From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com []) by mx.groups.io with SMTP id smtpd.web11.8362.1603766593536324021 for ; Mon, 26 Oct 2020 19:43:23 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: zhichao.gao@intel.com) IronPort-SDR: //rnMlaM91huwsucLT/AY1iJVO8N60ZNMvmR39tSm2j8TuhgV/QykhBB7ceMCG3QTYfkILTiPg /w8h+HFfVPxQ== X-IronPort-AV: E=McAfee;i="6000,8403,9786"; a="168117944" X-IronPort-AV: E=Sophos;i="5.77,422,1596524400"; d="scan'208";a="168117944" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2020 19:43:23 -0700 IronPort-SDR: G030EPwFCjj+5YGlT8uWWDZXt8xRHA4nT8WJ2OYPamY4bdnRpNMj2a7nYxKSTlFvSCczhnfU5a QFJ0iyZH6+Bw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,422,1596524400"; d="scan'208";a="350351920" Received: from fieedk001.ccr.corp.intel.com ([10.239.153.118]) by fmsmga004.fm.intel.com with ESMTP; 26 Oct 2020 19:43:21 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH V2 7/7] CryptoPkg: Make the MD5 disable as default for security Date: Tue, 27 Oct 2020 10:43:00 +0800 Message-Id: <20201027024300.21100-8-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20201027024300.21100-1-zhichao.gao@intel.com> References: <20201027024300.21100-1-zhichao.gao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 Make the deprecated MD5 disable as default setting for security. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Zhichao Gao --- CryptoPkg/Driver/Crypto.c | 4 ++-- CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d9096ea603..26f280cd5d 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -243,7 +243,7 @@ DeprecatedCryptoServiceMd4HashAll ( return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE; } -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. @@ -4494,7 +4494,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { DeprecatedCryptoServiceMd4Update, DeprecatedCryptoServiceMd4Final, DeprecatedCryptoServiceMd4HashAll, -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES /// Md5 - deprecated and unsupported DeprecatedCryptoServiceMd5GetContextSize, DeprecatedCryptoServiceMd5Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index ae9bde9e37..496121e6a4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -72,7 +72,7 @@ typedef enum { // One-Way Cryptographic Hash Primitives //===================================================================================== -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c index b85e7f4d12..d670f17424 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h" #include -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 3f14c6d262..8b43d1363c 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -99,7 +99,7 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives //===================================================================================== -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. -- 2.21.0.windows.1