From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Gao, Zhichao" <zhichao.gao@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Subject: Re: [edk2-devel] [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement
Date: Fri, 27 Mar 2020 02:51:05 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C510003625A33AFC@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <c87a06d14eac4a0094b0e7d4bf10314f@intel.com>
Zhichao,
You can just use the PCD in C code "if (PcdGet...){}" instead of macro #if.
Regards,
Jian
> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: Friday, March 27, 2020 10:44 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Subject: RE: [edk2-devel] [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to
> control the SHA1 enablement
>
> Hi Mike,
>
> It is better to not compile the deprecated function, i.e. disable the function at
> build time. Is there another way to disable the function at build time except the
> #if statement?
>
> Thanks,
> Zhichao
>
> > -----Original Message-----
> > From: Kinney, Michael D
> > Sent: Friday, March 27, 2020 10:04 AM
> > To: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@intel.com>; Kinney,
> > Michael D <michael.d.kinney@intel.com>
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> > Subject: RE: [edk2-devel] [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to
> > control the SHA1 enablement
> >
> > We should not use #if statements in C code.
> >
> > Also, we should not be changing the layout of the structure based on a PCD
> > feature flag.
> >
> > I agree we need to ability to disable the use of some Crypto services, but we
> > need to decide what behavior we want at build time and boot time if there is
> > code that uses a disabled service.
> >
> > Mike
> >
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> > > Zhichao
> > > Sent: Thursday, March 26, 2020 6:56 PM
> > > To: devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > <xiaoyux.lu@intel.com>
> > > Subject: [edk2-devel] [PATCH 8/8] CryptoPkg/BaseCryptLib:
> > > Use Pcd to control the SHA1 enablement
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
> > >
> > > Md5 and SHA1 is not secure any longer but uefi spec need to keep them
> > > for backwards compatibility.
> > > Use pcd PcdSHA1Enable to control the SHA1 function enablement.
> > > When disable the SHA1 functions would not be complied.
> > >
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > > ---
> > > CryptoPkg/Driver/Crypto.c |
> > > 8 ++++++++
> > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf |
> > > 1 +
> > > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c |
> > > 3 +++
> > > .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c |
> > > 3 +++
> > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |
> > > 1 +
> > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c |
> > > 3 +++
> > > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c |
> > > 2 ++
> > > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c |
> > > 2 ++
> > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |
> > > 1 +
> > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |
> > > 1 +
> > > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c |
> > > 4 +++-
> > > .../Library/BaseCryptLibOnProtocolPpi/CryptLib.c |
> > > 4 ++++
> > > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c |
> > > 12 ++++++++++++
> > > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf |
> > > 1 +
> > > CryptoPkg/Private/Protocol/Crypto.h |
> > > 9 ++++++++-
> > > 15 files changed, 53 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
> > > index b53da85bad..f7902205b3 100644
> > > --- a/CryptoPkg/Driver/Crypto.c
> > > +++ b/CryptoPkg/Driver/Crypto.c
> > > @@ -266,6 +266,7 @@ CryptoServiceMd5HashAll ( } #endif
> > >
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /**
> > > Retrieves the size, in bytes, of the context buffer required for
> > > SHA-1 hash operations.
> > >
> > > @@ -423,6 +424,7 @@ CryptoServiceSha1HashAll ( {
> > > return CALL_BASECRYPTLIB (Sha1.Services.HashAll, Sha1HashAll,
> > > (Data, DataSize, HashValue), FALSE); }
> > > +#endif
> > >
> > > /**
> > > Retrieves the size, in bytes, of the context buffer
> > > required for SHA-256 hash operations.
> > > @@ -1177,6 +1179,7 @@ CryptoServiceHmacMd5Final (
> > > }
> > > #endif
> > >
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /**
> > > Allocates and initializes one HMAC_CTX context for
> > > subsequent HMAC-SHA1 use.
> > >
> > > @@ -1327,6 +1330,7 @@ CryptoServiceHmacSha1Final (
> > > {
> > > return CALL_BASECRYPTLIB (HmacSha1.Services.Final,
> > > HmacSha1Final, (HmacSha1Context, HmacValue), FALSE);
> > > }
> > > +#endif
> > >
> > > /**
> > > Allocates and initializes one HMAC_CTX context for
> > > subsequent HMAC-SHA256 use.
> > > @@ -3820,6 +3824,7 @@ const EDKII_CRYPTO_PROTOCOL
> > > mEdkiiCrypto = {
> > > CryptoServiceHmacMd5Update,
> > > CryptoServiceHmacMd5Final,
> > > #endif
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /// HMAC SHA1
> > > CryptoServiceHmacSha1New,
> > > CryptoServiceHmacSha1Free,
> > > @@ -3827,6 +3832,7 @@ const EDKII_CRYPTO_PROTOCOL
> > > mEdkiiCrypto = {
> > > CryptoServiceHmacSha1Duplicate,
> > > CryptoServiceHmacSha1Update,
> > > CryptoServiceHmacSha1Final,
> > > +#endif
> > > /// HMAC SHA256
> > > CryptoServiceHmacSha256New,
> > > CryptoServiceHmacSha256Free,
> > > @@ -3877,6 +3883,7 @@ const EDKII_CRYPTO_PROTOCOL
> > > mEdkiiCrypto = {
> > > CryptoServiceRsaPkcs1Verify,
> > > CryptoServiceRsaGetPrivateKeyFromPem,
> > > CryptoServiceRsaGetPublicKeyFromX509,
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /// Sha1
> > > CryptoServiceSha1GetContextSize,
> > > CryptoServiceSha1Init,
> > > @@ -3884,6 +3891,7 @@ const EDKII_CRYPTO_PROTOCOL
> > > mEdkiiCrypto = {
> > > CryptoServiceSha1Update,
> > > CryptoServiceSha1Final,
> > > CryptoServiceSha1HashAll,
> > > +#endif
> > > /// Sha256
> > > CryptoServiceSha256GetContextSize,
> > > CryptoServiceSha256Init,
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > > index 5c65ef5892..9ffd98096c 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > > @@ -85,6 +85,7 @@
> > >
> > > [Pcd]
> > > gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable
> > > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable
> > >
> > > #
> > > # Remove these [BuildOptions] after this library is
> > > cleaned up
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > > index 7593ca55b1..baba6b267c 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > > @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-
> > > Patent
> > >
> > > **/
> > >
> > > +#include <Library/PcdLib.h>
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > #include "InternalCryptLib.h"
> > > #include <openssl/hmac.h>
> > >
> > > @@ -214,3 +216,4 @@ HmacSha1Final (
> > >
> > > return TRUE;
> > > }
> > > +#endif
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> > > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> > > index e8c0f341b7..1314fa1a77 100644
> > > ---
> > > a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> > > +++
> > > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> > > @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-
> > > Patent
> > >
> > > **/
> > >
> > > +#include <Library/PcdLib.h>
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > #include "InternalCryptLib.h"
> > >
> > > /**
> > > @@ -137,3 +139,4 @@ HmacSha1Final (
> > > ASSERT (FALSE);
> > > return FALSE;
> > > }
> > > +#endif
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > index cebc74ccf2..b40e76f243 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > @@ -78,6 +78,7 @@
> > >
> > > [Pcd]
> > > gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable
> > > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable
> > >
> > > #
> > > # Remove these [BuildOptions] after this library is
> > > cleaned up
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c
> > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c
> > > index a89c1525c1..15e6bc2cb4 100644
> > > ---
> > > a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c
> > > +++
> > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c
> > > @@ -7,6 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-
> > > Patent
> > > **/
> > >
> > > #include "InternalCryptLib.h"
> > > +#include <Library/PcdLib.h>
> > > #include <openssl/evp.h>
> > > #include <openssl/hmac.h>
> > >
> > > @@ -68,9 +69,11 @@ Pkcs5HashPassword (
> > > // Make sure the digest algorithm is supported.
> > > //
> > > switch (DigestSize) {
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > case SHA1_DIGEST_SIZE:
> > > HashAlg = EVP_sha1();
> > > break;
> > > +#endif
> > > case SHA256_DIGEST_SIZE:
> > > HashAlg = EVP_sha256();
> > > break;
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> > > index 31b78464d2..549ee1b933 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> > > @@ -298,9 +298,11 @@ RsaPkcs1Verify (
> > > break;
> > > #endif
> > >
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > case SHA1_DIGEST_SIZE:
> > > DigestType = NID_sha1;
> > > break;
> > > +#endif
> > >
> > > case SHA256_DIGEST_SIZE:
> > > DigestType = NID_sha256;
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> > > index 1a50be1d78..60605e3486 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> > > @@ -336,9 +336,11 @@ RsaPkcs1Sign (
> > > break;
> > > #endif
> > >
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > case SHA1_DIGEST_SIZE:
> > > DigestType = NID_sha1;
> > > break;
> > > +#endif
> > >
> > > case SHA256_DIGEST_SIZE:
> > > DigestType = NID_sha256;
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > > index 72d4cd03ab..b6c0be70f2 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > > @@ -90,6 +90,7 @@
> > >
> > > [Pcd]
> > > gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable
> > > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable
> > >
> > > #
> > > # Remove these [BuildOptions] after this library is
> > > cleaned up
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > index 21f104c916..7f678eee93 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > > @@ -89,6 +89,7 @@
> > >
> > > [Pcd]
> > > gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable
> > > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable
> > >
> > > #
> > > # Remove these [BuildOptions] after this library is
> > > cleaned up
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu
> > > ll.c
> > > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu
> > > ll.c
> > > index e8c0f341b7..3aac798188 100644
> > > ---
> > > a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu
> > > ll.c
> > > +++
> > > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu
> > > ll.c
> > > @@ -5,7 +5,8 @@ Copyright (c) 2012 - 2020, Intel
> > > Corporation. All rights reserved.<BR>
> > > SPDX-License-Identifier: BSD-2-Clause-Patent
> > >
> > > **/
> > > -
> > > +#include <Library/PcdLib.h>
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > #include "InternalCryptLib.h"
> > >
> > > /**
> > > @@ -137,3 +138,4 @@ HmacSha1Final (
> > > ASSERT (FALSE);
> > > return FALSE;
> > > }
> > > +#endif
> > > diff --git
> > > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > > index cba1e4c8bf..8429fefc0b 100644
> > > ---
> > > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > > +++
> > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > > @@ -260,6 +260,7 @@ Md5HashAll (
> > > }
> > > #endif
> > >
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /**
> > > Retrieves the size, in bytes, of the context buffer
> > > required for SHA-1 hash operations.
> > >
> > > @@ -417,6 +418,7 @@ Sha1HashAll (
> > > {
> > > CALL_CRYPTO_SERVICE (Sha1HashAll, (Data, DataSize,
> > > HashValue), FALSE);
> > > }
> > > +#endif
> > >
> > > /**
> > > Retrieves the size, in bytes, of the context buffer
> > > required for SHA-256 hash operations.
> > > @@ -1171,6 +1173,7 @@ HmacMd5Final (
> > > }
> > > #endif
> > >
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /**
> > > Allocates and initializes one HMAC_CTX context for
> > > subsequent HMAC-SHA1 use.
> > >
> > > @@ -1321,6 +1324,7 @@ HmacSha1Final (
> > > {
> > > CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context,
> > > HmacValue), FALSE);
> > > }
> > > +#endif
> > >
> > > /**
> > > Allocates and initializes one HMAC_CTX context for
> > > subsequent HMAC-SHA256 use.
> > > diff --git
> > > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > > index f9796b2158..754d75aeb2 100644
> > > --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > > +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > > @@ -33,9 +33,11 @@ HashApiGetContextSize (
> > > )
> > > {
> > > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > case HASH_ALG_SHA1:
> > > return Sha1GetContextSize ();
> > > break;
> > > +#endif
> > >
> > > case HASH_ALG_SHA256:
> > > return Sha256GetContextSize ();
> > > @@ -75,9 +77,11 @@ HashApiInit (
> > > )
> > > {
> > > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > case HASH_ALG_SHA1:
> > > return Sha1Init (HashContext);
> > > break;
> > > +#endif
> > >
> > > case HASH_ALG_SHA256:
> > > return Sha256Init (HashContext);
> > > @@ -119,9 +123,11 @@ HashApiDuplicate (
> > > )
> > > {
> > > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > case HASH_ALG_SHA1:
> > > return Sha1Duplicate (HashContext,
> > > NewHashContext);
> > > break;
> > > +#endif
> > >
> > > case HASH_ALG_SHA256:
> > > return Sha256Duplicate (HashContext,
> > > NewHashContext);
> > > @@ -165,9 +171,11 @@ HashApiUpdate (
> > > )
> > > {
> > > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > case HASH_ALG_SHA1:
> > > return Sha1Update (HashContext, DataToHash,
> > > DataToHashLen);
> > > break;
> > > +#endif
> > >
> > > case HASH_ALG_SHA256:
> > > return Sha256Update (HashContext, DataToHash,
> > > DataToHashLen);
> > > @@ -209,9 +217,11 @@ HashApiFinal (
> > > )
> > > {
> > > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > case HASH_ALG_SHA1:
> > > return Sha1Final (HashContext, Digest);
> > > break;
> > > +#endif
> > >
> > > case HASH_ALG_SHA256:
> > > return Sha256Final (HashContext, Digest);
> > > @@ -255,9 +265,11 @@ HashApiHashAll (
> > > )
> > > {
> > > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > case HASH_ALG_SHA1:
> > > return Sha1HashAll (DataToHash, DataToHashLen,
> > > Digest);
> > > break;
> > > +#endif
> > >
> > > case HASH_ALG_SHA256:
> > > return Sha256HashAll (DataToHash, DataToHashLen,
> > > Digest);
> > > diff --git
> > > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > > index b4d8675ddd..29f7d7abfd 100644
> > > --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > > +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > > @@ -42,3 +42,4 @@
> > >
> > > [Pcd]
> > > gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy ##
> > > CONSUMES
> > > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable ##
> > > CONSUMES
> > > diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> > > b/CryptoPkg/Private/Protocol/Crypto.h
> > > index 527318dc23..3f8c5751a7 100644
> > > --- a/CryptoPkg/Private/Protocol/Crypto.h
> > > +++ b/CryptoPkg/Private/Protocol/Crypto.h
> > > @@ -179,6 +179,7 @@ BOOLEAN
> > > );
> > > #endif
> > >
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /**
> > > Allocates and initializes one HMAC_CTX context for
> > > subsequent HMAC-SHA1 use.
> > >
> > > @@ -315,7 +316,7 @@ BOOLEAN
> > > IN OUT VOID *HmacSha1Context,
> > > OUT UINT8 *HmacValue
> > > );
> > > -
> > > +#endif
> > >
> > > /**
> > > Allocates and initializes one HMAC_CTX context for
> > > subsequent HMAC-SHA256 use.
> > > @@ -1537,6 +1538,7 @@ BOOLEAN
> > > // SHA
> > > //----------------------------------------
> > >
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /**
> > > Retrieves the size, in bytes, of the context buffer
> > > required for SHA-1 hash operations.
> > >
> > > @@ -1676,6 +1678,7 @@ BOOLEAN
> > > IN UINTN DataSize,
> > > OUT UINT8 *HashValue
> > > );
> > > +#endif
> > >
> > > /**
> > > Retrieves the size, in bytes, of the context buffer
> > > required for SHA-256 hash operations.
> > > @@ -3453,6 +3456,7 @@ struct _EDKII_CRYPTO_PROTOCOL {
> > > EDKII_CRYPTO_HMAC_MD5_UPDATE
> > > HmacMd5Update;
> > > EDKII_CRYPTO_HMAC_MD5_FINAL
> > > HmacMd5Final;
> > > #endif
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /// HMAC SHA1
> > > EDKII_CRYPTO_HMAC_SHA1_NEW
> > > HmacSha1New;
> > > EDKII_CRYPTO_HMAC_SHA1_FREE
> > > HmacSha1Free;
> > > @@ -3460,6 +3464,7 @@ struct _EDKII_CRYPTO_PROTOCOL {
> > > EDKII_CRYPTO_HMAC_SHA1_DUPLICATE
> > > HmacSha1Duplicate;
> > > EDKII_CRYPTO_HMAC_SHA1_UPDATE
> > > HmacSha1Update;
> > > EDKII_CRYPTO_HMAC_SHA1_FINAL
> > > HmacSha1Final;
> > > +#endif
> > > /// HMAC SHA256
> > > EDKII_CRYPTO_HMAC_SHA256_NEW
> > > HmacSha256New;
> > > EDKII_CRYPTO_HMAC_SHA256_FREE
> > > HmacSha256Free;
> > > @@ -3510,6 +3515,7 @@ struct _EDKII_CRYPTO_PROTOCOL {
> > > EDKII_CRYPTO_RSA_PKCS1_VERIFY
> > > RsaPkcs1Verify;
> > > EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM
> > > RsaGetPrivateKeyFromPem;
> > > EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509
> > > RsaGetPublicKeyFromX509;
> > > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > > /// Sha1
> > > EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE
> > > Sha1GetContextSize;
> > > EDKII_CRYPTO_SHA1_INIT
> > > Sha1Init;
> > > @@ -3517,6 +3523,7 @@ struct _EDKII_CRYPTO_PROTOCOL {
> > > EDKII_CRYPTO_SHA1_UPDATE
> > > Sha1Update;
> > > EDKII_CRYPTO_SHA1_FINAL
> > > Sha1Final;
> > > EDKII_CRYPTO_SHA1_HASH_ALL
> > > Sha1HashAll;
> > > +#endif
> > > /// Sha256
> > > EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE
> > > Sha256GetContextSize;
> > > EDKII_CRYPTO_SHA256_INIT
> > > Sha256Init;
> > > --
> > > 2.21.0.windows.1
> > >
> > >
> > >
next prev parent reply other threads:[~2020-03-27 2:51 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-27 1:56 [PATCH 0/8] CryptoPkg: Retire the deprecate function Gao, Zhichao
2020-03-27 1:56 ` [PATCH 1/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 2/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 3/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 4/8] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 5/8] CryptoPkg/dec: Add pcds to avoid building the deprecated function Gao, Zhichao
2020-03-27 1:56 ` [PATCH 6/8] NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI Gao, Zhichao
2020-03-27 2:07 ` Siyuan, Fu
2020-03-30 12:01 ` [edk2-devel] " Maciej Rabeda
2020-03-27 1:56 ` [PATCH 7/8] Crypto/BaseCryptLib: Using pcd to control MD5 enablement Gao, Zhichao
2020-03-27 1:56 ` [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement Gao, Zhichao
2020-03-27 2:04 ` [edk2-devel] " Michael D Kinney
2020-03-27 2:44 ` Gao, Zhichao
2020-03-27 2:51 ` Wang, Jian J [this message]
2020-03-27 17:35 ` Laszlo Ersek
2020-03-27 2:01 ` [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function Yao, Jiewen
2020-03-27 2:43 ` Gao, Zhichao
2020-03-27 2:50 ` Yao, Jiewen
2020-03-27 2:54 ` Gao, Zhichao
[not found] ` <160006BBBC4857E5.7267@groups.io>
2020-03-27 2:20 ` Yao, Jiewen
2020-03-27 2:53 ` Gao, Zhichao
2020-03-27 2:47 ` Siyuan, Fu
2020-03-27 2:57 ` [edk2-devel] " Yao, Jiewen
2020-03-27 3:06 ` Siyuan, Fu
2020-03-27 4:59 ` Yao, Jiewen
2020-03-27 5:43 ` Siyuan, Fu
2020-03-27 5:50 ` Yao, Jiewen
2020-03-27 6:03 ` Siyuan, Fu
2020-03-27 6:15 ` Yao, Jiewen
2020-03-27 9:19 ` Ni, Ray
2020-03-27 16:38 ` Michael D Kinney
2020-03-27 23:43 ` Yao, Jiewen
2020-03-30 2:17 ` Siyuan, Fu
2020-03-30 2:47 ` Yao, Jiewen
2020-03-30 3:04 ` Siyuan, Fu
2020-03-30 17:30 ` Michael D Kinney
2020-03-31 0:34 ` Yao, Jiewen
2020-04-14 4:36 ` Gao, Zhichao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C510003625A33AFC@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox