diff options
| author | Zhichao Gao <zhichao.gao@intel.com> | 2020-04-23 16:20:19 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-05-15 07:22:36 +0000 |
| commit | c812d3209c695a9048783b6d1c231fcc4624dcbf (patch) | |
| tree | bed68536d59161b40c9a51a95a28630e31e497eb /CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni | |
| parent | b6174e2d09bd03b71e13f8b842c92ae44b25a3ff (diff) | |
| download | edk2-c812d3209c695a9048783b6d1c231fcc4624dcbf.tar.gz edk2-c812d3209c695a9048783b6d1c231fcc4624dcbf.tar.bz2 edk2-c812d3209c695a9048783b6d1c231fcc4624dcbf.zip | |
CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
HMAC SHA1 is not secure any longer.
Remove the HMAC SHA1 support from edk2.
Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni')
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni index f7e1acb3a7..0cf378c5ab 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni @@ -6,7 +6,7 @@ // This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-SHA1 functions, AES
+// Note: AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
@@ -20,5 +20,5 @@ #string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
|