From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com []) by mx.groups.io with SMTP id smtpd.web12.31129.1605029857666972063 for ; Tue, 10 Nov 2020 09:37:43 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: zhichao.gao@intel.com) IronPort-SDR: qjMkhNeYDCJwG6fP5smq7DXSE8iaACBT0+X4Mqqy0u+br0Qcm9akpciODDUj7RMtlIjrcje2yF VRcsf8uRdyGg== X-IronPort-AV: E=McAfee;i="6000,8403,9801"; a="169234371" X-IronPort-AV: E=Sophos;i="5.77,466,1596524400"; d="scan'208";a="169234371" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Nov 2020 09:37:20 -0800 IronPort-SDR: VEmsUHK/8n6MTaju8j4DhvOtJ+jpDm9inCL6iO3IGy7q0Ve1+CziLgGEqY4gz1JcHMvI8Bb0/Y CqAcc2XkGvNw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,466,1596524400"; d="scan'208";a="473509689" Received: from fieedk001.ccr.corp.intel.com ([10.239.153.118]) by orsmga004.jf.intel.com with ESMTP; 10 Nov 2020 09:37:18 -0800 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Jiewen Yao Subject: [PATCH V3 12/12] CryptoPkg: Make the MD5 disable as default for security Date: Wed, 11 Nov 2020 01:36:51 +0800 Message-Id: <20201110173651.54036-13-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20201110173651.54036-1-zhichao.gao@intel.com> References: <20201110173651.54036-1-zhichao.gao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 Make the deprecated MD5 disable as default setting for security. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Zhichao Gao Reviewed-by: Jiewen Yao --- CryptoPkg/Driver/Crypto.c | 4 ++-- CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d9096ea603..26f280cd5d 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -243,7 +243,7 @@ DeprecatedCryptoServiceMd4HashAll ( return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE; } -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. @@ -4494,7 +4494,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { DeprecatedCryptoServiceMd4Update, DeprecatedCryptoServiceMd4Final, DeprecatedCryptoServiceMd4HashAll, -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES /// Md5 - deprecated and unsupported DeprecatedCryptoServiceMd5GetContextSize, DeprecatedCryptoServiceMd5Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index ae9bde9e37..496121e6a4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -72,7 +72,7 @@ typedef enum { // One-Way Cryptographic Hash Primitives //===================================================================================== -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c index b85e7f4d12..d670f17424 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h" #include -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 3f14c6d262..8b43d1363c 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -99,7 +99,7 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives //===================================================================================== -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. -- 2.21.0.windows.1