Zhichao,

Thanks for making this patch series.

Just two comments for patch 3:
(1) If possible, please group patch file based on module unit. For this patch,
I think at least OpensslLib can be put in separate patch file.
(2) Please update process_files.pl in OpensslLib to generate OpensslLibXxx.inf
and opensslconf.h.

Regards,
Jian

> -----Original Message-----
> From: Gao, Zhichao <zhichao....@intel.com>
> Sent: Thursday, May 07, 2020 7:58 AM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.w...@intel.com>; Lu, XiaoyuX <xiaoyux...@intel.com>;
> Fu, Siyuan <siyuan...@intel.com>; Kinney, Michael D
> <michael.d.kin...@intel.com>; Yao, Jiewen <jiewen....@intel.com>
> Subject: [PATCH V3 3/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> 
> ARC4 is not secure any longer.
> Remove the ARC4 support from edk2.
> Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
> function is unsupported any longer.
> 
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Xiaoyu Lu <xiaoyux...@intel.com>
> Cc: Siyuan Fu <siyuan...@intel.com>
> Cc: Michael D Kinney <michael.d.kin...@intel.com>
> Cc: Jiewen Yao <jiewen....@intel.com>
> Signed-off-by: Zhichao Gao <zhichao....@intel.com>
> ---
>  CryptoPkg/Driver/Crypto.c                     | 125 ++---------
>  CryptoPkg/Include/Library/BaseCryptLib.h      | 132 -----------
>  .../Library/BaseCryptLib/BaseCryptLib.inf     |   1 -
>  .../Library/BaseCryptLib/Cipher/CryptArc4.c   | 205 ------------------
>  .../BaseCryptLib/Cipher/CryptArc4Null.c       | 124 -----------
>  .../Library/BaseCryptLib/PeiCryptLib.inf      |   3 +-
>  .../Library/BaseCryptLib/PeiCryptLib.uni      |   4 +-
>  .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   3 +-
>  .../Library/BaseCryptLib/RuntimeCryptLib.uni  |   4 +-
>  .../Library/BaseCryptLib/SmmCryptLib.inf      |   3 +-
>  .../Library/BaseCryptLib/SmmCryptLib.uni      |   4 +-
>  .../BaseCryptLibNull/BaseCryptLibNull.inf     |   1 -
>  .../BaseCryptLibNull/Cipher/CryptArc4Null.c   | 124 -----------
>  .../BaseCryptLibOnProtocolPpi/CryptLib.c      | 147 -------------
>  .../Library/Include/openssl/opensslconf.h     |   3 +
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf   |   3 -
>  .../Library/OpensslLib/OpensslLibCrypto.inf   |   3 -
>  CryptoPkg/Private/Protocol/Crypto.h           | 115 ++--------
>  18 files changed, 43 insertions(+), 961 deletions(-)
>  delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
>  delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
>  delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> 
> diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
> index 95fc834bde..388a6e4b4b 100644
> --- a/CryptoPkg/Driver/Crypto.c
> +++ b/CryptoPkg/Driver/Crypto.c
> @@ -1982,150 +1982,61 @@ CryptoServiceAesCbcDecrypt (
>  }
> 
>  /**
> -  Retrieves the size, in bytes, of the context buffer required for ARC4 
> operations.
> -
> -  If this interface is not supported, then return zero.
> -
> -  @return  The size, in bytes, of the context buffer required for ARC4 
> operations.
> -  @retval  0   This interface is not supported.
> +  ARC4 is deprecated and unsupported any longer.
> +  Keep the function field for binary compability.
> 
>  **/
>  UINTN
>  EFIAPI
> -CryptoServiceArc4GetContextSize (
> +DeprecatedCryptoServiceArc4GetContextSize (
>    VOID
>    )
>  {
> -  return CALL_BASECRYPTLIB (Arc4.Services.GetContextSize,
> Arc4GetContextSize, (), 0);
> +  return BaseCryptLibServciceDeprecated ("Arc4GetContextSize"), 0;
>  }
> 
> -/**
> -  Initializes user-supplied memory as ARC4 context for subsequent use.
> -
> -  This function initializes user-supplied memory pointed by Arc4Context as 
> ARC4
> context.
> -  In addition, it sets up all ARC4 key materials for subsequent encryption 
> and
> decryption
> -  operations.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Key is NULL, then return FALSE.
> -  If KeySize does not in the range of [5, 256] bytes, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
> -  @param[in]   Key          Pointer to the user-supplied ARC4 key.
> -  @param[in]   KeySize      Size of ARC4 key in bytes.
> -
> -  @retval TRUE   ARC4 context initialization succeeded.
> -  @retval FALSE  ARC4 context initialization failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
>  BOOLEAN
>  EFIAPI
> -CryptoServiceArc4Init (
> +DeprecatedCryptoServiceArc4Init (
>    OUT  VOID         *Arc4Context,
>    IN   CONST UINT8  *Key,
>    IN   UINTN        KeySize
>    )
>  {
> -  return CALL_BASECRYPTLIB (Arc4.Services.Init, Arc4Init, (Arc4Context, Key,
> KeySize), FALSE);
> +  return BaseCryptLibServciceDeprecated ("Arc4Init"), FALSE;
>  }
> 
> -/**
> -  Performs ARC4 encryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 encryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> encrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> encryption output.
> -
> -  @retval TRUE   ARC4 encryption succeeded.
> -  @retval FALSE  ARC4 encryption failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
>  BOOLEAN
>  EFIAPI
> -CryptoServiceArc4Encrypt (
> +DeprecatedCryptoServiceArc4Encrypt (
>    IN OUT  VOID         *Arc4Context,
>    IN      CONST UINT8  *Input,
>    IN      UINTN        InputSize,
>    OUT     UINT8        *Output
>    )
>  {
> -  return CALL_BASECRYPTLIB (Arc4.Services.Encrypt, Arc4Encrypt, (Arc4Context,
> Input, InputSize, Output), FALSE);
> +  return BaseCryptLibServciceDeprecated ("Arc4Encrypt"), FALSE;
>  }
> 
> -/**
> -  Performs ARC4 decryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 decryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> decrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> decryption output.
> -
> -  @retval TRUE   ARC4 decryption succeeded.
> -  @retval FALSE  ARC4 decryption failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
>  BOOLEAN
>  EFIAPI
> -CryptoServiceArc4Decrypt (
> +DeprecatedCryptoServiceArc4Decrypt (
>    IN OUT  VOID   *Arc4Context,
>    IN      UINT8  *Input,
>    IN      UINTN  InputSize,
>    OUT     UINT8  *Output
>    )
>  {
> -  return CALL_BASECRYPTLIB (Arc4.Services.Decrypt, Arc4Decrypt, (Arc4Context,
> Input, InputSize, Output), FALSE);
> +  return BaseCryptLibServciceDeprecated ("Arc4Decrypt"), FALSE;
>  }
> 
> -/**
> -  Resets the ARC4 context to the initial state.
> -
> -  The function resets the ARC4 context to the state it had immediately after 
> the
> -  ARC4Init() function call.
> -  Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but 
> ARC4
> context
> -  should be already correctly initialized by ARC4Init().
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -
> -  @retval TRUE   ARC4 reset succeeded.
> -  @retval FALSE  ARC4 reset failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
>  BOOLEAN
>  EFIAPI
> -CryptoServiceArc4Reset (
> +DeprecatedCryptoServiceArc4Reset (
>    IN OUT  VOID  *Arc4Context
>    )
>  {
> -  return CALL_BASECRYPTLIB (Arc4.Services.Reset, Arc4Reset, (Arc4Context),
> FALSE);
> +  return BaseCryptLibServciceDeprecated ("Arc4Reset"), FALSE;
>  }
> 
> 
> //===============================================================
> ======================
> @@ -4447,12 +4358,12 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
>    CryptoServiceAesEcbDecrypt,
>    CryptoServiceAesCbcEncrypt,
>    CryptoServiceAesCbcDecrypt,
> -  /// Arc4
> -  CryptoServiceArc4GetContextSize,
> -  CryptoServiceArc4Init,
> -  CryptoServiceArc4Encrypt,
> -  CryptoServiceArc4Decrypt,
> -  CryptoServiceArc4Reset,
> +  /// Arc4 - deprecated and unsupported
> +  DeprecatedCryptoServiceArc4GetContextSize,
> +  DeprecatedCryptoServiceArc4Init,
> +  DeprecatedCryptoServiceArc4Encrypt,
> +  DeprecatedCryptoServiceArc4Decrypt,
> +  DeprecatedCryptoServiceArc4Reset,
>    /// SM3
>    CryptoServiceSm3GetContextSize,
>    CryptoServiceSm3Init,
> diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> b/CryptoPkg/Include/Library/BaseCryptLib.h
> index c862f0334f..25e236c4a3 100644
> --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> @@ -1667,138 +1667,6 @@ AesCbcDecrypt (
>    OUT  UINT8        *Output
>    );
> 
> -/**
> -  Retrieves the size, in bytes, of the context buffer required for ARC4 
> operations.
> -
> -  If this interface is not supported, then return zero.
> -
> -  @return  The size, in bytes, of the context buffer required for ARC4 
> operations.
> -  @retval  0   This interface is not supported.
> -
> -**/
> -UINTN
> -EFIAPI
> -Arc4GetContextSize (
> -  VOID
> -  );
> -
> -/**
> -  Initializes user-supplied memory as ARC4 context for subsequent use.
> -
> -  This function initializes user-supplied memory pointed by Arc4Context as 
> ARC4
> context.
> -  In addition, it sets up all ARC4 key materials for subsequent encryption 
> and
> decryption
> -  operations.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Key is NULL, then return FALSE.
> -  If KeySize does not in the range of [5, 256] bytes, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
> -  @param[in]   Key          Pointer to the user-supplied ARC4 key.
> -  @param[in]   KeySize      Size of ARC4 key in bytes.
> -
> -  @retval TRUE   ARC4 context initialization succeeded.
> -  @retval FALSE  ARC4 context initialization failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Init (
> -  OUT  VOID         *Arc4Context,
> -  IN   CONST UINT8  *Key,
> -  IN   UINTN        KeySize
> -  );
> -
> -/**
> -  Performs ARC4 encryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 encryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> encrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> encryption output.
> -
> -  @retval TRUE   ARC4 encryption succeeded.
> -  @retval FALSE  ARC4 encryption failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Encrypt (
> -  IN OUT  VOID         *Arc4Context,
> -  IN      CONST UINT8  *Input,
> -  IN      UINTN        InputSize,
> -  OUT     UINT8        *Output
> -  );
> -
> -/**
> -  Performs ARC4 decryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 decryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> decrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> decryption output.
> -
> -  @retval TRUE   ARC4 decryption succeeded.
> -  @retval FALSE  ARC4 decryption failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Decrypt (
> -  IN OUT  VOID   *Arc4Context,
> -  IN      UINT8  *Input,
> -  IN      UINTN  InputSize,
> -  OUT     UINT8  *Output
> -  );
> -
> -/**
> -  Resets the ARC4 context to the initial state.
> -
> -  The function resets the ARC4 context to the state it had immediately after 
> the
> -  ARC4Init() function call.
> -  Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but 
> ARC4
> context
> -  should be already correctly initialized by ARC4Init().
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -
> -  @retval TRUE   ARC4 reset succeeded.
> -  @retval FALSE  ARC4 reset failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Reset (
> -  IN OUT  VOID  *Arc4Context
> -  );
> -
> 
> //===============================================================
> ======================
>  //    Asymmetric Cryptography Primitive
> 
> //===============================================================
> ======================
> diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> index 22992e7d43..da38ea552f 100644
> --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> @@ -40,7 +40,6 @@
>    Kdf/CryptHkdf.c
>    Cipher/CryptAes.c
>    Cipher/CryptTdes.c
> -  Cipher/CryptArc4.c
>    Pk/CryptRsaBasic.c
>    Pk/CryptRsaExt.c
>    Pk/CryptPkcs1Oaep.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> deleted file mode 100644
> index 388d312bed..0000000000
> --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> +++ /dev/null
> @@ -1,205 +0,0 @@
> -/** @file
> -  ARC4 Wrapper Implementation over OpenSSL.
> -
> -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> -
> -**/
> -
> -#include "InternalCryptLib.h"
> -#include <openssl/rc4.h>
> -
> -/**
> -  Retrieves the size, in bytes, of the context buffer required for ARC4 
> operations.
> -
> -  @return  The size, in bytes, of the context buffer required for ARC4 
> operations.
> -
> -**/
> -UINTN
> -EFIAPI
> -Arc4GetContextSize (
> -  VOID
> -  )
> -{
> -  //
> -  // Memory for 2 copies of RC4_KEY is allocated, one for working copy, and
> the other
> -  // for backup copy. When Arc4Reset() is called, we can use the backup copy 
> to
> restore
> -  // the working copy to the initial state.
> -  //
> -  return (UINTN) (2 * sizeof (RC4_KEY));
> -}
> -
> -/**
> -  Initializes user-supplied memory as ARC4 context for subsequent use.
> -
> -  This function initializes user-supplied memory pointed by Arc4Context as 
> ARC4
> context.
> -  In addition, it sets up all ARC4 key materials for subsequent encryption 
> and
> decryption
> -  operations.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Key is NULL, then return FALSE.
> -  If KeySize does not in the range of [5, 256] bytes, then return FALSE.
> -
> -  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
> -  @param[in]   Key          Pointer to the user-supplied ARC4 key.
> -  @param[in]   KeySize      Size of ARC4 key in bytes.
> -
> -  @retval TRUE   ARC4 context initialization succeeded.
> -  @retval FALSE  ARC4 context initialization failed.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Init (
> -  OUT  VOID         *Arc4Context,
> -  IN   CONST UINT8  *Key,
> -  IN   UINTN        KeySize
> -  )
> -{
> -  RC4_KEY  *Rc4Key;
> -
> -  //
> -  // Check input parameters.
> -  //
> -  if (Arc4Context == NULL || Key == NULL || (KeySize < 5 || KeySize > 256)) {
> -    return FALSE;
> -  }
> -
> -  Rc4Key = (RC4_KEY *) Arc4Context;
> -
> -  RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
> -
> -  CopyMem (Rc4Key +  1, Rc4Key, sizeof (RC4_KEY));
> -
> -  return TRUE;
> -}
> -
> -/**
> -  Performs ARC4 encryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 encryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> encrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> encryption output.
> -
> -  @retval TRUE   ARC4 encryption succeeded.
> -  @retval FALSE  ARC4 encryption failed.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Encrypt (
> -  IN OUT  VOID         *Arc4Context,
> -  IN      CONST UINT8  *Input,
> -  IN      UINTN        InputSize,
> -  OUT     UINT8        *Output
> -  )
> -{
> -  RC4_KEY  *Rc4Key;
> -
> -  //
> -  // Check input parameters.
> -  //
> -  if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize >
> INT_MAX) {
> -    return FALSE;
> -  }
> -
> -  Rc4Key = (RC4_KEY *) Arc4Context;
> -
> -  RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
> -
> -  return TRUE;
> -}
> -
> -/**
> -  Performs ARC4 decryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 decryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> decrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> decryption output.
> -
> -  @retval TRUE   ARC4 decryption succeeded.
> -  @retval FALSE  ARC4 decryption failed.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Decrypt (
> -  IN OUT  VOID   *Arc4Context,
> -  IN      UINT8  *Input,
> -  IN      UINTN  InputSize,
> -  OUT     UINT8  *Output
> -  )
> -{
> -  RC4_KEY  *Rc4Key;
> -
> -  //
> -  // Check input parameters.
> -  //
> -  if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize >
> INT_MAX) {
> -    return FALSE;
> -  }
> -
> -  Rc4Key = (RC4_KEY *) Arc4Context;
> -
> -  RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
> -
> -  return TRUE;
> -}
> -
> -/**
> -  Resets the ARC4 context to the initial state.
> -
> -  The function resets the ARC4 context to the state it had immediately after 
> the
> -  ARC4Init() function call.
> -  Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but 
> ARC4
> context
> -  should be already correctly initialized by ARC4Init().
> -
> -  If Arc4Context is NULL, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -
> -  @retval TRUE   ARC4 reset succeeded.
> -  @retval FALSE  ARC4 reset failed.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Reset (
> -  IN OUT  VOID  *Arc4Context
> -  )
> -{
> -  RC4_KEY  *Rc4Key;
> -
> -  //
> -  // Check input parameters.
> -  //
> -  if (Arc4Context == NULL) {
> -    return FALSE;
> -  }
> -
> -  Rc4Key = (RC4_KEY *) Arc4Context;
> -
> -  CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY));
> -
> -  return TRUE;
> -}
> diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> deleted file mode 100644
> index 1f09bfa30e..0000000000
> --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> +++ /dev/null
> @@ -1,124 +0,0 @@
> -/** @file
> -  ARC4 Wrapper Implementation which does not provide real capabilities.
> -
> -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> -
> -**/
> -
> -#include "InternalCryptLib.h"
> -
> -/**
> -  Retrieves the size, in bytes, of the context buffer required for ARC4 
> operations.
> -
> -  Return zero to indicate this interface is not supported.
> -
> -  @retval  0   This interface is not supported.
> -
> -
> -**/
> -UINTN
> -EFIAPI
> -Arc4GetContextSize (
> -  VOID
> -  )
> -{
> -  ASSERT (FALSE);
> -  return 0;
> -}
> -
> -/**
> -  Initializes user-supplied memory as ARC4 context for subsequent use.
> -
> -  Return FALSE to indicate this interface is not supported.
> -
> -  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
> -  @param[in]   Key          Pointer to the user-supplied ARC4 key.
> -  @param[in]   KeySize      Size of ARC4 key in bytes.
> -
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Init (
> -  OUT  VOID         *Arc4Context,
> -  IN   CONST UINT8  *Key,
> -  IN   UINTN        KeySize
> -  )
> -{
> -  ASSERT (FALSE);
> -  return FALSE;
> -}
> -
> -/**
> -  Performs ARC4 encryption on a data buffer of the specified size.
> -
> -  Return FALSE to indicate this interface is not supported.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> encrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> encryption output.
> -
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Encrypt (
> -  IN OUT  VOID         *Arc4Context,
> -  IN      CONST UINT8  *Input,
> -  IN      UINTN        InputSize,
> -  OUT     UINT8        *Output
> -  )
> -{
> -  ASSERT (FALSE);
> -  return FALSE;
> -}
> -
> -/**
> -  Performs ARC4 decryption on a data buffer of the specified size.
> -
> -  Return FALSE to indicate this interface is not supported.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> decrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> decryption output.
> -
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Decrypt (
> -  IN OUT  VOID   *Arc4Context,
> -  IN      UINT8  *Input,
> -  IN      UINTN  InputSize,
> -  OUT     UINT8  *Output
> -  )
> -{
> -  ASSERT (FALSE);
> -  return FALSE;
> -}
> -
> -/**
> -  Resets the ARC4 context to the initial state.
> -
> -  Return FALSE to indicate this interface is not supported.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Reset (
> -  IN OUT  VOID  *Arc4Context
> -  )
> -{
> -  ASSERT (FALSE);
> -  return FALSE;
> -}
> diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> index e9add0127d..f43953b78c 100644
> --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> @@ -7,7 +7,7 @@
>  #  buffer overflow or integer overflow.
>  #
>  #  Note:
> -#  HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4
> functions, RSA external
> +#  HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions,
> RSA external
>  #  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, 
> X.509
>  #  certificate handler functions, authenticode signature verification 
> functions,
>  #  PEM handler functions, and pseudorandom number generator functions are
> not
> @@ -46,7 +46,6 @@
>    Kdf/CryptHkdfNull.c
>    Cipher/CryptAesNull.c
>    Cipher/CryptTdesNull.c
> -  Cipher/CryptArc4Null.c
>    Pk/CryptRsaBasic.c
>    Pk/CryptRsaExtNull.c
>    Pk/CryptPkcs1OaepNull.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
> b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
> index 374bfb3f65..5abd8e8dfb 100644
> --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
> +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
> @@ -7,7 +7,7 @@
>  // buffer overflow or integer overflow.
>  //
>  // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
> -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign
> functions,
> +// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
>  // Diffie-Hellman functions, X.509 certificate handler functions, 
> authenticode
>  // signature verification functions, PEM handler functions, and pseudorandom
> number
>  // generator functions are not supported in this instance.
> @@ -21,5 +21,5 @@
> 
>  #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic
> Library Instance for PEIM"
> 
> -#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This
> module requires additional review when modified. This library will have 
> external
> input - signature. This external input must be validated carefully to avoid 
> security
> issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions,
> HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions,
> PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate
> handler functions, authenticode signature verification functions, PEM handler
> functions, and pseudorandom number generator functions are not supported in
> this instance."
> +#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This
> module requires additional review when modified. This library will have 
> external
> input - signature. This external input must be validated carefully to avoid 
> security
> issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions,
> HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7
> SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler
> functions, authenticode signature verification functions, PEM handler 
> functions,
> and pseudorandom number generator functions are not supported in this
> instance."
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> index 0a2eb03232..f1eb099b67 100644
> --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> @@ -7,7 +7,7 @@
>  #  buffer overflow or integer overflow.
>  #
>  #  Note: SHA-384 Digest functions, SHA-512 Digest functions,
> -#  HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4
> functions, RSA external
> +#  HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions,
> RSA external
>  #  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
>  #  authenticode signature verification functions are not supported in this
> instance.
>  #
> @@ -46,7 +46,6 @@
>    Kdf/CryptHkdfNull.c
>    Cipher/CryptAesNull.c
>    Cipher/CryptTdesNull.c
> -  Cipher/CryptArc4Null.c
>    Pk/CryptRsaBasic.c
>    Pk/CryptRsaExtNull.c
>    Pk/CryptPkcs1OaepNull.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
> b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
> index b6d751176e..5a48d2a308 100644
> --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
> +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
> @@ -7,7 +7,7 @@
>  // buffer overflow or integer overflow.
>  //
>  // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
> -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign
> functions,
> +// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
>  // Diffie-Hellman functions, and authenticode signature verification 
> functions
> are
>  // not supported in this instance.
>  //
> @@ -20,5 +20,5 @@
> 
>  #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic
> Library Instance for DXE_RUNTIME_DRIVER"
> 
> -#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This
> module requires additional review when modified. This library will have 
> external
> input - signature. This external input must be validated carefully to avoid 
> security
> issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions,
> HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions,
> PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode
> signature verification functions are not supported in this instance."
> +#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This
> module requires additional review when modified. This library will have 
> external
> input - signature. This external input must be validated carefully to avoid 
> security
> issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions,
> HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7
> SignedData sign functions, Diffie-Hellman functions, and authenticode 
> signature
> verification functions are not supported in this instance."
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> index 139983075e..3a94655775 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> @@ -7,7 +7,7 @@
>  #  buffer overflow or integer overflow.
>  #
>  #  Note: SHA-384 Digest functions, SHA-512 Digest functions,
> -#  HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA
> external
> +#  HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external
>  #  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
>  #  authenticode signature verification functions are not supported in this
> instance.
>  #
> @@ -45,7 +45,6 @@
>    Kdf/CryptHkdfNull.c
>    Cipher/CryptAes.c
>    Cipher/CryptTdesNull.c
> -  Cipher/CryptArc4Null.c
>    Pk/CryptRsaBasic.c
>    Pk/CryptRsaExtNull.c
>    Pk/CryptPkcs1Oaep.c
> diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
> b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
> index b8d7953d2b..0561f107e8 100644
> --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
> +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
> @@ -7,7 +7,7 @@
>  // buffer overflow or integer overflow.
>  //
>  // Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
> -// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign
> functions,
> +// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
>  // Diffie-Hellman functions, and authenticode signature verification 
> functions
> are
>  // not supported in this instance.
>  //
> @@ -20,5 +20,5 @@
> 
>  #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic
> Library Instance for SMM driver"
> 
> -#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This
> module requires additional review when modified. This library will have 
> external
> input - signature. This external input must be validated carefully to avoid 
> security
> issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions,
> HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions,
> PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode
> signature verification functions are not supported in this instance."
> +#string STR_MODULE_DESCRIPTION          #language en-US "Caution: This
> module requires additional review when modified. This library will have 
> external
> input - signature. This external input must be validated carefully to avoid 
> security
> issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions,
> HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7
> SignedData sign functions, Diffie-Hellman functions, and authenticode 
> signature
> verification functions are not supported in this instance."
> 
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> index b03681b146..a205c9005d 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
> @@ -40,7 +40,6 @@
>    Kdf/CryptHkdfNull.c
>    Cipher/CryptAesNull.c
>    Cipher/CryptTdesNull.c
> -  Cipher/CryptArc4Null.c
>    Pk/CryptRsaBasicNull.c
>    Pk/CryptRsaExtNull.c
>    Pk/CryptPkcs1OaepNull.c
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> deleted file mode 100644
> index 1f09bfa30e..0000000000
> --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> +++ /dev/null
> @@ -1,124 +0,0 @@
> -/** @file
> -  ARC4 Wrapper Implementation which does not provide real capabilities.
> -
> -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> -
> -**/
> -
> -#include "InternalCryptLib.h"
> -
> -/**
> -  Retrieves the size, in bytes, of the context buffer required for ARC4 
> operations.
> -
> -  Return zero to indicate this interface is not supported.
> -
> -  @retval  0   This interface is not supported.
> -
> -
> -**/
> -UINTN
> -EFIAPI
> -Arc4GetContextSize (
> -  VOID
> -  )
> -{
> -  ASSERT (FALSE);
> -  return 0;
> -}
> -
> -/**
> -  Initializes user-supplied memory as ARC4 context for subsequent use.
> -
> -  Return FALSE to indicate this interface is not supported.
> -
> -  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
> -  @param[in]   Key          Pointer to the user-supplied ARC4 key.
> -  @param[in]   KeySize      Size of ARC4 key in bytes.
> -
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Init (
> -  OUT  VOID         *Arc4Context,
> -  IN   CONST UINT8  *Key,
> -  IN   UINTN        KeySize
> -  )
> -{
> -  ASSERT (FALSE);
> -  return FALSE;
> -}
> -
> -/**
> -  Performs ARC4 encryption on a data buffer of the specified size.
> -
> -  Return FALSE to indicate this interface is not supported.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> encrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> encryption output.
> -
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Encrypt (
> -  IN OUT  VOID         *Arc4Context,
> -  IN      CONST UINT8  *Input,
> -  IN      UINTN        InputSize,
> -  OUT     UINT8        *Output
> -  )
> -{
> -  ASSERT (FALSE);
> -  return FALSE;
> -}
> -
> -/**
> -  Performs ARC4 decryption on a data buffer of the specified size.
> -
> -  Return FALSE to indicate this interface is not supported.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> decrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> decryption output.
> -
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Decrypt (
> -  IN OUT  VOID   *Arc4Context,
> -  IN      UINT8  *Input,
> -  IN      UINTN  InputSize,
> -  OUT     UINT8  *Output
> -  )
> -{
> -  ASSERT (FALSE);
> -  return FALSE;
> -}
> -
> -/**
> -  Resets the ARC4 context to the initial state.
> -
> -  Return FALSE to indicate this interface is not supported.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Reset (
> -  IN OUT  VOID  *Arc4Context
> -  )
> -{
> -  ASSERT (FALSE);
> -  return FALSE;
> -}
> diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> index 5e470028f4..77915bdb86 100644
> --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> @@ -1892,153 +1892,6 @@ AesCbcDecrypt (
>    CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, Input, InputSize, Ivec,
> Output), FALSE);
>  }
> 
> -/**
> -  Retrieves the size, in bytes, of the context buffer required for ARC4 
> operations.
> -
> -  If this interface is not supported, then return zero.
> -
> -  @return  The size, in bytes, of the context buffer required for ARC4 
> operations.
> -  @retval  0   This interface is not supported.
> -
> -**/
> -UINTN
> -EFIAPI
> -Arc4GetContextSize (
> -  VOID
> -  )
> -{
> -  CALL_CRYPTO_SERVICE (Arc4GetContextSize, (), 0);
> -}
> -
> -/**
> -  Initializes user-supplied memory as ARC4 context for subsequent use.
> -
> -  This function initializes user-supplied memory pointed by Arc4Context as 
> ARC4
> context.
> -  In addition, it sets up all ARC4 key materials for subsequent encryption 
> and
> decryption
> -  operations.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Key is NULL, then return FALSE.
> -  If KeySize does not in the range of [5, 256] bytes, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
> -  @param[in]   Key          Pointer to the user-supplied ARC4 key.
> -  @param[in]   KeySize      Size of ARC4 key in bytes.
> -
> -  @retval TRUE   ARC4 context initialization succeeded.
> -  @retval FALSE  ARC4 context initialization failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Init (
> -  OUT  VOID         *Arc4Context,
> -  IN   CONST UINT8  *Key,
> -  IN   UINTN        KeySize
> -  )
> -{
> -  CALL_CRYPTO_SERVICE (Arc4Init, (Arc4Context, Key, KeySize), FALSE);
> -}
> -
> -/**
> -  Performs ARC4 encryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 encryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> encrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> encryption output.
> -
> -  @retval TRUE   ARC4 encryption succeeded.
> -  @retval FALSE  ARC4 encryption failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Encrypt (
> -  IN OUT  VOID         *Arc4Context,
> -  IN      CONST UINT8  *Input,
> -  IN      UINTN        InputSize,
> -  OUT     UINT8        *Output
> -  )
> -{
> -  CALL_CRYPTO_SERVICE (Arc4Encrypt, (Arc4Context, Input, InputSize, Output),
> FALSE);
> -}
> -
> -/**
> -  Performs ARC4 decryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 decryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> decrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> decryption output.
> -
> -  @retval TRUE   ARC4 decryption succeeded.
> -  @retval FALSE  ARC4 decryption failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Decrypt (
> -  IN OUT  VOID   *Arc4Context,
> -  IN      UINT8  *Input,
> -  IN      UINTN  InputSize,
> -  OUT     UINT8  *Output
> -  )
> -{
> -  CALL_CRYPTO_SERVICE (Arc4Decrypt, (Arc4Context, Input, InputSize, Output),
> FALSE);
> -}
> -
> -/**
> -  Resets the ARC4 context to the initial state.
> -
> -  The function resets the ARC4 context to the state it had immediately after 
> the
> -  ARC4Init() function call.
> -  Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but 
> ARC4
> context
> -  should be already correctly initialized by ARC4Init().
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -
> -  @retval TRUE   ARC4 reset succeeded.
> -  @retval FALSE  ARC4 reset failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -Arc4Reset (
> -  IN OUT  VOID  *Arc4Context
> -  )
> -{
> -  CALL_CRYPTO_SERVICE (Arc4Reset, (Arc4Context), FALSE);
> -}
> -
> 
> //===============================================================
> ======================
>  //    Asymmetric Cryptography Primitive
> 
> //===============================================================
> ======================
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 4f3f9ba377..22acabef87 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -244,6 +244,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_MD4
>  # define OPENSSL_NO_MD4
>  #endif
> +#ifndef OPENSSL_NO_RC4
> +# define OPENSSL_NO_RC4
> +#endif
> 
> 
>  /*
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index 10710e4a7c..dfaefd1c08 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -374,8 +374,6 @@
>    $(OPENSSL_PATH)/crypto/rand/rand_unix.c
>    $(OPENSSL_PATH)/crypto/rand/rand_vms.c
>    $(OPENSSL_PATH)/crypto/rand/rand_win.c
> -  $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
> -  $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
>    $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
>    $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
>    $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
> @@ -531,7 +529,6 @@
>    $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
>    $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
>    $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> -  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
>    $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
>    $(OPENSSL_PATH)/crypto/sha/sha_locl.h
>    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index d9782a3098..080e1d9305 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -374,8 +374,6 @@
>    $(OPENSSL_PATH)/crypto/rand/rand_unix.c
>    $(OPENSSL_PATH)/crypto/rand/rand_vms.c
>    $(OPENSSL_PATH)/crypto/rand/rand_win.c
> -  $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
> -  $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
>    $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
>    $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
>    $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
> @@ -531,7 +529,6 @@
>    $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
>    $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
>    $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> -  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
>    $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
>    $(OPENSSL_PATH)/crypto/sha/sha_locl.h
>    $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> b/CryptoPkg/Private/Protocol/Crypto.h
> index ae0f29695c..f36c5c1aff 100644
> --- a/CryptoPkg/Private/Protocol/Crypto.h
> +++ b/CryptoPkg/Private/Protocol/Crypto.h
> @@ -2785,134 +2785,45 @@ BOOLEAN
>    );
> 
>  /**
> -  Retrieves the size, in bytes, of the context buffer required for ARC4 
> operations.
> -
> -  If this interface is not supported, then return zero.
> -
> -  @return  The size, in bytes, of the context buffer required for ARC4 
> operations.
> -  @retval  0   This interface is not supported.
> +  ARC4 is deprecated and unsupported any longer.
> +  Keep the function field for binary compability.
> 
>  **/
>  typedef
>  UINTN
> -(EFIAPI *EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE) (
>    VOID
>    );
> 
> -/**
> -  Initializes user-supplied memory as ARC4 context for subsequent use.
> -
> -  This function initializes user-supplied memory pointed by Arc4Context as 
> ARC4
> context.
> -  In addition, it sets up all ARC4 key materials for subsequent encryption 
> and
> decryption
> -  operations.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Key is NULL, then return FALSE.
> -  If KeySize does not in the range of [5, 256] bytes, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
> -  @param[in]   Key          Pointer to the user-supplied ARC4 key.
> -  @param[in]   KeySize      Size of ARC4 key in bytes.
> -
> -  @retval TRUE   ARC4 context initialization succeeded.
> -  @retval FALSE  ARC4 context initialization failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
>  typedef
>  BOOLEAN
> -(EFIAPI *EDKII_CRYPTO_ARC4_INIT) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_INIT) (
>    OUT  VOID         *Arc4Context,
>    IN   CONST UINT8  *Key,
>    IN   UINTN        KeySize
>    );
> 
> -/**
> -  Performs ARC4 encryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 encryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> encrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> encryption output.
> -
> -  @retval TRUE   ARC4 encryption succeeded.
> -  @retval FALSE  ARC4 encryption failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
>  typedef
>  BOOLEAN
> -(EFIAPI *EDKII_CRYPTO_ARC4_ENCRYPT) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT) (
>    IN OUT  VOID         *Arc4Context,
>    IN      CONST UINT8  *Input,
>    IN      UINTN        InputSize,
>    OUT     UINT8        *Output
>    );
> 
> -/**
> -  Performs ARC4 decryption on a data buffer of the specified size.
> -
> -  This function performs ARC4 decryption on data buffer pointed by Input, of
> specified
> -  size of InputSize.
> -  Arc4Context should be already correctly initialized by Arc4Init(). 
> Behavior with
> -  invalid ARC4 context is undefined.
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If Input is NULL, then return FALSE.
> -  If Output is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -  @param[in]       Input        Pointer to the buffer containing the data to 
> be
> decrypted.
> -  @param[in]       InputSize    Size of the Input buffer in bytes.
> -  @param[out]      Output       Pointer to a buffer that receives the ARC4
> decryption output.
> -
> -  @retval TRUE   ARC4 decryption succeeded.
> -  @retval FALSE  ARC4 decryption failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
>  typedef
>  BOOLEAN
> -(EFIAPI *EDKII_CRYPTO_ARC4_DECRYPT) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT) (
>    IN OUT  VOID   *Arc4Context,
>    IN      UINT8  *Input,
>    IN      UINTN  InputSize,
>    OUT     UINT8  *Output
>    );
> 
> -/**
> -  Resets the ARC4 context to the initial state.
> -
> -  The function resets the ARC4 context to the state it had immediately after 
> the
> -  ARC4Init() function call.
> -  Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but 
> ARC4
> context
> -  should be already correctly initialized by ARC4Init().
> -
> -  If Arc4Context is NULL, then return FALSE.
> -  If this interface is not supported, then return FALSE.
> -
> -  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
> -
> -  @retval TRUE   ARC4 reset succeeded.
> -  @retval FALSE  ARC4 reset failed.
> -  @retval FALSE  This interface is not supported.
> -
> -**/
>  typedef
>  BOOLEAN
> -(EFIAPI *EDKII_CRYPTO_ARC4_RESET) (
> +(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_RESET) (
>    IN OUT  VOID  *Arc4Context
>    );
> 
> @@ -4014,12 +3925,12 @@ struct _EDKII_CRYPTO_PROTOCOL {
>    EDKII_CRYPTO_AES_ECB_DECRYPT                    AesEcbDecrypt;
>    EDKII_CRYPTO_AES_CBC_ENCRYPT                    AesCbcEncrypt;
>    EDKII_CRYPTO_AES_CBC_DECRYPT                    AesCbcDecrypt;
> -  /// Arc4
> -  EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE              Arc4GetContextSize;
> -  EDKII_CRYPTO_ARC4_INIT                          Arc4Init;
> -  EDKII_CRYPTO_ARC4_ENCRYPT                       Arc4Encrypt;
> -  EDKII_CRYPTO_ARC4_DECRYPT                       Arc4Decrypt;
> -  EDKII_CRYPTO_ARC4_RESET                         Arc4Reset;
> +  /// Arc4 - deprecated and unsupported
> +  DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE
> DeprecatedArc4GetContextSize;
> +  DEPRECATED_EDKII_CRYPTO_ARC4_INIT               DeprecatedArc4Init;
> +  DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT            DeprecatedArc4Encrypt;
> +  DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT            DeprecatedArc4Decrypt;
> +  DEPRECATED_EDKII_CRYPTO_ARC4_RESET              DeprecatedArc4Reset;
>    /// SM3
>    EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE               Sm3GetContextSize;
>    EDKII_CRYPTO_SM3_INIT                           Sm3Init;
> --
> 2.21.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#58884): https://edk2.groups.io/g/devel/message/58884
Mute This Topic: https://groups.io/mt/74041191/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to