Zhichao, Similar comments, please refer to them in my review email for patch 3.
Regards, Jian > -----Original Message----- > From: Gao, Zhichao <zhichao....@intel.com> > Sent: Thursday, May 07, 2020 7:58 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.w...@intel.com>; Lu, XiaoyuX <xiaoyux...@intel.com>; > Fu, Siyuan <siyuan...@intel.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; Yao, Jiewen <jiewen....@intel.com> > Subject: [PATCH V3 4/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 > > Tdes is not secure any longer. > Remove the Tdes support from edk2. > Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the > function is unsupported any longer. > > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Xiaoyu Lu <xiaoyux...@intel.com> > Cc: Siyuan Fu <siyuan...@intel.com> > Cc: Michael D Kinney <michael.d.kin...@intel.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Signed-off-by: Zhichao Gao <zhichao....@intel.com> > --- > CryptoPkg/Driver/Crypto.c | 181 +-------- > CryptoPkg/Include/Library/BaseCryptLib.h | 196 ---------- > .../Library/BaseCryptLib/BaseCryptLib.inf | 1 - > .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------ > .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -------- > .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- > .../Library/BaseCryptLib/PeiCryptLib.uni | 6 +- > CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +- > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +- > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 3 +- > .../Library/BaseCryptLib/SmmCryptLib.uni | 6 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 1 - > .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -------- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 214 ---------- > .../Library/Include/openssl/opensslconf.h | 3 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 21 - > .../Library/OpensslLib/OpensslLibCrypto.inf | 21 - > CryptoPkg/Private/Protocol/Crypto.h | 169 +------- > 19 files changed, 53 insertions(+), 1472 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c > > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index 388a6e4b4b..a4106aae0b 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -1557,167 +1557,57 @@ CryptoServiceHmacSha256Final ( > > //=============================================================== > ====================== > > /** > - Retrieves the size, in bytes, of the context buffer required for TDES > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for TDES > operations. > - @retval 0 This interface is not supported. > + TDES is deprecated and unsupported any longer. > + Keep the function field for binary compability. > > **/ > UINTN > EFIAPI > -CryptoServiceTdesGetContextSize ( > +DeprecatedCryptoServiceTdesGetContextSize ( > VOID > ) > { > - return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, > TdesGetContextSize, (), 0); > + return BaseCryptLibServciceDeprecated ("TdesGetContextSize"), 0; > } > > -/** > - Initializes user-supplied memory as TDES context for subsequent use. > - > - This function initializes user-supplied memory pointed by TdesContext as > TDES > context. > - In addition, it sets up all TDES key materials for subsequent encryption > and > decryption > - operations. > - There are 3 key options as follows: > - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility > with > DES) > - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) > - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) > - > - If TdesContext is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeyLength is not valid, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] TdesContext Pointer to TDES context being initialized. > - @param[in] Key Pointer to the user-supplied TDES key. > - @param[in] KeyLength Length of TDES key in bits. > - > - @retval TRUE TDES context initialization succeeded. > - @retval FALSE TDES context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceTdesInit ( > +DeprecatedCryptoServiceTdesInit ( > OUT VOID *TdesContext, > IN CONST UINT8 *Key, > IN UINTN KeyLength > ) > { > - return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Key, > KeyLength), FALSE); > + return BaseCryptLibServciceDeprecated ("TdesInit"), FALSE; > } > > -/** > - Performs TDES encryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceTdesEcbEncrypt ( > +DeprecatedCryptoServiceTdesEcbEncrypt ( > IN VOID *TdesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, > (TdesContext, Input, InputSize, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("TdesEcbEncrypt"), FALSE; > } > > -/** > - Performs TDES decryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > decryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceTdesEcbDecrypt ( > +DeprecatedCryptoServiceTdesEcbDecrypt ( > IN VOID *TdesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, > (TdesContext, Input, InputSize, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("TdesEcbDecrypt"), FALSE; > } > > -/** > - Performs TDES encryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceTdesCbcEncrypt ( > +DeprecatedCryptoServiceTdesCbcEncrypt ( > IN VOID *TdesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > @@ -1725,41 +1615,12 @@ CryptoServiceTdesCbcEncrypt ( > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, > (TdesContext, Input, InputSize, Ivec, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("TdesCbcEncrypt"), FALSE; > } > > -/** > - Performs TDES decryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceTdesCbcDecrypt ( > +DeprecatedCryptoServiceTdesCbcDecrypt ( > IN VOID *TdesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > @@ -1767,7 +1628,7 @@ CryptoServiceTdesCbcDecrypt ( > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, > (TdesContext, Input, InputSize, Ivec, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("TdesCbcDecrypt"), FALSE; > } > > /** > @@ -4344,13 +4205,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { > CryptoServiceX509Free, > CryptoServiceX509StackFree, > CryptoServiceX509GetTBSCert, > - /// TDES > - CryptoServiceTdesGetContextSize, > - CryptoServiceTdesInit, > - CryptoServiceTdesEcbEncrypt, > - CryptoServiceTdesEcbDecrypt, > - CryptoServiceTdesCbcEncrypt, > - CryptoServiceTdesCbcDecrypt, > + /// TDES - deprecated and unsupported > + DeprecatedCryptoServiceTdesGetContextSize, > + DeprecatedCryptoServiceTdesInit, > + DeprecatedCryptoServiceTdesEcbEncrypt, > + DeprecatedCryptoServiceTdesEcbDecrypt, > + DeprecatedCryptoServiceTdesCbcEncrypt, > + DeprecatedCryptoServiceTdesCbcDecrypt, > /// AES > CryptoServiceAesGetContextSize, > CryptoServiceAesInit, > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 25e236c4a3..621bcfd1c4 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -1278,202 +1278,6 @@ HmacSha256Final ( > // Symmetric Cryptography Primitive > > //=============================================================== > ====================== > > -/** > - Retrieves the size, in bytes, of the context buffer required for TDES > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for TDES > operations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -TdesGetContextSize ( > - VOID > - ); > - > -/** > - Initializes user-supplied memory as TDES context for subsequent use. > - > - This function initializes user-supplied memory pointed by TdesContext as > TDES > context. > - In addition, it sets up all TDES key materials for subsequent encryption > and > decryption > - operations. > - There are 3 key options as follows: > - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility > with > DES) > - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) > - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) > - > - If TdesContext is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeyLength is not valid, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] TdesContext Pointer to TDES context being initialized. > - @param[in] Key Pointer to the user-supplied TDES key. > - @param[in] KeyLength Length of TDES key in bits. > - > - @retval TRUE TDES context initialization succeeded. > - @retval FALSE TDES context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesInit ( > - OUT VOID *TdesContext, > - IN CONST UINT8 *Key, > - IN UINTN KeyLength > - ); > - > -/** > - Performs TDES encryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > -/** > - Performs TDES decryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > decryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ); > - > -/** > - Performs TDES encryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ); > - > -/** > - Performs TDES decryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ); > - > /** > Retrieves the size, in bytes, of the context buffer required for AES > operations. > > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > index da38ea552f..2de8e9c346 100644 > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -39,7 +39,6 @@ > Hmac/CryptHmacSha256.c > Kdf/CryptHkdf.c > Cipher/CryptAes.c > - Cipher/CryptTdes.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExt.c > Pk/CryptPkcs1Oaep.c > diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c > b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c > deleted file mode 100644 > index fd799f3398..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c > +++ /dev/null > @@ -1,364 +0,0 @@ > -/** @file > - TDES Wrapper Implementation over OpenSSL. > - > -Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR> > -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > -#include <openssl/des.h> > - > -/** > - Retrieves the size, in bytes, of the context buffer required for TDES > operations. > - > - @return The size, in bytes, of the context buffer required for TDES > operations. > - > -**/ > -UINTN > -EFIAPI > -TdesGetContextSize ( > - VOID > - ) > -{ > - // > - // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 > each. > - // > - return (UINTN) (3 * sizeof (DES_key_schedule)); > -} > - > -/** > - Initializes user-supplied memory as TDES context for subsequent use. > - > - This function initializes user-supplied memory pointed by TdesContext as > TDES > context. > - In addition, it sets up all TDES key materials for subsequent encryption > and > decryption > - operations. > - There are 3 key options as follows: > - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility > with > DES) > - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) > - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) > - > - If TdesContext is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeyLength is not valid, then return FALSE. > - > - @param[out] TdesContext Pointer to TDES context being initialized. > - @param[in] Key Pointer to the user-supplied TDES key. > - @param[in] KeyLength Length of TDES key in bits. > - > - @retval TRUE TDES context initialization succeeded. > - @retval FALSE TDES context initialization failed. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesInit ( > - OUT VOID *TdesContext, > - IN CONST UINT8 *Key, > - IN UINTN KeyLength > - ) > -{ > - DES_key_schedule *KeySchedule; > - > - // > - // Check input parameters. > - // > - if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != > 128 && KeyLength != 192)) { > - return FALSE; > - } > - > - KeySchedule = (DES_key_schedule *) TdesContext; > - > - // > - // If input Key is a weak key, return error. > - // > - if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) { > - return FALSE; > - } > - > - DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule); > - > - if (KeyLength == 64) { > - CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule)); > - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); > - return TRUE; > - } > - > - if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) == 1) { > - return FALSE; > - } > - > - DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1); > - > - if (KeyLength == 128) { > - CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); > - return TRUE; > - } > - > - if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) == 1) { > - return FALSE; > - } > - > - DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2); > - > - return TRUE; > -} > - > -/** > - Performs TDES encryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - DES_key_schedule *KeySchedule; > - > - // > - // Check input parameters. > - // > - if (TdesContext == NULL || Input == NULL || (InputSize % > TDES_BLOCK_SIZE) != 0 || Output == NULL) { > - return FALSE; > - } > - > - KeySchedule = (DES_key_schedule *) TdesContext; > - > - while (InputSize > 0) { > - DES_ecb3_encrypt ( > - (const_DES_cblock *) Input, > - (DES_cblock *) Output, > - KeySchedule, > - KeySchedule + 1, > - KeySchedule + 2, > - DES_ENCRYPT > - ); > - Input += TDES_BLOCK_SIZE; > - Output += TDES_BLOCK_SIZE; > - InputSize -= TDES_BLOCK_SIZE; > - } > - > - return TRUE; > -} > - > -/** > - Performs TDES decryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > decryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - DES_key_schedule *KeySchedule; > - > - // > - // Check input parameters. > - // > - if (TdesContext == NULL || Input == NULL || (InputSize % > TDES_BLOCK_SIZE) != 0 || Output == NULL) { > - return FALSE; > - } > - > - KeySchedule = (DES_key_schedule *) TdesContext; > - > - while (InputSize > 0) { > - DES_ecb3_encrypt ( > - (const_DES_cblock *) Input, > - (DES_cblock *) Output, > - KeySchedule, > - KeySchedule + 1, > - KeySchedule + 2, > - DES_DECRYPT > - ); > - Input += TDES_BLOCK_SIZE; > - Output += TDES_BLOCK_SIZE; > - InputSize -= TDES_BLOCK_SIZE; > - } > - > - return TRUE; > -} > - > -/** > - Performs TDES encryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ) > -{ > - DES_key_schedule *KeySchedule; > - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; > - > - // > - // Check input parameters. > - // > - if (TdesContext == NULL || Input == NULL || (InputSize % > TDES_BLOCK_SIZE) != 0) { > - return FALSE; > - } > - > - if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) { > - return FALSE; > - } > - > - KeySchedule = (DES_key_schedule *) TdesContext; > - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); > - > - DES_ede3_cbc_encrypt ( > - Input, > - Output, > - (UINT32) InputSize, > - KeySchedule, > - KeySchedule + 1, > - KeySchedule + 2, > - (DES_cblock *) IvecBuffer, > - DES_ENCRYPT > - ); > - > - return TRUE; > -} > - > -/** > - Performs TDES decryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ) > -{ > - DES_key_schedule *KeySchedule; > - UINT8 IvecBuffer[TDES_BLOCK_SIZE]; > - > - // > - // Check input parameters. > - // > - if (TdesContext == NULL || Input == NULL || (InputSize % > TDES_BLOCK_SIZE) != 0) { > - return FALSE; > - } > - > - if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) { > - return FALSE; > - } > - > - KeySchedule = (DES_key_schedule *) TdesContext; > - CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); > - > - DES_ede3_cbc_encrypt ( > - Input, > - Output, > - (UINT32) InputSize, > - KeySchedule, > - KeySchedule + 1, > - KeySchedule + 2, > - (DES_cblock *) IvecBuffer, > - DES_DECRYPT > - ); > - > - return TRUE; > -} > - > diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c > b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c > deleted file mode 100644 > index efa2716063..0000000000 > --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c > +++ /dev/null > @@ -1,160 +0,0 @@ > -/** @file > - TDES Wrapper Implementation which does not provide real capabilities. > - > -Copyright (c) 2012, Intel Corporation. All rights reserved.<BR> > -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for TDES > operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -TdesGetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory as TDES context for subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] TdesContext Pointer to TDES context being initialized. > - @param[in] Key Pointer to the user-supplied TDES key. > - @param[in] KeyLength Length of TDES key in bits. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesInit ( > - OUT VOID *TdesContext, > - IN CONST UINT8 *Key, > - IN UINTN KeyLength > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs TDES encryption on a data buffer of the specified size in ECB > mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs TDES decryption on a data buffer of the specified size in ECB > mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > decryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs TDES encryption on a data buffer of the specified size in CBC > mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs TDES decryption on a data buffer of the specified size in CBC > mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > index f43953b78c..f631f8d879 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, > RSA external > +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA > external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, > X.509 > # certificate handler functions, authenticode signature verification > functions, > # PEM handler functions, and pseudorandom number generator functions are > not > @@ -45,7 +45,6 @@ > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > - Cipher/CryptTdesNull.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1OaepNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > index 5abd8e8dfb..c906935d3d 100644 > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni > @@ -6,8 +6,8 @@ > // This external input must be validated carefully to avoid security issues > such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > -// TDES functions, RSA external functions, PKCS#7 SignedData sign functions, > +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES > +// functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, X.509 certificate handler functions, > authenticode > // signature verification functions, PEM handler functions, and pseudorandom > number > // generator functions are not supported in this instance. > @@ -21,5 +21,5 @@ > > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for PEIM" > > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler > functions, authenticode signature verification functions, PEM handler > functions, > and pseudorandom number generator functions are not supported in this > instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler > functions, authenticode signature verification functions, PEM handler > functions, > and pseudorandom number generator functions are not supported in this > instance." > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c > b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c > index 75a133bd0c..6f7e1971f8 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c > @@ -1,7 +1,7 @@ > /** @file > PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over > OpenSSL. > > -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR> > +Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR> > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem ( > > // > // Add possible block-cipher descriptor for PEM data decryption. > - // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted > PEM. > + // NOTE: Only support most popular ciphers AES for the encrypted PEM. > // > - if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) { > - return FALSE; > - } > if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) { > return FALSE; > } > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > index f1eb099b67..672e19299c 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, > RSA external > +# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA > external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and > # authenticode signature verification functions are not supported in this > instance. > # > @@ -45,7 +45,6 @@ > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > - Cipher/CryptTdesNull.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1OaepNull.c > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > index 5a48d2a308..0a3bb1c04f 100644 > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni > @@ -6,8 +6,8 @@ > // This external input must be validated carefully to avoid security issues > such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > -// TDES functions, RSA external functions, PKCS#7 SignedData sign functions, > +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES > +// functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification > functions > are > // not supported in this instance. > // > @@ -20,5 +20,5 @@ > > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for DXE_RUNTIME_DRIVER" > > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode > signature > verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode > signature > verification functions are not supported in this instance." > > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > index 3a94655775..cc3556ae3f 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > @@ -7,7 +7,7 @@ > # buffer overflow or integer overflow. > # > # Note: SHA-384 Digest functions, SHA-512 Digest functions, > -# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external > +# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external > # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and > # authenticode signature verification functions are not supported in this > instance. > # > @@ -44,7 +44,6 @@ > Hmac/CryptHmacSha256.c > Kdf/CryptHkdfNull.c > Cipher/CryptAes.c > - Cipher/CryptTdesNull.c > Pk/CryptRsaBasic.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1Oaep.c > diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > index 0561f107e8..2e362c635f 100644 > --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni > @@ -6,8 +6,8 @@ > // This external input must be validated carefully to avoid security issues > such as > // buffer overflow or integer overflow. > // > -// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ > -// TDES functions, RSA external functions, PKCS#7 SignedData sign functions, > +// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES > +// functions, RSA external functions, PKCS#7 SignedData sign functions, > // Diffie-Hellman functions, and authenticode signature verification > functions > are > // not supported in this instance. > // > @@ -20,5 +20,5 @@ > > #string STR_MODULE_ABSTRACT #language en-US "Cryptographic > Library Instance for SMM driver" > > -#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode > signature > verification functions are not supported in this instance." > +#string STR_MODULE_DESCRIPTION #language en-US "Caution: This > module requires additional review when modified. This library will have > external > input - signature. This external input must be validated carefully to avoid > security > issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, > HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 > SignedData sign functions, Diffie-Hellman functions, and authenticode > signature > verification functions are not supported in this instance." > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > index a205c9005d..04b552f8b7 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf > @@ -39,7 +39,6 @@ > Hmac/CryptHmacSha256Null.c > Kdf/CryptHkdfNull.c > Cipher/CryptAesNull.c > - Cipher/CryptTdesNull.c > Pk/CryptRsaBasicNull.c > Pk/CryptRsaExtNull.c > Pk/CryptPkcs1OaepNull.c > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c > deleted file mode 100644 > index efa2716063..0000000000 > --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c > +++ /dev/null > @@ -1,160 +0,0 @@ > -/** @file > - TDES Wrapper Implementation which does not provide real capabilities. > - > -Copyright (c) 2012, Intel Corporation. All rights reserved.<BR> > -SPDX-License-Identifier: BSD-2-Clause-Patent > - > -**/ > - > -#include "InternalCryptLib.h" > - > -/** > - Retrieves the size, in bytes, of the context buffer required for TDES > operations. > - > - Return zero to indicate this interface is not supported. > - > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -TdesGetContextSize ( > - VOID > - ) > -{ > - ASSERT (FALSE); > - return 0; > -} > - > -/** > - Initializes user-supplied memory as TDES context for subsequent use. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[out] TdesContext Pointer to TDES context being initialized. > - @param[in] Key Pointer to the user-supplied TDES key. > - @param[in] KeyLength Length of TDES key in bits. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesInit ( > - OUT VOID *TdesContext, > - IN CONST UINT8 *Key, > - IN UINTN KeyLength > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs TDES encryption on a data buffer of the specified size in ECB > mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs TDES decryption on a data buffer of the specified size in ECB > mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > decryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs TDES encryption on a data buffer of the specified size in CBC > mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs TDES decryption on a data buffer of the specified size in CBC > mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index 77915bdb86..43ee4e0841 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -1467,220 +1467,6 @@ HmacSha256Final ( > // Symmetric Cryptography Primitive > > //=============================================================== > ====================== > > -/** > - Retrieves the size, in bytes, of the context buffer required for TDES > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for TDES > operations. > - @retval 0 This interface is not supported. > - > -**/ > -UINTN > -EFIAPI > -TdesGetContextSize ( > - VOID > - ) > -{ > - CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0); > -} > - > -/** > - Initializes user-supplied memory as TDES context for subsequent use. > - > - This function initializes user-supplied memory pointed by TdesContext as > TDES > context. > - In addition, it sets up all TDES key materials for subsequent encryption > and > decryption > - operations. > - There are 3 key options as follows: > - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility > with > DES) > - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) > - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) > - > - If TdesContext is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeyLength is not valid, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] TdesContext Pointer to TDES context being initialized. > - @param[in] Key Pointer to the user-supplied TDES key. > - @param[in] KeyLength Length of TDES key in bits. > - > - @retval TRUE TDES context initialization succeeded. > - @retval FALSE TDES context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesInit ( > - OUT VOID *TdesContext, > - IN CONST UINT8 *Key, > - IN UINTN KeyLength > - ) > -{ > - CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE); > -} > - > -/** > - Performs TDES encryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, > Output), FALSE); > -} > - > -/** > - Performs TDES decryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > decryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesEcbDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, > Output), FALSE); > -} > - > -/** > - Performs TDES encryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcEncrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, > Output), FALSE); > -} > - > -/** > - Performs TDES decryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -TdesCbcDecrypt ( > - IN VOID *TdesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - IN CONST UINT8 *Ivec, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, > Output), FALSE); > -} > - > /** > Retrieves the size, in bytes, of the context buffer required for AES > operations. > > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > index 22acabef87..4868cfa963 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -247,6 +247,9 @@ extern "C" { > #ifndef OPENSSL_NO_RC4 > # define OPENSSL_NO_RC4 > #endif > +#ifndef OPENSSL_NO_DES > +# define OPENSSL_NO_DES > +#endif > > > /* > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index dfaefd1c08..d66f1cb03f 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -178,25 +178,6 @@ > $(OPENSSL_PATH)/crypto/cryptlib.c > $(OPENSSL_PATH)/crypto/ctype.c > $(OPENSSL_PATH)/crypto/cversion.c > - $(OPENSSL_PATH)/crypto/des/cbc_cksm.c > - $(OPENSSL_PATH)/crypto/des/cbc_enc.c > - $(OPENSSL_PATH)/crypto/des/cfb64ede.c > - $(OPENSSL_PATH)/crypto/des/cfb64enc.c > - $(OPENSSL_PATH)/crypto/des/cfb_enc.c > - $(OPENSSL_PATH)/crypto/des/des_enc.c > - $(OPENSSL_PATH)/crypto/des/ecb3_enc.c > - $(OPENSSL_PATH)/crypto/des/ecb_enc.c > - $(OPENSSL_PATH)/crypto/des/fcrypt.c > - $(OPENSSL_PATH)/crypto/des/fcrypt_b.c > - $(OPENSSL_PATH)/crypto/des/ofb64ede.c > - $(OPENSSL_PATH)/crypto/des/ofb64enc.c > - $(OPENSSL_PATH)/crypto/des/ofb_enc.c > - $(OPENSSL_PATH)/crypto/des/pcbc_enc.c > - $(OPENSSL_PATH)/crypto/des/qud_cksm.c > - $(OPENSSL_PATH)/crypto/des/rand_key.c > - $(OPENSSL_PATH)/crypto/des/set_key.c > - $(OPENSSL_PATH)/crypto/des/str2key.c > - $(OPENSSL_PATH)/crypto/des/xcbc_enc.c > $(OPENSSL_PATH)/crypto/dh/dh_ameth.c > $(OPENSSL_PATH)/crypto/dh/dh_asn1.c > $(OPENSSL_PATH)/crypto/dh/dh_check.c > @@ -514,8 +495,6 @@ > $(OPENSSL_PATH)/crypto/comp/comp_lcl.h > $(OPENSSL_PATH)/crypto/conf/conf_def.h > $(OPENSSL_PATH)/crypto/conf/conf_lcl.h > - $(OPENSSL_PATH)/crypto/des/des_locl.h > - $(OPENSSL_PATH)/crypto/des/spr.h > $(OPENSSL_PATH)/crypto/dh/dh_locl.h > $(OPENSSL_PATH)/crypto/dso/dso_locl.h > $(OPENSSL_PATH)/crypto/evp/evp_locl.h > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 080e1d9305..5788d13cf7 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -178,25 +178,6 @@ > $(OPENSSL_PATH)/crypto/cryptlib.c > $(OPENSSL_PATH)/crypto/ctype.c > $(OPENSSL_PATH)/crypto/cversion.c > - $(OPENSSL_PATH)/crypto/des/cbc_cksm.c > - $(OPENSSL_PATH)/crypto/des/cbc_enc.c > - $(OPENSSL_PATH)/crypto/des/cfb64ede.c > - $(OPENSSL_PATH)/crypto/des/cfb64enc.c > - $(OPENSSL_PATH)/crypto/des/cfb_enc.c > - $(OPENSSL_PATH)/crypto/des/des_enc.c > - $(OPENSSL_PATH)/crypto/des/ecb3_enc.c > - $(OPENSSL_PATH)/crypto/des/ecb_enc.c > - $(OPENSSL_PATH)/crypto/des/fcrypt.c > - $(OPENSSL_PATH)/crypto/des/fcrypt_b.c > - $(OPENSSL_PATH)/crypto/des/ofb64ede.c > - $(OPENSSL_PATH)/crypto/des/ofb64enc.c > - $(OPENSSL_PATH)/crypto/des/ofb_enc.c > - $(OPENSSL_PATH)/crypto/des/pcbc_enc.c > - $(OPENSSL_PATH)/crypto/des/qud_cksm.c > - $(OPENSSL_PATH)/crypto/des/rand_key.c > - $(OPENSSL_PATH)/crypto/des/set_key.c > - $(OPENSSL_PATH)/crypto/des/str2key.c > - $(OPENSSL_PATH)/crypto/des/xcbc_enc.c > $(OPENSSL_PATH)/crypto/dh/dh_ameth.c > $(OPENSSL_PATH)/crypto/dh/dh_asn1.c > $(OPENSSL_PATH)/crypto/dh/dh_check.c > @@ -514,8 +495,6 @@ > $(OPENSSL_PATH)/crypto/comp/comp_lcl.h > $(OPENSSL_PATH)/crypto/conf/conf_def.h > $(OPENSSL_PATH)/crypto/conf/conf_lcl.h > - $(OPENSSL_PATH)/crypto/des/des_locl.h > - $(OPENSSL_PATH)/crypto/des/spr.h > $(OPENSSL_PATH)/crypto/dh/dh_locl.h > $(OPENSSL_PATH)/crypto/dso/dso_locl.h > $(OPENSSL_PATH)/crypto/evp/evp_locl.h > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index f36c5c1aff..a30660c192 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -2396,155 +2396,45 @@ BOOLEAN > > //=============================================================== > ====================== > > /** > - Retrieves the size, in bytes, of the context buffer required for TDES > operations. > - > - If this interface is not supported, then return zero. > - > - @return The size, in bytes, of the context buffer required for TDES > operations. > - @retval 0 This interface is not supported. > + TDES is deprecated and unsupported any longer. > + Keep the function field for binary compability. > > **/ > typedef > UINTN > -(EFIAPI *EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) ( > VOID > ); > > -/** > - Initializes user-supplied memory as TDES context for subsequent use. > - > - This function initializes user-supplied memory pointed by TdesContext as > TDES > context. > - In addition, it sets up all TDES key materials for subsequent encryption > and > decryption > - operations. > - There are 3 key options as follows: > - KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility > with > DES) > - KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) > - KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) > - > - If TdesContext is NULL, then return FALSE. > - If Key is NULL, then return FALSE. > - If KeyLength is not valid, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[out] TdesContext Pointer to TDES context being initialized. > - @param[in] Key Pointer to the user-supplied TDES key. > - @param[in] KeyLength Length of TDES key in bits. > - > - @retval TRUE TDES context initialization succeeded. > - @retval FALSE TDES context initialization failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_TDES_INIT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_INIT) ( > OUT VOID *TdesContext, > IN CONST UINT8 *Key, > IN UINTN KeyLength > ); > > -/** > - Performs TDES encryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT) ( > IN VOID *TdesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ); > > -/** > - Performs TDES decryption on a data buffer of the specified size in ECB > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the TDES > decryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_TDES_ECB_DECRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT) ( > IN VOID *TdesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ); > > -/** > - Performs TDES encryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES encryption succeeded. > - @retval FALSE TDES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT) ( > IN VOID *TdesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > @@ -2552,38 +2442,9 @@ BOOLEAN > OUT UINT8 *Output > ); > > -/** > - Performs TDES decryption on a data buffer of the specified size in CBC > mode. > - > - This function performs TDES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in CBC mode. > - InputSize must be multiple of block size (8 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - Initialization vector should be one block size (8 bytes). > - TdesContext should be already correctly initialized by TdesInit(). > Behavior with > - invalid TDES context is undefined. > - > - If TdesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (8 bytes), then return FALSE. > - If Ivec is NULL, then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] TdesContext Pointer to the TDES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[in] Ivec Pointer to initialization vector. > - @param[out] Output Pointer to a buffer that receives the TDES > encryption > output. > - > - @retval TRUE TDES decryption succeeded. > - @retval FALSE TDES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_TDES_CBC_DECRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT) ( > IN VOID *TdesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > @@ -3911,13 +3772,13 @@ struct _EDKII_CRYPTO_PROTOCOL { > EDKII_CRYPTO_X509_FREE X509Free; > EDKII_CRYPTO_X509_STACK_FREE X509StackFree; > EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert; > - /// TDES > - EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE TdesGetContextSize; > - EDKII_CRYPTO_TDES_INIT TdesInit; > - EDKII_CRYPTO_TDES_ECB_ENCRYPT TdesEcbEncrypt; > - EDKII_CRYPTO_TDES_ECB_DECRYPT TdesEcbDecrypt; > - EDKII_CRYPTO_TDES_CBC_ENCRYPT TdesCbcEncrypt; > - EDKII_CRYPTO_TDES_CBC_DECRYPT TdesCbcDecrypt; > + /// TDES - deprecated and unsupported > + DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE > DeprecatedTdesGetContextSize; > + DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit; > + DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT > DeprecatedTdesEcbEncrypt; > + DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT > DeprecatedTdesEcbDecrypt; > + DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT > DeprecatedTdesCbcEncrypt; > + DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT > DeprecatedTdesCbcDecrypt; > /// AES > EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; > EDKII_CRYPTO_AES_INIT AesInit; > -- > 2.21.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#58885): https://edk2.groups.io/g/devel/message/58885 Mute This Topic: https://groups.io/mt/74041192/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-