* [PATCH V2 1/7] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
@ 2020-04-23 8:46 ` Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 2/7] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
` (7 subsequent siblings)
8 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-23 8:46 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Laszlo Ersek
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
MD4 is not secure any longer.
Remove the MD4 support from edk2.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 1 -
CryptoPkg/Driver/Crypto.c | 12 +-
CryptoPkg/Include/Library/BaseCryptLib.h | 145 ------------
.../Library/BaseCryptLib/BaseCryptLib.inf | 3 +-
.../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------------------
.../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 5 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 5 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 -----------
.../Library/Include/openssl/opensslconf.h | 3 +
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 -
.../Library/OpensslLib/OpensslLibCrypto.inf | 3 -
14 files changed, 16 insertions(+), 679 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index f79ff331cf..6ed7046563 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -140,7 +140,6 @@
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 35bf2d3d92..e191cf16e4 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -120,7 +120,7 @@ CryptoServiceMd4GetContextSize (
VOID
)
{
- return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, Md4GetContextSize, (), 0);
+ return BaseCryptLibServciceNotEnabled ("Md4GetContextSize"), 0;
}
/**
@@ -143,7 +143,7 @@ CryptoServiceMd4Init (
OUT VOID *Md4Context
)
{
- return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), FALSE);
+ return BaseCryptLibServciceNotEnabled ("Md4Init"), FALSE;
}
/**
@@ -168,7 +168,7 @@ CryptoServiceMd4Duplicate (
OUT VOID *NewMd4Context
)
{
- return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, (Md4Context, NewMd4Context), FALSE);
+ return BaseCryptLibServciceNotEnabled ("Md4Duplicate"), FALSE;
}
/**
@@ -199,7 +199,7 @@ CryptoServiceMd4Update (
IN UINTN DataSize
)
{
- return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, (Md4Context, Data, DataSize), FALSE);
+ return BaseCryptLibServciceNotEnabled ("Md4Update"), FALSE;
}
/**
@@ -231,7 +231,7 @@ CryptoServiceMd4Final (
OUT UINT8 *HashValue
)
{
- return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, HashValue), FALSE);
+ return BaseCryptLibServciceNotEnabled ("Md4Final"), FALSE;
}
/**
@@ -260,7 +260,7 @@ CryptoServiceMd4HashAll (
OUT UINT8 *HashValue
)
{
- return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, DataSize, HashValue), FALSE);
+ return BaseCryptLibServciceNotEnabled ("Md4HashAll"), FALSE;
}
/**
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 5e8f2e0a10..c862f0334f 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Uefi/UefiBaseType.h>
-///
-/// MD4 digest size in bytes
-///
-#define MD4_DIGEST_SIZE 16
-
///
/// MD5 digest size in bytes
///
@@ -77,146 +72,6 @@ typedef enum {
// One-Way Cryptographic Hash Primitives
//=====================================================================================
-/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for MD4 hash operations.
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
- VOID
- );
-
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval TRUE MD4 context initialization succeeded.
- @retval FALSE MD4 context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
- OUT VOID *Md4Context
- );
-
-/**
- Makes a copy of an existing MD4 context.
-
- If Md4Context is NULL, then return FALSE.
- If NewMd4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval TRUE MD4 context copy succeeded.
- @retval FALSE MD4 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
- IN CONST VOID *Md4Context,
- OUT VOID *NewMd4Context
- );
-
-/**
- Digests the input data and updates MD4 context.
-
- This function performs MD4 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
- by Md4Final(). Behavior with invalid context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE MD4 data digest succeeded.
- @retval FALSE MD4 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
- IN OUT VOID *Md4Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Completes computation of the MD4 digest value.
-
- This function completes MD4 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the MD4 context cannot
- be used again.
- MD4 context should be already correctly initialized by Md4Init(), and should not be
- finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If HashValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
- IN OUT VOID *Md4Context,
- OUT UINT8 *HashValue
- );
-
-/**
- Computes the MD4 message digest of a input data buffer.
-
- This function performs the MD4 message digest of a given data buffer, and places
- the digest value into the specified memory.
-
- If this interface is not supported, then return FALSE.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
- IN CONST VOID *Data,
- IN UINTN DataSize,
- OUT UINT8 *HashValue
- );
-
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index a63ad66b4f..22992e7d43 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -6,7 +6,7 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -29,7 +29,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
deleted file mode 100644
index bc02da07b0..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/** @file
- MD4 Digest Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/md4.h>
-
-/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
-
- @return The size, in bytes, of the context buffer required for MD4 hash operations.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
- VOID
- )
-{
- //
- // Retrieves the OpenSSL MD4 Context Size
- //
- return (UINTN) (sizeof (MD4_CTX));
-}
-
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- If Md4Context is NULL, then return FALSE.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval TRUE MD4 context initialization succeeded.
- @retval FALSE MD4 context initialization failed.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
- OUT VOID *Md4Context
- )
-{
- //
- // Check input parameters.
- //
- if (Md4Context == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL MD4 Context Initialization
- //
- return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context));
-}
-
-/**
- Makes a copy of an existing MD4 context.
-
- If Md4Context is NULL, then return FALSE.
- If NewMd4Context is NULL, then return FALSE.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval TRUE MD4 context copy succeeded.
- @retval FALSE MD4 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
- IN CONST VOID *Md4Context,
- OUT VOID *NewMd4Context
- )
-{
- //
- // Check input parameters.
- //
- if (Md4Context == NULL || NewMd4Context == NULL) {
- return FALSE;
- }
-
- CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX));
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates MD4 context.
-
- This function performs MD4 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
- by Md4Final(). Behavior with invalid context is undefined.
-
- If Md4Context is NULL, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE MD4 data digest succeeded.
- @retval FALSE MD4 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
- IN OUT VOID *Md4Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (Md4Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL MD4 Hash Update
- //
- return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize));
-}
-
-/**
- Completes computation of the MD4 digest value.
-
- This function completes MD4 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the MD4 context cannot
- be used again.
- MD4 context should be already correctly initialized by Md4Init(), and should not be
- finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If HashValue is NULL, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
- IN OUT VOID *Md4Context,
- OUT UINT8 *HashValue
- )
-{
- //
- // Check input parameters.
- //
- if (Md4Context == NULL || HashValue == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL MD4 Hash Finalization
- //
- return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context));
-}
-
-/**
- Computes the MD4 message digest of a input data buffer.
-
- This function performs the MD4 message digest of a given data buffer, and places
- the digest value into the specified memory.
-
- If this interface is not supported, then return FALSE.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
- IN CONST VOID *Data,
- IN UINTN DataSize,
- OUT UINT8 *HashValue
- )
-{
- //
- // Check input parameters.
- //
- if (HashValue == NULL) {
- return FALSE;
- }
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL MD4 Hash Computation.
- //
- if (MD4 (Data, DataSize, HashValue) == NULL) {
- return FALSE;
- } else {
- return TRUE;
- }
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
deleted file mode 100644
index 610c61c713..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/** @file
- MD4 Digest Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash
- operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
- OUT VOID *Md4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing MD4 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
- IN CONST VOID *Md4Context,
- OUT VOID *NewMd4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates MD4 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
- IN OUT VOID *Md4Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the MD4 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
- IN OUT VOID *Md4Context,
- OUT UINT8 *HashValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Computes the MD4 message digest of a input data buffer.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
- IN CONST VOID *Data,
- IN UINTN DataSize,
- OUT UINT8 *HashValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index c836c257f8..e9add0127d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -6,14 +6,14 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Note: MD4 Digest functions,
+# Note:
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
# supported in this instance.
#
-# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -35,7 +35,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index e5b8ececc1..0a2eb03232 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -6,12 +6,12 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
+# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -35,7 +35,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index cc0b65fd25..139983075e 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -6,12 +6,12 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
+# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
-# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -34,7 +34,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 9b4991cbb0..b03681b146 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -29,7 +29,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4Null.c
Hash/CryptMd5Null.c
Hash/CryptSha1Null.c
Hash/CryptSha256Null.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
deleted file mode 100644
index 610c61c713..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/** @file
- MD4 Digest Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash
- operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
- OUT VOID *Md4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing MD4 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
- IN CONST VOID *Md4Context,
- OUT VOID *NewMd4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates MD4 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
- IN OUT VOID *Md4Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the MD4 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
- IN OUT VOID *Md4Context,
- OUT UINT8 *HashValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Computes the MD4 message digest of a input data buffer.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
- IN CONST VOID *Data,
- IN UINTN DataSize,
- OUT UINT8 *HashValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index bd34e53ef2..95a1943ee2 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -241,6 +241,9 @@ extern "C" {
#ifndef OPENSSL_NO_AFALGENG
# define OPENSSL_NO_AFALGENG
#endif
+#ifndef OPENSSL_NO_MD4
+# define OPENSSL_NO_MD4
+#endif
/*
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 9ed0175553..10710e4a7c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -294,8 +294,6 @@
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
$(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
- $(OPENSSL_PATH)/crypto/md4/md4_one.c
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
@@ -525,7 +523,6 @@
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
$(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
$(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
$(OPENSSL_PATH)/crypto/md5/md5_locl.h
$(OPENSSL_PATH)/crypto/modes/modes_lcl.h
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 03da266627..d9782a3098 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -294,8 +294,6 @@
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
$(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
- $(OPENSSL_PATH)/crypto/md4/md4_one.c
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
@@ -525,7 +523,6 @@
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
$(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
$(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
$(OPENSSL_PATH)/crypto/md5/md5_locl.h
$(OPENSSL_PATH)/crypto/modes/modes_lcl.h
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V2 2/7] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 1/7] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
@ 2020-04-23 8:46 ` Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 3/7] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
` (6 subsequent siblings)
8 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-23 8:46 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Laszlo Ersek
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
ARC4 is not secure any longer.
Remove the ARC4 support from edk2.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/Driver/Crypto.c | 10 +-
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------------------
.../BaseCryptLib/Cipher/CryptArc4Null.c | 124 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 -----------
.../Library/Include/openssl/opensslconf.h | 3 +
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 -
.../Library/OpensslLib/OpensslLibCrypto.inf | 3 -
12 files changed, 11 insertions(+), 472 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index e191cf16e4..068efd1dbb 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -2071,7 +2071,7 @@ CryptoServiceArc4GetContextSize (
VOID
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize, Arc4GetContextSize, (), 0);
+ return BaseCryptLibServciceNotEnabled ("Arc4GetContextSize"), 0;
}
/**
@@ -2103,7 +2103,7 @@ CryptoServiceArc4Init (
IN UINTN KeySize
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, Key, KeySize), FALSE);
+ return BaseCryptLibServciceNotEnabled ("Arc4Init"), FALSE;
}
/**
@@ -2138,7 +2138,7 @@ CryptoServiceArc4Encrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Context, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServciceNotEnabled ("Arc4Encrypt"), FALSE;
}
/**
@@ -2173,7 +2173,7 @@ CryptoServiceArc4Decrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Context, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServciceNotEnabled ("Arc4Decrypt"), FALSE;
}
/**
@@ -2200,7 +2200,7 @@ CryptoServiceArc4Reset (
IN OUT VOID *Arc4Context
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context), FALSE);
+ return BaseCryptLibServciceNotEnabled ("Arc4Reset"), FALSE;
}
//=====================================================================================
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 22992e7d43..da38ea552f 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -40,7 +40,6 @@
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Cipher/CryptTdes.c
- Cipher/CryptArc4.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExt.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
deleted file mode 100644
index 388d312bed..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/** @file
- ARC4 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/rc4.h>
-
-/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- @return The size, in bytes, of the context buffer required for ARC4 operations.
-
-**/
-UINTN
-EFIAPI
-Arc4GetContextSize (
- VOID
- )
-{
- //
- // Memory for 2 copies of RC4_KEY is allocated, one for working copy, and the other
- // for backup copy. When Arc4Reset() is called, we can use the backup copy to restore
- // the working copy to the initial state.
- //
- return (UINTN) (2 * sizeof (RC4_KEY));
-}
-
-/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
- In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
- operations.
-
- If Arc4Context is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeySize does not in the range of [5, 256] bytes, then return FALSE.
-
- @param[out] Arc4Context Pointer to ARC4 context being initialized.
- @param[in] Key Pointer to the user-supplied ARC4 key.
- @param[in] KeySize Size of ARC4 key in bytes.
-
- @retval TRUE ARC4 context initialization succeeded.
- @retval FALSE ARC4 context initialization failed.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Init (
- OUT VOID *Arc4Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- RC4_KEY *Rc4Key;
-
- //
- // Check input parameters.
- //
- if (Arc4Context == NULL || Key == NULL || (KeySize < 5 || KeySize > 256)) {
- return FALSE;
- }
-
- Rc4Key = (RC4_KEY *) Arc4Context;
-
- RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
-
- CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY));
-
- return TRUE;
-}
-
-/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- This function performs ARC4 encryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
-
- @retval TRUE ARC4 encryption succeeded.
- @retval FALSE ARC4 encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Encrypt (
- IN OUT VOID *Arc4Context,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- RC4_KEY *Rc4Key;
-
- //
- // Check input parameters.
- //
- if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- Rc4Key = (RC4_KEY *) Arc4Context;
-
- RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
-
- return TRUE;
-}
-
-/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- This function performs ARC4 decryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
-
- @retval TRUE ARC4 decryption succeeded.
- @retval FALSE ARC4 decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Decrypt (
- IN OUT VOID *Arc4Context,
- IN UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- RC4_KEY *Rc4Key;
-
- //
- // Check input parameters.
- //
- if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- Rc4Key = (RC4_KEY *) Arc4Context;
-
- RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
-
- return TRUE;
-}
-
-/**
- Resets the ARC4 context to the initial state.
-
- The function resets the ARC4 context to the state it had immediately after the
- ARC4Init() function call.
- Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
- should be already correctly initialized by ARC4Init().
-
- If Arc4Context is NULL, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
-
- @retval TRUE ARC4 reset succeeded.
- @retval FALSE ARC4 reset failed.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Reset (
- IN OUT VOID *Arc4Context
- )
-{
- RC4_KEY *Rc4Key;
-
- //
- // Check input parameters.
- //
- if (Arc4Context == NULL) {
- return FALSE;
- }
-
- Rc4Key = (RC4_KEY *) Arc4Context;
-
- CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY));
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
deleted file mode 100644
index 1f09bfa30e..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/** @file
- ARC4 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-
-**/
-UINTN
-EFIAPI
-Arc4GetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] Arc4Context Pointer to ARC4 context being initialized.
- @param[in] Key Pointer to the user-supplied ARC4 key.
- @param[in] KeySize Size of ARC4 key in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Init (
- OUT VOID *Arc4Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Encrypt (
- IN OUT VOID *Arc4Context,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Decrypt (
- IN OUT VOID *Arc4Context,
- IN UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Resets the ARC4 context to the initial state.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Reset (
- IN OUT VOID *Arc4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index e9add0127d..f43953b78c 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -46,7 +46,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
- Cipher/CryptArc4Null.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 0a2eb03232..f1eb099b67 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -46,7 +46,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
- Cipher/CryptArc4Null.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 139983075e..3a94655775 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -45,7 +45,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
Cipher/CryptTdesNull.c
- Cipher/CryptArc4Null.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index b03681b146..a205c9005d 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -40,7 +40,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
- Cipher/CryptArc4Null.c
Pk/CryptRsaBasicNull.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
deleted file mode 100644
index 1f09bfa30e..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/** @file
- ARC4 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-
-**/
-UINTN
-EFIAPI
-Arc4GetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] Arc4Context Pointer to ARC4 context being initialized.
- @param[in] Key Pointer to the user-supplied ARC4 key.
- @param[in] KeySize Size of ARC4 key in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Init (
- OUT VOID *Arc4Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Encrypt (
- IN OUT VOID *Arc4Context,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Decrypt (
- IN OUT VOID *Arc4Context,
- IN UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Resets the ARC4 context to the initial state.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Reset (
- IN OUT VOID *Arc4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 95a1943ee2..005691ff46 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -244,6 +244,9 @@ extern "C" {
#ifndef OPENSSL_NO_MD4
# define OPENSSL_NO_MD4
#endif
+#ifndef OPENSSL_NO_RC4
+# define OPENSSL_NO_RC4
+#endif
/*
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 10710e4a7c..dfaefd1c08 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -374,8 +374,6 @@
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
$(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
@@ -531,7 +529,6 @@
$(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
$(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
$(OPENSSL_PATH)/crypto/rand/rand_lcl.h
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
$(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
$(OPENSSL_PATH)/crypto/sha/sha_locl.h
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index d9782a3098..080e1d9305 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -374,8 +374,6 @@
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
$(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
@@ -531,7 +529,6 @@
$(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
$(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
$(OPENSSL_PATH)/crypto/rand/rand_lcl.h
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
$(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
$(OPENSSL_PATH)/crypto/sha/sha_locl.h
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V2 3/7] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 1/7] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 2/7] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
@ 2020-04-23 8:46 ` Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 4/7] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
` (5 subsequent siblings)
8 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-23 8:46 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Laszlo Ersek
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Tdes is not secure any longer.
Remove the Tdes support from edk2.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/Driver/Crypto.c | 12 +-
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------
.../BaseCryptLib/Cipher/CryptTdesNull.c | 160 --------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 --------
.../Library/Include/openssl/opensslconf.h | 3 +
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 21 -
.../Library/OpensslLib/OpensslLibCrypto.inf | 21 -
13 files changed, 14 insertions(+), 745 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 068efd1dbb..14f3dd7de0 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1646,7 +1646,7 @@ CryptoServiceTdesGetContextSize (
VOID
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSize, (), 0);
+ return BaseCryptLibServciceNotEnabled ("TdesGetContextSize"), 0;
}
/**
@@ -1682,7 +1682,7 @@ CryptoServiceTdesInit (
IN UINTN KeyLength
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Key, KeyLength), FALSE);
+ return BaseCryptLibServciceNotEnabled ("TdesInit"), FALSE;
}
/**
@@ -1720,7 +1720,7 @@ CryptoServiceTdesEcbEncrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServciceNotEnabled ("TdesEcbEncrypt"), FALSE;
}
/**
@@ -1758,7 +1758,7 @@ CryptoServiceTdesEcbDecrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServciceNotEnabled ("TdesEcbDecrypt"), FALSE;
}
/**
@@ -1800,7 +1800,7 @@ CryptoServiceTdesCbcEncrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
+ return BaseCryptLibServciceNotEnabled ("TdesCbcEncrypt"), FALSE;
}
/**
@@ -1842,7 +1842,7 @@ CryptoServiceTdesCbcDecrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
+ return BaseCryptLibServciceNotEnabled ("TdesCbcDecrypt"), FALSE;
}
/**
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index da38ea552f..2de8e9c346 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -39,7 +39,6 @@
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
- Cipher/CryptTdes.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExt.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
deleted file mode 100644
index fd799f3398..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/** @file
- TDES Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/des.h>
-
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- //
- // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each.
- //
- return (UINTN) (3 * sizeof (DES_key_schedule));
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- DES_key_schedule *KeySchedule;
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
-
- //
- // If input Key is a weak key, return error.
- //
- if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) {
- return FALSE;
- }
-
- DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule);
-
- if (KeyLength == 64) {
- CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule));
- CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
- return TRUE;
- }
-
- if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) == 1) {
- return FALSE;
- }
-
- DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1);
-
- if (KeyLength == 128) {
- CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
- return TRUE;
- }
-
- if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) == 1) {
- return FALSE;
- }
-
- DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2);
-
- return TRUE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
-
- while (InputSize > 0) {
- DES_ecb3_encrypt (
- (const_DES_cblock *) Input,
- (DES_cblock *) Output,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- DES_ENCRYPT
- );
- Input += TDES_BLOCK_SIZE;
- Output += TDES_BLOCK_SIZE;
- InputSize -= TDES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
-
- while (InputSize > 0) {
- DES_ecb3_encrypt (
- (const_DES_cblock *) Input,
- (DES_cblock *) Output,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- DES_DECRYPT
- );
- Input += TDES_BLOCK_SIZE;
- Output += TDES_BLOCK_SIZE;
- InputSize -= TDES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
- UINT8 IvecBuffer[TDES_BLOCK_SIZE];
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
- return FALSE;
- }
-
- if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
- CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
-
- DES_ede3_cbc_encrypt (
- Input,
- Output,
- (UINT32) InputSize,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- (DES_cblock *) IvecBuffer,
- DES_ENCRYPT
- );
-
- return TRUE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
- UINT8 IvecBuffer[TDES_BLOCK_SIZE];
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
- return FALSE;
- }
-
- if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
- CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
-
- DES_ede3_cbc_encrypt (
- Input,
- Output,
- (UINT32) InputSize,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- (DES_cblock *) IvecBuffer,
- DES_DECRYPT
- );
-
- return TRUE;
-}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
deleted file mode 100644
index efa2716063..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/** @file
- TDES Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index f43953b78c..f631f8d879 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -45,7 +45,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
index 75a133bd0c..6f7e1971f8 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
@@ -1,7 +1,7 @@
/** @file
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem (
//
// Add possible block-cipher descriptor for PEM data decryption.
- // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
+ // NOTE: Only support most popular ciphers AES for the encrypted PEM.
//
- if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
- return FALSE;
- }
if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
return FALSE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index f1eb099b67..672e19299c 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -45,7 +45,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 3a94655775..cc3556ae3f 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -44,7 +44,6 @@
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index a205c9005d..04b552f8b7 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -39,7 +39,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasicNull.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
deleted file mode 100644
index efa2716063..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/** @file
- TDES Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 005691ff46..15db916d88 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -247,6 +247,9 @@ extern "C" {
#ifndef OPENSSL_NO_RC4
# define OPENSSL_NO_RC4
#endif
+#ifndef OPENSSL_NO_DES
+# define OPENSSL_NO_DES
+#endif
/*
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index dfaefd1c08..d66f1cb03f 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -178,25 +178,6 @@
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/ctype.c
$(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
- $(OPENSSL_PATH)/crypto/des/cbc_enc.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
- $(OPENSSL_PATH)/crypto/des/cfb64enc.c
- $(OPENSSL_PATH)/crypto/des/cfb_enc.c
- $(OPENSSL_PATH)/crypto/des/des_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb_enc.c
- $(OPENSSL_PATH)/crypto/des/fcrypt.c
- $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
- $(OPENSSL_PATH)/crypto/des/ofb64enc.c
- $(OPENSSL_PATH)/crypto/des/ofb_enc.c
- $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/qud_cksm.c
- $(OPENSSL_PATH)/crypto/des/rand_key.c
- $(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/str2key.c
- $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_check.c
@@ -514,8 +495,6 @@
$(OPENSSL_PATH)/crypto/comp/comp_lcl.h
$(OPENSSL_PATH)/crypto/conf/conf_def.h
$(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
- $(OPENSSL_PATH)/crypto/des/spr.h
$(OPENSSL_PATH)/crypto/dh/dh_locl.h
$(OPENSSL_PATH)/crypto/dso/dso_locl.h
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 080e1d9305..5788d13cf7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -178,25 +178,6 @@
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/ctype.c
$(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
- $(OPENSSL_PATH)/crypto/des/cbc_enc.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
- $(OPENSSL_PATH)/crypto/des/cfb64enc.c
- $(OPENSSL_PATH)/crypto/des/cfb_enc.c
- $(OPENSSL_PATH)/crypto/des/des_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb_enc.c
- $(OPENSSL_PATH)/crypto/des/fcrypt.c
- $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
- $(OPENSSL_PATH)/crypto/des/ofb64enc.c
- $(OPENSSL_PATH)/crypto/des/ofb_enc.c
- $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/qud_cksm.c
- $(OPENSSL_PATH)/crypto/des/rand_key.c
- $(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/str2key.c
- $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_check.c
@@ -514,8 +495,6 @@
$(OPENSSL_PATH)/crypto/comp/comp_lcl.h
$(OPENSSL_PATH)/crypto/conf/conf_def.h
$(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
- $(OPENSSL_PATH)/crypto/des/spr.h
$(OPENSSL_PATH)/crypto/dh/dh_locl.h
$(OPENSSL_PATH)/crypto/dso/dso_locl.h
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V2 4/7] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (2 preceding siblings ...)
2020-04-23 8:46 ` [PATCH V2 3/7] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
@ 2020-04-23 8:46 ` Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 5/7] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Gao, Zhichao
` (4 subsequent siblings)
8 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-23 8:46 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Laszlo Ersek
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Aes Ecb mode is not secure any longer.
Remove the Aes Ecb mode support from edk2.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 45 +++----
CryptoPkg/Driver/Crypto.c | 4 +-
CryptoPkg/Include/Library/BaseCryptLib.h | 70 -----------
.../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ------------------
.../BaseCryptLib/Cipher/CryptAesNull.c | 52 --------
.../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 --------
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 -
.../Library/OpensslLib/OpensslLibCrypto.inf | 1 -
8 files changed, 26 insertions(+), 313 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 6ed7046563..1f68cc633b 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,27 +137,30 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 14f3dd7de0..f86fc75650 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1931,7 +1931,7 @@ CryptoServiceAesEcbEncrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt, (AesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServciceNotEnabled ("AesEcbEncrypt"), FALSE;
}
/**
@@ -1969,7 +1969,7 @@ CryptoServiceAesEcbDecrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt, (AesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServciceNotEnabled ("AesEcbDecrypt"), FALSE;
}
/**
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index c862f0334f..98363f740e 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1326,76 +1326,6 @@ TdesInit (
IN UINTN KeyLength
);
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
/**
Performs TDES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
index 2515b34bb8..914cffb211 100644
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
@@ -78,120 +78,6 @@ AesInit (
return TRUE;
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- AES_KEY *AesKey;
-
- //
- // Check input parameters.
- //
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- AesKey = (AES_KEY *) AesContext;
-
- //
- // Perform AES data encryption with ECB mode (block-by-block)
- //
- while (InputSize > 0) {
- AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
- Input += AES_BLOCK_SIZE;
- Output += AES_BLOCK_SIZE;
- InputSize -= AES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- AES_KEY *AesKey;
-
- //
- // Check input parameters.
- //
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- AesKey = (AES_KEY *) AesContext;
-
- //
- // Perform AES data decryption with ECB mode (block-by-block)
- //
- while (InputSize > 0) {
- AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
- Input += AES_BLOCK_SIZE;
- Output += AES_BLOCK_SIZE;
- InputSize -= AES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
index a82adacf4f..d235422e7a 100644
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
@@ -50,58 +50,6 @@ AesInit (
return FALSE;
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
index a82adacf4f..d235422e7a 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
@@ -50,58 +50,6 @@ AesInit (
return FALSE;
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index d66f1cb03f..c8ec9454bd 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -29,7 +29,6 @@
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
$(OPENSSL_PATH)/crypto/aes/aes_ige.c
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 5788d13cf7..2f232e3e12 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -29,7 +29,6 @@
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
$(OPENSSL_PATH)/crypto/aes/aes_ige.c
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V2 5/7] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (3 preceding siblings ...)
2020-04-23 8:46 ` [PATCH V2 4/7] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
@ 2020-04-23 8:46 ` Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 6/7] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Gao, Zhichao
` (3 subsequent siblings)
8 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-23 8:46 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Laszlo Ersek
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
HMAC MD5 is not secure any longer.
Remove the HMAC MD5 support from edk2.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 1 -
CryptoPkg/Driver/Crypto.c | 12 +-
CryptoPkg/Include/Library/BaseCryptLib.h | 133 -----------
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------
.../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 -----------
11 files changed, 9 insertions(+), 642 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 1f68cc633b..9ddf73f9fa 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,7 +137,6 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index f86fc75650..8844c7a505 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1195,7 +1195,7 @@ CryptoServiceHmacMd5New (
VOID
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), NULL);
+ return BaseCryptLibServciceNotEnabled ("HmacMd5New"), NULL;
}
/**
@@ -1212,7 +1212,7 @@ CryptoServiceHmacMd5Free (
IN VOID *HmacMd5Ctx
)
{
- CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, (HmacMd5Ctx));
+ BaseCryptLibServciceNotEnabled ("HmacMd5Free");
}
/**
@@ -1239,7 +1239,7 @@ CryptoServiceHmacMd5SetKey (
IN UINTN KeySize
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, (HmacMd5Context, Key, KeySize), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacMd5SetKey"), FALSE;
}
/**
@@ -1264,7 +1264,7 @@ CryptoServiceHmacMd5Duplicate (
OUT VOID *NewHmacMd5Context
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Context), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacMd5Duplicate"), FALSE;
}
/**
@@ -1295,7 +1295,7 @@ CryptoServiceHmacMd5Update (
IN UINTN DataSize
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, (HmacMd5Context, Data, DataSize), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacMd5Update"), FALSE;
}
/**
@@ -1327,7 +1327,7 @@ CryptoServiceHmacMd5Final (
OUT UINT8 *HmacValue
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, (HmacMd5Context, HmacValue), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacMd5Final"), FALSE;
}
/**
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 98363f740e..eb2808f842 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -880,139 +880,6 @@ Sm3HashAll (
// MAC (Message Authentication Code) Primitive
//=====================================================================================
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- );
-
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- );
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- );
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- );
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- );
-
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 2de8e9c346..33d7c13bff 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
- Hmac/CryptHmacMd5.c
Hmac/CryptHmacSha1.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
deleted file mode 100644
index da46ce09f4..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/** @file
- HMAC-MD5 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- //
- // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
- //
- return (VOID *) HMAC_CTX_new ();
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- //
- // Free OpenSSL HMAC_CTX Context
- //
- HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx);
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL || KeySize > INT_MAX) {
- return FALSE;
- }
-
- if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL || NewHmacMd5Context == NULL) {
- return FALSE;
- }
-
- if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-MD5 digest update
- //
- if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 digest computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- UINT32 Length;
-
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL || HmacValue == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-MD5 digest finalization
- //
- if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) != 1) {
- return FALSE;
- }
- if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
deleted file mode 100644
index 5de55bf0d5..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- Return NULL to indicate this interface is not supported.
-
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index f631f8d879..2a630ef290 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 672e19299c..1642521087 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index cc3556ae3f..ec9c8e7c05 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external
+# HMAC-SHA1 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -39,7 +39,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 04b552f8b7..558ccfc002 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256Null.c
Hash/CryptSha512Null.c
Hash/CryptSm3Null.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
deleted file mode 100644
index 5de55bf0d5..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- Return NULL to indicate this interface is not supported.
-
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V2 6/7] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (4 preceding siblings ...)
2020-04-23 8:46 ` [PATCH V2 5/7] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Gao, Zhichao
@ 2020-04-23 8:46 ` Gao, Zhichao
2020-04-23 8:46 ` [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao
` (2 subsequent siblings)
8 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-23 8:46 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Laszlo Ersek
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
HMAC SHA1 is not secure any longer.
Remove the HMAC SHA1 support from edk2.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 3 -
CryptoPkg/Driver/Crypto.c | 12 +-
CryptoPkg/Include/Library/BaseCryptLib.h | 133 -----------
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ------------------
.../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 4 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 -----------
11 files changed, 9 insertions(+), 645 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 9ddf73f9fa..1af78468a1 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,7 +137,6 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -163,7 +162,6 @@
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -178,7 +176,6 @@
!endif
!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 8844c7a505..e0544d44ca 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1346,7 +1346,7 @@ CryptoServiceHmacSha1New (
VOID
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.New, HmacSha1New, (), NULL);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1New"), NULL;
}
/**
@@ -1363,7 +1363,7 @@ CryptoServiceHmacSha1Free (
IN VOID *HmacSha1Ctx
)
{
- CALL_VOID_BASECRYPTLIB (HmacSha1.Services.Free, HmacSha1Free, (HmacSha1Ctx));
+ BaseCryptLibServciceNotEnabled ("HmacSha1Free");
}
/**
@@ -1390,7 +1390,7 @@ CryptoServiceHmacSha1SetKey (
IN UINTN KeySize
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.SetKey, HmacSha1SetKey, (HmacSha1Context, Key, KeySize), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1SetKey"), FALSE;
}
/**
@@ -1415,7 +1415,7 @@ CryptoServiceHmacSha1Duplicate (
OUT VOID *NewHmacSha1Context
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.Duplicate, HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Context), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1Duplicate"), FALSE;
}
/**
@@ -1446,7 +1446,7 @@ CryptoServiceHmacSha1Update (
IN UINTN DataSize
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.Update, HmacSha1Update, (HmacSha1Context, Data, DataSize), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1Update"), FALSE;
}
/**
@@ -1478,7 +1478,7 @@ CryptoServiceHmacSha1Final (
OUT UINT8 *HmacValue
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, (HmacSha1Context, HmacValue), FALSE);
+ return BaseCryptLibServciceNotEnabled ("HmacSha1Final"), FALSE;
}
/**
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index eb2808f842..7d0056d5bd 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -880,139 +880,6 @@ Sm3HashAll (
// MAC (Message Authentication Code) Primitive
//=====================================================================================
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha1New() returns NULL.
- @return NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- );
-
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- );
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- );
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- If HmacSha1Context is NULL, then return FALSE.
- If NewHmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval TRUE HMAC-SHA1 context copy succeeded.
- @retval FALSE HMAC-SHA1 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- );
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- This function performs HMAC-SHA1 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA1 data digest succeeded.
- @retval FALSE HMAC-SHA1 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- This function completes HMAC-SHA1 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA1 context cannot
- be used again.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized
- by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval TRUE HMAC-SHA1 digest computation succeeded.
- @retval FALSE HMAC-SHA1 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- );
-
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 33d7c13bff..4aae2aba95 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
- Hmac/CryptHmacSha1.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
deleted file mode 100644
index 7593ca55b1..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/** @file
- HMAC-SHA1 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha1New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- //
- // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
- //
- return (VOID *) HMAC_CTX_new ();
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- //
- // Free OpenSSL HMAC_CTX Context
- //
- HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx);
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- If HmacSha1Context is NULL, then return FALSE.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL || KeySize > INT_MAX) {
- return FALSE;
- }
-
- if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- If HmacSha1Context is NULL, then return FALSE.
- If NewHmacSha1Context is NULL, then return FALSE.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval TRUE HMAC-SHA1 context copy succeeded.
- @retval FALSE HMAC-SHA1 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL || NewHmacSha1Context == NULL) {
- return FALSE;
- }
-
- if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- This function performs HMAC-SHA1 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA1 data digest succeeded.
- @retval FALSE HMAC-SHA1 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA1 digest update
- //
- if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- This function completes HMAC-SHA1 digest computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA1 context cannot
- be used again.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval TRUE HMAC-SHA1 digest computation succeeded.
- @retval FALSE HMAC-SHA1 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- UINT32 Length;
-
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL || HmacValue == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA1 digest finalization
- //
- if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) != 1) {
- return FALSE;
- }
- if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
deleted file mode 100644
index e8c0f341b7..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 2a630ef290..dc28e3a11d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 1642521087..5005beed02 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index ec9c8e7c05..91ec3e03bf 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,8 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-SHA1 functions, RSA external
-# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
@@ -39,7 +38,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 558ccfc002..689af4fedd 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256Null.c
Hash/CryptSha512Null.c
Hash/CryptSm3Null.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
deleted file mode 100644
index e8c0f341b7..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (5 preceding siblings ...)
2020-04-23 8:46 ` [PATCH V2 6/7] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Gao, Zhichao
@ 2020-04-23 8:46 ` Gao, Zhichao
2020-04-25 9:44 ` Siyuan, Fu
2020-04-23 9:31 ` [edk2-devel] [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Yao, Jiewen
2020-04-24 13:25 ` Laszlo Ersek
8 siblings, 1 reply; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-23 8:46 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Laszlo Ersek
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Update the Crypto Version to 7:
1. Retire below deprecated functions:
MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/Private/Protocol/Crypto.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index 40c387e002..667ca1ef07 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -20,7 +20,7 @@
/// the EDK II Crypto Protocol is extended, this version define must be
/// increased.
///
-#define EDKII_CRYPTO_VERSION 6
+#define EDKII_CRYPTO_VERSION 7
///
/// EDK II Crypto Protocol forward declaration
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver
2020-04-23 8:46 ` [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao
@ 2020-04-25 9:44 ` Siyuan, Fu
2020-04-25 13:48 ` Yao, Jiewen
0 siblings, 1 reply; 17+ messages in thread
From: Siyuan, Fu @ 2020-04-25 9:44 UTC (permalink / raw)
To: Gao, Zhichao, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, XiaoyuX, Kinney, Michael D, Yao, Jiewen,
Laszlo Ersek
Hi, Zhichao
This patch set doesn't add or remove any field in EDK II Crypto Protocol, but just change some API implementation to return false or unsupport, right? If so I don't think the Crypto Version need to be increased.
Best Regards
Siyuan
> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: 2020年4月23日 16:46
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Kinney, Michael
> D <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Laszlo Ersek <lersek@redhat.com>
> Subject: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto
> Driver
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
>
> Update the Crypto Version to 7:
> 1. Retire below deprecated functions:
> MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
> CryptoPkg/Private/Protocol/Crypto.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> b/CryptoPkg/Private/Protocol/Crypto.h
> index 40c387e002..667ca1ef07 100644
> --- a/CryptoPkg/Private/Protocol/Crypto.h
> +++ b/CryptoPkg/Private/Protocol/Crypto.h
> @@ -20,7 +20,7 @@
> /// the EDK II Crypto Protocol is extended, this version define must be
> /// increased.
> ///
> -#define EDKII_CRYPTO_VERSION 6
> +#define EDKII_CRYPTO_VERSION 7
>
> ///
> /// EDK II Crypto Protocol forward declaration
> --
> 2.21.0.windows.1
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver
2020-04-25 9:44 ` Siyuan, Fu
@ 2020-04-25 13:48 ` Yao, Jiewen
2020-04-26 6:43 ` Gao, Zhichao
0 siblings, 1 reply; 17+ messages in thread
From: Yao, Jiewen @ 2020-04-25 13:48 UTC (permalink / raw)
To: Fu, Siyuan, Gao, Zhichao, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, XiaoyuX, Kinney, Michael D, Laszlo Ersek
Why not remove the deprecated functions ?
Thank you
Yao Jiewen
> -----Original Message-----
> From: Fu, Siyuan <siyuan.fu@intel.com>
> Sent: Saturday, April 25, 2020 5:45 PM
> To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>
> Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto
> Driver
>
> Hi, Zhichao
>
> This patch set doesn't add or remove any field in EDK II Crypto Protocol, but just
> change some API implementation to return false or unsupport, right? If so I
> don't think the Crypto Version need to be increased.
>
> Best Regards
> Siyuan
>
> > -----Original Message-----
> > From: Gao, Zhichao <zhichao.gao@intel.com>
> > Sent: 2020年4月23日 16:46
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Kinney, Michael
> > D <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > Laszlo Ersek <lersek@redhat.com>
> > Subject: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto
> > Driver
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> >
> > Update the Crypto Version to 7:
> > 1. Retire below deprecated functions:
> > MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > ---
> > CryptoPkg/Private/Protocol/Crypto.h | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> > b/CryptoPkg/Private/Protocol/Crypto.h
> > index 40c387e002..667ca1ef07 100644
> > --- a/CryptoPkg/Private/Protocol/Crypto.h
> > +++ b/CryptoPkg/Private/Protocol/Crypto.h
> > @@ -20,7 +20,7 @@
> > /// the EDK II Crypto Protocol is extended, this version define must be
> > /// increased.
> > ///
> > -#define EDKII_CRYPTO_VERSION 6
> > +#define EDKII_CRYPTO_VERSION 7
> >
> > ///
> > /// EDK II Crypto Protocol forward declaration
> > --
> > 2.21.0.windows.1
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver
2020-04-25 13:48 ` Yao, Jiewen
@ 2020-04-26 6:43 ` Gao, Zhichao
2020-04-26 6:48 ` Yao, Jiewen
0 siblings, 1 reply; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-26 6:43 UTC (permalink / raw)
To: Yao, Jiewen, Fu, Siyuan, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, XiaoyuX, Kinney, Michael D, Laszlo Ersek
Jiewen,
Do you mean remove the definition of the deprecated function and keep the NULL value in the protocol structure?
I am not sure if that is a good idea. Because that would give the protocol a chance to call a NULL pointer.
Siyuan,
The binary would be totally different. Does that make sence?
Thanks,
Zhichao
> -----Original Message-----
> From: Yao, Jiewen
> Sent: Saturday, April 25, 2020 9:48 PM
> To: Fu, Siyuan <siyuan.fu@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>;
> devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> <lersek@redhat.com>
> Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto
> Driver
>
> Why not remove the deprecated functions ?
>
> Thank you
> Yao Jiewen
>
> > -----Original Message-----
> > From: Fu, Siyuan <siyuan.fu@intel.com>
> > Sent: Saturday, April 25, 2020 5:45 PM
> > To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu@intel.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > Laszlo Ersek <lersek@redhat.com>
> > Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of
> > Crypto Driver
> >
> > Hi, Zhichao
> >
> > This patch set doesn't add or remove any field in EDK II Crypto
> > Protocol, but just change some API implementation to return false or
> > unsupport, right? If so I don't think the Crypto Version need to be increased.
> >
> > Best Regards
> > Siyuan
> >
> > > -----Original Message-----
> > > From: Gao, Zhichao <zhichao.gao@intel.com>
> > > Sent: 2020年4月23日 16:46
> > > To: devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > <xiaoyux.lu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Kinney,
> > > Michael D <michael.d.kinney@intel.com>; Yao, Jiewen
> > > <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>
> > > Subject: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of
> > > Crypto Driver
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> > >
> > > Update the Crypto Version to 7:
> > > 1. Retire below deprecated functions:
> > > MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
> > >
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Laszlo Ersek <lersek@redhat.com>
> > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > > ---
> > > CryptoPkg/Private/Protocol/Crypto.h | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> > > b/CryptoPkg/Private/Protocol/Crypto.h
> > > index 40c387e002..667ca1ef07 100644
> > > --- a/CryptoPkg/Private/Protocol/Crypto.h
> > > +++ b/CryptoPkg/Private/Protocol/Crypto.h
> > > @@ -20,7 +20,7 @@
> > > /// the EDK II Crypto Protocol is extended, this version define
> > > must be /// increased.
> > > ///
> > > -#define EDKII_CRYPTO_VERSION 6
> > > +#define EDKII_CRYPTO_VERSION 7
> > >
> > > ///
> > > /// EDK II Crypto Protocol forward declaration
> > > --
> > > 2.21.0.windows.1
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver
2020-04-26 6:43 ` Gao, Zhichao
@ 2020-04-26 6:48 ` Yao, Jiewen
2020-04-27 0:31 ` [edk2-devel] " Gao, Zhichao
0 siblings, 1 reply; 17+ messages in thread
From: Yao, Jiewen @ 2020-04-26 6:48 UTC (permalink / raw)
To: Gao, Zhichao, Fu, Siyuan, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, XiaoyuX, Kinney, Michael D, Laszlo Ersek
You can change the protocol GUID and remote the function from the protocol - this is an internal protocol. It should not be called by anyone.
> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: Sunday, April 26, 2020 2:43 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>;
> devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> <lersek@redhat.com>
> Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto
> Driver
>
> Jiewen,
>
> Do you mean remove the definition of the deprecated function and keep the
> NULL value in the protocol structure?
> I am not sure if that is a good idea. Because that would give the protocol a
> chance to call a NULL pointer.
>
> Siyuan,
>
> The binary would be totally different. Does that make sence?
>
> Thanks,
> Zhichao
>
> > -----Original Message-----
> > From: Yao, Jiewen
> > Sent: Saturday, April 25, 2020 9:48 PM
> > To: Fu, Siyuan <siyuan.fu@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>;
> > devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>;
> > Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> > <lersek@redhat.com>
> > Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto
> > Driver
> >
> > Why not remove the deprecated functions ?
> >
> > Thank you
> > Yao Jiewen
> >
> > > -----Original Message-----
> > > From: Fu, Siyuan <siyuan.fu@intel.com>
> > > Sent: Saturday, April 25, 2020 5:45 PM
> > > To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > <xiaoyux.lu@intel.com>; Kinney, Michael D
> > > <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > > Laszlo Ersek <lersek@redhat.com>
> > > Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of
> > > Crypto Driver
> > >
> > > Hi, Zhichao
> > >
> > > This patch set doesn't add or remove any field in EDK II Crypto
> > > Protocol, but just change some API implementation to return false or
> > > unsupport, right? If so I don't think the Crypto Version need to be increased.
> > >
> > > Best Regards
> > > Siyuan
> > >
> > > > -----Original Message-----
> > > > From: Gao, Zhichao <zhichao.gao@intel.com>
> > > > Sent: 2020年4月23日 16:46
> > > > To: devel@edk2.groups.io
> > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > > <xiaoyux.lu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Kinney,
> > > > Michael D <michael.d.kinney@intel.com>; Yao, Jiewen
> > > > <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>
> > > > Subject: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of
> > > > Crypto Driver
> > > >
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> > > >
> > > > Update the Crypto Version to 7:
> > > > 1. Retire below deprecated functions:
> > > > MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
> > > >
> > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > Cc: Laszlo Ersek <lersek@redhat.com>
> > > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > > > ---
> > > > CryptoPkg/Private/Protocol/Crypto.h | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> > > > b/CryptoPkg/Private/Protocol/Crypto.h
> > > > index 40c387e002..667ca1ef07 100644
> > > > --- a/CryptoPkg/Private/Protocol/Crypto.h
> > > > +++ b/CryptoPkg/Private/Protocol/Crypto.h
> > > > @@ -20,7 +20,7 @@
> > > > /// the EDK II Crypto Protocol is extended, this version define
> > > > must be /// increased.
> > > > ///
> > > > -#define EDKII_CRYPTO_VERSION 6
> > > > +#define EDKII_CRYPTO_VERSION 7
> > > >
> > > > ///
> > > > /// EDK II Crypto Protocol forward declaration
> > > > --
> > > > 2.21.0.windows.1
> >
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [edk2-devel] [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver
2020-04-26 6:48 ` Yao, Jiewen
@ 2020-04-27 0:31 ` Gao, Zhichao
2020-04-27 0:41 ` Siyuan, Fu
0 siblings, 1 reply; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-27 0:31 UTC (permalink / raw)
To: devel@edk2.groups.io, Yao, Jiewen, Fu, Siyuan
Cc: Wang, Jian J, Lu, XiaoyuX, Kinney, Michael D, Laszlo Ersek
It is a incapability change.
Hi Siyuan/Mike,
Do you know who owns the update of the Crypt DXE driver? I want to get the suggestion from the owner if we can make this change. Because the consumer of this binary driver should aware of this change.
Thanks,
Zhichao
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Sunday, April 26, 2020 2:48 PM
> To: Gao, Zhichao <zhichao.gao@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>;
> devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> <lersek@redhat.com>
> Subject: Re: [edk2-devel] [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version
> of Crypto Driver
>
> You can change the protocol GUID and remote the function from the protocol -
> this is an internal protocol. It should not be called by anyone.
>
> > -----Original Message-----
> > From: Gao, Zhichao <zhichao.gao@intel.com>
> > Sent: Sunday, April 26, 2020 2:43 PM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; Fu, Siyuan
> > <siyuan.fu@intel.com>; devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu@intel.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>
> > Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of
> > Crypto Driver
> >
> > Jiewen,
> >
> > Do you mean remove the definition of the deprecated function and keep
> > the NULL value in the protocol structure?
> > I am not sure if that is a good idea. Because that would give the
> > protocol a chance to call a NULL pointer.
> >
> > Siyuan,
> >
> > The binary would be totally different. Does that make sence?
> >
> > Thanks,
> > Zhichao
> >
> > > -----Original Message-----
> > > From: Yao, Jiewen
> > > Sent: Saturday, April 25, 2020 9:48 PM
> > > To: Fu, Siyuan <siyuan.fu@intel.com>; Gao, Zhichao
> > > <zhichao.gao@intel.com>; devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu@intel.com>;
> > > Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> > > <lersek@redhat.com>
> > > Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version
> > > of Crypto Driver
> > >
> > > Why not remove the deprecated functions ?
> > >
> > > Thank you
> > > Yao Jiewen
> > >
> > > > -----Original Message-----
> > > > From: Fu, Siyuan <siyuan.fu@intel.com>
> > > > Sent: Saturday, April 25, 2020 5:45 PM
> > > > To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
> > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > > <xiaoyux.lu@intel.com>; Kinney, Michael D
> > > > <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > > > Laszlo Ersek <lersek@redhat.com>
> > > > Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version
> > > > of Crypto Driver
> > > >
> > > > Hi, Zhichao
> > > >
> > > > This patch set doesn't add or remove any field in EDK II Crypto
> > > > Protocol, but just change some API implementation to return false
> > > > or unsupport, right? If so I don't think the Crypto Version need to be
> increased.
> > > >
> > > > Best Regards
> > > > Siyuan
> > > >
> > > > > -----Original Message-----
> > > > > From: Gao, Zhichao <zhichao.gao@intel.com>
> > > > > Sent: 2020年4月23日 16:46
> > > > > To: devel@edk2.groups.io
> > > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > > > <xiaoyux.lu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>;
> > > > > Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen
> > > > > <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>
> > > > > Subject: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version
> > > > > of Crypto Driver
> > > > >
> > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> > > > >
> > > > > Update the Crypto Version to 7:
> > > > > 1. Retire below deprecated functions:
> > > > > MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
> > > > >
> > > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > > > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > Cc: Laszlo Ersek <lersek@redhat.com>
> > > > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > > > > ---
> > > > > CryptoPkg/Private/Protocol/Crypto.h | 2 +-
> > > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > > >
> > > > > diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> > > > > b/CryptoPkg/Private/Protocol/Crypto.h
> > > > > index 40c387e002..667ca1ef07 100644
> > > > > --- a/CryptoPkg/Private/Protocol/Crypto.h
> > > > > +++ b/CryptoPkg/Private/Protocol/Crypto.h
> > > > > @@ -20,7 +20,7 @@
> > > > > /// the EDK II Crypto Protocol is extended, this version define
> > > > > must be /// increased.
> > > > > ///
> > > > > -#define EDKII_CRYPTO_VERSION 6
> > > > > +#define EDKII_CRYPTO_VERSION 7
> > > > >
> > > > > ///
> > > > > /// EDK II Crypto Protocol forward declaration
> > > > > --
> > > > > 2.21.0.windows.1
> > >
> >
>
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [edk2-devel] [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver
2020-04-27 0:31 ` [edk2-devel] " Gao, Zhichao
@ 2020-04-27 0:41 ` Siyuan, Fu
0 siblings, 0 replies; 17+ messages in thread
From: Siyuan, Fu @ 2020-04-27 0:41 UTC (permalink / raw)
To: Gao, Zhichao, devel@edk2.groups.io, Yao, Jiewen
Cc: Wang, Jian J, Lu, XiaoyuX, Kinney, Michael D, Laszlo Ersek
Hi, Zhichao
The protocol is internal API inside CryptoPkg, and BaseCryptLib is external API. If you create a patch which made incompatible change of the protocol and its version number, I suppose you should be the one who also update the DXE driver and library instance so the external API will not be impacted (deprecated lib API may be removed, but others should keep functional).
Best Regards
Siyuan
> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: 2020年4月27日 8:32
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Fu, Siyuan
> <siyuan.fu@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>;
> Laszlo Ersek <lersek@redhat.com>
> Subject: RE: [edk2-devel] [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the
> version of Crypto Driver
>
> It is a incapability change.
>
> Hi Siyuan/Mike,
>
> Do you know who owns the update of the Crypt DXE driver? I want to get the
> suggestion from the owner if we can make this change. Because the
> consumer of this binary driver should aware of this change.
>
> Thanks,
> Zhichao
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> Jiewen
> > Sent: Sunday, April 26, 2020 2:48 PM
> > To: Gao, Zhichao <zhichao.gao@intel.com>; Fu, Siyuan
> <siyuan.fu@intel.com>;
> > devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>;
> > Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> > <lersek@redhat.com>
> > Subject: Re: [edk2-devel] [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the
> version
> > of Crypto Driver
> >
> > You can change the protocol GUID and remote the function from the
> protocol -
> > this is an internal protocol. It should not be called by anyone.
> >
> > > -----Original Message-----
> > > From: Gao, Zhichao <zhichao.gao@intel.com>
> > > Sent: Sunday, April 26, 2020 2:43 PM
> > > To: Yao, Jiewen <jiewen.yao@intel.com>; Fu, Siyuan
> > > <siyuan.fu@intel.com>; devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > <xiaoyux.lu@intel.com>; Kinney, Michael D
> > > <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>
> > > Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of
> > > Crypto Driver
> > >
> > > Jiewen,
> > >
> > > Do you mean remove the definition of the deprecated function and keep
> > > the NULL value in the protocol structure?
> > > I am not sure if that is a good idea. Because that would give the
> > > protocol a chance to call a NULL pointer.
> > >
> > > Siyuan,
> > >
> > > The binary would be totally different. Does that make sence?
> > >
> > > Thanks,
> > > Zhichao
> > >
> > > > -----Original Message-----
> > > > From: Yao, Jiewen
> > > > Sent: Saturday, April 25, 2020 9:48 PM
> > > > To: Fu, Siyuan <siyuan.fu@intel.com>; Gao, Zhichao
> > > > <zhichao.gao@intel.com>; devel@edk2.groups.io
> > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > <xiaoyux.lu@intel.com>;
> > > > Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> > > > <lersek@redhat.com>
> > > > Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version
> > > > of Crypto Driver
> > > >
> > > > Why not remove the deprecated functions ?
> > > >
> > > > Thank you
> > > > Yao Jiewen
> > > >
> > > > > -----Original Message-----
> > > > > From: Fu, Siyuan <siyuan.fu@intel.com>
> > > > > Sent: Saturday, April 25, 2020 5:45 PM
> > > > > To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
> > > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > > > <xiaoyux.lu@intel.com>; Kinney, Michael D
> > > > > <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > > > > Laszlo Ersek <lersek@redhat.com>
> > > > > Subject: RE: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version
> > > > > of Crypto Driver
> > > > >
> > > > > Hi, Zhichao
> > > > >
> > > > > This patch set doesn't add or remove any field in EDK II Crypto
> > > > > Protocol, but just change some API implementation to return false
> > > > > or unsupport, right? If so I don't think the Crypto Version need to be
> > increased.
> > > > >
> > > > > Best Regards
> > > > > Siyuan
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Gao, Zhichao <zhichao.gao@intel.com>
> > > > > > Sent: 2020年4月23日 16:46
> > > > > > To: devel@edk2.groups.io
> > > > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > > > > <xiaoyux.lu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>;
> > > > > > Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen
> > > > > > <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>
> > > > > > Subject: [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version
> > > > > > of Crypto Driver
> > > > > >
> > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> > > > > >
> > > > > > Update the Crypto Version to 7:
> > > > > > 1. Retire below deprecated functions:
> > > > > > MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
> > > > > >
> > > > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > > > > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > > Cc: Laszlo Ersek <lersek@redhat.com>
> > > > > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > > > > > ---
> > > > > > CryptoPkg/Private/Protocol/Crypto.h | 2 +-
> > > > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > > > >
> > > > > > diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> > > > > > b/CryptoPkg/Private/Protocol/Crypto.h
> > > > > > index 40c387e002..667ca1ef07 100644
> > > > > > --- a/CryptoPkg/Private/Protocol/Crypto.h
> > > > > > +++ b/CryptoPkg/Private/Protocol/Crypto.h
> > > > > > @@ -20,7 +20,7 @@
> > > > > > /// the EDK II Crypto Protocol is extended, this version define
> > > > > > must be /// increased.
> > > > > > ///
> > > > > > -#define EDKII_CRYPTO_VERSION 6
> > > > > > +#define EDKII_CRYPTO_VERSION 7
> > > > > >
> > > > > > ///
> > > > > > /// EDK II Crypto Protocol forward declaration
> > > > > > --
> > > > > > 2.21.0.windows.1
> > > >
> > >
> >
> >
> >
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [edk2-devel] [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (6 preceding siblings ...)
2020-04-23 8:46 ` [PATCH V2 7/7] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao
@ 2020-04-23 9:31 ` Yao, Jiewen
2020-04-23 9:58 ` Gao, Zhichao
2020-04-24 13:25 ` Laszlo Ersek
8 siblings, 1 reply; 17+ messages in thread
From: Yao, Jiewen @ 2020-04-23 9:31 UTC (permalink / raw)
To: devel@edk2.groups.io, Gao, Zhichao
Cc: Wang, Jian J, Lu, XiaoyuX, Fu, Siyuan, Kinney, Michael D,
Laszlo Ersek, Yao, Jiewen
Hello
I think there are lots of feedback in v1 patch review.
Would you please give a summary on how they are addressed in this v2 ?
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> Zhichao
> Sent: Thursday, April 23, 2020 4:46 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Fu, Siyuan <siyuan.fu@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Laszlo
> Ersek <lersek@redhat.com>
> Subject: [edk2-devel] [PATCH V2 0/7] CryptoPkg: Retire the deprecated
> functions
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
>
> Retire below deprecated functions:
> MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
>
> Update the Crypto Driver's version to indicate the binary change.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>
> Zhichao Gao (7):
> CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm
> CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
> CryptoPkg/Crypto.h: Update the version of Crypto Driver
>
> CryptoPkg/CryptoPkg.dsc | 46 +-
> CryptoPkg/Driver/Crypto.c | 62 +--
> CryptoPkg/Include/Library/BaseCryptLib.h | 481 ------------------
> .../Library/BaseCryptLib/BaseCryptLib.inf | 7 +-
> .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 -----
> .../BaseCryptLib/Cipher/CryptAesNull.c | 52 --
> .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 --------
> .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 -----
> .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 -------------
> .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 ------
> .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 --------
> .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ------
> .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 --------
> .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 -----
> .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 --------
> .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 -----
> .../Library/BaseCryptLib/PeiCryptLib.inf | 11 +-
> CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +-
> .../Library/BaseCryptLib/RuntimeCryptLib.inf | 11 +-
> .../Library/BaseCryptLib/SmmCryptLib.inf | 12 +-
> .../BaseCryptLibNull/BaseCryptLibNull.inf | 5 -
> .../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 --
> .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 -----
> .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 ------
> .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ------
> .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 -----
> .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 -----
> .../Library/Include/openssl/opensslconf.h | 9 +
> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 28 -
> .../Library/OpensslLib/OpensslLibCrypto.inf | 28 -
> CryptoPkg/Private/Protocol/Crypto.h | 2 +-
> 31 files changed, 75 insertions(+), 3486 deletions(-)
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
>
> --
> 2.21.0.windows.1
>
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [edk2-devel] [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions
2020-04-23 9:31 ` [edk2-devel] [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Yao, Jiewen
@ 2020-04-23 9:58 ` Gao, Zhichao
0 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-04-23 9:58 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, XiaoyuX, Fu, Siyuan, Kinney, Michael D,
Laszlo Ersek
OK.
Here is the main difference VS V1:
1. do not remove the field in the internal protocol structure:
a)directly call an assert function and return an error value.
b)change the related field value to 0 to indicate the function is unsupported any longer
2. remove the HMAC MD5 and HMAC SHA1
3. using OPENSSL_NO_MD4, OPENSSL_NO_RC4, OPENSSL_NO_DES to disable the build of related function. Remove the source file of MD4, ARC4, TDES, AES EBC source file in the OpensslLib.inf and OpensslLibCrypto.inf
4. do not contain the change of MD5 and SHA1 because the change need to change the platform code first. I would sent the patch after finish the change for platform code.
I know the V1 get lots of feedback about the protocol changes. See #1.
Thanks,
Zhichao
> -----Original Message-----
> From: Yao, Jiewen
> Sent: Thursday, April 23, 2020 5:31 PM
> To: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Fu, Siyuan <siyuan.fu@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen
> <jiewen.yao@intel.com>
> Subject: RE: [edk2-devel] [PATCH V2 0/7] CryptoPkg: Retire the deprecated
> functions
>
> Hello
> I think there are lots of feedback in v1 patch review.
>
> Would you please give a summary on how they are addressed in this v2 ?
>
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> > Zhichao
> > Sent: Thursday, April 23, 2020 4:46 PM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Kinney,
> > Michael D <michael.d.kinney@intel.com>; Yao, Jiewen
> > <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>
> > Subject: [edk2-devel] [PATCH V2 0/7] CryptoPkg: Retire the deprecated
> > functions
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> >
> > Retire below deprecated functions:
> > MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
> >
> > Update the Crypto Driver's version to indicate the binary change.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> >
> > Zhichao Gao (7):
> > CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> > CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> > CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> > CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> > CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm
> > CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
> > CryptoPkg/Crypto.h: Update the version of Crypto Driver
> >
> > CryptoPkg/CryptoPkg.dsc | 46 +-
> > CryptoPkg/Driver/Crypto.c | 62 +--
> > CryptoPkg/Include/Library/BaseCryptLib.h | 481 ------------------
> > .../Library/BaseCryptLib/BaseCryptLib.inf | 7 +-
> > .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 -----
> > .../BaseCryptLib/Cipher/CryptAesNull.c | 52 --
> > .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 --------
> > .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 -----
> > .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 -------------
> > .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 ------
> > .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 --------
> > .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ------
> > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 --------
> > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 -----
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 --------
> > .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 -----
> > .../Library/BaseCryptLib/PeiCryptLib.inf | 11 +-
> > CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +-
> > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 11 +-
> > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 +-
> > .../BaseCryptLibNull/BaseCryptLibNull.inf | 5 -
> > .../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 --
> > .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 -----
> > .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 ------
> > .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ------
> > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 -----
> > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 -----
> > .../Library/Include/openssl/opensslconf.h | 9 +
> > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 28 -
> > .../Library/OpensslLib/OpensslLibCrypto.inf | 28 -
> > CryptoPkg/Private/Protocol/Crypto.h | 2 +-
> > 31 files changed, 75 insertions(+), 3486 deletions(-) delete mode
> > 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
> > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
> > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
> > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
> >
> > --
> > 2.21.0.windows.1
> >
> >
> >
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions
2020-04-23 8:46 [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (7 preceding siblings ...)
2020-04-23 9:31 ` [edk2-devel] [PATCH V2 0/7] CryptoPkg: Retire the deprecated functions Yao, Jiewen
@ 2020-04-24 13:25 ` Laszlo Ersek
8 siblings, 0 replies; 17+ messages in thread
From: Laszlo Ersek @ 2020-04-24 13:25 UTC (permalink / raw)
To: Zhichao Gao, devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao
Hi Zhichao,
On 04/23/20 10:46, Zhichao Gao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
>
> Retire below deprecated functions:
> MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
>
> Update the Crypto Driver's version to indicate the binary change.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>
> Zhichao Gao (7):
> CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm
> CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
> CryptoPkg/Crypto.h: Update the version of Crypto Driver
I'm drowning in stuff to take care of; I cannot review this series.
Thanks for your understanding.
Laszlo
^ permalink raw reply [flat|nested] 17+ messages in thread