From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Subject: Re: [edk2-devel] [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement
Date: Fri, 27 Mar 2020 02:44:09 +0000 [thread overview]
Message-ID: <c87a06d14eac4a0094b0e7d4bf10314f@intel.com> (raw)
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F5B9EEFF0E@ORSMSX113.amr.corp.intel.com>
Hi Mike,
It is better to not compile the deprecated function, i.e. disable the function at build time. Is there another way to disable the function at build time except the #if statement?
Thanks,
Zhichao
> -----Original Message-----
> From: Kinney, Michael D
> Sent: Friday, March 27, 2020 10:04 AM
> To: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@intel.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Subject: RE: [edk2-devel] [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to
> control the SHA1 enablement
>
> We should not use #if statements in C code.
>
> Also, we should not be changing the layout of the structure based on a PCD
> feature flag.
>
> I agree we need to ability to disable the use of some Crypto services, but we
> need to decide what behavior we want at build time and boot time if there is
> code that uses a disabled service.
>
> Mike
>
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> > Zhichao
> > Sent: Thursday, March 26, 2020 6:56 PM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu@intel.com>
> > Subject: [edk2-devel] [PATCH 8/8] CryptoPkg/BaseCryptLib:
> > Use Pcd to control the SHA1 enablement
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
> >
> > Md5 and SHA1 is not secure any longer but uefi spec need to keep them
> > for backwards compatibility.
> > Use pcd PcdSHA1Enable to control the SHA1 function enablement.
> > When disable the SHA1 functions would not be complied.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > ---
> > CryptoPkg/Driver/Crypto.c |
> > 8 ++++++++
> > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf |
> > 1 +
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c |
> > 3 +++
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c |
> > 3 +++
> > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |
> > 1 +
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c |
> > 3 +++
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c |
> > 2 ++
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c |
> > 2 ++
> > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |
> > 1 +
> > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |
> > 1 +
> > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c |
> > 4 +++-
> > .../Library/BaseCryptLibOnProtocolPpi/CryptLib.c |
> > 4 ++++
> > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c |
> > 12 ++++++++++++
> > CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf |
> > 1 +
> > CryptoPkg/Private/Protocol/Crypto.h |
> > 9 ++++++++-
> > 15 files changed, 53 insertions(+), 2 deletions(-)
> >
> > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
> > index b53da85bad..f7902205b3 100644
> > --- a/CryptoPkg/Driver/Crypto.c
> > +++ b/CryptoPkg/Driver/Crypto.c
> > @@ -266,6 +266,7 @@ CryptoServiceMd5HashAll ( } #endif
> >
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /**
> > Retrieves the size, in bytes, of the context buffer required for
> > SHA-1 hash operations.
> >
> > @@ -423,6 +424,7 @@ CryptoServiceSha1HashAll ( {
> > return CALL_BASECRYPTLIB (Sha1.Services.HashAll, Sha1HashAll,
> > (Data, DataSize, HashValue), FALSE); }
> > +#endif
> >
> > /**
> > Retrieves the size, in bytes, of the context buffer
> > required for SHA-256 hash operations.
> > @@ -1177,6 +1179,7 @@ CryptoServiceHmacMd5Final (
> > }
> > #endif
> >
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /**
> > Allocates and initializes one HMAC_CTX context for
> > subsequent HMAC-SHA1 use.
> >
> > @@ -1327,6 +1330,7 @@ CryptoServiceHmacSha1Final (
> > {
> > return CALL_BASECRYPTLIB (HmacSha1.Services.Final,
> > HmacSha1Final, (HmacSha1Context, HmacValue), FALSE);
> > }
> > +#endif
> >
> > /**
> > Allocates and initializes one HMAC_CTX context for
> > subsequent HMAC-SHA256 use.
> > @@ -3820,6 +3824,7 @@ const EDKII_CRYPTO_PROTOCOL
> > mEdkiiCrypto = {
> > CryptoServiceHmacMd5Update,
> > CryptoServiceHmacMd5Final,
> > #endif
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /// HMAC SHA1
> > CryptoServiceHmacSha1New,
> > CryptoServiceHmacSha1Free,
> > @@ -3827,6 +3832,7 @@ const EDKII_CRYPTO_PROTOCOL
> > mEdkiiCrypto = {
> > CryptoServiceHmacSha1Duplicate,
> > CryptoServiceHmacSha1Update,
> > CryptoServiceHmacSha1Final,
> > +#endif
> > /// HMAC SHA256
> > CryptoServiceHmacSha256New,
> > CryptoServiceHmacSha256Free,
> > @@ -3877,6 +3883,7 @@ const EDKII_CRYPTO_PROTOCOL
> > mEdkiiCrypto = {
> > CryptoServiceRsaPkcs1Verify,
> > CryptoServiceRsaGetPrivateKeyFromPem,
> > CryptoServiceRsaGetPublicKeyFromX509,
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /// Sha1
> > CryptoServiceSha1GetContextSize,
> > CryptoServiceSha1Init,
> > @@ -3884,6 +3891,7 @@ const EDKII_CRYPTO_PROTOCOL
> > mEdkiiCrypto = {
> > CryptoServiceSha1Update,
> > CryptoServiceSha1Final,
> > CryptoServiceSha1HashAll,
> > +#endif
> > /// Sha256
> > CryptoServiceSha256GetContextSize,
> > CryptoServiceSha256Init,
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > index 5c65ef5892..9ffd98096c 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > @@ -85,6 +85,7 @@
> >
> > [Pcd]
> > gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable
> > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable
> >
> > #
> > # Remove these [BuildOptions] after this library is
> > cleaned up
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > index 7593ca55b1..baba6b267c 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-
> > Patent
> >
> > **/
> >
> > +#include <Library/PcdLib.h>
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > #include "InternalCryptLib.h"
> > #include <openssl/hmac.h>
> >
> > @@ -214,3 +216,4 @@ HmacSha1Final (
> >
> > return TRUE;
> > }
> > +#endif
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> > index e8c0f341b7..1314fa1a77 100644
> > ---
> > a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> > +++
> > b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c
> > @@ -6,6 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-
> > Patent
> >
> > **/
> >
> > +#include <Library/PcdLib.h>
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > #include "InternalCryptLib.h"
> >
> > /**
> > @@ -137,3 +139,4 @@ HmacSha1Final (
> > ASSERT (FALSE);
> > return FALSE;
> > }
> > +#endif
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > index cebc74ccf2..b40e76f243 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > @@ -78,6 +78,7 @@
> >
> > [Pcd]
> > gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable
> > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable
> >
> > #
> > # Remove these [BuildOptions] after this library is
> > cleaned up
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c
> > index a89c1525c1..15e6bc2cb4 100644
> > ---
> > a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c
> > +++
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c
> > @@ -7,6 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-
> > Patent
> > **/
> >
> > #include "InternalCryptLib.h"
> > +#include <Library/PcdLib.h>
> > #include <openssl/evp.h>
> > #include <openssl/hmac.h>
> >
> > @@ -68,9 +69,11 @@ Pkcs5HashPassword (
> > // Make sure the digest algorithm is supported.
> > //
> > switch (DigestSize) {
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > case SHA1_DIGEST_SIZE:
> > HashAlg = EVP_sha1();
> > break;
> > +#endif
> > case SHA256_DIGEST_SIZE:
> > HashAlg = EVP_sha256();
> > break;
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> > index 31b78464d2..549ee1b933 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> > @@ -298,9 +298,11 @@ RsaPkcs1Verify (
> > break;
> > #endif
> >
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > case SHA1_DIGEST_SIZE:
> > DigestType = NID_sha1;
> > break;
> > +#endif
> >
> > case SHA256_DIGEST_SIZE:
> > DigestType = NID_sha256;
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> > index 1a50be1d78..60605e3486 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> > @@ -336,9 +336,11 @@ RsaPkcs1Sign (
> > break;
> > #endif
> >
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > case SHA1_DIGEST_SIZE:
> > DigestType = NID_sha1;
> > break;
> > +#endif
> >
> > case SHA256_DIGEST_SIZE:
> > DigestType = NID_sha256;
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > index 72d4cd03ab..b6c0be70f2 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > @@ -90,6 +90,7 @@
> >
> > [Pcd]
> > gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable
> > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable
> >
> > #
> > # Remove these [BuildOptions] after this library is
> > cleaned up
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > index 21f104c916..7f678eee93 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > @@ -89,6 +89,7 @@
> >
> > [Pcd]
> > gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable
> > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable
> >
> > #
> > # Remove these [BuildOptions] after this library is
> > cleaned up
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu
> > ll.c
> > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu
> > ll.c
> > index e8c0f341b7..3aac798188 100644
> > ---
> > a/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu
> > ll.c
> > +++
> > b/CryptoPkg/Library/BaseCryptLibNull/Hmac/CryptHmacSha1Nu
> > ll.c
> > @@ -5,7 +5,8 @@ Copyright (c) 2012 - 2020, Intel
> > Corporation. All rights reserved.<BR>
> > SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > **/
> > -
> > +#include <Library/PcdLib.h>
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > #include "InternalCryptLib.h"
> >
> > /**
> > @@ -137,3 +138,4 @@ HmacSha1Final (
> > ASSERT (FALSE);
> > return FALSE;
> > }
> > +#endif
> > diff --git
> > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > index cba1e4c8bf..8429fefc0b 100644
> > ---
> > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > +++
> > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> > @@ -260,6 +260,7 @@ Md5HashAll (
> > }
> > #endif
> >
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /**
> > Retrieves the size, in bytes, of the context buffer
> > required for SHA-1 hash operations.
> >
> > @@ -417,6 +418,7 @@ Sha1HashAll (
> > {
> > CALL_CRYPTO_SERVICE (Sha1HashAll, (Data, DataSize,
> > HashValue), FALSE);
> > }
> > +#endif
> >
> > /**
> > Retrieves the size, in bytes, of the context buffer
> > required for SHA-256 hash operations.
> > @@ -1171,6 +1173,7 @@ HmacMd5Final (
> > }
> > #endif
> >
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /**
> > Allocates and initializes one HMAC_CTX context for
> > subsequent HMAC-SHA1 use.
> >
> > @@ -1321,6 +1324,7 @@ HmacSha1Final (
> > {
> > CALL_CRYPTO_SERVICE (HmacSha1Final, (HmacSha1Context,
> > HmacValue), FALSE);
> > }
> > +#endif
> >
> > /**
> > Allocates and initializes one HMAC_CTX context for
> > subsequent HMAC-SHA256 use.
> > diff --git
> > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > index f9796b2158..754d75aeb2 100644
> > --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c
> > @@ -33,9 +33,11 @@ HashApiGetContextSize (
> > )
> > {
> > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > case HASH_ALG_SHA1:
> > return Sha1GetContextSize ();
> > break;
> > +#endif
> >
> > case HASH_ALG_SHA256:
> > return Sha256GetContextSize ();
> > @@ -75,9 +77,11 @@ HashApiInit (
> > )
> > {
> > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > case HASH_ALG_SHA1:
> > return Sha1Init (HashContext);
> > break;
> > +#endif
> >
> > case HASH_ALG_SHA256:
> > return Sha256Init (HashContext);
> > @@ -119,9 +123,11 @@ HashApiDuplicate (
> > )
> > {
> > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > case HASH_ALG_SHA1:
> > return Sha1Duplicate (HashContext,
> > NewHashContext);
> > break;
> > +#endif
> >
> > case HASH_ALG_SHA256:
> > return Sha256Duplicate (HashContext,
> > NewHashContext);
> > @@ -165,9 +171,11 @@ HashApiUpdate (
> > )
> > {
> > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > case HASH_ALG_SHA1:
> > return Sha1Update (HashContext, DataToHash,
> > DataToHashLen);
> > break;
> > +#endif
> >
> > case HASH_ALG_SHA256:
> > return Sha256Update (HashContext, DataToHash,
> > DataToHashLen);
> > @@ -209,9 +217,11 @@ HashApiFinal (
> > )
> > {
> > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > case HASH_ALG_SHA1:
> > return Sha1Final (HashContext, Digest);
> > break;
> > +#endif
> >
> > case HASH_ALG_SHA256:
> > return Sha256Final (HashContext, Digest);
> > @@ -255,9 +265,11 @@ HashApiHashAll (
> > )
> > {
> > switch (PcdGet32 (PcdHashApiLibPolicy)) {
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > case HASH_ALG_SHA1:
> > return Sha1HashAll (DataToHash, DataToHashLen,
> > Digest);
> > break;
> > +#endif
> >
> > case HASH_ALG_SHA256:
> > return Sha256HashAll (DataToHash, DataToHashLen,
> > Digest);
> > diff --git
> > a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > index b4d8675ddd..29f7d7abfd 100644
> > --- a/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > +++ b/CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
> > @@ -42,3 +42,4 @@
> >
> > [Pcd]
> > gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy ##
> > CONSUMES
> > + gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable ##
> > CONSUMES
> > diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> > b/CryptoPkg/Private/Protocol/Crypto.h
> > index 527318dc23..3f8c5751a7 100644
> > --- a/CryptoPkg/Private/Protocol/Crypto.h
> > +++ b/CryptoPkg/Private/Protocol/Crypto.h
> > @@ -179,6 +179,7 @@ BOOLEAN
> > );
> > #endif
> >
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /**
> > Allocates and initializes one HMAC_CTX context for
> > subsequent HMAC-SHA1 use.
> >
> > @@ -315,7 +316,7 @@ BOOLEAN
> > IN OUT VOID *HmacSha1Context,
> > OUT UINT8 *HmacValue
> > );
> > -
> > +#endif
> >
> > /**
> > Allocates and initializes one HMAC_CTX context for
> > subsequent HMAC-SHA256 use.
> > @@ -1537,6 +1538,7 @@ BOOLEAN
> > // SHA
> > //----------------------------------------
> >
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /**
> > Retrieves the size, in bytes, of the context buffer
> > required for SHA-1 hash operations.
> >
> > @@ -1676,6 +1678,7 @@ BOOLEAN
> > IN UINTN DataSize,
> > OUT UINT8 *HashValue
> > );
> > +#endif
> >
> > /**
> > Retrieves the size, in bytes, of the context buffer
> > required for SHA-256 hash operations.
> > @@ -3453,6 +3456,7 @@ struct _EDKII_CRYPTO_PROTOCOL {
> > EDKII_CRYPTO_HMAC_MD5_UPDATE
> > HmacMd5Update;
> > EDKII_CRYPTO_HMAC_MD5_FINAL
> > HmacMd5Final;
> > #endif
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /// HMAC SHA1
> > EDKII_CRYPTO_HMAC_SHA1_NEW
> > HmacSha1New;
> > EDKII_CRYPTO_HMAC_SHA1_FREE
> > HmacSha1Free;
> > @@ -3460,6 +3464,7 @@ struct _EDKII_CRYPTO_PROTOCOL {
> > EDKII_CRYPTO_HMAC_SHA1_DUPLICATE
> > HmacSha1Duplicate;
> > EDKII_CRYPTO_HMAC_SHA1_UPDATE
> > HmacSha1Update;
> > EDKII_CRYPTO_HMAC_SHA1_FINAL
> > HmacSha1Final;
> > +#endif
> > /// HMAC SHA256
> > EDKII_CRYPTO_HMAC_SHA256_NEW
> > HmacSha256New;
> > EDKII_CRYPTO_HMAC_SHA256_FREE
> > HmacSha256Free;
> > @@ -3510,6 +3515,7 @@ struct _EDKII_CRYPTO_PROTOCOL {
> > EDKII_CRYPTO_RSA_PKCS1_VERIFY
> > RsaPkcs1Verify;
> > EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM
> > RsaGetPrivateKeyFromPem;
> > EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509
> > RsaGetPublicKeyFromX509;
> > +#if (FixedPcdGetBool (PcdSHA1Enable))
> > /// Sha1
> > EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE
> > Sha1GetContextSize;
> > EDKII_CRYPTO_SHA1_INIT
> > Sha1Init;
> > @@ -3517,6 +3523,7 @@ struct _EDKII_CRYPTO_PROTOCOL {
> > EDKII_CRYPTO_SHA1_UPDATE
> > Sha1Update;
> > EDKII_CRYPTO_SHA1_FINAL
> > Sha1Final;
> > EDKII_CRYPTO_SHA1_HASH_ALL
> > Sha1HashAll;
> > +#endif
> > /// Sha256
> > EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE
> > Sha256GetContextSize;
> > EDKII_CRYPTO_SHA256_INIT
> > Sha256Init;
> > --
> > 2.21.0.windows.1
> >
> >
> >
next prev parent reply other threads:[~2020-03-27 2:44 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-27 1:56 [PATCH 0/8] CryptoPkg: Retire the deprecate function Gao, Zhichao
2020-03-27 1:56 ` [PATCH 1/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 2/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 3/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 4/8] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 5/8] CryptoPkg/dec: Add pcds to avoid building the deprecated function Gao, Zhichao
2020-03-27 1:56 ` [PATCH 6/8] NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI Gao, Zhichao
2020-03-27 2:07 ` Siyuan, Fu
2020-03-30 12:01 ` [edk2-devel] " Maciej Rabeda
2020-03-27 1:56 ` [PATCH 7/8] Crypto/BaseCryptLib: Using pcd to control MD5 enablement Gao, Zhichao
2020-03-27 1:56 ` [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement Gao, Zhichao
2020-03-27 2:04 ` [edk2-devel] " Michael D Kinney
2020-03-27 2:44 ` Gao, Zhichao [this message]
2020-03-27 2:51 ` Wang, Jian J
2020-03-27 17:35 ` Laszlo Ersek
2020-03-27 2:01 ` [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function Yao, Jiewen
2020-03-27 2:43 ` Gao, Zhichao
2020-03-27 2:50 ` Yao, Jiewen
2020-03-27 2:54 ` Gao, Zhichao
[not found] ` <160006BBBC4857E5.7267@groups.io>
2020-03-27 2:20 ` Yao, Jiewen
2020-03-27 2:53 ` Gao, Zhichao
2020-03-27 2:47 ` Siyuan, Fu
2020-03-27 2:57 ` [edk2-devel] " Yao, Jiewen
2020-03-27 3:06 ` Siyuan, Fu
2020-03-27 4:59 ` Yao, Jiewen
2020-03-27 5:43 ` Siyuan, Fu
2020-03-27 5:50 ` Yao, Jiewen
2020-03-27 6:03 ` Siyuan, Fu
2020-03-27 6:15 ` Yao, Jiewen
2020-03-27 9:19 ` Ni, Ray
2020-03-27 16:38 ` Michael D Kinney
2020-03-27 23:43 ` Yao, Jiewen
2020-03-30 2:17 ` Siyuan, Fu
2020-03-30 2:47 ` Yao, Jiewen
2020-03-30 3:04 ` Siyuan, Fu
2020-03-30 17:30 ` Michael D Kinney
2020-03-31 0:34 ` Yao, Jiewen
2020-04-14 4:36 ` Gao, Zhichao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c87a06d14eac4a0094b0e7d4bf10314f@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox