Zhichao, Thanks for making this patch series.
Just two comments for patch 3: (1) If possible, please group patch file based on module unit. For this patch, I think at least OpensslLib can be put in separate patch file. (2) Please update process_files.pl in OpensslLib to generate OpensslLibXxx.inf and opensslconf.h. Regards, Jian > -----Original Message----- > From: Gao, Zhichao <zhichao....@intel.com> > Sent: Thursday, May 07, 2020 7:58 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.w...@intel.com>; Lu, XiaoyuX <xiaoyux...@intel.com>; > Fu, Siyuan <siyuan...@intel.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; Yao, Jiewen <jiewen....@intel.com> > Subject: [PATCH V3 3/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 > > ARC4 is not secure any longer. > Remove the ARC4 support from edk2. > Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the > function is unsupported any longer. > > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Xiaoyu Lu <xiaoyux...@intel.com> > Cc: Siyuan Fu <siyuan...@intel.com> > Cc: Michael D Kinney <michael.d.kin...@intel.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Signed-off-by: Zhichao Gao <zhichao....@intel.com> > --- > CryptoPkg/Driver/Crypto.c | 125 ++--------- > CryptoPkg/Include/Library/BaseCryptLib.h | 132 ----------- > .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - > .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------------------ > .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----------- > .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- > .../Library/BaseCryptLib/PeiCryptLib.uni | 4 +- > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 4 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- > .../Library/BaseCryptLib/SmmCryptLib.uni | 4 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - > .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----------- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 147 ------------- > .../Library/Include/openssl/opensslconf.h | 3 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 3 - > .../Library/OpensslLib/OpensslLibCrypto.inf | 3 - > CryptoPkg/Private/Protocol/Crypto.h | 115 ++-------- > 18 files changed, 43 insertions(+), 961 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index 95fc834bde..388a6e4b4b 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -1982,150 +1982,61 @@ CryptoServiceAesCbcDecrypt ( > } > > /** > - Retrieves the size, in bytes, of the context buffer required for ARC4 > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for ARC4 > operations. > - @retval 0 This interface is not supported. > + ARC4 is deprecated and unsupported any longer. > + Keep the function field for binary compability. > > **/ > UINTN > EFIAPI > -CryptoServiceArc4GetContextSize ( > +DeprecatedCryptoServiceArc4GetContextSize ( > VOID > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize, > Arc4GetContextSize, (), 0); > + return BaseCryptLibServciceDeprecated ("Arc4GetContextSize"), 0; > } > > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context as > ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encryption > and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceArc4Init ( > +DeprecatedCryptoServiceArc4Init ( > OUT VOID *Arc4Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, Key, > KeySize), FALSE); > + return BaseCryptLibServciceDeprecated ("Arc4Init"), FALSE; > } > > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceArc4Encrypt ( > +DeprecatedCryptoServiceArc4Encrypt ( > IN OUT VOID *Arc4Context, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Context, > Input, InputSize, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("Arc4Encrypt"), FALSE; > } > > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceArc4Decrypt ( > +DeprecatedCryptoServiceArc4Decrypt ( > IN OUT VOID *Arc4Context, > IN UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Context, > Input, InputSize, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("Arc4Decrypt"), FALSE; > } > > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately after > the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but > ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceArc4Reset ( > +DeprecatedCryptoServiceArc4Reset ( > IN OUT VOID *Arc4Context > ) > { > - return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context), > FALSE); > + return BaseCryptLibServciceDeprecated ("Arc4Reset"), FALSE; > } > > > //=============================================================== > ====================== > @@ -4447,12 +4358,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { > CryptoServiceAesEcbDecrypt, > CryptoServiceAesCbcEncrypt, > CryptoServiceAesCbcDecrypt, > - /// Arc4 > - CryptoServiceArc4GetContextSize, > - CryptoServiceArc4Init, > - CryptoServiceArc4Encrypt, > - CryptoServiceArc4Decrypt, > - CryptoServiceArc4Reset, > + /// Arc4 - deprecated and unsupported > + DeprecatedCryptoServiceArc4GetContextSize, > + DeprecatedCryptoServiceArc4Init, > + DeprecatedCryptoServiceArc4Encrypt, > + DeprecatedCryptoServiceArc4Decrypt, > + DeprecatedCryptoServiceArc4Reset, > /// SM3 > CryptoServiceSm3GetContextSize, > CryptoServiceSm3Init, > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index c862f0334f..25e236c4a3 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -1667,138 +1667,6 @@ AesCbcDecrypt ( > OUT UINT8 *Output > ); > > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for ARC4 > operations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ); > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context as > ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encryption > and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ); > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately after > the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but > ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ); > - > > //=============================================================== > ====================== > // Asymmetric Cryptography Primitive > > //=============================================================== > ====================== > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > index 22992e7d43..da38ea552f 100644 > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -40,7 +40,6 @@ > Kdf/CryptHkdf.c > Cipher/CryptAes.c > Cipher/CryptTdes.c > - Cipher/CryptArc4.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExt.c > Pk/CryptPkcs1Oaep.c > diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > deleted file mode 100644 > index 388d312bed..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > +++ /dev/null > @@ -1,205 +0,0 @@ > -/** @file > - ARC4 Wrapper Implementation over OpenSSL. > - > -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR> > -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > -#include <openssl/rc4.h> > - > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 > operations. > - > - @return The size, in bytes, of the context buffer required for ARC4 > operations. > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ) > -{ > - // > - // Memory for 2 copies of RC4_KEY is allocated, one for working copy, and > the other > - // for backup copy. When Arc4Reset() is called, we can use the backup copy > to > restore > - // the working copy to the initial state. > - // > - return (UINTN) (2 * sizeof (RC4_KEY)); > -} > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context as > ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encryption > and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - RC4_KEY *Rc4Key; > - > - // > - // Check input parameters. > - // > - if (Arc4Context == NULL || Key == NULL || (KeySize < 5 || KeySize > 256)) { > - return FALSE; > - } > - > - Rc4Key = (RC4_KEY *) Arc4Context; > - > - RC4_set_key (Rc4Key, (UINT32) KeySize, Key); > - > - CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY)); > - > - return TRUE; > -} > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - RC4_KEY *Rc4Key; > - > - // > - // Check input parameters. > - // > - if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > > INT_MAX) { > - return FALSE; > - } > - > - Rc4Key = (RC4_KEY *) Arc4Context; > - > - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); > - > - return TRUE; > -} > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - RC4_KEY *Rc4Key; > - > - // > - // Check input parameters. > - // > - if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > > INT_MAX) { > - return FALSE; > - } > - > - Rc4Key = (RC4_KEY *) Arc4Context; > - > - RC4 (Rc4Key, (UINT32) InputSize, Input, Output); > - > - return TRUE; > -} > - > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately after > the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but > ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ) > -{ > - RC4_KEY *Rc4Key; > - > - // > - // Check input parameters. > - // > - if (Arc4Context == NULL) { > - return FALSE; > - } > - > - Rc4Key = (RC4_KEY *) Arc4Context; > - > - CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY)); > - > - return TRUE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > deleted file mode 100644 > index 1f09bfa30e..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > +++ /dev/null > @@ -1,124 +0,0 @@ > -/** @file > - ARC4 Wrapper Implementation which does not provide real capabilities. > - > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR> > -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 > operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > encryption output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > decryption output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Resets the ARC4 context to the initial state. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > index e9add0127d..f43953b78c 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 > functions, RSA external > +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, > RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, > X.509 > # certificate handler functions, authenticode signature verification > functions, > # PEM handler functions, and pseudorandom number generator functions are > not > @@ -46,7 +46,6 @@ > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > Cipher/CryptTdesNull.c > - Cipher/CryptArc4Null.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1OaepNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > index 374bfb3f65..5abd8e8dfb 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > @@ -7,7 +7,7 @@ > // buffer overflow or integer overflow. > // > // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > +// TDES functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, X.509 certificate handler functions, > authenticode > // signature verification functions, PEM handler functions, and pseudorandom > number > // generator functions are not supported in this instance. > @@ -21,5 +21,5 @@ > > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for PEIM" > > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, > PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate > handler functions, authenticode signature verification functions, PEM handler > functions, and pseudorandom number generator functions are not supported in > this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler > functions, authenticode signature verification functions, PEM handler > functions, > and pseudorandom number generator functions are not supported in this > instance." > > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > index 0a2eb03232..f1eb099b67 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 > functions, RSA external > +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, > RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and > # authenticode signature verification functions are not supported in this > instance. > # > @@ -46,7 +46,6 @@ > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > Cipher/CryptTdesNull.c > - Cipher/CryptArc4Null.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1OaepNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > index b6d751176e..5a48d2a308 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > @@ -7,7 +7,7 @@ > // buffer overflow or integer overflow. > // > // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > +// TDES functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification > functions > are > // not supported in this instance. > // > @@ -20,5 +20,5 @@ > > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for DXE_RUNTIME_DRIVER" > > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, > PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode > signature verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode > signature > verification functions are not supported in this instance." > > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > index 139983075e..3a94655775 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA > external > +# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and > # authenticode signature verification functions are not supported in this > instance. > # > @@ -45,7 +45,6 @@ > Kdf/CryptHkdfNull.c > Cipher/CryptAes.c > Cipher/CryptTdesNull.c > - Cipher/CryptArc4Null.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1Oaep.c > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > index b8d7953d2b..0561f107e8 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > @@ -7,7 +7,7 @@ > // buffer overflow or integer overflow. > // > // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign > functions, > +// TDES functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification > functions > are > // not supported in this instance. > // > @@ -20,5 +20,5 @@ > > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for SMM driver" > > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, > PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode > signature verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode > signature > verification functions are not supported in this instance." > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > index b03681b146..a205c9005d 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > @@ -40,7 +40,6 @@ > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > Cipher/CryptTdesNull.c > - Cipher/CryptArc4Null.c > Pk/CryptRsaBasicNull.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1OaepNull.c > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > deleted file mode 100644 > index 1f09bfa30e..0000000000 > --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > +++ /dev/null > @@ -1,124 +0,0 @@ > -/** @file > - ARC4 Wrapper Implementation which does not provide real capabilities. > - > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR> > -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 > operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > encryption output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > decryption output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Resets the ARC4 context to the initial state. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index 5e470028f4..77915bdb86 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -1892,153 +1892,6 @@ AesCbcDecrypt ( > CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ivec, > Output), FALSE); > } > > -/** > - Retrieves the size, in bytes, of the context buffer required for ARC4 > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for ARC4 > operations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -Arc4GetContextSize ( > - VOID > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4GetContextSize, (), 0); > -} > - > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context as > ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encryption > and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Init ( > - OUT VOID *Arc4Context, > - IN CONST UINT8 *Key, > - IN UINTN KeySize > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4Init, (Arc4Context, Key, KeySize), FALSE); > -} > - > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Encrypt ( > - IN OUT VOID *Arc4Context, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4Encrypt, (Arc4Context, Input, InputSize, Output), > FALSE); > -} > - > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Decrypt ( > - IN OUT VOID *Arc4Context, > - IN UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4Decrypt, (Arc4Context, Input, InputSize, Output), > FALSE); > -} > - > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately after > the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but > ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -Arc4Reset ( > - IN OUT VOID *Arc4Context > - ) > -{ > - CALL_CRYPTO_SERVICE (Arc4Reset, (Arc4Context), FALSE); > -} > - > > //=============================================================== > ====================== > // Asymmetric Cryptography Primitive > > //=============================================================== > ====================== > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > index 4f3f9ba377..22acabef87 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -244,6 +244,9 @@ extern "C" { > #ifndef OPENSSL_NO_MD4 > # define OPENSSL_NO_MD4 > #endif > +#ifndef OPENSSL_NO_RC4 > +# define OPENSSL_NO_RC4 > +#endif > > > /* > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index 10710e4a7c..dfaefd1c08 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -374,8 +374,6 @@ > $(OPENSSL_PATH)/crypto/rand/rand_unix.c > $(OPENSSL_PATH)/crypto/rand/rand_vms.c > $(OPENSSL_PATH)/crypto/rand/rand_win.c > - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c > - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c > $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c > $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c > $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c > @@ -531,7 +529,6 @@ > $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h > $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h > $(OPENSSL_PATH)/crypto/rand/rand_lcl.h > - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h > $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h > $(OPENSSL_PATH)/crypto/sha/sha_locl.h > $(OPENSSL_PATH)/crypto/siphash/siphash_local.h > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index d9782a3098..080e1d9305 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -374,8 +374,6 @@ > $(OPENSSL_PATH)/crypto/rand/rand_unix.c > $(OPENSSL_PATH)/crypto/rand/rand_vms.c > $(OPENSSL_PATH)/crypto/rand/rand_win.c > - $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c > - $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c > $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c > $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c > $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c > @@ -531,7 +529,6 @@ > $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h > $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h > $(OPENSSL_PATH)/crypto/rand/rand_lcl.h > - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h > $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h > $(OPENSSL_PATH)/crypto/sha/sha_locl.h > $(OPENSSL_PATH)/crypto/siphash/siphash_local.h > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index ae0f29695c..f36c5c1aff 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -2785,134 +2785,45 @@ BOOLEAN > ); > > /** > - Retrieves the size, in bytes, of the context buffer required for ARC4 > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for ARC4 > operations. > - @retval 0 This interface is not supported. > + ARC4 is deprecated and unsupported any longer. > + Keep the function field for binary compability. > > **/ > typedef > UINTN > -(EFIAPI *EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) ( > VOID > ); > > -/** > - Initializes user-supplied memory as ARC4 context for subsequent use. > - > - This function initializes user-supplied memory pointed by Arc4Context as > ARC4 > context. > - In addition, it sets up all ARC4 key materials for subsequent encryption > and > decryption > - operations. > - > - If Arc4Context is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeySize does not in the range of [5, 256] bytes, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] Arc4Context Pointer to ARC4 context being initialized. > - @param[in] Key Pointer to the user-supplied ARC4 key. > - @param[in] KeySize Size of ARC4 key in bytes. > - > - @retval TRUE ARC4 context initialization succeeded. > - @retval FALSE ARC4 context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_ARC4_INIT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_INIT) ( > OUT VOID *Arc4Context, > IN CONST UINT8 *Key, > IN UINTN KeySize > ); > > -/** > - Performs ARC4 encryption on a data buffer of the specified size. > - > - This function performs ARC4 encryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > encryption output. > - > - @retval TRUE ARC4 encryption succeeded. > - @retval FALSE ARC4 encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_ARC4_ENCRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT) ( > IN OUT VOID *Arc4Context, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ); > > -/** > - Performs ARC4 decryption on a data buffer of the specified size. > - > - This function performs ARC4 decryption on data buffer pointed by Input, of > specified > - size of InputSize. > - Arc4Context should be already correctly initialized by Arc4Init(). > Behavior with > - invalid ARC4 context is undefined. > - > - If Arc4Context is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - @param[in] Input Pointer to the buffer containing the data to > be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the ARC4 > decryption output. > - > - @retval TRUE ARC4 decryption succeeded. > - @retval FALSE ARC4 decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_ARC4_DECRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT) ( > IN OUT VOID *Arc4Context, > IN UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ); > > -/** > - Resets the ARC4 context to the initial state. > - > - The function resets the ARC4 context to the state it had immediately after > the > - ARC4Init() function call. > - Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but > ARC4 > context > - should be already correctly initialized by ARC4Init(). > - > - If Arc4Context is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in, out] Arc4Context Pointer to the ARC4 context. > - > - @retval TRUE ARC4 reset succeeded. > - @retval FALSE ARC4 reset failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_ARC4_RESET) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_RESET) ( > IN OUT VOID *Arc4Context > ); > > @@ -4014,12 +3925,12 @@ struct _EDKII_CRYPTO_PROTOCOL { > EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt; > EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; > EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; > - /// Arc4 > - EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE Arc4GetContextSize; > - EDKII_CRYPTO_ARC4_INIT Arc4Init; > - EDKII_CRYPTO_ARC4_ENCRYPT Arc4Encrypt; > - EDKII_CRYPTO_ARC4_DECRYPT Arc4Decrypt; > - EDKII_CRYPTO_ARC4_RESET Arc4Reset; > + /// Arc4 - deprecated and unsupported > + DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE > DeprecatedArc4GetContextSize; > + DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init; > + DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encrypt; > + DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decrypt; > + DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset; > /// SM3 > EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize; > EDKII_CRYPTO_SM3_INIT Sm3Init; > -- > 2.21.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#58884): https://edk2.groups.io/g/devel/message/58884 Mute This Topic: https://groups.io/mt/74041191/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-