From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.11420.1588948482679380773 for ; Fri, 08 May 2020 07:34:43 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jian.j.wang@intel.com) IronPort-SDR: pwjw9tTHnwOKKEJptGcs70bOocbqGYiulIC0YZhvKxpi+FMi8JscYuvMPvXHFA5azKMSR35SYV 9gIxuAdbVWOw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2020 07:34:41 -0700 IronPort-SDR: DZl7lMqZa9dQDn+CyBtPeJNkk3BNyMS07hm1qFI+Ink2r9vTPspkYEIVgkF0UopkpaiSmjLW7d VmEZgz2KYpag== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,367,1583222400"; d="scan'208";a="260987872" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga003.jf.intel.com with ESMTP; 08 May 2020 07:34:41 -0700 Received: from fmsmsx121.amr.corp.intel.com (10.18.125.36) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 8 May 2020 07:34:41 -0700 Received: from shsmsx106.ccr.corp.intel.com (10.239.4.159) by fmsmsx121.amr.corp.intel.com (10.18.125.36) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 8 May 2020 07:34:41 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.200]) by SHSMSX106.ccr.corp.intel.com ([169.254.10.225]) with mapi id 14.03.0439.000; Fri, 8 May 2020 22:34:37 +0800 From: "Wang, Jian J" To: "Gao, Zhichao" , "devel@edk2.groups.io" CC: "Lu, XiaoyuX" , "Fu, Siyuan" , "Kinney, Michael D" , "Yao, Jiewen" Subject: Re: [PATCH V3 3/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Thread-Topic: [PATCH V3 3/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Thread-Index: AQHWJAIua440VT5glUeqGY+lpGaBPaieQeMQ Date: Fri, 8 May 2020 14:34:36 +0000 Message-ID: References: <20200506235746.19500-1-zhichao.gao@intel.com> <20200506235746.19500-4-zhichao.gao@intel.com> In-Reply-To: <20200506235746.19500-4-zhichao.gao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Zhichao, Thanks for making this patch series. Just two comments for patch 3: (1) If possible, please group patch file based on module unit. For this pat= ch, I think at least OpensslLib can be put in separate patch file. (2) Please update process_files.pl in OpensslLib to generate OpensslLibXxx.= inf and opensslconf.h. Regards, Jian > -----Original Message----- > From: Gao, Zhichao > Sent: Thursday, May 07, 2020 7:58 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Fu, Siyuan ; Kinney, Michael D > ; Yao, Jiewen > Subject: [PATCH V3 3/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 >=20 > ARC4 is not secure any longer. > Remove the ARC4 support from edk2. > Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the > function is unsupported any longer. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Siyuan Fu > Cc: Michael D Kinney > Cc: Jiewen Yao > Signed-off-by: Zhichao Gao > --- > CryptoPkg/Driver/Crypto.c | 125 ++--------- > CryptoPkg/Include/Library/BaseCryptLib.h | 132 ----------- > .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - > .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------------------ > .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----------- > .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- > .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- > .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - > .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----------- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 147 ------------- > .../Library/Include/openssl/opensslconf.h | 3 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 - > .../Library/OpensslLib/OpensslLibCrypto.inf | 3 - > CryptoPkg/Private/Protocol/Crypto.h | 115 ++-------- > 18 files changed, 43 insertions(+), 961 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c >=20 > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index 95fc834bde..388a6e4b4b 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -1982,150 +1982,61 @@ CryptoServiceAesCbcDecrypt ( > } >=20 > /** > - Retrieves the size, in bytes, of the context buffer required for ARC4 = operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for ARC4 o= perations. > - @retval 0 This interface is not supported. > + ARC4 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > UINTN > EFIAPI > -CryptoServiceArc4GetContextSize ( > +DeprecatedCryptoServiceArc4GetContextSize ( > VOID > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize, > Arc4GetContextSize, (), 0); > + return BaseCryptLibServciceDeprecated ("Arc4GetContextSize"), 0; > } >=20 > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context = as ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encrypti= on and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceArc4Init ( > +DeprecatedCryptoServiceArc4Init ( > OUT VOID *Arc4Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, = Key, > KeySize), FALSE); > + return BaseCryptLibServciceDeprecated ("Arc4Init"), FALSE; > } >=20 > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceArc4Encrypt ( > +DeprecatedCryptoServiceArc4Encrypt ( > IN OUT VOID *Arc4Context, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Con= text, > Input, InputSize, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("Arc4Encrypt"), FALSE; > } >=20 > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceArc4Decrypt ( > +DeprecatedCryptoServiceArc4Decrypt ( > IN OUT VOID *Arc4Context, > IN UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Con= text, > Input, InputSize, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("Arc4Decrypt"), FALSE; > } >=20 > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately a= fter the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, b= ut ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceArc4Reset ( > +DeprecatedCryptoServiceArc4Reset ( > IN OUT VOID *Arc4Context > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context= ), > FALSE); > + return BaseCryptLibServciceDeprecated ("Arc4Reset"), FALSE; > } >=20 >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > @@ -4447,12 +4358,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { > CryptoServiceAesEcbDecrypt, > CryptoServiceAesCbcEncrypt, > CryptoServiceAesCbcDecrypt, > - /// Arc4 > - CryptoServiceArc4GetContextSize, > - CryptoServiceArc4Init, > - CryptoServiceArc4Encrypt, > - CryptoServiceArc4Decrypt, > - CryptoServiceArc4Reset, > + /// Arc4 - deprecated and unsupported > + DeprecatedCryptoServiceArc4GetContextSize, > + DeprecatedCryptoServiceArc4Init, > + DeprecatedCryptoServiceArc4Encrypt, > + DeprecatedCryptoServiceArc4Decrypt, > + DeprecatedCryptoServiceArc4Reset, > /// SM3 > CryptoServiceSm3GetContextSize, > CryptoServiceSm3Init, > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index c862f0334f..25e236c4a3 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -1667,138 +1667,6 @@ AesCbcDecrypt ( > OUT UINT8 *Output > ); >=20 > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 = operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for ARC4 o= perations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ); > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context = as ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encrypti= on and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ); > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately a= fter the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, b= ut ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ); > - >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > // Asymmetric Cryptography Primitive >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > index 22992e7d43..da38ea552f 100644 > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -40,7 +40,6 @@ > Kdf/CryptHkdf.c > Cipher/CryptAes.c > Cipher/CryptTdes.c > - Cipher/CryptArc4.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExt.c > Pk/CryptPkcs1Oaep.c > diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > deleted file mode 100644 > index 388d312bed..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > +++ /dev/null > @@ -1,205 +0,0 @@ > -/** @file > - ARC4 Wrapper Implementation over OpenSSL. > - > -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > -#include > - > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 = operations. > - > - @return The size, in bytes, of the context buffer required for ARC4 o= perations. > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ) > -{ > - // > - // Memory for 2 copies of RC4_KEY is allocated, one for working copy, = and > the other > - // for backup copy. When Arc4Reset() is called, we can use the backup = copy to > restore > - // the working copy to the initial state. > - // > - return (UINTN) (2 * sizeof (RC4_KEY)); > -} > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context = as ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encrypti= on and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - RC4_KEY *Rc4Key; > - > - // > - // Check input parameters. > - // > - if (Arc4Context =3D=3D NULL || Key =3D=3D NULL || (KeySize < 5 || KeyS= ize > 256)) { > - return FALSE; > - } > - > - Rc4Key =3D (RC4_KEY *) Arc4Context; > - > - RC4_set_key (Rc4Key, (UINT32) KeySize, Key); > - > - CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY)); > - > - return TRUE; > -} > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - RC4_KEY *Rc4Key; > - > - // > - // Check input parameters. > - // > - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL= || InputSize > > INT_MAX) { > - return FALSE; > - } > - > - Rc4Key =3D (RC4_KEY *) Arc4Context; > - > - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); > - > - return TRUE; > -} > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - RC4_KEY *Rc4Key; > - > - // > - // Check input parameters. > - // > - if (Arc4Context =3D=3D NULL || Input =3D=3D NULL || Output =3D=3D NULL= || InputSize > > INT_MAX) { > - return FALSE; > - } > - > - Rc4Key =3D (RC4_KEY *) Arc4Context; > - > - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); > - > - return TRUE; > -} > - > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately a= fter the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, b= ut ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ) > -{ > - RC4_KEY *Rc4Key; > - > - // > - // Check input parameters. > - // > - if (Arc4Context =3D=3D NULL) { > - return FALSE; > - } > - > - Rc4Key =3D (RC4_KEY *) Arc4Context; > - > - CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY)); > - > - return TRUE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > deleted file mode 100644 > index 1f09bfa30e..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > +++ /dev/null > @@ -1,124 +0,0 @@ > -/** @file > - ARC4 Wrapper Implementation which does not provide real capabilities. > - > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 = operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > encryption output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > decryption output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Resets the ARC4 context to the initial state. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > index e9add0127d..f43953b78c 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 > functions, RSA external > +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, > RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , X.509 > # certificate handler functions, authenticode signature verification fu= nctions, > # PEM handler functions, and pseudorandom number generator functions ar= e > not > @@ -46,7 +46,6 @@ > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > Cipher/CryptTdesNull.c > - Cipher/CryptArc4Null.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1OaepNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > index 374bfb3f65..5abd8e8dfb 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > @@ -7,7 +7,7 @@ > // buffer overflow or integer overflow. > // > // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > +// TDES functions, RSA external functions, PKCS#7 SignedData sign functi= ons, > // Diffie-Hellman functions, X.509 certificate handler functions, authen= ticode > // signature verification functions, PEM handler functions, and pseudora= ndom > number > // generator functions are not supported in this instance. > @@ -21,5 +21,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for PEIM" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, > PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certifi= cate > handler functions, authenticode signature verification functions, PEM han= dler > functions, and pseudorandom number generator functions are not supported = in > this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, X.509 certificate ha= ndler > functions, authenticode signature verification functions, PEM handler fun= ctions, > and pseudorandom number generator functions are not supported in this > instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > index 0a2eb03232..f1eb099b67 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 > functions, RSA external > +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, > RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , and > # authenticode signature verification functions are not supported in th= is > instance. > # > @@ -46,7 +46,6 @@ > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > Cipher/CryptTdesNull.c > - Cipher/CryptArc4Null.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1OaepNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > index b6d751176e..5a48d2a308 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > @@ -7,7 +7,7 @@ > // buffer overflow or integer overflow. > // > // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > +// TDES functions, RSA external functions, PKCS#7 SignedData sign functi= ons, > // Diffie-Hellman functions, and authenticode signature verification fun= ctions > are > // not supported in this instance. > // > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for DXE_RUNTIME_DRIVER" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, > PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentic= ode > signature verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode sig= nature > verification functions are not supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > index 139983075e..3a94655775 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA > external > +# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , and > # authenticode signature verification functions are not supported in th= is > instance. > # > @@ -45,7 +45,6 @@ > Kdf/CryptHkdfNull.c > Cipher/CryptAes.c > Cipher/CryptTdesNull.c > - Cipher/CryptArc4Null.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1Oaep.c > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > index b8d7953d2b..0561f107e8 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > @@ -7,7 +7,7 @@ > // buffer overflow or integer overflow. > // > // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > +// TDES functions, RSA external functions, PKCS#7 SignedData sign functi= ons, > // Diffie-Hellman functions, and authenticode signature verification fun= ctions > are > // not supported in this instance. > // > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for SMM driver" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, > PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentic= ode > signature verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode sig= nature > verification functions are not supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > index b03681b146..a205c9005d 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > @@ -40,7 +40,6 @@ > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > Cipher/CryptTdesNull.c > - Cipher/CryptArc4Null.c > Pk/CryptRsaBasicNull.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1OaepNull.c > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > deleted file mode 100644 > index 1f09bfa30e..0000000000 > --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > +++ /dev/null > @@ -1,124 +0,0 @@ > -/** @file > - ARC4 Wrapper Implementation which does not provide real capabilities. > - > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 = operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > encryption output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > decryption output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Resets the ARC4 context to the initial state. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index 5e470028f4..77915bdb86 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -1892,153 +1892,6 @@ AesCbcDecrypt ( > CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ive= c, > Output), FALSE); > } >=20 > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 = operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for ARC4 o= perations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4GetContextSize, (), 0); > -} > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context = as ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encrypti= on and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4Init, (Arc4Context, Key, KeySize), FALSE); > -} > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4Encrypt, (Arc4Context, Input, InputSize, Outp= ut), > FALSE); > -} > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4Decrypt, (Arc4Context, Input, InputSize, Outp= ut), > FALSE); > -} > - > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately a= fter the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, b= ut ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4Reset, (Arc4Context), FALSE); > -} > - >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > // Asymmetric Cryptography Primitive >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > index 4f3f9ba377..22acabef87 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -244,6 +244,9 @@ extern "C" { > #ifndef OPENSSL_NO_MD4 > # define OPENSSL_NO_MD4 > #endif > +#ifndef OPENSSL_NO_RC4 > +# define OPENSSL_NO_RC4 > +#endif >=20 >=20 > /* > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index 10710e4a7c..dfaefd1c08 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -374,8 +374,6 @@ > $(OPENSSL_PATH)/crypto/rand/rand_unix.c > $(OPENSSL_PATH)/crypto/rand/rand_vms.c > $(OPENSSL_PATH)/crypto/rand/rand_win.c > - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c > - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c > $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c > $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c > $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c > @@ -531,7 +529,6 @@ > $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h > $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h > $(OPENSSL_PATH)/crypto/rand/rand_lcl.h > - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h > $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h > $(OPENSSL_PATH)/crypto/sha/sha_locl.h > $(OPENSSL_PATH)/crypto/siphash/siphash_local.h > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index d9782a3098..080e1d9305 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -374,8 +374,6 @@ > $(OPENSSL_PATH)/crypto/rand/rand_unix.c > $(OPENSSL_PATH)/crypto/rand/rand_vms.c > $(OPENSSL_PATH)/crypto/rand/rand_win.c > - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c > - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c > $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c > $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c > $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c > @@ -531,7 +529,6 @@ > $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h > $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h > $(OPENSSL_PATH)/crypto/rand/rand_lcl.h > - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h > $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h > $(OPENSSL_PATH)/crypto/sha/sha_locl.h > $(OPENSSL_PATH)/crypto/siphash/siphash_local.h > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index ae0f29695c..f36c5c1aff 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -2785,134 +2785,45 @@ BOOLEAN > ); >=20 > /** > - Retrieves the size, in bytes, of the context buffer required for ARC4 = operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for ARC4 o= perations. > - @retval 0 This interface is not supported. > + ARC4 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > typedef > UINTN > -(EFIAPI *EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) ( > VOID > ); >=20 > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context = as ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encrypti= on and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_ARC4_INIT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_INIT) ( > OUT VOID *Arc4Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ); >=20 > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_ARC4_ENCRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT) ( > IN OUT VOID *Arc4Context, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ); >=20 > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input= , of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). Beh= avior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the dat= a to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AR= C4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_ARC4_DECRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT) ( > IN OUT VOID *Arc4Context, > IN UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ); >=20 > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately a= fter the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, b= ut ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_ARC4_RESET) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_RESET) ( > IN OUT VOID *Arc4Context > ); >=20 > @@ -4014,12 +3925,12 @@ struct _EDKII_CRYPTO_PROTOCOL { > EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt; > EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; > EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; > - /// Arc4 > - EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE Arc4GetContextSize; > - EDKII_CRYPTO_ARC4_INIT Arc4Init; > - EDKII_CRYPTO_ARC4_ENCRYPT Arc4Encrypt; > - EDKII_CRYPTO_ARC4_DECRYPT Arc4Decrypt; > - EDKII_CRYPTO_ARC4_RESET Arc4Reset; > + /// Arc4 - deprecated and unsupported > + DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE > DeprecatedArc4GetContextSize; > + DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init; > + DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encrypt; > + DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decrypt; > + DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset; > /// SM3 > EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize; > EDKII_CRYPTO_SM3_INIT Sm3Init; > -- > 2.21.0.windows.1