From cdfc7ed34fd1ddfc9cb1dfbc339f940950638f8d Mon Sep 17 00:00:00 2001 From: Zhichao Gao Date: Thu, 27 Aug 2020 15:48:59 +0800 Subject: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2943 Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES. SHA1 is deprecated function and the MACRO is used to remove the whole implementation of the SHA1. For the platforms that do not need SHA1 for security, the MACRO should works for DxeImageVerificationLib as well. Signed-off-by: Zhichao Gao Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Qi Zhang Reviewed-by: Jiewen Yao Reviewed-by: Jian J Wang --- .../DxeImageVerificationLib/DxeImageVerificationLib.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 11154b6cc5..c48861cd64 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -59,7 +59,11 @@ UINT8 mHashOidValue[] = { }; HASH_TABLE mHash[] = { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final }, +#else + { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL }, +#endif { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL }, { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final}, { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final}, @@ -315,10 +319,12 @@ HashPeImage ( ZeroMem (mImageDigest, MAX_DIGEST_SIZE); switch (HashAlg) { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case HASHALG_SHA1: mImageDigestSize = SHA1_DIGEST_SIZE; mCertType = gEfiCertSha1Guid; break; +#endif case HASHALG_SHA256: mImageDigestSize = SHA256_DIGEST_SIZE;