From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web12.33052.1599445057291652683 for ; Sun, 06 Sep 2020 19:17:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=hBjmKgxS; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jian.j.wang@intel.com) IronPort-SDR: HjnlpmqendjxdFzzZTweQ6iVg+VQRnRBX2nNfFjEsBLtbjMmicKXJO8lgvNPEJAqU7R3h/z3LR L2oEyPZ4sRmw== X-IronPort-AV: E=McAfee;i="6000,8403,9736"; a="242759548" X-IronPort-AV: E=Sophos;i="5.76,400,1592895600"; d="scan'208";a="242759548" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Sep 2020 19:17:35 -0700 IronPort-SDR: 2JmwaTnLbNgyTSksaK5rvfgg2PVP5kIeKh77laZrYBTAzjUyrzOI0dls0rV242XpRZEDvGv/1u 105b0MBxYDOw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,400,1592895600"; d="scan'208";a="335926739" Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by fmsmga002.fm.intel.com with ESMTP; 06 Sep 2020 19:17:36 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Sun, 6 Sep 2020 19:17:35 -0700 Received: from fmsmsx152.amr.corp.intel.com (10.18.125.5) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Sun, 6 Sep 2020 19:17:35 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by FMSMSX152.amr.corp.intel.com (10.18.125.5) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sun, 6 Sep 2020 19:17:35 -0700 Received: from NAM02-BL2-obe.outbound.protection.outlook.com (104.47.38.58) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Sun, 6 Sep 2020 19:17:34 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EVGNKi94t9+RVBrkIKkrmQwa2sw6QHd6n6W8aApK4EcNBUUZ3Ekvtdyng1JhFXCNj0Gxs1m4NAQSoyf7NUfcr2C5Wx5iV3YJGRXKVvFnksb6OoIudoDhpwkEaux0VWRBHaxGiKCPhMcaO/JJnwf9Yym5Yf01uTuoLC9ktMrF6oySpGdQjfFo9nVLEatp7K7RrVfhuta4/hMHyXjqKg/xcf3/jMUrO13k8JTc7Nk9QcbrffLvy/UKjQ52QdfWj214mV5BRCRxNLhJ3X9ypvWtZFMvjZNiNSErHPPZIJ/scvq7WCx119GnH0dyV8dsbiFR00/CELrre9w67JuF2QrEog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ftbBsvw3jgbRewD8lQOUHY09v7+LuMNByv7eAZw+Ahc=; b=YmSGDKt3IWlBGsEt5GNH6IJ2zjCw6dR8s4yX9iKs6aTDlIz809khFR+IMKmBWfoHHKWX7r+zzUSmA3mICpw32CP3aLwfnwYVfLnOQ+AkjOkA4wfl44IRiV17ZFyCZeibJRGv+WL7NiYlOqzLQsCIYLr0jRvnNGiL/ENrz1muA1Mwwk+DYU6hSOrO8wJuPGTauIL9mTkvUoxUL/Mai/kzDw7YAkbl5qMXy/72SJQsQFWhO0ZovvnQmYfv7kzjz19J56xvh9brDSHhUQ4K+QezmkNoz8PdgP3OXjq+o2LiuIrIdAdtdidZgpBMVZZywRmmc00Qa8jI49iJNea2kBexWA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ftbBsvw3jgbRewD8lQOUHY09v7+LuMNByv7eAZw+Ahc=; b=hBjmKgxSwKfp60HKuU1/fHgRJV3aptEEjE5MLm8IELRyAlfp6PVGlX44eRmv9FyJd4k37RusIizQiifvyC6bg+zWxmN9B4orhyqWF8p/gnz/4L1Obq45/HmLxCaMN/jFGwqWbgGdrMOYCMfPqLNmILkjd9HpdEpGifNB+3yydvI= Received: from SN6PR11MB3312.namprd11.prod.outlook.com (2603:10b6:805:c8::14) by SN6PR11MB3087.namprd11.prod.outlook.com (2603:10b6:805:d3::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.15; Mon, 7 Sep 2020 02:17:33 +0000 Received: from SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::a9f8:c752:152f:8eb2]) by SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::a9f8:c752:152f:8eb2%5]) with mapi id 15.20.3348.019; Mon, 7 Sep 2020 02:17:33 +0000 From: "Wang, Jian J" To: "Gao, Zhichao" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Xu, Min M" , "Zhang, Qi1" Subject: Re: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO Thread-Topic: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO Thread-Index: AQHWf1V5LC2UDqqdfEmFeYjxgB5ca6lce10g Date: Mon, 7 Sep 2020 02:17:33 +0000 Message-ID: References: <20200831051317.11532-1-zhichao.gao@intel.com> In-Reply-To: <20200831051317.11532-1-zhichao.gao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZDQ3YjNkY2MtOTdjNS00OGJhLTg1NGItMmRhZWNkMDc2MWVkIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoicjE2emo3Y3VtYlwvR0l1bm1mK1Y4RlhGK1VYVWIwUVdNVEEzN2tWOSsrY016dnFKMGdncFZsM05GOWdzYkhpWGMifQ== dlp-reaction: no-action dlp-version: 11.5.1.3 dlp-product: dlpe-windows x-ctpclassification: CTP_NT authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.203] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 99d92fcd-92ef-435d-c819-08d852d42e2b x-ms-traffictypediagnostic: SN6PR11MB3087: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: jw3WxMtrn4EJNA3QlH0llsHJ5QT/9KBdbH4MqybLfmNmvAPvOSpN6JmyW1eJ8gI+H6zgieA6UfJf6dVvQLPkES1ul8uXiIfJ/Ktqq82tQbdLYWSA3qJ7skgZZlDcObrjv5o1IF1rpS1L6ineEzbFYRdqpFWwpp6739hCQKMpRGchBX+3HaHooYKr6H5UKmwExXSJH8nrqkv7995pmMU1yHIGflcgZuw+c9BOFCJRrJ9If3iSZ9C2jax1AYDj7t6jkyV6NrcQ07X/S2EMWsiVG+mE814yJFT29v+lnEtZLNEZwaR/0Jv9/0W+OTfWsoC1ADtlSRZh3HoN9yHkxhkb/6bAO6wqb2w219qRjf8n0r3q4OLHijyd7phvpJciBHddsfXtPpwEkf2UE+yp2+Pbsw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB3312.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(39860400002)(376002)(346002)(366004)(136003)(76116006)(83380400001)(52536014)(5660300002)(55016002)(2906002)(66556008)(66476007)(186003)(66446008)(64756008)(7696005)(316002)(110136005)(26005)(54906003)(9686003)(107886003)(86362001)(15650500001)(71200400001)(478600001)(4326008)(53546011)(6506007)(33656002)(8676002)(66946007)(8936002)(966005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: 2c95e3fsODE5aLOMFoIS+iH29Uf3q52KIRpMCgJBpm59k1eRKrl4lAwz0U3ByWgPgieVrmHeCnswJsUwOTYJ3jPZynXPs6W/bWx5faj1ikFvd/mXKUOo8JQ4PxE/DWUke0rLdZvkxW2X42xW91lQxSWJxLyACKM5ptKqpojdE0ICii/0rtGiizJIA/yKpjxrUTczOsle8tGh/PkOTBRl8zFe/UIvVRStf55JkZQY4eRVEbtOHe+vmkSdxHAP7fci1IltSqYD6K10uNR22uW1AqaiZxX4sKRG03pvwDjrDPnYR6dFsFXTEsuce1NN/KposHFAy8hHhCyEzpm7AgmV+QmqP8REwwpt27+eVaIykR6VMzLbftV8shD79i0rDwGvrqG7f6LgEnckKKlgXkCUPx5swLDbl5NbwfczqjINEB3ubXSQHKkxCvzS/GNs8hfpj+Z/nzWWd113my3CvDoWEVTYhRFM7nTv6aE0F7qf27j9G8o5kiv1MQxfMZmK5PaFeuxggLrstJk199EEKKH/rVfq8xX2QgecMXlrxOKkHcXw5rpnF8bRoDOOu8+upHamcyyL8+eqp1+GKSkptt+Wie4NNuZITMWllj4kEMhLeZ9wv52S6bhs8AOmP6n65IkuZrylt7TuUoQvu1mtqks6+g== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3312.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 99d92fcd-92ef-435d-c819-08d852d42e2b X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Sep 2020 02:17:33.1902 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: /enpSLGorkicoM0p0fv/ZngqfjlSm5kRhggphoIWsetTPF7Mfuw18P0BzNr6yNsBBHor+J+GmQETKsRWmJOMjg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3087 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Gao, Zhichao > Sent: Monday, August 31, 2020 1:13 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Xu, Min M ; Zhang, Qi1 > Subject: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base o= n > MACRO >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2943 >=20 > Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES. > SHA1 is deprecated function and the MACRO is used to remove the whole > implementation of the SHA1. For the platforms that do not need SHA1 > for security, the MACRO should works for DxeImageVerificationLib as > well. >=20 > Signed-off-by: Zhichao Gao > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Qi Zhang > --- > .../DxeImageVerificationLib/DxeImageVerificationLib.c | 6 ++++++ > 1 file changed, 6 insertions(+) >=20 > diff --git > a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > index b08fe24e85..7871220140 100644 > --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib= .c > +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib= .c > @@ -59,7 +59,11 @@ UINT8 mHashOidValue[] =3D { > }; >=20 > HASH_TABLE mHash[] =3D { > +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES > { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init= , > Sha1Update, Sha1Final }, > +#else > + { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, = NULL, > NULL }, > +#endif > { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, = NULL, > NULL }, > { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256In= it, > Sha256Update, Sha256Final}, > { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384In= it, > Sha384Update, Sha384Final}, > @@ -315,10 +319,12 @@ HashPeImage ( > ZeroMem (mImageDigest, MAX_DIGEST_SIZE); >=20 > switch (HashAlg) { > +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES > case HASHALG_SHA1: > mImageDigestSize =3D SHA1_DIGEST_SIZE; > mCertType =3D gEfiCertSha1Guid; > break; > +#endif >=20 > case HASHALG_SHA256: > mImageDigestSize =3D SHA256_DIGEST_SIZE; > -- > 2.21.0.windows.1