From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 2C992D81113 for ; Thu, 16 May 2024 07:35:08 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=OIAGUOFh8TDCHkxGtBbX/Lbcry00uyhP78hblpVDZj4=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715844906; v=1; b=X8Ivox+CRniVh2ZdvYFF2bcgPlvcWDIhZ2twO1QH/jRxX9mKnJdFXCjZpB4DVFsw7StCnzC9 QL9JPqyHVGdyfIxjmDe4axmne1v2ms/QhYJ/hCOJXFc3JRkrdooXXGM9CxvIc+pAtYUz1wPbx3G QKRN+6QITGJpNYrPXekZc3HIkM+lNnlQFk1PN1X6xIz6N34qhrw8g8h+6d69gQFV0n8No/REE0h c235zrhykR32Mf8hXuVue9rDEwdbEFnD1qQmYaxucHLhbk/ge8P9rg8nqzHcwbmxEVYalWBOeQV 6Y6q2CCBCullu+upsEWGgKJE0ww89FdxIDPOP5s70QkEg== X-Received: by 127.0.0.2 with SMTP id 0xmvYY7687511x6KvRhUNlMU; Thu, 16 May 2024 00:35:06 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.18]) by mx.groups.io with SMTP id smtpd.web11.7789.1715844905439067609 for ; Thu, 16 May 2024 00:35:05 -0700 X-CSE-ConnectionGUID: EsOSnanTQTqrE53auLRijg== X-CSE-MsgGUID: wRgeBvlXTHewaSHulXq08A== X-IronPort-AV: E=McAfee;i="6600,9927,11074"; a="12100353" X-IronPort-AV: E=Sophos;i="6.08,163,1712646000"; d="scan'208";a="12100353" X-Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2024 00:35:05 -0700 X-CSE-ConnectionGUID: Gcp8oal5SdeprZlZ6uzs3g== X-CSE-MsgGUID: 0Iy63xzeSoqGPAm5YPYfRw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,163,1712646000"; d="scan'208";a="35776782" X-Received: from unknown (HELO qingyush-mobl.ccr.corp.intel.com) ([10.238.12.131]) by fmviesa005.fm.intel.com with ESMTP; 16 May 2024 00:35:04 -0700 From: "Qingyu" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li Subject: [edk2-devel] [PATCH V3 1/1] CryptoPkg: Remove deprecated code related to SHA-1 Date: Thu, 16 May 2024 15:34:46 +0800 Message-ID: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 16 May 2024 00:35:05 -0700 Resent-From: qingyu.shang@intel.com Reply-To: devel@edk2.groups.io,qingyu.shang@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: wmAfHxGPiqpIbORKlYapsXFzx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=X8Ivox+C; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4698 The default drbg type of randlib has been switched to aes_256_ctr in openssl1.1.1, so sha1 is not really used in RandomSeed(). Remove related code which do SHA-1 support checking in CryptRand.c and CryptRandTsc.c to avoid potential compatibility errors. Signed-off-by: Shang Qingyu Cc: Jiewen Yao Cc: Yi Li --- CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c | 8 -------- CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c | 8 -------- 2 files changed, 16 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c index 9e2fcefe084e..51c7435898c7 100644 --- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c +++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c @@ -42,14 +42,6 @@ RandomSeed ( return FALSE; } - // - // The software PRNG implementation built in OpenSSL depends on message digest algorithm. - // Make sure SHA-1 digest algorithm is available here. - // - if (EVP_add_digest (EVP_sha1 ()) == 0) { - return FALSE; - } - // // Seed the pseudorandom number generator with user-supplied value. // NOTE: A cryptographic PRNG must be seeded with unpredictable data. diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c index 30454bf10f9b..b94c16de562d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c +++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c @@ -40,14 +40,6 @@ RandomSeed ( return FALSE; } - // - // The software PRNG implementation built in OpenSSL depends on message digest algorithm. - // Make sure SHA-1 digest algorithm is available here. - // - if (EVP_add_digest (EVP_sha1 ()) == 0) { - return FALSE; - } - // // Seed the pseudorandom number generator with user-supplied value. // NOTE: A cryptographic PRNG must be seeded with unpredictable data. -- 2.44.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118949): https://edk2.groups.io/g/devel/message/118949 Mute This Topic: https://groups.io/mt/106130347/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-