From nobody Sat Apr 27 02:28:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+61451+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+61451+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1592440931; cv=none; d=zohomail.com; s=zohoarc; b=JDvACiqq2EuQBI8mNszZl1Pmos0QD7fXUxfnLpOlfw7FTH3jZ9sx6Lzp5A6wk5c3cHAhFhDtgIlSgbTMvIOCv5OULjfq4Ltu1hOfB0/qDLGLHr6gCbHQPwahYVYb2uJC+1m+GeIbpbwU7GwEmwUrh0CUypsB9Rk+I6E9p3HL/Cs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1592440931; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=WHT9ME9Jdjd4u1bLZ0NY41iahkM1Xv0Hqrw5W8JEnUs=; b=cD4EHS89osdkeKl64yTAGF/zuqGwAQpEXPNsHxn//khVskfIZwCfH8Jbjg1bztB/EKfbu6I2214lD/QPhzLk5vV+FP+1MxOxGOqKn5NoFNi6ClR3GkLLG+XgGVjT0rUhlhNd3vS9Ba8F9d+Hg3tl9G4Y7VV1H3E7vgHCya37UIM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+61451+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1592440931635376.4963803322362; Wed, 17 Jun 2020 17:42:11 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id brRgYY1788612x2unEv0Zzh7; Wed, 17 Jun 2020 17:42:11 -0700 X-Received: from mga12.intel.com (mga12.intel.com []) by mx.groups.io with SMTP id smtpd.web10.2293.1592440929291374006 for ; Wed, 17 Jun 2020 17:42:10 -0700 IronPort-SDR: w4CdM4IJy6ExWcEUT8zfnYANTDUqPl2ViMuFcJ3Nnz8aXssP8PFsXmxXv/FqiEViPCpdUjwec0 I2AK2VprWDOQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jun 2020 17:42:10 -0700 IronPort-SDR: QHOuqG1KaQ01akJV8yAfGJyq2RDGxDHxEwOzk+KIJHyWk+4mjN4wrbBteRfMa9tkmbYTs2s3io LtkkCjNLoZxw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,524,1583222400"; d="scan'208";a="383369356" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga001.fm.intel.com with ESMTP; 17 Jun 2020 17:42:08 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Jiewen Yao , Siyuan Fu , Michael D Kinney Subject: [edk2-devel] [PATCH V2 1/2] CryptoPkg/BaseCryptLib: Add MARCO to disable the deprecated MD5 Date: Thu, 18 Jun 2020 08:41:36 +0800 Message-Id: <20200618004137.40276-2-zhichao.gao@intel.com> In-Reply-To: <20200618004137.40276-1-zhichao.gao@intel.com> References: <20200618004137.40276-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: BMrjsE0aDy58Pamnpv2oR6Qqx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1592440931; bh=l9YK+zM6+61/9PmzlGhr8uFSn1uiQajoc/Eeqx/a984=; h=Cc:Date:From:Reply-To:Subject:To; b=g4sALtb5eiqSniYELyYEJ2kaw8SuM+N9LipuY+uNCSnFtduAuxFNbhnEZ8HfraM2/g7 37yUQFYCOd5thOoMzFhjGGL7zDavLif5CaVZb1FBzapl3ixHfsU1op/W2sVh0oc8adL8N w71gAek8xAdhRNwqPXKsfgRjmJVQ4WCT7jI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682 MD5 is deprecated but it is required for compatible issue. So add a MARCO for the platform to disable the usage of MD5 for security. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Jiewen Yao Cc: Siyuan Fu Cc: Michael D Kinney Signed-off-by: Zhichao Gao Reviewed-by: Jian J Wang --- CryptoPkg/Driver/Crypto.c | 159 ++++++++++++++++++ CryptoPkg/Include/Library/BaseCryptLib.h | 2 + .../Library/BaseCryptLib/Hash/CryptMd5.c | 3 +- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 2 + 4 files changed, 165 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 73ae566755..7e7e31a35e 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -243,6 +243,154 @@ DeprecatedCryptoServiceMd4HashAll ( return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE; } =20 +#ifdef DISABLE_MD5_DEPRECATED_INTERFACES +/** + Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. + + If this interface is not supported, then return zero. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +DeprecatedCryptoServiceMd5GetContextSize ( + VOID + ) +{ + return BaseCryptLibServiceDeprecated ("Md5GetContextSize"), 0; +} + +/** + Initializes user-supplied memory pointed by Md5Context as MD5 hash conte= xt for + subsequent use. + + If Md5Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] Md5Context Pointer to MD5 context being initialized. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceMd5Init ( + OUT VOID *Md5Context + ) +{ + return BaseCryptLibServiceDeprecated ("Md5Init"), FALSE; +} + +/** + Makes a copy of an existing MD5 context. + + If Md5Context is NULL, then return FALSE. + If NewMd5Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Md5Context Pointer to MD5 context being copied. + @param[out] NewMd5Context Pointer to new MD5 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceMd5Duplicate ( + IN CONST VOID *Md5Context, + OUT VOID *NewMd5Context + ) +{ + return BaseCryptLibServiceDeprecated ("Md5Init"), FALSE; +} + +/** + Digests the input data and updates MD5 context. + + This function performs MD5 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discont= inuous data streams. + MD5 context should be already correctly initialized by Md5Init(), and sh= ould not be finalized + by Md5Final(). Behavior with invalid context is undefined. + + If Md5Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] Md5Context Pointer to the MD5 context. + @param[in] Data Pointer to the buffer containing the data t= o be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceMd5Update ( + IN OUT VOID *Md5Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + return BaseCryptLibServiceDeprecated ("Md5Init"), FALSE; +} + +/** + Completes computation of the MD5 digest value. + + This function completes MD5 hash computation and retrieves the digest va= lue into + the specified memory. After this function has been called, the MD5 conte= xt cannot + be used again. + MD5 context should be already correctly initialized by Md5Init(), and sh= ould not be + finalized by Md5Final(). Behavior with invalid MD5 context is undefined. + + If Md5Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] Md5Context Pointer to the MD5 context. + @param[out] HashValue Pointer to a buffer that receives the MD5 d= igest + value (16 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceMd5Final ( + IN OUT VOID *Md5Context, + OUT UINT8 *HashValue + ) +{ + return BaseCryptLibServiceDeprecated ("Md5Final"), FALSE; +} + +/** + Computes the MD5 message digest of a input data buffer. + + This function performs the MD5 message digest of a given data buffer, an= d places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be= hashed. + @param[in] DataSize Size of Data buffer in bytes. + @param[out] HashValue Pointer to a buffer that receives the MD5 digest + value (16 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceMd5HashAll ( + IN CONST VOID *Data, + IN UINTN DataSize, + OUT UINT8 *HashValue + ) +{ + return BaseCryptLibServiceDeprecated ("Md5HashAll"), FALSE; +} +#else /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 @@ -400,6 +548,7 @@ CryptoServiceMd5HashAll ( { return CALL_BASECRYPTLIB (Md5.Services.HashAll, Md5HashAll, (Data, DataS= ize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. @@ -4194,6 +4343,15 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { DeprecatedCryptoServiceMd4Update, DeprecatedCryptoServiceMd4Final, DeprecatedCryptoServiceMd4HashAll, +#ifdef DISABLE_MD5_DEPRECATED_INTERFACES + /// Md5 - deprecated and unsupported + DeprecatedCryptoServiceMd5GetContextSize, + DeprecatedCryptoServiceMd5Init, + DeprecatedCryptoServiceMd5Duplicate, + DeprecatedCryptoServiceMd5Update, + DeprecatedCryptoServiceMd5Final, + DeprecatedCryptoServiceMd5HashAll, +#else /// Md5 CryptoServiceMd5GetContextSize, CryptoServiceMd5Init, @@ -4201,6 +4359,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceMd5Update, CryptoServiceMd5Final, CryptoServiceMd5HashAll, +#endif /// Pkcs CryptoServicePkcs1v2Encrypt, CryptoServicePkcs5HashPassword, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 1b1ffa75ef..36483d1d2d 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -72,6 +72,7 @@ typedef enum { // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 +#ifndef DISABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 @@ -211,6 +212,7 @@ Md5HashAll ( IN UINTN DataSize, OUT UINT8 *HashValue ); +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Lib= rary/BaseCryptLib/Hash/CryptMd5.c index 0e0d0ec54d..b85e7f4d12 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h" #include =20 - +#ifndef DISABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 @@ -223,3 +223,4 @@ Md5HashAll ( return TRUE; } } +#endif diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index a614b61ed4..8897fd25e6 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -99,6 +99,7 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 +#ifndef DISABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations. =20 @@ -256,6 +257,7 @@ Md5HashAll ( { CALL_CRYPTO_SERVICE (Md5HashAll, (Data, DataSize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#61451): https://edk2.groups.io/g/devel/message/61451 Mute This Topic: https://groups.io/mt/74950019/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 27 02:28:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+61452+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+61452+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1592440933; cv=none; d=zohomail.com; s=zohoarc; b=K7qdFXntUzMS9hctElZ+/LwVBUO2nO3Cq6FseyQmSVclGYNeqg9OVT2mquQI1//T/xnn9df4ZzzcoobhrIDUOVY3FnEgPwgRTklMUE4MrxIylylgyJwiEf++FCiU9jK1LI7HQMeaMABWOH+R9ywagO/Di68NzX9JLy+JQ2qAwTc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1592440933; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ARineHDxv3pZUPEqhrVclTJjiCJ1goMi6jS1dveOu8w=; b=W8LsrJcYVxY57he52D6zcHcAx+I5guf+NriskpgUcmmdrQLijmphY1h9jtYRh9FCuUwX7v5P9dbz9alxhezMMQBVOotx8lA51xvy0vm3SZyhSiVcwlNw7gv10vCPZVtvShhZ0SLoMZJR/0CP4pAezb+Y6Hfv6m2cNsnzqA6id/g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+61452+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1592440933646933.7368041538049; Wed, 17 Jun 2020 17:42:13 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id q2nDYY1788612xhvGB8XfpUE; Wed, 17 Jun 2020 17:42:13 -0700 X-Received: from mga12.intel.com (mga12.intel.com []) by mx.groups.io with SMTP id smtpd.web10.2293.1592440929291374006 for ; Wed, 17 Jun 2020 17:42:12 -0700 IronPort-SDR: cBwUILBkGmZcvUptNYVWF2shLnY1OqC+9/FsJ0cbXvqkXambNbDig49DZpos1jzxX+GhUnr7qd hU+aPrro3Qeg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jun 2020 17:42:12 -0700 IronPort-SDR: IHUGGFvxO4xRIvmr52A7dQsC48P5MfGEQiRAuZKX5pslfR6eLsnOgfntMB4DPnX3Y06cDgFsdx m8Xa3MfU8fcA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,524,1583222400"; d="scan'208";a="383369380" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga001.fm.intel.com with ESMTP; 17 Jun 2020 17:42:10 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Jiewen Yao , Siyuan Fu , Michael D Kinney Subject: [edk2-devel] [PATCH V2 2/2] CryptoPkg/BaseCryptLib: Add MARCO to disable the deprecated SHA1 Date: Thu, 18 Jun 2020 08:41:37 +0800 Message-Id: <20200618004137.40276-3-zhichao.gao@intel.com> In-Reply-To: <20200618004137.40276-1-zhichao.gao@intel.com> References: <20200618004137.40276-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: bsnNBLtfVLpZBuvZRyH33K8Cx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1592440933; bh=TzIaVYe08vdebHx27H2xDgbMPjFVWIof1zHE/uRsoi0=; h=Cc:Date:From:Reply-To:Subject:To; b=u496Yc9zGx6KcmlO0OrP9RuwvpXWR75CNutRA+ZYzyYPIOL6+rg8JI8gClyBTosLYe0 VEqNKEvkGbxzG6P+bh3ZpCXI2vQzroV59pXNRQ4y9N1rakkxd+sDIg1LGyOPuWX6qEWkx s4V5bzGa3C6+nyewRxBVT4JEs0MEn1vxxPY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682 SHA1 is deprecated but it is required for compatible issue. So add a MARCO for the platform to disable the usage of SHA1 for security. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Jiewen Yao Cc: Siyuan Fu Cc: Michael D Kinney Signed-off-by: Zhichao Gao Reviewed-by: Jian J Wang --- CryptoPkg/Driver/Crypto.c | 161 ++++++++++++++++++ CryptoPkg/Include/Library/BaseCryptLib.h | 2 + .../Library/BaseCryptLib/Hash/CryptSha1.c | 3 +- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 2 + 4 files changed, 167 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 7e7e31a35e..d9096ea603 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -550,6 +550,156 @@ CryptoServiceMd5HashAll ( } #endif =20 +#ifdef DISABLE_SHA1_DEPRECATED_INTERFACES +/** + Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. + + If this interface is not supported, then return zero. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +DeprecatedCryptoServiceSha1GetContextSize ( + VOID + ) +{ + return BaseCryptLibServiceDeprecated ("Sha1GetContextSize"), 0; +} + +/** + Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash co= ntext for + subsequent use. + + If Sha1Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] Sha1Context Pointer to SHA-1 context being initialized. + + @retval TRUE SHA-1 context initialization succeeded. + @retval FALSE SHA-1 context initialization failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceSha1Init ( + OUT VOID *Sha1Context + ) +{ + return BaseCryptLibServiceDeprecated ("Sha1Init"), FALSE; +} + +/** + Makes a copy of an existing SHA-1 context. + + If Sha1Context is NULL, then return FALSE. + If NewSha1Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Sha1Context Pointer to SHA-1 context being copied. + @param[out] NewSha1Context Pointer to new SHA-1 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceSha1Duplicate ( + IN CONST VOID *Sha1Context, + OUT VOID *NewSha1Context + ) +{ + return BaseCryptLibServiceDeprecated ("Sha1Duplicate"), FALSE; +} + +/** + Digests the input data and updates SHA-1 context. + + This function performs SHA-1 digest on a data buffer of the specified si= ze. + It can be called multiple times to compute the digest of long or discont= inuous data streams. + SHA-1 context should be already correctly initialized by Sha1Init(), and= should not be finalized + by Sha1Final(). Behavior with invalid context is undefined. + + If Sha1Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] Sha1Context Pointer to the SHA-1 context. + @param[in] Data Pointer to the buffer containing the data = to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceSha1Update ( + IN OUT VOID *Sha1Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + return BaseCryptLibServiceDeprecated ("Sha1Update"), FALSE; +} + +/** + Completes computation of the SHA-1 digest value. + + This function completes SHA-1 hash computation and retrieves the digest = value into + the specified memory. After this function has been called, the SHA-1 con= text cannot + be used again. + SHA-1 context should be already correctly initialized by Sha1Init(), and= should not be + finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefin= ed. + + If Sha1Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] Sha1Context Pointer to the SHA-1 context. + @param[out] HashValue Pointer to a buffer that receives the SHA-= 1 digest + value (20 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceSha1Final ( + IN OUT VOID *Sha1Context, + OUT UINT8 *HashValue + ) +{ + return BaseCryptLibServiceDeprecated ("Sha1Final"), FALSE; +} + +/** + Computes the SHA-1 message digest of a input data buffer. + + This function performs the SHA-1 message digest of a given data buffer, = and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be= hashed. + @param[in] DataSize Size of Data buffer in bytes. + @param[out] HashValue Pointer to a buffer that receives the SHA-1 dig= est + value (20 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DeprecatedCryptoServiceSha1HashAll ( + IN CONST VOID *Data, + IN UINTN DataSize, + OUT UINT8 *HashValue + ) +{ + return BaseCryptLibServiceDeprecated ("Sha1HashAll"), FALSE; +} +#else /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -707,6 +857,7 @@ CryptoServiceSha1HashAll ( { return CALL_BASECRYPTLIB (Sha1.Services.HashAll, Sha1HashAll, (Data, Dat= aSize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations. @@ -4394,6 +4545,15 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceRsaPkcs1Verify, CryptoServiceRsaGetPrivateKeyFromPem, CryptoServiceRsaGetPublicKeyFromX509, +#ifdef DISABLE_SHA1_DEPRECATED_INTERFACES + /// Sha1 - deprecated and unsupported + DeprecatedCryptoServiceSha1GetContextSize, + DeprecatedCryptoServiceSha1Init, + DeprecatedCryptoServiceSha1Duplicate, + DeprecatedCryptoServiceSha1Update, + DeprecatedCryptoServiceSha1Final, + DeprecatedCryptoServiceSha1HashAll, +#else /// Sha1 CryptoServiceSha1GetContextSize, CryptoServiceSha1Init, @@ -4401,6 +4561,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceSha1Update, CryptoServiceSha1Final, CryptoServiceSha1HashAll, +#endif /// Sha256 CryptoServiceSha256GetContextSize, CryptoServiceSha256Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 36483d1d2d..ae9bde9e37 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -214,6 +214,7 @@ Md5HashAll ( ); #endif =20 +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -353,6 +354,7 @@ Sha1HashAll ( IN UINTN DataSize, OUT UINT8 *HashValue ); +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations. diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Li= brary/BaseCryptLib/Hash/CryptSha1.c index bf2f5f4ce4..52e767524f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c @@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h" #include =20 - +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -222,3 +222,4 @@ Sha1HashAll ( return TRUE; } } +#endif diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 8897fd25e6..3f14c6d262 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -259,6 +259,7 @@ Md5HashAll ( } #endif =20 +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations. =20 @@ -416,6 +417,7 @@ Sha1HashAll ( { CALL_CRYPTO_SERVICE (Sha1HashAll, (Data, DataSize, HashValue), FALSE); } +#endif =20 /** Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations. --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#61452): https://edk2.groups.io/g/devel/message/61452 Mute This Topic: https://groups.io/mt/74950021/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-