From nobody Sun May 5 06:16:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64814+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64814+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1598850813; cv=none; d=zohomail.com; s=zohoarc; b=AUwB3YCjvFKSiU+Uz7HSnlQFeJ8VAXZFRoV1Xi2etLKFZBAWuSbuluhmWzKKJZZuiVc0V4VNilxGC2ZDYt91kO+6HPzKVKUiBCOwmb4D7zct6EOwOOSXUG0dybxmADxfVJO+FWvfm+kqtsBGGKd8RyyNQdZHnOMn6nhlgYdMn00= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1598850813; h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=33Gl9Rx1rJ0uN3O/Z042RDEWOybpNqPDvSnAzu/2TDs=; b=T+iOteCoI/lZbgeROO4HgBUocu87rLWcb7zhPlu8Z4LhA4z3fm77giisutEcUuNjkZxnpQwbDfdaY50k7WpEr8YmygZpQZPiwYrWe4Nm/BKcWTUnmw+W43uNzv4vxAqFze71ZdarnjJaMq2VqImTeP/29bsTNPCRctuYVnstUZI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64814+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1598850813681570.3735934629755; Sun, 30 Aug 2020 22:13:33 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ywucYY1788612x600mRu0R59; Sun, 30 Aug 2020 22:13:32 -0700 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.47068.1598850811003724136 for ; Sun, 30 Aug 2020 22:13:31 -0700 IronPort-SDR: cpPznZQcFmC4tU7s5VRbV5gYKe2e0xi9DbfoRRcAHaWULQFMvZVLVsjQcwXwsaSrwGSn2JqNYD nebiBY+KpdaQ== X-IronPort-AV: E=McAfee;i="6000,8403,9729"; a="136966413" X-IronPort-AV: E=Sophos;i="5.76,374,1592895600"; d="scan'208";a="136966413" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Aug 2020 22:13:28 -0700 IronPort-SDR: 3sL29idfnpeDvQvg0rihwO7MLX2TJpHdIVwzy/L32r8PWrIV3qJLpX5HR+gWvAbbBvFZPZ1jR1 z/NfQxLijzfw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,374,1592895600"; d="scan'208";a="476583430" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.153.108]) by orsmga005.jf.intel.com with ESMTP; 30 Aug 2020 22:13:26 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu , Qi Zhang Subject: [edk2-devel] [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO Date: Mon, 31 Aug 2020 13:13:17 +0800 Message-Id: <20200831051317.11532-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com X-Gm-Message-State: oa2gsbTWQJUszq1Heftt6AVCx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1598850812; bh=a8u93qXZski+tHNLSD38b2jOErwmXJYJNgBfWrCKU98=; h=Cc:Date:From:Reply-To:Subject:To; b=G5cVkB/hrt3+xyxwOEJje9pq8Rp0CIcEXiQ7JQotBqdzB1Hr6AUdkIbmS+ZxrXTpr9y Xl2qLTHSp2M5RV48BBaWEFWKalnoKR3UKimDPOHc+HdIygLo2yu3JSt7E4nR+2Qcs0Uyl HfeOiVufsVYLJk0f/JMxOa+LfK+/+RfvNN8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2943 Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES. SHA1 is deprecated function and the MACRO is used to remove the whole implementation of the SHA1. For the platforms that do not need SHA1 for security, the MACRO should works for DxeImageVerificationLib as well. Signed-off-by: Zhichao Gao Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Qi Zhang Reviewed-by: Jian J Wang Reviewed-by: Jiewen Yao --- .../DxeImageVerificationLib/DxeImageVerificationLib.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificati= onLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL= ib.c index b08fe24e85..7871220140 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -59,7 +59,11 @@ UINT8 mHashOidValue[] =3D { }; =20 HASH_TABLE mHash[] =3D { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, = Sha1Update, Sha1Final }, +#else + { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, = NULL, NULL }, +#endif { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, = NULL, NULL }, { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init= , Sha256Update, Sha256Final}, { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init= , Sha384Update, Sha384Final}, @@ -315,10 +319,12 @@ HashPeImage ( ZeroMem (mImageDigest, MAX_DIGEST_SIZE); =20 switch (HashAlg) { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case HASHALG_SHA1: mImageDigestSize =3D SHA1_DIGEST_SIZE; mCertType =3D gEfiCertSha1Guid; break; +#endif =20 case HASHALG_SHA256: mImageDigestSize =3D SHA256_DIGEST_SIZE; --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64814): https://edk2.groups.io/g/devel/message/64814 Mute This Topic: https://groups.io/mt/76528676/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-