Re: [edk2-devel] [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO

[Yao, Jiewen]

Reviewed-by: Jiewen Yao <jiewen....@intel.com>

> -----Original Message-----
> From: Gao, Zhichao <zhichao....@intel.com>
> Sent: Monday, August 31, 2020 1:13 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen....@intel.com>; Wang, Jian J <jian.j.w...@intel.com>;
> Xu, Min M <min.m...@intel.com>; Zhang, Qi1 <qi1.zh...@intel.com>
> Subject: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on
> MACRO
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2943
> 
> Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES.
> SHA1 is deprecated function and the MACRO is used to remove the whole
> implementation of the SHA1. For the platforms that do not need SHA1
> for security, the MACRO should works for DxeImageVerificationLib as
> well.
> 
> Signed-off-by: Zhichao Gao <zhichao....@intel.com>
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Min Xu <min.m...@intel.com>
> Cc: Qi Zhang <qi1.zh...@intel.com>
> ---
>  .../DxeImageVerificationLib/DxeImageVerificationLib.c       | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git
> a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> index b08fe24e85..7871220140 100644
> --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> @@ -59,7 +59,11 @@ UINT8 mHashOidValue[] = {
>    };
> 
>  HASH_TABLE mHash[] = {
> +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
>    { L"SHA1",   20, &mHashOidValue[0],  5, Sha1GetContextSize,   Sha1Init,
> Sha1Update,   Sha1Final  },
> +#else
> +  { L"SHA1",   20, &mHashOidValue[0],  5, NULL,                 NULL,       
> NULL,
> NULL       },
> +#endif
>    { L"SHA224", 28, &mHashOidValue[5],  9, NULL,                 NULL,       
> NULL,
> NULL       },
>    { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init,
> Sha256Update, Sha256Final},
>    { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init,
> Sha384Update, Sha384Final},
> @@ -315,10 +319,12 @@ HashPeImage (
>    ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
> 
>    switch (HashAlg) {
> +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
>    case HASHALG_SHA1:
>      mImageDigestSize = SHA1_DIGEST_SIZE;
>      mCertType        = gEfiCertSha1Guid;
>      break;
> +#endif
> 
>    case HASHALG_SHA256:
>      mImageDigestSize = SHA256_DIGEST_SIZE;
> --
> 2.21.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#65069): https://edk2.groups.io/g/devel/message/65069
Mute This Topic: https://groups.io/mt/76528676/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-