From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59630+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59630+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517611; cv=none; d=zohomail.com; s=zohoarc; b=KnaNL1PeIfi2WPYiKVdJ57oN9/21KF8M1jdODxFjog0J7J8Yuo1GnF7gKXndqYQA9RPlNkCIA71iWn4FfkHhElimc2dbPGta7faTc6ijb8IDi4bnU7qdIZNQN/OzL7rbH3A1VKuyhQq5xCFex5l2tqG+oNpsHXBQr2TPZrEcnZM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517611; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Ln4pLwvsab04JKq2txUKYq+VrrNdtllQnxRiaM+MStc=; b=STozzjkZozQWHr1rgD4qde7iW+YC4pbTHFBV5y3v8AiBZrtGruhAD8UwhvSjiO8yakOD9vgpruQktzrckRl62T4Z1qdw7OCxhVjVeN61BOefDMSVhNe4zwKYnjd0tjZwDk+AYSErlWLyB6unjBgoogCfl/yvHAsOyOwEogWLHXQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59630+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517611078599.7601096329913; Thu, 14 May 2020 21:40:11 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id SHH2YY1788612xCDTYg9AS8N; Thu, 14 May 2020 21:40:10 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:04 -0700 IronPort-SDR: +tt2eXnCcaQcUjH8pfReftU0xrDu9HPQd4SvyBCRVaoCK1EMSN3GppbnnM9XjRIiOPbEw2C2vJ CWXwo1Zkc7Zw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:04 -0700 IronPort-SDR: SCFoCliqaXjaFpGyKvQSoDubeQHAesIRaId5PcO0of/PAzKm9PFN6m5zwA0lEPNaE1BMTerl5L lB1qQQGJ1saA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317435" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:02 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 01/13] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm Date: Fri, 15 May 2020 12:39:36 +0800 Message-Id: <20200515043948.15028-2-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: jcrtcslezERnsELsoeIRXeHMx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517610; bh=rWPkRrWbYZNm0z595l0tKZRJ5Y9EzduTIkjUBSPNfAk=; h=Cc:Date:From:Reply-To:Subject:To; b=OZN4wECVhwIX+eDMr0rKqOhV8Iof6LGftumslqExK+jD+0oJbJA6P+qvC3+1U4lXOuM Ysqvn00tHjc12Pf44gzxZyVaDZbxKA3N1Fh3enZ8/ULsmh5b1Hxl6jl2GUZJCPQ3ov3a6 hgpgppc0cQ9Rdto08g50fza1F32OIsDTo7k= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Add a internal worker function to indicate the deprecated functions. It would print out debug messages and asserts to inform the consumer they are using a deprecated function. Change the Name of BaseCryptLibServciceNotEnabled to correct spelling BaseCryptLibServiceNotEnabled. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 35bf2d3d92..ed0083cccf 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -41,7 +41,7 @@ #define CALL_BASECRYPTLIB(Enable, Function, Args, ErrorReturnValue) \ EDKII_CRYPTO_PCD->Enable \ ? Function Args \ - : (BaseCryptLibServciceNotEnabled (#Function), ErrorReturnValue) + : (BaseCryptLibServiceNotEnabled (#Function), ErrorReturnValue) =20 /** A macro used to call a void BaseCryptLib function if it is enabled. @@ -61,7 +61,7 @@ #define CALL_VOID_BASECRYPTLIB(Enable, Function, Args) \ EDKII_CRYPTO_PCD->Enable \ ? Function Args \ - : BaseCryptLibServciceNotEnabled (#Function) + : BaseCryptLibServiceNotEnabled (#Function) =20 /** Internal worker function that prints a debug message and asserts if a ca= ll is @@ -78,7 +78,7 @@ **/ static VOID -BaseCryptLibServciceNotEnabled ( +BaseCryptLibServiceNotEnabled ( IN CONST CHAR8 *FunctionName ) { @@ -86,6 +86,24 @@ BaseCryptLibServciceNotEnabled ( ASSERT_EFI_ERROR (EFI_UNSUPPORTED); } =20 +/** + Internal worker function that prints a debug message and asserts if a ca= ll is + made to a BaseCryptLib function that is deprecated and unsupported any l= onger. + + @param[in] FunctionName Null-terminated ASCII string that is the name = of an + EDK II Crypto service. + +**/ +static +VOID +BaseCryptLibServiceDeprecated ( + IN CONST CHAR8 *FunctionName + ) +{ + DEBUG ((DEBUG_ERROR, "[%a] Function %a() is deprecated and unsupported a= ny longer\n", gEfiCallerBaseName, FunctionName)); + ASSERT_EFI_ERROR (EFI_UNSUPPORTED); +} + /** Returns the version of the EDK II Crypto Protocol. =20 --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59630): https://edk2.groups.io/g/devel/message/59630 Mute This Topic: https://groups.io/mt/74221324/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59631+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59631+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517611; cv=none; d=zohomail.com; s=zohoarc; b=ivAu//y+7AFhmUoGXlJVZluFRSZBQmf6o5U7JG68cW4LJCYqQv9lvZhJTDPweA9h5upXaOvSK3UQGiUAa5m8Udik3XsM+G6QFoFo6r4mk/+jdDO+F8GcCv11Wkm0ERcbizoRdYZfs4k/uW/bULHacTWF5nlWW0HLA5MBd4YGXrk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517611; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=t6Q9VypnSEwvKq6ZDNPOvOPn+MqPAeMvD8AFuR5OGRM=; b=czg6g4VdlJrgwbHft0+d0fBV1nveQYf2DVngu7GKcDr8gr7AMnDc2aiecB9aBSY2ZykIdxX4eBS+cw7nOd6wJ78+yGWwPlenc/5jG1I3u/Zp+0/x4RiCWwmtMTolAikbUGUVhQG2PcOxk6XeNGnvi8vRe/GWoJLJxfAkfrnYp0A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59631+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517611711454.4463446929889; Thu, 14 May 2020 21:40:11 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id hHRsYY1788612xQOlpbEXn2R; Thu, 14 May 2020 21:40:11 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:07 -0700 IronPort-SDR: WeE4JrPUTZKyu8OV/hEYUgzHrgwqn7AH5f4uxRx8F+VOx38S6iHMNmIwieCBE12AVE4vTHLHBo p863Z7Tji7Wg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:06 -0700 IronPort-SDR: 7dnCTUXzB4h3WBZ1KGcYx1QBjBIab5aIi7jMPNfAPHfKQlTo7Ms3iyhXt1wi4A3zP0DnnnzNP8 EaotsMW78u6Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317452" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:04 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 02/13] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Date: Fri, 15 May 2020 12:39:37 +0800 Message-Id: <20200515043948.15028-3-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: qMmPhs0pFh0yi3US85vZAckvx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517611; bh=AGQRYnGDGbMjsfEBxTrtbdphmS7TArjPRzl3rZ1941E=; h=Cc:Date:From:Reply-To:Subject:To; b=kVYtq4jvwIuY87KMHAe/hy9vlvmjMctzTrnNudkDQRZZgxN4KJ+TSceAE1N9R4KSWsN SVj3Dp0LKDmoMwmKTId21vMkj5qa/eadEZ0+qn4f2f+6/t5+Mbg00XVftTsnb3Q4z0g+X wZABChTVZrC3Z0kTdbuJQQWFsCq8Q50+JO0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 MD4 is not secure any longer. Remove the MD4 support from edk2. Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 1 - CryptoPkg/Driver/Crypto.c | 100 +++----- CryptoPkg/Include/Library/BaseCryptLib.h | 145 ------------ .../Library/BaseCryptLib/BaseCryptLib.inf | 3 +- .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------------------ .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 5 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 6 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 5 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 6 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 158 ------------- CryptoPkg/Private/Protocol/Crypto.h | 123 ++-------- 16 files changed, 62 insertions(+), 1011 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index f79ff331cf..6ed7046563 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -140,7 +140,6 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index ed0083cccf..53ee0edea5 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -124,161 +124,123 @@ CryptoServiceGetCryptoVersion ( //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. @retval 0 This interface is not supported. =20 **/ UINTN EFIAPI -CryptoServiceMd4GetContextSize ( +DeprecatedCryptoServiceMd4GetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, Md4GetContextSize= , (), 0); + return BaseCryptLibServiceDeprecated ("Md4GetContextSize"), 0; } =20 /** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] Md4Context Pointer to MD4 context being initialized. =20 - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4Init ( +DeprecatedCryptoServiceMd4Init ( OUT VOID *Md4Context ) { - return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), FALS= E); + return BaseCryptLibServiceDeprecated ("Md4Init"), FALSE; } =20 /** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] Md4Context Pointer to MD4 context being copied. @param[out] NewMd4Context Pointer to new MD4 context. =20 - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4Duplicate ( +DeprecatedCryptoServiceMd4Duplicate ( IN CONST VOID *Md4Context, OUT VOID *NewMd4Context ) { - return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, (Md4Cont= ext, NewMd4Context), FALSE); + return BaseCryptLibServiceDeprecated ("Md4Duplicate"), FALSE; } =20 /** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Md4Context Pointer to the MD4 context. @param[in] Data Pointer to the buffer containing the data t= o be hashed. @param[in] DataSize Size of Data buffer in bytes. =20 - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4Update ( +DeprecatedCryptoServiceMd4Update ( IN OUT VOID *Md4Context, IN CONST VOID *Data, IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, (Md4Context, D= ata, DataSize), FALSE); + return BaseCryptLibServiceDeprecated ("Md4Update"), FALSE; } =20 /** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Md4Context Pointer to the MD4 context. @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest value (16 bytes). =20 - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4Final ( +DeprecatedCryptoServiceMd4Final ( IN OUT VOID *Md4Context, OUT UINT8 *HashValue ) { - return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, Has= hValue), FALSE); + return BaseCryptLibServiceDeprecated ("Md4Final"), FALSE; } =20 /** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] Data Pointer to the buffer containing the data to be= hashed. @param[in] DataSize Size of Data buffer in bytes. @param[out] HashValue Pointer to a buffer that receives the MD4 digest value (16 bytes). =20 - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceMd4HashAll ( +DeprecatedCryptoServiceMd4HashAll ( IN CONST VOID *Data, IN UINTN DataSize, OUT UINT8 *HashValue ) { - return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, DataS= ize, HashValue), FALSE); + return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE; } =20 /** @@ -4440,13 +4402,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceHmacSha256Duplicate, CryptoServiceHmacSha256Update, CryptoServiceHmacSha256Final, - /// Md4 - CryptoServiceMd4GetContextSize, - CryptoServiceMd4Init, - CryptoServiceMd4Duplicate, - CryptoServiceMd4Update, - CryptoServiceMd4Final, - CryptoServiceMd4HashAll, + /// Md4 - deprecated and unsupported + DeprecatedCryptoServiceMd4GetContextSize, + DeprecatedCryptoServiceMd4Init, + DeprecatedCryptoServiceMd4Duplicate, + DeprecatedCryptoServiceMd4Update, + DeprecatedCryptoServiceMd4Final, + DeprecatedCryptoServiceMd4HashAll, /// Md5 CryptoServiceMd5GetContextSize, CryptoServiceMd5Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 5e8f2e0a10..c862f0334f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include =20 -/// -/// MD4 digest size in bytes -/// -#define MD4_DIGEST_SIZE 16 - /// /// MD5 digest size in bytes /// @@ -77,146 +72,6 @@ typedef enum { // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ); - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ); - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ); - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ); - /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index a63ad66b4f..22992e7d43 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -6,7 +6,7 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All righ= ts reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -29,7 +29,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Lib= rary/BaseCryptLib/Hash/CryptMd4.c deleted file mode 100644 index bc02da07b0..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c +++ /dev/null @@ -1,223 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - // - // Retrieves the OpenSSL MD4 Context Size - // - return (UINTN) (sizeof (MD4_CTX)); -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Context Initialization - // - return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context)); -} - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL || NewMd4Context =3D=3D NULL) { - return FALSE; - } - - CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX)); - - return TRUE; -} - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Update - // - return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize)); -} - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (Md4Context =3D=3D NULL || HashValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Finalization - // - return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context)); -} - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (HashValue =3D=3D NULL) { - return FALSE; - } - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Computation. - // - if (MD4 (Data, DataSize, HashValue) =3D=3D NULL) { - return FALSE; - } else { - return TRUE; - } -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c b/CryptoPkg= /Library/BaseCryptLib/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabiliti= es. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index c836c257f8..e9add0127d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -6,14 +6,14 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, +# Note: # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not # supported in this instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -35,7 +35,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 9937555beb..374bfb3f65 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,13 +6,13 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AE= S/ +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number // generator functions are not supported in this instance. // -// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
// // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: MD4 = Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 f= unctions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-= Hellman functions, X.509 certificate handler functions, authenticode signat= ure verification functions, PEM handler functions, and pseudorandom number = generator functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.5= 09 certificate handler functions, authenticode signature verification funct= ions, PEM handler functions, and pseudorandom number generator functions ar= e not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index e5b8ececc1..0a2eb03232 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All righ= ts reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -35,7 +35,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index c0a16f1b84..b6d751176e 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,12 +6,12 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AE= S/ +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // -// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
// // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: MD4 = Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 f= unctions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-= Hellman functions, and authenticode signature verification functions are no= t supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and= authenticode signature verification functions are not supported in this in= stance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc0b65fd25..139983075e 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest fu= nctions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA exter= nal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -34,7 +34,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 83485fbb90..b8d7953d2b 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,12 +6,12 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AE= S/ +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // -// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
// // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: MD4 = Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 f= unctions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-= Hellman functions, and authenticode signature verification functions are no= t supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and= authenticode signature verification functions are not supported in this in= stance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 9b4991cbb0..b03681b146 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -29,7 +29,6 @@ =20 [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5Null.c Hash/CryptSha1Null.c Hash/CryptSha256Null.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c b/Crypt= oPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabiliti= es. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index c2a1df9afc..5e470028f4 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -99,164 +99,6 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (Md4GetContextSize, (), 0); -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - CALL_CRYPTO_SERVICE (Md4Init, (Md4Context), FALSE); -} - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - CALL_CRYPTO_SERVICE (Md4Duplicate, (Md4Context, NewMd4Context), FALSE); -} - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - CALL_CRYPTO_SERVICE (Md4Update, (Md4Context, Data, DataSize), FALSE); -} - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - CALL_CRYPTO_SERVICE (Md4Final, (Md4Context, HashValue), FALSE); -} - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - CALL_CRYPTO_SERVICE (Md4HashAll, (Data, DataSize, HashValue), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 40c387e002..ae0f29695c 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -451,145 +451,52 @@ BOOLEAN //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for MD4 has= h operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash= operations. - @retval 0 This interface is not supported. + MD4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef UINTN -(EFIAPI *EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) ( VOID ); =20 =20 -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash conte= xt for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_INIT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_INIT) ( OUT VOID *Md4Context ); =20 =20 -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_DUPLICATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE) ( IN CONST VOID *Md4Context, OUT VOID *NewMd4Context ); =20 =20 -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data t= o be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_UPDATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_UPDATE) ( IN OUT VOID *Md4Context, IN CONST VOID *Data, IN UINTN DataSize ); =20 =20 -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest va= lue into - the specified memory. After this function has been called, the MD4 conte= xt cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and sh= ould not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 d= igest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_FINAL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_FINAL) ( IN OUT VOID *Md4Context, OUT UINT8 *HashValue ); =20 =20 -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, an= d places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be= hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_MD4_HASH_ALL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL) ( IN CONST VOID *Data, IN UINTN DataSize, OUT UINT8 *HashValue @@ -4007,13 +3914,13 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate; EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update; EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final; - /// Md4 - EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE Md4GetContextSize; - EDKII_CRYPTO_MD4_INIT Md4Init; - EDKII_CRYPTO_MD4_DUPLICATE Md4Duplicate; - EDKII_CRYPTO_MD4_UPDATE Md4Update; - EDKII_CRYPTO_MD4_FINAL Md4Final; - EDKII_CRYPTO_MD4_HASH_ALL Md4HashAll; + /// Md4 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetContextS= ize; + DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init; + DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE DeprecatedMd4Duplicate; + DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update; + DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final; + DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll; /// Md5 EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize; EDKII_CRYPTO_MD5_INIT Md5Init; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59631): https://edk2.groups.io/g/devel/message/59631 Mute This Topic: https://groups.io/mt/74221325/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59632+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59632+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517613; cv=none; d=zohomail.com; s=zohoarc; b=ZpbjtOM+9ZP+2pI4Lxe5dt6x/n3NO7/A0UGeIMY+7Ni4DJGEZPgvd0hrC1reegmAOasntUt5nMdb5PRblNWekalt7asfL1wP2O+5HoZfkupMrFMnsyM82jyA4e29xs2dLjMvhZL8ATatIwO7ETYBZcISwWtDwddKJ+hPdekA5lY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517613; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=2pfXBtQFCUhr9E08f2cDcwARxVx4ONweSrU/8GmfHiU=; b=mi1auXl9GaH5s2NvzuTuqIXUKkUTopADEOgthWqGAPYkU9kYdkwp6TQBay7oxv5+1jbIUaJSCxRpi31iSfF+qurN72HvDUEGwBV3LwQJzl0llPH2Szhjj+F5GCSoOxhFjSbUnxFLwVmN1GxNUfhrYLtUgramEezyirdUlsMpeDM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59632+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517613398133.8943320535824; Thu, 14 May 2020 21:40:13 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id eOCHYY1788612xae2jILQgBn; Thu, 14 May 2020 21:40:12 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:09 -0700 IronPort-SDR: 4avLFzlgzk1617+tCQgn+QHTSA1bWVIkNRjo8BVhykXhRYZDV7NXvNQMyxoTQyue91yeJjmr+O fZlidyvBe+zg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:08 -0700 IronPort-SDR: 3ssWWnFIBkivxobhqVFOGelpmGiaqtispxpfGgmmNJUn6K6Ob6gG42wN4sCDjLLBUmevnaNHxq OFEc9qyYTW5g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317463" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:06 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 03/13] CryptoPkg/OpensslLib: Set MD4 disable in OpensslLib Date: Fri, 15 May 2020 12:39:38 +0800 Message-Id: <20200515043948.15028-4-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: GmFvgvpqRo7TUxCKweCvUpa6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517612; bh=FrSaUNn3s9j7vEMh02ht+8vrCSeIWsLk4Zqmxqk5uhg=; h=Cc:Date:From:Reply-To:Subject:To; b=Ucu50v3UfZ03UL5Y96+rV7vNBAmY/8eQcyV0/LXAQOjlVOQOFOpYH6qzRWziiDX/O/K xkcclfDc6Rfgt2AaxlNZwuB7pPNZ84kcyt8ywAsgOFHqnWJSfAer4iICxrFd1jRV4MHs3 tA+NRz0xgzajp5M+FZGFSPRTPhQcdeSfu3E= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 This patch is create by adding the setting "no_md4" of process_files.pl and running it thru perl. It would remove the MD4 from OpensslLib. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- V6: Change the line ending of opensslconfig.h from '\n' to '\r\n'. CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 --- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 3 --- CryptoPkg/Library/OpensslLib/process_files.pl | 1 + 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index bd34e53ef2..70d24f99ac 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -61,6 +61,9 @@ extern "C" { #ifndef OPENSSL_NO_MD2 # define OPENSSL_NO_MD2 #endif +#ifndef OPENSSL_NO_MD4 +# define OPENSSL_NO_MD4 +#endif #ifndef OPENSSL_NO_MDC2 # define OPENSSL_NO_MDC2 #endif diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 9ed0175553..10710e4a7c 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -294,8 +294,6 @@ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c - $(OPENSSL_PATH)/crypto/md4/md4_one.c $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c @@ -525,7 +523,6 @@ $(OPENSSL_PATH)/crypto/evp/evp_locl.h $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h $(OPENSSL_PATH)/crypto/md5/md5_locl.h $(OPENSSL_PATH)/crypto/modes/modes_lcl.h $(OPENSSL_PATH)/crypto/objects/obj_dat.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 03da266627..d9782a3098 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -294,8 +294,6 @@ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c - $(OPENSSL_PATH)/crypto/md4/md4_one.c $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c @@ -525,7 +523,6 @@ $(OPENSSL_PATH)/crypto/evp/evp_locl.h $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h $(OPENSSL_PATH)/crypto/md5/md5_locl.h $(OPENSSL_PATH)/crypto/modes/modes_lcl.h $(OPENSSL_PATH)/crypto/objects/obj_dat.h diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index 4ba25da407..bd4a84da24 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -73,6 +73,7 @@ BEGIN { "no-gost", "no-hw", "no-idea", + "no-md4", "no-mdc2", "no-pic", "no-ocb", --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59632): https://edk2.groups.io/g/devel/message/59632 Mute This Topic: https://groups.io/mt/74221326/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59633+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59633+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517615; cv=none; d=zohomail.com; s=zohoarc; b=Bf5n15vFoOPRQjEcFpl2pUvEhJlQ47nqZyN8PRVQMuApgCnwlNzznD3g8N3mcgAFzlecoleggwd5XnEZl5gjvfmhzynygIcghbXY+UWao81QzM5ZStfTiXpqPgiSrwHDEiDO6nRcDP6mVSqzyohe0igB0juez/ucrLURXZAjV4U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517615; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=YmgMQmTdF3qzItu09K6akr6NuY066LanIB5yBuqlRAI=; b=g0rPv7wzNw3IKi9llNoFDXZCNCPkbj6WwNKEzdL/ZxvUIyedquWneDNbKfG0J0JaZiafU7jifHmkL7yhWQOIieg2Dk27ufl/bsnV9NxdTaOPAdQr14HR6p4F+pplv8RCBw1F9LPEtVvoAqioUQhVt01v7DEftTo+SU6jcajELoA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59633+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517615910156.44236700022623; Thu, 14 May 2020 21:40:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id vJBMYY1788612x1LRCsz4M3i; Thu, 14 May 2020 21:40:15 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:12 -0700 IronPort-SDR: i7a22qjpY+0lr3lQPmlWBqv8SL9d56FOObwxqGdBtGpSwFJZAE6N6lKR2FXHWQwwEZsVaI3WGH SA4agU2Zcw4A== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:11 -0700 IronPort-SDR: Crll8DRgN0NJ7YxhPUm+7yxPIER8V/CZrepaCmoOLkZ8Sk2MHJod7apbbBFYeIKnOyeA5Etkk+ XhT9HIVc0sQQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317470" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:08 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 04/13] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Date: Fri, 15 May 2020 12:39:39 +0800 Message-Id: <20200515043948.15028-5-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: xXvN5Qx31a0ZLLLzLF50VcE1x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517615; bh=NUO2yRQ0/xiAHGkvDa6IKhM8dxcoyhlWvNK5KIQjOyo=; h=Cc:Date:From:Reply-To:Subject:To; b=OFluuED/dLrZYwuh8SpLN/ogS2/1PBeErzqPiApCMGol6cYswk0ket1rX+d03qYc7Uu mjyrkPgezMttc+fn4QxFTN0gsj0rqpPtt+bB8VHHN/nH1v5qLsB6Srx2DTkRmIU2ckmwY NEavDUcvvKCRV5Q1r8tOm6qMk/XjEretkgg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 ARC4 is not secure any longer. Remove the ARC4 support from edk2. Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 95 +++----- CryptoPkg/Include/Library/BaseCryptLib.h | 132 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------------------ .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 147 ------------- CryptoPkg/Private/Protocol/Crypto.h | 115 ++-------- 15 files changed, 48 insertions(+), 917 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null= .c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 53ee0edea5..af61482919 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -2037,150 +2037,107 @@ CryptoServiceAesCbcDecrypt ( } =20 /** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. @retval 0 This interface is not supported. =20 **/ UINTN EFIAPI -CryptoServiceArc4GetContextSize ( +DeprecatedCryptoServiceArc4GetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize, Arc4GetContextSi= ze, (), 0); + return BaseCryptLibServiceDeprecated ("Arc4GetContextSize"), 0; } =20 /** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] Arc4Context Pointer to ARC4 context being initialized. @param[in] Key Pointer to the user-supplied ARC4 key. @param[in] KeySize Size of ARC4 key in bytes. =20 - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceArc4Init ( +DeprecatedCryptoServiceArc4Init ( OUT VOID *Arc4Context, IN CONST UINT8 *Key, IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, Ke= y, KeySize), FALSE); + return BaseCryptLibServiceDeprecated ("Arc4Init"), FALSE; } =20 /** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Arc4Context Pointer to the ARC4 context. @param[in] Input Pointer to the buffer containing the data = to be encrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. =20 - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceArc4Encrypt ( +DeprecatedCryptoServiceArc4Encrypt ( IN OUT VOID *Arc4Context, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Conte= xt, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("Arc4Encrypt"), FALSE; } =20 /** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Arc4Context Pointer to the ARC4 context. @param[in] Input Pointer to the buffer containing the data = to be decrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. =20 - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceArc4Decrypt ( +DeprecatedCryptoServiceArc4Decrypt ( IN OUT VOID *Arc4Context, IN UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Conte= xt, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("Arc4Decrypt"), FALSE; } =20 /** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] Arc4Context Pointer to the ARC4 context. =20 - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceArc4Reset ( +DeprecatedCryptoServiceArc4Reset ( IN OUT VOID *Arc4Context ) { - return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context),= FALSE); + return BaseCryptLibServiceDeprecated ("Arc4Reset"), FALSE; } =20 //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D @@ -4502,12 +4459,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceAesEcbDecrypt, CryptoServiceAesCbcEncrypt, CryptoServiceAesCbcDecrypt, - /// Arc4 - CryptoServiceArc4GetContextSize, - CryptoServiceArc4Init, - CryptoServiceArc4Encrypt, - CryptoServiceArc4Decrypt, - CryptoServiceArc4Reset, + /// Arc4 - deprecated and unsupported + DeprecatedCryptoServiceArc4GetContextSize, + DeprecatedCryptoServiceArc4Init, + DeprecatedCryptoServiceArc4Encrypt, + DeprecatedCryptoServiceArc4Decrypt, + DeprecatedCryptoServiceArc4Reset, /// SM3 CryptoServiceSm3GetContextSize, CryptoServiceSm3Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index c862f0334f..25e236c4a3 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1667,138 +1667,6 @@ AesCbcDecrypt ( OUT UINT8 *Output ); =20 -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ); - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Asymmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 22992e7d43..da38ea552f 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -40,7 +40,6 @@ Kdf/CryptHkdf.c Cipher/CryptAes.c Cipher/CryptTdes.c - Cipher/CryptArc4.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/= Library/BaseCryptLib/Cipher/CryptArc4.c deleted file mode 100644 index 388d312bed..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c +++ /dev/null @@ -1,205 +0,0 @@ -/** @file - ARC4 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - // - // Memory for 2 copies of RC4_KEY is allocated, one for working copy, an= d the other - // for backup copy. When Arc4Reset() is called, we can use the backup co= py to restore - // the working copy to the initial state. - // - return (UINTN) (2 * sizeof (RC4_KEY)); -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Key =3D=3D NULL || (KeySize < 5 || KeySiz= e > 256)) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4_set_key (Rc4Key, (UINT32) KeySize, Key); - - CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY)); - - return TRUE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL |= | InputSize > INT_MAX) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); - - return TRUE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL |= | InputSize > INT_MAX) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); - - return TRUE; -} - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - RC4_KEY *Rc4Key; - - // - // Check input parameters. - // - if (Arc4Context =3D=3D NULL) { - return FALSE; - } - - Rc4Key =3D (RC4_KEY *) Arc4Context; - - CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY)); - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c b/Crypto= Pkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c deleted file mode 100644 index 1f09bfa30e..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c +++ /dev/null @@ -1,124 +0,0 @@ -/** @file - ARC4 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Resets the ARC4 context to the initial state. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index e9add0127d..f43953b78c 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -46,7 +46,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 374bfb3f65..5abd8e8dfb 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -7,7 +7,7 @@ // buffer overflow or integer overflow. // // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, +// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number // generator functions are not supported in this instance. @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.5= 09 certificate handler functions, authenticode signature verification funct= ions, PEM handler functions, and pseudorandom number generator functions ar= e not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 ce= rtificate handler functions, authenticode signature verification functions,= PEM handler functions, and pseudorandom number generator functions are not= supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 0a2eb03232..f1eb099b67 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions= , RSA external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -46,7 +46,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index b6d751176e..5a48d2a308 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -7,7 +7,7 @@ // buffer overflow or integer overflow. // // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, +// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and= authenticode signature verification functions are not supported in this in= stance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 139983075e..3a94655775 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA exter= nal +# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -45,7 +45,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAes.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index b8d7953d2b..0561f107e8 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -7,7 +7,7 @@ // buffer overflow or integer overflow. // // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign fun= ctions, +// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external= functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and= authenticode signature verification functions are not supported in this in= stance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index b03681b146..a205c9005d 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -40,7 +40,6 @@ Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c Cipher/CryptTdesNull.c - Cipher/CryptArc4Null.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c b/Cr= yptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c deleted file mode 100644 index 1f09bfa30e..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c +++ /dev/null @@ -1,124 +0,0 @@ -/** @file - ARC4 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Resets the ARC4 context to the initial state. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 5e470028f4..77915bdb86 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1892,153 +1892,6 @@ AesCbcDecrypt ( CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ivec,= Output), FALSE); } =20 -/** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Arc4GetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (Arc4GetContextSize, (), 0); -} - -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Init ( - OUT VOID *Arc4Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - CALL_CRYPTO_SERVICE (Arc4Init, (Arc4Context, Key, KeySize), FALSE); -} - -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Encrypt ( - IN OUT VOID *Arc4Context, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (Arc4Encrypt, (Arc4Context, Input, InputSize, Output= ), FALSE); -} - -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Decrypt ( - IN OUT VOID *Arc4Context, - IN UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (Arc4Decrypt, (Arc4Context, Input, InputSize, Output= ), FALSE); -} - -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Arc4Reset ( - IN OUT VOID *Arc4Context - ) -{ - CALL_CRYPTO_SERVICE (Arc4Reset, (Arc4Context), FALSE); -} - //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Asymmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index ae0f29695c..f36c5c1aff 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2785,134 +2785,45 @@ BOOLEAN ); =20 /** - Retrieves the size, in bytes, of the context buffer required for ARC4 op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for ARC4 ope= rations. - @retval 0 This interface is not supported. + ARC4 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef UINTN -(EFIAPI *EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) ( VOID ); =20 -/** - Initializes user-supplied memory as ARC4 context for subsequent use. - - This function initializes user-supplied memory pointed by Arc4Context as= ARC4 context. - In addition, it sets up all ARC4 key materials for subsequent encryption= and decryption - operations. - - If Arc4Context is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeySize does not in the range of [5, 256] bytes, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Arc4Context Pointer to ARC4 context being initialized. - @param[in] Key Pointer to the user-supplied ARC4 key. - @param[in] KeySize Size of ARC4 key in bytes. - - @retval TRUE ARC4 context initialization succeeded. - @retval FALSE ARC4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_INIT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_INIT) ( OUT VOID *Arc4Context, IN CONST UINT8 *Key, IN UINTN KeySize ); =20 -/** - Performs ARC4 encryption on a data buffer of the specified size. - - This function performs ARC4 encryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= encryption output. - - @retval TRUE ARC4 encryption succeeded. - @retval FALSE ARC4 encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT) ( IN OUT VOID *Arc4Context, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs ARC4 decryption on a data buffer of the specified size. - - This function performs ARC4 decryption on data buffer pointed by Input, = of specified - size of InputSize. - Arc4Context should be already correctly initialized by Arc4Init(). Behav= ior with - invalid ARC4 context is undefined. - - If Arc4Context is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - @param[in] Input Pointer to the buffer containing the data = to be decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the ARC4= decryption output. - - @retval TRUE ARC4 decryption succeeded. - @retval FALSE ARC4 decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT) ( IN OUT VOID *Arc4Context, IN UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Resets the ARC4 context to the initial state. - - The function resets the ARC4 context to the state it had immediately aft= er the - ARC4Init() function call. - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but= ARC4 context - should be already correctly initialized by ARC4Init(). - - If Arc4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Arc4Context Pointer to the ARC4 context. - - @retval TRUE ARC4 reset succeeded. - @retval FALSE ARC4 reset failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_ARC4_RESET) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_RESET) ( IN OUT VOID *Arc4Context ); =20 @@ -4014,12 +3925,12 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt; EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; - /// Arc4 - EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE Arc4GetContextSize; - EDKII_CRYPTO_ARC4_INIT Arc4Init; - EDKII_CRYPTO_ARC4_ENCRYPT Arc4Encrypt; - EDKII_CRYPTO_ARC4_DECRYPT Arc4Decrypt; - EDKII_CRYPTO_ARC4_RESET Arc4Reset; + /// Arc4 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE DeprecatedArc4GetContext= Size; + DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init; + DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encrypt; + DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decrypt; + DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset; /// SM3 EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize; EDKII_CRYPTO_SM3_INIT Sm3Init; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59633): https://edk2.groups.io/g/devel/message/59633 Mute This Topic: https://groups.io/mt/74221327/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59634+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59634+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517617; cv=none; d=zohomail.com; s=zohoarc; b=HhwfW79rarH+Nycq8qByGbui7kZgl/yEjgLsCf4jJPUNiDpBb7dA/kT75DmwERIsMyBZx+mPYmt+Y0YjuleEw1snQqoY70YcMgMFecARp/bpY2j9ap57zV/07pcwZeKDcpZ/tPUurg9mY+prrOmc5OLaOWWuL7FVxl81kwarAfk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517617; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=SsneFasivjdrdqqp58YlAl1KPjUp0Tk7S/kvC+mD3Rs=; b=W6DDa3SWA4PGnXMWuK4dJgQVJ/xPBUPHfVJW7c+zN+ohfOqDDupykeB+7uBvRcl+5vQuwLKWMr60WRyGdWaxtdupolkvT1tPFOzrg9WGvei9dE8oQmSUW/gdDGrm7ZElhHpXmmeOBxJZiwqKio4KQqhsDtfAVRrLbakEgu5PBX0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59634+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517617391920.7657403251227; Thu, 14 May 2020 21:40:17 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 0cZTYY1788612xFK2xbiEzNA; Thu, 14 May 2020 21:40:16 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:13 -0700 IronPort-SDR: M+fyFSNehw2ItP91ihIHoS7AxGZthZxrk1tiVmbJ5YxQBuWPtAyeDjOIsud0xgfz7ztU5wZud6 WpaKnRTLLJOg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:13 -0700 IronPort-SDR: 1yRdsa0oyk3J0EupsttL8LM1baDBhAZ0vOfvV4Fo21zC832maTW9djFT0WRRZb+maVcuJopnf9 Wk50aZLbCfTg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317479" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:11 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 05/13] CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib Date: Fri, 15 May 2020 12:39:40 +0800 Message-Id: <20200515043948.15028-6-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: Bp6HidFpOwfN5pAUFeQtcFA2x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517616; bh=hTg32sPWDlXton0wnGX87oEsfRrB9NaOhdQereiqROE=; h=Cc:Date:From:Reply-To:Subject:To; b=eEfE0qoqWAxcaGMI+SKcASkBC5dlwCrAr82kY1jAjyCH29UwOeCiHYfND6khcrr8qCY y3mQh+jaJjrnUuDp8oELFFdjH/HWerAulCfw70wheYFz8lf8FEYMC1CgSsRd8KjplVYP9 6WYxM7KOaXhNpJz+yOrF+McFmXy7moOgLyk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 This patch is create by adding the setting "no_rc4" of process_files.pl and running it thru perl. It would remove the ARC4 from OpensslLib. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- V6: Change the line ending of opensslconfig.h from '\n' to '\r\n'. CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 --- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 3 --- CryptoPkg/Library/OpensslLib/process_files.pl | 1 + 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index 70d24f99ac..f55b27ae81 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -73,6 +73,9 @@ extern "C" { #ifndef OPENSSL_NO_RC2 # define OPENSSL_NO_RC2 #endif +#ifndef OPENSSL_NO_RC4 +# define OPENSSL_NO_RC4 +#endif #ifndef OPENSSL_NO_RC5 # define OPENSSL_NO_RC5 #endif diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 10710e4a7c..dfaefd1c08 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -374,8 +374,6 @@ $(OPENSSL_PATH)/crypto/rand/rand_unix.c $(OPENSSL_PATH)/crypto/rand/rand_vms.c $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c @@ -531,7 +529,6 @@ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h $(OPENSSL_PATH)/crypto/rand/rand_lcl.h - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h $(OPENSSL_PATH)/crypto/sha/sha_locl.h $(OPENSSL_PATH)/crypto/siphash/siphash_local.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index d9782a3098..080e1d9305 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -374,8 +374,6 @@ $(OPENSSL_PATH)/crypto/rand/rand_unix.c $(OPENSSL_PATH)/crypto/rand/rand_vms.c $(OPENSSL_PATH)/crypto/rand/rand_win.c - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c @@ -531,7 +529,6 @@ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h $(OPENSSL_PATH)/crypto/rand/rand_lcl.h - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h $(OPENSSL_PATH)/crypto/sha/sha_locl.h $(OPENSSL_PATH)/crypto/siphash/siphash_local.h diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index bd4a84da24..254bc4dbcc 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -80,6 +80,7 @@ BEGIN { "no-poly1305", "no-posix-io", "no-rc2", + "no-rc4", "no-rfc3779", "no-rmd160", "no-scrypt", --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59634): https://edk2.groups.io/g/devel/message/59634 Mute This Topic: https://groups.io/mt/74221328/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59635+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59635+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517619; cv=none; d=zohomail.com; s=zohoarc; b=dW5ZVDuJitzpzNy38ZVjuVscTy+7GVxH5kZbEnEgEzeRPfb7E13TxWOsXrPYCkdwrLQsE83YNm0UQthrPQ1EkNptfyPzvmuDiWuAJikW9qE0W2Kz8ewYHQXWnWMhWKReS8UntTg5X0gN4kNmUKHEiUs6lBtG2y3lUDpU5yvQYJs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517619; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=sEB+qHHdmCi2nFQN+rjnz12i9R20R7Gdi87cf5pwc8c=; b=MMQMdtu4e4lx7purfmUyOwTXFCH0hxTLgt3T0lVKMnEp5suObnvec/B2yVnI0e6s6PfpZastWa8fIL30vhdQmNZi5F3QgEGJ5N9ZacsnZLqmHfkSGBGIX0xZQnYsicmQQEyufulaXaRdK07V0mHKcnCoQ791Y//WVWXdPwvLC5Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59635+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517619674783.1247973574824; Thu, 14 May 2020 21:40:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id yrHfYY1788612xt476SAfI9i; Thu, 14 May 2020 21:40:18 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:17 -0700 IronPort-SDR: Jm5NbsYHJ0aR7oiSHZzOnUMhOz6WrXmKpW+dEMUaN+FmVFlskX6xjG2Trujw5Jf3pO3rdf/vlO veBsLuTCDx9Q== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:16 -0700 IronPort-SDR: bvZ1wS0Mn59QaZRksAxSGtGaMeMzzy8rV5KDxl0mokGpQaAoWhIX1W/hAlOwooFEpG64bQhVKa QJOIe6HHc5IA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317486" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:13 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 06/13] CryptoPkg/BaseCryptLib: Retire the TDES algorithm Date: Fri, 15 May 2020 12:39:41 +0800 Message-Id: <20200515043948.15028-7-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: y2KD41dltHqA4C5aaKdXiUi9x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517618; bh=UhhRd64CDKxEYX119Gk9v7rSQRQroi+9VIDmjn8blKA=; h=Cc:Date:From:Reply-To:Subject:To; b=jZsUE/16go82zKhYRUdnnJ1Bewi5aKaVswmOD+RPxq9MeH5N3nXnJA/FoHwR17Rf1q5 qXtlzxmsxDUs8rznlBU0iVlWzC4Sb2heIBP9IEHoukYL/QVJlvzG+ETbglLe1IemMeHFK Gwbooj6am8NJsm+aGp1TOELBo7qwbl7uLkw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 TDES is not secure any longer. Remove the Tdes support from edk2. Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 138 ++----- CryptoPkg/Include/Library/BaseCryptLib.h | 196 ---------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------ .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 6 +- CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 6 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 214 ---------- CryptoPkg/Private/Protocol/Crypto.h | 169 +------- 16 files changed, 60 insertions(+), 1377 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull= .c diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index af61482919..642d0267d9 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1612,152 +1612,94 @@ CryptoServiceHmacSha256Final ( //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - @return The size, in bytes, of the context buffer required for TDES ope= rations. @retval 0 This interface is not supported. =20 **/ UINTN EFIAPI -CryptoServiceTdesGetContextSize ( +DeprecatedCryptoServiceTdesGetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSi= ze, (), 0); + return BaseCryptLibServiceDeprecated ("TdesGetContextSize"), 0; } =20 /** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] TdesContext Pointer to TDES context being initialized. @param[in] Key Pointer to the user-supplied TDES key. @param[in] KeyLength Length of TDES key in bits. =20 - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesInit ( +DeprecatedCryptoServiceTdesInit ( OUT VOID *TdesContext, IN CONST UINT8 *Key, IN UINTN KeyLength ) { - return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Ke= y, KeyLength), FALSE); + return BaseCryptLibServiceDeprecated ("TdesInit"), FALSE; } =20 /** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to b= e encrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. =20 - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesEcbEncrypt ( +DeprecatedCryptoServiceTdesEcbEncrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (Tde= sContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesEcbEncrypt"), FALSE; } =20 /** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to b= e decrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. =20 - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesEcbDecrypt ( +DeprecatedCryptoServiceTdesEcbDecrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (Tde= sContext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesEcbDecrypt"), FALSE; } =20 /** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to b= e encrypted. @@ -1765,14 +1707,12 @@ CryptoServiceTdesEcbDecrypt ( @param[in] Ivec Pointer to initialization vector. @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. =20 - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesCbcEncrypt ( +DeprecatedCryptoServiceTdesCbcEncrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -1780,26 +1720,12 @@ CryptoServiceTdesCbcEncrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesCbcEncrypt"), FALSE; } =20 /** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to b= e encrypted. @@ -1807,14 +1733,12 @@ CryptoServiceTdesCbcEncrypt ( @param[in] Ivec Pointer to initialization vector. @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. =20 - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceTdesCbcDecrypt ( +DeprecatedCryptoServiceTdesCbcDecrypt ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -1822,7 +1746,7 @@ CryptoServiceTdesCbcDecrypt ( OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (Tde= sContext, Input, InputSize, Ivec, Output), FALSE); + return BaseCryptLibServiceDeprecated ("TdesCbcDecrypt"), FALSE; } =20 /** @@ -4445,13 +4369,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceX509Free, CryptoServiceX509StackFree, CryptoServiceX509GetTBSCert, - /// TDES - CryptoServiceTdesGetContextSize, - CryptoServiceTdesInit, - CryptoServiceTdesEcbEncrypt, - CryptoServiceTdesEcbDecrypt, - CryptoServiceTdesCbcEncrypt, - CryptoServiceTdesCbcDecrypt, + /// TDES - deprecated and unsupported + DeprecatedCryptoServiceTdesGetContextSize, + DeprecatedCryptoServiceTdesInit, + DeprecatedCryptoServiceTdesEcbEncrypt, + DeprecatedCryptoServiceTdesEcbDecrypt, + DeprecatedCryptoServiceTdesCbcEncrypt, + DeprecatedCryptoServiceTdesCbcDecrypt, /// AES CryptoServiceAesGetContextSize, CryptoServiceAesInit, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 25e236c4a3..621bcfd1c4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1278,202 +1278,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ); - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ); - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index da38ea552f..2de8e9c346 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c - Cipher/CryptTdes.c Pk/CryptRsaBasic.c Pk/CryptRsaExt.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/= Library/BaseCryptLib/Cipher/CryptTdes.c deleted file mode 100644 index fd799f3398..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c +++ /dev/null @@ -1,364 +0,0 @@ -/** @file - TDES Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - // - // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and = K3 each. - // - return (UINTN) (3 * sizeof (DES_key_schedule)); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Key =3D=3D NULL || (KeyLength !=3D 64 && = KeyLength !=3D 128 && KeyLength !=3D 192)) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - // - // If input Key is a weak key, return error. - // - if (DES_is_weak_key ((const_DES_cblock *) Key) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule); - - if (KeyLength =3D=3D 64) { - CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule)); - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1); - - if (KeyLength =3D=3D 128) { - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); - return TRUE; - } - - if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) =3D=3D 1) { - return FALSE; - } - - DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2); - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_ENCRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - - while (InputSize > 0) { - DES_ecb3_encrypt ( - (const_DES_cblock *) Input, - (DES_cblock *) Output, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - DES_DECRYPT - ); - Input +=3D TDES_BLOCK_SIZE; - Output +=3D TDES_BLOCK_SIZE; - InputSize -=3D TDES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_ENCRYPT - ); - - return TRUE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - DES_key_schedule *KeySchedule; - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - - // - // Check input parameters. - // - if (TdesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % TDES_BL= OCK_SIZE) !=3D 0) { - return FALSE; - } - - if (Ivec =3D=3D NULL || Output =3D=3D NULL || InputSize > INT_MAX) { - return FALSE; - } - - KeySchedule =3D (DES_key_schedule *) TdesContext; - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); - - DES_ede3_cbc_encrypt ( - Input, - Output, - (UINT32) InputSize, - KeySchedule, - KeySchedule + 1, - KeySchedule + 2, - (DES_cblock *) IvecBuffer, - DES_DECRYPT - ); - - return TRUE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/Crypto= Pkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f43953b78c..f631f8d879 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 5abd8e8dfb..c906935d3d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number // generator functions are not supported in this instance. @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 ce= rtificate handler functions, authenticode signature verification functions,= PEM handler functions, and pseudorandom number generator functions are not= supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certific= ate handler functions, authenticode signature verification functions, PEM h= andler functions, and pseudorandom number generator functions are not suppo= rted in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Libr= ary/BaseCryptLib/Pem/CryptPem.c index 75a133bd0c..6f7e1971f8 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c @@ -1,7 +1,7 @@ /** @file PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over O= penSSL. =20 -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem ( =20 // // Add possible block-cipher descriptor for PEM data decryption. - // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted= PEM. + // NOTE: Only support most popular ciphers AES for the encrypted PEM. // - if (EVP_add_cipher (EVP_des_ede3_cbc ()) =3D=3D 0) { - return FALSE; - } if (EVP_add_cipher (EVP_aes_128_cbc ()) =3D=3D 0) { return FALSE; } diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index f1eb099b67..672e19299c 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA= external +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -45,7 +45,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index 5a48d2a308..0a3bb1c04f 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 3a94655775..cc3556ae3f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external +# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -44,7 +44,6 @@ Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasic.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1Oaep.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 0561f107e8..2e362c635f 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,8 +6,8 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ -// TDES functions, RSA external functions, PKCS#7 SignedData sign function= s, +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. // @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external func= tions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and auth= enticode signature verification functions are not supported in this instanc= e." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index a205c9005d..04b552f8b7 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -39,7 +39,6 @@ Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c - Cipher/CryptTdesNull.c Pk/CryptRsaBasicNull.c Pk/CryptRsaExtNull.c Pk/CryptPkcs1OaepNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c b/Cr= yptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c deleted file mode 100644 index efa2716063..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c +++ /dev/null @@ -1,160 +0,0 @@ -/** @file - TDES Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - Return FALSE to indicate this interface is not supported. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 77915bdb86..43ee4e0841 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1467,220 +1467,6 @@ HmacSha256Final ( // Symmetric Cryptography Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -TdesGetContextSize ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0); -} - -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesInit ( - OUT VOID *TdesContext, - IN CONST UINT8 *Key, - IN UINTN KeyLength - ) -{ - CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, Out= put), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesEcbDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, Out= put), FALSE); -} - -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcEncrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ive= c, Output), FALSE); -} - -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -TdesCbcDecrypt ( - IN VOID *TdesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - IN CONST UINT8 *Ivec, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ive= c, Output), FALSE); -} - /** Retrieves the size, in bytes, of the context buffer required for AES ope= rations. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index f36c5c1aff..a30660c192 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2396,155 +2396,45 @@ BOOLEAN //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Retrieves the size, in bytes, of the context buffer required for TDES op= erations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for TDES ope= rations. - @retval 0 This interface is not supported. + TDES is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef UINTN -(EFIAPI *EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( VOID ); =20 -/** - Initializes user-supplied memory as TDES context for subsequent use. - - This function initializes user-supplied memory pointed by TdesContext as= TDES context. - In addition, it sets up all TDES key materials for subsequent encryption= and decryption - operations. - There are 3 key options as follows: - KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 (Backward com= patibility with DES) - KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 =3D K1 (Less Secur= ity) - KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 (Strongest) - - If TdesContext is NULL, then return FALSE. - If Key is NULL, then return FALSE. - If KeyLength is not valid, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] TdesContext Pointer to TDES context being initialized. - @param[in] Key Pointer to the user-supplied TDES key. - @param[in] KeyLength Length of TDES key in bits. - - @retval TRUE TDES context initialization succeeded. - @retval FALSE TDES context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_INIT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_INIT) ( OUT VOID *TdesContext, IN CONST UINT8 *Key, IN UINTN KeyLength ); =20 -/** - Performs TDES encryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs TDES decryption on a data buffer of the specified size in ECB m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the TDES dec= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_ECB_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs TDES encryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES encryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES encryption succeeded. - @retval FALSE TDES encryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -2552,38 +2442,9 @@ BOOLEAN OUT UINT8 *Output ); =20 -/** - Performs TDES decryption on a data buffer of the specified size in CBC m= ode. - - This function performs TDES decryption on data buffer pointed by Input, = of specified - size of InputSize, in CBC mode. - InputSize must be multiple of block size (8 bytes). This function does n= ot perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - Initialization vector should be one block size (8 bytes). - TdesContext should be already correctly initialized by TdesInit(). Behav= ior with - invalid TDES context is undefined. - - If TdesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (8 bytes), then return FALSE. - If Ivec is NULL, then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] TdesContext Pointer to the TDES context. - @param[in] Input Pointer to the buffer containing the data to b= e encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[in] Ivec Pointer to initialization vector. - @param[out] Output Pointer to a buffer that receives the TDES enc= ryption output. - - @retval TRUE TDES decryption succeeded. - @retval FALSE TDES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_TDES_CBC_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT) ( IN VOID *TdesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -3911,13 +3772,13 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_X509_FREE X509Free; EDKII_CRYPTO_X509_STACK_FREE X509StackFree; EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert; - /// TDES - EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE TdesGetContextSize; - EDKII_CRYPTO_TDES_INIT TdesInit; - EDKII_CRYPTO_TDES_ECB_ENCRYPT TdesEcbEncrypt; - EDKII_CRYPTO_TDES_ECB_DECRYPT TdesEcbDecrypt; - EDKII_CRYPTO_TDES_CBC_ENCRYPT TdesCbcEncrypt; - EDKII_CRYPTO_TDES_CBC_DECRYPT TdesCbcDecrypt; + /// TDES - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetContext= Size; + DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncrypt; + DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt; + DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt; /// AES EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; EDKII_CRYPTO_AES_INIT AesInit; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59635): https://edk2.groups.io/g/devel/message/59635 Mute This Topic: https://groups.io/mt/74221329/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59636+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59636+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517622; cv=none; d=zohomail.com; s=zohoarc; b=hOad7d+k3j2YohOVGoKTu/E4cDPG95Xrz3mt1iFZv38K8/KDcjHK/ikLDVq03hAQGWj8vDFhnBxV6XZfVTNUo+DQ2cPpWoKcWtSuqrS54rXl/UKS609XgA7mMor+dX0AI7FIoHJdzlAXH+DPwNfiFMYZpDVZy0fqjAGUbPqcpBc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517622; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=nx9KvRaUdtW4DBucfzGODIescK1H4A0S226GYXv69rE=; b=VGIl6RdPx3JGCvU85izles11M97+5HHSbyaD//C7brPjOKXZ+gzE/OmvcBWd7RmOUksrnR0rvwHZnTVDfyXwiajdL2VI7BerK+ycuXPFpR9Zv/cOnCnKvyG+OqeokcVaQDi+7xU5hAqWMaSkSJtxmsQ8GPOdunQYMVfPnPhCQZY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59636+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517622509530.2954079114207; Thu, 14 May 2020 21:40:22 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id SSnFYY1788612xATErSB4by0; Thu, 14 May 2020 21:40:21 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:18 -0700 IronPort-SDR: UFkTfW5P7Xr4QvErjHufJVCenzASPd8GysXMMAHNe6Huphyaj+gv2d0gj6qkWBVrrenaehFAHm WLYR/nrzqjiA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:18 -0700 IronPort-SDR: POboM3FhjjrxsrjY7mw7dbO0RnnhxMAYiA0ZfhVgs8Dqqy7TsnHfi/mwU8Ev62Hpmju/NyH7Ao 7FJI5vhb0BLw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317493" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:16 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 07/13] CryptoPkg/OpensslLib: Set TDES disable in OpensslLib Date: Fri, 15 May 2020 12:39:42 +0800 Message-Id: <20200515043948.15028-8-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: WBRYymZrQDuUUuPtZJ4RTthhx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517621; bh=CofCXCibeIffZy8hjpjY8WWe0aF0ZltIGxXqdmiK0Vo=; h=Cc:Date:From:Reply-To:Subject:To; b=C3rTCoRsxvhQVnNvAIZwGIR3JcyhVkhc7nr2cNSRzmyLEHArBj9hk/O8BuCQW17bo1q cl013dA3x45b8F743ZZW3G2CWTOKUd3tEtG7hIbymee4LnMpxOD4Z7/rYve/6hSyj+o19 d5tTjCk32dy0WlKBRokF0byY6NDxJAASQSs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 This patch is create by adding the setting "no_des" of process_files.pl and running it thru perl. It would remove the TDES from OpensslLib. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- V6: Change the line ending of opensslconfig.h from '\n' to '\r\n'. .../Library/Include/openssl/opensslconf.h | 3 +++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 21 ------------------- .../Library/OpensslLib/OpensslLibCrypto.inf | 21 ------------------- CryptoPkg/Library/OpensslLib/process_files.pl | 1 + 4 files changed, 4 insertions(+), 42 deletions(-) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index f55b27ae81..70862e1054 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -49,6 +49,9 @@ extern "C" { #ifndef OPENSSL_NO_CT # define OPENSSL_NO_CT #endif +#ifndef OPENSSL_NO_DES +# define OPENSSL_NO_DES +#endif #ifndef OPENSSL_NO_DSA # define OPENSSL_NO_DSA #endif diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index dfaefd1c08..d66f1cb03f 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -178,25 +178,6 @@ $(OPENSSL_PATH)/crypto/cryptlib.c $(OPENSSL_PATH)/crypto/ctype.c $(OPENSSL_PATH)/crypto/cversion.c - $(OPENSSL_PATH)/crypto/des/cbc_cksm.c - $(OPENSSL_PATH)/crypto/des/cbc_enc.c - $(OPENSSL_PATH)/crypto/des/cfb64ede.c - $(OPENSSL_PATH)/crypto/des/cfb64enc.c - $(OPENSSL_PATH)/crypto/des/cfb_enc.c - $(OPENSSL_PATH)/crypto/des/des_enc.c - $(OPENSSL_PATH)/crypto/des/ecb3_enc.c - $(OPENSSL_PATH)/crypto/des/ecb_enc.c - $(OPENSSL_PATH)/crypto/des/fcrypt.c - $(OPENSSL_PATH)/crypto/des/fcrypt_b.c - $(OPENSSL_PATH)/crypto/des/ofb64ede.c - $(OPENSSL_PATH)/crypto/des/ofb64enc.c - $(OPENSSL_PATH)/crypto/des/ofb_enc.c - $(OPENSSL_PATH)/crypto/des/pcbc_enc.c - $(OPENSSL_PATH)/crypto/des/qud_cksm.c - $(OPENSSL_PATH)/crypto/des/rand_key.c - $(OPENSSL_PATH)/crypto/des/set_key.c - $(OPENSSL_PATH)/crypto/des/str2key.c - $(OPENSSL_PATH)/crypto/des/xcbc_enc.c $(OPENSSL_PATH)/crypto/dh/dh_ameth.c $(OPENSSL_PATH)/crypto/dh/dh_asn1.c $(OPENSSL_PATH)/crypto/dh/dh_check.c @@ -514,8 +495,6 @@ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h $(OPENSSL_PATH)/crypto/conf/conf_def.h $(OPENSSL_PATH)/crypto/conf/conf_lcl.h - $(OPENSSL_PATH)/crypto/des/des_locl.h - $(OPENSSL_PATH)/crypto/des/spr.h $(OPENSSL_PATH)/crypto/dh/dh_locl.h $(OPENSSL_PATH)/crypto/dso/dso_locl.h $(OPENSSL_PATH)/crypto/evp/evp_locl.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 080e1d9305..5788d13cf7 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -178,25 +178,6 @@ $(OPENSSL_PATH)/crypto/cryptlib.c $(OPENSSL_PATH)/crypto/ctype.c $(OPENSSL_PATH)/crypto/cversion.c - $(OPENSSL_PATH)/crypto/des/cbc_cksm.c - $(OPENSSL_PATH)/crypto/des/cbc_enc.c - $(OPENSSL_PATH)/crypto/des/cfb64ede.c - $(OPENSSL_PATH)/crypto/des/cfb64enc.c - $(OPENSSL_PATH)/crypto/des/cfb_enc.c - $(OPENSSL_PATH)/crypto/des/des_enc.c - $(OPENSSL_PATH)/crypto/des/ecb3_enc.c - $(OPENSSL_PATH)/crypto/des/ecb_enc.c - $(OPENSSL_PATH)/crypto/des/fcrypt.c - $(OPENSSL_PATH)/crypto/des/fcrypt_b.c - $(OPENSSL_PATH)/crypto/des/ofb64ede.c - $(OPENSSL_PATH)/crypto/des/ofb64enc.c - $(OPENSSL_PATH)/crypto/des/ofb_enc.c - $(OPENSSL_PATH)/crypto/des/pcbc_enc.c - $(OPENSSL_PATH)/crypto/des/qud_cksm.c - $(OPENSSL_PATH)/crypto/des/rand_key.c - $(OPENSSL_PATH)/crypto/des/set_key.c - $(OPENSSL_PATH)/crypto/des/str2key.c - $(OPENSSL_PATH)/crypto/des/xcbc_enc.c $(OPENSSL_PATH)/crypto/dh/dh_ameth.c $(OPENSSL_PATH)/crypto/dh/dh_asn1.c $(OPENSSL_PATH)/crypto/dh/dh_check.c @@ -514,8 +495,6 @@ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h $(OPENSSL_PATH)/crypto/conf/conf_def.h $(OPENSSL_PATH)/crypto/conf/conf_lcl.h - $(OPENSSL_PATH)/crypto/des/des_locl.h - $(OPENSSL_PATH)/crypto/des/spr.h $(OPENSSL_PATH)/crypto/dh/dh_locl.h $(OPENSSL_PATH)/crypto/dso/dso_locl.h $(OPENSSL_PATH)/crypto/evp/evp_locl.h diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index 254bc4dbcc..5ceedf5d37 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -62,6 +62,7 @@ BEGIN { "no-cms", "no-ct", "no-deprecated", + "no-des", "no-dgram", "no-dsa", "no-dynamic-engine", --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59636): https://edk2.groups.io/g/devel/message/59636 Mute This Topic: https://groups.io/mt/74221330/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59637+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59637+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517625; cv=none; d=zohomail.com; s=zohoarc; b=fkvgbD74uUH2ME396rqsh49h2sTDUfc3mYM3jtcRhXs5eM3yVgoGSDrDq/oJ1VpDDb07kT4eRGz+CuKy0yD3+GbGDHEbb7nNrFjMQu8s2kCJGKmo64w9FW974ftbE48jf2lTp60UiddwnaGX3FJLY8hk9RCY7au2/IZ66FfLtsg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517625; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=vJslZM/PCtLXE1wR44FPr70XVhHno+bG/7Gd3Pe/ZKE=; b=PA/GWobcEc/iY9PYiaerqGfFpCgB4N9POvPUxwDv8c3aCRknV1qx8bQUsih81qaCNlZRidtI9tknaE6sQzyb7He4bXGB3Njo2I5EucfIBcExtORWZITpeR2kpCY42DmVqBJsEj8/TJCYVOUz+OgNRQMQ0CRxEKUWtM7HOrOwTbk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59637+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517625397431.1744328324721; Thu, 14 May 2020 21:40:25 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id pI4DYY1788612xwcXw0VVUPw; Thu, 14 May 2020 21:40:24 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:22 -0700 IronPort-SDR: Q4YN+HAGMZuEnfklDkMdJZsLy5kJW7B7aE3a3HsEgfw0+BVpRaNkmKANeFLpUzDsc/G1y5vvPz 0YwzM9EhnTzg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:20 -0700 IronPort-SDR: BRAug+Ih1kmITOMKDZUOOvnWpvpvRExhKhLKhMXnFrkqBTN9QsqOR670cRxq+W19G6HG9/UIjs /EnR06TRZ4cA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317499" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:18 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 08/13] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Date: Fri, 15 May 2020 12:39:43 +0800 Message-Id: <20200515043948.15028-9-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: h7qtl1u027pvdDqoLEnbvCyYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517624; bh=v0doaIMTSXz+YaJ7GLutV5P9CZkstktNG2hhxmOWwVg=; h=Cc:Date:From:Reply-To:Subject:To; b=QmuvCcUXjQIJZRb2Rb0DDRI5aLfDNA9QcQNrqA0bas+iSX0Zf8pkNRzZZkvKBSQ+QeF kqDZnA08kJPPIlOxgwGGJsDRvWiIzQRhUDzKSwx29jkUnrlccd2KD/vepQxP5EMv81Vj6 lYKjFbyZW+aNKIAlRzKSKFcJXCVgepyO/t4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Aes Ecb mode is not secure any longer. Remove the Aes Ecb mode support from edk2. Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 45 +++---- CryptoPkg/Driver/Crypto.c | 50 ++------ CryptoPkg/Include/Library/BaseCryptLib.h | 70 ----------- .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ------------------ .../BaseCryptLib/Cipher/CryptAesNull.c | 52 -------- .../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 -------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 76 ------------ CryptoPkg/Private/Protocol/Crypto.h | 61 ++-------- 8 files changed, 42 insertions(+), 478 deletions(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 6ed7046563..1f68cc633b 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,27 +137,30 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Ge= tContextSize | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.In= it | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cEncrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cb= cDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 642d0267d9..1337fea42a 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1801,79 +1801,51 @@ CryptoServiceAesInit ( } =20 /** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + AES ECB Mode is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be= encrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the AES encry= ption output. =20 - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceAesEcbEncrypt ( +DeprecatedCryptoServiceAesEcbEncrypt ( IN VOID *AesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt, (AesCo= ntext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("AesEcbEncrypt"), FALSE; } =20 /** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + AES ECB Mode is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be= decrypted. @param[in] InputSize Size of the Input buffer in bytes. @param[out] Output Pointer to a buffer that receives the AES decry= ption output. =20 - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceAesEcbDecrypt ( +DeprecatedCryptoServiceAesEcbDecrypt ( IN VOID *AesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ) { - return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt, (AesCo= ntext, Input, InputSize, Output), FALSE); + return BaseCryptLibServiceDeprecated ("AesEcbDecrypt"), FALSE; } =20 /** @@ -4376,11 +4348,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { DeprecatedCryptoServiceTdesEcbDecrypt, DeprecatedCryptoServiceTdesCbcEncrypt, DeprecatedCryptoServiceTdesCbcDecrypt, - /// AES + /// AES - ECB mode is deprecated and unsupported CryptoServiceAesGetContextSize, CryptoServiceAesInit, - CryptoServiceAesEcbEncrypt, - CryptoServiceAesEcbDecrypt, + DeprecatedCryptoServiceAesEcbEncrypt, + DeprecatedCryptoServiceAesEcbDecrypt, CryptoServiceAesCbcEncrypt, CryptoServiceAesCbcDecrypt, /// Arc4 - deprecated and unsupported diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 621bcfd1c4..86175c7a8a 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1323,76 +1323,6 @@ AesInit ( IN UINTN KeyLength ); =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ); - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/L= ibrary/BaseCryptLib/Cipher/CryptAes.c index 2515b34bb8..914cffb211 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c @@ -78,120 +78,6 @@ AesInit ( return TRUE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - AES_KEY *AesKey; - - // - // Check input parameters. - // - if (AesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % AES_BLOC= K_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - AesKey =3D (AES_KEY *) AesContext; - - // - // Perform AES data encryption with ECB mode (block-by-block) - // - while (InputSize > 0) { - AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT); - Input +=3D AES_BLOCK_SIZE; - Output +=3D AES_BLOCK_SIZE; - InputSize -=3D AES_BLOCK_SIZE; - } - - return TRUE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - AES_KEY *AesKey; - - // - // Check input parameters. - // - if (AesContext =3D=3D NULL || Input =3D=3D NULL || (InputSize % AES_BLOC= K_SIZE) !=3D 0 || Output =3D=3D NULL) { - return FALSE; - } - - AesKey =3D (AES_KEY *) AesContext; - - // - // Perform AES data decryption with ECB mode (block-by-block) - // - while (InputSize > 0) { - AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT); - Input +=3D AES_BLOCK_SIZE; - Output +=3D AES_BLOCK_SIZE; - InputSize -=3D AES_BLOCK_SIZE; - } - - return TRUE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoP= kg/Library/BaseCryptLib/Cipher/CryptAesNull.c index a82adacf4f..d235422e7a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c @@ -50,58 +50,6 @@ AesInit ( return FALSE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c b/Cry= ptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c index a82adacf4f..d235422e7a 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c @@ -50,58 +50,6 @@ AesInit ( return FALSE; } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - Return FALSE to indicate this interface is not supported. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - ASSERT (FALSE); - return FALSE; -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 43ee4e0841..c937f8540d 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1518,82 +1518,6 @@ AesInit ( CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, KeyLength), FALSE); } =20 -/** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbEncrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (AesEcbEncrypt, (AesContext, Input, InputSize, Outpu= t), FALSE); -} - -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -AesEcbDecrypt ( - IN VOID *AesContext, - IN CONST UINT8 *Input, - IN UINTN InputSize, - OUT UINT8 *Output - ) -{ - CALL_CRYPTO_SERVICE (AesEcbDecrypt, (AesContext, Input, InputSize, Outpu= t), FALSE); -} - /** Performs AES encryption on a data buffer of the specified size in CBC mo= de. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index a30660c192..e76ff623a5 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2498,69 +2498,22 @@ BOOLEAN ); =20 /** - Performs AES encryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES encryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= encrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES encry= ption output. - - @retval TRUE AES encryption succeeded. - @retval FALSE AES encryption failed. - @retval FALSE This interface is not supported. + AES ECB Mode is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_AES_ECB_ENCRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT) ( IN VOID *AesContext, IN CONST UINT8 *Input, IN UINTN InputSize, OUT UINT8 *Output ); =20 -/** - Performs AES decryption on a data buffer of the specified size in ECB mo= de. - - This function performs AES decryption on data buffer pointed by Input, o= f specified - size of InputSize, in ECB mode. - InputSize must be multiple of block size (16 bytes). This function does = not perform - padding. Caller must perform padding, if necessary, to ensure valid inpu= t data size. - AesContext should be already correctly initialized by AesInit(). Behavio= r with - invalid AES context is undefined. - - If AesContext is NULL, then return FALSE. - If Input is NULL, then return FALSE. - If InputSize is not multiple of block size (16 bytes), then return FALSE. - If Output is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] AesContext Pointer to the AES context. - @param[in] Input Pointer to the buffer containing the data to be= decrypted. - @param[in] InputSize Size of the Input buffer in bytes. - @param[out] Output Pointer to a buffer that receives the AES decry= ption output. - - @retval TRUE AES decryption succeeded. - @retval FALSE AES decryption failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_AES_ECB_DECRYPT) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT) ( IN VOID *AesContext, IN CONST UINT8 *Input, IN UINTN InputSize, @@ -3779,11 +3732,11 @@ struct _EDKII_CRYPTO_PROTOCOL { DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt; DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt; DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt; - /// AES + /// AES - ECB Mode is deprecated and unsupported EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; EDKII_CRYPTO_AES_INIT AesInit; - EDKII_CRYPTO_AES_ECB_ENCRYPT AesEcbEncrypt; - EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt; + DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncrypt; + DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecrypt; EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; /// Arc4 - deprecated and unsupported --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59637): https://edk2.groups.io/g/devel/message/59637 Mute This Topic: https://groups.io/mt/74221331/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59638+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59638+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517626; cv=none; d=zohomail.com; s=zohoarc; b=YJzw194hBDicIqWL+nmKw6ZZ6toRng079kUODjCWFVgXoIzKCqc5CrAlNPgtdRQj08MCdl+J2uAvKPaGMlL2fCJ9QvdRRYULhs9jEcUjhBZVtBcziawDDYIhIAIfoJUStURrEXOogAdOd0PrPFBrKOeeYNJ/lEtxIataQ+mAh+g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517626; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=nKKgWE2hkWXTQ7gs8rzU007tnwcXwjF4BUsf/HytlY0=; b=CBldVEphgFLnTBm7RjKz4PruDBPGJqopuEYAgwifFGCZvHq40u7sibD9cKMjtvMO45nMJX+GKMmA9acLZPYVxJlqp0khc0uBIe5I6fl+Kh0RtX8LR60minunZHgvQTGOu5XWgNgOSmj0lItSNrzxMiXNzyquyE1TT+crQ+6xIPs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59638+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517626665503.39654907013824; Thu, 14 May 2020 21:40:26 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id yd6AYY1788612xqB7R4eWsTO; Thu, 14 May 2020 21:40:25 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:22 -0700 IronPort-SDR: tdqPNl6nM4ZT3eKILTpUmp9E1PizzW/chxSLQgYrSh8P6pEhPKhiMiQNdjgHzDb6AQT6xmguxO b/XKEDAvvTqA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:22 -0700 IronPort-SDR: WNLeIRHq3XBsGt4Ht0Rlwut+63uN46aF3VSfvFnc7Bkqo+QaBybovNu2O5Vzrhw9HlO8+aBnEH s2G7E57sSIzA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317509" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:20 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 09/13] CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib Date: Fri, 15 May 2020 12:39:44 +0800 Message-Id: <20200515043948.15028-10-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: bpUf9VbMXby6Mzb40KSBIilhx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517625; bh=I47ICKvocEalbxXhJ31JG+Db4u8Pct836HOINyLNTAI=; h=Cc:Date:From:Reply-To:Subject:To; b=T8ggdknfQs2nn5bjqtHMrKJPM1Veaw+U+yp7gx5kT5OkDjCYNnyorNyt0X/x3sciINe jfWELWBp2Ehyoj31vZWD1+EzMnMnzoKophx5uzPdHPGQ2e+ig6CaN/ig0Xl+slR5uKQHA s0WrQ5qzsr/Sdl4HrNZ5Y7PPEez1hPz4qyY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Add the unrequired aes_ecb files in process_files.pl and run it thru perl. It would remove the unrequired aes_ecb files from OpensslLib inf. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 - CryptoPkg/Library/OpensslLib/process_files.pl | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index d66f1cb03f..c8ec9454bd 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -29,7 +29,6 @@ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c $(OPENSSL_PATH)/crypto/aes/aes_cfb.c $(OPENSSL_PATH)/crypto/aes/aes_core.c - $(OPENSSL_PATH)/crypto/aes/aes_ecb.c $(OPENSSL_PATH)/crypto/aes/aes_ige.c $(OPENSSL_PATH)/crypto/aes/aes_misc.c $(OPENSSL_PATH)/crypto/aes/aes_ofb.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/= Library/OpensslLib/OpensslLibCrypto.inf index 5788d13cf7..2f232e3e12 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -29,7 +29,6 @@ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c $(OPENSSL_PATH)/crypto/aes/aes_cfb.c $(OPENSSL_PATH)/crypto/aes/aes_core.c - $(OPENSSL_PATH)/crypto/aes/aes_ecb.c $(OPENSSL_PATH)/crypto/aes/aes_ige.c $(OPENSSL_PATH)/crypto/aes/aes_misc.c $(OPENSSL_PATH)/crypto/aes/aes_ofb.c diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Libr= ary/OpensslLib/process_files.pl index 5ceedf5d37..65d07a2aed 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -144,6 +144,7 @@ foreach my $product ((@{$unified_info{libraries}}, next if $s =3D~ "crypto/rand/randfile.c"; next if $s =3D~ "crypto/store/"; next if $s =3D~ "crypto/err/err_all.c"; + next if $s =3D~ "crypto/aes/aes_ecb.c"; =20 if ($product =3D~ "libssl") { push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59638): https://edk2.groups.io/g/devel/message/59638 Mute This Topic: https://groups.io/mt/74221332/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59639+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59639+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517628; cv=none; d=zohomail.com; s=zohoarc; b=YJqWcpOlkQ+HJKpNccjnkEC4SPT6ZiFRZC71i7muccrUj1lc8zjMzJI5MVkDkwUhF5yrPgzht99MATebRTgNxU7PTfTVx7f15zQSq85QE/XAnnCA2f3fy5wGyxwf75Bp4Vwujz/hezlchTNZFO5YFqVwpNeLHvjV0yczGv0i7VY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517628; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qFaf5utkcTFmC3puP//6/Kdq82Hy8AS0TLF9Oo4swzU=; b=ROE3zTfOkrWTQDg/xQst7vc0mO0zykgiZVsiWexcDhCHkxMwvG7dC8YOTzMW97iEDyFZjSB8Ij4W2oz92iAr7FGL+HVoh+IwJQoBg5k88fiW54JgOkFwpuOjA/e0J9tgebjiG/1ZI64GSwj9z314KjSfAiAx3iF97Gg5fbG1ui4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59639+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517628346737.8389257756778; Thu, 14 May 2020 21:40:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id GYA1YY1788612xEvam17Txu6; Thu, 14 May 2020 21:40:27 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:26 -0700 IronPort-SDR: gJpuvHCF+STJcLaHoOkgg9GisS+eGArvFA00lSS49Ktsd4nLqI2ZTUSmzMUDIChi6u8urCk5vt ECw97TsnZoIw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:25 -0700 IronPort-SDR: +t3lY2KRfWIVYcUhaL1T9p7YK20zbuw8Lm8Nx+QKDjCziTURz+mjhH0enAWgC1wzjg8MGEkOxC c5biXXmkiwXw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317528" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:22 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 10/13] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Date: Fri, 15 May 2020 12:39:45 +0800 Message-Id: <20200515043948.15028-11-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: k7wGr5M4LcU1ey6KOzjALqJcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517627; bh=S/+QVYFUkNi5carBynFcCo7H4bUaed3dfvt8uguEmxk=; h=Cc:Date:From:Reply-To:Subject:To; b=JKzv0xkZexI8zyVYG10i7bZib5YXBzvZfKBXDdy6F+gMroMGdNYT+zShUTQ//teiKQw GBYmQRamdHddPNd2RiMoDrAznRUuIdMbZlHkCCby+vN1ZLaSKe0gyT9U+fIsU66iGl/jl jPAQkprMdToY8ghQFLYYxyh8jAUEYR9aBEE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 HMAC MD5 is not secure any longer. Remove the HMAC MD5 support from edk2. Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 1 - CryptoPkg/Driver/Crypto.c | 96 +++----- CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------ .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------ CryptoPkg/Private/Protocol/Crypto.h | 117 ++-------- 16 files changed, 55 insertions(+), 960 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Nul= l.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 1f68cc633b..9ddf73f9fa 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,7 +137,6 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 1337fea42a..1cd5923ce2 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1160,154 +1160,120 @@ CryptoServiceSm3HashAll ( //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. @retval NULL This interface is not supported. =20 **/ VOID * EFIAPI -CryptoServiceHmacMd5New ( +DeprecatedCryptoServiceHmacMd5New ( VOID ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), NULL); + return BaseCryptLibServiceDeprecated ("HmacMd5New"), NULL; } =20 /** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. =20 **/ VOID EFIAPI -CryptoServiceHmacMd5Free ( +DeprecatedCryptoServiceHmacMd5Free ( IN VOID *HmacMd5Ctx ) { - CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, (HmacMd5Ctx)= ); + BaseCryptLibServiceDeprecated ("HmacMd5Free"); } =20 /** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] HmacMd5Context Pointer to HMAC-MD5 context. @param[in] Key Pointer to the user-supplied key. @param[in] KeySize Key size in bytes. =20 - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5SetKey ( +DeprecatedCryptoServiceHmacMd5SetKey ( OUT VOID *HmacMd5Context, IN CONST UINT8 *Key, IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, (HmacM= d5Context, Key, KeySize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5SetKey"), FALSE; } =20 /** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. =20 - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5Duplicate ( +DeprecatedCryptoServiceHmacMd5Duplicate ( IN CONST VOID *HmacMd5Context, OUT VOID *NewHmacMd5Context ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, HmacMd5Duplicate, = (HmacMd5Context, NewHmacMd5Context), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5Duplicate"), FALSE; } =20 /** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[in] Data Pointer to the buffer containing the da= ta to be digested. @param[in] DataSize Size of Data buffer in bytes. =20 - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5Update ( +DeprecatedCryptoServiceHmacMd5Update ( IN OUT VOID *HmacMd5Context, IN CONST VOID *Data, IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, (HmacM= d5Context, Data, DataSize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5Update"), FALSE; } =20 /** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest value (16 bytes). =20 - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacMd5Final ( +DeprecatedCryptoServiceHmacMd5Final ( IN OUT VOID *HmacMd5Context, OUT UINT8 *HmacValue ) { - return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, (HmacMd5= Context, HmacValue), FALSE); + return BaseCryptLibServiceDeprecated ("HmacMd5Final"), FALSE; } =20 /** @@ -4234,13 +4200,13 @@ CryptoServiceTlsGetCertRevocationList ( const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { /// Version CryptoServiceGetCryptoVersion, - /// HMAC MD5 - CryptoServiceHmacMd5New, - CryptoServiceHmacMd5Free, - CryptoServiceHmacMd5SetKey, - CryptoServiceHmacMd5Duplicate, - CryptoServiceHmacMd5Update, - CryptoServiceHmacMd5Final, + /// HMAC MD5 - deprecated and unsupported + DeprecatedCryptoServiceHmacMd5New, + DeprecatedCryptoServiceHmacMd5Free, + DeprecatedCryptoServiceHmacMd5SetKey, + DeprecatedCryptoServiceHmacMd5Duplicate, + DeprecatedCryptoServiceHmacMd5Update, + DeprecatedCryptoServiceHmacMd5Final, /// HMAC SHA1 CryptoServiceHmacSha1New, CryptoServiceHmacSha1Free, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 86175c7a8a..b99401661c 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -880,139 +880,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ); - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 2de8e9c346..33d7c13bff 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -34,7 +34,6 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacMd5.c Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg= /Library/BaseCryptLib/Hmac/CryptHmacMd5.c deleted file mode 100644 index da46ce09f4..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *) HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || KeySize > INT_MAX) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP= _md5(), NULL) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || NewHmacMd5Context =3D=3D NULL) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Con= text) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 digest computation and retrieves the di= gest value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if (HmacMd5Context =3D=3D NULL || HmacValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL HMAC-MD5 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) !=3D 1) { - return FALSE; - } - if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) !=3D 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/Crypt= oPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index f631f8d879..2a630ef290 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index c906935d3d..95c71a8ae2 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// Note: HMAC-SHA1 functions, AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certific= ate handler functions, authenticode signature verification functions, PEM h= andler functions, and pseudorandom number generator functions are not suppo= rted in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, X.509 certificate handler function= s, authenticode signature verification functions, PEM handler functions, an= d pseudorandom number generator functions are not supported in this instanc= e." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 672e19299c..1642521087 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA exte= rnal +# HMAC-SHA1/SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index 0a3bb1c04f..f7e1acb3a7 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// Note: HMAC-SHA1 functions, AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index cc3556ae3f..ec9c8e7c05 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external +# HMAC-SHA1 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -39,7 +39,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 2e362c635f..8eb3acac93 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES +// Note: HMAC-SHA1 functions, AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions,= PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentico= de signature verification functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 04b552f8b7..558ccfc002 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -34,7 +34,6 @@ Hash/CryptSha256Null.c Hash/CryptSha512Null.c Hash/CryptSm3Null.c - Hmac/CryptHmacMd5Null.c Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/C= ryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c deleted file mode 100644 index 5de55bf0d5..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-MD5 Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - Return NULL to indicate this interface is not supported. - - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-MD5 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-MD5 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index c937f8540d..dfe7fb7e91 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1015,157 +1015,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacMd5New ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5New, (), NULL); -} - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacMd5Free ( - IN VOID *HmacMd5Ctx - ) -{ - CALL_VOID_CRYPTO_SERVICE (HmacMd5Free, (HmacMd5Ctx)); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE Key is set successfully. - @retval FALSE Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5SetKey ( - OUT VOID *HmacMd5Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5SetKey, (HmacMd5Context, Key, KeySize), FALS= E); -} - -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Duplicate ( - IN CONST VOID *HmacMd5Context, - OUT VOID *NewHmacMd5Context - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Contex= t), FALSE); -} - -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Update ( - IN OUT VOID *HmacMd5Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5Update, (HmacMd5Context, Data, DataSize), FA= LSE); -} - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacMd5Final ( - IN OUT VOID *HmacMd5Context, - OUT UINT8 *HmacValue - ) -{ - CALL_CRYPTO_SERVICE (HmacMd5Final, (HmacMd5Context, HmacValue), FALSE); -} - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index e76ff623a5..bd4cd7f383 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -43,135 +43,48 @@ UINTN // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 u= se. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacMd5New() returns NULL. - @retval NULL This interface is not supported. + HMAC MD5 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef VOID* -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_NEW) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW) ( VOID ); =20 -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. - -**/ typedef VOID -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FREE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE) ( IN VOID *HmacMd5Ctx ); =20 -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacMd5Update(). - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacMd5Context Pointer to HMAC-MD5 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE HMAC-MD5 context initialization succeeded. - @retval FALSE HMAC-MD5 context initialization failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY) ( OUT VOID *HmacMd5Context, IN CONST UINT8 *Key, IN UINTN KeySize ); =20 -/** - Makes a copy of an existing HMAC-MD5 context. - - If HmacMd5Context is NULL, then return FALSE. - If NewHmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. - @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. - - @retval TRUE HMAC-MD5 context copy succeeded. - @retval FALSE HMAC-MD5 context copy failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE) ( IN CONST VOID *HmacMd5Context, OUT VOID *NewHmacMd5Context ); =20 -/** - Digests the input data and updates HMAC-MD5 context. - - This function performs HMAC-MD5 digest on a data buffer of the specified= size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-MD5 data digest succeeded. - @retval FALSE HMAC-MD5 data digest failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_UPDATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE) ( IN OUT VOID *HmacMd5Context, IN CONST VOID *Data, IN UINTN DataSize ); =20 - -/** - Completes computation of the HMAC-MD5 digest value. - - This function completes HMAC-MD5 hash computation and retrieves the dige= st value into - the specified memory. After this function has been called, the HMAC-MD5 = context cannot - be used again. - HMAC-MD5 context should be initialized by HmacMd5New(), and should not b= e finalized by - HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - - If HmacMd5Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. - @param[out] HmacValue Pointer to a buffer that receives the H= MAC-MD5 digest - value (16 bytes). - - @retval TRUE HMAC-MD5 digest computation succeeded. - @retval FALSE HMAC-MD5 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FINAL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL) ( IN OUT VOID *HmacMd5Context, OUT UINT8 *HmacValue ); @@ -3618,13 +3531,13 @@ EFI_STATUS struct _EDKII_CRYPTO_PROTOCOL { /// Version EDKII_CRYPTO_GET_VERSION GetVersion; - /// HMAC MD5 - EDKII_CRYPTO_HMAC_MD5_NEW HmacMd5New; - EDKII_CRYPTO_HMAC_MD5_FREE HmacMd5Free; - EDKII_CRYPTO_HMAC_MD5_SET_KEY HmacMd5SetKey; - EDKII_CRYPTO_HMAC_MD5_DUPLICATE HmacMd5Duplicate; - EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update; - EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final; + /// HMAC MD5 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Free; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5SetKey; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplica= te; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update; + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final; /// HMAC SHA1 EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59639): https://edk2.groups.io/g/devel/message/59639 Mute This Topic: https://groups.io/mt/74221333/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59640+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59640+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517633; cv=none; d=zohomail.com; s=zohoarc; b=a2/wy3RmayT3ytvNCh0s/v/XfUHMkjRmQPD76QmMX2QF+0iuV82uvmclIh6V8Sre0QrMhYcJVK5Tg3HAP7hsl4u3GIWoW0AMWIB3XRUpmZYVv5LadL9QcDGoFRPTI6gfzF3YnyzP802WilM7lD7/BfIJbV0O7Dzs4RhYWrtPtZw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517633; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=P/qc5bjNfalzrg/dLu19Y4x4iXRLTYaS9XC0XLw/ZIk=; b=HnRqVHbIqLu6j3S2GrIQYvTVlUcDXegUCJrxAdgne2MPeSgVV6PyhGW6seAl85ZCwCXCyHiesudK+zP6PBAA9BILNdcvaF6aAX1hl0C2PfBSG7wiG7XQarYb9IHcVC0jpWMFLDTPLNplD9C656slc4CWSXBXMkWzhzI2XqQUChk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59640+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517633185883.1282846302163; Thu, 14 May 2020 21:40:33 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 1H97YY1788612xZIVRWMqFeX; Thu, 14 May 2020 21:40:31 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:29 -0700 IronPort-SDR: vbAjdZaH/SydiDrtqzB2SWkarAx8/nZbBn1ociroc8BttqBAWxJKXcQgngoQ3TEv8eUHTn178a f2i9Bn/wbxyA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:27 -0700 IronPort-SDR: Uv2XCrSlgmkWlR9Wj7/qmfGdEmFsuX3QxdXWqkVJu6u116yZO/dMBcOhZfKynHTpV6e65cgqWg 189voiOfyJLw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317543" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:25 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 11/13] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Date: Fri, 15 May 2020 12:39:46 +0800 Message-Id: <20200515043948.15028-12-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: y2eXt6au0lQEGSa8f8jne7ajx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517631; bh=OxSQCPG3efO8WQUKUekEeZpxbcQ22VoRw/SwiGGGN0g=; h=Cc:Date:From:Reply-To:Subject:To; b=vQbtWMfD2s6j0OQ8K21iCNRM39hEBX5wY63uaWHhfP7eUDVH3iuNoIV/JkSZkWfKlv1 Z4lfh8p/6QyP9D/2LiT9eClKWmgwLlm4HPFU7mln1WAVWQiLumZ26oWUcBcGQf2HaLzfh sd/vHbWvYuan8sE0Xf5uZqsmWZGxWVSTxmc= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 HMAC SHA1 is not secure any longer. Remove the HMAC SHA1 support from edk2. Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 3 - CryptoPkg/Driver/Crypto.c | 96 +++----- CryptoPkg/Include/Library/BaseCryptLib.h | 133 ----------- .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ------------------ .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 4 +- .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 ----------- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------ CryptoPkg/Private/Protocol/Crypto.h | 121 ++-------- 16 files changed, 55 insertions(+), 967 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu= ll.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 9ddf73f9fa..1af78468a1 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -137,7 +137,6 @@ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 =20 !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -163,7 +162,6 @@ !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_PEI - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY @@ -178,7 +176,6 @@ !endif =20 !if $(CRYPTO_SERVICES) =3D=3D MIN_DXE_MIN_SMM - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family= | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fami= ly | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs1v2Encrypt | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.P= kcs5HashPassword | TRUE diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 1cd5923ce2..73ae566755 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -1277,154 +1277,120 @@ DeprecatedCryptoServiceHmacMd5Final ( } =20 /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - If this interface is not supported, then return NULL. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. @return NULL This interface is not supported. =20 **/ VOID * EFIAPI -CryptoServiceHmacSha1New ( +DeprecatedCryptoServiceHmacSha1New ( VOID ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.New, HmacSha1New, (), NULL); + return BaseCryptLibServiceDeprecated ("HmacSha1New"), NULL; } =20 /** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. =20 **/ VOID EFIAPI -CryptoServiceHmacSha1Free ( +DeprecatedCryptoServiceHmacSha1Free ( IN VOID *HmacSha1Ctx ) { - CALL_VOID_BASECRYPTLIB (HmacSha1.Services.Free, HmacSha1Free, (HmacSha1C= tx)); + BaseCryptLibServiceDeprecated ("HmacSha1Free"); } =20 /** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. @param[in] Key Pointer to the user-supplied key. @param[in] KeySize Key size in bytes. =20 - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacSha1SetKey ( +DeprecatedCryptoServiceHmacSha1SetKey ( OUT VOID *HmacSha1Context, IN CONST UINT8 *Key, IN UINTN KeySize ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.SetKey, HmacSha1SetKey, (Hma= cSha1Context, Key, KeySize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1SetKey"), FALSE; } =20 /** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. =20 - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacSha1Duplicate ( +DeprecatedCryptoServiceHmacSha1Duplicate ( IN CONST VOID *HmacSha1Context, OUT VOID *NewHmacSha1Context ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Duplicate, HmacSha1Duplicate= , (HmacSha1Context, NewHmacSha1Context), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1Duplicate"), FALSE; } =20 /** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. @param[in] Data Pointer to the buffer containing the da= ta to be digested. @param[in] DataSize Size of Data buffer in bytes. =20 - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacSha1Update ( +DeprecatedCryptoServiceHmacSha1Update ( IN OUT VOID *HmacSha1Context, IN CONST VOID *Data, IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Update, HmacSha1Update, (Hma= cSha1Context, Data, DataSize), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1Update"), FALSE; } =20 /** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the dig= est value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest value (20 bytes). =20 - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. @retval FALSE This interface is not supported. =20 **/ BOOLEAN EFIAPI -CryptoServiceHmacSha1Final ( +DeprecatedCryptoServiceHmacSha1Final ( IN OUT VOID *HmacSha1Context, OUT UINT8 *HmacValue ) { - return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, (HmacS= ha1Context, HmacValue), FALSE); + return BaseCryptLibServiceDeprecated ("HmacSha1Final"), FALSE; } =20 /** @@ -4207,13 +4173,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { DeprecatedCryptoServiceHmacMd5Duplicate, DeprecatedCryptoServiceHmacMd5Update, DeprecatedCryptoServiceHmacMd5Final, - /// HMAC SHA1 - CryptoServiceHmacSha1New, - CryptoServiceHmacSha1Free, - CryptoServiceHmacSha1SetKey, - CryptoServiceHmacSha1Duplicate, - CryptoServiceHmacSha1Update, - CryptoServiceHmacSha1Final, + /// HMAC SHA1 - deprecated and unsupported + DeprecatedCryptoServiceHmacSha1New, + DeprecatedCryptoServiceHmacSha1Free, + DeprecatedCryptoServiceHmacSha1SetKey, + DeprecatedCryptoServiceHmacSha1Duplicate, + DeprecatedCryptoServiceHmacSha1Update, + DeprecatedCryptoServiceHmacSha1Final, /// HMAC SHA256 CryptoServiceHmacSha256New, CryptoServiceHmacSha256Free, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index b99401661c..1b1ffa75ef 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -880,139 +880,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ); - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the dig= est value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. =20 diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index 33d7c13bff..4aae2aba95 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -34,7 +34,6 @@ Hash/CryptSha256.c Hash/CryptSha512.c Hash/CryptSm3.c - Hmac/CryptHmacSha1.c Hmac/CryptHmacSha256.c Kdf/CryptHkdf.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPk= g/Library/BaseCryptLib/Hmac/CryptHmacSha1.c deleted file mode 100644 index 7593ca55b1..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ /dev/null @@ -1,216 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - // - // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new() - // - return (VOID *) HMAC_CTX_new (); -} - -/** - Release the specified HMAC_CTX context. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - // - // Free OpenSSL HMAC_CTX Context - // - HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL || KeySize > INT_MAX) { - return FALSE; - } - - if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EV= P_sha1(), NULL) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL || NewHmacSha1Context =3D=3D NULL) { - return FALSE; - } - - if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1C= ontext) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in= OpenSSL - // - if (Data =3D=3D NULL && DataSize !=3D 0) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA1 digest update - // - if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) !=3D 1) { - return FALSE; - } - - return TRUE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 digest computation and retrieves the d= igest value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - UINT32 Length; - - // - // Check input parameters. - // - if (HmacSha1Context =3D=3D NULL || HmacValue =3D=3D NULL) { - return FALSE; - } - - // - // OpenSSL HMAC-SHA1 digest finalization - // - if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) !=3D 1)= { - return FALSE; - } - if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) !=3D 1) { - return FALSE; - } - - return TRUE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/Cryp= toPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c deleted file mode 100644 index e8c0f341b7..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation which does not provide real capabilitie= s. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index 2a630ef290..dc28e3a11d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: -# HMAC-SHA1/SHA256 functions, AES functions, RSA external +# HMAC-SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = X.509 # certificate handler functions, authenticode signature verification func= tions, # PEM handler functions, and pseudorandom number generator functions are = not @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.uni index 95c71a8ae2..20ae64e8bf 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-SHA1 functions, AES +// Note: AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, X.509 certificate handler functions, authenti= code // signature verification functions, PEM handler functions, and pseudorand= om number @@ -21,5 +21,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for PEIM" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, X.509 certificate handler function= s, authenticode signature verification functions, PEM handler functions, an= d pseudorandom number generator functions are not supported in this instanc= e." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, X.509 certificate handler functions, authenticode signa= ture verification functions, PEM handler functions, and pseudorandom number= generator functions are not supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 1642521087..5005beed02 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -7,7 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-SHA1/SHA256 functions, AES functions, RSA external +# HMAC-SHA256 functions, AES functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in this= instance. # @@ -40,7 +40,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.uni index f7e1acb3a7..0cf378c5ab 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-SHA1 functions, AES +// Note: AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for DXE_RUNTIME_DRIVER" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index ec9c8e7c05..91ec3e03bf 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -7,8 +7,7 @@ # buffer overflow or integer overflow. # # Note: SHA-384 Digest functions, SHA-512 Digest functions, -# HMAC-SHA1 functions, RSA external -# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and +# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellma= n functions, and # authenticode signature verification functions are not supported in this= instance. # # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
@@ -39,7 +38,6 @@ Hash/CryptSha256.c Hash/CryptSm3.c Hash/CryptSha512Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256.c Kdf/CryptHkdfNull.c Cipher/CryptAes.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.uni index 8eb3acac93..f0c33abbcf 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issue= s such as // buffer overflow or integer overflow. // -// Note: HMAC-SHA1 functions, AES +// Note: AES // functions, RSA external functions, PKCS#7 SignedData sign functions, // Diffie-Hellman functions, and authenticode signature verification funct= ions are // not supported in this instance. @@ -20,5 +20,5 @@ =20 #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Lib= rary Instance for SMM driver" =20 -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: HMAC= -SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData s= ign functions, Diffie-Hellman functions, and authenticode signature verific= ation functions are not supported in this instance." +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This mod= ule requires additional review when modified. This library will have extern= al input - signature. This external input must be validated carefully to av= oid security issues such as buffer overflow or integer overflow. Note: AES = functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie= -Hellman functions, and authenticode signature verification functions are n= ot supported in this instance." =20 diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/Cryp= toPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 558ccfc002..689af4fedd 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -34,7 +34,6 @@ Hash/CryptSha256Null.c Hash/CryptSha512Null.c Hash/CryptSm3Null.c - Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha256Null.c Kdf/CryptHkdfNull.c Cipher/CryptAesNull.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/= CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c deleted file mode 100644 index e8c0f341b7..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c +++ /dev/null @@ -1,139 +0,0 @@ -/** @file - HMAC-SHA1 Wrapper Implementation which does not provide real capabilitie= s. - -Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - Return NULL to indicate this interface is not supported. - - @return NULL This interface is not supported.. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - ASSERT (FALSE); - return NULL; -} - -/** - Release the specified HMAC_CTX context. - - This function will do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - ASSERT (FALSE); - return; -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - Return FALSE to indicate this interface is not supported. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index dfe7fb7e91..a614b61ed4 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1015,157 +1015,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1New, (), NULL); -} - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ) -{ - CALL_VOID_CRYPTO_SERVICE (HmacSha1Free, (HmacSha1Ctx)); -} - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1SetKey, (HmacSha1Context, Key, KeySize), FA= LSE); -} - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Con= text), FALSE); -} - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1Update, (HmacSha1Context, Data, DataSize), = FALSE); -} - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the dig= est value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ) -{ - CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context, HmacValue), FALSE); -} - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA25= 6 use. =20 diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index bd4cd7f383..d167390774 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -89,140 +89,49 @@ BOOLEAN OUT UINT8 *HmacValue ); =20 - /** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 = use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. + HMAC SHA1 is deprecated and unsupported any longer. + Keep the function field for binary compability. =20 **/ typedef VOID* -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_NEW) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW) ( VOID ); =20 -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ typedef VOID -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FREE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE) ( IN VOID *HmacSha1Ctx ); =20 - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_SET_KEY) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY) ( OUT VOID *HmacSha1Context, IN CONST UINT8 *Key, IN UINTN KeySize ); =20 - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copie= d. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) ( IN CONST VOID *HmacSha1Context, OUT VOID *NewHmacSha1Context ); =20 - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specifie= d size. - It can be called multiple times to compute the digest of long or discont= inuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the da= ta to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_UPDATE) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE) ( IN OUT VOID *HmacSha1Context, IN CONST VOID *Data, IN UINTN DataSize ); =20 - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the dig= est value into - the specified memory. After this function has been called, the HMAC-SHA1= context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not= be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the = HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ typedef BOOLEAN -(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FINAL) ( +(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL) ( IN OUT VOID *HmacSha1Context, OUT UINT8 *HmacValue ); @@ -3538,13 +3447,13 @@ struct _EDKII_CRYPTO_PROTOCOL { DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplica= te; DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update; DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final; - /// HMAC SHA1 - EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New; - EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free; - EDKII_CRYPTO_HMAC_SHA1_SET_KEY HmacSha1SetKey; - EDKII_CRYPTO_HMAC_SHA1_DUPLICATE HmacSha1Duplicate; - EDKII_CRYPTO_HMAC_SHA1_UPDATE HmacSha1Update; - EDKII_CRYPTO_HMAC_SHA1_FINAL HmacSha1Final; + /// HMAC SHA1 - deprecated and unsupported + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW DeprecatedHmacSha1New; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE DeprecatedHmacSha1Free; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY DeprecatedHmacSha1SetKey; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE DeprecatedHmacSha1Duplic= ate; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE DeprecatedHmacSha1Update; + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL DeprecatedHmacSha1Final; /// HMAC SHA256 EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New; EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59640): https://edk2.groups.io/g/devel/message/59640 Mute This Topic: https://groups.io/mt/74221334/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59641+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59641+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517634; cv=none; d=zohomail.com; s=zohoarc; b=YZtvTbDhS2evnkisqMagaRn7LQ0+sMbbql9S0nk8r3OPC9KU8TW0OhVnU6QvmysHCdr6wBIhvULQ66wNAQWpl3MJXWFAkCG8mmWt4T/8TSj0AifrxFh8HtZ4f7TP2Ds06Dsf2sqJR0IRQcOS44n2CyX4/2sCe8RRo6G6FBXld+o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517634; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=FojvKQrvFYQHWl2d2k9ikMFKI6VIfYoWQIyRzxhibOw=; b=mozkRXTWHDzWGcmpC/EiaTXuhzbuAp8xGiYgUENn4o1wRm3xe2b/8a0pr2j1JTm4HQzcmQHe7RkdK4kk5w6XiF8jHkpqlXlV20DS+7/6k7mLKi++X5m0EUMFHku3OJ/BXEKp7IV3qivXzUgNksEZ1OXKSxizschBg8FEeVyCY5s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59641+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517634136473.0650992448668; Thu, 14 May 2020 21:40:34 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id tqOaYY1788612xpRht13zbg4; Thu, 14 May 2020 21:40:33 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:30 -0700 IronPort-SDR: 7sEvatBAudOjvW4KSn9EswbZk+KC5dqyndE54nj/Lug8AKl0My9p6MCpoW5Etlwd/ENqa66Cek flOWbwBXWzLw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:30 -0700 IronPort-SDR: xhlqJjVZ3qH5UCbXEabctUc67iRoyhhMnaQxf+WItXeQRd73CGF8kS/knl/NoPOWzr5JSMn2uW yLEv7maLFvyA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317579" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:27 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Liming Gao Subject: [edk2-devel] [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format Date: Fri, 15 May 2020 12:39:47 +0800 Message-Id: <20200515043948.15028-13-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: zFgmOPudDVuTbgV3oNEvr2vtx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517633; bh=5eiadsHzqRKPiPugemoHF0a92idMi612eRKvpjD2xVo=; h=Cc:Date:From:Reply-To:Subject:To; b=CXT8/ttl4qElZzlDihNaX8O5eoYt+8GlH1lEb+937oLkw4wg9BHM5xTo/cvzqZAUecv PjzQgysrz2S0FduwlCCJ748dA06ffVn9WMKf1lD2/LSNSOMe2BgZhcF3emGZbcLXN5vQU 9GbDpKte9bEz+OMpCWG0dlPP2XzNuNwSXOI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 Convert file ending of the crypto created openssl config file - opensslconf.h from '\n' to '\r\n' to make align the line ending and pass the patch check. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Liming Gao Signed-off-by: Zhichao Gao Reviewed-by: Jian J Wang --- .../Library/Include/openssl/opensslconf.h | 680 +++++++++--------- 1 file changed, 340 insertions(+), 340 deletions(-) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Li= brary/Include/openssl/opensslconf.h index 70862e1054..62c2736cb0 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -1,349 +1,349 @@ -/* - * WARNING: do not edit! - * Generated from include/openssl/opensslconf.h.in - * - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef OPENSSL_ALGORITHM_DEFINES -# error OPENSSL_ALGORITHM_DEFINES no longer supported -#endif - -/* - * OpenSSL was configured with the following options: - */ - -#ifndef OPENSSL_SYS_UEFI -# define OPENSSL_SYS_UEFI 1 -#endif -#define OPENSSL_MIN_API 0x10100000L -#ifndef OPENSSL_NO_BF -# define OPENSSL_NO_BF -#endif -#ifndef OPENSSL_NO_BLAKE2 -# define OPENSSL_NO_BLAKE2 -#endif -#ifndef OPENSSL_NO_CAMELLIA -# define OPENSSL_NO_CAMELLIA -#endif -#ifndef OPENSSL_NO_CAST -# define OPENSSL_NO_CAST -#endif -#ifndef OPENSSL_NO_CHACHA -# define OPENSSL_NO_CHACHA -#endif -#ifndef OPENSSL_NO_CMS -# define OPENSSL_NO_CMS -#endif -#ifndef OPENSSL_NO_CT -# define OPENSSL_NO_CT -#endif +/* + * WARNING: do not edit! + * Generated from include/openssl/opensslconf.h.in + * + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +#ifndef OPENSSL_SYS_UEFI +# define OPENSSL_SYS_UEFI 1 +#endif +#define OPENSSL_MIN_API 0x10100000L +#ifndef OPENSSL_NO_BF +# define OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BLAKE2 +# define OPENSSL_NO_BLAKE2 +#endif +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAST +# define OPENSSL_NO_CAST +#endif +#ifndef OPENSSL_NO_CHACHA +# define OPENSSL_NO_CHACHA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_CT +# define OPENSSL_NO_CT +#endif #ifndef OPENSSL_NO_DES # define OPENSSL_NO_DES #endif -#ifndef OPENSSL_NO_DSA -# define OPENSSL_NO_DSA -#endif -#ifndef OPENSSL_NO_EC -# define OPENSSL_NO_EC -#endif -#ifndef OPENSSL_NO_IDEA -# define OPENSSL_NO_IDEA -#endif -#ifndef OPENSSL_NO_MD2 -# define OPENSSL_NO_MD2 -#endif +#ifndef OPENSSL_NO_DSA +# define OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_EC +# define OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_IDEA +# define OPENSSL_NO_IDEA +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif #ifndef OPENSSL_NO_MD4 # define OPENSSL_NO_MD4 #endif -#ifndef OPENSSL_NO_MDC2 -# define OPENSSL_NO_MDC2 -#endif -#ifndef OPENSSL_NO_POLY1305 -# define OPENSSL_NO_POLY1305 -#endif -#ifndef OPENSSL_NO_RC2 -# define OPENSSL_NO_RC2 -#endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_POLY1305 +# define OPENSSL_NO_POLY1305 +#endif +#ifndef OPENSSL_NO_RC2 +# define OPENSSL_NO_RC2 +#endif #ifndef OPENSSL_NO_RC4 # define OPENSSL_NO_RC4 #endif -#ifndef OPENSSL_NO_RC5 -# define OPENSSL_NO_RC5 -#endif -#ifndef OPENSSL_NO_RMD160 -# define OPENSSL_NO_RMD160 -#endif -#ifndef OPENSSL_NO_SEED -# define OPENSSL_NO_SEED -#endif -#ifndef OPENSSL_NO_SM2 -# define OPENSSL_NO_SM2 -#endif -#ifndef OPENSSL_NO_SRP -# define OPENSSL_NO_SRP -#endif -#ifndef OPENSSL_NO_TS -# define OPENSSL_NO_TS -#endif -#ifndef OPENSSL_NO_WHIRLPOOL -# define OPENSSL_NO_WHIRLPOOL -#endif -#ifndef OPENSSL_RAND_SEED_NONE -# define OPENSSL_RAND_SEED_NONE -#endif -#ifndef OPENSSL_NO_AFALGENG -# define OPENSSL_NO_AFALGENG -#endif -#ifndef OPENSSL_NO_APPS -# define OPENSSL_NO_APPS -#endif -#ifndef OPENSSL_NO_ASAN -# define OPENSSL_NO_ASAN -#endif -#ifndef OPENSSL_NO_ASM -# define OPENSSL_NO_ASM -#endif -#ifndef OPENSSL_NO_ASYNC -# define OPENSSL_NO_ASYNC -#endif -#ifndef OPENSSL_NO_AUTOERRINIT -# define OPENSSL_NO_AUTOERRINIT -#endif -#ifndef OPENSSL_NO_AUTOLOAD_CONFIG -# define OPENSSL_NO_AUTOLOAD_CONFIG -#endif -#ifndef OPENSSL_NO_CAPIENG -# define OPENSSL_NO_CAPIENG -#endif -#ifndef OPENSSL_NO_CRYPTO_MDEBUG -# define OPENSSL_NO_CRYPTO_MDEBUG -#endif -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE -# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE -#endif -#ifndef OPENSSL_NO_DEPRECATED -# define OPENSSL_NO_DEPRECATED -#endif -#ifndef OPENSSL_NO_DEVCRYPTOENG -# define OPENSSL_NO_DEVCRYPTOENG -#endif -#ifndef OPENSSL_NO_DGRAM -# define OPENSSL_NO_DGRAM -#endif -#ifndef OPENSSL_NO_DTLS -# define OPENSSL_NO_DTLS -#endif -#ifndef OPENSSL_NO_DTLS1 -# define OPENSSL_NO_DTLS1 -#endif -#ifndef OPENSSL_NO_DTLS1_2 -# define OPENSSL_NO_DTLS1_2 -#endif -#ifndef OPENSSL_NO_EC2M -# define OPENSSL_NO_EC2M -#endif -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -# define OPENSSL_NO_EC_NISTP_64_GCC_128 -#endif -#ifndef OPENSSL_NO_ECDH -# define OPENSSL_NO_ECDH -#endif -#ifndef OPENSSL_NO_ECDSA -# define OPENSSL_NO_ECDSA -#endif -#ifndef OPENSSL_NO_EGD -# define OPENSSL_NO_EGD -#endif -#ifndef OPENSSL_NO_ENGINE -# define OPENSSL_NO_ENGINE -#endif -#ifndef OPENSSL_NO_ERR -# define OPENSSL_NO_ERR -#endif -#ifndef OPENSSL_NO_EXTERNAL_TESTS -# define OPENSSL_NO_EXTERNAL_TESTS -#endif -#ifndef OPENSSL_NO_FILENAMES -# define OPENSSL_NO_FILENAMES -#endif -#ifndef OPENSSL_NO_FUZZ_AFL -# define OPENSSL_NO_FUZZ_AFL -#endif -#ifndef OPENSSL_NO_FUZZ_LIBFUZZER -# define OPENSSL_NO_FUZZ_LIBFUZZER -#endif -#ifndef OPENSSL_NO_GOST -# define OPENSSL_NO_GOST -#endif -#ifndef OPENSSL_NO_HEARTBEATS -# define OPENSSL_NO_HEARTBEATS -#endif -#ifndef OPENSSL_NO_HW -# define OPENSSL_NO_HW -#endif -#ifndef OPENSSL_NO_MSAN -# define OPENSSL_NO_MSAN -#endif -#ifndef OPENSSL_NO_OCB -# define OPENSSL_NO_OCB -#endif -#ifndef OPENSSL_NO_POSIX_IO -# define OPENSSL_NO_POSIX_IO -#endif -#ifndef OPENSSL_NO_RFC3779 -# define OPENSSL_NO_RFC3779 -#endif -#ifndef OPENSSL_NO_SCRYPT -# define OPENSSL_NO_SCRYPT -#endif -#ifndef OPENSSL_NO_SCTP -# define OPENSSL_NO_SCTP -#endif -#ifndef OPENSSL_NO_SOCK -# define OPENSSL_NO_SOCK -#endif -#ifndef OPENSSL_NO_SSL_TRACE -# define OPENSSL_NO_SSL_TRACE -#endif -#ifndef OPENSSL_NO_SSL3 -# define OPENSSL_NO_SSL3 -#endif -#ifndef OPENSSL_NO_SSL3_METHOD -# define OPENSSL_NO_SSL3_METHOD -#endif -#ifndef OPENSSL_NO_STDIO -# define OPENSSL_NO_STDIO -#endif -#ifndef OPENSSL_NO_TESTS -# define OPENSSL_NO_TESTS -#endif -#ifndef OPENSSL_NO_TLS1_3 -# define OPENSSL_NO_TLS1_3 -#endif -#ifndef OPENSSL_NO_UBSAN -# define OPENSSL_NO_UBSAN -#endif -#ifndef OPENSSL_NO_UI_CONSOLE -# define OPENSSL_NO_UI_CONSOLE -#endif -#ifndef OPENSSL_NO_UNIT_TEST -# define OPENSSL_NO_UNIT_TEST -#endif -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -# define OPENSSL_NO_WEAK_SSL_CIPHERS -#endif -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -# define OPENSSL_NO_DYNAMIC_ENGINE -#endif -#ifndef OPENSSL_NO_AFALGENG -# define OPENSSL_NO_AFALGENG -#endif - - -/* - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers - * don't like that. This will hopefully silence them. - */ -#define NON_EMPTY_TRANSLATION_UNIT static void *dummy =3D &dummy; - -/* - * Applications should use -DOPENSSL_API_COMPAT=3D to suppress the - * declarations of functions deprecated in or before . Otherwise,= they - * still won't see them if the library has been built to disable deprecated - * functions. - */ -#ifndef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f; -# ifdef __GNUC__ -# if __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -# endif -# endif -#endif - -#ifndef OPENSSL_FILE -# ifdef OPENSSL_NO_FILENAMES -# define OPENSSL_FILE "" -# define OPENSSL_LINE 0 -# else -# define OPENSSL_FILE __FILE__ -# define OPENSSL_LINE __LINE__ -# endif -#endif - -#ifndef OPENSSL_MIN_API -# define OPENSSL_MIN_API 0 -#endif - -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API -# undef OPENSSL_API_COMPAT -# define OPENSSL_API_COMPAT OPENSSL_MIN_API -#endif - -/* - * Do not deprecate things to be deprecated in version 1.2.0 before the - * OpenSSL version number matches. - */ -#if OPENSSL_VERSION_NUMBER < 0x10200000L -# define DEPRECATEDIN_1_2_0(f) f; -#elif OPENSSL_API_COMPAT < 0x10200000L -# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_2_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x10100000L -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_1_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x10000000L -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_0_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x00908000L -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_0_9_8(f) -#endif - -/* Generate 80386 code? */ -#undef I386_ONLY - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -/* - * The following are cipher-specific, but are part of the public API. - */ -#if !defined(OPENSSL_SYS_UEFI) -# undef BN_LLONG -/* Only one for the following should be defined */ -# undef SIXTY_FOUR_BIT_LONG -# undef SIXTY_FOUR_BIT -# define THIRTY_TWO_BIT -#endif - -#define RC4_INT unsigned int - -#ifdef __cplusplus -} -#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RMD160 +# define OPENSSL_NO_RMD160 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_SM2 +# define OPENSSL_NO_SM2 +#endif +#ifndef OPENSSL_NO_SRP +# define OPENSSL_NO_SRP +#endif +#ifndef OPENSSL_NO_TS +# define OPENSSL_NO_TS +#endif +#ifndef OPENSSL_NO_WHIRLPOOL +# define OPENSSL_NO_WHIRLPOOL +#endif +#ifndef OPENSSL_RAND_SEED_NONE +# define OPENSSL_RAND_SEED_NONE +#endif +#ifndef OPENSSL_NO_AFALGENG +# define OPENSSL_NO_AFALGENG +#endif +#ifndef OPENSSL_NO_APPS +# define OPENSSL_NO_APPS +#endif +#ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +#endif +#ifndef OPENSSL_NO_ASM +# define OPENSSL_NO_ASM +#endif +#ifndef OPENSSL_NO_ASYNC +# define OPENSSL_NO_ASYNC +#endif +#ifndef OPENSSL_NO_AUTOERRINIT +# define OPENSSL_NO_AUTOERRINIT +#endif +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG +# define OPENSSL_NO_AUTOLOAD_CONFIG +#endif +#ifndef OPENSSL_NO_CAPIENG +# define OPENSSL_NO_CAPIENG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +#endif +#ifndef OPENSSL_NO_DEPRECATED +# define OPENSSL_NO_DEPRECATED +#endif +#ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +#endif +#ifndef OPENSSL_NO_DGRAM +# define OPENSSL_NO_DGRAM +#endif +#ifndef OPENSSL_NO_DTLS +# define OPENSSL_NO_DTLS +#endif +#ifndef OPENSSL_NO_DTLS1 +# define OPENSSL_NO_DTLS1 +#endif +#ifndef OPENSSL_NO_DTLS1_2 +# define OPENSSL_NO_DTLS1_2 +#endif +#ifndef OPENSSL_NO_EC2M +# define OPENSSL_NO_EC2M +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_ECDH +# define OPENSSL_NO_ECDH +#endif +#ifndef OPENSSL_NO_ECDSA +# define OPENSSL_NO_ECDSA +#endif +#ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +#endif +#ifndef OPENSSL_NO_ENGINE +# define OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ERR +# define OPENSSL_NO_ERR +#endif +#ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +#endif +#ifndef OPENSSL_NO_FILENAMES +# define OPENSSL_NO_FILENAMES +#endif +#ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +#endif +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +#endif +#ifndef OPENSSL_NO_GOST +# define OPENSSL_NO_GOST +#endif +#ifndef OPENSSL_NO_HEARTBEATS +# define OPENSSL_NO_HEARTBEATS +#endif +#ifndef OPENSSL_NO_HW +# define OPENSSL_NO_HW +#endif +#ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +#endif +#ifndef OPENSSL_NO_OCB +# define OPENSSL_NO_OCB +#endif +#ifndef OPENSSL_NO_POSIX_IO +# define OPENSSL_NO_POSIX_IO +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SCRYPT +# define OPENSSL_NO_SCRYPT +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SOCK +# define OPENSSL_NO_SOCK +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +#endif +#ifndef OPENSSL_NO_STDIO +# define OPENSSL_NO_STDIO +#endif +#ifndef OPENSSL_NO_TESTS +# define OPENSSL_NO_TESTS +#endif +#ifndef OPENSSL_NO_TLS1_3 +# define OPENSSL_NO_TLS1_3 +#endif +#ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +#endif +#ifndef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI_CONSOLE +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif +#ifndef OPENSSL_NO_AFALGENG +# define OPENSSL_NO_AFALGENG +#endif + + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy =3D &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT=3D to suppress the + * declarations of functions deprecated in or before . Otherwise,= they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ =3D=3D 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +/* Generate 80386 code? */ +#undef I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# define THIRTY_TWO_BIT +#endif + +#define RC4_INT unsigned int + +#ifdef __cplusplus +} +#endif --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59641): https://edk2.groups.io/g/devel/message/59641 Mute This Topic: https://groups.io/mt/74221335/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 07:08:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+59642+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59642+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1589517634; cv=none; d=zohomail.com; s=zohoarc; b=kBkfpIvy5KtLkUHquZNwvpfY6JdHfrfREFH6fDBDC5PhbLtX+SxTjso/1I+SSgkQxKxHzK5lUzN8Yzmbj5ps2jGFYZXxvZcyEpU0SYszPbXiN6HHq/KZRaCyVvzAEZjnH56sApv0WgbrfPftaWO8W1p4rDhkNNcbNiNgEGCm7dU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589517634; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=SiYEhNWVjefZ4BDNyeNZRZox8GUsSm04iaHcrM0pP18=; b=i1+cisGK7ImyQouKL+XfG898UfUAbiUoqnXAVr9mJobDjt73Bcvrr9kZ6hXThAYV0HWvZht+BINXQYDNgAlm+C2ug3ArLez34dcs5DSHZuTHt7N5QUI24bOPTWOiGHD04xQKBPM1XFAvPFnWhXw+5RjmQhaAATMdLFA9tyf4ov4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+59642+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1589517634855310.8398453198354; Thu, 14 May 2020 21:40:34 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id GSkDYY1788612xF8zQkhgtdQ; Thu, 14 May 2020 21:40:34 -0700 X-Received: from mga18.intel.com (mga18.intel.com []) by mx.groups.io with SMTP id smtpd.web12.7588.1589517603632873743 for ; Thu, 14 May 2020 21:40:32 -0700 IronPort-SDR: m71CaOtUcigDYD3rljM+TNd+krmUdsoMJHZAGJWygHPKO5TKUqViXl8Ey9pOF0mv+fJmlsHeY/ vHH7QzMV4cPg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 May 2020 21:40:32 -0700 IronPort-SDR: UYDZFiU+orQnaMslP9nsOSKAGqKmzrvGBRyUzdx3RqANnQX6I8s3pCgrfL5ZPt+fe65plPTIv1 Casjn9YPKH7g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,394,1583222400"; d="scan'208";a="307317603" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by FMSMGA003.fm.intel.com with ESMTP; 14 May 2020 21:40:30 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Philippe Mathieu-Daude Subject: [edk2-devel] [PATCH V6 13/13] CryptoPkg/Crypto.h: Update the version of Crypto Driver Date: Fri, 15 May 2020 12:39:48 +0800 Message-Id: <20200515043948.15028-14-zhichao.gao@intel.com> In-Reply-To: <20200515043948.15028-1-zhichao.gao@intel.com> References: <20200515043948.15028-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: OdhCptOtXZYlb8g3ffzhKAUlx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1589517634; bh=yWsw+wm0dxQAzgFa9ZtrrR9blvzX9eXxlYYvuqxdCBo=; h=Cc:Date:From:Reply-To:Subject:To; b=BB8GV5B9gZo7kliqczUYQ5wogivF+EldsQeoA1QXFo4kcR+lj0+P45jqRUAp1mOrcyZ 7mjGzWCe5ElPV2LGtix104BrxV2c2fpkYireaA0C0wAeYEqVYwnT0cGRqwe65+c3pAVLz uP6HWDlhI3IEvlEhRZhRdYPX+hPbLTCmS7Y= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 The binary is totally changed, so update the Crypto Version to 7: 1. Retire below deprecated function: MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1 Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Philippe Mathieu-Daude Reviewed-by: Jian J Wang Signed-off-by: Zhichao Gao --- CryptoPkg/Private/Protocol/Crypto.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index d167390774..c399e0d67a 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2,6 +2,7 @@ This Protocol provides Crypto services to DXE modules =20 Copyright (C) Microsoft Corporation. All rights reserved. + Copyright (c) 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -20,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be /// increased. /// -#define EDKII_CRYPTO_VERSION 6 +#define EDKII_CRYPTO_VERSION 7 =20 /// /// EDK II Crypto Protocol forward declaration --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59642): https://edk2.groups.io/g/devel/message/59642 Mute This Topic: https://groups.io/mt/74221336/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-