From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.47068.1598850811003724136 for ; Sun, 30 Aug 2020 22:13:31 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: zhichao.gao@intel.com) IronPort-SDR: cpPznZQcFmC4tU7s5VRbV5gYKe2e0xi9DbfoRRcAHaWULQFMvZVLVsjQcwXwsaSrwGSn2JqNYD nebiBY+KpdaQ== X-IronPort-AV: E=McAfee;i="6000,8403,9729"; a="136966413" X-IronPort-AV: E=Sophos;i="5.76,374,1592895600"; d="scan'208";a="136966413" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Aug 2020 22:13:28 -0700 IronPort-SDR: 3sL29idfnpeDvQvg0rihwO7MLX2TJpHdIVwzy/L32r8PWrIV3qJLpX5HR+gWvAbbBvFZPZ1jR1 z/NfQxLijzfw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,374,1592895600"; d="scan'208";a="476583430" Received: from fieedk001.ccr.corp.intel.com ([10.239.153.108]) by orsmga005.jf.intel.com with ESMTP; 30 Aug 2020 22:13:26 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu , Qi Zhang Subject: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO Date: Mon, 31 Aug 2020 13:13:17 +0800 Message-Id: <20200831051317.11532-1-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2943 Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES. SHA1 is deprecated function and the MACRO is used to remove the whole implementation of the SHA1. For the platforms that do not need SHA1 for security, the MACRO should works for DxeImageVerificationLib as well. Signed-off-by: Zhichao Gao Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Qi Zhang --- .../DxeImageVerificationLib/DxeImageVerificationLib.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index b08fe24e85..7871220140 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -59,7 +59,11 @@ UINT8 mHashOidValue[] = { }; HASH_TABLE mHash[] = { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final }, +#else + { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL }, +#endif { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL }, { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final}, { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final}, @@ -315,10 +319,12 @@ HashPeImage ( ZeroMem (mImageDigest, MAX_DIGEST_SIZE); switch (HashAlg) { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case HASHALG_SHA1: mImageDigestSize = SHA1_DIGEST_SIZE; mCertType = gEfiCertSha1Guid; break; +#endif case HASHALG_SHA256: mImageDigestSize = SHA256_DIGEST_SIZE; -- 2.21.0.windows.1