[edk2-devel] [PATCH 5/8] CryptoPkg/dec: Add pcds to avoid building the deprecated function
Gao, Zhichao
zhichao.gao at intel.com
Fri Mar 27 01:56:26 UTC 2020
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
Md5 and SHA1 is not secure any longer but uefi spec need to keep them
for backwards compatibility.
Add two pcds PcdMD5Enable and PcdSHA1Enable to control the function
enablement. Set the default value to false to indicate they are
deprecated.
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu at intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao at intel.com>
---
CryptoPkg/CryptoPkg.dec | 11 +++++++++++
CryptoPkg/CryptoPkg.uni | 11 +++++++++++
2 files changed, 22 insertions(+)
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 4d1a1368a8..4d1750839f 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -82,5 +82,16 @@
# @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010
gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00000001
+ ## Enable/Disable the MD5 algorithm. The MD5 is deprecated but the UEFI spec
+ # want to keep it for backwards compatibility.
+ # @prompt Enable/Disable MD5 function.
+ gEfiCryptoPkgTokenSpaceGuid.PcdMD5Enable|FALSE|BOOLEAN|0x00000003
+
+ ## Enable/Disable the SHA1 algorithm. The SHA1 is deprecated but the UEFI spec
+ # want to keep it for backwards compatibility. It should be set to TRUE when
+ # PcdHashApiLibPolicy enable the SHA1.
+ # @prompt Enable/Disable SHA1 function.
+ gEfiCryptoPkgTokenSpaceGuid.PcdSHA1Enable|FALSE|BOOLEAN|0x00000004
+
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
diff --git a/CryptoPkg/CryptoPkg.uni b/CryptoPkg/CryptoPkg.uni
index 28459fcafe..8e27ebcd36 100644
--- a/CryptoPkg/CryptoPkg.uni
+++ b/CryptoPkg/CryptoPkg.uni
@@ -30,3 +30,14 @@
#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_PROMPT #language en-US "Enable/Disable EDK II Crypto Protocol/PPI services"
#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdCryptoServiceFamilyEnable_HELP #language en-US "Enable/Disable the families and individual services produced by the EDK II Crypto Protocols/PPIs. The default is all services disabled. This Structured PCD is associated with PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure that is defined in Include/Pcd/PcdCryptoServiceFamilyEnable.h."
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdMD5Enable_PROMPT #language en-US "Enable/Disable the MD5 algorithm. The MD5 is deprecated but the UEFI spec\n"
+ "want to keep it for backwards compatibility."
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdMD5Enable_HELP #language en-US "Enable/Disable MD5 function."
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSHA1Enable_PROMPT #language en-US "Enable/Disable the SHA1 algorithm. The SHA1 is deprecated but the UEFI spec\n"
+ "want to keep it for backwards compatibility.It should be set to TRUE when\n"
+ "PcdHashApiLibPolicy enable the SHA1."
+
+#string STR_gEfiCryptoPkgTokenSpaceGuid_PcdSHA1Enable_HELP #language en-US "Enable/Disable SHA1 function."
--
2.21.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#56445): https://edk2.groups.io/g/devel/message/56445
Mute This Topic: https://groups.io/mt/72579466/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list