From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web12.12588.1588951149078710335 for ; Fri, 08 May 2020 08:19:09 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: jian.j.wang@intel.com) IronPort-SDR: sHMKeW3Y4MBJFTxB/c+1ncKMs9VhUpzVwR9zj5kq9AFNYn7tldjiFTS1bOe+ZGHdWcb6OVa8VA yCDfvInfIpwg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2020 08:19:08 -0700 IronPort-SDR: nL0Licg+62X/EFHSzuLFacMkHSs54UXlRo2QDbk+4jQ8Z9TA/LFE8IrF6Rn/idnznk3pJgaB0y Lxp20m5TJzgQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,368,1583222400"; d="scan'208";a="261007015" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga003.jf.intel.com with ESMTP; 08 May 2020 08:19:08 -0700 Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 8 May 2020 08:19:07 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 8 May 2020 08:19:07 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.200]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.210]) with mapi id 14.03.0439.000; Fri, 8 May 2020 23:19:04 +0800 From: "Wang, Jian J" To: "Gao, Zhichao" , "devel@edk2.groups.io" CC: "Lu, XiaoyuX" , "Fu, Siyuan" , "Kinney, Michael D" , "Yao, Jiewen" Subject: Re: [PATCH V3 2/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Thread-Topic: [PATCH V3 2/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Thread-Index: AQHWJAItRyV1mEyTRE2ylcB9KpT3M6ieT7iQ Date: Fri, 8 May 2020 15:19:03 +0000 Message-ID: References: <20200506235746.19500-1-zhichao.gao@intel.com> <20200506235746.19500-3-zhichao.gao@intel.com> In-Reply-To: <20200506235746.19500-3-zhichao.gao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sorry for the out-of-order review. Please refer to comments for patch 3. Regards, Jian > -----Original Message----- > From: Gao, Zhichao > Sent: Thursday, May 07, 2020 7:58 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Fu, Siyuan ; Kinney, Michael D > ; Yao, Jiewen > Subject: [PATCH V3 2/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 >=20 > MD4 is not secure any longer. > Remove the MD4 support from edk2. > Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the > function is unsupported any longer. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Siyuan Fu > Cc: Michael D Kinney > Cc: Jiewen Yao > Signed-off-by: Zhichao Gao > --- > CryptoPkg/CryptoPkg.dsc | 1 - > CryptoPkg/Driver/Crypto.c | 135 ++--------- > CryptoPkg/Include/Library/BaseCryptLib.h | 145 ------------ > .../Library/BaseCryptLib/BaseCryptLib.inf | 3 +- > .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------------------ > .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----------- > .../Library/BaseCryptLib/PeiCryptLib.inf | 5 +- > .../Library/BaseCryptLib/PeiCryptLib.uni | 6 +- > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +- > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 5 +- > .../Library/BaseCryptLib/SmmCryptLib.uni | 6 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - > .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----------- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 158 ------------- > .../Library/Include/openssl/opensslconf.h | 3 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 - > .../Library/OpensslLib/OpensslLibCrypto.inf | 3 - > CryptoPkg/Private/Protocol/Crypto.h | 123 ++-------- > 19 files changed, 55 insertions(+), 1062 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.= c >=20 > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index f79ff331cf..6ed7046563 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -140,7 +140,6 @@ >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam > ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family = | > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index 05ad4b5d55..95fc834bde 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -124,161 +124,68 @@ CryptoServiceGetCryptoVersion ( >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > /** > - Retrieves the size, in bytes, of the context buffer required for MD4 h= ash > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for MD4 ha= sh > operations. > - @retval 0 This interface is not supported. > + MD4 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > UINTN > EFIAPI > -CryptoServiceMd4GetContextSize ( > +DeprecatedCryptoServiceMd4GetContextSize ( > VOID > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, > Md4GetContextSize, (), 0); > + return BaseCryptLibServciceDeprecated ("Md4GetContextSize"), 0; > } >=20 > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash con= text > for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4Init ( > +DeprecatedCryptoServiceMd4Init ( > OUT VOID *Md4Context > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), FA= LSE); > + return BaseCryptLibServciceDeprecated ("Md4Init"), FALSE; > } >=20 > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4Duplicate ( > +DeprecatedCryptoServiceMd4Duplicate ( > IN CONST VOID *Md4Context, > OUT VOID *NewMd4Context > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, > (Md4Context, NewMd4Context), FALSE); > + return BaseCryptLibServciceDeprecated ("Md4Duplicate"), FALSE; > } >=20 > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified si= ze. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the data= to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4Update ( > +DeprecatedCryptoServiceMd4Update ( > IN OUT VOID *Md4Context, > IN CONST VOID *Data, > IN UINTN DataSize > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, (Md4Context, > Data, DataSize), FALSE); > + return BaseCryptLibServciceDeprecated ("Md4Update"), FALSE; > } >=20 > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest = value > into > - the specified memory. After this function has been called, the MD4 con= text > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefine= d. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD4= digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4Final ( > +DeprecatedCryptoServiceMd4Final ( > IN OUT VOID *Md4Context, > OUT UINT8 *HashValue > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, > HashValue), FALSE); > + return BaseCryptLibServciceDeprecated ("Md4Final"), FALSE; > } >=20 > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer, = and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to = be hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 dig= est > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4HashAll ( > +DeprecatedCryptoServiceMd4HashAll ( > IN CONST VOID *Data, > IN UINTN DataSize, > OUT UINT8 *HashValue > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, > DataSize, HashValue), FALSE); > + return BaseCryptLibServciceDeprecated ("Md4HashAll"), FALSE; > } >=20 > /** > @@ -4440,13 +4347,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { > CryptoServiceHmacSha256Duplicate, > CryptoServiceHmacSha256Update, > CryptoServiceHmacSha256Final, > - /// Md4 > - CryptoServiceMd4GetContextSize, > - CryptoServiceMd4Init, > - CryptoServiceMd4Duplicate, > - CryptoServiceMd4Update, > - CryptoServiceMd4Final, > - CryptoServiceMd4HashAll, > + /// Md4 - deprecated and unsupported > + DeprecatedCryptoServiceMd4GetContextSize, > + DeprecatedCryptoServiceMd4Init, > + DeprecatedCryptoServiceMd4Duplicate, > + DeprecatedCryptoServiceMd4Update, > + DeprecatedCryptoServiceMd4Final, > + DeprecatedCryptoServiceMd4HashAll, > /// Md5 > CryptoServiceMd5GetContextSize, > CryptoServiceMd5Init, > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 5e8f2e0a10..c862f0334f 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > #include >=20 > -/// > -/// MD4 digest size in bytes > -/// > -#define MD4_DIGEST_SIZE 16 > - > /// > /// MD5 digest size in bytes > /// > @@ -77,146 +72,6 @@ typedef enum { > // One-Way Cryptographic Hash Primitives >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 h= ash > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for MD4 ha= sh > operations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ); > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash con= text > for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ); > - > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ); > - > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified si= ze. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the data= to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ); > - > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest = value > into > - the specified memory. After this function has been called, the MD4 con= text > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefine= d. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD4= digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ); > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer, = and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to = be hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 dig= est > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ); > - > /** > Retrieves the size, in bytes, of the context buffer required for MD5 h= ash > operations. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > index a63ad66b4f..22992e7d43 100644 > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -6,7 +6,7 @@ > # This external input must be validated carefully to avoid security iss= ues such as > # buffer overflow or integer overflow. > # > -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved. > # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All ri= ghts > reserved.
> # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -29,7 +29,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4.c > Hash/CryptMd5.c > Hash/CryptSha1.c > Hash/CryptSha256.c > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > deleted file mode 100644 > index bc02da07b0..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > +++ /dev/null > @@ -1,223 +0,0 @@ > -/** @file > - MD4 Digest Wrapper Implementation over OpenSSL. > - > -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > -#include > - > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 h= ash > operations. > - > - @return The size, in bytes, of the context buffer required for MD4 ha= sh > operations. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ) > -{ > - // > - // Retrieves the OpenSSL MD4 Context Size > - // > - return (UINTN) (sizeof (MD4_CTX)); > -} > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash con= text > for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ) > -{ > - // > - // Check input parameters. > - // > - if (Md4Context =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // OpenSSL MD4 Context Initialization > - // > - return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context)); > -} > - > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ) > -{ > - // > - // Check input parameters. > - // > - if (Md4Context =3D=3D NULL || NewMd4Context =3D=3D NULL) { > - return FALSE; > - } > - > - CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX)); > - > - return TRUE; > -} > - > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified si= ze. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the data= to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - // > - // Check input parameters. > - // > - if (Md4Context =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // Check invalid parameters, in case that only DataLength was checked = in > OpenSSL > - // > - if (Data =3D=3D NULL && DataSize !=3D 0) { > - return FALSE; > - } > - > - // > - // OpenSSL MD4 Hash Update > - // > - return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize))= ; > -} > - > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest = value > into > - the specified memory. After this function has been called, the MD4 con= text > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefine= d. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD4= digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ) > -{ > - // > - // Check input parameters. > - // > - if (Md4Context =3D=3D NULL || HashValue =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // OpenSSL MD4 Hash Finalization > - // > - return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context)); > -} > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer, = and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to = be hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 dig= est > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ) > -{ > - // > - // Check input parameters. > - // > - if (HashValue =3D=3D NULL) { > - return FALSE; > - } > - if (Data =3D=3D NULL && DataSize !=3D 0) { > - return FALSE; > - } > - > - // > - // OpenSSL MD4 Hash Computation. > - // > - if (MD4 (Data, DataSize, HashValue) =3D=3D NULL) { > - return FALSE; > - } else { > - return TRUE; > - } > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > deleted file mode 100644 > index 610c61c713..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > +++ /dev/null > @@ -1,143 +0,0 @@ > -/** @file > - MD4 Digest Wrapper Implementation which does not provide real capabili= ties. > - > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 h= ash > - operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash con= text > for > - subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing MD4 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates MD4 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the data= to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the MD4 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD4= digest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] Data Pointer to the buffer containing the data to = be hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 dig= est > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > index c836c257f8..e9add0127d 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > @@ -6,14 +6,14 @@ > # This external input must be validated carefully to avoid security iss= ues such as > # buffer overflow or integer overflow. > # > -# Note: MD4 Digest functions, > +# Note: > # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 > functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , X.509 > # certificate handler functions, authenticode signature verification fu= nctions, > # PEM handler functions, and pseudorandom number generator functions ar= e > not > # supported in this instance. > # > -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > ## > @@ -35,7 +35,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4Null.c > Hash/CryptMd5.c > Hash/CryptSha1.c > Hash/CryptSha256.c > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > index 9937555beb..374bfb3f65 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > @@ -6,13 +6,13 @@ > // This external input must be validated carefully to avoid security iss= ues such as > // buffer overflow or integer overflow. > // > -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, > AES/ > +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > // Diffie-Hellman functions, X.509 certificate handler functions, authen= ticode > // signature verification functions, PEM handler functions, and pseudora= ndom > number > // generator functions are not supported in this instance. > // > -// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. > +// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. > // > // SPDX-License-Identifier: BSD-2-Clause-Patent > // > @@ -21,5 +21,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for PEIM" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: MD4 Digest func= tions, > HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA > external functions, PKCS#7 SignedData sign functions, Diffie-Hellman func= tions, > X.509 certificate handler functions, authenticode signature verification = functions, > PEM handler functions, and pseudorandom number generator functions are no= t > supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, > PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certifi= cate > handler functions, authenticode signature verification functions, PEM han= dler > functions, and pseudorandom number generator functions are not supported = in > this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > index e5b8ececc1..0a2eb03232 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > @@ -6,12 +6,12 @@ > # This external input must be validated carefully to avoid security iss= ues such as > # buffer overflow or integer overflow. > # > -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest > functions, > +# Note: SHA-384 Digest functions, SHA-512 Digest functions, > # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 > functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , and > # authenticode signature verification functions are not supported in th= is > instance. > # > -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved. > # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All ri= ghts > reserved.
> # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -35,7 +35,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4Null.c > Hash/CryptMd5.c > Hash/CryptSha1.c > Hash/CryptSha256.c > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > index c0a16f1b84..b6d751176e 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > @@ -6,12 +6,12 @@ > // This external input must be validated carefully to avoid security iss= ues such as > // buffer overflow or integer overflow. > // > -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, > AES/ > +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > // Diffie-Hellman functions, and authenticode signature verification fun= ctions > are > // not supported in this instance. > // > -// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. > +// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved. > // > // SPDX-License-Identifier: BSD-2-Clause-Patent > // > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for DXE_RUNTIME_DRIVER" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: MD4 Digest func= tions, > HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA > external functions, PKCS#7 SignedData sign functions, Diffie-Hellman func= tions, > and authenticode signature verification functions are not supported in th= is > instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, > PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentic= ode > signature verification functions are not supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > index cc0b65fd25..139983075e 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > @@ -6,12 +6,12 @@ > # This external input must be validated carefully to avoid security iss= ues such as > # buffer overflow or integer overflow. > # > -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest > functions, > +# Note: SHA-384 Digest functions, SHA-512 Digest functions, > # HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA > external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions= , and > # authenticode signature verification functions are not supported in th= is > instance. > # > -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > ## > @@ -34,7 +34,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4Null.c > Hash/CryptMd5.c > Hash/CryptSha1.c > Hash/CryptSha256.c > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > index 83485fbb90..b8d7953d2b 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > @@ -6,12 +6,12 @@ > // This external input must be validated carefully to avoid security iss= ues such as > // buffer overflow or integer overflow. > // > -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, > AES/ > +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > // Diffie-Hellman functions, and authenticode signature verification fun= ctions > are > // not supported in this instance. > // > -// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. > +// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. > // > // SPDX-License-Identifier: BSD-2-Clause-Patent > // > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for SMM driver" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: MD4 Digest func= tions, > HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA > external functions, PKCS#7 SignedData sign functions, Diffie-Hellman func= tions, > and authenticode signature verification functions are not supported in th= is > instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have e= xternal > input - signature. This external input must be validated carefully to avo= id security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functi= ons, > HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, > PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authentic= ode > signature verification functions are not supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > index 9b4991cbb0..b03681b146 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > @@ -29,7 +29,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4Null.c > Hash/CryptMd5Null.c > Hash/CryptSha1Null.c > Hash/CryptSha256Null.c > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c > deleted file mode 100644 > index 610c61c713..0000000000 > --- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c > +++ /dev/null > @@ -1,143 +0,0 @@ > -/** @file > - MD4 Digest Wrapper Implementation which does not provide real capabili= ties. > - > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 h= ash > - operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash con= text > for > - subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing MD4 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates MD4 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the data= to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the MD4 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD4= digest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] Data Pointer to the buffer containing the data to = be hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 dig= est > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index c2a1df9afc..5e470028f4 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -99,164 +99,6 @@ CryptoServiceNotAvailable ( > // One-Way Cryptographic Hash Primitives >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 h= ash > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for MD4 ha= sh > operations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4GetContextSize, (), 0); > -} > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash con= text > for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4Init, (Md4Context), FALSE); > -} > - > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4Duplicate, (Md4Context, NewMd4Context), > FALSE); > -} > - > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified si= ze. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the data= to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4Update, (Md4Context, Data, DataSize), FALSE); > -} > - > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest = value > into > - the specified memory. After this function has been called, the MD4 con= text > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefine= d. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD4= digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4Final, (Md4Context, HashValue), FALSE); > -} > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer, = and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to = be hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 dig= est > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4HashAll, (Data, DataSize, HashValue), FALSE); > -} > - > /** > Retrieves the size, in bytes, of the context buffer required for MD5 h= ash > operations. >=20 > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > index bd34e53ef2..4f3f9ba377 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -241,6 +241,9 @@ extern "C" { > #ifndef OPENSSL_NO_AFALGENG > # define OPENSSL_NO_AFALGENG > #endif > +#ifndef OPENSSL_NO_MD4 > +# define OPENSSL_NO_MD4 > +#endif >=20 >=20 > /* > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index 9ed0175553..10710e4a7c 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -294,8 +294,6 @@ > $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c > $(OPENSSL_PATH)/crypto/lhash/lh_stats.c > $(OPENSSL_PATH)/crypto/lhash/lhash.c > - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c > - $(OPENSSL_PATH)/crypto/md4/md4_one.c > $(OPENSSL_PATH)/crypto/md5/md5_dgst.c > $(OPENSSL_PATH)/crypto/md5/md5_one.c > $(OPENSSL_PATH)/crypto/mem.c > @@ -525,7 +523,6 @@ > $(OPENSSL_PATH)/crypto/evp/evp_locl.h > $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h > $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h > - $(OPENSSL_PATH)/crypto/md4/md4_locl.h > $(OPENSSL_PATH)/crypto/md5/md5_locl.h > $(OPENSSL_PATH)/crypto/modes/modes_lcl.h > $(OPENSSL_PATH)/crypto/objects/obj_dat.h > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 03da266627..d9782a3098 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -294,8 +294,6 @@ > $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c > $(OPENSSL_PATH)/crypto/lhash/lh_stats.c > $(OPENSSL_PATH)/crypto/lhash/lhash.c > - $(OPENSSL_PATH)/crypto/md4/md4_dgst.c > - $(OPENSSL_PATH)/crypto/md4/md4_one.c > $(OPENSSL_PATH)/crypto/md5/md5_dgst.c > $(OPENSSL_PATH)/crypto/md5/md5_one.c > $(OPENSSL_PATH)/crypto/mem.c > @@ -525,7 +523,6 @@ > $(OPENSSL_PATH)/crypto/evp/evp_locl.h > $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h > $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h > - $(OPENSSL_PATH)/crypto/md4/md4_locl.h > $(OPENSSL_PATH)/crypto/md5/md5_locl.h > $(OPENSSL_PATH)/crypto/modes/modes_lcl.h > $(OPENSSL_PATH)/crypto/objects/obj_dat.h > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index 40c387e002..ae0f29695c 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -451,145 +451,52 @@ BOOLEAN >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > /** > - Retrieves the size, in bytes, of the context buffer required for MD4 h= ash > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for MD4 ha= sh > operations. > - @retval 0 This interface is not supported. > + MD4 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > typedef > UINTN > -(EFIAPI *EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) ( > VOID > ); >=20 >=20 > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash con= text > for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_INIT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_INIT) ( > OUT VOID *Md4Context > ); >=20 >=20 > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_DUPLICATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE) ( > IN CONST VOID *Md4Context, > OUT VOID *NewMd4Context > ); >=20 >=20 > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified si= ze. > - It can be called multiple times to compute the digest of long or disco= ntinuous > data streams. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the data= to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_UPDATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_UPDATE) ( > IN OUT VOID *Md4Context, > IN CONST VOID *Data, > IN UINTN DataSize > ); >=20 >=20 > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest = value > into > - the specified memory. After this function has been called, the MD4 con= text > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and = should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefine= d. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD4= digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_FINAL) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_FINAL) ( > IN OUT VOID *Md4Context, > OUT UINT8 *HashValue > ); >=20 >=20 > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer, = and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to = be hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 dig= est > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_HASH_ALL) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL) ( > IN CONST VOID *Data, > IN UINTN DataSize, > OUT UINT8 *HashValue > @@ -4007,13 +3914,13 @@ struct _EDKII_CRYPTO_PROTOCOL { > EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate; > EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update; > EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final; > - /// Md4 > - EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE Md4GetContextSize; > - EDKII_CRYPTO_MD4_INIT Md4Init; > - EDKII_CRYPTO_MD4_DUPLICATE Md4Duplicate; > - EDKII_CRYPTO_MD4_UPDATE Md4Update; > - EDKII_CRYPTO_MD4_FINAL Md4Final; > - EDKII_CRYPTO_MD4_HASH_ALL Md4HashAll; > + /// Md4 - deprecated and unsupported > + DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE > DeprecatedMd4GetContextSize; > + DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init; > + DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE > DeprecatedMd4Duplicate; > + DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update; > + DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final; > + DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll; > /// Md5 > EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize; > EDKII_CRYPTO_MD5_INIT Md5Init; > -- > 2.21.0.windows.1