From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web12.2640.1587631604102464506 for ; Thu, 23 Apr 2020 01:46:45 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: zhichao.gao@intel.com) IronPort-SDR: ZmLJurw+gpEGWL4oqUZ0gw1AqSF4eTc7eefX+HJoutVzpJ8YVSVuKkMZHm3xppYnfHvY3Ahbgm wFAHhSNeqgOQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2020 01:46:45 -0700 IronPort-SDR: 1Rq0SKjRXYpvuOcfFMkZnaB+PfqssNgr5R/Z5mPSm9RtQ0GNw9UCAIeYWaIj3gfPxY7BbXT6fW gAXHnhUcyZ7w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,306,1583222400"; d="scan'208";a="274165453" Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by orsmga002.jf.intel.com with ESMTP; 23 Apr 2020 01:46:42 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Siyuan Fu , Michael D Kinney , Jiewen Yao , Laszlo Ersek Subject: [PATCH V2 1/7] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Date: Thu, 23 Apr 2020 16:46:21 +0800 Message-Id: <20200423084627.3384-2-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20200423084627.3384-1-zhichao.gao@intel.com> References: <20200423084627.3384-1-zhichao.gao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 MD4 is not secure any longer. Remove the MD4 support from edk2. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Siyuan Fu Cc: Michael D Kinney Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Zhichao Gao --- CryptoPkg/CryptoPkg.dsc | 1 - CryptoPkg/Driver/Crypto.c | 12 +- CryptoPkg/Include/Library/BaseCryptLib.h | 145 ------------ .../Library/BaseCryptLib/BaseCryptLib.inf | 3 +- .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------------------ .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----------- .../Library/BaseCryptLib/PeiCryptLib.inf | 5 +- .../Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 5 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----------- .../Library/Include/openssl/opensslconf.h | 3 + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 - .../Library/OpensslLib/OpensslLibCrypto.inf | 3 - 14 files changed, 16 insertions(+), 679 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index f79ff331cf..6ed7046563 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -140,7 +140,6 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 35bf2d3d92..e191cf16e4 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -120,7 +120,7 @@ CryptoServiceMd4GetContextSize ( VOID ) { - return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, Md4GetContextSize, (), 0); + return BaseCryptLibServciceNotEnabled ("Md4GetContextSize"), 0; } /** @@ -143,7 +143,7 @@ CryptoServiceMd4Init ( OUT VOID *Md4Context ) { - return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), FALSE); + return BaseCryptLibServciceNotEnabled ("Md4Init"), FALSE; } /** @@ -168,7 +168,7 @@ CryptoServiceMd4Duplicate ( OUT VOID *NewMd4Context ) { - return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, (Md4Context, NewMd4Context), FALSE); + return BaseCryptLibServciceNotEnabled ("Md4Duplicate"), FALSE; } /** @@ -199,7 +199,7 @@ CryptoServiceMd4Update ( IN UINTN DataSize ) { - return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, (Md4Context, Data, DataSize), FALSE); + return BaseCryptLibServciceNotEnabled ("Md4Update"), FALSE; } /** @@ -231,7 +231,7 @@ CryptoServiceMd4Final ( OUT UINT8 *HashValue ) { - return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, HashValue), FALSE); + return BaseCryptLibServciceNotEnabled ("Md4Final"), FALSE; } /** @@ -260,7 +260,7 @@ CryptoServiceMd4HashAll ( OUT UINT8 *HashValue ) { - return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, DataSize, HashValue), FALSE); + return BaseCryptLibServciceNotEnabled ("Md4HashAll"), FALSE; } /** diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 5e8f2e0a10..c862f0334f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include -/// -/// MD4 digest size in bytes -/// -#define MD4_DIGEST_SIZE 16 - /// /// MD5 digest size in bytes /// @@ -77,146 +72,6 @@ typedef enum { // One-Way Cryptographic Hash Primitives //===================================================================================== -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for MD4 hash operations. - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ); - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash context for - subsequent use. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ); - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ); - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and should not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest value into - the specified memory. After this function has been called, the MD4 context cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and should not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ); - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, and places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ); - /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index a63ad66b4f..22992e7d43 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -6,7 +6,7 @@ # This external input must be validated carefully to avoid security issues such as # buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -29,7 +29,6 @@ [Sources] InternalCryptLib.h - Hash/CryptMd4.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c deleted file mode 100644 index bc02da07b0..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c +++ /dev/null @@ -1,223 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation over OpenSSL. - -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" -#include - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash operations. - - @return The size, in bytes, of the context buffer required for MD4 hash operations. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - // - // Retrieves the OpenSSL MD4 Context Size - // - return (UINTN) (sizeof (MD4_CTX)); -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash context for - subsequent use. - - If Md4Context is NULL, then return FALSE. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval TRUE MD4 context initialization succeeded. - @retval FALSE MD4 context initialization failed. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context == NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Context Initialization - // - return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context)); -} - -/** - Makes a copy of an existing MD4 context. - - If Md4Context is NULL, then return FALSE. - If NewMd4Context is NULL, then return FALSE. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval TRUE MD4 context copy succeeded. - @retval FALSE MD4 context copy failed. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - // - // Check input parameters. - // - if (Md4Context == NULL || NewMd4Context == NULL) { - return FALSE; - } - - CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX)); - - return TRUE; -} - -/** - Digests the input data and updates MD4 context. - - This function performs MD4 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - MD4 context should be already correctly initialized by Md4Init(), and should not be finalized - by Md4Final(). Behavior with invalid context is undefined. - - If Md4Context is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE MD4 data digest succeeded. - @retval FALSE MD4 data digest failed. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - // - // Check input parameters. - // - if (Md4Context == NULL) { - return FALSE; - } - - // - // Check invalid parameters, in case that only DataLength was checked in OpenSSL - // - if (Data == NULL && DataSize != 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Update - // - return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize)); -} - -/** - Completes computation of the MD4 digest value. - - This function completes MD4 hash computation and retrieves the digest value into - the specified memory. After this function has been called, the MD4 context cannot - be used again. - MD4 context should be already correctly initialized by Md4Init(), and should not be - finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - - If Md4Context is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (Md4Context == NULL || HashValue == NULL) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Finalization - // - return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context)); -} - -/** - Computes the MD4 message digest of a input data buffer. - - This function performs the MD4 message digest of a given data buffer, and places - the digest value into the specified memory. - - If this interface is not supported, then return FALSE. - - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval TRUE MD4 digest computation succeeded. - @retval FALSE MD4 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - // - // Check input parameters. - // - if (HashValue == NULL) { - return FALSE; - } - if (Data == NULL && DataSize != 0) { - return FALSE; - } - - // - // OpenSSL MD4 Hash Computation. - // - if (MD4 (Data, DataSize, HashValue) == NULL) { - return FALSE; - } else { - return TRUE; - } -} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash context for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index c836c257f8..e9add0127d 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -6,14 +6,14 @@ # This external input must be validated carefully to avoid security issues such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, +# Note: # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 # certificate handler functions, authenticode signature verification functions, # PEM handler functions, and pseudorandom number generator functions are not # supported in this instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -35,7 +35,6 @@ [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index e5b8ececc1..0a2eb03232 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issues such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and # authenticode signature verification functions are not supported in this instance. # -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -35,7 +35,6 @@ [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index cc0b65fd25..139983075e 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -6,12 +6,12 @@ # This external input must be validated carefully to avoid security issues such as # buffer overflow or integer overflow. # -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions, +# Note: SHA-384 Digest functions, SHA-512 Digest functions, # HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and # authenticode signature verification functions are not supported in this instance. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -34,7 +34,6 @@ [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5.c Hash/CryptSha1.c Hash/CryptSha256.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 9b4991cbb0..b03681b146 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -29,7 +29,6 @@ [Sources] InternalCryptLib.h - Hash/CryptMd4Null.c Hash/CryptMd5Null.c Hash/CryptSha1Null.c Hash/CryptSha256Null.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c deleted file mode 100644 index 610c61c713..0000000000 --- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c +++ /dev/null @@ -1,143 +0,0 @@ -/** @file - MD4 Digest Wrapper Implementation which does not provide real capabilities. - -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include "InternalCryptLib.h" - -/** - Retrieves the size, in bytes, of the context buffer required for MD4 hash - operations. - - Return zero to indicate this interface is not supported. - - @retval 0 This interface is not supported. - -**/ -UINTN -EFIAPI -Md4GetContextSize ( - VOID - ) -{ - ASSERT (FALSE); - return 0; -} - -/** - Initializes user-supplied memory pointed by Md4Context as MD4 hash context for - subsequent use. - - Return FALSE to indicate this interface is not supported. - - @param[out] Md4Context Pointer to MD4 context being initialized. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Init ( - OUT VOID *Md4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Makes a copy of an existing MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in] Md4Context Pointer to MD4 context being copied. - @param[out] NewMd4Context Pointer to new MD4 context. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Duplicate ( - IN CONST VOID *Md4Context, - OUT VOID *NewMd4Context - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Digests the input data and updates MD4 context. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Update ( - IN OUT VOID *Md4Context, - IN CONST VOID *Data, - IN UINTN DataSize - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Completes computation of the MD4 digest value. - - Return FALSE to indicate this interface is not supported. - - @param[in, out] Md4Context Pointer to the MD4 context. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4Final ( - IN OUT VOID *Md4Context, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} - -/** - Computes the MD4 message digest of a input data buffer. - - Return FALSE to indicate this interface is not supported. - - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - @param[out] HashValue Pointer to a buffer that receives the MD4 digest - value (16 bytes). - - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -Md4HashAll ( - IN CONST VOID *Data, - IN UINTN DataSize, - OUT UINT8 *HashValue - ) -{ - ASSERT (FALSE); - return FALSE; -} diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h index bd34e53ef2..95a1943ee2 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -241,6 +241,9 @@ extern "C" { #ifndef OPENSSL_NO_AFALGENG # define OPENSSL_NO_AFALGENG #endif +#ifndef OPENSSL_NO_MD4 +# define OPENSSL_NO_MD4 +#endif /* diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 9ed0175553..10710e4a7c 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -294,8 +294,6 @@ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c - $(OPENSSL_PATH)/crypto/md4/md4_one.c $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c @@ -525,7 +523,6 @@ $(OPENSSL_PATH)/crypto/evp/evp_locl.h $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h $(OPENSSL_PATH)/crypto/md5/md5_locl.h $(OPENSSL_PATH)/crypto/modes/modes_lcl.h $(OPENSSL_PATH)/crypto/objects/obj_dat.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index 03da266627..d9782a3098 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -294,8 +294,6 @@ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c $(OPENSSL_PATH)/crypto/lhash/lh_stats.c $(OPENSSL_PATH)/crypto/lhash/lhash.c - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c - $(OPENSSL_PATH)/crypto/md4/md4_one.c $(OPENSSL_PATH)/crypto/md5/md5_dgst.c $(OPENSSL_PATH)/crypto/md5/md5_one.c $(OPENSSL_PATH)/crypto/mem.c @@ -525,7 +523,6 @@ $(OPENSSL_PATH)/crypto/evp/evp_locl.h $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h $(OPENSSL_PATH)/crypto/md5/md5_locl.h $(OPENSSL_PATH)/crypto/modes/modes_lcl.h $(OPENSSL_PATH)/crypto/objects/obj_dat.h -- 2.21.0.windows.1