tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/BaseCrpytLib: Retire MD4 algorithm 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

MD4 is not secure any longer.
Remove the MD4 support from edk2.
Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
This commit is contained in:
Zhichao Gao 2020-04-17 15:37:59 +08:00 committed by mergify[bot]
parent aaa90aacaf
commit 0a6fc3d067
16 changed files with 62 additions and 1011 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CryptoPkg/CryptoPkg.dsc
View File

@ -140,7 +140,6 @@
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY

100
CryptoPkg/Driver/Crypto.c
View File

@ -124,161 +124,123 @@ CryptoServiceGetCryptoVersion (
//=====================================================================================
/**
Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
MD4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for MD4 hash operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
CryptoServiceMd4GetContextSize (
DeprecatedCryptoServiceMd4GetContextSize (
VOID
)
{
return CALL_BASECRYPTLIB (Md4.Services.GetContextSize, Md4GetContextSize, (), 0);
return BaseCryptLibServiceDeprecated ("Md4GetContextSize"), 0;
}
/**
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
subsequent use.
If Md4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
MD4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[out] Md4Context Pointer to MD4 context being initialized.
@retval TRUE MD4 context initialization succeeded.
@retval FALSE MD4 context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceMd4Init (
DeprecatedCryptoServiceMd4Init (
OUT VOID *Md4Context
)
{
return CALL_BASECRYPTLIB (Md4.Services.Init, Md4Init, (Md4Context), FALSE);
return BaseCryptLibServiceDeprecated ("Md4Init"), FALSE;
}
/**
Makes a copy of an existing MD4 context.
If Md4Context is NULL, then return FALSE.
If NewMd4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
MD4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
@retval TRUE MD4 context copy succeeded.
@retval FALSE MD4 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceMd4Duplicate (
DeprecatedCryptoServiceMd4Duplicate (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
)
{
return CALL_BASECRYPTLIB (Md4.Services.Duplicate, Md4Duplicate, (Md4Context, NewMd4Context), FALSE);
return BaseCryptLibServiceDeprecated ("Md4Duplicate"), FALSE;
}
/**
Digests the input data and updates MD4 context.
This function performs MD4 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
by Md4Final(). Behavior with invalid context is undefined.
If Md4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
MD4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE MD4 data digest succeeded.
@retval FALSE MD4 data digest failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceMd4Update (
DeprecatedCryptoServiceMd4Update (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
return CALL_BASECRYPTLIB (Md4.Services.Update, Md4Update, (Md4Context, Data, DataSize), FALSE);
return BaseCryptLibServiceDeprecated ("Md4Update"), FALSE;
}
/**
Completes computation of the MD4 digest value.
This function completes MD4 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the MD4 context cannot
be used again.
MD4 context should be already correctly initialized by Md4Init(), and should not be
finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
If Md4Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
MD4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceMd4Final (
DeprecatedCryptoServiceMd4Final (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
)
{
return CALL_BASECRYPTLIB (Md4.Services.Final, Md4Final, (Md4Context, HashValue), FALSE);
return BaseCryptLibServiceDeprecated ("Md4Final"), FALSE;
}
/**
Computes the MD4 message digest of a input data buffer.
This function performs the MD4 message digest of a given data buffer, and places
the digest value into the specified memory.
If this interface is not supported, then return FALSE.
MD4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
CryptoServiceMd4HashAll (
DeprecatedCryptoServiceMd4HashAll (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
)
{
return CALL_BASECRYPTLIB (Md4.Services.HashAll, Md4HashAll, (Data, DataSize, HashValue), FALSE);
return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE;
}
/**
@ -4440,13 +4402,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceHmacSha256Duplicate,
CryptoServiceHmacSha256Update,
CryptoServiceHmacSha256Final,
/// Md4
CryptoServiceMd4GetContextSize,
CryptoServiceMd4Init,
CryptoServiceMd4Duplicate,
CryptoServiceMd4Update,
CryptoServiceMd4Final,
CryptoServiceMd4HashAll,
/// Md4 - deprecated and unsupported
DeprecatedCryptoServiceMd4GetContextSize,
DeprecatedCryptoServiceMd4Init,
DeprecatedCryptoServiceMd4Duplicate,
DeprecatedCryptoServiceMd4Update,
DeprecatedCryptoServiceMd4Final,
DeprecatedCryptoServiceMd4HashAll,
/// Md5
CryptoServiceMd5GetContextSize,
CryptoServiceMd5Init,

145
CryptoPkg/Include/Library/BaseCryptLib.h
View File

@ -14,11 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Uefi/UefiBaseType.h>
///
/// MD4 digest size in bytes
///
#define MD4_DIGEST_SIZE 16
///
/// MD5 digest size in bytes
///
@ -77,146 +72,6 @@ typedef enum {
// One-Way Cryptographic Hash Primitives
//=====================================================================================
/**
Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for MD4 hash operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
Md4GetContextSize (
VOID
);
/**
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
subsequent use.
If Md4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[out] Md4Context Pointer to MD4 context being initialized.
@retval TRUE MD4 context initialization succeeded.
@retval FALSE MD4 context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Init (
OUT VOID *Md4Context
);
/**
Makes a copy of an existing MD4 context.
If Md4Context is NULL, then return FALSE.
If NewMd4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
@retval TRUE MD4 context copy succeeded.
@retval FALSE MD4 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Duplicate (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
);
/**
Digests the input data and updates MD4 context.
This function performs MD4 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
by Md4Final(). Behavior with invalid context is undefined.
If Md4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE MD4 data digest succeeded.
@retval FALSE MD4 data digest failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Update (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
);
/**
Completes computation of the MD4 digest value.
This function completes MD4 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the MD4 context cannot
be used again.
MD4 context should be already correctly initialized by Md4Init(), and should not be
finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
If Md4Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Final (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
);
/**
Computes the MD4 message digest of a input data buffer.
This function performs the MD4 message digest of a given data buffer, and places
the digest value into the specified memory.
If this interface is not supported, then return FALSE.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4HashAll (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
);
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.

3
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
View File

@ -6,7 +6,7 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@ -29,7 +29,6 @@
[Sources]
InternalCryptLib.h
Hash/CryptMd4.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c

223
CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
View File

@ -1,223 +0,0 @@
/** @file
MD4 Digest Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
#include <openssl/md4.h>
/**
Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
@return The size, in bytes, of the context buffer required for MD4 hash operations.
**/
UINTN
EFIAPI
Md4GetContextSize (
VOID
)
{
//
// Retrieves the OpenSSL MD4 Context Size
//
return (UINTN) (sizeof (MD4_CTX));
}
/**
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
subsequent use.
If Md4Context is NULL, then return FALSE.
@param[out] Md4Context Pointer to MD4 context being initialized.
@retval TRUE MD4 context initialization succeeded.
@retval FALSE MD4 context initialization failed.
**/
BOOLEAN
EFIAPI
Md4Init (
OUT VOID *Md4Context
)
{
//
// Check input parameters.
//
if (Md4Context == NULL) {
return FALSE;
}
//
// OpenSSL MD4 Context Initialization
//
return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context));
}
/**
Makes a copy of an existing MD4 context.
If Md4Context is NULL, then return FALSE.
If NewMd4Context is NULL, then return FALSE.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
@retval TRUE MD4 context copy succeeded.
@retval FALSE MD4 context copy failed.
**/
BOOLEAN
EFIAPI
Md4Duplicate (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
)
{
//
// Check input parameters.
//
if (Md4Context == NULL || NewMd4Context == NULL) {
return FALSE;
}
CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX));
return TRUE;
}
/**
Digests the input data and updates MD4 context.
This function performs MD4 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
by Md4Final(). Behavior with invalid context is undefined.
If Md4Context is NULL, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE MD4 data digest succeeded.
@retval FALSE MD4 data digest failed.
**/
BOOLEAN
EFIAPI
Md4Update (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
//
// Check input parameters.
//
if (Md4Context == NULL) {
return FALSE;
}
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
return FALSE;
}
//
// OpenSSL MD4 Hash Update
//
return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize));
}
/**
Completes computation of the MD4 digest value.
This function completes MD4 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the MD4 context cannot
be used again.
MD4 context should be already correctly initialized by Md4Init(), and should not be
finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
If Md4Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
**/
BOOLEAN
EFIAPI
Md4Final (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
)
{
//
// Check input parameters.
//
if (Md4Context == NULL || HashValue == NULL) {
return FALSE;
}
//
// OpenSSL MD4 Hash Finalization
//
return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context));
}
/**
Computes the MD4 message digest of a input data buffer.
This function performs the MD4 message digest of a given data buffer, and places
the digest value into the specified memory.
If this interface is not supported, then return FALSE.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4HashAll (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
)
{
//
// Check input parameters.
//
if (HashValue == NULL) {
return FALSE;
}
if (Data == NULL && DataSize != 0) {
return FALSE;
}
//
// OpenSSL MD4 Hash Computation.
//
if (MD4 (Data, DataSize, HashValue) == NULL) {
return FALSE;
} else {
return TRUE;
}
}

143
CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
View File

@ -1,143 +0,0 @@
/** @file
MD4 Digest Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for MD4 hash
operations.
Return zero to indicate this interface is not supported.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
Md4GetContextSize (
VOID
)
{
ASSERT (FALSE);
return 0;
}
/**
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
subsequent use.
Return FALSE to indicate this interface is not supported.
@param[out] Md4Context Pointer to MD4 context being initialized.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Init (
OUT VOID *Md4Context
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Makes a copy of an existing MD4 context.
Return FALSE to indicate this interface is not supported.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Duplicate (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Digests the input data and updates MD4 context.
Return FALSE to indicate this interface is not supported.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Update (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Completes computation of the MD4 digest value.
Return FALSE to indicate this interface is not supported.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Final (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Computes the MD4 message digest of a input data buffer.
Return FALSE to indicate this interface is not supported.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4HashAll (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
)
{
ASSERT (FALSE);
return FALSE;
}

5
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
View File

@ -6,14 +6,14 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Note: MD4 Digest functions,
# Note:
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
# supported in this instance.
#
# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@ -35,7 +35,6 @@
[Sources]
InternalCryptLib.h
Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c

6
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
View File

@ -6,13 +6,13 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
// generator functions are not supported in this instance.
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."

5
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
View File

@ -6,12 +6,12 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@ -35,7 +35,6 @@
[Sources]
InternalCryptLib.h
Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c

6
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
View File

@ -6,12 +6,12 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."

5
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
View File

@ -6,12 +6,12 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@ -34,7 +34,6 @@
[Sources]
InternalCryptLib.h
Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c

6
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
View File

@ -6,12 +6,12 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."

1
CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
View File

@ -29,7 +29,6 @@
[Sources]
InternalCryptLib.h
Hash/CryptMd4Null.c
Hash/CryptMd5Null.c
Hash/CryptSha1Null.c
Hash/CryptSha256Null.c

143
CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
View File

@ -1,143 +0,0 @@
/** @file
MD4 Digest Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for MD4 hash
operations.
Return zero to indicate this interface is not supported.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
Md4GetContextSize (
VOID
)
{
ASSERT (FALSE);
return 0;
}
/**
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
subsequent use.
Return FALSE to indicate this interface is not supported.
@param[out] Md4Context Pointer to MD4 context being initialized.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Init (
OUT VOID *Md4Context
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Makes a copy of an existing MD4 context.
Return FALSE to indicate this interface is not supported.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Duplicate (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Digests the input data and updates MD4 context.
Return FALSE to indicate this interface is not supported.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Update (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Completes computation of the MD4 digest value.
Return FALSE to indicate this interface is not supported.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Final (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Computes the MD4 message digest of a input data buffer.
Return FALSE to indicate this interface is not supported.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4HashAll (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
)
{
ASSERT (FALSE);
return FALSE;
}

158
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
View File

@ -99,164 +99,6 @@ CryptoServiceNotAvailable (
// One-Way Cryptographic Hash Primitives
//=====================================================================================
/**
Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for MD4 hash operations.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
Md4GetContextSize (
VOID
)
{
CALL_CRYPTO_SERVICE (Md4GetContextSize, (), 0);
}
/**
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
subsequent use.
If Md4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[out] Md4Context Pointer to MD4 context being initialized.
@retval TRUE MD4 context initialization succeeded.
@retval FALSE MD4 context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Init (
OUT VOID *Md4Context
)
{
CALL_CRYPTO_SERVICE (Md4Init, (Md4Context), FALSE);
}
/**
Makes a copy of an existing MD4 context.
If Md4Context is NULL, then return FALSE.
If NewMd4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
@retval TRUE MD4 context copy succeeded.
@retval FALSE MD4 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Duplicate (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
)
{
CALL_CRYPTO_SERVICE (Md4Duplicate, (Md4Context, NewMd4Context), FALSE);
}
/**
Digests the input data and updates MD4 context.
This function performs MD4 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
by Md4Final(). Behavior with invalid context is undefined.
If Md4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE MD4 data digest succeeded.
@retval FALSE MD4 data digest failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Update (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
CALL_CRYPTO_SERVICE (Md4Update, (Md4Context, Data, DataSize), FALSE);
}
/**
Completes computation of the MD4 digest value.
This function completes MD4 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the MD4 context cannot
be used again.
MD4 context should be already correctly initialized by Md4Init(), and should not be
finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
If Md4Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Final (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
)
{
CALL_CRYPTO_SERVICE (Md4Final, (Md4Context, HashValue), FALSE);
}
/**
Computes the MD4 message digest of a input data buffer.
This function performs the MD4 message digest of a given data buffer, and places
the digest value into the specified memory.
If this interface is not supported, then return FALSE.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4HashAll (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
)
{
CALL_CRYPTO_SERVICE (Md4HashAll, (Data, DataSize, HashValue), FALSE);
}
/**
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.

123
CryptoPkg/Private/Protocol/Crypto.h
View File

@ -451,145 +451,52 @@ BOOLEAN
//=====================================================================================
/**
Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
If this interface is not supported, then return zero.
@return The size, in bytes, of the context buffer required for MD4 hash operations.
@retval 0 This interface is not supported.
MD4 is deprecated and unsupported any longer.
Keep the function field for binary compability.
**/
typedef
UINTN
(EFIAPI *EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE) (
VOID
);
/**
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
subsequent use.
If Md4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[out] Md4Context Pointer to MD4 context being initialized.
@retval TRUE MD4 context initialization succeeded.
@retval FALSE MD4 context initialization failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD4_INIT) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_INIT) (
OUT VOID *Md4Context
);
/**
Makes a copy of an existing MD4 context.
If Md4Context is NULL, then return FALSE.
If NewMd4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
@retval TRUE MD4 context copy succeeded.
@retval FALSE MD4 context copy failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD4_DUPLICATE) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE) (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
);
/**
Digests the input data and updates MD4 context.
This function performs MD4 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
by Md4Final(). Behavior with invalid context is undefined.
If Md4Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE MD4 data digest succeeded.
@retval FALSE MD4 data digest failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD4_UPDATE) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_UPDATE) (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
);
/**
Completes computation of the MD4 digest value.
This function completes MD4 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the MD4 context cannot
be used again.
MD4 context should be already correctly initialized by Md4Init(), and should not be
finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
If Md4Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD4_FINAL) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_FINAL) (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
);
/**
Computes the MD4 message digest of a input data buffer.
This function performs the MD4 message digest of a given data buffer, and places
the digest value into the specified memory.
If this interface is not supported, then return FALSE.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
typedef
BOOLEAN
(EFIAPI *EDKII_CRYPTO_MD4_HASH_ALL) (
(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL) (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
@ -4007,13 +3914,13 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;
EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;
EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;
/// Md4
EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE Md4GetContextSize;
EDKII_CRYPTO_MD4_INIT Md4Init;
EDKII_CRYPTO_MD4_DUPLICATE Md4Duplicate;
EDKII_CRYPTO_MD4_UPDATE Md4Update;
EDKII_CRYPTO_MD4_FINAL Md4Final;
EDKII_CRYPTO_MD4_HASH_ALL Md4HashAll;
/// Md4 - deprecated and unsupported
DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetContextSize;
DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;
DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE DeprecatedMd4Duplicate;
DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update;
DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final;
DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll;
/// Md5
EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize;
EDKII_CRYPTO_MD5_INIT Md5Init;