Zhichao, Similar to patch 3, please update OpensslLib/process_files.pl to update OpensslLibXxx.inf
Regards, Jian > -----Original Message----- > From: Gao, Zhichao <zhichao....@intel.com> > Sent: Thursday, May 07, 2020 7:58 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.w...@intel.com>; Lu, XiaoyuX <xiaoyux...@intel.com>; > Fu, Siyuan <siyuan...@intel.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; Yao, Jiewen <jiewen....@intel.com> > Subject: [PATCH V3 5/8] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode > algorithm > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 > > Aes Ecb mode is not secure any longer. > Remove the Aes Ecb mode support from edk2. > Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate > the > function is unsupported any long. > > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Xiaoyu Lu <xiaoyux...@intel.com> > Cc: Siyuan Fu <siyuan...@intel.com> > Cc: Michael D Kinney <michael.d.kin...@intel.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Signed-off-by: Zhichao Gao <zhichao....@intel.com> > --- > CryptoPkg/CryptoPkg.dsc | 45 +++---- > CryptoPkg/Driver/Crypto.c | 65 ++-------- > .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ------------------ > .../BaseCryptLib/Cipher/CryptAesNull.c | 52 -------- > .../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 -------- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 76 ------------ > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 - > .../Library/OpensslLib/OpensslLibCrypto.inf | 1 - > CryptoPkg/Private/Protocol/Crypto.h | 61 ++-------- > 9 files changed, 40 insertions(+), 427 deletions(-) > > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index 6ed7046563..1f68cc633b 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -137,27 +137,30 @@ > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 > > !if $(CRYPTO_SERVICES) IN "PACKAGE ALL" > - > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam > ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family > | > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family > | > PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > - gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Fam > ily | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetC > ontextSize | TRUE > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init > | TRUE > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcE > ncrypt | TRUE > + > gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Cbc > Decrypt | TRUE > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family > | PCD_CRYPTO_SERVICE_ENABLE_FAMILY > !endif > > !if $(CRYPTO_SERVICES) == MIN_PEI > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index a4106aae0b..341df3b814 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -1683,79 +1683,32 @@ CryptoServiceAesInit ( > } > > /** > - Performs AES encryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > encryption > output. > - > - @retval TRUE AES encryption succeeded. > - @retval FALSE AES encryption failed. > - @retval FALSE This interface is not supported. > + AES ECB Mode is deprecated and unsupported any longer. > + Keep the function field for binary compability. > > **/ > BOOLEAN > EFIAPI > -CryptoServiceAesEcbEncrypt ( > +DeprecatedCryptoServiceAesEcbEncrypt ( > IN VOID *AesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt, > (AesContext, Input, InputSize, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("AesEcbEncrypt"), FALSE; > } > > -/** > - Performs AES decryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > decryption > output. > - > - @retval TRUE AES decryption succeeded. > - @retval FALSE AES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > BOOLEAN > EFIAPI > -CryptoServiceAesEcbDecrypt ( > +DeprecatedCryptoServiceAesEcbDecrypt ( > IN VOID *AesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ) > { > - return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt, > (AesContext, Input, InputSize, Output), FALSE); > + return BaseCryptLibServciceDeprecated ("AesEcbDecrypt"), FALSE; > } > > /** > @@ -4212,11 +4165,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { > DeprecatedCryptoServiceTdesEcbDecrypt, > DeprecatedCryptoServiceTdesCbcEncrypt, > DeprecatedCryptoServiceTdesCbcDecrypt, > - /// AES > + /// AES - ECB mode is deprecated and unsupported > CryptoServiceAesGetContextSize, > CryptoServiceAesInit, > - CryptoServiceAesEcbEncrypt, > - CryptoServiceAesEcbDecrypt, > + DeprecatedCryptoServiceAesEcbEncrypt, > + DeprecatedCryptoServiceAesEcbDecrypt, > CryptoServiceAesCbcEncrypt, > CryptoServiceAesCbcDecrypt, > /// Arc4 - deprecated and unsupported > diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c > b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c > index 2515b34bb8..914cffb211 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c > +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c > @@ -78,120 +78,6 @@ AesInit ( > return TRUE; > } > > -/** > - Performs AES encryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > encryption > output. > - > - @retval TRUE AES encryption succeeded. > - @retval FALSE AES encryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbEncrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - AES_KEY *AesKey; > - > - // > - // Check input parameters. > - // > - if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != > 0 > || Output == NULL) { > - return FALSE; > - } > - > - AesKey = (AES_KEY *) AesContext; > - > - // > - // Perform AES data encryption with ECB mode (block-by-block) > - // > - while (InputSize > 0) { > - AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT); > - Input += AES_BLOCK_SIZE; > - Output += AES_BLOCK_SIZE; > - InputSize -= AES_BLOCK_SIZE; > - } > - > - return TRUE; > -} > - > -/** > - Performs AES decryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > decryption > output. > - > - @retval TRUE AES decryption succeeded. > - @retval FALSE AES decryption failed. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbDecrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - AES_KEY *AesKey; > - > - // > - // Check input parameters. > - // > - if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != > 0 > || Output == NULL) { > - return FALSE; > - } > - > - AesKey = (AES_KEY *) AesContext; > - > - // > - // Perform AES data decryption with ECB mode (block-by-block) > - // > - while (InputSize > 0) { > - AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT); > - Input += AES_BLOCK_SIZE; > - Output += AES_BLOCK_SIZE; > - InputSize -= AES_BLOCK_SIZE; > - } > - > - return TRUE; > -} > - > /** > Performs AES encryption on a data buffer of the specified size in CBC mode. > > diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c > b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c > index a82adacf4f..d235422e7a 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c > @@ -50,58 +50,6 @@ AesInit ( > return FALSE; > } > > -/** > - Performs AES encryption on a data buffer of the specified size in ECB mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > encryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbEncrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs AES decryption on a data buffer of the specified size in ECB mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > decryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbDecrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > /** > Performs AES encryption on a data buffer of the specified size in CBC mode. > > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c > index a82adacf4f..d235422e7a 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c > @@ -50,58 +50,6 @@ AesInit ( > return FALSE; > } > > -/** > - Performs AES encryption on a data buffer of the specified size in ECB mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > encryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbEncrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > -/** > - Performs AES decryption on a data buffer of the specified size in ECB mode. > - > - Return FALSE to indicate this interface is not supported. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > decryption > output. > - > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbDecrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - ASSERT (FALSE); > - return FALSE; > -} > - > /** > Performs AES encryption on a data buffer of the specified size in CBC mode. > > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index 43ee4e0841..c937f8540d 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -1518,82 +1518,6 @@ AesInit ( > CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, KeyLength), FALSE); > } > > -/** > - Performs AES encryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > encryption > output. > - > - @retval TRUE AES encryption succeeded. > - @retval FALSE AES encryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbEncrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (AesEcbEncrypt, (AesContext, Input, InputSize, > Output), FALSE); > -} > - > -/** > - Performs AES decryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > decryption > output. > - > - @retval TRUE AES decryption succeeded. > - @retval FALSE AES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > -BOOLEAN > -EFIAPI > -AesEcbDecrypt ( > - IN VOID *AesContext, > - IN CONST UINT8 *Input, > - IN UINTN InputSize, > - OUT UINT8 *Output > - ) > -{ > - CALL_CRYPTO_SERVICE (AesEcbDecrypt, (AesContext, Input, InputSize, > Output), FALSE); > -} > - > /** > Performs AES encryption on a data buffer of the specified size in CBC mode. > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index d66f1cb03f..c8ec9454bd 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -29,7 +29,6 @@ > $(OPENSSL_PATH)/crypto/aes/aes_cbc.c > $(OPENSSL_PATH)/crypto/aes/aes_cfb.c > $(OPENSSL_PATH)/crypto/aes/aes_core.c > - $(OPENSSL_PATH)/crypto/aes/aes_ecb.c > $(OPENSSL_PATH)/crypto/aes/aes_ige.c > $(OPENSSL_PATH)/crypto/aes/aes_misc.c > $(OPENSSL_PATH)/crypto/aes/aes_ofb.c > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 5788d13cf7..2f232e3e12 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -29,7 +29,6 @@ > $(OPENSSL_PATH)/crypto/aes/aes_cbc.c > $(OPENSSL_PATH)/crypto/aes/aes_cfb.c > $(OPENSSL_PATH)/crypto/aes/aes_core.c > - $(OPENSSL_PATH)/crypto/aes/aes_ecb.c > $(OPENSSL_PATH)/crypto/aes/aes_ige.c > $(OPENSSL_PATH)/crypto/aes/aes_misc.c > $(OPENSSL_PATH)/crypto/aes/aes_ofb.c > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index a30660c192..e76ff623a5 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -2498,69 +2498,22 @@ BOOLEAN > ); > > /** > - Performs AES encryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES encryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > encrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > encryption > output. > - > - @retval TRUE AES encryption succeeded. > - @retval FALSE AES encryption failed. > - @retval FALSE This interface is not supported. > + AES ECB Mode is deprecated and unsupported any longer. > + Keep the function field for binary compability. > > **/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_AES_ECB_ENCRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT) ( > IN VOID *AesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > OUT UINT8 *Output > ); > > -/** > - Performs AES decryption on a data buffer of the specified size in ECB mode. > - > - This function performs AES decryption on data buffer pointed by Input, of > specified > - size of InputSize, in ECB mode. > - InputSize must be multiple of block size (16 bytes). This function does not > perform > - padding. Caller must perform padding, if necessary, to ensure valid input > data > size. > - AesContext should be already correctly initialized by AesInit(). Behavior > with > - invalid AES context is undefined. > - > - If AesContext is NULL, then return FALSE. > - If Input is NULL, then return FALSE. > - If InputSize is not multiple of block size (16 bytes), then return FALSE. > - If Output is NULL, then return FALSE. > - If this interface is not supported, then return FALSE. > - > - @param[in] AesContext Pointer to the AES context. > - @param[in] Input Pointer to the buffer containing the data to be > decrypted. > - @param[in] InputSize Size of the Input buffer in bytes. > - @param[out] Output Pointer to a buffer that receives the AES > decryption > output. > - > - @retval TRUE AES decryption succeeded. > - @retval FALSE AES decryption failed. > - @retval FALSE This interface is not supported. > - > -**/ > typedef > BOOLEAN > -(EFIAPI *EDKII_CRYPTO_AES_ECB_DECRYPT) ( > +(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT) ( > IN VOID *AesContext, > IN CONST UINT8 *Input, > IN UINTN InputSize, > @@ -3779,11 +3732,11 @@ struct _EDKII_CRYPTO_PROTOCOL { > DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT > DeprecatedTdesEcbDecrypt; > DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT > DeprecatedTdesCbcEncrypt; > DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT > DeprecatedTdesCbcDecrypt; > - /// AES > + /// AES - ECB Mode is deprecated and unsupported > EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize; > EDKII_CRYPTO_AES_INIT AesInit; > - EDKII_CRYPTO_AES_ECB_ENCRYPT AesEcbEncrypt; > - EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt; > + DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT > DeprecatedAesEcbEncrypt; > + DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT > DeprecatedAesEcbDecrypt; > EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt; > EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt; > /// Arc4 - deprecated and unsupported > -- > 2.21.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#58887): https://edk2.groups.io/g/devel/message/58887 Mute This Topic: https://groups.io/mt/74041194/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-