From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web09.485.1605160579763645521 for ; Wed, 11 Nov 2020 21:56:39 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: zhichao.gao@intel.com) IronPort-SDR: HWHtjJqc1A4m2hRTMHKBw+i9rbeICW11DVc67YT+BBZXZ0PrE1oCzVjn4phhdgRuEUux21iHxv /M52zn9M8N1A== X-IronPort-AV: E=McAfee;i="6000,8403,9802"; a="254971313" X-IronPort-AV: E=Sophos;i="5.77,471,1596524400"; d="scan'208";a="254971313" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Nov 2020 21:56:38 -0800 IronPort-SDR: qhn8i6KypRJgu8a6kL7Rh+vIlMHM+fScC998dP7QvmfuwTECNK4fkOqZ/7/8LkvLh8SvXwFcnF IiLUoXHhZydA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,471,1596524400"; d="scan'208";a="366490852" Received: from fieedk001.ccr.corp.intel.com ([10.239.153.118]) by orsmga007.jf.intel.com with ESMTP; 11 Nov 2020 21:56:37 -0800 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Jiewen Yao Subject: [PATCH V4 13/13] CryptoPkg: Make the MD5 disable as default for security Date: Thu, 12 Nov 2020 13:55:58 +0800 Message-Id: <20201112055558.2348-14-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20201112055558.2348-1-zhichao.gao@intel.com> References: <20201112055558.2348-1-zhichao.gao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 Make the deprecated MD5 disable as default setting for security. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Zhichao Gao Reviewed-by: Jiewen Yao --- CryptoPkg/Driver/Crypto.c | 4 ++-- CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d9096ea603..26f280cd5d 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -243,7 +243,7 @@ DeprecatedCryptoServiceMd4HashAll ( return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE; } -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. @@ -4494,7 +4494,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { DeprecatedCryptoServiceMd4Update, DeprecatedCryptoServiceMd4Final, DeprecatedCryptoServiceMd4HashAll, -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES /// Md5 - deprecated and unsupported DeprecatedCryptoServiceMd5GetContextSize, DeprecatedCryptoServiceMd5Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index ae9bde9e37..496121e6a4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -72,7 +72,7 @@ typedef enum { // One-Way Cryptographic Hash Primitives //===================================================================================== -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c index b85e7f4d12..d670f17424 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h" #include -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 3f14c6d262..8b43d1363c 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -99,7 +99,7 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives //===================================================================================== -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. -- 2.21.0.windows.1