functions, PEM h= andler functions, and pseudorandom number generator functions are not suppo= rted in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, X.509 certificate handler function= s, authenticode signature verification functions, PEM handler functions, an= d pseudorandom number generator functions are not supported in this instanc= e." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 672e19299c..1642521087 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index 0a3bb1c04f..f7e1acb3a7 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// Note: HMAC-SHA1 functions, AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc3556ae3f..ec9c8e7c05 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external +# HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -39,7 +39,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 2e362c635f..8eb3acac93 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// Note: HMAC-SHA1 functions, AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 04b552f8b7..558ccfc002 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -34,7 +34,6 @@ Hash/CryptSha256Null.c Hash/CryptSha512Null.c Hash/CryptSm3Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/C= ryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index c937f8540d..dfe7fb7e91 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1015,157 +1015,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5New, (), NULL); -} - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - CALL_VOID_CRYPTO_SERVICE (HmacMd5Free, (HmacMd5Ctx)); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5SetKey, (HmacMd5Context, Key, KeySize), FALS= E); -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Contex= t), FALSE); -} - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5Update, (HmacMd5Context, Data, DataSize), FA= LSE); -} - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5Final, (HmacMd5Context, HmacValue), FALSE); -} - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index e76ff623a5..bd4cd7f383 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -43,135 +43,48 @@ UINTN // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef VOID* -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_NEW) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW) ( VOID ); =20 -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ typedef VOID -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FREE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE) ( IN VOID *HmacMd5Ctx ); =20 -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE HMAC-MD5 context initialization succeeded. - @retval FALSE HMAC-MD5 context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( OUT VOID *HmacMd5Context, IN CONST UINT8 *Key, IN UINTN KeySize ); =20 -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( IN CONST VOID *HmacMd5Context, OUT VOID *NewHmacMd5Context ); =20 -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_UPDATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE) ( IN OUT VOID *HmacMd5Context, IN CONST VOID *Data, IN UINTN DataSize ); =20 - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FINAL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL) ( IN OUT VOID *HmacMd5Context, OUT UINT8 *HmacValue ); @@ -3618,13 +3531,13 @@ EFI_STATUS struct _EDKII_CRYPTO_PROTOCOL { /// Version EDKII_CRYPTO_GET_VERSION GetVersion; - /// HMAC MD5 - EDKII_CRYPTO_HMAC_MD5_NEW HmacMd5New; - EDKII_CRYPTO_HMAC_MD5_FREE HmacMd5Free; - EDKII_CRYPTO_HMAC_MD5_SET_KEY HmacMd5SetKey; - EDKII_CRYPTO_HMAC_MD5_DUPLICATE HmacMd5Duplicate; - EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update; - EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final; + /// HMAC MD5 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Free; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5SetKey; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplica= te; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final; /// HMAC SHA1 EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59536): https://edk2.groups.io/g/devel/message/59536 Mute This Topic: https://groups.io/mt/74201288/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59537+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59537+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448508; cv=none; d=zohomail.com; s=zohoarc; b=mbEVh/+gDXEwgpt6ME6n+iXp7NIfjXcoeSqYkRD/f7kTxHL/YrqUZ8BL3su0pZ1o6AGldxRkJEQ0zCAVEZCmw21xPyNaE6L9yyTZUOIfRGFzpoaIqVQXA9sG3Yp81W42J8Lw309V3e1Qo9kvu0GTSetykIFG2apsw9l2aGba4JI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448508; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=9xrj1sw07CnfQI5WZzdjPxVbYsgV2+GGmDO6qa14K0s=; b=Wt/NqlXzHhpoJEfI8B0o79gy8e+iReZ1QmTkJrN4MKwBVcEXLRidQDLKTzIVAForRxaPlpIAoE8M4Zz0iHlIlGYUG53cTci4RwI0KNTLHeKXc2T3UGb2ZrEUR4fAh0NNKP6VVWVBvssKgmjQ3oPjJHPYztTd+Mdc9/mdWAbeQ8M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59537+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448508676240.01933600072994; Thu, 14 May 2020 02:28:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id SB6LYY1788612x7JdiiPosn4; Thu, 14 May 2020 02:28:27 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:26 -0700 IronPort-SDR: 8SlAboapttl7br1tHTFyPeHeV7ArwYpq2dqfL7k/D94LeIy3HGdwB8GC5RSUFPasGSHtkCm4Yi jgIxG+MnFsYg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:26 -0700 IronPort-SDR: I+bi2eiV0oRcT/pDDC7zZAFiEWodCoaOiJQAEO82JMWKT7aGjlAEt+fXpynq8370CCW3J18gUr u5VvqwFxUJvQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840360" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:23 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 11/12] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Date: Thu, 14 May 2020 17:27:51 +0800 Message-Id: <20200514092752.1384-12-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: rPmKPBGg4s7RDH5gCxaaQ9UIx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448507; bh=S3J+fLFD1eAWXFZz97pwlha+ubMyd6CAmz7bGoMCqCQ=; h=Cc:Date:From:Reply-To:Subject:To; b=awLoaGkd6cF795bLyX0GonAZE2HbRE0qNhAWJiIT5IVynZfMHeNXF4wcsX+S7wSMqFZ YQgsHu33yE9CecF9u4mERxoEMKwVEpTLw9AAIqNIYxDEldl3TgHe4NybN1Xb4Q4DJOmk3 Cbg/V0WI1G62n5kuQn7DReAUkJkukgS5rTA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 HMAC SHA1 is not secure any longer. Remove the HMAC SHA1 support from edk2. Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Signed-off-by: Zhichao Gao --- V5: Add comments for deprecated functions. CryptoPkg/CryptoPkg.dsc | 3 - CryptoPkg/Driver/Crypto.c | 96 +++----- CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ------------------ .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 4 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------ CryptoPkg/Private/Protocol/Crypto.h | 121 ++-------- 16 files changed, 55 insertions(+), 967 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu= ll.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 9ddf73f9fa..1af78468a1 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,7 +137,6 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -163,7 +162,6 @@ !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -178,7 +176,6 @@ !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_DXE_MIN_SMM - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs1v2Encrypt | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs5HashPassword | TRUE diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 1cd5923ce2..73ae566755 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1277,154 +1277,120 @@ DeprecatedCryptoServiceHmacMd5Final ( } =20 /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - If this interface is not supported, then return NULL. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. @return NULL This interface is not supported. =20 **/ VOID * EFIAPI -CryptoServiceHmacSha1New ( +DeprecatedCryptoServiceHmacSha1New ( VOID ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.New, HmacSha1New, (), NULL); + return BaseCryptLibServiceDeprecated ("HmacSha1New"), NULL; } =20 /** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. =20 **/ VOID EFIAPI -CryptoServiceHmacSha1Free ( +DeprecatedCryptoServiceHmacSha1Free ( IN VOID *HmacSha1Ctx ) { - CALL_VOID_BASECRYPTLIB (HmacSha1.Services.Free, HmacSha1Free, (HmacSha1C= tx)); + BaseCryptLibServiceDeprecated ("HmacSha1Free"); } =20 /** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. @param[in] Key Pointer to the user-supplied key. @param[in] KeySize Key size in bytes. =20 - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacSha1SetKey ( +DeprecatedCryptoServiceHmacSha1SetKey ( OUT VOID *HmacSha1Context, IN CONST UINT8 *Key, IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.SetKey, HmacSha1SetKey, (Hma= cSha1Context, Key, KeySize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1SetKey"), FALSE; } =20 /** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. =20 - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacSha1Duplicate ( +DeprecatedCryptoServiceHmacSha1Duplicate ( IN CONST VOID *HmacSha1Context, OUT VOID *NewHmacSha1Context ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Duplicate, HmacSha1Duplicate= , (HmacSha1Context, NewHmacSha1Context), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1Duplicate"), FALSE; } =20 /** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. @param[in] Data Pointer to the buffer containing the da= ta to be digested. @param[in] DataSize Size of Data buffer in bytes. =20 - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacSha1Update ( +DeprecatedCryptoServiceHmacSha1Update ( IN OUT VOID *HmacSha1Context, IN CONST VOID *Data, IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Update, HmacSha1Update, (Hma= cSha1Context, Data, DataSize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1Update"), FALSE; } =20 /** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the dig= est value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest value (20 bytes). =20 - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacSha1Final ( +DeprecatedCryptoServiceHmacSha1Final ( IN OUT VOID *HmacSha1Context, OUT UINT8 *HmacValue ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, (HmacS= ha1Context, HmacValue), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1Final"), FALSE; } =20 /** @@ -4207,13 +4173,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { DeprecatedCryptoServiceHmacMd5Duplicate, DeprecatedCryptoServiceHmacMd5Update, DeprecatedCryptoServiceHmacMd5Final, - /// HMAC SHA1 - CryptoServiceHmacSha1New, - CryptoServiceHmacSha1Free, - CryptoServiceHmacSha1SetKey, - CryptoServiceHmacSha1Duplicate, - CryptoServiceHmacSha1Update, - CryptoServiceHmacSha1Final, + /// HMAC SHA1 - deprecated and unsupported + DeprecatedCryptoServiceHmacSha1New, + DeprecatedCryptoServiceHmacSha1Free, + DeprecatedCryptoServiceHmacSha1SetKey, + DeprecatedCryptoServiceHmacSha1Duplicate, + DeprecatedCryptoServiceHmacSha1Update, + DeprecatedCryptoServiceHmacSha1Final, /// HMAC SHA256 CryptoServiceHmacSha256New, CryptoServiceHmacSha256Free, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index b99401661c..1b1ffa75ef 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -880,139 +880,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ); - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the dig= est value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 33d7c13bff..4aae2aba95 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -34,7 +34,6 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPk= g/Library/BaseCryptLib/Hmac/CryptHmacSha1.c deleted file mode 100644 index 7593ca55b1..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *) HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL || KeySize > INT_MAX) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EV= P_sha1(), NULL) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL || NewHmacSha1Context =3D=3D NULL) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1C= ontext) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA1 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 digest computation and retrieves the d= igest value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL || HmacValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA1 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) !=3D 1)= { - return FALSE; - } - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/Cryp= toPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c deleted file mode 100644 index e8c0f341b7..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation which does not provide real capabilitie= s. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 2a630ef290..dc28e3a11d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-SHA1/SHA256 functions, AES functions, RSA external +# HMAC-SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 95c71a8ae2..20ae64e8bf 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-SHA1 functions, AES +// Note: AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, X.509 certificate handler function= s, authenticode signature verification functions, PEM handler functions, an= d pseudorandom number generator functions are not supported in this instanc= e." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, X.509 certificate handler functions, authenticode signa= ture verification functions, PEM handler functions, and pseudorandom number= generator functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 1642521087..5005beed02 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-SHA1/SHA256 functions, AES functions, RSA external +# HMAC-SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index f7e1acb3a7..0cf378c5ab 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-SHA1 functions, AES +// Note: AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index ec9c8e7c05..91ec3e03bf 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,8 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-SHA1 functions, RSA external -# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and +# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellma= n functions, and # authenticode signature verification functions are not supported in this= instance. # # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
@@ -39,7 +38,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 8eb3acac93..f0c33abbcf 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-SHA1 functions, AES +// Note: AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 558ccfc002..689af4fedd 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -34,7 +34,6 @@ Hash/CryptSha256Null.c Hash/CryptSha512Null.c Hash/CryptSm3Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/= CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c deleted file mode 100644 index e8c0f341b7..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation which does not provide real capabilitie= s. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index dfe7fb7e91..a614b61ed4 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1015,157 +1015,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1New, (), NULL); -} - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - CALL_VOID_CRYPTO_SERVICE (HmacSha1Free, (HmacSha1Ctx)); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1SetKey, (HmacSha1Context, Key, KeySize), FA= LSE); -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Con= text), FALSE); -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1Update, (HmacSha1Context, Data, DataSize), = FALSE); -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the dig= est value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context, HmacValue), FALSE); -} - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index bd4cd7f383..d167390774 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -89,140 +89,49 @@ BOOLEAN OUT UINT8 *HmacValue ); =20 - /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef VOID* -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_NEW) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW) ( VOID ); =20 -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ typedef VOID -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FREE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE) ( IN VOID *HmacSha1Ctx ); =20 - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_SET_KEY) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY) ( OUT VOID *HmacSha1Context, IN CONST UINT8 *Key, IN UINTN KeySize ); =20 - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) ( IN CONST VOID *HmacSha1Context, OUT VOID *NewHmacSha1Context ); =20 - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_UPDATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE) ( IN OUT VOID *HmacSha1Context, IN CONST VOID *Data, IN UINTN DataSize ); =20 - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the dig= est value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FINAL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL) ( IN OUT VOID *HmacSha1Context, OUT UINT8 *HmacValue ); @@ -3538,13 +3447,13 @@ struct _EDKII_CRYPTO_PROTOCOL { DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplica= te; DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update; DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final; - /// HMAC SHA1 - EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; - EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; - EDKII_CRYPTO_HMAC_SHA1_SET_KEY HmacSha1SetKey; - EDKII_CRYPTO_HMAC_SHA1_DUPLICATE HmacSha1Duplicate; - EDKII_CRYPTO_HMAC_SHA1_UPDATE HmacSha1Update; - EDKII_CRYPTO_HMAC_SHA1_FINAL HmacSha1Final; + /// HMAC SHA1 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW DeprecatedHmacSha1New; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE DeprecatedHmacSha1Free; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY DeprecatedHmacSha1SetKey; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE DeprecatedHmacSha1Duplic= ate; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE DeprecatedHmacSha1Update; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL DeprecatedHmacSha1Final; /// HMAC SHA256 EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New; EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59537): https://edk2.groups.io/g/devel/message/59537 Mute This Topic: https://groups.io/mt/74201289/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 06:45:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59538+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59538+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589448509; cv=none; d=zohomail.com; s=zohoarc; b=D0Guq/277Cr/SUkTTNKMc0zrtExiBlXCKi0yiIPBhpkahL0GpTQQn2+izvvafHbW/8xlyVQEghsislYbiNsFx7WYtPv0bgt8cbkI7xMp4TZiDSoxDMDtlq1Y2JfB+aBHBoUdT6Y0+64WJzzOx9/XRtKJKmX/AfWyEiSWNFiJaio= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589448509; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=m3A9RcERJfrUkQn8DcAhKn0Jx9i+P7FqdzFARvG796E=; b=TbobfbJ/SyQLnSdjWRHNVqg1DuiJRZ/7c/rS/cTp8hXXp5BVQz4/v+GMdkz5eOOl/3sPm3N/YpDkhEqLH8WknYqbHQc8BS8X82Evz3lPoNYnqvxKmTQMVLJXuW608YAcTrcmepsUq4v3jaxpIWwXzQhaMV9mdaITPvcNfoTqC7s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59538+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589448509557772.3017674707887; Thu, 14 May 2020 02:28:29 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id vA4kYY1788612xqGnd37JL9j; Thu, 14 May 2020 02:28:29 -0700 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8744.1589448478745180118 for ; Thu, 14 May 2020 02:28:28 -0700 IronPort-SDR: wknUzC/OXVY7GdeQQeG+1Dm/S5jqXmPRXHYmMaX+8hWnMmI0J1ihkb216IS4iuLRv8bZdGXZvH EvRtUb6esTlg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 02:28:28 -0700 IronPort-SDR: zlOxx1vtCTJZvMZy1bJ0OqK0E2Dd5yM2aknx5qd6e5ai3bGcrovHAZ53RNkBBPl0HfK084uwLu No+ULwIKCgLg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="437840374" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga005.jf.intel.com with ESMTP; 14 May 2020 02:28:26 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V5 12/12] CryptoPkg/Crypto.h: Update the version of Crypto Driver Date: Thu, 14 May 2020 17:27:52 +0800 Message-Id: <20200514092752.1384-13-zhichao.gao@intel.com> In-Reply-To: <20200514092752.1384-1-zhichao.gao@intel.com> References: <20200514092752.1384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: YWGRYPSGiQmjZNZY3UTd8h6gx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589448509; bh=yD9wm8f9QCyUjR6MdN/tq9OsiYA9iDm0h48S48n8tJg=; h=Cc:Date:From:Reply-To:Subject:To; b=D3hzcwAaA+Mcm3kqmariawaoN85zE0zi57B2ySebsioj2eBOOfUYfDgkSes3OTs5mJN SlDIv3pYt2+OeXqBdmENvuIY/imdIYgU9juGpb2eoTCN72lnoJT4NtepfesMCL0+NK/t5 W+EW7SFUbLYItEyZlh4dCnfvXoOJhN3Mkxw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 The binary is totally changed, so update the Crypto Version to 7: 1. Retire below deprecated function: MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1 Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/Private/Protocol/Crypto.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index d167390774..c399e0d67a 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2,6 +2,7 @@ This Protocol provides Crypto services to DXE modules =20 Copyright (C) Microsoft Corporation. All rights reserved. + Copyright (c) 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -20,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be /// increased. /// -#define EDKII_CRYPTO_VERSION 6 +#define EDKII_CRYPTO_VERSION 7 =20 /// /// EDK II Crypto Protocol forward declaration --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59538): https://edk2.groups.io/g/devel/message/59538 Mute This Topic: https://groups.io/mt/74201290/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-