REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Aes Ecb mode is not secure any longer.
Remove the Aes Ecb mode support from edk2.
Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Xiaoyu Lu <xiaoyux...@intel.com>
Cc: Siyuan Fu <siyuan...@intel.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Philippe Mathieu-Daude <phi...@redhat.com>
Signed-off-by: Zhichao Gao <zhichao....@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 45 +++----
CryptoPkg/Driver/Crypto.c | 65 ++--------
CryptoPkg/Include/Library/BaseCryptLib.h | 70 -----------
.../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ------------------
.../BaseCryptLib/Cipher/CryptAesNull.c | 52 --------
.../BaseCryptLibNull/Cipher/CryptAesNull.c | 52 --------
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 76 ------------
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 -
.../Library/OpensslLib/OpensslLibCrypto.inf | 1 -
CryptoPkg/Private/Protocol/Crypto.h | 61 ++--------
10 files changed, 40 insertions(+), 497 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 6ed7046563..1f68cc633b 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -137,27 +137,30 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family |
PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacMd5.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha1.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize
| TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init
| TRUE
+
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt
| TRUE
+
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt
| TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 22b49762bd..7d462ff068 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1683,79 +1683,32 @@ CryptoServiceAesInit (
}
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
+ AES ECB Mode is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
BOOLEAN
EFIAPI
-CryptoServiceAesEcbEncrypt (
+DeprecatedCryptoServiceAesEcbEncrypt (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Aes.Services.EcbEncrypt, AesEcbEncrypt,
(AesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("AesEcbEncrypt"), FALSE;
}
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceAesEcbDecrypt (
+DeprecatedCryptoServiceAesEcbDecrypt (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Aes.Services.EcbDecrypt, AesEcbDecrypt,
(AesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServiceDeprecated ("AesEcbDecrypt"), FALSE;
}
/**
@@ -4212,11 +4165,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
DeprecatedCryptoServiceTdesEcbDecrypt,
DeprecatedCryptoServiceTdesCbcEncrypt,
DeprecatedCryptoServiceTdesCbcDecrypt,
- /// AES
+ /// AES - ECB mode is deprecated and unsupported
CryptoServiceAesGetContextSize,
CryptoServiceAesInit,
- CryptoServiceAesEcbEncrypt,
- CryptoServiceAesEcbDecrypt,
+ DeprecatedCryptoServiceAesEcbEncrypt,
+ DeprecatedCryptoServiceAesEcbDecrypt,
CryptoServiceAesCbcEncrypt,
CryptoServiceAesCbcDecrypt,
/// Arc4 - deprecated and unsupported
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
b/CryptoPkg/Include/Library/BaseCryptLib.h
index 621bcfd1c4..86175c7a8a 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1323,76 +1323,6 @@ AesInit (
IN UINTN KeyLength
);
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
index 2515b34bb8..914cffb211 100644
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
@@ -78,120 +78,6 @@ AesInit (
return TRUE;
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- AES_KEY *AesKey;
-
- //
- // Check input parameters.
- //
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0
|| Output == NULL) {
- return FALSE;
- }
-
- AesKey = (AES_KEY *) AesContext;
-
- //
- // Perform AES data encryption with ECB mode (block-by-block)
- //
- while (InputSize > 0) {
- AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
- Input += AES_BLOCK_SIZE;
- Output += AES_BLOCK_SIZE;
- InputSize -= AES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- AES_KEY *AesKey;
-
- //
- // Check input parameters.
- //
- if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0
|| Output == NULL) {
- return FALSE;
- }
-
- AesKey = (AES_KEY *) AesContext;
-
- //
- // Perform AES data decryption with ECB mode (block-by-block)
- //
- while (InputSize > 0) {
- AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
- Input += AES_BLOCK_SIZE;
- Output += AES_BLOCK_SIZE;
- InputSize -= AES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
index a82adacf4f..d235422e7a 100644
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c
@@ -50,58 +50,6 @@ AesInit (
return FALSE;
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
index a82adacf4f..d235422e7a 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptAesNull.c
@@ -50,58 +50,6 @@ AesInit (
return FALSE;
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 43ee4e0841..c937f8540d 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1518,82 +1518,6 @@ AesInit (
CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, KeyLength), FALSE);
}
-/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbEncrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (AesEcbEncrypt, (AesContext, Input, InputSize, Output),
FALSE);
-}
-
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-AesEcbDecrypt (
- IN VOID *AesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (AesEcbDecrypt, (AesContext, Input, InputSize, Output),
FALSE);
-}
-
/**
Performs AES encryption on a data buffer of the specified size in CBC mode.
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index d66f1cb03f..c8ec9454bd 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -29,7 +29,6 @@
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
$(OPENSSL_PATH)/crypto/aes/aes_ige.c
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 5788d13cf7..2f232e3e12 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -29,7 +29,6 @@
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_ecb.c
$(OPENSSL_PATH)/crypto/aes/aes_ige.c
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
diff --git a/CryptoPkg/Private/Protocol/Crypto.h
b/CryptoPkg/Private/Protocol/Crypto.h
index a30660c192..e76ff623a5 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -2498,69 +2498,22 @@ BOOLEAN
);
/**
- Performs AES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES encryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
encryption output.
-
- @retval TRUE AES encryption succeeded.
- @retval FALSE AES encryption failed.
- @retval FALSE This interface is not supported.
+ AES ECB Mode is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_AES_ECB_ENCRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT) (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
-/**
- Performs AES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs AES decryption on data buffer pointed by Input, of
specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (16 bytes). This function does not
perform
- padding. Caller must perform padding, if necessary, to ensure valid input
data size.
- AesContext should be already correctly initialized by AesInit(). Behavior
with
- invalid AES context is undefined.
-
- If AesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (16 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] AesContext Pointer to the AES context.
- @param[in] Input Pointer to the buffer containing the data to be
decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the AES
decryption output.
-
- @retval TRUE AES decryption succeeded.
- @retval FALSE AES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_AES_ECB_DECRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT) (
IN VOID *AesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -3779,11 +3732,11 @@ struct _EDKII_CRYPTO_PROTOCOL {
DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt;
DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt;
DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt;
- /// AES
+ /// AES - ECB Mode is deprecated and unsupported
EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize;
EDKII_CRYPTO_AES_INIT AesInit;
- EDKII_CRYPTO_AES_ECB_ENCRYPT AesEcbEncrypt;
- EDKII_CRYPTO_AES_ECB_DECRYPT AesEcbDecrypt;
+ DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncrypt;
+ DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecrypt;
EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt;
EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt;
/// Arc4 - deprecated and unsupported
--
2.21.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#59171): https://edk2.groups.io/g/devel/message/59171
Mute This Topic: https://groups.io/mt/74142381/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
