* [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions
@ 2020-05-15 4:39 Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 01/13] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm Gao, Zhichao
` (12 more replies)
0 siblings, 13 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude, Liming Gao
Retire below deprecated functions:
MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1.
V2:
Seprate the MD5 and SHA1 changes to other patch set.
Change the deprecated function wrapper implementatuion in
EDKII_CRYPTO_PROTOCOL to call a dummy function to print debug
message and assert.
V3:
Remove the missing part of deprecated functions in V2.
Change the name field in the EDKII_CRYPTO_PROTOCOL to indicate
the function is deprecated and unsupported.
V4:
Fixed some typos.
Separate the change of OpensslLib and make the change with
process_files.pl.
Moving the incorrect changes of AES_ECB from HAMC MD5 patch
to Aes Ecb one.
V5:
Fix incorrect symbol in patch #2.
Separate the patch #8 OpensslLib changes and create it thru
change the process_files.pl.
Change the incorrect Author Name of patch #2, #4, #6.
Add function comment for the deprecated functions for patch #2,
#4, #6, #8, #10, #11.
The V5 patch set can also view at the fork branch:
https://github.com/ZhichaoGao/edk2/commits/deprecated_algo
V6:
Change the line ending of opensslconfig.h in patch #3, #5, #7,
#9.
Add one more patch #12 to convert the line ending from '\n' to '\r\n'
to align the format and match the patch check.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Zhichao Gao (13):
CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm
CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
CryptoPkg/OpensslLib: Set MD4 disable in OpensslLib
CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib
CryptoPkg/BaseCryptLib: Retire the TDES algorithm
CryptoPkg/OpensslLib: Set TDES disable in OpensslLib
CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib
CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm
CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
CryptoPkg/opensslconf.h: Covert the file ending to dos format
CryptoPkg/Crypto.h: Update the version of Crypto Driver
CryptoPkg/CryptoPkg.dsc | 46 +-
CryptoPkg/Driver/Crypto.c | 599 +++------
CryptoPkg/Include/Library/BaseCryptLib.h | 809 ------------
.../Library/BaseCryptLib/BaseCryptLib.inf | 7 +-
.../Library/BaseCryptLib/Cipher/CryptAes.c | 114 --
.../BaseCryptLib/Cipher/CryptAesNull.c | 52 -
.../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ---
.../BaseCryptLib/Cipher/CryptArc4Null.c | 124 --
.../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------
.../BaseCryptLib/Cipher/CryptTdesNull.c | 160 ---
.../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ----
.../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 --
.../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ---
.../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 --
.../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ---
.../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 --
.../Library/BaseCryptLib/PeiCryptLib.inf | 11 +-
.../Library/BaseCryptLib/PeiCryptLib.uni | 8 +-
CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 11 +-
.../Library/BaseCryptLib/RuntimeCryptLib.uni | 8 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 12 +-
.../Library/BaseCryptLib/SmmCryptLib.uni | 8 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 5 -
.../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 -
.../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 --
.../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 ---
.../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 --
.../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 --
.../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 --
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 1157 ++---------------
.../Library/Include/openssl/opensslconf.h | 689 +++++-----
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 28 -
.../Library/OpensslLib/OpensslLibCrypto.inf | 28 -
CryptoPkg/Library/OpensslLib/process_files.pl | 4 +
CryptoPkg/Private/Protocol/Crypto.h | 709 ++--------
36 files changed, 793 insertions(+), 6205 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
--
2.21.0.windows.1
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH V6 01/13] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 02/13] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
` (11 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Add a internal worker function to indicate the deprecated functions.
It would print out debug messages and asserts to inform the consumer
they are using a deprecated function.
Change the Name of BaseCryptLibServciceNotEnabled to correct spelling
BaseCryptLibServiceNotEnabled.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/Driver/Crypto.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 35bf2d3d92..ed0083cccf 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -41,7 +41,7 @@
#define CALL_BASECRYPTLIB(Enable, Function, Args, ErrorReturnValue) \
EDKII_CRYPTO_PCD->Enable \
? Function Args \
- : (BaseCryptLibServciceNotEnabled (#Function), ErrorReturnValue)
+ : (BaseCryptLibServiceNotEnabled (#Function), ErrorReturnValue)
/**
A macro used to call a void BaseCryptLib function if it is enabled.
@@ -61,7 +61,7 @@
#define CALL_VOID_BASECRYPTLIB(Enable, Function, Args) \
EDKII_CRYPTO_PCD->Enable \
? Function Args \
- : BaseCryptLibServciceNotEnabled (#Function)
+ : BaseCryptLibServiceNotEnabled (#Function)
/**
Internal worker function that prints a debug message and asserts if a call is
@@ -78,7 +78,7 @@
**/
static
VOID
-BaseCryptLibServciceNotEnabled (
+BaseCryptLibServiceNotEnabled (
IN CONST CHAR8 *FunctionName
)
{
@@ -86,6 +86,24 @@ BaseCryptLibServciceNotEnabled (
ASSERT_EFI_ERROR (EFI_UNSUPPORTED);
}
+/**
+ Internal worker function that prints a debug message and asserts if a call is
+ made to a BaseCryptLib function that is deprecated and unsupported any longer.
+
+ @param[in] FunctionName Null-terminated ASCII string that is the name of an
+ EDK II Crypto service.
+
+**/
+static
+VOID
+BaseCryptLibServiceDeprecated (
+ IN CONST CHAR8 *FunctionName
+ )
+{
+ DEBUG ((DEBUG_ERROR, "[%a] Function %a() is deprecated and unsupported any longer\n", gEfiCallerBaseName, FunctionName));
+ ASSERT_EFI_ERROR (EFI_UNSUPPORTED);
+}
+
/**
Returns the version of the EDK II Crypto Protocol.
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 02/13] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 01/13] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 03/13] CryptoPkg/OpensslLib: Set MD4 disable in OpensslLib Gao, Zhichao
` (10 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
MD4 is not secure any longer.
Remove the MD4 support from edk2.
Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 1 -
CryptoPkg/Driver/Crypto.c | 100 +++-----
CryptoPkg/Include/Library/BaseCryptLib.h | 145 ------------
.../Library/BaseCryptLib/BaseCryptLib.inf | 3 +-
.../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------------------
.../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 5 +-
.../Library/BaseCryptLib/PeiCryptLib.uni | 6 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +-
.../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 5 +-
.../Library/BaseCryptLib/SmmCryptLib.uni | 6 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 -----------
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 158 -------------
CryptoPkg/Private/Protocol/Crypto.h | 123 ++--------
16 files changed, 62 insertions(+), 1011 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index f79ff331cf..6ed7046563 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -140,7 +140,6 @@
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index ed0083cccf..53ee0edea5 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -124,161 +124,123 @@ CryptoServiceGetCryptoVersion (
//=====================================================================================
/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
+ MD4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for MD4 hash operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
-CryptoServiceMd4GetContextSize (
+DeprecatedCryptoServiceMd4GetContextSize (
VOID
)
{
- return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, Md4GetContextSize, (), 0);
+ return BaseCryptLibServiceDeprecated ("Md4GetContextSize"), 0;
}
/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ MD4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[out] Md4Context Pointer to MD4 context being initialized.
- @retval TRUE MD4 context initialization succeeded.
- @retval FALSE MD4 context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceMd4Init (
+DeprecatedCryptoServiceMd4Init (
OUT VOID *Md4Context
)
{
- return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), FALSE);
+ return BaseCryptLibServiceDeprecated ("Md4Init"), FALSE;
}
/**
- Makes a copy of an existing MD4 context.
-
- If Md4Context is NULL, then return FALSE.
- If NewMd4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ MD4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
- @retval TRUE MD4 context copy succeeded.
- @retval FALSE MD4 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceMd4Duplicate (
+DeprecatedCryptoServiceMd4Duplicate (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
)
{
- return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, (Md4Context, NewMd4Context), FALSE);
+ return BaseCryptLibServiceDeprecated ("Md4Duplicate"), FALSE;
}
/**
- Digests the input data and updates MD4 context.
-
- This function performs MD4 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
- by Md4Final(). Behavior with invalid context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ MD4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
- @retval TRUE MD4 data digest succeeded.
- @retval FALSE MD4 data digest failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceMd4Update (
+DeprecatedCryptoServiceMd4Update (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
- return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, (Md4Context, Data, DataSize), FALSE);
+ return BaseCryptLibServiceDeprecated ("Md4Update"), FALSE;
}
/**
- Completes computation of the MD4 digest value.
-
- This function completes MD4 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the MD4 context cannot
- be used again.
- MD4 context should be already correctly initialized by Md4Init(), and should not be
- finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If HashValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ MD4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceMd4Final (
+DeprecatedCryptoServiceMd4Final (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
)
{
- return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, HashValue), FALSE);
+ return BaseCryptLibServiceDeprecated ("Md4Final"), FALSE;
}
/**
- Computes the MD4 message digest of a input data buffer.
-
- This function performs the MD4 message digest of a given data buffer, and places
- the digest value into the specified memory.
-
- If this interface is not supported, then return FALSE.
+ MD4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceMd4HashAll (
+DeprecatedCryptoServiceMd4HashAll (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
)
{
- return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, DataSize, HashValue), FALSE);
+ return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE;
}
/**
@@ -4440,13 +4402,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceHmacSha256Duplicate,
CryptoServiceHmacSha256Update,
CryptoServiceHmacSha256Final,
- /// Md4
- CryptoServiceMd4GetContextSize,
- CryptoServiceMd4Init,
- CryptoServiceMd4Duplicate,
- CryptoServiceMd4Update,
- CryptoServiceMd4Final,
- CryptoServiceMd4HashAll,
+ /// Md4 - deprecated and unsupported
+ DeprecatedCryptoServiceMd4GetContextSize,
+ DeprecatedCryptoServiceMd4Init,
+ DeprecatedCryptoServiceMd4Duplicate,
+ DeprecatedCryptoServiceMd4Update,
+ DeprecatedCryptoServiceMd4Final,
+ DeprecatedCryptoServiceMd4HashAll,
/// Md5
CryptoServiceMd5GetContextSize,
CryptoServiceMd5Init,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 5e8f2e0a10..c862f0334f 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Uefi/UefiBaseType.h>
-///
-/// MD4 digest size in bytes
-///
-#define MD4_DIGEST_SIZE 16
-
///
/// MD5 digest size in bytes
///
@@ -77,146 +72,6 @@ typedef enum {
// One-Way Cryptographic Hash Primitives
//=====================================================================================
-/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for MD4 hash operations.
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
- VOID
- );
-
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval TRUE MD4 context initialization succeeded.
- @retval FALSE MD4 context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
- OUT VOID *Md4Context
- );
-
-/**
- Makes a copy of an existing MD4 context.
-
- If Md4Context is NULL, then return FALSE.
- If NewMd4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval TRUE MD4 context copy succeeded.
- @retval FALSE MD4 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
- IN CONST VOID *Md4Context,
- OUT VOID *NewMd4Context
- );
-
-/**
- Digests the input data and updates MD4 context.
-
- This function performs MD4 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
- by Md4Final(). Behavior with invalid context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE MD4 data digest succeeded.
- @retval FALSE MD4 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
- IN OUT VOID *Md4Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Completes computation of the MD4 digest value.
-
- This function completes MD4 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the MD4 context cannot
- be used again.
- MD4 context should be already correctly initialized by Md4Init(), and should not be
- finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If HashValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
- IN OUT VOID *Md4Context,
- OUT UINT8 *HashValue
- );
-
-/**
- Computes the MD4 message digest of a input data buffer.
-
- This function performs the MD4 message digest of a given data buffer, and places
- the digest value into the specified memory.
-
- If this interface is not supported, then return FALSE.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
- IN CONST VOID *Data,
- IN UINTN DataSize,
- OUT UINT8 *HashValue
- );
-
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index a63ad66b4f..22992e7d43 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -6,7 +6,7 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -29,7 +29,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
deleted file mode 100644
index bc02da07b0..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/** @file
- MD4 Digest Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/md4.h>
-
-/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
-
- @return The size, in bytes, of the context buffer required for MD4 hash operations.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
- VOID
- )
-{
- //
- // Retrieves the OpenSSL MD4 Context Size
- //
- return (UINTN) (sizeof (MD4_CTX));
-}
-
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- If Md4Context is NULL, then return FALSE.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval TRUE MD4 context initialization succeeded.
- @retval FALSE MD4 context initialization failed.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
- OUT VOID *Md4Context
- )
-{
- //
- // Check input parameters.
- //
- if (Md4Context == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL MD4 Context Initialization
- //
- return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context));
-}
-
-/**
- Makes a copy of an existing MD4 context.
-
- If Md4Context is NULL, then return FALSE.
- If NewMd4Context is NULL, then return FALSE.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval TRUE MD4 context copy succeeded.
- @retval FALSE MD4 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
- IN CONST VOID *Md4Context,
- OUT VOID *NewMd4Context
- )
-{
- //
- // Check input parameters.
- //
- if (Md4Context == NULL || NewMd4Context == NULL) {
- return FALSE;
- }
-
- CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX));
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates MD4 context.
-
- This function performs MD4 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
- by Md4Final(). Behavior with invalid context is undefined.
-
- If Md4Context is NULL, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE MD4 data digest succeeded.
- @retval FALSE MD4 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
- IN OUT VOID *Md4Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (Md4Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL MD4 Hash Update
- //
- return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize));
-}
-
-/**
- Completes computation of the MD4 digest value.
-
- This function completes MD4 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the MD4 context cannot
- be used again.
- MD4 context should be already correctly initialized by Md4Init(), and should not be
- finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If HashValue is NULL, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
- IN OUT VOID *Md4Context,
- OUT UINT8 *HashValue
- )
-{
- //
- // Check input parameters.
- //
- if (Md4Context == NULL || HashValue == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL MD4 Hash Finalization
- //
- return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context));
-}
-
-/**
- Computes the MD4 message digest of a input data buffer.
-
- This function performs the MD4 message digest of a given data buffer, and places
- the digest value into the specified memory.
-
- If this interface is not supported, then return FALSE.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
- IN CONST VOID *Data,
- IN UINTN DataSize,
- OUT UINT8 *HashValue
- )
-{
- //
- // Check input parameters.
- //
- if (HashValue == NULL) {
- return FALSE;
- }
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL MD4 Hash Computation.
- //
- if (MD4 (Data, DataSize, HashValue) == NULL) {
- return FALSE;
- } else {
- return TRUE;
- }
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
deleted file mode 100644
index 610c61c713..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/** @file
- MD4 Digest Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash
- operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
- OUT VOID *Md4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing MD4 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
- IN CONST VOID *Md4Context,
- OUT VOID *NewMd4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates MD4 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
- IN OUT VOID *Md4Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the MD4 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
- IN OUT VOID *Md4Context,
- OUT UINT8 *HashValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Computes the MD4 message digest of a input data buffer.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
- IN CONST VOID *Data,
- IN UINTN DataSize,
- OUT UINT8 *HashValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index c836c257f8..e9add0127d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -6,14 +6,14 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Note: MD4 Digest functions,
+# Note:
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
# supported in this instance.
#
-# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -35,7 +35,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index 9937555beb..374bfb3f65 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -6,13 +6,13 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
+// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
// generator functions are not supported in this instance.
//
-// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
@@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index e5b8ececc1..0a2eb03232 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -6,12 +6,12 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
+# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -35,7 +35,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index c0a16f1b84..b6d751176e 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -6,12 +6,12 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
+// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
-// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index cc0b65fd25..139983075e 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -6,12 +6,12 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
+# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
-# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -34,7 +34,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index 83485fbb90..b8d7953d2b 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -6,12 +6,12 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
+// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
-// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 9b4991cbb0..b03681b146 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -29,7 +29,6 @@
[Sources]
InternalCryptLib.h
- Hash/CryptMd4Null.c
Hash/CryptMd5Null.c
Hash/CryptSha1Null.c
Hash/CryptSha256Null.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
deleted file mode 100644
index 610c61c713..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/** @file
- MD4 Digest Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash
- operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
- OUT VOID *Md4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing MD4 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
- IN CONST VOID *Md4Context,
- OUT VOID *NewMd4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates MD4 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
- IN OUT VOID *Md4Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the MD4 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
- IN OUT VOID *Md4Context,
- OUT UINT8 *HashValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Computes the MD4 message digest of a input data buffer.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
- IN CONST VOID *Data,
- IN UINTN DataSize,
- OUT UINT8 *HashValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index c2a1df9afc..5e470028f4 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -99,164 +99,6 @@ CryptoServiceNotAvailable (
// One-Way Cryptographic Hash Primitives
//=====================================================================================
-/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for MD4 hash operations.
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Md4GetContextSize (
- VOID
- )
-{
- CALL_CRYPTO_SERVICE (Md4GetContextSize, (), 0);
-}
-
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval TRUE MD4 context initialization succeeded.
- @retval FALSE MD4 context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Init (
- OUT VOID *Md4Context
- )
-{
- CALL_CRYPTO_SERVICE (Md4Init, (Md4Context), FALSE);
-}
-
-/**
- Makes a copy of an existing MD4 context.
-
- If Md4Context is NULL, then return FALSE.
- If NewMd4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval TRUE MD4 context copy succeeded.
- @retval FALSE MD4 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Duplicate (
- IN CONST VOID *Md4Context,
- OUT VOID *NewMd4Context
- )
-{
- CALL_CRYPTO_SERVICE (Md4Duplicate, (Md4Context, NewMd4Context), FALSE);
-}
-
-/**
- Digests the input data and updates MD4 context.
-
- This function performs MD4 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
- by Md4Final(). Behavior with invalid context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE MD4 data digest succeeded.
- @retval FALSE MD4 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Update (
- IN OUT VOID *Md4Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- CALL_CRYPTO_SERVICE (Md4Update, (Md4Context, Data, DataSize), FALSE);
-}
-
-/**
- Completes computation of the MD4 digest value.
-
- This function completes MD4 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the MD4 context cannot
- be used again.
- MD4 context should be already correctly initialized by Md4Init(), and should not be
- finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If HashValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4Final (
- IN OUT VOID *Md4Context,
- OUT UINT8 *HashValue
- )
-{
- CALL_CRYPTO_SERVICE (Md4Final, (Md4Context, HashValue), FALSE);
-}
-
-/**
- Computes the MD4 message digest of a input data buffer.
-
- This function performs the MD4 message digest of a given data buffer, and places
- the digest value into the specified memory.
-
- If this interface is not supported, then return FALSE.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Md4HashAll (
- IN CONST VOID *Data,
- IN UINTN DataSize,
- OUT UINT8 *HashValue
- )
-{
- CALL_CRYPTO_SERVICE (Md4HashAll, (Data, DataSize, HashValue), FALSE);
-}
-
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index 40c387e002..ae0f29695c 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -451,145 +451,52 @@ BOOLEAN
//=====================================================================================
/**
- Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for MD4 hash operations.
- @retval 0 This interface is not supported.
+ MD4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
UINTN
-(EFIAPI *EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) (
VOID
);
-/**
- Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
- subsequent use.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] Md4Context Pointer to MD4 context being initialized.
-
- @retval TRUE MD4 context initialization succeeded.
- @retval FALSE MD4 context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_MD4_INIT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_INIT) (
OUT VOID *Md4Context
);
-/**
- Makes a copy of an existing MD4 context.
-
- If Md4Context is NULL, then return FALSE.
- If NewMd4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] Md4Context Pointer to MD4 context being copied.
- @param[out] NewMd4Context Pointer to new MD4 context.
-
- @retval TRUE MD4 context copy succeeded.
- @retval FALSE MD4 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_MD4_DUPLICATE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE) (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
);
-/**
- Digests the input data and updates MD4 context.
-
- This function performs MD4 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
- by Md4Final(). Behavior with invalid context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE MD4 data digest succeeded.
- @retval FALSE MD4 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_MD4_UPDATE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_UPDATE) (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
);
-/**
- Completes computation of the MD4 digest value.
-
- This function completes MD4 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the MD4 context cannot
- be used again.
- MD4 context should be already correctly initialized by Md4Init(), and should not be
- finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
-
- If Md4Context is NULL, then return FALSE.
- If HashValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Md4Context Pointer to the MD4 context.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_MD4_FINAL) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_FINAL) (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
);
-/**
- Computes the MD4 message digest of a input data buffer.
-
- This function performs the MD4 message digest of a given data buffer, and places
- the digest value into the specified memory.
-
- If this interface is not supported, then return FALSE.
-
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
- @param[out] HashValue Pointer to a buffer that receives the MD4 digest
- value (16 bytes).
-
- @retval TRUE MD4 digest computation succeeded.
- @retval FALSE MD4 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_MD4_HASH_ALL) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL) (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
@@ -4007,13 +3914,13 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;
EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;
EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;
- /// Md4
- EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE Md4GetContextSize;
- EDKII_CRYPTO_MD4_INIT Md4Init;
- EDKII_CRYPTO_MD4_DUPLICATE Md4Duplicate;
- EDKII_CRYPTO_MD4_UPDATE Md4Update;
- EDKII_CRYPTO_MD4_FINAL Md4Final;
- EDKII_CRYPTO_MD4_HASH_ALL Md4HashAll;
+ /// Md4 - deprecated and unsupported
+ DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetContextSize;
+ DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;
+ DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE DeprecatedMd4Duplicate;
+ DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update;
+ DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final;
+ DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll;
/// Md5
EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize;
EDKII_CRYPTO_MD5_INIT Md5Init;
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 03/13] CryptoPkg/OpensslLib: Set MD4 disable in OpensslLib
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 01/13] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 02/13] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 04/13] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
` (9 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
This patch is create by adding the setting "no_md4" of
process_files.pl and running it thru perl.
It would remove the MD4 from OpensslLib.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
V6:
Change the line ending of opensslconfig.h from '\n'
to '\r\n'.
CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 ---
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 3 ---
CryptoPkg/Library/OpensslLib/process_files.pl | 1 +
4 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index bd34e53ef2..70d24f99ac 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -61,6 +61,9 @@ extern "C" {
#ifndef OPENSSL_NO_MD2
# define OPENSSL_NO_MD2
#endif
+#ifndef OPENSSL_NO_MD4
+# define OPENSSL_NO_MD4
+#endif
#ifndef OPENSSL_NO_MDC2
# define OPENSSL_NO_MDC2
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 9ed0175553..10710e4a7c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -294,8 +294,6 @@
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
$(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
- $(OPENSSL_PATH)/crypto/md4/md4_one.c
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
@@ -525,7 +523,6 @@
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
$(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
$(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
$(OPENSSL_PATH)/crypto/md5/md5_locl.h
$(OPENSSL_PATH)/crypto/modes/modes_lcl.h
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 03da266627..d9782a3098 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -294,8 +294,6 @@
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
$(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
- $(OPENSSL_PATH)/crypto/md4/md4_one.c
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
@@ -525,7 +523,6 @@
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
$(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
$(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
$(OPENSSL_PATH)/crypto/md5/md5_locl.h
$(OPENSSL_PATH)/crypto/modes/modes_lcl.h
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 4ba25da407..bd4a84da24 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -73,6 +73,7 @@ BEGIN {
"no-gost",
"no-hw",
"no-idea",
+ "no-md4",
"no-mdc2",
"no-pic",
"no-ocb",
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 04/13] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (2 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 03/13] CryptoPkg/OpensslLib: Set MD4 disable in OpensslLib Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 05/13] CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib Gao, Zhichao
` (8 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
ARC4 is not secure any longer.
Remove the ARC4 support from edk2.
Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/Driver/Crypto.c | 95 +++-----
CryptoPkg/Include/Library/BaseCryptLib.h | 132 -----------
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------------------
.../BaseCryptLib/Cipher/CryptArc4Null.c | 124 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/PeiCryptLib.uni | 4 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.uni | 4 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 -----------
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 147 -------------
CryptoPkg/Private/Protocol/Crypto.h | 115 ++--------
15 files changed, 48 insertions(+), 917 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 53ee0edea5..af61482919 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -2037,150 +2037,107 @@ CryptoServiceAesCbcDecrypt (
}
/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- If this interface is not supported, then return zero.
+ ARC4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
- @return The size, in bytes, of the context buffer required for ARC4 operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
-CryptoServiceArc4GetContextSize (
+DeprecatedCryptoServiceArc4GetContextSize (
VOID
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize, Arc4GetContextSize, (), 0);
+ return BaseCryptLibServiceDeprecated ("Arc4GetContextSize"), 0;
}
/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
- In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
- operations.
-
- If Arc4Context is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeySize does not in the range of [5, 256] bytes, then return FALSE.
- If this interface is not supported, then return FALSE.
+ ARC4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[out] Arc4Context Pointer to ARC4 context being initialized.
@param[in] Key Pointer to the user-supplied ARC4 key.
@param[in] KeySize Size of ARC4 key in bytes.
- @retval TRUE ARC4 context initialization succeeded.
- @retval FALSE ARC4 context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceArc4Init (
+DeprecatedCryptoServiceArc4Init (
OUT VOID *Arc4Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, Key, KeySize), FALSE);
+ return BaseCryptLibServiceDeprecated ("Arc4Init"), FALSE;
}
/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- This function performs ARC4 encryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ ARC4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
- @retval TRUE ARC4 encryption succeeded.
- @retval FALSE ARC4 encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceArc4Encrypt (
+DeprecatedCryptoServiceArc4Encrypt (
IN OUT VOID *Arc4Context,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Context, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("Arc4Encrypt"), FALSE;
}
/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- This function performs ARC4 decryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ ARC4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
- @retval TRUE ARC4 decryption succeeded.
- @retval FALSE ARC4 decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceArc4Decrypt (
+DeprecatedCryptoServiceArc4Decrypt (
IN OUT VOID *Arc4Context,
IN UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Context, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("Arc4Decrypt"), FALSE;
}
/**
- Resets the ARC4 context to the initial state.
-
- The function resets the ARC4 context to the state it had immediately after the
- ARC4Init() function call.
- Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
- should be already correctly initialized by ARC4Init().
-
- If Arc4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ ARC4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in, out] Arc4Context Pointer to the ARC4 context.
- @retval TRUE ARC4 reset succeeded.
- @retval FALSE ARC4 reset failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceArc4Reset (
+DeprecatedCryptoServiceArc4Reset (
IN OUT VOID *Arc4Context
)
{
- return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context), FALSE);
+ return BaseCryptLibServiceDeprecated ("Arc4Reset"), FALSE;
}
//=====================================================================================
@@ -4502,12 +4459,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceAesEcbDecrypt,
CryptoServiceAesCbcEncrypt,
CryptoServiceAesCbcDecrypt,
- /// Arc4
- CryptoServiceArc4GetContextSize,
- CryptoServiceArc4Init,
- CryptoServiceArc4Encrypt,
- CryptoServiceArc4Decrypt,
- CryptoServiceArc4Reset,
+ /// Arc4 - deprecated and unsupported
+ DeprecatedCryptoServiceArc4GetContextSize,
+ DeprecatedCryptoServiceArc4Init,
+ DeprecatedCryptoServiceArc4Encrypt,
+ DeprecatedCryptoServiceArc4Decrypt,
+ DeprecatedCryptoServiceArc4Reset,
/// SM3
CryptoServiceSm3GetContextSize,
CryptoServiceSm3Init,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index c862f0334f..25e236c4a3 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1667,138 +1667,6 @@ AesCbcDecrypt (
OUT UINT8 *Output
);
-/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for ARC4 operations.
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Arc4GetContextSize (
- VOID
- );
-
-/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
- In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
- operations.
-
- If Arc4Context is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeySize does not in the range of [5, 256] bytes, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] Arc4Context Pointer to ARC4 context being initialized.
- @param[in] Key Pointer to the user-supplied ARC4 key.
- @param[in] KeySize Size of ARC4 key in bytes.
-
- @retval TRUE ARC4 context initialization succeeded.
- @retval FALSE ARC4 context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Init (
- OUT VOID *Arc4Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- );
-
-/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- This function performs ARC4 encryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
-
- @retval TRUE ARC4 encryption succeeded.
- @retval FALSE ARC4 encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Encrypt (
- IN OUT VOID *Arc4Context,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- This function performs ARC4 decryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
-
- @retval TRUE ARC4 decryption succeeded.
- @retval FALSE ARC4 decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Decrypt (
- IN OUT VOID *Arc4Context,
- IN UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Resets the ARC4 context to the initial state.
-
- The function resets the ARC4 context to the state it had immediately after the
- ARC4Init() function call.
- Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
- should be already correctly initialized by ARC4Init().
-
- If Arc4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
-
- @retval TRUE ARC4 reset succeeded.
- @retval FALSE ARC4 reset failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Reset (
- IN OUT VOID *Arc4Context
- );
-
//=====================================================================================
// Asymmetric Cryptography Primitive
//=====================================================================================
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 22992e7d43..da38ea552f 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -40,7 +40,6 @@
Kdf/CryptHkdf.c
Cipher/CryptAes.c
Cipher/CryptTdes.c
- Cipher/CryptArc4.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExt.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
deleted file mode 100644
index 388d312bed..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/** @file
- ARC4 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/rc4.h>
-
-/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- @return The size, in bytes, of the context buffer required for ARC4 operations.
-
-**/
-UINTN
-EFIAPI
-Arc4GetContextSize (
- VOID
- )
-{
- //
- // Memory for 2 copies of RC4_KEY is allocated, one for working copy, and the other
- // for backup copy. When Arc4Reset() is called, we can use the backup copy to restore
- // the working copy to the initial state.
- //
- return (UINTN) (2 * sizeof (RC4_KEY));
-}
-
-/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
- In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
- operations.
-
- If Arc4Context is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeySize does not in the range of [5, 256] bytes, then return FALSE.
-
- @param[out] Arc4Context Pointer to ARC4 context being initialized.
- @param[in] Key Pointer to the user-supplied ARC4 key.
- @param[in] KeySize Size of ARC4 key in bytes.
-
- @retval TRUE ARC4 context initialization succeeded.
- @retval FALSE ARC4 context initialization failed.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Init (
- OUT VOID *Arc4Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- RC4_KEY *Rc4Key;
-
- //
- // Check input parameters.
- //
- if (Arc4Context == NULL || Key == NULL || (KeySize < 5 || KeySize > 256)) {
- return FALSE;
- }
-
- Rc4Key = (RC4_KEY *) Arc4Context;
-
- RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
-
- CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY));
-
- return TRUE;
-}
-
-/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- This function performs ARC4 encryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
-
- @retval TRUE ARC4 encryption succeeded.
- @retval FALSE ARC4 encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Encrypt (
- IN OUT VOID *Arc4Context,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- RC4_KEY *Rc4Key;
-
- //
- // Check input parameters.
- //
- if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- Rc4Key = (RC4_KEY *) Arc4Context;
-
- RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
-
- return TRUE;
-}
-
-/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- This function performs ARC4 decryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
-
- @retval TRUE ARC4 decryption succeeded.
- @retval FALSE ARC4 decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Decrypt (
- IN OUT VOID *Arc4Context,
- IN UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- RC4_KEY *Rc4Key;
-
- //
- // Check input parameters.
- //
- if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- Rc4Key = (RC4_KEY *) Arc4Context;
-
- RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
-
- return TRUE;
-}
-
-/**
- Resets the ARC4 context to the initial state.
-
- The function resets the ARC4 context to the state it had immediately after the
- ARC4Init() function call.
- Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
- should be already correctly initialized by ARC4Init().
-
- If Arc4Context is NULL, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
-
- @retval TRUE ARC4 reset succeeded.
- @retval FALSE ARC4 reset failed.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Reset (
- IN OUT VOID *Arc4Context
- )
-{
- RC4_KEY *Rc4Key;
-
- //
- // Check input parameters.
- //
- if (Arc4Context == NULL) {
- return FALSE;
- }
-
- Rc4Key = (RC4_KEY *) Arc4Context;
-
- CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY));
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
deleted file mode 100644
index 1f09bfa30e..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/** @file
- ARC4 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-
-**/
-UINTN
-EFIAPI
-Arc4GetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] Arc4Context Pointer to ARC4 context being initialized.
- @param[in] Key Pointer to the user-supplied ARC4 key.
- @param[in] KeySize Size of ARC4 key in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Init (
- OUT VOID *Arc4Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Encrypt (
- IN OUT VOID *Arc4Context,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Decrypt (
- IN OUT VOID *Arc4Context,
- IN UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Resets the ARC4 context to the initial state.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Reset (
- IN OUT VOID *Arc4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index e9add0127d..f43953b78c 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -46,7 +46,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
- Cipher/CryptArc4Null.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index 374bfb3f65..5abd8e8dfb 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -7,7 +7,7 @@
// buffer overflow or integer overflow.
//
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
+// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
// generator functions are not supported in this instance.
@@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 0a2eb03232..f1eb099b67 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -46,7 +46,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
- Cipher/CryptArc4Null.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index b6d751176e..5a48d2a308 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -7,7 +7,7 @@
// buffer overflow or integer overflow.
//
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
+// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 139983075e..3a94655775 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -45,7 +45,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
Cipher/CryptTdesNull.c
- Cipher/CryptArc4Null.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index b8d7953d2b..0561f107e8 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -7,7 +7,7 @@
// buffer overflow or integer overflow.
//
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
+// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index b03681b146..a205c9005d 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -40,7 +40,6 @@
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
Cipher/CryptTdesNull.c
- Cipher/CryptArc4Null.c
Pk/CryptRsaBasicNull.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
deleted file mode 100644
index 1f09bfa30e..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/** @file
- ARC4 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-
-**/
-UINTN
-EFIAPI
-Arc4GetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] Arc4Context Pointer to ARC4 context being initialized.
- @param[in] Key Pointer to the user-supplied ARC4 key.
- @param[in] KeySize Size of ARC4 key in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Init (
- OUT VOID *Arc4Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Encrypt (
- IN OUT VOID *Arc4Context,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Decrypt (
- IN OUT VOID *Arc4Context,
- IN UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Resets the ARC4 context to the initial state.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Reset (
- IN OUT VOID *Arc4Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 5e470028f4..77915bdb86 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1892,153 +1892,6 @@ AesCbcDecrypt (
CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ivec, Output), FALSE);
}
-/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for ARC4 operations.
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-Arc4GetContextSize (
- VOID
- )
-{
- CALL_CRYPTO_SERVICE (Arc4GetContextSize, (), 0);
-}
-
-/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
- In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
- operations.
-
- If Arc4Context is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeySize does not in the range of [5, 256] bytes, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] Arc4Context Pointer to ARC4 context being initialized.
- @param[in] Key Pointer to the user-supplied ARC4 key.
- @param[in] KeySize Size of ARC4 key in bytes.
-
- @retval TRUE ARC4 context initialization succeeded.
- @retval FALSE ARC4 context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Init (
- OUT VOID *Arc4Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- CALL_CRYPTO_SERVICE (Arc4Init, (Arc4Context, Key, KeySize), FALSE);
-}
-
-/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- This function performs ARC4 encryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
-
- @retval TRUE ARC4 encryption succeeded.
- @retval FALSE ARC4 encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Encrypt (
- IN OUT VOID *Arc4Context,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (Arc4Encrypt, (Arc4Context, Input, InputSize, Output), FALSE);
-}
-
-/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- This function performs ARC4 decryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
-
- @retval TRUE ARC4 decryption succeeded.
- @retval FALSE ARC4 decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Decrypt (
- IN OUT VOID *Arc4Context,
- IN UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (Arc4Decrypt, (Arc4Context, Input, InputSize, Output), FALSE);
-}
-
-/**
- Resets the ARC4 context to the initial state.
-
- The function resets the ARC4 context to the state it had immediately after the
- ARC4Init() function call.
- Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
- should be already correctly initialized by ARC4Init().
-
- If Arc4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
-
- @retval TRUE ARC4 reset succeeded.
- @retval FALSE ARC4 reset failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-Arc4Reset (
- IN OUT VOID *Arc4Context
- )
-{
- CALL_CRYPTO_SERVICE (Arc4Reset, (Arc4Context), FALSE);
-}
-
//=====================================================================================
// Asymmetric Cryptography Primitive
//=====================================================================================
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index ae0f29695c..f36c5c1aff 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -2785,134 +2785,45 @@ BOOLEAN
);
/**
- Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for ARC4 operations.
- @retval 0 This interface is not supported.
+ ARC4 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
UINTN
-(EFIAPI *EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) (
VOID
);
-/**
- Initializes user-supplied memory as ARC4 context for subsequent use.
-
- This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
- In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
- operations.
-
- If Arc4Context is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeySize does not in the range of [5, 256] bytes, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] Arc4Context Pointer to ARC4 context being initialized.
- @param[in] Key Pointer to the user-supplied ARC4 key.
- @param[in] KeySize Size of ARC4 key in bytes.
-
- @retval TRUE ARC4 context initialization succeeded.
- @retval FALSE ARC4 context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_ARC4_INIT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_INIT) (
OUT VOID *Arc4Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
);
-/**
- Performs ARC4 encryption on a data buffer of the specified size.
-
- This function performs ARC4 encryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
-
- @retval TRUE ARC4 encryption succeeded.
- @retval FALSE ARC4 encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_ARC4_ENCRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT) (
IN OUT VOID *Arc4Context,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
-/**
- Performs ARC4 decryption on a data buffer of the specified size.
-
- This function performs ARC4 decryption on data buffer pointed by Input, of specified
- size of InputSize.
- Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
- invalid ARC4 context is undefined.
-
- If Arc4Context is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
-
- @retval TRUE ARC4 decryption succeeded.
- @retval FALSE ARC4 decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_ARC4_DECRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT) (
IN OUT VOID *Arc4Context,
IN UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
-/**
- Resets the ARC4 context to the initial state.
-
- The function resets the ARC4 context to the state it had immediately after the
- ARC4Init() function call.
- Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
- should be already correctly initialized by ARC4Init().
-
- If Arc4Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] Arc4Context Pointer to the ARC4 context.
-
- @retval TRUE ARC4 reset succeeded.
- @retval FALSE ARC4 reset failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_ARC4_RESET) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_RESET) (
IN OUT VOID *Arc4Context
);
@@ -4014,12 +3925,12 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt;
EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt;
EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt;
- /// Arc4
- EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE Arc4GetContextSize;
- EDKII_CRYPTO_ARC4_INIT Arc4Init;
- EDKII_CRYPTO_ARC4_ENCRYPT Arc4Encrypt;
- EDKII_CRYPTO_ARC4_DECRYPT Arc4Decrypt;
- EDKII_CRYPTO_ARC4_RESET Arc4Reset;
+ /// Arc4 - deprecated and unsupported
+ DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE DeprecatedArc4GetContextSize;
+ DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init;
+ DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encrypt;
+ DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decrypt;
+ DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset;
/// SM3
EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize;
EDKII_CRYPTO_SM3_INIT Sm3Init;
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 05/13] CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (3 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 04/13] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 06/13] CryptoPkg/BaseCryptLib: Retire the TDES algorithm Gao, Zhichao
` (7 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
This patch is create by adding the setting "no_rc4" of
process_files.pl and running it thru perl.
It would remove the ARC4 from OpensslLib.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
V6:
Change the line ending of opensslconfig.h from '\n'
to '\r\n'.
CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 ---
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 3 ---
CryptoPkg/Library/OpensslLib/process_files.pl | 1 +
4 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 70d24f99ac..f55b27ae81 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -73,6 +73,9 @@ extern "C" {
#ifndef OPENSSL_NO_RC2
# define OPENSSL_NO_RC2
#endif
+#ifndef OPENSSL_NO_RC4
+# define OPENSSL_NO_RC4
+#endif
#ifndef OPENSSL_NO_RC5
# define OPENSSL_NO_RC5
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 10710e4a7c..dfaefd1c08 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -374,8 +374,6 @@
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
$(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
@@ -531,7 +529,6 @@
$(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
$(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
$(OPENSSL_PATH)/crypto/rand/rand_lcl.h
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
$(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
$(OPENSSL_PATH)/crypto/sha/sha_locl.h
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index d9782a3098..080e1d9305 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -374,8 +374,6 @@
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
$(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
@@ -531,7 +529,6 @@
$(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
$(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
$(OPENSSL_PATH)/crypto/rand/rand_lcl.h
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
$(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
$(OPENSSL_PATH)/crypto/sha/sha_locl.h
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index bd4a84da24..254bc4dbcc 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -80,6 +80,7 @@ BEGIN {
"no-poly1305",
"no-posix-io",
"no-rc2",
+ "no-rc4",
"no-rfc3779",
"no-rmd160",
"no-scrypt",
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 06/13] CryptoPkg/BaseCryptLib: Retire the TDES algorithm
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (4 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 05/13] CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 07/13] CryptoPkg/OpensslLib: Set TDES disable in OpensslLib Gao, Zhichao
` (6 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
TDES is not secure any longer.
Remove the Tdes support from edk2.
Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/Driver/Crypto.c | 138 ++-----
CryptoPkg/Include/Library/BaseCryptLib.h | 196 ----------
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------
.../BaseCryptLib/Cipher/CryptTdesNull.c | 160 --------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/PeiCryptLib.uni | 6 +-
CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.uni | 6 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 --------
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 214 ----------
CryptoPkg/Private/Protocol/Crypto.h | 169 +-------
16 files changed, 60 insertions(+), 1377 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index af61482919..642d0267d9 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1612,152 +1612,94 @@ CryptoServiceHmacSha256Final (
//=====================================================================================
/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- If this interface is not supported, then return zero.
+ TDES is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
- @return The size, in bytes, of the context buffer required for TDES operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
-CryptoServiceTdesGetContextSize (
+DeprecatedCryptoServiceTdesGetContextSize (
VOID
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSize, (), 0);
+ return BaseCryptLibServiceDeprecated ("TdesGetContextSize"), 0;
}
/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
- If this interface is not supported, then return FALSE.
+ TDES is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[out] TdesContext Pointer to TDES context being initialized.
@param[in] Key Pointer to the user-supplied TDES key.
@param[in] KeyLength Length of TDES key in bits.
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceTdesInit (
+DeprecatedCryptoServiceTdesInit (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Key, KeyLength), FALSE);
+ return BaseCryptLibServiceDeprecated ("TdesInit"), FALSE;
}
/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ TDES is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceTdesEcbEncrypt (
+DeprecatedCryptoServiceTdesEcbEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("TdesEcbEncrypt"), FALSE;
}
/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ TDES is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceTdesEcbDecrypt (
+DeprecatedCryptoServiceTdesEcbDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("TdesEcbDecrypt"), FALSE;
}
/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ TDES is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@@ -1765,14 +1707,12 @@ CryptoServiceTdesEcbDecrypt (
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceTdesCbcEncrypt (
+DeprecatedCryptoServiceTdesCbcEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -1780,26 +1720,12 @@ CryptoServiceTdesCbcEncrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("TdesCbcEncrypt"), FALSE;
}
/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ TDES is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] TdesContext Pointer to the TDES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@@ -1807,14 +1733,12 @@ CryptoServiceTdesCbcEncrypt (
@param[in] Ivec Pointer to initialization vector.
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceTdesCbcDecrypt (
+DeprecatedCryptoServiceTdesCbcDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -1822,7 +1746,7 @@ CryptoServiceTdesCbcDecrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("TdesCbcDecrypt"), FALSE;
}
/**
@@ -4445,13 +4369,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceX509Free,
CryptoServiceX509StackFree,
CryptoServiceX509GetTBSCert,
- /// TDES
- CryptoServiceTdesGetContextSize,
- CryptoServiceTdesInit,
- CryptoServiceTdesEcbEncrypt,
- CryptoServiceTdesEcbDecrypt,
- CryptoServiceTdesCbcEncrypt,
- CryptoServiceTdesCbcDecrypt,
+ /// TDES - deprecated and unsupported
+ DeprecatedCryptoServiceTdesGetContextSize,
+ DeprecatedCryptoServiceTdesInit,
+ DeprecatedCryptoServiceTdesEcbEncrypt,
+ DeprecatedCryptoServiceTdesEcbDecrypt,
+ DeprecatedCryptoServiceTdesCbcEncrypt,
+ DeprecatedCryptoServiceTdesCbcDecrypt,
/// AES
CryptoServiceAesGetContextSize,
CryptoServiceAesInit,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 25e236c4a3..621bcfd1c4 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1278,202 +1278,6 @@ HmacSha256Final (
// Symmetric Cryptography Primitive
//=====================================================================================
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- );
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- );
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- );
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- );
-
/**
Retrieves the size, in bytes, of the context buffer required for AES operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index da38ea552f..2de8e9c346 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -39,7 +39,6 @@
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
- Cipher/CryptTdes.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExt.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
deleted file mode 100644
index fd799f3398..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/** @file
- TDES Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/des.h>
-
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- //
- // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each.
- //
- return (UINTN) (3 * sizeof (DES_key_schedule));
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- DES_key_schedule *KeySchedule;
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
-
- //
- // If input Key is a weak key, return error.
- //
- if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) {
- return FALSE;
- }
-
- DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule);
-
- if (KeyLength == 64) {
- CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule));
- CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
- return TRUE;
- }
-
- if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) == 1) {
- return FALSE;
- }
-
- DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1);
-
- if (KeyLength == 128) {
- CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
- return TRUE;
- }
-
- if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) == 1) {
- return FALSE;
- }
-
- DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2);
-
- return TRUE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
-
- while (InputSize > 0) {
- DES_ecb3_encrypt (
- (const_DES_cblock *) Input,
- (DES_cblock *) Output,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- DES_ENCRYPT
- );
- Input += TDES_BLOCK_SIZE;
- Output += TDES_BLOCK_SIZE;
- InputSize -= TDES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
-
- while (InputSize > 0) {
- DES_ecb3_encrypt (
- (const_DES_cblock *) Input,
- (DES_cblock *) Output,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- DES_DECRYPT
- );
- Input += TDES_BLOCK_SIZE;
- Output += TDES_BLOCK_SIZE;
- InputSize -= TDES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
- UINT8 IvecBuffer[TDES_BLOCK_SIZE];
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
- return FALSE;
- }
-
- if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
- CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
-
- DES_ede3_cbc_encrypt (
- Input,
- Output,
- (UINT32) InputSize,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- (DES_cblock *) IvecBuffer,
- DES_ENCRYPT
- );
-
- return TRUE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
- UINT8 IvecBuffer[TDES_BLOCK_SIZE];
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
- return FALSE;
- }
-
- if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
- CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
-
- DES_ede3_cbc_encrypt (
- Input,
- Output,
- (UINT32) InputSize,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- (DES_cblock *) IvecBuffer,
- DES_DECRYPT
- );
-
- return TRUE;
-}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
deleted file mode 100644
index efa2716063..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/** @file
- TDES Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index f43953b78c..f631f8d879 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -45,7 +45,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index 5abd8e8dfb..c906935d3d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -6,8 +6,8 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
// generator functions are not supported in this instance.
@@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
index 75a133bd0c..6f7e1971f8 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
@@ -1,7 +1,7 @@
/** @file
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem (
//
// Add possible block-cipher descriptor for PEM data decryption.
- // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
+ // NOTE: Only support most popular ciphers AES for the encrypted PEM.
//
- if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
- return FALSE;
- }
if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
return FALSE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index f1eb099b67..672e19299c 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -45,7 +45,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index 5a48d2a308..0a3bb1c04f 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -6,8 +6,8 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 3a94655775..cc3556ae3f 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -44,7 +44,6 @@
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index 0561f107e8..2e362c635f 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -6,8 +6,8 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index a205c9005d..04b552f8b7 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -39,7 +39,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasicNull.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
deleted file mode 100644
index efa2716063..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/** @file
- TDES Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 77915bdb86..43ee4e0841 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1467,220 +1467,6 @@ HmacSha256Final (
// Symmetric Cryptography Primitive
//=====================================================================================
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0);
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE);
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE);
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE);
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
-}
-
/**
Retrieves the size, in bytes, of the context buffer required for AES operations.
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index f36c5c1aff..a30660c192 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -2396,155 +2396,45 @@ BOOLEAN
//=====================================================================================
/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
- @retval 0 This interface is not supported.
+ TDES is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
UINTN
-(EFIAPI *EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) (
VOID
);
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_INIT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_INIT) (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
);
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_ECB_ENCRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_ECB_DECRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_CBC_ENCRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -2552,38 +2442,9 @@ BOOLEAN
OUT UINT8 *Output
);
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_CBC_DECRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -3911,13 +3772,13 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_X509_FREE X509Free;
EDKII_CRYPTO_X509_STACK_FREE X509StackFree;
EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert;
- /// TDES
- EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE TdesGetContextSize;
- EDKII_CRYPTO_TDES_INIT TdesInit;
- EDKII_CRYPTO_TDES_ECB_ENCRYPT TdesEcbEncrypt;
- EDKII_CRYPTO_TDES_ECB_DECRYPT TdesEcbDecrypt;
- EDKII_CRYPTO_TDES_CBC_ENCRYPT TdesCbcEncrypt;
- EDKII_CRYPTO_TDES_CBC_DECRYPT TdesCbcDecrypt;
+ /// TDES - deprecated and unsupported
+ DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetContextSize;
+ DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit;
+ DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncrypt;
+ DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt;
+ DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt;
+ DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt;
/// AES
EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize;
EDKII_CRYPTO_AES_INIT AesInit;
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 07/13] CryptoPkg/OpensslLib: Set TDES disable in OpensslLib
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (5 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 06/13] CryptoPkg/BaseCryptLib: Retire the TDES algorithm Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 08/13] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
` (5 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
This patch is create by adding the setting "no_des" of
process_files.pl and running it thru perl.
It would remove the TDES from OpensslLib.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
V6:
Change the line ending of opensslconfig.h from '\n'
to '\r\n'.
.../Library/Include/openssl/opensslconf.h | 3 +++
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 21 -------------------
.../Library/OpensslLib/OpensslLibCrypto.inf | 21 -------------------
CryptoPkg/Library/OpensslLib/process_files.pl | 1 +
4 files changed, 4 insertions(+), 42 deletions(-)
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index f55b27ae81..70862e1054 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -49,6 +49,9 @@ extern "C" {
#ifndef OPENSSL_NO_CT
# define OPENSSL_NO_CT
#endif
+#ifndef OPENSSL_NO_DES
+# define OPENSSL_NO_DES
+#endif
#ifndef OPENSSL_NO_DSA
# define OPENSSL_NO_DSA
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index dfaefd1c08..d66f1cb03f 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -178,25 +178,6 @@
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/ctype.c
$(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
- $(OPENSSL_PATH)/crypto/des/cbc_enc.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
- $(OPENSSL_PATH)/crypto/des/cfb64enc.c
- $(OPENSSL_PATH)/crypto/des/cfb_enc.c
- $(OPENSSL_PATH)/crypto/des/des_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb_enc.c
- $(OPENSSL_PATH)/crypto/des/fcrypt.c
- $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
- $(OPENSSL_PATH)/crypto/des/ofb64enc.c
- $(OPENSSL_PATH)/crypto/des/ofb_enc.c
- $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/qud_cksm.c
- $(OPENSSL_PATH)/crypto/des/rand_key.c
- $(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/str2key.c
- $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_check.c
@@ -514,8 +495,6 @@
$(OPENSSL_PATH)/crypto/comp/comp_lcl.h
$(OPENSSL_PATH)/crypto/conf/conf_def.h
$(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
- $(OPENSSL_PATH)/crypto/des/spr.h
$(OPENSSL_PATH)/crypto/dh/dh_locl.h
$(OPENSSL_PATH)/crypto/dso/dso_locl.h
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 080e1d9305..5788d13cf7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -178,25 +178,6 @@
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/ctype.c
$(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
- $(OPENSSL_PATH)/crypto/des/cbc_enc.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
- $(OPENSSL_PATH)/crypto/des/cfb64enc.c
- $(OPENSSL_PATH)/crypto/des/cfb_enc.c
- $(OPENSSL_PATH)/crypto/des/des_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb_enc.c
- $(OPENSSL_PATH)/crypto/des/fcrypt.c
- $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
- $(OPENSSL_PATH)/crypto/des/ofb64enc.c
- $(OPENSSL_PATH)/crypto/des/ofb_enc.c
- $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/qud_cksm.c
- $(OPENSSL_PATH)/crypto/des/rand_key.c
- $(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/str2key.c
- $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_check.c
@@ -514,8 +495,6 @@
$(OPENSSL_PATH)/crypto/comp/comp_lcl.h
$(OPENSSL_PATH)/crypto/conf/conf_def.h
$(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
- $(OPENSSL_PATH)/crypto/des/spr.h
$(OPENSSL_PATH)/crypto/dh/dh_locl.h
$(OPENSSL_PATH)/crypto/dso/dso_locl.h
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 254bc4dbcc..5ceedf5d37 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -62,6 +62,7 @@ BEGIN {
"no-cms",
"no-ct",
"no-deprecated",
+ "no-des",
"no-dgram",
"no-dsa",
"no-dynamic-engine",
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 08/13] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (6 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 07/13] CryptoPkg/OpensslLib: Set TDES disable in OpensslLib Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 09/13] CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib Gao, Zhichao
` (4 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Aes Ecb mode is not secure any longer.
Remove the Aes Ecb mode support from edk2.
Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 45 +++----
CryptoPkg/Driver/Crypto.c | 50 ++------
CryptoPkg/Include/Library/BaseCryptLib.h | 70 -----------
.../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ------------------
.../BaseCryptLib/Cipher/CryptAesNull.c | 52 --------
.../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 --------
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 76 ------------
CryptoPkg/Private/Protocol/Crypto.h | 61 ++--------
8 files changed, 42 insertions(+), 478 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 6ed7046563..1f68cc633b 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,27 +137,30 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 642d0267d9..1337fea42a 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1801,79 +1801,51 @@ CryptoServiceAesInit (
}
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ AES ECB Mode is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] AesContext Pointer to the AES context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the AES encryption output.
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceAesEcbEncrypt (
+DeprecatedCryptoServiceAesEcbEncrypt (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt, (AesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("AesEcbEncrypt"), FALSE;
}
/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ AES ECB Mode is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] AesContext Pointer to the AES context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the AES decryption output.
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceAesEcbDecrypt (
+DeprecatedCryptoServiceAesEcbDecrypt (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt, (AesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("AesEcbDecrypt"), FALSE;
}
/**
@@ -4376,11 +4348,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
DeprecatedCryptoServiceTdesEcbDecrypt,
DeprecatedCryptoServiceTdesCbcEncrypt,
DeprecatedCryptoServiceTdesCbcDecrypt,
- /// AES
+ /// AES - ECB mode is deprecated and unsupported
CryptoServiceAesGetContextSize,
CryptoServiceAesInit,
- CryptoServiceAesEcbEncrypt,
- CryptoServiceAesEcbDecrypt,
+ DeprecatedCryptoServiceAesEcbEncrypt,
+ DeprecatedCryptoServiceAesEcbDecrypt,
CryptoServiceAesCbcEncrypt,
CryptoServiceAesCbcDecrypt,
/// Arc4 - deprecated and unsupported
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 621bcfd1c4..86175c7a8a 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1323,76 +1323,6 @@ AesInit (
IN UINTN KeyLength
);
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
index 2515b34bb8..914cffb211 100644
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
@@ -78,120 +78,6 @@ AesInit (
return TRUE;
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- AES_KEY *AesKey;
-
- //
- // Check input parameters.
- //
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- AesKey = (AES_KEY *) AesContext;
-
- //
- // Perform AES data encryption with ECB mode (block-by-block)
- //
- while (InputSize > 0) {
- AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
- Input += AES_BLOCK_SIZE;
- Output += AES_BLOCK_SIZE;
- InputSize -= AES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- AES_KEY *AesKey;
-
- //
- // Check input parameters.
- //
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- AesKey = (AES_KEY *) AesContext;
-
- //
- // Perform AES data decryption with ECB mode (block-by-block)
- //
- while (InputSize > 0) {
- AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
- Input += AES_BLOCK_SIZE;
- Output += AES_BLOCK_SIZE;
- InputSize -= AES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
index a82adacf4f..d235422e7a 100644
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
@@ -50,58 +50,6 @@ AesInit (
return FALSE;
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
index a82adacf4f..d235422e7a 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
@@ -50,58 +50,6 @@ AesInit (
return FALSE;
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 43ee4e0841..c937f8540d 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1518,82 +1518,6 @@ AesInit (
CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, KeyLength), FALSE);
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (AesEcbEncrypt, (AesContext, Input, InputSize, Output), FALSE);
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (AesEcbDecrypt, (AesContext, Input, InputSize, Output), FALSE);
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index a30660c192..e76ff623a5 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -2498,69 +2498,22 @@ BOOLEAN
);
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
+ AES ECB Mode is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_AES_ECB_ENCRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT) (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- AesContext should be already correctly initialized by AesInit(). Behavior with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_AES_ECB_DECRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT) (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -3779,11 +3732,11 @@ struct _EDKII_CRYPTO_PROTOCOL {
DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt;
DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt;
DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt;
- /// AES
+ /// AES - ECB Mode is deprecated and unsupported
EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize;
EDKII_CRYPTO_AES_INIT AesInit;
- EDKII_CRYPTO_AES_ECB_ENCRYPT AesEcbEncrypt;
- EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt;
+ DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncrypt;
+ DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecrypt;
EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt;
EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt;
/// Arc4 - deprecated and unsupported
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 09/13] CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (7 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 08/13] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 10/13] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Gao, Zhichao
` (3 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Add the unrequired aes_ecb files in process_files.pl and run it
thru perl.
It would remove the unrequired aes_ecb files from OpensslLib inf.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 -
CryptoPkg/Library/OpensslLib/process_files.pl | 1 +
3 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index d66f1cb03f..c8ec9454bd 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -29,7 +29,6 @@
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
$(OPENSSL_PATH)/crypto/aes/aes_ige.c
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 5788d13cf7..2f232e3e12 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -29,7 +29,6 @@
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
$(OPENSSL_PATH)/crypto/aes/aes_ige.c
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 5ceedf5d37..65d07a2aed 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -144,6 +144,7 @@ foreach my $product ((@{$unified_info{libraries}},
next if $s =~ "crypto/rand/randfile.c";
next if $s =~ "crypto/store/";
next if $s =~ "crypto/err/err_all.c";
+ next if $s =~ "crypto/aes/aes_ecb.c";
if ($product =~ "libssl") {
push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 10/13] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (8 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 09/13] CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 11/13] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Gao, Zhichao
` (2 subsequent siblings)
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
HMAC MD5 is not secure any longer.
Remove the HMAC MD5 support from edk2.
Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 1 -
CryptoPkg/Driver/Crypto.c | 96 +++-----
CryptoPkg/Include/Library/BaseCryptLib.h | 133 -----------
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 216 ------------------
.../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 139 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/PeiCryptLib.uni | 4 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.uni | 4 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 139 -----------
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------
CryptoPkg/Private/Protocol/Crypto.h | 117 ++--------
16 files changed, 55 insertions(+), 960 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 1f68cc633b..9ddf73f9fa 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,7 +137,6 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 1337fea42a..1cd5923ce2 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1160,154 +1160,120 @@ CryptoServiceSm3HashAll (
//=====================================================================================
/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- If this interface is not supported, then return NULL.
+ HMAC MD5 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
@retval NULL This interface is not supported.
**/
VOID *
EFIAPI
-CryptoServiceHmacMd5New (
+DeprecatedCryptoServiceHmacMd5New (
VOID
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.New, HmacMd5New, (), NULL);
+ return BaseCryptLibServiceDeprecated ("HmacMd5New"), NULL;
}
/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
+ HMAC MD5 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
-CryptoServiceHmacMd5Free (
+DeprecatedCryptoServiceHmacMd5Free (
IN VOID *HmacMd5Ctx
)
{
- CALL_VOID_BASECRYPTLIB (HmacMd5.Services.Free, HmacMd5Free, (HmacMd5Ctx));
+ BaseCryptLibServiceDeprecated ("HmacMd5Free");
}
/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ HMAC MD5 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[out] HmacMd5Context Pointer to HMAC-MD5 context.
@param[in] Key Pointer to the user-supplied key.
@param[in] KeySize Key size in bytes.
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceHmacMd5SetKey (
+DeprecatedCryptoServiceHmacMd5SetKey (
OUT VOID *HmacMd5Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.SetKey, HmacMd5SetKey, (HmacMd5Context, Key, KeySize), FALSE);
+ return BaseCryptLibServiceDeprecated ("HmacMd5SetKey"), FALSE;
}
/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ HMAC MD5 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
@param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceHmacMd5Duplicate (
+DeprecatedCryptoServiceHmacMd5Duplicate (
IN CONST VOID *HmacMd5Context,
OUT VOID *NewHmacMd5Context
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.Duplicate, HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Context), FALSE);
+ return BaseCryptLibServiceDeprecated ("HmacMd5Duplicate"), FALSE;
}
/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ HMAC MD5 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
@param[in] Data Pointer to the buffer containing the data to be digested.
@param[in] DataSize Size of Data buffer in bytes.
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceHmacMd5Update (
+DeprecatedCryptoServiceHmacMd5Update (
IN OUT VOID *HmacMd5Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.Update, HmacMd5Update, (HmacMd5Context, Data, DataSize), FALSE);
+ return BaseCryptLibServiceDeprecated ("HmacMd5Update"), FALSE;
}
/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ HMAC MD5 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
@param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
value (16 bytes).
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceHmacMd5Final (
+DeprecatedCryptoServiceHmacMd5Final (
IN OUT VOID *HmacMd5Context,
OUT UINT8 *HmacValue
)
{
- return CALL_BASECRYPTLIB (HmacMd5.Services.Final, HmacMd5Final, (HmacMd5Context, HmacValue), FALSE);
+ return BaseCryptLibServiceDeprecated ("HmacMd5Final"), FALSE;
}
/**
@@ -4234,13 +4200,13 @@ CryptoServiceTlsGetCertRevocationList (
const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
/// Version
CryptoServiceGetCryptoVersion,
- /// HMAC MD5
- CryptoServiceHmacMd5New,
- CryptoServiceHmacMd5Free,
- CryptoServiceHmacMd5SetKey,
- CryptoServiceHmacMd5Duplicate,
- CryptoServiceHmacMd5Update,
- CryptoServiceHmacMd5Final,
+ /// HMAC MD5 - deprecated and unsupported
+ DeprecatedCryptoServiceHmacMd5New,
+ DeprecatedCryptoServiceHmacMd5Free,
+ DeprecatedCryptoServiceHmacMd5SetKey,
+ DeprecatedCryptoServiceHmacMd5Duplicate,
+ DeprecatedCryptoServiceHmacMd5Update,
+ DeprecatedCryptoServiceHmacMd5Final,
/// HMAC SHA1
CryptoServiceHmacSha1New,
CryptoServiceHmacSha1Free,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 86175c7a8a..b99401661c 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -880,139 +880,6 @@ Sm3HashAll (
// MAC (Message Authentication Code) Primitive
//=====================================================================================
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- );
-
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- );
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- );
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- );
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- );
-
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 2de8e9c346..33d7c13bff 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
- Hmac/CryptHmacMd5.c
Hmac/CryptHmacSha1.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
deleted file mode 100644
index da46ce09f4..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/** @file
- HMAC-MD5 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- //
- // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
- //
- return (VOID *) HMAC_CTX_new ();
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- //
- // Free OpenSSL HMAC_CTX Context
- //
- HMAC_CTX_free ((HMAC_CTX *)HmacMd5Ctx);
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL || KeySize > INT_MAX) {
- return FALSE;
- }
-
- if (HMAC_Init_ex ((HMAC_CTX *)HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL || NewHmacMd5Context == NULL) {
- return FALSE;
- }
-
- if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacMd5Context, (HMAC_CTX *)HmacMd5Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-MD5 digest update
- //
- if (HMAC_Update ((HMAC_CTX *)HmacMd5Context, Data, DataSize) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 digest computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- UINT32 Length;
-
- //
- // Check input parameters.
- //
- if (HmacMd5Context == NULL || HmacValue == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-MD5 digest finalization
- //
- if (HMAC_Final ((HMAC_CTX *)HmacMd5Context, HmacValue, &Length) != 1) {
- return FALSE;
- }
- if (HMAC_CTX_reset ((HMAC_CTX *)HmacMd5Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
deleted file mode 100644
index 5de55bf0d5..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- Return NULL to indicate this interface is not supported.
-
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index f631f8d879..2a630ef290 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index c906935d3d..95c71a8ae2 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -6,7 +6,7 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// Note: HMAC-SHA1 functions, AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
@@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 672e19299c..1642521087 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index 0a3bb1c04f..f7e1acb3a7 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -6,7 +6,7 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// Note: HMAC-SHA1 functions, AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index cc3556ae3f..ec9c8e7c05 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external
+# HMAC-SHA1 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -39,7 +39,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index 2e362c635f..8eb3acac93 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -6,7 +6,7 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// Note: HMAC-SHA1 functions, AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 04b552f8b7..558ccfc002 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256Null.c
Hash/CryptSha512Null.c
Hash/CryptSm3Null.c
- Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
deleted file mode 100644
index 5de55bf0d5..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacMd5Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- Return NULL to indicate this interface is not supported.
-
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index c937f8540d..dfe7fb7e91 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1015,157 +1015,6 @@ Sm3HashAll (
// MAC (Message Authentication Code) Primitive
//=====================================================================================
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
- @retval NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacMd5New (
- VOID
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5New, (), NULL);
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacMd5Free (
- IN VOID *HmacMd5Ctx
- )
-{
- CALL_VOID_CRYPTO_SERVICE (HmacMd5Free, (HmacMd5Ctx));
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE Key is set successfully.
- @retval FALSE Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5SetKey (
- OUT VOID *HmacMd5Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5SetKey, (HmacMd5Context, Key, KeySize), FALSE);
-}
-
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Duplicate (
- IN CONST VOID *HmacMd5Context,
- OUT VOID *NewHmacMd5Context
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5Duplicate, (HmacMd5Context, NewHmacMd5Context), FALSE);
-}
-
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Update (
- IN OUT VOID *HmacMd5Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5Update, (HmacMd5Context, Data, DataSize), FALSE);
-}
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacMd5Final (
- IN OUT VOID *HmacMd5Context,
- OUT UINT8 *HmacValue
- )
-{
- CALL_CRYPTO_SERVICE (HmacMd5Final, (HmacMd5Context, HmacValue), FALSE);
-}
-
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index e76ff623a5..bd4cd7f383 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -43,135 +43,48 @@ UINTN
// MAC (Message Authentication Code) Primitive
//=====================================================================================
/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacMd5New() returns NULL.
- @retval NULL This interface is not supported.
+ HMAC MD5 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
VOID*
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_NEW) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW) (
VOID
);
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
typedef
VOID
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FREE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE) (
IN VOID *HmacMd5Ctx
);
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacMd5Update().
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacMd5Context Pointer to HMAC-MD5 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE HMAC-MD5 context initialization succeeded.
- @retval FALSE HMAC-MD5 context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_SET_KEY) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY) (
OUT VOID *HmacMd5Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
);
-/**
- Makes a copy of an existing HMAC-MD5 context.
-
- If HmacMd5Context is NULL, then return FALSE.
- If NewHmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
- @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
-
- @retval TRUE HMAC-MD5 context copy succeeded.
- @retval FALSE HMAC-MD5 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_DUPLICATE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE) (
IN CONST VOID *HmacMd5Context,
OUT VOID *NewHmacMd5Context
);
-/**
- Digests the input data and updates HMAC-MD5 context.
-
- This function performs HMAC-MD5 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-MD5 data digest succeeded.
- @retval FALSE HMAC-MD5 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_UPDATE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE) (
IN OUT VOID *HmacMd5Context,
IN CONST VOID *Data,
IN UINTN DataSize
);
-
-/**
- Completes computation of the HMAC-MD5 digest value.
-
- This function completes HMAC-MD5 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-MD5 context cannot
- be used again.
- HMAC-MD5 context should be initialized by HmacMd5New(), and should not be finalized by
- HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
-
- If HmacMd5Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
- value (16 bytes).
-
- @retval TRUE HMAC-MD5 digest computation succeeded.
- @retval FALSE HMAC-MD5 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_MD5_FINAL) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL) (
IN OUT VOID *HmacMd5Context,
OUT UINT8 *HmacValue
);
@@ -3618,13 +3531,13 @@ EFI_STATUS
struct _EDKII_CRYPTO_PROTOCOL {
/// Version
EDKII_CRYPTO_GET_VERSION GetVersion;
- /// HMAC MD5
- EDKII_CRYPTO_HMAC_MD5_NEW HmacMd5New;
- EDKII_CRYPTO_HMAC_MD5_FREE HmacMd5Free;
- EDKII_CRYPTO_HMAC_MD5_SET_KEY HmacMd5SetKey;
- EDKII_CRYPTO_HMAC_MD5_DUPLICATE HmacMd5Duplicate;
- EDKII_CRYPTO_HMAC_MD5_UPDATE HmacMd5Update;
- EDKII_CRYPTO_HMAC_MD5_FINAL HmacMd5Final;
+ /// HMAC MD5 - deprecated and unsupported
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Free;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5SetKey;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplicate;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update;
+ DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final;
/// HMAC SHA1
EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New;
EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free;
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 11/13] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (9 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 10/13] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 13/13] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
HMAC SHA1 is not secure any longer.
Remove the HMAC SHA1 support from edk2.
Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 3 -
CryptoPkg/Driver/Crypto.c | 96 +++-----
CryptoPkg/Include/Library/BaseCryptLib.h | 133 -----------
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 216 ------------------
.../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 139 -----------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/PeiCryptLib.uni | 4 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 4 +-
.../Library/BaseCryptLib/SmmCryptLib.uni | 4 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 139 -----------
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 151 ------------
CryptoPkg/Private/Protocol/Crypto.h | 121 ++--------
16 files changed, 55 insertions(+), 967 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 9ddf73f9fa..1af78468a1 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,7 +137,6 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -163,7 +162,6 @@
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -178,7 +176,6 @@
!endif
!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 1cd5923ce2..73ae566755 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1277,154 +1277,120 @@ DeprecatedCryptoServiceHmacMd5Final (
}
/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- If this interface is not supported, then return NULL.
+ HMAC SHA1 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha1New() returns NULL.
@return NULL This interface is not supported.
**/
VOID *
EFIAPI
-CryptoServiceHmacSha1New (
+DeprecatedCryptoServiceHmacSha1New (
VOID
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.New, HmacSha1New, (), NULL);
+ return BaseCryptLibServiceDeprecated ("HmacSha1New"), NULL;
}
/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
+ HMAC SHA1 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
-CryptoServiceHmacSha1Free (
+DeprecatedCryptoServiceHmacSha1Free (
IN VOID *HmacSha1Ctx
)
{
- CALL_VOID_BASECRYPTLIB (HmacSha1.Services.Free, HmacSha1Free, (HmacSha1Ctx));
+ BaseCryptLibServiceDeprecated ("HmacSha1Free");
}
/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ HMAC SHA1 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
@param[in] Key Pointer to the user-supplied key.
@param[in] KeySize Key size in bytes.
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceHmacSha1SetKey (
+DeprecatedCryptoServiceHmacSha1SetKey (
OUT VOID *HmacSha1Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.SetKey, HmacSha1SetKey, (HmacSha1Context, Key, KeySize), FALSE);
+ return BaseCryptLibServiceDeprecated ("HmacSha1SetKey"), FALSE;
}
/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- If HmacSha1Context is NULL, then return FALSE.
- If NewHmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ HMAC SHA1 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
@param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
- @retval TRUE HMAC-SHA1 context copy succeeded.
- @retval FALSE HMAC-SHA1 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceHmacSha1Duplicate (
+DeprecatedCryptoServiceHmacSha1Duplicate (
IN CONST VOID *HmacSha1Context,
OUT VOID *NewHmacSha1Context
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.Duplicate, HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Context), FALSE);
+ return BaseCryptLibServiceDeprecated ("HmacSha1Duplicate"), FALSE;
}
/**
- Digests the input data and updates HMAC-SHA1 context.
-
- This function performs HMAC-SHA1 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ HMAC SHA1 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
@param[in] Data Pointer to the buffer containing the data to be digested.
@param[in] DataSize Size of Data buffer in bytes.
- @retval TRUE HMAC-SHA1 data digest succeeded.
- @retval FALSE HMAC-SHA1 data digest failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceHmacSha1Update (
+DeprecatedCryptoServiceHmacSha1Update (
IN OUT VOID *HmacSha1Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.Update, HmacSha1Update, (HmacSha1Context, Data, DataSize), FALSE);
+ return BaseCryptLibServiceDeprecated ("HmacSha1Update"), FALSE;
}
/**
- Completes computation of the HMAC-SHA1 digest value.
-
- This function completes HMAC-SHA1 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA1 context cannot
- be used again.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized
- by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
+ HMAC SHA1 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
@param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
value (20 bytes).
- @retval TRUE HMAC-SHA1 digest computation succeeded.
- @retval FALSE HMAC-SHA1 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-CryptoServiceHmacSha1Final (
+DeprecatedCryptoServiceHmacSha1Final (
IN OUT VOID *HmacSha1Context,
OUT UINT8 *HmacValue
)
{
- return CALL_BASECRYPTLIB (HmacSha1.Services.Final, HmacSha1Final, (HmacSha1Context, HmacValue), FALSE);
+ return BaseCryptLibServiceDeprecated ("HmacSha1Final"), FALSE;
}
/**
@@ -4207,13 +4173,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
DeprecatedCryptoServiceHmacMd5Duplicate,
DeprecatedCryptoServiceHmacMd5Update,
DeprecatedCryptoServiceHmacMd5Final,
- /// HMAC SHA1
- CryptoServiceHmacSha1New,
- CryptoServiceHmacSha1Free,
- CryptoServiceHmacSha1SetKey,
- CryptoServiceHmacSha1Duplicate,
- CryptoServiceHmacSha1Update,
- CryptoServiceHmacSha1Final,
+ /// HMAC SHA1 - deprecated and unsupported
+ DeprecatedCryptoServiceHmacSha1New,
+ DeprecatedCryptoServiceHmacSha1Free,
+ DeprecatedCryptoServiceHmacSha1SetKey,
+ DeprecatedCryptoServiceHmacSha1Duplicate,
+ DeprecatedCryptoServiceHmacSha1Update,
+ DeprecatedCryptoServiceHmacSha1Final,
/// HMAC SHA256
CryptoServiceHmacSha256New,
CryptoServiceHmacSha256Free,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index b99401661c..1b1ffa75ef 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -880,139 +880,6 @@ Sm3HashAll (
// MAC (Message Authentication Code) Primitive
//=====================================================================================
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha1New() returns NULL.
- @return NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- );
-
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- );
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- );
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- If HmacSha1Context is NULL, then return FALSE.
- If NewHmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval TRUE HMAC-SHA1 context copy succeeded.
- @retval FALSE HMAC-SHA1 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- );
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- This function performs HMAC-SHA1 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA1 data digest succeeded.
- @retval FALSE HMAC-SHA1 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- This function completes HMAC-SHA1 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA1 context cannot
- be used again.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized
- by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval TRUE HMAC-SHA1 digest computation succeeded.
- @retval FALSE HMAC-SHA1 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- );
-
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 33d7c13bff..4aae2aba95 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
- Hmac/CryptHmacSha1.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
deleted file mode 100644
index 7593ca55b1..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/** @file
- HMAC-SHA1 Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/hmac.h>
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha1New() returns NULL.
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- //
- // Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
- //
- return (VOID *) HMAC_CTX_new ();
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- //
- // Free OpenSSL HMAC_CTX Context
- //
- HMAC_CTX_free ((HMAC_CTX *)HmacSha1Ctx);
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- If HmacSha1Context is NULL, then return FALSE.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL || KeySize > INT_MAX) {
- return FALSE;
- }
-
- if (HMAC_Init_ex ((HMAC_CTX *)HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- If HmacSha1Context is NULL, then return FALSE.
- If NewHmacSha1Context is NULL, then return FALSE.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval TRUE HMAC-SHA1 context copy succeeded.
- @retval FALSE HMAC-SHA1 context copy failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL || NewHmacSha1Context == NULL) {
- return FALSE;
- }
-
- if (HMAC_CTX_copy ((HMAC_CTX *)NewHmacSha1Context, (HMAC_CTX *)HmacSha1Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- This function performs HMAC-SHA1 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA1 data digest succeeded.
- @retval FALSE HMAC-SHA1 data digest failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL) {
- return FALSE;
- }
-
- //
- // Check invalid parameters, in case that only DataLength was checked in OpenSSL
- //
- if (Data == NULL && DataSize != 0) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA1 digest update
- //
- if (HMAC_Update ((HMAC_CTX *)HmacSha1Context, Data, DataSize) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- This function completes HMAC-SHA1 digest computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA1 context cannot
- be used again.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval TRUE HMAC-SHA1 digest computation succeeded.
- @retval FALSE HMAC-SHA1 digest computation failed.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- UINT32 Length;
-
- //
- // Check input parameters.
- //
- if (HmacSha1Context == NULL || HmacValue == NULL) {
- return FALSE;
- }
-
- //
- // OpenSSL HMAC-SHA1 digest finalization
- //
- if (HMAC_Final ((HMAC_CTX *)HmacSha1Context, HmacValue, &Length) != 1) {
- return FALSE;
- }
- if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha1Context) != 1) {
- return FALSE;
- }
-
- return TRUE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
deleted file mode 100644
index e8c0f341b7..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 2a630ef290..dc28e3a11d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index 95c71a8ae2..20ae64e8bf 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -6,7 +6,7 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-SHA1 functions, AES
+// Note: AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
@@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 1642521087..5005beed02 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-SHA1/SHA256 functions, AES functions, RSA external
+# HMAC-SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -40,7 +40,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index f7e1acb3a7..0cf378c5ab 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -6,7 +6,7 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-SHA1 functions, AES
+// Note: AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index ec9c8e7c05..91ec3e03bf 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,8 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-SHA1 functions, RSA external
-# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
+# RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
@@ -39,7 +38,6 @@
Hash/CryptSha256.c
Hash/CryptSm3.c
Hash/CryptSha512Null.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index 8eb3acac93..f0c33abbcf 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -6,7 +6,7 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-SHA1 functions, AES
+// Note: AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 558ccfc002..689af4fedd 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -34,7 +34,6 @@
Hash/CryptSha256Null.c
Hash/CryptSha512Null.c
Hash/CryptSm3Null.c
- Hmac/CryptHmacSha1Null.c
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
deleted file mode 100644
index e8c0f341b7..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Null.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/** @file
- HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- Return NULL to indicate this interface is not supported.
-
- @return NULL This interface is not supported..
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- ASSERT (FALSE);
- return NULL;
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- This function will do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- ASSERT (FALSE);
- return;
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index dfe7fb7e91..a614b61ed4 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1015,157 +1015,6 @@ Sm3HashAll (
// MAC (Message Authentication Code) Primitive
//=====================================================================================
-/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha1New() returns NULL.
- @return NULL This interface is not supported.
-
-**/
-VOID *
-EFIAPI
-HmacSha1New (
- VOID
- )
-{
- CALL_CRYPTO_SERVICE (HmacSha1New, (), NULL);
-}
-
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
-VOID
-EFIAPI
-HmacSha1Free (
- IN VOID *HmacSha1Ctx
- )
-{
- CALL_VOID_CRYPTO_SERVICE (HmacSha1Free, (HmacSha1Ctx));
-}
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1SetKey (
- OUT VOID *HmacSha1Context,
- IN CONST UINT8 *Key,
- IN UINTN KeySize
- )
-{
- CALL_CRYPTO_SERVICE (HmacSha1SetKey, (HmacSha1Context, Key, KeySize), FALSE);
-}
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- If HmacSha1Context is NULL, then return FALSE.
- If NewHmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval TRUE HMAC-SHA1 context copy succeeded.
- @retval FALSE HMAC-SHA1 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Duplicate (
- IN CONST VOID *HmacSha1Context,
- OUT VOID *NewHmacSha1Context
- )
-{
- CALL_CRYPTO_SERVICE (HmacSha1Duplicate, (HmacSha1Context, NewHmacSha1Context), FALSE);
-}
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- This function performs HMAC-SHA1 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA1 data digest succeeded.
- @retval FALSE HMAC-SHA1 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Update (
- IN OUT VOID *HmacSha1Context,
- IN CONST VOID *Data,
- IN UINTN DataSize
- )
-{
- CALL_CRYPTO_SERVICE (HmacSha1Update, (HmacSha1Context, Data, DataSize), FALSE);
-}
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- This function completes HMAC-SHA1 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA1 context cannot
- be used again.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized
- by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval TRUE HMAC-SHA1 digest computation succeeded.
- @retval FALSE HMAC-SHA1 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-HmacSha1Final (
- IN OUT VOID *HmacSha1Context,
- OUT UINT8 *HmacValue
- )
-{
- CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context, HmacValue), FALSE);
-}
-
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index bd4cd7f383..d167390774 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -89,140 +89,49 @@ BOOLEAN
OUT UINT8 *HmacValue
);
-
/**
- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
-
- If this interface is not supported, then return NULL.
-
- @return Pointer to the HMAC_CTX context that has been initialized.
- If the allocations fails, HmacSha1New() returns NULL.
- @return NULL This interface is not supported.
+ HMAC SHA1 is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
VOID*
-(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_NEW) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW) (
VOID
);
-/**
- Release the specified HMAC_CTX context.
-
- If this interface is not supported, then do nothing.
-
- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
-
-**/
typedef
VOID
-(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FREE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE) (
IN VOID *HmacSha1Ctx
);
-
-/**
- Set user-supplied key for subsequent use. It must be done before any
- calling to HmacSha1Update().
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HmacSha1Context Pointer to HMAC-SHA1 context.
- @param[in] Key Pointer to the user-supplied key.
- @param[in] KeySize Key size in bytes.
-
- @retval TRUE The Key is set successfully.
- @retval FALSE The Key is set unsuccessfully.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_SET_KEY) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY) (
OUT VOID *HmacSha1Context,
IN CONST UINT8 *Key,
IN UINTN KeySize
);
-
-/**
- Makes a copy of an existing HMAC-SHA1 context.
-
- If HmacSha1Context is NULL, then return FALSE.
- If NewHmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
- @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
-
- @retval TRUE HMAC-SHA1 context copy succeeded.
- @retval FALSE HMAC-SHA1 context copy failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE) (
IN CONST VOID *HmacSha1Context,
OUT VOID *NewHmacSha1Context
);
-
-/**
- Digests the input data and updates HMAC-SHA1 context.
-
- This function performs HMAC-SHA1 digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by
- HmacSha1Final(). Behavior with invalid context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[in] Data Pointer to the buffer containing the data to be digested.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE HMAC-SHA1 data digest succeeded.
- @retval FALSE HMAC-SHA1 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_UPDATE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE) (
IN OUT VOID *HmacSha1Context,
IN CONST VOID *Data,
IN UINTN DataSize
);
-
-/**
- Completes computation of the HMAC-SHA1 digest value.
-
- This function completes HMAC-SHA1 hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the HMAC-SHA1 context cannot
- be used again.
- HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized
- by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
-
- If HmacSha1Context is NULL, then return FALSE.
- If HmacValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
- @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
- value (20 bytes).
-
- @retval TRUE HMAC-SHA1 digest computation succeeded.
- @retval FALSE HMAC-SHA1 digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_HMAC_SHA1_FINAL) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL) (
IN OUT VOID *HmacSha1Context,
OUT UINT8 *HmacValue
);
@@ -3538,13 +3447,13 @@ struct _EDKII_CRYPTO_PROTOCOL {
DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplicate;
DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update;
DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final;
- /// HMAC SHA1
- EDKII_CRYPTO_HMAC_SHA1_NEW HmacSha1New;
- EDKII_CRYPTO_HMAC_SHA1_FREE HmacSha1Free;
- EDKII_CRYPTO_HMAC_SHA1_SET_KEY HmacSha1SetKey;
- EDKII_CRYPTO_HMAC_SHA1_DUPLICATE HmacSha1Duplicate;
- EDKII_CRYPTO_HMAC_SHA1_UPDATE HmacSha1Update;
- EDKII_CRYPTO_HMAC_SHA1_FINAL HmacSha1Final;
+ /// HMAC SHA1 - deprecated and unsupported
+ DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW DeprecatedHmacSha1New;
+ DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE DeprecatedHmacSha1Free;
+ DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY DeprecatedHmacSha1SetKey;
+ DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE DeprecatedHmacSha1Duplicate;
+ DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE DeprecatedHmacSha1Update;
+ DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL DeprecatedHmacSha1Final;
/// HMAC SHA256
EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New;
EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free;
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (10 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 11/13] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
2020-05-15 4:43 ` Wang, Jian J
2020-05-18 5:37 ` Xiaoyu Lu
2020-05-15 4:39 ` [PATCH V6 13/13] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao
12 siblings, 2 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Liming Gao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Convert file ending of the crypto created openssl config file -
opensslconf.h from '\n' to '\r\n' to make align the line ending and
pass the patch check.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
.../Library/Include/openssl/opensslconf.h | 680 +++++++++---------
1 file changed, 340 insertions(+), 340 deletions(-)
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 70862e1054..62c2736cb0 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -1,349 +1,349 @@
-/*
- * WARNING: do not edit!
- * Generated from include/openssl/opensslconf.h.in
- *
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/opensslv.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# error OPENSSL_ALGORITHM_DEFINES no longer supported
-#endif
-
-/*
- * OpenSSL was configured with the following options:
- */
-
-#ifndef OPENSSL_SYS_UEFI
-# define OPENSSL_SYS_UEFI 1
-#endif
-#define OPENSSL_MIN_API 0x10100000L
-#ifndef OPENSSL_NO_BF
-# define OPENSSL_NO_BF
-#endif
-#ifndef OPENSSL_NO_BLAKE2
-# define OPENSSL_NO_BLAKE2
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_CHACHA
-# define OPENSSL_NO_CHACHA
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_CT
-# define OPENSSL_NO_CT
-#endif
+/*
+ * WARNING: do not edit!
+ * Generated from include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_UEFI
+# define OPENSSL_SYS_UEFI 1
+#endif
+#define OPENSSL_MIN_API 0x10100000L
+#ifndef OPENSSL_NO_BF
+# define OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+# define OPENSSL_NO_BLAKE2
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAST
+# define OPENSSL_NO_CAST
+#endif
+#ifndef OPENSSL_NO_CHACHA
+# define OPENSSL_NO_CHACHA
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_CT
+# define OPENSSL_NO_CT
+#endif
#ifndef OPENSSL_NO_DES
# define OPENSSL_NO_DES
#endif
-#ifndef OPENSSL_NO_DSA
-# define OPENSSL_NO_DSA
-#endif
-#ifndef OPENSSL_NO_EC
-# define OPENSSL_NO_EC
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
+#ifndef OPENSSL_NO_DSA
+# define OPENSSL_NO_DSA
+#endif
+#ifndef OPENSSL_NO_EC
+# define OPENSSL_NO_EC
+#endif
+#ifndef OPENSSL_NO_IDEA
+# define OPENSSL_NO_IDEA
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
#ifndef OPENSSL_NO_MD4
# define OPENSSL_NO_MD4
#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_POLY1305
-# define OPENSSL_NO_POLY1305
-#endif
-#ifndef OPENSSL_NO_RC2
-# define OPENSSL_NO_RC2
-#endif
+#ifndef OPENSSL_NO_MDC2
+# define OPENSSL_NO_MDC2
+#endif
+#ifndef OPENSSL_NO_POLY1305
+# define OPENSSL_NO_POLY1305
+#endif
+#ifndef OPENSSL_NO_RC2
+# define OPENSSL_NO_RC2
+#endif
#ifndef OPENSSL_NO_RC4
# define OPENSSL_NO_RC4
#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RMD160
-# define OPENSSL_NO_RMD160
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SM2
-# define OPENSSL_NO_SM2
-#endif
-#ifndef OPENSSL_NO_SRP
-# define OPENSSL_NO_SRP
-#endif
-#ifndef OPENSSL_NO_TS
-# define OPENSSL_NO_TS
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-#ifndef OPENSSL_RAND_SEED_NONE
-# define OPENSSL_RAND_SEED_NONE
-#endif
-#ifndef OPENSSL_NO_AFALGENG
-# define OPENSSL_NO_AFALGENG
-#endif
-#ifndef OPENSSL_NO_APPS
-# define OPENSSL_NO_APPS
-#endif
-#ifndef OPENSSL_NO_ASAN
-# define OPENSSL_NO_ASAN
-#endif
-#ifndef OPENSSL_NO_ASM
-# define OPENSSL_NO_ASM
-#endif
-#ifndef OPENSSL_NO_ASYNC
-# define OPENSSL_NO_ASYNC
-#endif
-#ifndef OPENSSL_NO_AUTOERRINIT
-# define OPENSSL_NO_AUTOERRINIT
-#endif
-#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
-# define OPENSSL_NO_AUTOLOAD_CONFIG
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-# define OPENSSL_NO_CRYPTO_MDEBUG
-#endif
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-#endif
-#ifndef OPENSSL_NO_DEPRECATED
-# define OPENSSL_NO_DEPRECATED
-#endif
-#ifndef OPENSSL_NO_DEVCRYPTOENG
-# define OPENSSL_NO_DEVCRYPTOENG
-#endif
-#ifndef OPENSSL_NO_DGRAM
-# define OPENSSL_NO_DGRAM
-#endif
-#ifndef OPENSSL_NO_DTLS
-# define OPENSSL_NO_DTLS
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_DTLS1_2
-# define OPENSSL_NO_DTLS1_2
-#endif
-#ifndef OPENSSL_NO_EC2M
-# define OPENSSL_NO_EC2M
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_ECDH
-# define OPENSSL_NO_ECDH
-#endif
-#ifndef OPENSSL_NO_ECDSA
-# define OPENSSL_NO_ECDSA
-#endif
-#ifndef OPENSSL_NO_EGD
-# define OPENSSL_NO_EGD
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# define OPENSSL_NO_ENGINE
-#endif
-#ifndef OPENSSL_NO_ERR
-# define OPENSSL_NO_ERR
-#endif
-#ifndef OPENSSL_NO_EXTERNAL_TESTS
-# define OPENSSL_NO_EXTERNAL_TESTS
-#endif
-#ifndef OPENSSL_NO_FILENAMES
-# define OPENSSL_NO_FILENAMES
-#endif
-#ifndef OPENSSL_NO_FUZZ_AFL
-# define OPENSSL_NO_FUZZ_AFL
-#endif
-#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
-# define OPENSSL_NO_FUZZ_LIBFUZZER
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_HW
-# define OPENSSL_NO_HW
-#endif
-#ifndef OPENSSL_NO_MSAN
-# define OPENSSL_NO_MSAN
-#endif
-#ifndef OPENSSL_NO_OCB
-# define OPENSSL_NO_OCB
-#endif
-#ifndef OPENSSL_NO_POSIX_IO
-# define OPENSSL_NO_POSIX_IO
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SCRYPT
-# define OPENSSL_NO_SCRYPT
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SOCK
-# define OPENSSL_NO_SOCK
-#endif
-#ifndef OPENSSL_NO_SSL_TRACE
-# define OPENSSL_NO_SSL_TRACE
-#endif
-#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3
-#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-# define OPENSSL_NO_SSL3_METHOD
-#endif
-#ifndef OPENSSL_NO_STDIO
-# define OPENSSL_NO_STDIO
-#endif
-#ifndef OPENSSL_NO_TESTS
-# define OPENSSL_NO_TESTS
-#endif
-#ifndef OPENSSL_NO_TLS1_3
-# define OPENSSL_NO_TLS1_3
-#endif
-#ifndef OPENSSL_NO_UBSAN
-# define OPENSSL_NO_UBSAN
-#endif
-#ifndef OPENSSL_NO_UI_CONSOLE
-# define OPENSSL_NO_UI_CONSOLE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-# define OPENSSL_NO_WEAK_SSL_CIPHERS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_AFALGENG
-# define OPENSSL_NO_AFALGENG
-#endif
-
-
-/*
- * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
- * don't like that. This will hopefully silence them.
- */
-#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
-
-/*
- * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
- * declarations of functions deprecated in or before <version>. Otherwise, they
- * still won't see them if the library has been built to disable deprecated
- * functions.
- */
-#ifndef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f) f;
-# ifdef __GNUC__
-# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-# undef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
-# endif
-# endif
-#endif
-
-#ifndef OPENSSL_FILE
-# ifdef OPENSSL_NO_FILENAMES
-# define OPENSSL_FILE ""
-# define OPENSSL_LINE 0
-# else
-# define OPENSSL_FILE __FILE__
-# define OPENSSL_LINE __LINE__
-# endif
-#endif
-
-#ifndef OPENSSL_MIN_API
-# define OPENSSL_MIN_API 0
-#endif
-
-#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
-# undef OPENSSL_API_COMPAT
-# define OPENSSL_API_COMPAT OPENSSL_MIN_API
-#endif
-
-/*
- * Do not deprecate things to be deprecated in version 1.2.0 before the
- * OpenSSL version number matches.
- */
-#if OPENSSL_VERSION_NUMBER < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f) f;
-#elif OPENSSL_API_COMPAT < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_2_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10100000L
-# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_1_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10000000L
-# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_0_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x00908000L
-# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_0_9_8(f)
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/*
- * The following are cipher-specific, but are part of the public API.
- */
-#if !defined(OPENSSL_SYS_UEFI)
-# undef BN_LLONG
-/* Only one for the following should be defined */
-# undef SIXTY_FOUR_BIT_LONG
-# undef SIXTY_FOUR_BIT
-# define THIRTY_TWO_BIT
-#endif
-
-#define RC4_INT unsigned int
-
-#ifdef __cplusplus
-}
-#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RMD160
+# define OPENSSL_NO_RMD160
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SM2
+# define OPENSSL_NO_SM2
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_TS
+# define OPENSSL_NO_TS
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+# define OPENSSL_NO_WHIRLPOOL
+#endif
+#ifndef OPENSSL_RAND_SEED_NONE
+# define OPENSSL_RAND_SEED_NONE
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_APPS
+# define OPENSSL_NO_APPS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_ASM
+# define OPENSSL_NO_ASM
+#endif
+#ifndef OPENSSL_NO_ASYNC
+# define OPENSSL_NO_ASYNC
+#endif
+#ifndef OPENSSL_NO_AUTOERRINIT
+# define OPENSSL_NO_AUTOERRINIT
+#endif
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+# define OPENSSL_NO_AUTOLOAD_CONFIG
+#endif
+#ifndef OPENSSL_NO_CAPIENG
+# define OPENSSL_NO_CAPIENG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEPRECATED
+# define OPENSSL_NO_DEPRECATED
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_DGRAM
+# define OPENSSL_NO_DGRAM
+#endif
+#ifndef OPENSSL_NO_DTLS
+# define OPENSSL_NO_DTLS
+#endif
+#ifndef OPENSSL_NO_DTLS1
+# define OPENSSL_NO_DTLS1
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+# define OPENSSL_NO_DTLS1_2
+#endif
+#ifndef OPENSSL_NO_EC2M
+# define OPENSSL_NO_EC2M
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_ECDH
+# define OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDSA
+# define OPENSSL_NO_ECDSA
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# define OPENSSL_NO_ENGINE
+#endif
+#ifndef OPENSSL_NO_ERR
+# define OPENSSL_NO_ERR
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FILENAMES
+# define OPENSSL_NO_FILENAMES
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_HW
+# define OPENSSL_NO_HW
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_OCB
+# define OPENSSL_NO_OCB
+#endif
+#ifndef OPENSSL_NO_POSIX_IO
+# define OPENSSL_NO_POSIX_IO
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+# define OPENSSL_NO_SCRYPT
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SOCK
+# define OPENSSL_NO_SOCK
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_STDIO
+# define OPENSSL_NO_STDIO
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+# define OPENSSL_NO_TLS1_3
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UI_CONSOLE
+# define OPENSSL_NO_UI_CONSOLE
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that. This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f;
+# ifdef __GNUC__
+# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# undef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+# endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+# define OPENSSL_FILE ""
+# define OPENSSL_LINE 0
+# else
+# define OPENSSL_FILE __FILE__
+# define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f) f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef __cplusplus
+}
+#endif
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH V6 13/13] CryptoPkg/Crypto.h: Update the version of Crypto Driver
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
` (11 preceding siblings ...)
2020-05-15 4:39 ` [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format Gao, Zhichao
@ 2020-05-15 4:39 ` Gao, Zhichao
12 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-15 4:39 UTC (permalink / raw)
To: devel
Cc: Jian J Wang, Xiaoyu Lu, Siyuan Fu, Michael D Kinney, Jiewen Yao,
Philippe Mathieu-Daude
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
The binary is totally changed, so update the Crypto Version to 7:
1. Retire below deprecated function:
MD4, ARC4, TDES, AES ECB MODE, HMAC MD5, HMAC SHA1
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
CryptoPkg/Private/Protocol/Crypto.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index d167390774..c399e0d67a 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -2,6 +2,7 @@
This Protocol provides Crypto services to DXE modules
Copyright (C) Microsoft Corporation. All rights reserved.
+ Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -20,7 +21,7 @@
/// the EDK II Crypto Protocol is extended, this version define must be
/// increased.
///
-#define EDKII_CRYPTO_VERSION 6
+#define EDKII_CRYPTO_VERSION 7
///
/// EDK II Crypto Protocol forward declaration
--
2.21.0.windows.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format
2020-05-15 4:39 ` [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format Gao, Zhichao
@ 2020-05-15 4:43 ` Wang, Jian J
2020-05-18 5:37 ` Xiaoyu Lu
1 sibling, 0 replies; 17+ messages in thread
From: Wang, Jian J @ 2020-05-15 4:43 UTC (permalink / raw)
To: Gao, Zhichao, devel@edk2.groups.io
Cc: Lu, XiaoyuX, Fu, Siyuan, Kinney, Michael D, Yao, Jiewen,
Gao, Liming
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: Friday, May 15, 2020 12:40 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Fu, Siyuan <siyuan.fu@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Gao,
> Liming <liming.gao@intel.com>
> Subject: [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to
> dos format
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
>
> Convert file ending of the crypto created openssl config file -
> opensslconf.h from '\n' to '\r\n' to make align the line ending and
> pass the patch check.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
> .../Library/Include/openssl/opensslconf.h | 680 +++++++++---------
> 1 file changed, 340 insertions(+), 340 deletions(-)
>
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 70862e1054..62c2736cb0 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -1,349 +1,349 @@
> -/*
> - * WARNING: do not edit!
> - * Generated from include/openssl/opensslconf.h.in
> - *
> - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> - *
> - * Licensed under the OpenSSL license (the "License"). You may not use
> - * this file except in compliance with the License. You can obtain a copy
> - * in the file LICENSE in the source distribution or at
> - * https://www.openssl.org/source/license.html
> - */
> -
> -#include <openssl/opensslv.h>
> -
> -#ifdef __cplusplus
> -extern "C" {
> -#endif
> -
> -#ifdef OPENSSL_ALGORITHM_DEFINES
> -# error OPENSSL_ALGORITHM_DEFINES no longer supported
> -#endif
> -
> -/*
> - * OpenSSL was configured with the following options:
> - */
> -
> -#ifndef OPENSSL_SYS_UEFI
> -# define OPENSSL_SYS_UEFI 1
> -#endif
> -#define OPENSSL_MIN_API 0x10100000L
> -#ifndef OPENSSL_NO_BF
> -# define OPENSSL_NO_BF
> -#endif
> -#ifndef OPENSSL_NO_BLAKE2
> -# define OPENSSL_NO_BLAKE2
> -#endif
> -#ifndef OPENSSL_NO_CAMELLIA
> -# define OPENSSL_NO_CAMELLIA
> -#endif
> -#ifndef OPENSSL_NO_CAST
> -# define OPENSSL_NO_CAST
> -#endif
> -#ifndef OPENSSL_NO_CHACHA
> -# define OPENSSL_NO_CHACHA
> -#endif
> -#ifndef OPENSSL_NO_CMS
> -# define OPENSSL_NO_CMS
> -#endif
> -#ifndef OPENSSL_NO_CT
> -# define OPENSSL_NO_CT
> -#endif
> +/*
> + * WARNING: do not edit!
> + * Generated from include/openssl/opensslconf.h.in
> + *
> + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> + *
> + * Licensed under the OpenSSL license (the "License"). You may not use
> + * this file except in compliance with the License. You can obtain a copy
> + * in the file LICENSE in the source distribution or at
> + * https://www.openssl.org/source/license.html
> + */
> +
> +#include <openssl/opensslv.h>
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +#ifdef OPENSSL_ALGORITHM_DEFINES
> +# error OPENSSL_ALGORITHM_DEFINES no longer supported
> +#endif
> +
> +/*
> + * OpenSSL was configured with the following options:
> + */
> +
> +#ifndef OPENSSL_SYS_UEFI
> +# define OPENSSL_SYS_UEFI 1
> +#endif
> +#define OPENSSL_MIN_API 0x10100000L
> +#ifndef OPENSSL_NO_BF
> +# define OPENSSL_NO_BF
> +#endif
> +#ifndef OPENSSL_NO_BLAKE2
> +# define OPENSSL_NO_BLAKE2
> +#endif
> +#ifndef OPENSSL_NO_CAMELLIA
> +# define OPENSSL_NO_CAMELLIA
> +#endif
> +#ifndef OPENSSL_NO_CAST
> +# define OPENSSL_NO_CAST
> +#endif
> +#ifndef OPENSSL_NO_CHACHA
> +# define OPENSSL_NO_CHACHA
> +#endif
> +#ifndef OPENSSL_NO_CMS
> +# define OPENSSL_NO_CMS
> +#endif
> +#ifndef OPENSSL_NO_CT
> +# define OPENSSL_NO_CT
> +#endif
> #ifndef OPENSSL_NO_DES
> # define OPENSSL_NO_DES
> #endif
> -#ifndef OPENSSL_NO_DSA
> -# define OPENSSL_NO_DSA
> -#endif
> -#ifndef OPENSSL_NO_EC
> -# define OPENSSL_NO_EC
> -#endif
> -#ifndef OPENSSL_NO_IDEA
> -# define OPENSSL_NO_IDEA
> -#endif
> -#ifndef OPENSSL_NO_MD2
> -# define OPENSSL_NO_MD2
> -#endif
> +#ifndef OPENSSL_NO_DSA
> +# define OPENSSL_NO_DSA
> +#endif
> +#ifndef OPENSSL_NO_EC
> +# define OPENSSL_NO_EC
> +#endif
> +#ifndef OPENSSL_NO_IDEA
> +# define OPENSSL_NO_IDEA
> +#endif
> +#ifndef OPENSSL_NO_MD2
> +# define OPENSSL_NO_MD2
> +#endif
> #ifndef OPENSSL_NO_MD4
> # define OPENSSL_NO_MD4
> #endif
> -#ifndef OPENSSL_NO_MDC2
> -# define OPENSSL_NO_MDC2
> -#endif
> -#ifndef OPENSSL_NO_POLY1305
> -# define OPENSSL_NO_POLY1305
> -#endif
> -#ifndef OPENSSL_NO_RC2
> -# define OPENSSL_NO_RC2
> -#endif
> +#ifndef OPENSSL_NO_MDC2
> +# define OPENSSL_NO_MDC2
> +#endif
> +#ifndef OPENSSL_NO_POLY1305
> +# define OPENSSL_NO_POLY1305
> +#endif
> +#ifndef OPENSSL_NO_RC2
> +# define OPENSSL_NO_RC2
> +#endif
> #ifndef OPENSSL_NO_RC4
> # define OPENSSL_NO_RC4
> #endif
> -#ifndef OPENSSL_NO_RC5
> -# define OPENSSL_NO_RC5
> -#endif
> -#ifndef OPENSSL_NO_RMD160
> -# define OPENSSL_NO_RMD160
> -#endif
> -#ifndef OPENSSL_NO_SEED
> -# define OPENSSL_NO_SEED
> -#endif
> -#ifndef OPENSSL_NO_SM2
> -# define OPENSSL_NO_SM2
> -#endif
> -#ifndef OPENSSL_NO_SRP
> -# define OPENSSL_NO_SRP
> -#endif
> -#ifndef OPENSSL_NO_TS
> -# define OPENSSL_NO_TS
> -#endif
> -#ifndef OPENSSL_NO_WHIRLPOOL
> -# define OPENSSL_NO_WHIRLPOOL
> -#endif
> -#ifndef OPENSSL_RAND_SEED_NONE
> -# define OPENSSL_RAND_SEED_NONE
> -#endif
> -#ifndef OPENSSL_NO_AFALGENG
> -# define OPENSSL_NO_AFALGENG
> -#endif
> -#ifndef OPENSSL_NO_APPS
> -# define OPENSSL_NO_APPS
> -#endif
> -#ifndef OPENSSL_NO_ASAN
> -# define OPENSSL_NO_ASAN
> -#endif
> -#ifndef OPENSSL_NO_ASM
> -# define OPENSSL_NO_ASM
> -#endif
> -#ifndef OPENSSL_NO_ASYNC
> -# define OPENSSL_NO_ASYNC
> -#endif
> -#ifndef OPENSSL_NO_AUTOERRINIT
> -# define OPENSSL_NO_AUTOERRINIT
> -#endif
> -#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> -# define OPENSSL_NO_AUTOLOAD_CONFIG
> -#endif
> -#ifndef OPENSSL_NO_CAPIENG
> -# define OPENSSL_NO_CAPIENG
> -#endif
> -#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> -# define OPENSSL_NO_CRYPTO_MDEBUG
> -#endif
> -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> -# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> -#endif
> -#ifndef OPENSSL_NO_DEPRECATED
> -# define OPENSSL_NO_DEPRECATED
> -#endif
> -#ifndef OPENSSL_NO_DEVCRYPTOENG
> -# define OPENSSL_NO_DEVCRYPTOENG
> -#endif
> -#ifndef OPENSSL_NO_DGRAM
> -# define OPENSSL_NO_DGRAM
> -#endif
> -#ifndef OPENSSL_NO_DTLS
> -# define OPENSSL_NO_DTLS
> -#endif
> -#ifndef OPENSSL_NO_DTLS1
> -# define OPENSSL_NO_DTLS1
> -#endif
> -#ifndef OPENSSL_NO_DTLS1_2
> -# define OPENSSL_NO_DTLS1_2
> -#endif
> -#ifndef OPENSSL_NO_EC2M
> -# define OPENSSL_NO_EC2M
> -#endif
> -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
> -# define OPENSSL_NO_EC_NISTP_64_GCC_128
> -#endif
> -#ifndef OPENSSL_NO_ECDH
> -# define OPENSSL_NO_ECDH
> -#endif
> -#ifndef OPENSSL_NO_ECDSA
> -# define OPENSSL_NO_ECDSA
> -#endif
> -#ifndef OPENSSL_NO_EGD
> -# define OPENSSL_NO_EGD
> -#endif
> -#ifndef OPENSSL_NO_ENGINE
> -# define OPENSSL_NO_ENGINE
> -#endif
> -#ifndef OPENSSL_NO_ERR
> -# define OPENSSL_NO_ERR
> -#endif
> -#ifndef OPENSSL_NO_EXTERNAL_TESTS
> -# define OPENSSL_NO_EXTERNAL_TESTS
> -#endif
> -#ifndef OPENSSL_NO_FILENAMES
> -# define OPENSSL_NO_FILENAMES
> -#endif
> -#ifndef OPENSSL_NO_FUZZ_AFL
> -# define OPENSSL_NO_FUZZ_AFL
> -#endif
> -#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> -# define OPENSSL_NO_FUZZ_LIBFUZZER
> -#endif
> -#ifndef OPENSSL_NO_GOST
> -# define OPENSSL_NO_GOST
> -#endif
> -#ifndef OPENSSL_NO_HEARTBEATS
> -# define OPENSSL_NO_HEARTBEATS
> -#endif
> -#ifndef OPENSSL_NO_HW
> -# define OPENSSL_NO_HW
> -#endif
> -#ifndef OPENSSL_NO_MSAN
> -# define OPENSSL_NO_MSAN
> -#endif
> -#ifndef OPENSSL_NO_OCB
> -# define OPENSSL_NO_OCB
> -#endif
> -#ifndef OPENSSL_NO_POSIX_IO
> -# define OPENSSL_NO_POSIX_IO
> -#endif
> -#ifndef OPENSSL_NO_RFC3779
> -# define OPENSSL_NO_RFC3779
> -#endif
> -#ifndef OPENSSL_NO_SCRYPT
> -# define OPENSSL_NO_SCRYPT
> -#endif
> -#ifndef OPENSSL_NO_SCTP
> -# define OPENSSL_NO_SCTP
> -#endif
> -#ifndef OPENSSL_NO_SOCK
> -# define OPENSSL_NO_SOCK
> -#endif
> -#ifndef OPENSSL_NO_SSL_TRACE
> -# define OPENSSL_NO_SSL_TRACE
> -#endif
> -#ifndef OPENSSL_NO_SSL3
> -# define OPENSSL_NO_SSL3
> -#endif
> -#ifndef OPENSSL_NO_SSL3_METHOD
> -# define OPENSSL_NO_SSL3_METHOD
> -#endif
> -#ifndef OPENSSL_NO_STDIO
> -# define OPENSSL_NO_STDIO
> -#endif
> -#ifndef OPENSSL_NO_TESTS
> -# define OPENSSL_NO_TESTS
> -#endif
> -#ifndef OPENSSL_NO_TLS1_3
> -# define OPENSSL_NO_TLS1_3
> -#endif
> -#ifndef OPENSSL_NO_UBSAN
> -# define OPENSSL_NO_UBSAN
> -#endif
> -#ifndef OPENSSL_NO_UI_CONSOLE
> -# define OPENSSL_NO_UI_CONSOLE
> -#endif
> -#ifndef OPENSSL_NO_UNIT_TEST
> -# define OPENSSL_NO_UNIT_TEST
> -#endif
> -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> -# define OPENSSL_NO_WEAK_SSL_CIPHERS
> -#endif
> -#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> -# define OPENSSL_NO_DYNAMIC_ENGINE
> -#endif
> -#ifndef OPENSSL_NO_AFALGENG
> -# define OPENSSL_NO_AFALGENG
> -#endif
> -
> -
> -/*
> - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some
> compilers
> - * don't like that. This will hopefully silence them.
> - */
> -#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> -
> -/*
> - * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
> - * declarations of functions deprecated in or before <version>. Otherwise, they
> - * still won't see them if the library has been built to disable deprecated
> - * functions.
> - */
> -#ifndef DECLARE_DEPRECATED
> -# define DECLARE_DEPRECATED(f) f;
> -# ifdef __GNUC__
> -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> -# undef DECLARE_DEPRECATED
> -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> -# endif
> -# endif
> -#endif
> -
> -#ifndef OPENSSL_FILE
> -# ifdef OPENSSL_NO_FILENAMES
> -# define OPENSSL_FILE ""
> -# define OPENSSL_LINE 0
> -# else
> -# define OPENSSL_FILE __FILE__
> -# define OPENSSL_LINE __LINE__
> -# endif
> -#endif
> -
> -#ifndef OPENSSL_MIN_API
> -# define OPENSSL_MIN_API 0
> -#endif
> -
> -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT <
> OPENSSL_MIN_API
> -# undef OPENSSL_API_COMPAT
> -# define OPENSSL_API_COMPAT OPENSSL_MIN_API
> -#endif
> -
> -/*
> - * Do not deprecate things to be deprecated in version 1.2.0 before the
> - * OpenSSL version number matches.
> - */
> -#if OPENSSL_VERSION_NUMBER < 0x10200000L
> -# define DEPRECATEDIN_1_2_0(f) f;
> -#elif OPENSSL_API_COMPAT < 0x10200000L
> -# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_2_0(f)
> -#endif
> -
> -#if OPENSSL_API_COMPAT < 0x10100000L
> -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_1_0(f)
> -#endif
> -
> -#if OPENSSL_API_COMPAT < 0x10000000L
> -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_0_0(f)
> -#endif
> -
> -#if OPENSSL_API_COMPAT < 0x00908000L
> -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_0_9_8(f)
> -#endif
> -
> -/* Generate 80386 code? */
> -#undef I386_ONLY
> -
> -#undef OPENSSL_UNISTD
> -#define OPENSSL_UNISTD <unistd.h>
> -
> -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> -
> -/*
> - * The following are cipher-specific, but are part of the public API.
> - */
> -#if !defined(OPENSSL_SYS_UEFI)
> -# undef BN_LLONG
> -/* Only one for the following should be defined */
> -# undef SIXTY_FOUR_BIT_LONG
> -# undef SIXTY_FOUR_BIT
> -# define THIRTY_TWO_BIT
> -#endif
> -
> -#define RC4_INT unsigned int
> -
> -#ifdef __cplusplus
> -}
> -#endif
> +#ifndef OPENSSL_NO_RC5
> +# define OPENSSL_NO_RC5
> +#endif
> +#ifndef OPENSSL_NO_RMD160
> +# define OPENSSL_NO_RMD160
> +#endif
> +#ifndef OPENSSL_NO_SEED
> +# define OPENSSL_NO_SEED
> +#endif
> +#ifndef OPENSSL_NO_SM2
> +# define OPENSSL_NO_SM2
> +#endif
> +#ifndef OPENSSL_NO_SRP
> +# define OPENSSL_NO_SRP
> +#endif
> +#ifndef OPENSSL_NO_TS
> +# define OPENSSL_NO_TS
> +#endif
> +#ifndef OPENSSL_NO_WHIRLPOOL
> +# define OPENSSL_NO_WHIRLPOOL
> +#endif
> +#ifndef OPENSSL_RAND_SEED_NONE
> +# define OPENSSL_RAND_SEED_NONE
> +#endif
> +#ifndef OPENSSL_NO_AFALGENG
> +# define OPENSSL_NO_AFALGENG
> +#endif
> +#ifndef OPENSSL_NO_APPS
> +# define OPENSSL_NO_APPS
> +#endif
> +#ifndef OPENSSL_NO_ASAN
> +# define OPENSSL_NO_ASAN
> +#endif
> +#ifndef OPENSSL_NO_ASM
> +# define OPENSSL_NO_ASM
> +#endif
> +#ifndef OPENSSL_NO_ASYNC
> +# define OPENSSL_NO_ASYNC
> +#endif
> +#ifndef OPENSSL_NO_AUTOERRINIT
> +# define OPENSSL_NO_AUTOERRINIT
> +#endif
> +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> +# define OPENSSL_NO_AUTOLOAD_CONFIG
> +#endif
> +#ifndef OPENSSL_NO_CAPIENG
> +# define OPENSSL_NO_CAPIENG
> +#endif
> +#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> +# define OPENSSL_NO_CRYPTO_MDEBUG
> +#endif
> +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> +#endif
> +#ifndef OPENSSL_NO_DEPRECATED
> +# define OPENSSL_NO_DEPRECATED
> +#endif
> +#ifndef OPENSSL_NO_DEVCRYPTOENG
> +# define OPENSSL_NO_DEVCRYPTOENG
> +#endif
> +#ifndef OPENSSL_NO_DGRAM
> +# define OPENSSL_NO_DGRAM
> +#endif
> +#ifndef OPENSSL_NO_DTLS
> +# define OPENSSL_NO_DTLS
> +#endif
> +#ifndef OPENSSL_NO_DTLS1
> +# define OPENSSL_NO_DTLS1
> +#endif
> +#ifndef OPENSSL_NO_DTLS1_2
> +# define OPENSSL_NO_DTLS1_2
> +#endif
> +#ifndef OPENSSL_NO_EC2M
> +# define OPENSSL_NO_EC2M
> +#endif
> +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
> +# define OPENSSL_NO_EC_NISTP_64_GCC_128
> +#endif
> +#ifndef OPENSSL_NO_ECDH
> +# define OPENSSL_NO_ECDH
> +#endif
> +#ifndef OPENSSL_NO_ECDSA
> +# define OPENSSL_NO_ECDSA
> +#endif
> +#ifndef OPENSSL_NO_EGD
> +# define OPENSSL_NO_EGD
> +#endif
> +#ifndef OPENSSL_NO_ENGINE
> +# define OPENSSL_NO_ENGINE
> +#endif
> +#ifndef OPENSSL_NO_ERR
> +# define OPENSSL_NO_ERR
> +#endif
> +#ifndef OPENSSL_NO_EXTERNAL_TESTS
> +# define OPENSSL_NO_EXTERNAL_TESTS
> +#endif
> +#ifndef OPENSSL_NO_FILENAMES
> +# define OPENSSL_NO_FILENAMES
> +#endif
> +#ifndef OPENSSL_NO_FUZZ_AFL
> +# define OPENSSL_NO_FUZZ_AFL
> +#endif
> +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> +# define OPENSSL_NO_FUZZ_LIBFUZZER
> +#endif
> +#ifndef OPENSSL_NO_GOST
> +# define OPENSSL_NO_GOST
> +#endif
> +#ifndef OPENSSL_NO_HEARTBEATS
> +# define OPENSSL_NO_HEARTBEATS
> +#endif
> +#ifndef OPENSSL_NO_HW
> +# define OPENSSL_NO_HW
> +#endif
> +#ifndef OPENSSL_NO_MSAN
> +# define OPENSSL_NO_MSAN
> +#endif
> +#ifndef OPENSSL_NO_OCB
> +# define OPENSSL_NO_OCB
> +#endif
> +#ifndef OPENSSL_NO_POSIX_IO
> +# define OPENSSL_NO_POSIX_IO
> +#endif
> +#ifndef OPENSSL_NO_RFC3779
> +# define OPENSSL_NO_RFC3779
> +#endif
> +#ifndef OPENSSL_NO_SCRYPT
> +# define OPENSSL_NO_SCRYPT
> +#endif
> +#ifndef OPENSSL_NO_SCTP
> +# define OPENSSL_NO_SCTP
> +#endif
> +#ifndef OPENSSL_NO_SOCK
> +# define OPENSSL_NO_SOCK
> +#endif
> +#ifndef OPENSSL_NO_SSL_TRACE
> +# define OPENSSL_NO_SSL_TRACE
> +#endif
> +#ifndef OPENSSL_NO_SSL3
> +# define OPENSSL_NO_SSL3
> +#endif
> +#ifndef OPENSSL_NO_SSL3_METHOD
> +# define OPENSSL_NO_SSL3_METHOD
> +#endif
> +#ifndef OPENSSL_NO_STDIO
> +# define OPENSSL_NO_STDIO
> +#endif
> +#ifndef OPENSSL_NO_TESTS
> +# define OPENSSL_NO_TESTS
> +#endif
> +#ifndef OPENSSL_NO_TLS1_3
> +# define OPENSSL_NO_TLS1_3
> +#endif
> +#ifndef OPENSSL_NO_UBSAN
> +# define OPENSSL_NO_UBSAN
> +#endif
> +#ifndef OPENSSL_NO_UI_CONSOLE
> +# define OPENSSL_NO_UI_CONSOLE
> +#endif
> +#ifndef OPENSSL_NO_UNIT_TEST
> +# define OPENSSL_NO_UNIT_TEST
> +#endif
> +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +# define OPENSSL_NO_WEAK_SSL_CIPHERS
> +#endif
> +#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> +# define OPENSSL_NO_DYNAMIC_ENGINE
> +#endif
> +#ifndef OPENSSL_NO_AFALGENG
> +# define OPENSSL_NO_AFALGENG
> +#endif
> +
> +
> +/*
> + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some
> compilers
> + * don't like that. This will hopefully silence them.
> + */
> +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> +
> +/*
> + * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
> + * declarations of functions deprecated in or before <version>. Otherwise, they
> + * still won't see them if the library has been built to disable deprecated
> + * functions.
> + */
> +#ifndef DECLARE_DEPRECATED
> +# define DECLARE_DEPRECATED(f) f;
> +# ifdef __GNUC__
> +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> +# undef DECLARE_DEPRECATED
> +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> +# endif
> +# endif
> +#endif
> +
> +#ifndef OPENSSL_FILE
> +# ifdef OPENSSL_NO_FILENAMES
> +# define OPENSSL_FILE ""
> +# define OPENSSL_LINE 0
> +# else
> +# define OPENSSL_FILE __FILE__
> +# define OPENSSL_LINE __LINE__
> +# endif
> +#endif
> +
> +#ifndef OPENSSL_MIN_API
> +# define OPENSSL_MIN_API 0
> +#endif
> +
> +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT <
> OPENSSL_MIN_API
> +# undef OPENSSL_API_COMPAT
> +# define OPENSSL_API_COMPAT OPENSSL_MIN_API
> +#endif
> +
> +/*
> + * Do not deprecate things to be deprecated in version 1.2.0 before the
> + * OpenSSL version number matches.
> + */
> +#if OPENSSL_VERSION_NUMBER < 0x10200000L
> +# define DEPRECATEDIN_1_2_0(f) f;
> +#elif OPENSSL_API_COMPAT < 0x10200000L
> +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_2_0(f)
> +#endif
> +
> +#if OPENSSL_API_COMPAT < 0x10100000L
> +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_1_0(f)
> +#endif
> +
> +#if OPENSSL_API_COMPAT < 0x10000000L
> +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_0_0(f)
> +#endif
> +
> +#if OPENSSL_API_COMPAT < 0x00908000L
> +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_0_9_8(f)
> +#endif
> +
> +/* Generate 80386 code? */
> +#undef I386_ONLY
> +
> +#undef OPENSSL_UNISTD
> +#define OPENSSL_UNISTD <unistd.h>
> +
> +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> +
> +/*
> + * The following are cipher-specific, but are part of the public API.
> + */
> +#if !defined(OPENSSL_SYS_UEFI)
> +# undef BN_LLONG
> +/* Only one for the following should be defined */
> +# undef SIXTY_FOUR_BIT_LONG
> +# undef SIXTY_FOUR_BIT
> +# define THIRTY_TWO_BIT
> +#endif
> +
> +#define RC4_INT unsigned int
> +
> +#ifdef __cplusplus
> +}
> +#endif
> --
> 2.21.0.windows.1
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format
2020-05-15 4:39 ` [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format Gao, Zhichao
2020-05-15 4:43 ` Wang, Jian J
@ 2020-05-18 5:37 ` Xiaoyu Lu
2020-05-19 1:58 ` Gao, Zhichao
1 sibling, 1 reply; 17+ messages in thread
From: Xiaoyu Lu @ 2020-05-18 5:37 UTC (permalink / raw)
To: Gao, Zhichao, devel@edk2.groups.io
Cc: Wang, Jian J, Fu, Siyuan, Kinney, Michael D, Yao, Jiewen,
Gao, Liming
Hi Zhicao,
Library/Include/openssl/opensslconf.h is generated by OpenSSL and copied by process_files.pl.
I think it should be changed through process_files.pl.
Thanks,
Xiaoyu
> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: Friday, May 15, 2020 12:40 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Fu, Siyuan <siyuan.fu@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Gao,
> Liming <liming.gao@intel.com>
> Subject: [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to
> dos format
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
>
> Convert file ending of the crypto created openssl config file -
> opensslconf.h from '\n' to '\r\n' to make align the line ending and
> pass the patch check.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
> .../Library/Include/openssl/opensslconf.h | 680 +++++++++---------
> 1 file changed, 340 insertions(+), 340 deletions(-)
>
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 70862e1054..62c2736cb0 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -1,349 +1,349 @@
> -/*
> - * WARNING: do not edit!
> - * Generated from include/openssl/opensslconf.h.in
> - *
> - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> - *
> - * Licensed under the OpenSSL license (the "License"). You may not use
> - * this file except in compliance with the License. You can obtain a copy
> - * in the file LICENSE in the source distribution or at
> - * https://www.openssl.org/source/license.html
> - */
> -
> -#include <openssl/opensslv.h>
> -
> -#ifdef __cplusplus
> -extern "C" {
> -#endif
> -
> -#ifdef OPENSSL_ALGORITHM_DEFINES
> -# error OPENSSL_ALGORITHM_DEFINES no longer supported
> -#endif
> -
> -/*
> - * OpenSSL was configured with the following options:
> - */
> -
> -#ifndef OPENSSL_SYS_UEFI
> -# define OPENSSL_SYS_UEFI 1
> -#endif
> -#define OPENSSL_MIN_API 0x10100000L
> -#ifndef OPENSSL_NO_BF
> -# define OPENSSL_NO_BF
> -#endif
> -#ifndef OPENSSL_NO_BLAKE2
> -# define OPENSSL_NO_BLAKE2
> -#endif
> -#ifndef OPENSSL_NO_CAMELLIA
> -# define OPENSSL_NO_CAMELLIA
> -#endif
> -#ifndef OPENSSL_NO_CAST
> -# define OPENSSL_NO_CAST
> -#endif
> -#ifndef OPENSSL_NO_CHACHA
> -# define OPENSSL_NO_CHACHA
> -#endif
> -#ifndef OPENSSL_NO_CMS
> -# define OPENSSL_NO_CMS
> -#endif
> -#ifndef OPENSSL_NO_CT
> -# define OPENSSL_NO_CT
> -#endif
> +/*
> + * WARNING: do not edit!
> + * Generated from include/openssl/opensslconf.h.in
> + *
> + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> + *
> + * Licensed under the OpenSSL license (the "License"). You may not use
> + * this file except in compliance with the License. You can obtain a copy
> + * in the file LICENSE in the source distribution or at
> + * https://www.openssl.org/source/license.html
> + */
> +
> +#include <openssl/opensslv.h>
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +#ifdef OPENSSL_ALGORITHM_DEFINES
> +# error OPENSSL_ALGORITHM_DEFINES no longer supported
> +#endif
> +
> +/*
> + * OpenSSL was configured with the following options:
> + */
> +
> +#ifndef OPENSSL_SYS_UEFI
> +# define OPENSSL_SYS_UEFI 1
> +#endif
> +#define OPENSSL_MIN_API 0x10100000L
> +#ifndef OPENSSL_NO_BF
> +# define OPENSSL_NO_BF
> +#endif
> +#ifndef OPENSSL_NO_BLAKE2
> +# define OPENSSL_NO_BLAKE2
> +#endif
> +#ifndef OPENSSL_NO_CAMELLIA
> +# define OPENSSL_NO_CAMELLIA
> +#endif
> +#ifndef OPENSSL_NO_CAST
> +# define OPENSSL_NO_CAST
> +#endif
> +#ifndef OPENSSL_NO_CHACHA
> +# define OPENSSL_NO_CHACHA
> +#endif
> +#ifndef OPENSSL_NO_CMS
> +# define OPENSSL_NO_CMS
> +#endif
> +#ifndef OPENSSL_NO_CT
> +# define OPENSSL_NO_CT
> +#endif
> #ifndef OPENSSL_NO_DES
> # define OPENSSL_NO_DES
> #endif
> -#ifndef OPENSSL_NO_DSA
> -# define OPENSSL_NO_DSA
> -#endif
> -#ifndef OPENSSL_NO_EC
> -# define OPENSSL_NO_EC
> -#endif
> -#ifndef OPENSSL_NO_IDEA
> -# define OPENSSL_NO_IDEA
> -#endif
> -#ifndef OPENSSL_NO_MD2
> -# define OPENSSL_NO_MD2
> -#endif
> +#ifndef OPENSSL_NO_DSA
> +# define OPENSSL_NO_DSA
> +#endif
> +#ifndef OPENSSL_NO_EC
> +# define OPENSSL_NO_EC
> +#endif
> +#ifndef OPENSSL_NO_IDEA
> +# define OPENSSL_NO_IDEA
> +#endif
> +#ifndef OPENSSL_NO_MD2
> +# define OPENSSL_NO_MD2
> +#endif
> #ifndef OPENSSL_NO_MD4
> # define OPENSSL_NO_MD4
> #endif
> -#ifndef OPENSSL_NO_MDC2
> -# define OPENSSL_NO_MDC2
> -#endif
> -#ifndef OPENSSL_NO_POLY1305
> -# define OPENSSL_NO_POLY1305
> -#endif
> -#ifndef OPENSSL_NO_RC2
> -# define OPENSSL_NO_RC2
> -#endif
> +#ifndef OPENSSL_NO_MDC2
> +# define OPENSSL_NO_MDC2
> +#endif
> +#ifndef OPENSSL_NO_POLY1305
> +# define OPENSSL_NO_POLY1305
> +#endif
> +#ifndef OPENSSL_NO_RC2
> +# define OPENSSL_NO_RC2
> +#endif
> #ifndef OPENSSL_NO_RC4
> # define OPENSSL_NO_RC4
> #endif
> -#ifndef OPENSSL_NO_RC5
> -# define OPENSSL_NO_RC5
> -#endif
> -#ifndef OPENSSL_NO_RMD160
> -# define OPENSSL_NO_RMD160
> -#endif
> -#ifndef OPENSSL_NO_SEED
> -# define OPENSSL_NO_SEED
> -#endif
> -#ifndef OPENSSL_NO_SM2
> -# define OPENSSL_NO_SM2
> -#endif
> -#ifndef OPENSSL_NO_SRP
> -# define OPENSSL_NO_SRP
> -#endif
> -#ifndef OPENSSL_NO_TS
> -# define OPENSSL_NO_TS
> -#endif
> -#ifndef OPENSSL_NO_WHIRLPOOL
> -# define OPENSSL_NO_WHIRLPOOL
> -#endif
> -#ifndef OPENSSL_RAND_SEED_NONE
> -# define OPENSSL_RAND_SEED_NONE
> -#endif
> -#ifndef OPENSSL_NO_AFALGENG
> -# define OPENSSL_NO_AFALGENG
> -#endif
> -#ifndef OPENSSL_NO_APPS
> -# define OPENSSL_NO_APPS
> -#endif
> -#ifndef OPENSSL_NO_ASAN
> -# define OPENSSL_NO_ASAN
> -#endif
> -#ifndef OPENSSL_NO_ASM
> -# define OPENSSL_NO_ASM
> -#endif
> -#ifndef OPENSSL_NO_ASYNC
> -# define OPENSSL_NO_ASYNC
> -#endif
> -#ifndef OPENSSL_NO_AUTOERRINIT
> -# define OPENSSL_NO_AUTOERRINIT
> -#endif
> -#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> -# define OPENSSL_NO_AUTOLOAD_CONFIG
> -#endif
> -#ifndef OPENSSL_NO_CAPIENG
> -# define OPENSSL_NO_CAPIENG
> -#endif
> -#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> -# define OPENSSL_NO_CRYPTO_MDEBUG
> -#endif
> -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> -# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> -#endif
> -#ifndef OPENSSL_NO_DEPRECATED
> -# define OPENSSL_NO_DEPRECATED
> -#endif
> -#ifndef OPENSSL_NO_DEVCRYPTOENG
> -# define OPENSSL_NO_DEVCRYPTOENG
> -#endif
> -#ifndef OPENSSL_NO_DGRAM
> -# define OPENSSL_NO_DGRAM
> -#endif
> -#ifndef OPENSSL_NO_DTLS
> -# define OPENSSL_NO_DTLS
> -#endif
> -#ifndef OPENSSL_NO_DTLS1
> -# define OPENSSL_NO_DTLS1
> -#endif
> -#ifndef OPENSSL_NO_DTLS1_2
> -# define OPENSSL_NO_DTLS1_2
> -#endif
> -#ifndef OPENSSL_NO_EC2M
> -# define OPENSSL_NO_EC2M
> -#endif
> -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
> -# define OPENSSL_NO_EC_NISTP_64_GCC_128
> -#endif
> -#ifndef OPENSSL_NO_ECDH
> -# define OPENSSL_NO_ECDH
> -#endif
> -#ifndef OPENSSL_NO_ECDSA
> -# define OPENSSL_NO_ECDSA
> -#endif
> -#ifndef OPENSSL_NO_EGD
> -# define OPENSSL_NO_EGD
> -#endif
> -#ifndef OPENSSL_NO_ENGINE
> -# define OPENSSL_NO_ENGINE
> -#endif
> -#ifndef OPENSSL_NO_ERR
> -# define OPENSSL_NO_ERR
> -#endif
> -#ifndef OPENSSL_NO_EXTERNAL_TESTS
> -# define OPENSSL_NO_EXTERNAL_TESTS
> -#endif
> -#ifndef OPENSSL_NO_FILENAMES
> -# define OPENSSL_NO_FILENAMES
> -#endif
> -#ifndef OPENSSL_NO_FUZZ_AFL
> -# define OPENSSL_NO_FUZZ_AFL
> -#endif
> -#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> -# define OPENSSL_NO_FUZZ_LIBFUZZER
> -#endif
> -#ifndef OPENSSL_NO_GOST
> -# define OPENSSL_NO_GOST
> -#endif
> -#ifndef OPENSSL_NO_HEARTBEATS
> -# define OPENSSL_NO_HEARTBEATS
> -#endif
> -#ifndef OPENSSL_NO_HW
> -# define OPENSSL_NO_HW
> -#endif
> -#ifndef OPENSSL_NO_MSAN
> -# define OPENSSL_NO_MSAN
> -#endif
> -#ifndef OPENSSL_NO_OCB
> -# define OPENSSL_NO_OCB
> -#endif
> -#ifndef OPENSSL_NO_POSIX_IO
> -# define OPENSSL_NO_POSIX_IO
> -#endif
> -#ifndef OPENSSL_NO_RFC3779
> -# define OPENSSL_NO_RFC3779
> -#endif
> -#ifndef OPENSSL_NO_SCRYPT
> -# define OPENSSL_NO_SCRYPT
> -#endif
> -#ifndef OPENSSL_NO_SCTP
> -# define OPENSSL_NO_SCTP
> -#endif
> -#ifndef OPENSSL_NO_SOCK
> -# define OPENSSL_NO_SOCK
> -#endif
> -#ifndef OPENSSL_NO_SSL_TRACE
> -# define OPENSSL_NO_SSL_TRACE
> -#endif
> -#ifndef OPENSSL_NO_SSL3
> -# define OPENSSL_NO_SSL3
> -#endif
> -#ifndef OPENSSL_NO_SSL3_METHOD
> -# define OPENSSL_NO_SSL3_METHOD
> -#endif
> -#ifndef OPENSSL_NO_STDIO
> -# define OPENSSL_NO_STDIO
> -#endif
> -#ifndef OPENSSL_NO_TESTS
> -# define OPENSSL_NO_TESTS
> -#endif
> -#ifndef OPENSSL_NO_TLS1_3
> -# define OPENSSL_NO_TLS1_3
> -#endif
> -#ifndef OPENSSL_NO_UBSAN
> -# define OPENSSL_NO_UBSAN
> -#endif
> -#ifndef OPENSSL_NO_UI_CONSOLE
> -# define OPENSSL_NO_UI_CONSOLE
> -#endif
> -#ifndef OPENSSL_NO_UNIT_TEST
> -# define OPENSSL_NO_UNIT_TEST
> -#endif
> -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> -# define OPENSSL_NO_WEAK_SSL_CIPHERS
> -#endif
> -#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> -# define OPENSSL_NO_DYNAMIC_ENGINE
> -#endif
> -#ifndef OPENSSL_NO_AFALGENG
> -# define OPENSSL_NO_AFALGENG
> -#endif
> -
> -
> -/*
> - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some
> compilers
> - * don't like that. This will hopefully silence them.
> - */
> -#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> -
> -/*
> - * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
> - * declarations of functions deprecated in or before <version>. Otherwise, they
> - * still won't see them if the library has been built to disable deprecated
> - * functions.
> - */
> -#ifndef DECLARE_DEPRECATED
> -# define DECLARE_DEPRECATED(f) f;
> -# ifdef __GNUC__
> -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> -# undef DECLARE_DEPRECATED
> -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> -# endif
> -# endif
> -#endif
> -
> -#ifndef OPENSSL_FILE
> -# ifdef OPENSSL_NO_FILENAMES
> -# define OPENSSL_FILE ""
> -# define OPENSSL_LINE 0
> -# else
> -# define OPENSSL_FILE __FILE__
> -# define OPENSSL_LINE __LINE__
> -# endif
> -#endif
> -
> -#ifndef OPENSSL_MIN_API
> -# define OPENSSL_MIN_API 0
> -#endif
> -
> -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT <
> OPENSSL_MIN_API
> -# undef OPENSSL_API_COMPAT
> -# define OPENSSL_API_COMPAT OPENSSL_MIN_API
> -#endif
> -
> -/*
> - * Do not deprecate things to be deprecated in version 1.2.0 before the
> - * OpenSSL version number matches.
> - */
> -#if OPENSSL_VERSION_NUMBER < 0x10200000L
> -# define DEPRECATEDIN_1_2_0(f) f;
> -#elif OPENSSL_API_COMPAT < 0x10200000L
> -# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_2_0(f)
> -#endif
> -
> -#if OPENSSL_API_COMPAT < 0x10100000L
> -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_1_0(f)
> -#endif
> -
> -#if OPENSSL_API_COMPAT < 0x10000000L
> -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_0_0(f)
> -#endif
> -
> -#if OPENSSL_API_COMPAT < 0x00908000L
> -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_0_9_8(f)
> -#endif
> -
> -/* Generate 80386 code? */
> -#undef I386_ONLY
> -
> -#undef OPENSSL_UNISTD
> -#define OPENSSL_UNISTD <unistd.h>
> -
> -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> -
> -/*
> - * The following are cipher-specific, but are part of the public API.
> - */
> -#if !defined(OPENSSL_SYS_UEFI)
> -# undef BN_LLONG
> -/* Only one for the following should be defined */
> -# undef SIXTY_FOUR_BIT_LONG
> -# undef SIXTY_FOUR_BIT
> -# define THIRTY_TWO_BIT
> -#endif
> -
> -#define RC4_INT unsigned int
> -
> -#ifdef __cplusplus
> -}
> -#endif
> +#ifndef OPENSSL_NO_RC5
> +# define OPENSSL_NO_RC5
> +#endif
> +#ifndef OPENSSL_NO_RMD160
> +# define OPENSSL_NO_RMD160
> +#endif
> +#ifndef OPENSSL_NO_SEED
> +# define OPENSSL_NO_SEED
> +#endif
> +#ifndef OPENSSL_NO_SM2
> +# define OPENSSL_NO_SM2
> +#endif
> +#ifndef OPENSSL_NO_SRP
> +# define OPENSSL_NO_SRP
> +#endif
> +#ifndef OPENSSL_NO_TS
> +# define OPENSSL_NO_TS
> +#endif
> +#ifndef OPENSSL_NO_WHIRLPOOL
> +# define OPENSSL_NO_WHIRLPOOL
> +#endif
> +#ifndef OPENSSL_RAND_SEED_NONE
> +# define OPENSSL_RAND_SEED_NONE
> +#endif
> +#ifndef OPENSSL_NO_AFALGENG
> +# define OPENSSL_NO_AFALGENG
> +#endif
> +#ifndef OPENSSL_NO_APPS
> +# define OPENSSL_NO_APPS
> +#endif
> +#ifndef OPENSSL_NO_ASAN
> +# define OPENSSL_NO_ASAN
> +#endif
> +#ifndef OPENSSL_NO_ASM
> +# define OPENSSL_NO_ASM
> +#endif
> +#ifndef OPENSSL_NO_ASYNC
> +# define OPENSSL_NO_ASYNC
> +#endif
> +#ifndef OPENSSL_NO_AUTOERRINIT
> +# define OPENSSL_NO_AUTOERRINIT
> +#endif
> +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> +# define OPENSSL_NO_AUTOLOAD_CONFIG
> +#endif
> +#ifndef OPENSSL_NO_CAPIENG
> +# define OPENSSL_NO_CAPIENG
> +#endif
> +#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> +# define OPENSSL_NO_CRYPTO_MDEBUG
> +#endif
> +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> +#endif
> +#ifndef OPENSSL_NO_DEPRECATED
> +# define OPENSSL_NO_DEPRECATED
> +#endif
> +#ifndef OPENSSL_NO_DEVCRYPTOENG
> +# define OPENSSL_NO_DEVCRYPTOENG
> +#endif
> +#ifndef OPENSSL_NO_DGRAM
> +# define OPENSSL_NO_DGRAM
> +#endif
> +#ifndef OPENSSL_NO_DTLS
> +# define OPENSSL_NO_DTLS
> +#endif
> +#ifndef OPENSSL_NO_DTLS1
> +# define OPENSSL_NO_DTLS1
> +#endif
> +#ifndef OPENSSL_NO_DTLS1_2
> +# define OPENSSL_NO_DTLS1_2
> +#endif
> +#ifndef OPENSSL_NO_EC2M
> +# define OPENSSL_NO_EC2M
> +#endif
> +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
> +# define OPENSSL_NO_EC_NISTP_64_GCC_128
> +#endif
> +#ifndef OPENSSL_NO_ECDH
> +# define OPENSSL_NO_ECDH
> +#endif
> +#ifndef OPENSSL_NO_ECDSA
> +# define OPENSSL_NO_ECDSA
> +#endif
> +#ifndef OPENSSL_NO_EGD
> +# define OPENSSL_NO_EGD
> +#endif
> +#ifndef OPENSSL_NO_ENGINE
> +# define OPENSSL_NO_ENGINE
> +#endif
> +#ifndef OPENSSL_NO_ERR
> +# define OPENSSL_NO_ERR
> +#endif
> +#ifndef OPENSSL_NO_EXTERNAL_TESTS
> +# define OPENSSL_NO_EXTERNAL_TESTS
> +#endif
> +#ifndef OPENSSL_NO_FILENAMES
> +# define OPENSSL_NO_FILENAMES
> +#endif
> +#ifndef OPENSSL_NO_FUZZ_AFL
> +# define OPENSSL_NO_FUZZ_AFL
> +#endif
> +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> +# define OPENSSL_NO_FUZZ_LIBFUZZER
> +#endif
> +#ifndef OPENSSL_NO_GOST
> +# define OPENSSL_NO_GOST
> +#endif
> +#ifndef OPENSSL_NO_HEARTBEATS
> +# define OPENSSL_NO_HEARTBEATS
> +#endif
> +#ifndef OPENSSL_NO_HW
> +# define OPENSSL_NO_HW
> +#endif
> +#ifndef OPENSSL_NO_MSAN
> +# define OPENSSL_NO_MSAN
> +#endif
> +#ifndef OPENSSL_NO_OCB
> +# define OPENSSL_NO_OCB
> +#endif
> +#ifndef OPENSSL_NO_POSIX_IO
> +# define OPENSSL_NO_POSIX_IO
> +#endif
> +#ifndef OPENSSL_NO_RFC3779
> +# define OPENSSL_NO_RFC3779
> +#endif
> +#ifndef OPENSSL_NO_SCRYPT
> +# define OPENSSL_NO_SCRYPT
> +#endif
> +#ifndef OPENSSL_NO_SCTP
> +# define OPENSSL_NO_SCTP
> +#endif
> +#ifndef OPENSSL_NO_SOCK
> +# define OPENSSL_NO_SOCK
> +#endif
> +#ifndef OPENSSL_NO_SSL_TRACE
> +# define OPENSSL_NO_SSL_TRACE
> +#endif
> +#ifndef OPENSSL_NO_SSL3
> +# define OPENSSL_NO_SSL3
> +#endif
> +#ifndef OPENSSL_NO_SSL3_METHOD
> +# define OPENSSL_NO_SSL3_METHOD
> +#endif
> +#ifndef OPENSSL_NO_STDIO
> +# define OPENSSL_NO_STDIO
> +#endif
> +#ifndef OPENSSL_NO_TESTS
> +# define OPENSSL_NO_TESTS
> +#endif
> +#ifndef OPENSSL_NO_TLS1_3
> +# define OPENSSL_NO_TLS1_3
> +#endif
> +#ifndef OPENSSL_NO_UBSAN
> +# define OPENSSL_NO_UBSAN
> +#endif
> +#ifndef OPENSSL_NO_UI_CONSOLE
> +# define OPENSSL_NO_UI_CONSOLE
> +#endif
> +#ifndef OPENSSL_NO_UNIT_TEST
> +# define OPENSSL_NO_UNIT_TEST
> +#endif
> +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +# define OPENSSL_NO_WEAK_SSL_CIPHERS
> +#endif
> +#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> +# define OPENSSL_NO_DYNAMIC_ENGINE
> +#endif
> +#ifndef OPENSSL_NO_AFALGENG
> +# define OPENSSL_NO_AFALGENG
> +#endif
> +
> +
> +/*
> + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some
> compilers
> + * don't like that. This will hopefully silence them.
> + */
> +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> +
> +/*
> + * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
> + * declarations of functions deprecated in or before <version>. Otherwise, they
> + * still won't see them if the library has been built to disable deprecated
> + * functions.
> + */
> +#ifndef DECLARE_DEPRECATED
> +# define DECLARE_DEPRECATED(f) f;
> +# ifdef __GNUC__
> +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> +# undef DECLARE_DEPRECATED
> +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> +# endif
> +# endif
> +#endif
> +
> +#ifndef OPENSSL_FILE
> +# ifdef OPENSSL_NO_FILENAMES
> +# define OPENSSL_FILE ""
> +# define OPENSSL_LINE 0
> +# else
> +# define OPENSSL_FILE __FILE__
> +# define OPENSSL_LINE __LINE__
> +# endif
> +#endif
> +
> +#ifndef OPENSSL_MIN_API
> +# define OPENSSL_MIN_API 0
> +#endif
> +
> +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT <
> OPENSSL_MIN_API
> +# undef OPENSSL_API_COMPAT
> +# define OPENSSL_API_COMPAT OPENSSL_MIN_API
> +#endif
> +
> +/*
> + * Do not deprecate things to be deprecated in version 1.2.0 before the
> + * OpenSSL version number matches.
> + */
> +#if OPENSSL_VERSION_NUMBER < 0x10200000L
> +# define DEPRECATEDIN_1_2_0(f) f;
> +#elif OPENSSL_API_COMPAT < 0x10200000L
> +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_2_0(f)
> +#endif
> +
> +#if OPENSSL_API_COMPAT < 0x10100000L
> +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_1_0(f)
> +#endif
> +
> +#if OPENSSL_API_COMPAT < 0x10000000L
> +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_0_0(f)
> +#endif
> +
> +#if OPENSSL_API_COMPAT < 0x00908000L
> +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_0_9_8(f)
> +#endif
> +
> +/* Generate 80386 code? */
> +#undef I386_ONLY
> +
> +#undef OPENSSL_UNISTD
> +#define OPENSSL_UNISTD <unistd.h>
> +
> +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> +
> +/*
> + * The following are cipher-specific, but are part of the public API.
> + */
> +#if !defined(OPENSSL_SYS_UEFI)
> +# undef BN_LLONG
> +/* Only one for the following should be defined */
> +# undef SIXTY_FOUR_BIT_LONG
> +# undef SIXTY_FOUR_BIT
> +# define THIRTY_TWO_BIT
> +#endif
> +
> +#define RC4_INT unsigned int
> +
> +#ifdef __cplusplus
> +}
> +#endif
> --
> 2.21.0.windows.1
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format
2020-05-18 5:37 ` Xiaoyu Lu
@ 2020-05-19 1:58 ` Gao, Zhichao
0 siblings, 0 replies; 17+ messages in thread
From: Gao, Zhichao @ 2020-05-19 1:58 UTC (permalink / raw)
To: Lu, XiaoyuX, devel@edk2.groups.io
Cc: Wang, Jian J, Fu, Siyuan, Kinney, Michael D, Yao, Jiewen,
Gao, Liming
Hi Xiaoyu,
You're correct. But I am not a Perl developer. So I would file a Bugzilla and assign to someone to make the change for process_files.pl in the future.
Thanks,
Zhichao
> -----Original Message-----
> From: Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Sent: Monday, May 18, 2020 1:37 PM
> To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Gao, Liming <liming.gao@intel.com>
> Subject: RE: [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to
> dos format
>
> Hi Zhicao,
>
> Library/Include/openssl/opensslconf.h is generated by OpenSSL and copied
> by process_files.pl.
> I think it should be changed through process_files.pl.
>
> Thanks,
> Xiaoyu
>
> > -----Original Message-----
> > From: Gao, Zhichao <zhichao.gao@intel.com>
> > Sent: Friday, May 15, 2020 12:40 PM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Kinney,
> > Michael D <michael.d.kinney@intel.com>; Yao, Jiewen
> > <jiewen.yao@intel.com>; Gao, Liming <liming.gao@intel.com>
> > Subject: [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file
> > ending to dos format
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> >
> > Convert file ending of the crypto created openssl config file -
> > opensslconf.h from '\n' to '\r\n' to make align the line ending and
> > pass the patch check.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Liming Gao <liming.gao@intel.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > ---
> > .../Library/Include/openssl/opensslconf.h | 680 +++++++++---------
> > 1 file changed, 340 insertions(+), 340 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > index 70862e1054..62c2736cb0 100644
> > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > @@ -1,349 +1,349 @@
> > -/*
> > - * WARNING: do not edit!
> > - * Generated from include/openssl/opensslconf.h.in
> > - *
> > - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> > - *
> > - * Licensed under the OpenSSL license (the "License"). You may not
> > use
> > - * this file except in compliance with the License. You can obtain a
> > copy
> > - * in the file LICENSE in the source distribution or at
> > - * https://www.openssl.org/source/license.html
> > - */
> > -
> > -#include <openssl/opensslv.h>
> > -
> > -#ifdef __cplusplus
> > -extern "C" {
> > -#endif
> > -
> > -#ifdef OPENSSL_ALGORITHM_DEFINES
> > -# error OPENSSL_ALGORITHM_DEFINES no longer supported -#endif
> > -
> > -/*
> > - * OpenSSL was configured with the following options:
> > - */
> > -
> > -#ifndef OPENSSL_SYS_UEFI
> > -# define OPENSSL_SYS_UEFI 1
> > -#endif
> > -#define OPENSSL_MIN_API 0x10100000L
> > -#ifndef OPENSSL_NO_BF
> > -# define OPENSSL_NO_BF
> > -#endif
> > -#ifndef OPENSSL_NO_BLAKE2
> > -# define OPENSSL_NO_BLAKE2
> > -#endif
> > -#ifndef OPENSSL_NO_CAMELLIA
> > -# define OPENSSL_NO_CAMELLIA
> > -#endif
> > -#ifndef OPENSSL_NO_CAST
> > -# define OPENSSL_NO_CAST
> > -#endif
> > -#ifndef OPENSSL_NO_CHACHA
> > -# define OPENSSL_NO_CHACHA
> > -#endif
> > -#ifndef OPENSSL_NO_CMS
> > -# define OPENSSL_NO_CMS
> > -#endif
> > -#ifndef OPENSSL_NO_CT
> > -# define OPENSSL_NO_CT
> > -#endif
> > +/*
> > + * WARNING: do not edit!
> > + * Generated from include/openssl/opensslconf.h.in
> > + *
> > + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
> > + *
> > + * Licensed under the OpenSSL license (the "License"). You may not
> > +use
> > + * this file except in compliance with the License. You can obtain a
> > +copy
> > + * in the file LICENSE in the source distribution or at
> > + * https://www.openssl.org/source/license.html
> > + */
> > +
> > +#include <openssl/opensslv.h>
> > +
> > +#ifdef __cplusplus
> > +extern "C" {
> > +#endif
> > +
> > +#ifdef OPENSSL_ALGORITHM_DEFINES
> > +# error OPENSSL_ALGORITHM_DEFINES no longer supported #endif
> > +
> > +/*
> > + * OpenSSL was configured with the following options:
> > + */
> > +
> > +#ifndef OPENSSL_SYS_UEFI
> > +# define OPENSSL_SYS_UEFI 1
> > +#endif
> > +#define OPENSSL_MIN_API 0x10100000L
> > +#ifndef OPENSSL_NO_BF
> > +# define OPENSSL_NO_BF
> > +#endif
> > +#ifndef OPENSSL_NO_BLAKE2
> > +# define OPENSSL_NO_BLAKE2
> > +#endif
> > +#ifndef OPENSSL_NO_CAMELLIA
> > +# define OPENSSL_NO_CAMELLIA
> > +#endif
> > +#ifndef OPENSSL_NO_CAST
> > +# define OPENSSL_NO_CAST
> > +#endif
> > +#ifndef OPENSSL_NO_CHACHA
> > +# define OPENSSL_NO_CHACHA
> > +#endif
> > +#ifndef OPENSSL_NO_CMS
> > +# define OPENSSL_NO_CMS
> > +#endif
> > +#ifndef OPENSSL_NO_CT
> > +# define OPENSSL_NO_CT
> > +#endif
> > #ifndef OPENSSL_NO_DES
> > # define OPENSSL_NO_DES
> > #endif
> > -#ifndef OPENSSL_NO_DSA
> > -# define OPENSSL_NO_DSA
> > -#endif
> > -#ifndef OPENSSL_NO_EC
> > -# define OPENSSL_NO_EC
> > -#endif
> > -#ifndef OPENSSL_NO_IDEA
> > -# define OPENSSL_NO_IDEA
> > -#endif
> > -#ifndef OPENSSL_NO_MD2
> > -# define OPENSSL_NO_MD2
> > -#endif
> > +#ifndef OPENSSL_NO_DSA
> > +# define OPENSSL_NO_DSA
> > +#endif
> > +#ifndef OPENSSL_NO_EC
> > +# define OPENSSL_NO_EC
> > +#endif
> > +#ifndef OPENSSL_NO_IDEA
> > +# define OPENSSL_NO_IDEA
> > +#endif
> > +#ifndef OPENSSL_NO_MD2
> > +# define OPENSSL_NO_MD2
> > +#endif
> > #ifndef OPENSSL_NO_MD4
> > # define OPENSSL_NO_MD4
> > #endif
> > -#ifndef OPENSSL_NO_MDC2
> > -# define OPENSSL_NO_MDC2
> > -#endif
> > -#ifndef OPENSSL_NO_POLY1305
> > -# define OPENSSL_NO_POLY1305
> > -#endif
> > -#ifndef OPENSSL_NO_RC2
> > -# define OPENSSL_NO_RC2
> > -#endif
> > +#ifndef OPENSSL_NO_MDC2
> > +# define OPENSSL_NO_MDC2
> > +#endif
> > +#ifndef OPENSSL_NO_POLY1305
> > +# define OPENSSL_NO_POLY1305
> > +#endif
> > +#ifndef OPENSSL_NO_RC2
> > +# define OPENSSL_NO_RC2
> > +#endif
> > #ifndef OPENSSL_NO_RC4
> > # define OPENSSL_NO_RC4
> > #endif
> > -#ifndef OPENSSL_NO_RC5
> > -# define OPENSSL_NO_RC5
> > -#endif
> > -#ifndef OPENSSL_NO_RMD160
> > -# define OPENSSL_NO_RMD160
> > -#endif
> > -#ifndef OPENSSL_NO_SEED
> > -# define OPENSSL_NO_SEED
> > -#endif
> > -#ifndef OPENSSL_NO_SM2
> > -# define OPENSSL_NO_SM2
> > -#endif
> > -#ifndef OPENSSL_NO_SRP
> > -# define OPENSSL_NO_SRP
> > -#endif
> > -#ifndef OPENSSL_NO_TS
> > -# define OPENSSL_NO_TS
> > -#endif
> > -#ifndef OPENSSL_NO_WHIRLPOOL
> > -# define OPENSSL_NO_WHIRLPOOL
> > -#endif
> > -#ifndef OPENSSL_RAND_SEED_NONE
> > -# define OPENSSL_RAND_SEED_NONE
> > -#endif
> > -#ifndef OPENSSL_NO_AFALGENG
> > -# define OPENSSL_NO_AFALGENG
> > -#endif
> > -#ifndef OPENSSL_NO_APPS
> > -# define OPENSSL_NO_APPS
> > -#endif
> > -#ifndef OPENSSL_NO_ASAN
> > -# define OPENSSL_NO_ASAN
> > -#endif
> > -#ifndef OPENSSL_NO_ASM
> > -# define OPENSSL_NO_ASM
> > -#endif
> > -#ifndef OPENSSL_NO_ASYNC
> > -# define OPENSSL_NO_ASYNC
> > -#endif
> > -#ifndef OPENSSL_NO_AUTOERRINIT
> > -# define OPENSSL_NO_AUTOERRINIT
> > -#endif
> > -#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> > -# define OPENSSL_NO_AUTOLOAD_CONFIG
> > -#endif
> > -#ifndef OPENSSL_NO_CAPIENG
> > -# define OPENSSL_NO_CAPIENG
> > -#endif
> > -#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> > -# define OPENSSL_NO_CRYPTO_MDEBUG
> > -#endif
> > -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> > -# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> > -#endif
> > -#ifndef OPENSSL_NO_DEPRECATED
> > -# define OPENSSL_NO_DEPRECATED
> > -#endif
> > -#ifndef OPENSSL_NO_DEVCRYPTOENG
> > -# define OPENSSL_NO_DEVCRYPTOENG
> > -#endif
> > -#ifndef OPENSSL_NO_DGRAM
> > -# define OPENSSL_NO_DGRAM
> > -#endif
> > -#ifndef OPENSSL_NO_DTLS
> > -# define OPENSSL_NO_DTLS
> > -#endif
> > -#ifndef OPENSSL_NO_DTLS1
> > -# define OPENSSL_NO_DTLS1
> > -#endif
> > -#ifndef OPENSSL_NO_DTLS1_2
> > -# define OPENSSL_NO_DTLS1_2
> > -#endif
> > -#ifndef OPENSSL_NO_EC2M
> > -# define OPENSSL_NO_EC2M
> > -#endif
> > -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -# define
> > OPENSSL_NO_EC_NISTP_64_GCC_128 -#endif -#ifndef OPENSSL_NO_ECDH -#
> > define OPENSSL_NO_ECDH -#endif -#ifndef OPENSSL_NO_ECDSA -# define
> > OPENSSL_NO_ECDSA -#endif -#ifndef OPENSSL_NO_EGD -# define
> > OPENSSL_NO_EGD -#endif -#ifndef OPENSSL_NO_ENGINE -# define
> > OPENSSL_NO_ENGINE -#endif -#ifndef OPENSSL_NO_ERR -# define
> > OPENSSL_NO_ERR -#endif -#ifndef OPENSSL_NO_EXTERNAL_TESTS -# define
> > OPENSSL_NO_EXTERNAL_TESTS -#endif -#ifndef OPENSSL_NO_FILENAMES -#
> > define OPENSSL_NO_FILENAMES -#endif -#ifndef OPENSSL_NO_FUZZ_AFL -#
> > define OPENSSL_NO_FUZZ_AFL -#endif -#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> > -# define OPENSSL_NO_FUZZ_LIBFUZZER -#endif -#ifndef OPENSSL_NO_GOST
> > -# define OPENSSL_NO_GOST -#endif -#ifndef OPENSSL_NO_HEARTBEATS -#
> > define OPENSSL_NO_HEARTBEATS -#endif -#ifndef OPENSSL_NO_HW -# define
> > OPENSSL_NO_HW -#endif -#ifndef OPENSSL_NO_MSAN -# define
> > OPENSSL_NO_MSAN -#endif -#ifndef OPENSSL_NO_OCB -# define
> > OPENSSL_NO_OCB -#endif -#ifndef OPENSSL_NO_POSIX_IO -# define
> > OPENSSL_NO_POSIX_IO -#endif -#ifndef OPENSSL_NO_RFC3779 -# define
> > OPENSSL_NO_RFC3779 -#endif -#ifndef OPENSSL_NO_SCRYPT -# define
> > OPENSSL_NO_SCRYPT -#endif -#ifndef OPENSSL_NO_SCTP -# define
> > OPENSSL_NO_SCTP -#endif -#ifndef OPENSSL_NO_SOCK -# define
> > OPENSSL_NO_SOCK -#endif -#ifndef OPENSSL_NO_SSL_TRACE -# define
> > OPENSSL_NO_SSL_TRACE -#endif -#ifndef OPENSSL_NO_SSL3 -# define
> > OPENSSL_NO_SSL3 -#endif -#ifndef OPENSSL_NO_SSL3_METHOD -# define
> > OPENSSL_NO_SSL3_METHOD -#endif -#ifndef OPENSSL_NO_STDIO -# define
> > OPENSSL_NO_STDIO -#endif -#ifndef OPENSSL_NO_TESTS -# define
> > OPENSSL_NO_TESTS -#endif -#ifndef OPENSSL_NO_TLS1_3 -# define
> > OPENSSL_NO_TLS1_3 -#endif -#ifndef OPENSSL_NO_UBSAN -# define
> > OPENSSL_NO_UBSAN -#endif -#ifndef OPENSSL_NO_UI_CONSOLE -# define
> > OPENSSL_NO_UI_CONSOLE -#endif -#ifndef OPENSSL_NO_UNIT_TEST -# define
> > OPENSSL_NO_UNIT_TEST -#endif -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -#
> > define OPENSSL_NO_WEAK_SSL_CIPHERS -#endif -#ifndef
> > OPENSSL_NO_DYNAMIC_ENGINE -# define OPENSSL_NO_DYNAMIC_ENGINE -
> #endif
> > -#ifndef OPENSSL_NO_AFALGENG -# define OPENSSL_NO_AFALGENG -#endif
> > -
> > -
> > -/*
> > - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some
> > compilers
> > - * don't like that. This will hopefully silence them.
> > - */
> > -#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> > -
> > -/*
> > - * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress
> > the
> > - * declarations of functions deprecated in or before <version>.
> > Otherwise, they
> > - * still won't see them if the library has been built to disable
> > deprecated
> > - * functions.
> > - */
> > -#ifndef DECLARE_DEPRECATED
> > -# define DECLARE_DEPRECATED(f) f;
> > -# ifdef __GNUC__
> > -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> > -# undef DECLARE_DEPRECATED
> > -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> > -# endif
> > -# endif
> > -#endif
> > -
> > -#ifndef OPENSSL_FILE
> > -# ifdef OPENSSL_NO_FILENAMES
> > -# define OPENSSL_FILE ""
> > -# define OPENSSL_LINE 0
> > -# else
> > -# define OPENSSL_FILE __FILE__
> > -# define OPENSSL_LINE __LINE__
> > -# endif
> > -#endif
> > -
> > -#ifndef OPENSSL_MIN_API
> > -# define OPENSSL_MIN_API 0
> > -#endif
> > -
> > -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT <
> > OPENSSL_MIN_API -# undef OPENSSL_API_COMPAT -# define
> > OPENSSL_API_COMPAT OPENSSL_MIN_API -#endif
> > -
> > -/*
> > - * Do not deprecate things to be deprecated in version 1.2.0 before
> > the
> > - * OpenSSL version number matches.
> > - */
> > -#if OPENSSL_VERSION_NUMBER < 0x10200000L
> > -# define DEPRECATEDIN_1_2_0(f) f;
> > -#elif OPENSSL_API_COMPAT < 0x10200000L
> > -# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> > -#else
> > -# define DEPRECATEDIN_1_2_0(f)
> > -#endif
> > -
> > -#if OPENSSL_API_COMPAT < 0x10100000L
> > -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> > -#else
> > -# define DEPRECATEDIN_1_1_0(f)
> > -#endif
> > -
> > -#if OPENSSL_API_COMPAT < 0x10000000L
> > -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> > -#else
> > -# define DEPRECATEDIN_1_0_0(f)
> > -#endif
> > -
> > -#if OPENSSL_API_COMPAT < 0x00908000L
> > -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> > -#else
> > -# define DEPRECATEDIN_0_9_8(f)
> > -#endif
> > -
> > -/* Generate 80386 code? */
> > -#undef I386_ONLY
> > -
> > -#undef OPENSSL_UNISTD
> > -#define OPENSSL_UNISTD <unistd.h>
> > -
> > -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> > -
> > -/*
> > - * The following are cipher-specific, but are part of the public API.
> > - */
> > -#if !defined(OPENSSL_SYS_UEFI)
> > -# undef BN_LLONG
> > -/* Only one for the following should be defined */ -# undef
> > SIXTY_FOUR_BIT_LONG -# undef SIXTY_FOUR_BIT -# define THIRTY_TWO_BIT
> > -#endif
> > -
> > -#define RC4_INT unsigned int
> > -
> > -#ifdef __cplusplus
> > -}
> > -#endif
> > +#ifndef OPENSSL_NO_RC5
> > +# define OPENSSL_NO_RC5
> > +#endif
> > +#ifndef OPENSSL_NO_RMD160
> > +# define OPENSSL_NO_RMD160
> > +#endif
> > +#ifndef OPENSSL_NO_SEED
> > +# define OPENSSL_NO_SEED
> > +#endif
> > +#ifndef OPENSSL_NO_SM2
> > +# define OPENSSL_NO_SM2
> > +#endif
> > +#ifndef OPENSSL_NO_SRP
> > +# define OPENSSL_NO_SRP
> > +#endif
> > +#ifndef OPENSSL_NO_TS
> > +# define OPENSSL_NO_TS
> > +#endif
> > +#ifndef OPENSSL_NO_WHIRLPOOL
> > +# define OPENSSL_NO_WHIRLPOOL
> > +#endif
> > +#ifndef OPENSSL_RAND_SEED_NONE
> > +# define OPENSSL_RAND_SEED_NONE
> > +#endif
> > +#ifndef OPENSSL_NO_AFALGENG
> > +# define OPENSSL_NO_AFALGENG
> > +#endif
> > +#ifndef OPENSSL_NO_APPS
> > +# define OPENSSL_NO_APPS
> > +#endif
> > +#ifndef OPENSSL_NO_ASAN
> > +# define OPENSSL_NO_ASAN
> > +#endif
> > +#ifndef OPENSSL_NO_ASM
> > +# define OPENSSL_NO_ASM
> > +#endif
> > +#ifndef OPENSSL_NO_ASYNC
> > +# define OPENSSL_NO_ASYNC
> > +#endif
> > +#ifndef OPENSSL_NO_AUTOERRINIT
> > +# define OPENSSL_NO_AUTOERRINIT
> > +#endif
> > +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> > +# define OPENSSL_NO_AUTOLOAD_CONFIG
> > +#endif
> > +#ifndef OPENSSL_NO_CAPIENG
> > +# define OPENSSL_NO_CAPIENG
> > +#endif
> > +#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> > +# define OPENSSL_NO_CRYPTO_MDEBUG
> > +#endif
> > +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> > +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> > +#endif
> > +#ifndef OPENSSL_NO_DEPRECATED
> > +# define OPENSSL_NO_DEPRECATED
> > +#endif
> > +#ifndef OPENSSL_NO_DEVCRYPTOENG
> > +# define OPENSSL_NO_DEVCRYPTOENG
> > +#endif
> > +#ifndef OPENSSL_NO_DGRAM
> > +# define OPENSSL_NO_DGRAM
> > +#endif
> > +#ifndef OPENSSL_NO_DTLS
> > +# define OPENSSL_NO_DTLS
> > +#endif
> > +#ifndef OPENSSL_NO_DTLS1
> > +# define OPENSSL_NO_DTLS1
> > +#endif
> > +#ifndef OPENSSL_NO_DTLS1_2
> > +# define OPENSSL_NO_DTLS1_2
> > +#endif
> > +#ifndef OPENSSL_NO_EC2M
> > +# define OPENSSL_NO_EC2M
> > +#endif
> > +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 # define
> > +OPENSSL_NO_EC_NISTP_64_GCC_128 #endif #ifndef OPENSSL_NO_ECDH #
> > +define OPENSSL_NO_ECDH #endif #ifndef OPENSSL_NO_ECDSA # define
> > +OPENSSL_NO_ECDSA #endif #ifndef OPENSSL_NO_EGD # define
> > +OPENSSL_NO_EGD #endif #ifndef OPENSSL_NO_ENGINE # define
> > +OPENSSL_NO_ENGINE #endif #ifndef OPENSSL_NO_ERR # define
> > +OPENSSL_NO_ERR #endif #ifndef OPENSSL_NO_EXTERNAL_TESTS # define
> > +OPENSSL_NO_EXTERNAL_TESTS #endif #ifndef OPENSSL_NO_FILENAMES #
> > +define OPENSSL_NO_FILENAMES #endif #ifndef OPENSSL_NO_FUZZ_AFL #
> > +define OPENSSL_NO_FUZZ_AFL #endif #ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> #
> > +define OPENSSL_NO_FUZZ_LIBFUZZER #endif #ifndef OPENSSL_NO_GOST #
> > +define OPENSSL_NO_GOST #endif #ifndef OPENSSL_NO_HEARTBEATS # define
> > +OPENSSL_NO_HEARTBEATS #endif #ifndef OPENSSL_NO_HW # define
> > +OPENSSL_NO_HW #endif #ifndef OPENSSL_NO_MSAN # define
> OPENSSL_NO_MSAN
> > +#endif #ifndef OPENSSL_NO_OCB # define OPENSSL_NO_OCB #endif #ifndef
> > +OPENSSL_NO_POSIX_IO # define OPENSSL_NO_POSIX_IO #endif #ifndef
> > +OPENSSL_NO_RFC3779 # define OPENSSL_NO_RFC3779 #endif #ifndef
> > +OPENSSL_NO_SCRYPT # define OPENSSL_NO_SCRYPT #endif #ifndef
> > +OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif #ifndef
> > +OPENSSL_NO_SOCK # define OPENSSL_NO_SOCK #endif #ifndef
> > +OPENSSL_NO_SSL_TRACE # define OPENSSL_NO_SSL_TRACE #endif #ifndef
> > +OPENSSL_NO_SSL3 # define OPENSSL_NO_SSL3 #endif #ifndef
> > +OPENSSL_NO_SSL3_METHOD # define OPENSSL_NO_SSL3_METHOD #endif
> #ifndef
> > +OPENSSL_NO_STDIO # define OPENSSL_NO_STDIO #endif #ifndef
> > +OPENSSL_NO_TESTS # define OPENSSL_NO_TESTS #endif #ifndef
> > +OPENSSL_NO_TLS1_3 # define OPENSSL_NO_TLS1_3 #endif #ifndef
> > +OPENSSL_NO_UBSAN # define OPENSSL_NO_UBSAN #endif #ifndef
> > +OPENSSL_NO_UI_CONSOLE # define OPENSSL_NO_UI_CONSOLE #endif #ifndef
> > +OPENSSL_NO_UNIT_TEST # define OPENSSL_NO_UNIT_TEST #endif #ifndef
> > +OPENSSL_NO_WEAK_SSL_CIPHERS # define
> OPENSSL_NO_WEAK_SSL_CIPHERS
> > +#endif #ifndef OPENSSL_NO_DYNAMIC_ENGINE # define
> > +OPENSSL_NO_DYNAMIC_ENGINE #endif #ifndef OPENSSL_NO_AFALGENG #
> define
> > +OPENSSL_NO_AFALGENG #endif
> > +
> > +
> > +/*
> > + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some
> > compilers
> > + * don't like that. This will hopefully silence them.
> > + */
> > +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> > +
> > +/*
> > + * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress
> > +the
> > + * declarations of functions deprecated in or before <version>.
> > +Otherwise, they
> > + * still won't see them if the library has been built to disable
> > +deprecated
> > + * functions.
> > + */
> > +#ifndef DECLARE_DEPRECATED
> > +# define DECLARE_DEPRECATED(f) f;
> > +# ifdef __GNUC__
> > +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> > +# undef DECLARE_DEPRECATED
> > +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> > +# endif
> > +# endif
> > +#endif
> > +
> > +#ifndef OPENSSL_FILE
> > +# ifdef OPENSSL_NO_FILENAMES
> > +# define OPENSSL_FILE ""
> > +# define OPENSSL_LINE 0
> > +# else
> > +# define OPENSSL_FILE __FILE__
> > +# define OPENSSL_LINE __LINE__
> > +# endif
> > +#endif
> > +
> > +#ifndef OPENSSL_MIN_API
> > +# define OPENSSL_MIN_API 0
> > +#endif
> > +
> > +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT <
> > OPENSSL_MIN_API
> > +# undef OPENSSL_API_COMPAT
> > +# define OPENSSL_API_COMPAT OPENSSL_MIN_API #endif
> > +
> > +/*
> > + * Do not deprecate things to be deprecated in version 1.2.0 before
> > +the
> > + * OpenSSL version number matches.
> > + */
> > +#if OPENSSL_VERSION_NUMBER < 0x10200000L
> > +# define DEPRECATEDIN_1_2_0(f) f;
> > +#elif OPENSSL_API_COMPAT < 0x10200000L
> > +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> > +#else
> > +# define DEPRECATEDIN_1_2_0(f)
> > +#endif
> > +
> > +#if OPENSSL_API_COMPAT < 0x10100000L
> > +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> > +#else
> > +# define DEPRECATEDIN_1_1_0(f)
> > +#endif
> > +
> > +#if OPENSSL_API_COMPAT < 0x10000000L
> > +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> > +#else
> > +# define DEPRECATEDIN_1_0_0(f)
> > +#endif
> > +
> > +#if OPENSSL_API_COMPAT < 0x00908000L
> > +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> > +#else
> > +# define DEPRECATEDIN_0_9_8(f)
> > +#endif
> > +
> > +/* Generate 80386 code? */
> > +#undef I386_ONLY
> > +
> > +#undef OPENSSL_UNISTD
> > +#define OPENSSL_UNISTD <unistd.h>
> > +
> > +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> > +
> > +/*
> > + * The following are cipher-specific, but are part of the public API.
> > + */
> > +#if !defined(OPENSSL_SYS_UEFI)
> > +# undef BN_LLONG
> > +/* Only one for the following should be defined */ # undef
> > +SIXTY_FOUR_BIT_LONG # undef SIXTY_FOUR_BIT # define THIRTY_TWO_BIT
> > +#endif
> > +
> > +#define RC4_INT unsigned int
> > +
> > +#ifdef __cplusplus
> > +}
> > +#endif
> > --
> > 2.21.0.windows.1
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2020-05-19 1:58 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-15 4:39 [PATCH V6 00/13] CryptoPkg: Retire the deprecated functions Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 01/13] CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 02/13] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 03/13] CryptoPkg/OpensslLib: Set MD4 disable in OpensslLib Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 04/13] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 05/13] CryptoPkg/OpensslLib: Set ARC4 disable in OpensslLib Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 06/13] CryptoPkg/BaseCryptLib: Retire the TDES algorithm Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 07/13] CryptoPkg/OpensslLib: Set TDES disable in OpensslLib Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 08/13] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 09/13] CryptoPkg/OpensslLib: Remove the Aes Ecb file in the OpensslLib Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 10/13] CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 11/13] CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 12/13] CryptoPkg/opensslconf.h: Covert the file ending to dos format Gao, Zhichao
2020-05-15 4:43 ` Wang, Jian J
2020-05-18 5:37 ` Xiaoyu Lu
2020-05-19 1:58 ` Gao, Zhichao
2020-05-15 4:39 ` [PATCH V6 13/13] CryptoPkg/Crypto.h: Update the version of Crypto Driver Gao, Zhichao
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox