Re: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()

["Michael D Kinney" <michael.d.kinney@intel.com>]

Hi Gerd,

This is an interesting pattern for the openssl 3.0 size issues.

It looks like the 1.1.1 APIs we are currently using are still available.
Are those legacy APIs guaranteed to be supported under openssl 3.0?

Mike

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd Hoffmann
> Sent: Monday, February 13, 2023 11:20 AM
> To: devel@edk2.groups.io
> Cc: Oliver Steffen <osteffen@redhat.com>; Pawel Polawski <ppolawsk@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>
> Subject: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()
> 
> In openssl 3.0 SHA1() goes through the provider logic,
> requiring a huge amount of openssl code.  The individual
> functions do not, so use them instead.
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c | 16 +++++++++++++---
>  1 file changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> index 1e071ce2b325..cfe1f4bc44c9 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> @@ -204,6 +204,8 @@ Sha1HashAll (
>    OUT  UINT8       *HashValue
>    )
>  {
> +  SHA_CTX  Context;
> +
>    //
>    // Check input parameters.
>    //
> @@ -218,11 +220,19 @@ Sha1HashAll (
>    //
>    // OpenSSL SHA-1 Hash Computation.
>    //
> -  if (SHA1 (Data, DataSize, HashValue) == NULL) {
> +  if (!SHA1_Init (&Context)) {
>      return FALSE;
> -  } else {
> -    return TRUE;
>    }
> +
> +  if (!SHA1_Update (&Context, Data, DataSize)) {
> +    return FALSE;
> +  }
> +
> +  if (!SHA1_Final (HashValue, &Context)) {
> +    return FALSE;
> +  }
> +
> +  return TRUE;
>  }
> 
>  #endif
> --
> 2.39.1
> 
> 
> 
> 
>