From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.5655.1589426023689443072 for ; Wed, 13 May 2020 20:13:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=QzopjDMC; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: guomin.jiang@intel.com) IronPort-SDR: qeflVn0FHbmCeO0imQ2tZv0EGp9+OhVR4S1fXS0mwEvpRsqgXiyvbvhdZGK5RmGCwArko9p9gw QNFBNZiWahIQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 May 2020 20:13:42 -0700 IronPort-SDR: o46tTrZO4J6oEzq3FWeaJ9UysHLv1GwVwtni5tjP828hYBObNG54NbKEYTPE3aby2lq84YhrZX vyCy21KYyi9Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,390,1583222400"; d="scan'208";a="306972466" Received: from orsmsx108.amr.corp.intel.com ([10.22.240.6]) by FMSMGA003.fm.intel.com with ESMTP; 13 May 2020 20:13:42 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX108.amr.corp.intel.com (10.22.240.6) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 13 May 2020 20:13:41 -0700 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 13 May 2020 20:13:41 -0700 Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Wed, 13 May 2020 20:13:41 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.103) by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 13 May 2020 20:13:40 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EpbIp2o046psrbqPl0B9ARtoBq8CYPtGqxy9tiXdf4lcw09lEEWFT+AtPKjrvmFiS61mNmNf1Ml9Tx0enaz+JDLai/togkOgaY5/Xdg8Ss8zXEWbL6rKLYC/wDYxS1izialOAMvsBn4dwIhvZJ/+jh/zYXvVHl6Ts4N8j1A7VHR+KGbTLSegmIxKMohdADVKIQ4sacc8moPI1xKUOLMk9/FmznZ9UVLT9Iy/K3NgUUGIUDISLHtQ6t0HBXwPyrEd7PflwSNeOw5Z5W9Q1oBPYxVouMySPK1PAZLNNHvx4bbVxjpPA9ZqRf5ykCDjPpm00mCLWBiIMOYRReBslfO6vg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aJdy2Px0NYi9vWcMMiN++WnMHHrx3alo8aMdmjzT5uk=; b=B93cYnYW9yVPOhRxBRll3VSDyK2/gYgIswMfR36S0euEaLpZnQl9ecZFXuvhVe8oNwOzyHq7/xOpo2lZH9rp4bnSL3C4STtEYJhGvc8RnM0u+aM185Vxgw+AD5jzgkq34hYlyI8a4JWE77IOqXNeCmXPLErq2F5hQUNV+PR4uhDvqawGDJjudrvU/ak2nvFWaWS/ZzOT3GrKO2nM5e7G+nKGkdJSrqxayVmJwBgX7NTvO+oP9jnW7SsluL6IanBezNPjsuEc8hof+q7lO/KQv7ScV+QtO2S1n9qdt1k0HaiPfW9Kp7Je+41t9FDAF64+iXOeM4qiMf3LOvtnmg4HIQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aJdy2Px0NYi9vWcMMiN++WnMHHrx3alo8aMdmjzT5uk=; b=QzopjDMCuClELm0jwCxAb2clsJUgyTyg3wphNU1c6eNQkzzOESKupAmwKeYZYvI5CzhWP+bJdDkCkfDwEEUkZfqrYIE0BVjgKKmOVi5SZUITWBlOzPuuAZ4oINx0uPuDZfc8+45ALk5MHw/qmNHTIZbit5Sd8WCNqQLphco4Uo4= Received: from DM6PR11MB2955.namprd11.prod.outlook.com (2603:10b6:5:65::31) by DM6PR11MB4579.namprd11.prod.outlook.com (2603:10b6:5:2ab::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.25; Thu, 14 May 2020 03:13:38 +0000 Received: from DM6PR11MB2955.namprd11.prod.outlook.com ([fe80::ccd4:4b0d:535a:58be]) by DM6PR11MB2955.namprd11.prod.outlook.com ([fe80::ccd4:4b0d:535a:58be%7]) with mapi id 15.20.2979.033; Thu, 14 May 2020 03:13:38 +0000 From: "Guomin Jiang" To: "devel@edk2.groups.io" , "Gao, Zhichao" CC: "Wang, Jian J" , "Lu, XiaoyuX" , "Fu, Siyuan" , "Kinney, Michael D" , "Yao, Jiewen" , Philippe Mathieu-Daude Subject: Re: [edk2-devel] [PATCH V4 02/11] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Thread-Topic: [edk2-devel] [PATCH V4 02/11] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Thread-Index: AQHWJ8HuQY68hQH9A0G5plvbqhHN66im6jbg Date: Thu, 14 May 2020 03:13:37 +0000 Message-ID: References: <20200511182718.7728-1-zhichao.gao@intel.com> <20200511182718.7728-3-zhichao.gao@intel.com> In-Reply-To: <20200511182718.7728-3-zhichao.gao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.55.52.196] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4aa8e7a0-0c70-47a0-342e-08d7f7b4cbd0 x-ms-traffictypediagnostic: DM6PR11MB4579: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 040359335D x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 99Z9vVNlMQiUKvFETRBgv5KqBRZQcl01psyHNAwktPNyT1X9Yu6xXmXuuCsWrMNPRZg4ZGHP4jXHx5dXSKRlVQLGaMsZE/iF+pt6x6jcd4fPTYv8Q+JyASrYQBhvl1tmt9dR/ieH3u6g0SRRwQYjFSTTy1DQ2tAG7UW8PalmVD8M2r7jBdNw95IVriSv8zUaFiSK4UPX8ktEtRm8ntaC0VUXYnwPWibjyV5Y45WI6iLvjEnPjOusWPQIEMWvvBI4LWz41SrzuA+Y2rOdua/MCcHsyAD0k+9rtNgLDYsxpWGTKgg2v9fPIYZo2GwfiUtpJYt12Sf88M4P6k0JAs0TjciyOgAKcIYOzxtVHhczfBoOxzH09gcqoNVII76bVbc05QDDiD4aAe7Llvm+npr6chYM/2CEm8oPCwHnFDtxL6SVVOB5IAK9WhFX4UEkEzQ0u4erRF0QYWuuoulryyRvScigtc1hFR6bZJkSt810SGdbllXw8nG0AIt5yNYx0b28/gNd/nsIm00bpalABews8g== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB2955.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(376002)(39860400002)(346002)(366004)(396003)(136003)(6506007)(53546011)(30864003)(9686003)(478600001)(26005)(6636002)(19627235002)(8676002)(186003)(8936002)(55016002)(110136005)(54906003)(966005)(7696005)(316002)(33656002)(5660300002)(76116006)(66946007)(66556008)(66476007)(64756008)(52536014)(66446008)(86362001)(71200400001)(2906002)(4326008)(559001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: J1U+MaNNhLucL08iXB6cEQqbM/TGIwgbRiu3ZiaYO+LHhKQbKabUGRrr8Ethkglm45FO8DXgBCS/MckdxDwxK/MkrquXO76rlR3RVKxXehH3mMRBo+u3qxvZRAq70iQ0LPwoJM4G6WHHAOQd+MekEhVcP39ETSssMdAikwr996h1npaIqbTaDamSsxQCCgEsDhPooOvyWgGcYCd4cGDdgZRN1L7FnDDpTOY9BAFbg9UWiz28hf/EasapSX1P9uk4jJgzR/kRCp+pgvJTXsWdAvnac87R9HfATa4kqM2vID+QhNMccOI100SgGqsh4fT4XT0/LcYNR3exBV3TdEyhYuqZEoly/GRhOz3SVIiF652p12L9M0MiWIvgZHnd6XwfW5IdjJk7SxUqpSaycsOEcIMx2v3IwRYIA+qOyoINOQ4DwIfyCvKoj0XucvxQBQUsCgpuVDV75z14du5AnmDeYPmTGMZVIoA5XtFhxB8ddcI= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 4aa8e7a0-0c70-47a0-342e-08d7f7b4cbd0 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 May 2020 03:13:38.0179 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: IFCqJQH3IUVEwW2nWo34pAXmiMm6+HKYqBEez3PGCvJHLQEbYLxCUrp430nuxnUtYShMH3e0VXA65Mz870i2pQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4579 Return-Path: guomin.jiang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Add commit inline. > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Gao, > Zhichao > Sent: Tuesday, May 12, 2020 2:27 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > ; Fu, Siyuan ; Kinney, Michae= l > D ; Yao, Jiewen ; > Philippe Mathieu-Daude > Subject: [edk2-devel] [PATCH V4 02/11] CryptoPkg/BaseCrpytLib: Retire MD= 4 > algorithm >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 >=20 > MD4 is not secure any longer. > Remove the MD4 support from edk2. > Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the > function is unsupported any longer. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Siyuan Fu > Cc: Michael D Kinney > Cc: Jiewen Yao . The Cc format is incorrect and please remove '.' character at the end of l= ine. > Cc: Philippe Mathieu-Daude > Signed-off-by: Zhichao Gao > --- > CryptoPkg/CryptoPkg.dsc | 1 - > CryptoPkg/Driver/Crypto.c | 135 ++--------- > CryptoPkg/Include/Library/BaseCryptLib.h | 145 ------------ > .../Library/BaseCryptLib/BaseCryptLib.inf | 3 +- > .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------------------ > .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----------- > .../Library/BaseCryptLib/PeiCryptLib.inf | 5 +- > .../Library/BaseCryptLib/PeiCryptLib.uni | 6 +- > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 5 +- > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 5 +- > .../Library/BaseCryptLib/SmmCryptLib.uni | 6 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - > .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----------- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 158 ------------- > CryptoPkg/Private/Protocol/Crypto.h | 123 ++-------- > 16 files changed, 52 insertions(+), 1056 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c >=20 > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index f79ff331cf..6ed7046563 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -140,7 +140,6 @@ >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Fa > mily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Fa > mily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY >=20 > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256. > Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index ed0083cccf..c7a54182c7 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -124,161 +124,68 @@ CryptoServiceGetCryptoVersion ( >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= = =3D=3D=3D=3D >=20 > /** > - Retrieves the size, in bytes, of the context buffer required for MD4 = hash > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for MD4 h= ash > operations. > - @retval 0 This interface is not supported. > + MD4 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > UINTN > EFIAPI > -CryptoServiceMd4GetContextSize ( > +DeprecatedCryptoServiceMd4GetContextSize ( > VOID > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, > Md4GetContextSize, (), 0); > + return BaseCryptLibServiceDeprecated ("Md4GetContextSize"), 0; > } >=20 > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash > context for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4Init ( > +DeprecatedCryptoServiceMd4Init ( > OUT VOID *Md4Context > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), > FALSE); > + return BaseCryptLibServiceDeprecated ("Md4Init"), FALSE; > } >=20 > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4Duplicate ( > +DeprecatedCryptoServiceMd4Duplicate ( > IN CONST VOID *Md4Context, > OUT VOID *NewMd4Context > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, > (Md4Context, NewMd4Context), FALSE); > + return BaseCryptLibServiceDeprecated ("Md4Duplicate"), FALSE; > } >=20 > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified s= ize. > - It can be called multiple times to compute the digest of long or > discontinuous data streams. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the dat= a to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4Update ( > +DeprecatedCryptoServiceMd4Update ( > IN OUT VOID *Md4Context, > IN CONST VOID *Data, > IN UINTN DataSize > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, > (Md4Context, Data, DataSize), FALSE); > + return BaseCryptLibServiceDeprecated ("Md4Update"), FALSE; > } >=20 > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest > value into > - the specified memory. After this function has been called, the MD4 co= ntext > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefin= ed. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD= 4 > digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4Final ( > +DeprecatedCryptoServiceMd4Final ( > IN OUT VOID *Md4Context, > OUT UINT8 *HashValue > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, > HashValue), FALSE); > + return BaseCryptLibServiceDeprecated ("Md4Final"), FALSE; > } >=20 > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer,= and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to= be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 di= gest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceMd4HashAll ( > +DeprecatedCryptoServiceMd4HashAll ( > IN CONST VOID *Data, > IN UINTN DataSize, > OUT UINT8 *HashValue > ) > { > - return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, > DataSize, HashValue), FALSE); > + return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE; > } >=20 > /** > @@ -4440,13 +4347,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D > { > CryptoServiceHmacSha256Duplicate, > CryptoServiceHmacSha256Update, > CryptoServiceHmacSha256Final, > - /// Md4 > - CryptoServiceMd4GetContextSize, > - CryptoServiceMd4Init, > - CryptoServiceMd4Duplicate, > - CryptoServiceMd4Update, > - CryptoServiceMd4Final, > - CryptoServiceMd4HashAll, > + /// Md4 - deprecated and unsupported > + DeprecatedCryptoServiceMd4GetContextSize, > + DeprecatedCryptoServiceMd4Init, > + DeprecatedCryptoServiceMd4Duplicate, > + DeprecatedCryptoServiceMd4Update, > + DeprecatedCryptoServiceMd4Final, > + DeprecatedCryptoServiceMd4HashAll, > /// Md5 > CryptoServiceMd5GetContextSize, > CryptoServiceMd5Init, > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 5e8f2e0a10..c862f0334f 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > #include >=20 > -/// > -/// MD4 digest size in bytes > -/// > -#define MD4_DIGEST_SIZE 16 > - > /// > /// MD5 digest size in bytes > /// > @@ -77,146 +72,6 @@ typedef enum { > // One-Way Cryptographic Hash Primitives >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= = =3D=3D=3D=3D >=20 > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 = hash > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for MD4 h= ash > operations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ); > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash > context for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ); > - > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ); > - > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified s= ize. > - It can be called multiple times to compute the digest of long or > discontinuous data streams. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the dat= a to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ); > - > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest > value into > - the specified memory. After this function has been called, the MD4 co= ntext > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefin= ed. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD= 4 > digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ); > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer,= and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to= be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 di= gest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ); > - > /** > Retrieves the size, in bytes, of the context buffer required for MD5 = hash > operations. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > index a63ad66b4f..22992e7d43 100644 > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -6,7 +6,7 @@ > # This external input must be validated carefully to avoid security is= sues > such as > # buffer overflow or integer overflow. > # > -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved. > # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All r= ights > reserved.
> # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -29,7 +29,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4.c > Hash/CryptMd5.c > Hash/CryptSha1.c > Hash/CryptSha256.c > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > deleted file mode 100644 > index bc02da07b0..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > +++ /dev/null > @@ -1,223 +0,0 @@ > -/** @file > - MD4 Digest Wrapper Implementation over OpenSSL. > - > -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > -#include > - > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 = hash > operations. > - > - @return The size, in bytes, of the context buffer required for MD4 h= ash > operations. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ) > -{ > - // > - // Retrieves the OpenSSL MD4 Context Size > - // > - return (UINTN) (sizeof (MD4_CTX)); > -} > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash > context for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ) > -{ > - // > - // Check input parameters. > - // > - if (Md4Context =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // OpenSSL MD4 Context Initialization > - // > - return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context)); > -} > - > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ) > -{ > - // > - // Check input parameters. > - // > - if (Md4Context =3D=3D NULL || NewMd4Context =3D=3D NULL) { > - return FALSE; > - } > - > - CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX)); > - > - return TRUE; > -} > - > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified s= ize. > - It can be called multiple times to compute the digest of long or > discontinuous data streams. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the dat= a to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - // > - // Check input parameters. > - // > - if (Md4Context =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // Check invalid parameters, in case that only DataLength was checked= in > OpenSSL > - // > - if (Data =3D=3D NULL && DataSize !=3D 0) { > - return FALSE; > - } > - > - // > - // OpenSSL MD4 Hash Update > - // > - return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, > DataSize)); > -} > - > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest > value into > - the specified memory. After this function has been called, the MD4 co= ntext > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefin= ed. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD= 4 > digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ) > -{ > - // > - // Check input parameters. > - // > - if (Md4Context =3D=3D NULL || HashValue =3D=3D NULL) { > - return FALSE; > - } > - > - // > - // OpenSSL MD4 Hash Finalization > - // > - return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context)); > -} > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer,= and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to= be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 di= gest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ) > -{ > - // > - // Check input parameters. > - // > - if (HashValue =3D=3D NULL) { > - return FALSE; > - } > - if (Data =3D=3D NULL && DataSize !=3D 0) { > - return FALSE; > - } > - > - // > - // OpenSSL MD4 Hash Computation. > - // > - if (MD4 (Data, DataSize, HashValue) =3D=3D NULL) { > - return FALSE; > - } else { > - return TRUE; > - } > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > deleted file mode 100644 > index 610c61c713..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > +++ /dev/null > @@ -1,143 +0,0 @@ > -/** @file > - MD4 Digest Wrapper Implementation which does not provide real > capabilities. > - > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 = hash > - operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash > context for > - subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing MD4 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates MD4 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the dat= a to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the MD4 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD= 4 > digest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] Data Pointer to the buffer containing the data to= be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 di= gest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > index c836c257f8..e9add0127d 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > @@ -6,14 +6,14 @@ > # This external input must be validated carefully to avoid security is= sues > such as > # buffer overflow or integer overflow. > # > -# Note: MD4 Digest functions, > +# Note: > # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 > functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman function= s, > X.509 > # certificate handler functions, authenticode signature verification > functions, > # PEM handler functions, and pseudorandom number generator functions > are not > # supported in this instance. > # > -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > ## > @@ -35,7 +35,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4Null.c > Hash/CryptMd5.c > Hash/CryptSha1.c > Hash/CryptSha256.c > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > index 9937555beb..374bfb3f65 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > @@ -6,13 +6,13 @@ > // This external input must be validated carefully to avoid security is= sues > such as > // buffer overflow or integer overflow. > // > -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 > functions, AES/ > +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > // Diffie-Hellman functions, X.509 certificate handler functions, authe= nticode > // signature verification functions, PEM handler functions, and > pseudorandom number > // generator functions are not supported in this instance. > // > -// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. > +// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. > // > // SPDX-License-Identifier: BSD-2-Clause-Patent > // > @@ -21,5 +21,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for PEIM" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external input - signature. This external input must be validated carefu= lly to > avoid security issues such as buffer overflow or integer overflow. Note:= MD4 > Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, Diffie-Hellman functions, X.509 certificate handler functions= , > authenticode signature verification functions, PEM handler functions, an= d > pseudorandom number generator functions are not supported in this > instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external input - signature. This external input must be validated carefu= lly to > avoid security issues such as buffer overflow or integer overflow. Note: > HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, > RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman > functions, X.509 certificate handler functions, authenticode signature > verification functions, PEM handler functions, and pseudorandom number > generator functions are not supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > index e5b8ececc1..0a2eb03232 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > @@ -6,12 +6,12 @@ > # This external input must be validated carefully to avoid security is= sues > such as > # buffer overflow or integer overflow. > # > -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest > functions, > +# Note: SHA-384 Digest functions, SHA-512 Digest functions, > # HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 > functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman function= s, > and > # authenticode signature verification functions are not supported in t= his > instance. > # > -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved. > # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All r= ights > reserved.
> # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -35,7 +35,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4Null.c > Hash/CryptMd5.c > Hash/CryptSha1.c > Hash/CryptSha256.c > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > index c0a16f1b84..b6d751176e 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > @@ -6,12 +6,12 @@ > // This external input must be validated carefully to avoid security is= sues > such as > // buffer overflow or integer overflow. > // > -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 > functions, AES/ > +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > // Diffie-Hellman functions, and authenticode signature verification > functions are > // not supported in this instance. > // > -// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. > +// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved. > // > // SPDX-License-Identifier: BSD-2-Clause-Patent > // > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for DXE_RUNTIME_DRIVER" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external input - signature. This external input must be validated carefu= lly to > avoid security issues such as buffer overflow or integer overflow. Note:= MD4 > Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, Diffie-Hellman functions, and authenticode signature verifica= tion > functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external input - signature. This external input must be validated carefu= lly to > avoid security issues such as buffer overflow or integer overflow. Note: > HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, > RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman > functions, and authenticode signature verification functions are not > supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > index cc0b65fd25..139983075e 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > @@ -6,12 +6,12 @@ > # This external input must be validated carefully to avoid security is= sues > such as > # buffer overflow or integer overflow. > # > -# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest > functions, > +# Note: SHA-384 Digest functions, SHA-512 Digest functions, > # HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA > external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman function= s, > and > # authenticode signature verification functions are not supported in t= his > instance. > # > -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > ## > @@ -34,7 +34,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4Null.c > Hash/CryptMd5.c > Hash/CryptSha1.c > Hash/CryptSha256.c > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > index 83485fbb90..b8d7953d2b 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > @@ -6,12 +6,12 @@ > // This external input must be validated carefully to avoid security is= sues > such as > // buffer overflow or integer overflow. > // > -// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 > functions, AES/ > +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > // TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > // Diffie-Hellman functions, and authenticode signature verification > functions are > // not supported in this instance. > // > -// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. > +// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. > // > // SPDX-License-Identifier: BSD-2-Clause-Patent > // > @@ -20,5 +20,5 @@ >=20 > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for SMM driver" >=20 > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external input - signature. This external input must be validated carefu= lly to > avoid security issues such as buffer overflow or integer overflow. Note:= MD4 > Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, Diffie-Hellman functions, and authenticode signature verifica= tion > functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external input - signature. This external input must be validated carefu= lly to > avoid security issues such as buffer overflow or integer overflow. Note: > HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, > RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman > functions, and authenticode signature verification functions are not > supported in this instance." >=20 > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > index 9b4991cbb0..b03681b146 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > @@ -29,7 +29,6 @@ >=20 > [Sources] > InternalCryptLib.h > - Hash/CryptMd4Null.c > Hash/CryptMd5Null.c > Hash/CryptSha1Null.c > Hash/CryptSha256Null.c > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c > deleted file mode 100644 > index 610c61c713..0000000000 > --- a/CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c > +++ /dev/null > @@ -1,143 +0,0 @@ > -/** @file > - MD4 Digest Wrapper Implementation which does not provide real > capabilities. > - > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 = hash > - operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash > context for > - subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Makes a copy of an existing MD4 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Digests the input data and updates MD4 context. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the dat= a to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Completes computation of the MD4 digest value. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD= 4 > digest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] Data Pointer to the buffer containing the data to= be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 di= gest > - value (16 bytes). > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index c2a1df9afc..5e470028f4 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -99,164 +99,6 @@ CryptoServiceNotAvailable ( > // One-Way Cryptographic Hash Primitives >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= = =3D=3D=3D=3D >=20 > -/** > - Retrieves the size, in bytes, of the context buffer required for MD4 = hash > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for MD4 h= ash > operations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Md4GetContextSize ( > - VOID > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4GetContextSize, (), 0); > -} > - > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash > context for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Init ( > - OUT VOID *Md4Context > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4Init, (Md4Context), FALSE); > -} > - > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Duplicate ( > - IN CONST VOID *Md4Context, > - OUT VOID *NewMd4Context > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4Duplicate, (Md4Context, NewMd4Context), > FALSE); > -} > - > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified s= ize. > - It can be called multiple times to compute the digest of long or > discontinuous data streams. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the dat= a to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Update ( > - IN OUT VOID *Md4Context, > - IN CONST VOID *Data, > - IN UINTN DataSize > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4Update, (Md4Context, Data, DataSize), > FALSE); > -} > - > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest > value into > - the specified memory. After this function has been called, the MD4 co= ntext > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefin= ed. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD= 4 > digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4Final ( > - IN OUT VOID *Md4Context, > - OUT UINT8 *HashValue > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4Final, (Md4Context, HashValue), FALSE); > -} > - > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer,= and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to= be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 di= gest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Md4HashAll ( > - IN CONST VOID *Data, > - IN UINTN DataSize, > - OUT UINT8 *HashValue > - ) > -{ > - CALL_CRYPTO_SERVICE (Md4HashAll, (Data, DataSize, HashValue), FALSE); > -} > - > /** > Retrieves the size, in bytes, of the context buffer required for MD5 = hash > operations. >=20 > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index 40c387e002..ae0f29695c 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -451,145 +451,52 @@ BOOLEAN >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= = =3D=3D=3D=3D >=20 > /** > - Retrieves the size, in bytes, of the context buffer required for MD4 = hash > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for MD4 h= ash > operations. > - @retval 0 This interface is not supported. > + MD4 is deprecated and unsupported any longer. > + Keep the function field for binary compability. >=20 > **/ > typedef > UINTN > -(EFIAPI *EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) ( > VOID > ); >=20 >=20 > -/** > - Initializes user-supplied memory pointed by Md4Context as MD4 hash > context for > - subsequent use. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Md4Context Pointer to MD4 context being initialized. > - > - @retval TRUE MD4 context initialization succeeded. > - @retval FALSE MD4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_INIT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_INIT) ( > OUT VOID *Md4Context > ); >=20 >=20 > -/** > - Makes a copy of an existing MD4 context. > - > - If Md4Context is NULL, then return FALSE. > - If NewMd4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] Md4Context Pointer to MD4 context being copied. > - @param[out] NewMd4Context Pointer to new MD4 context. > - > - @retval TRUE MD4 context copy succeeded. > - @retval FALSE MD4 context copy failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_DUPLICATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE) ( > IN CONST VOID *Md4Context, > OUT VOID *NewMd4Context > ); >=20 >=20 > -/** > - Digests the input data and updates MD4 context. > - > - This function performs MD4 digest on a data buffer of the specified s= ize. > - It can be called multiple times to compute the digest of long or > discontinuous data streams. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be finalized > - by Md4Final(). Behavior with invalid context is undefined. > - > - If Md4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[in] Data Pointer to the buffer containing the dat= a to be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - > - @retval TRUE MD4 data digest succeeded. > - @retval FALSE MD4 data digest failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_UPDATE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_UPDATE) ( > IN OUT VOID *Md4Context, > IN CONST VOID *Data, > IN UINTN DataSize > ); >=20 >=20 > -/** > - Completes computation of the MD4 digest value. > - > - This function completes MD4 hash computation and retrieves the digest > value into > - the specified memory. After this function has been called, the MD4 co= ntext > cannot > - be used again. > - MD4 context should be already correctly initialized by Md4Init(), and= should > not be > - finalized by Md4Final(). Behavior with invalid MD4 context is undefin= ed. > - > - If Md4Context is NULL, then return FALSE. > - If HashValue is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Md4Context Pointer to the MD4 context. > - @param[out] HashValue Pointer to a buffer that receives the MD= 4 > digest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_FINAL) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_FINAL) ( > IN OUT VOID *Md4Context, > OUT UINT8 *HashValue > ); >=20 >=20 > -/** > - Computes the MD4 message digest of a input data buffer. > - > - This function performs the MD4 message digest of a given data buffer,= and > places > - the digest value into the specified memory. > - > - If this interface is not supported, then return FALSE. > - > - @param[in] Data Pointer to the buffer containing the data to= be > hashed. > - @param[in] DataSize Size of Data buffer in bytes. > - @param[out] HashValue Pointer to a buffer that receives the MD4 di= gest > - value (16 bytes). > - > - @retval TRUE MD4 digest computation succeeded. > - @retval FALSE MD4 digest computation failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_MD4_HASH_ALL) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL) ( > IN CONST VOID *Data, > IN UINTN DataSize, > OUT UINT8 *HashValue > @@ -4007,13 +3914,13 @@ struct _EDKII_CRYPTO_PROTOCOL { > EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate; > EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update; > EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final; > - /// Md4 > - EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE Md4GetContextSize; > - EDKII_CRYPTO_MD4_INIT Md4Init; > - EDKII_CRYPTO_MD4_DUPLICATE Md4Duplicate; > - EDKII_CRYPTO_MD4_UPDATE Md4Update; > - EDKII_CRYPTO_MD4_FINAL Md4Final; > - EDKII_CRYPTO_MD4_HASH_ALL Md4HashAll; > + /// Md4 - deprecated and unsupported > + DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE > DeprecatedMd4GetContextSize; > + DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init; > + DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE > DeprecatedMd4Duplicate; > + DEPRECATED_EDKII_CRYPTO_MD4_UPDATE > DeprecatedMd4Update; > + DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final; > + DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL > DeprecatedMd4HashAll; > /// Md5 > EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize; > EDKII_CRYPTO_MD5_INIT Md5Init; > -- > 2.21.0.windows.1 >=20 >=20 >=20