From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web12.33016.1599444934923131770 for ; Sun, 06 Sep 2020 19:15:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=s3VYync5; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jiewen.yao@intel.com) IronPort-SDR: 82B+rUnEtXYqJze6L4rY5/uiPbHbUUCyYjwNJH1h4+tRWbaU5i9cGLGFxTY83ld27qUIZKpcLu EEG64hQDYDsA== X-IronPort-AV: E=McAfee;i="6000,8403,9736"; a="219501475" X-IronPort-AV: E=Sophos;i="5.76,400,1592895600"; d="scan'208";a="219501475" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Sep 2020 19:15:33 -0700 IronPort-SDR: QUQssz0+GEDnjnE7LSeZhs3VnHjdrIzptQUaN71UKrr5ogBFdGyOKmywfoC2EuJAbXHyrXbWHU FloCEpyRrcoA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,400,1592895600"; d="scan'208";a="479462171" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga005.jf.intel.com with ESMTP; 06 Sep 2020 19:15:33 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Sun, 6 Sep 2020 19:15:33 -0700 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Sun, 6 Sep 2020 19:15:33 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Sun, 6 Sep 2020 19:15:33 -0700 Received: from NAM04-CO1-obe.outbound.protection.outlook.com (104.47.45.53) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Sun, 6 Sep 2020 19:15:31 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q34INFsuutfmbFjHdYMYva3tcZpnZogZDYRpFJxolNBAbC3jEu6daD+W/PUwM334rtWFoPQ7DWGksx4ESBI9p4HVKTiIN/VtC1NoRB3fhynSQ6tY1EzzZ4P46ZbjO8Co11W9zIiKfJBRfSlcX6FyRXT8Qz8YilnjJ36bwF5AlzcFgd7KDz4+HJTsuxtoO9lr+sUuYbgIi6bxg3lOU9blyj1MB+Z45z1Sqd0HFg8ro6pbqlMgOQz4NAlQx6Yhdfy6i9+iU5dQtKTI4SmV4kzSvZqRAT9bl4b6GnWVh0pPV++DB7XzL7Xnvxz5EJXQwiTxNdiolw8I06DcCg2zgGEQPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kf21ddkzUD1YSJCsxTjo+OnQ8+nq455Ji0DKovgDB3M=; b=CPeNGVsQDxUgqYCL+hlQSo1GfarJHltpSTG5ZH1cH1JWPj9U52Uk6pomRhgEUEy1uFJf0w2O4a/bTWUIaBfl75Vx34B2mUQDbFHdsy29OzWNmNPkxmoWn8BzNLkFdScy2oBJq9LbcZOx3Rp+5GItkKyprAoAhZp0IUaAQGlgRx0F2TE95U7WXd8M2kdukiV0prLQkPgGueJvIKehe3tB1AE7nkFLehS2EXZ0zKKb0bbarvTUPfdWSqzU/5nc0vLOgh3IIh76eCzfS+FkCzWJmigmz320VGUQm7ySEny1XD87R4v5c/6dKi5o8+FqrIGasp2uXuDSMDBU/q0vuNhG4g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kf21ddkzUD1YSJCsxTjo+OnQ8+nq455Ji0DKovgDB3M=; b=s3VYync5tYhqwjA98vhKEGdgmtRcMfE0JHYGGlY8xFboiuDcTUUbe/yfM0khtzYcRLj1PWB4jFO5dUL5xGRdBkiknbNW7vIC4kogTKCu2T/rgfRsswTRNC8B0hJs7J4R8aRLWnppEkBLu38ntEQgTvalAT3/Xm+HMVAMv8LB1S4= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR11MB1911.namprd11.prod.outlook.com (2603:10b6:903:123::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.15; Mon, 7 Sep 2020 02:15:30 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812%6]) with mapi id 15.20.3348.019; Mon, 7 Sep 2020 02:15:30 +0000 From: "Yao, Jiewen" To: "Gao, Zhichao" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Xu, Min M" , "Zhang, Qi1" Subject: Re: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO Thread-Topic: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO Thread-Index: AQHWf1V5WJ1VXDyUuEiHFNn+kDyDxalcerMw Date: Mon, 7 Sep 2020 02:15:30 +0000 Message-ID: References: <20200831051317.11532-1-zhichao.gao@intel.com> In-Reply-To: <20200831051317.11532-1-zhichao.gao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.222] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c28b147f-a577-4018-22b7-08d852d3e4df x-ms-traffictypediagnostic: CY4PR11MB1911: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: g5amQnqXaEpbRMdISbvRlSOGZxv5LpzARhiF0k3pK+ckWUdFB/ekrJlHmwT4TrC3lIz+SXrSuQzpMNRM4bWUZhQIF/1a36b1hTEQdLNMPhgRapL6QCJuxq3UtGgl8WSD2rHN3bl8MpXozB+1nyX5cU2C9EfVOa1Ntf9IhDXhPbS2AoPlVfVn/5wgIruRkyFZOgQ2oEgg5BgY/hoa5E8HIj05zGm3N9AsOMSeG/fcp1DNz6G9yNx2k5/6DeD1YVNukIsHNG0bu52Lvtr8rpL8/2POhC4ACJZuNWR6MFL3w/1LClFJjeuU5dDB+oL6cRSJb3ILYuG3i1QNrQQgp4k/xDOrhC3sgS8C6OHQsrLCxyuoVMCQYIor2BFZ4EhPHC/sCd5tjy6ae5ZmEIN0aPbbww== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(39860400002)(346002)(136003)(376002)(66556008)(55016002)(478600001)(52536014)(33656002)(4326008)(316002)(8676002)(5660300002)(54906003)(8936002)(110136005)(2906002)(71200400001)(53546011)(26005)(6506007)(966005)(66476007)(66946007)(64756008)(66446008)(76116006)(15650500001)(107886003)(83380400001)(86362001)(186003)(7696005)(9686003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: f1iwNZCq/7ruo/DB2fbTshCemjw3JnMgtxHap+pYHc2r5FBHGd0B7HyEyuFuaHI8xRU9tCIS2AjaV3Jy6xd4T23/xro/+ude2K4MszO0GlVFD+GlK4WQayRJ0sRCpf3lzt3VCs7yaepp+VZqNcBHKBXMAnkAV1gzlHjWeE4gfaNjtjHmRRWn7wQXeC5MnofgV8DsoTOEeV1a0/nUoB5moG88ohM/5v15bqGLBjToHjAhHij1+MkNuM6ppDVWJ3tTqVjIprASMalgyJ6WzCdD3662u0cSxrfHcmhoT43bbV0zaaRb+IbhKEzT/aZ/R/oJUIfsy6hOuWT4XA6j2akmmWa4tU8Qy+awBJhzVDIQFZzFjEgjR/vl3uQoCrQ8+Q2xbzBzuR7Zvp9/4x13dgARErICGSTTxYKH4FdbdlQAP8PvVzEEBuMMiln8194XPuTr0YYKLIfVnAYMs1jlCdwq7tEAhhFD5JnTvO75qzVeUQQf+SD7rjfBDzrGFSJBzubfq7Pv3k43bNvZTRpGcVSFzI3w712nbMTpH9+YplN43l3GUrsxM8PTN2O1xfx3WaPJVWIhtpRAgMt+snkA9jhRwoW4ez6ke9fkSLr8WG1+3s28zfvhwYaZfwTXhLc1/a4ZoWK8CkXt/iDjA7CS1nkPYw== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c28b147f-a577-4018-22b7-08d852d3e4df X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Sep 2020 02:15:30.2341 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: VKZ+UQj4cJC32w+ogNQHQaVl087zCMzuD2tHr9N6gU70dZx2KSBWRxuLApB154FSDuyM7YwjV9wtIdAF/bssLw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1911 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: Gao, Zhichao > Sent: Monday, August 31, 2020 1:13 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Xu, Min M ; Zhang, Qi1 > Subject: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base o= n > MACRO >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2943 >=20 > Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES. > SHA1 is deprecated function and the MACRO is used to remove the whole > implementation of the SHA1. For the platforms that do not need SHA1 > for security, the MACRO should works for DxeImageVerificationLib as > well. >=20 > Signed-off-by: Zhichao Gao > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Qi Zhang > --- > .../DxeImageVerificationLib/DxeImageVerificationLib.c | 6 ++++++ > 1 file changed, 6 insertions(+) >=20 > diff --git > a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > index b08fe24e85..7871220140 100644 > --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib= .c > +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib= .c > @@ -59,7 +59,11 @@ UINT8 mHashOidValue[] =3D { > }; >=20 > HASH_TABLE mHash[] =3D { > +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES > { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init= , > Sha1Update, Sha1Final }, > +#else > + { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, = NULL, > NULL }, > +#endif > { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, = NULL, > NULL }, > { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256In= it, > Sha256Update, Sha256Final}, > { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384In= it, > Sha384Update, Sha384Final}, > @@ -315,10 +319,12 @@ HashPeImage ( > ZeroMem (mImageDigest, MAX_DIGEST_SIZE); >=20 > switch (HashAlg) { > +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES > case HASHALG_SHA1: > mImageDigestSize =3D SHA1_DIGEST_SIZE; > mCertType =3D gEfiCertSha1Guid; > break; > +#endif >=20 > case HASHALG_SHA256: > mImageDigestSize =3D SHA256_DIGEST_SIZE; > -- > 2.21.0.windows.1