diff options
author | Zhichao Gao <zhichao.gao@intel.com> | 2020-06-15 16:06:17 +0800 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-06-29 05:25:55 +0000 |
commit | acfd55579542de64418cd4fb1c5560524a79d61f (patch) | |
tree | ba0c1832f1a098d624a6d425ab96427225e1f997 /CryptoPkg | |
parent | 0060e0a694f3f249c3ec081b0e61287c36f64ebb (diff) | |
download | edk2-acfd55579542de64418cd4fb1c5560524a79d61f.tar.gz edk2-acfd55579542de64418cd4fb1c5560524a79d61f.tar.bz2 edk2-acfd55579542de64418cd4fb1c5560524a79d61f.zip |
CryptoPkg/BaseCryptLib: Add MARCO to disable the deprecated MD5
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
MD5 is deprecated but it is required for compatible issue.
So add a MARCO for the platform to disable the usage of MD5 for
security.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Diffstat (limited to 'CryptoPkg')
-rw-r--r-- | CryptoPkg/Driver/Crypto.c | 159 | ||||
-rw-r--r-- | CryptoPkg/Include/Library/BaseCryptLib.h | 2 | ||||
-rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 3 | ||||
-rw-r--r-- | CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 |
4 files changed, 165 insertions, 1 deletions
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 73ae566755..7e7e31a35e 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -243,6 +243,154 @@ DeprecatedCryptoServiceMd4HashAll ( return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE;
}
+#ifdef DISABLE_MD5_DEPRECATED_INTERFACES
+/**
+ Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
+
+ If this interface is not supported, then return zero.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+DeprecatedCryptoServiceMd5GetContextSize (
+ VOID
+ )
+{
+ return BaseCryptLibServiceDeprecated ("Md5GetContextSize"), 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by Md5Context as MD5 hash context for
+ subsequent use.
+
+ If Md5Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] Md5Context Pointer to MD5 context being initialized.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DeprecatedCryptoServiceMd5Init (
+ OUT VOID *Md5Context
+ )
+{
+ return BaseCryptLibServiceDeprecated ("Md5Init"), FALSE;
+}
+
+/**
+ Makes a copy of an existing MD5 context.
+
+ If Md5Context is NULL, then return FALSE.
+ If NewMd5Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Md5Context Pointer to MD5 context being copied.
+ @param[out] NewMd5Context Pointer to new MD5 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DeprecatedCryptoServiceMd5Duplicate (
+ IN CONST VOID *Md5Context,
+ OUT VOID *NewMd5Context
+ )
+{
+ return BaseCryptLibServiceDeprecated ("Md5Init"), FALSE;
+}
+
+/**
+ Digests the input data and updates MD5 context.
+
+ This function performs MD5 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ MD5 context should be already correctly initialized by Md5Init(), and should not be finalized
+ by Md5Final(). Behavior with invalid context is undefined.
+
+ If Md5Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] Md5Context Pointer to the MD5 context.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DeprecatedCryptoServiceMd5Update (
+ IN OUT VOID *Md5Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return BaseCryptLibServiceDeprecated ("Md5Init"), FALSE;
+}
+
+/**
+ Completes computation of the MD5 digest value.
+
+ This function completes MD5 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the MD5 context cannot
+ be used again.
+ MD5 context should be already correctly initialized by Md5Init(), and should not be
+ finalized by Md5Final(). Behavior with invalid MD5 context is undefined.
+
+ If Md5Context is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] Md5Context Pointer to the MD5 context.
+ @param[out] HashValue Pointer to a buffer that receives the MD5 digest
+ value (16 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DeprecatedCryptoServiceMd5Final (
+ IN OUT VOID *Md5Context,
+ OUT UINT8 *HashValue
+ )
+{
+ return BaseCryptLibServiceDeprecated ("Md5Final"), FALSE;
+}
+
+/**
+ Computes the MD5 message digest of a input data buffer.
+
+ This function performs the MD5 message digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the MD5 digest
+ value (16 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DeprecatedCryptoServiceMd5HashAll (
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ )
+{
+ return BaseCryptLibServiceDeprecated ("Md5HashAll"), FALSE;
+}
+#else
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@@ -400,6 +548,7 @@ CryptoServiceMd5HashAll ( {
return CALL_BASECRYPTLIB (Md5.Services.HashAll, Md5HashAll, (Data, DataSize, HashValue), FALSE);
}
+#endif
/**
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
@@ -4194,6 +4343,15 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { DeprecatedCryptoServiceMd4Update,
DeprecatedCryptoServiceMd4Final,
DeprecatedCryptoServiceMd4HashAll,
+#ifdef DISABLE_MD5_DEPRECATED_INTERFACES
+ /// Md5 - deprecated and unsupported
+ DeprecatedCryptoServiceMd5GetContextSize,
+ DeprecatedCryptoServiceMd5Init,
+ DeprecatedCryptoServiceMd5Duplicate,
+ DeprecatedCryptoServiceMd5Update,
+ DeprecatedCryptoServiceMd5Final,
+ DeprecatedCryptoServiceMd5HashAll,
+#else
/// Md5
CryptoServiceMd5GetContextSize,
CryptoServiceMd5Init,
@@ -4201,6 +4359,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { CryptoServiceMd5Update,
CryptoServiceMd5Final,
CryptoServiceMd5HashAll,
+#endif
/// Pkcs
CryptoServicePkcs1v2Encrypt,
CryptoServicePkcs5HashPassword,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 1b1ffa75ef..36483d1d2d 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -72,6 +72,7 @@ typedef enum { // One-Way Cryptographic Hash Primitives
//=====================================================================================
+#ifndef DISABLE_MD5_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@@ -211,6 +212,7 @@ Md5HashAll ( IN UINTN DataSize,
OUT UINT8 *HashValue
);
+#endif
/**
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c index 0e0d0ec54d..b85e7f4d12 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h"
#include <openssl/md5.h>
-
+#ifndef DISABLE_MD5_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@@ -223,3 +223,4 @@ Md5HashAll ( return TRUE;
}
}
+#endif
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index a614b61ed4..8897fd25e6 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -99,6 +99,7 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives
//=====================================================================================
+#ifndef DISABLE_MD5_DEPRECATED_INTERFACES
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
@@ -256,6 +257,7 @@ Md5HashAll ( {
CALL_CRYPTO_SERVICE (Md5HashAll, (Data, DataSize, HashValue), FALSE);
}
+#endif
/**
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
|