[edk2-devel] [PATCH V3 4/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
Gao, Zhichao
zhichao.gao at intel.com
Wed May 6 23:57:42 UTC 2020
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
Tdes is not secure any longer.
Remove the Tdes support from edk2.
Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu at intel.com>
Cc: Siyuan Fu <siyuan.fu at intel.com>
Cc: Michael D Kinney <michael.d.kinney at intel.com>
Cc: Jiewen Yao <jiewen.yao at intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao at intel.com>
---
CryptoPkg/Driver/Crypto.c | 181 +--------
CryptoPkg/Include/Library/BaseCryptLib.h | 196 ----------
.../Library/BaseCryptLib/BaseCryptLib.inf | 1 -
.../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ------------------
.../BaseCryptLib/Cipher/CryptTdesNull.c | 160 --------
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 +-
.../Library/BaseCryptLib/PeiCryptLib.uni | 6 +-
CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 7 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 +-
.../Library/BaseCryptLib/RuntimeCryptLib.uni | 6 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 3 +-
.../Library/BaseCryptLib/SmmCryptLib.uni | 6 +-
.../BaseCryptLibNull/BaseCryptLibNull.inf | 1 -
.../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 --------
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 214 ----------
.../Library/Include/openssl/opensslconf.h | 3 +
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 21 -
.../Library/OpensslLib/OpensslLibCrypto.inf | 21 -
CryptoPkg/Private/Protocol/Crypto.h | 169 +-------
19 files changed, 53 insertions(+), 1472 deletions(-)
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index 388a6e4b4b..a4106aae0b 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -1557,167 +1557,57 @@ CryptoServiceHmacSha256Final (
//=====================================================================================
/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
- @retval 0 This interface is not supported.
+ TDES is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
UINTN
EFIAPI
-CryptoServiceTdesGetContextSize (
+DeprecatedCryptoServiceTdesGetContextSize (
VOID
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.GetContextSize, TdesGetContextSize, (), 0);
+ return BaseCryptLibServciceDeprecated ("TdesGetContextSize"), 0;
}
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceTdesInit (
+DeprecatedCryptoServiceTdesInit (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.Init, TdesInit, (TdesContext, Key, KeyLength), FALSE);
+ return BaseCryptLibServciceDeprecated ("TdesInit"), FALSE;
}
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceTdesEcbEncrypt (
+DeprecatedCryptoServiceTdesEcbEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.EcbEncrypt, TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServciceDeprecated ("TdesEcbEncrypt"), FALSE;
}
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceTdesEcbDecrypt (
+DeprecatedCryptoServiceTdesEcbDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.EcbDecrypt, TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE);
+ return BaseCryptLibServciceDeprecated ("TdesEcbDecrypt"), FALSE;
}
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceTdesCbcEncrypt (
+DeprecatedCryptoServiceTdesCbcEncrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -1725,41 +1615,12 @@ CryptoServiceTdesCbcEncrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.CbcEncrypt, TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
+ return BaseCryptLibServciceDeprecated ("TdesCbcEncrypt"), FALSE;
}
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
BOOLEAN
EFIAPI
-CryptoServiceTdesCbcDecrypt (
+DeprecatedCryptoServiceTdesCbcDecrypt (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -1767,7 +1628,7 @@ CryptoServiceTdesCbcDecrypt (
OUT UINT8 *Output
)
{
- return CALL_BASECRYPTLIB (Tdes.Services.CbcDecrypt, TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
+ return BaseCryptLibServciceDeprecated ("TdesCbcDecrypt"), FALSE;
}
/**
@@ -4344,13 +4205,13 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceX509Free,
CryptoServiceX509StackFree,
CryptoServiceX509GetTBSCert,
- /// TDES
- CryptoServiceTdesGetContextSize,
- CryptoServiceTdesInit,
- CryptoServiceTdesEcbEncrypt,
- CryptoServiceTdesEcbDecrypt,
- CryptoServiceTdesCbcEncrypt,
- CryptoServiceTdesCbcDecrypt,
+ /// TDES - deprecated and unsupported
+ DeprecatedCryptoServiceTdesGetContextSize,
+ DeprecatedCryptoServiceTdesInit,
+ DeprecatedCryptoServiceTdesEcbEncrypt,
+ DeprecatedCryptoServiceTdesEcbDecrypt,
+ DeprecatedCryptoServiceTdesCbcEncrypt,
+ DeprecatedCryptoServiceTdesCbcDecrypt,
/// AES
CryptoServiceAesGetContextSize,
CryptoServiceAesInit,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 25e236c4a3..621bcfd1c4 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1278,202 +1278,6 @@ HmacSha256Final (
// Symmetric Cryptography Primitive
//=====================================================================================
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- );
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- );
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- );
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- );
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- );
-
/**
Retrieves the size, in bytes, of the context buffer required for AES operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index da38ea552f..2de8e9c346 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -39,7 +39,6 @@
Hmac/CryptHmacSha256.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
- Cipher/CryptTdes.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExt.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
deleted file mode 100644
index fd799f3398..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/** @file
- TDES Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-#include <openssl/des.h>
-
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- //
- // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each.
- //
- return (UINTN) (3 * sizeof (DES_key_schedule));
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- DES_key_schedule *KeySchedule;
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
-
- //
- // If input Key is a weak key, return error.
- //
- if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) {
- return FALSE;
- }
-
- DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule);
-
- if (KeyLength == 64) {
- CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule));
- CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
- return TRUE;
- }
-
- if (DES_is_weak_key ((const_DES_cblock *) (Key + 8)) == 1) {
- return FALSE;
- }
-
- DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1);
-
- if (KeyLength == 128) {
- CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
- return TRUE;
- }
-
- if (DES_is_weak_key ((const_DES_cblock *) (Key + 16)) == 1) {
- return FALSE;
- }
-
- DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2);
-
- return TRUE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
-
- while (InputSize > 0) {
- DES_ecb3_encrypt (
- (const_DES_cblock *) Input,
- (DES_cblock *) Output,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- DES_ENCRYPT
- );
- Input += TDES_BLOCK_SIZE;
- Output += TDES_BLOCK_SIZE;
- InputSize -= TDES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
-
- while (InputSize > 0) {
- DES_ecb3_encrypt (
- (const_DES_cblock *) Input,
- (DES_cblock *) Output,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- DES_DECRYPT
- );
- Input += TDES_BLOCK_SIZE;
- Output += TDES_BLOCK_SIZE;
- InputSize -= TDES_BLOCK_SIZE;
- }
-
- return TRUE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
- UINT8 IvecBuffer[TDES_BLOCK_SIZE];
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
- return FALSE;
- }
-
- if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
- CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
-
- DES_ede3_cbc_encrypt (
- Input,
- Output,
- (UINT32) InputSize,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- (DES_cblock *) IvecBuffer,
- DES_ENCRYPT
- );
-
- return TRUE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- DES_key_schedule *KeySchedule;
- UINT8 IvecBuffer[TDES_BLOCK_SIZE];
-
- //
- // Check input parameters.
- //
- if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0) {
- return FALSE;
- }
-
- if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
- return FALSE;
- }
-
- KeySchedule = (DES_key_schedule *) TdesContext;
- CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
-
- DES_ede3_cbc_encrypt (
- Input,
- Output,
- (UINT32) InputSize,
- KeySchedule,
- KeySchedule + 1,
- KeySchedule + 2,
- (DES_cblock *) IvecBuffer,
- DES_DECRYPT
- );
-
- return TRUE;
-}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
deleted file mode 100644
index efa2716063..0000000000
--- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/** @file
- TDES Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index f43953b78c..f631f8d879 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note:
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
@@ -45,7 +45,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index 5abd8e8dfb..c906935d3d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -6,8 +6,8 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
// generator functions are not supported in this instance.
@@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
index 75a133bd0c..6f7e1971f8 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
@@ -1,7 +1,7 @@
/** @file
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem (
//
// Add possible block-cipher descriptor for PEM data decryption.
- // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
+ // NOTE: Only support most popular ciphers AES for the encrypted PEM.
//
- if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
- return FALSE;
- }
if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
return FALSE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index f1eb099b67..672e19299c 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -45,7 +45,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index 5a48d2a308..0a3bb1c04f 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -6,8 +6,8 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 3a94655775..cc3556ae3f 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -7,7 +7,7 @@
# buffer overflow or integer overflow.
#
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
-# HMAC-MD5 functions, HMAC-SHA1 functions, TDES functions, RSA external
+# HMAC-MD5 functions, HMAC-SHA1 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
@@ -44,7 +44,6 @@
Hmac/CryptHmacSha256.c
Kdf/CryptHkdfNull.c
Cipher/CryptAes.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1Oaep.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index 0561f107e8..2e362c635f 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -6,8 +6,8 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-// TDES functions, RSA external functions, PKCS#7 SignedData sign functions,
+// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES
+// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
-#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
+#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index a205c9005d..04b552f8b7 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -39,7 +39,6 @@
Hmac/CryptHmacSha256Null.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
- Cipher/CryptTdesNull.c
Pk/CryptRsaBasicNull.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
deleted file mode 100644
index efa2716063..0000000000
--- a/CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/** @file
- TDES Wrapper Implementation which does not provide real capabilities.
-
-Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "InternalCryptLib.h"
-
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- Return zero to indicate this interface is not supported.
-
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- ASSERT (FALSE);
- return 0;
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- Return FALSE to indicate this interface is not supported.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- ASSERT (FALSE);
- return FALSE;
-}
-
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 77915bdb86..43ee4e0841 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1467,220 +1467,6 @@ HmacSha256Final (
// Symmetric Cryptography Primitive
//=====================================================================================
-/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
- @retval 0 This interface is not supported.
-
-**/
-UINTN
-EFIAPI
-TdesGetContextSize (
- VOID
- )
-{
- CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0);
-}
-
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesInit (
- OUT VOID *TdesContext,
- IN CONST UINT8 *Key,
- IN UINTN KeyLength
- )
-{
- CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, KeyLength), FALSE);
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, Input, InputSize, Output), FALSE);
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesEcbDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, Input, InputSize, Output), FALSE);
-}
-
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcEncrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
-}
-
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
-BOOLEAN
-EFIAPI
-TdesCbcDecrypt (
- IN VOID *TdesContext,
- IN CONST UINT8 *Input,
- IN UINTN InputSize,
- IN CONST UINT8 *Ivec,
- OUT UINT8 *Output
- )
-{
- CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, Input, InputSize, Ivec, Output), FALSE);
-}
-
/**
Retrieves the size, in bytes, of the context buffer required for AES operations.
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 22acabef87..4868cfa963 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -247,6 +247,9 @@ extern "C" {
#ifndef OPENSSL_NO_RC4
# define OPENSSL_NO_RC4
#endif
+#ifndef OPENSSL_NO_DES
+# define OPENSSL_NO_DES
+#endif
/*
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index dfaefd1c08..d66f1cb03f 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -178,25 +178,6 @@
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/ctype.c
$(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
- $(OPENSSL_PATH)/crypto/des/cbc_enc.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
- $(OPENSSL_PATH)/crypto/des/cfb64enc.c
- $(OPENSSL_PATH)/crypto/des/cfb_enc.c
- $(OPENSSL_PATH)/crypto/des/des_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb_enc.c
- $(OPENSSL_PATH)/crypto/des/fcrypt.c
- $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
- $(OPENSSL_PATH)/crypto/des/ofb64enc.c
- $(OPENSSL_PATH)/crypto/des/ofb_enc.c
- $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/qud_cksm.c
- $(OPENSSL_PATH)/crypto/des/rand_key.c
- $(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/str2key.c
- $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_check.c
@@ -514,8 +495,6 @@
$(OPENSSL_PATH)/crypto/comp/comp_lcl.h
$(OPENSSL_PATH)/crypto/conf/conf_def.h
$(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
- $(OPENSSL_PATH)/crypto/des/spr.h
$(OPENSSL_PATH)/crypto/dh/dh_locl.h
$(OPENSSL_PATH)/crypto/dso/dso_locl.h
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 080e1d9305..5788d13cf7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -178,25 +178,6 @@
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/ctype.c
$(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
- $(OPENSSL_PATH)/crypto/des/cbc_enc.c
- $(OPENSSL_PATH)/crypto/des/cfb64ede.c
- $(OPENSSL_PATH)/crypto/des/cfb64enc.c
- $(OPENSSL_PATH)/crypto/des/cfb_enc.c
- $(OPENSSL_PATH)/crypto/des/des_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb3_enc.c
- $(OPENSSL_PATH)/crypto/des/ecb_enc.c
- $(OPENSSL_PATH)/crypto/des/fcrypt.c
- $(OPENSSL_PATH)/crypto/des/fcrypt_b.c
- $(OPENSSL_PATH)/crypto/des/ofb64ede.c
- $(OPENSSL_PATH)/crypto/des/ofb64enc.c
- $(OPENSSL_PATH)/crypto/des/ofb_enc.c
- $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/qud_cksm.c
- $(OPENSSL_PATH)/crypto/des/rand_key.c
- $(OPENSSL_PATH)/crypto/des/set_key.c
- $(OPENSSL_PATH)/crypto/des/str2key.c
- $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_check.c
@@ -514,8 +495,6 @@
$(OPENSSL_PATH)/crypto/comp/comp_lcl.h
$(OPENSSL_PATH)/crypto/conf/conf_def.h
$(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
- $(OPENSSL_PATH)/crypto/des/spr.h
$(OPENSSL_PATH)/crypto/dh/dh_locl.h
$(OPENSSL_PATH)/crypto/dso/dso_locl.h
$(OPENSSL_PATH)/crypto/evp/evp_locl.h
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index f36c5c1aff..a30660c192 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -2396,155 +2396,45 @@ BOOLEAN
//=====================================================================================
/**
- Retrieves the size, in bytes, of the context buffer required for TDES operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for TDES operations.
- @retval 0 This interface is not supported.
+ TDES is deprecated and unsupported any longer.
+ Keep the function field for binary compability.
**/
typedef
UINTN
-(EFIAPI *EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE) (
VOID
);
-/**
- Initializes user-supplied memory as TDES context for subsequent use.
-
- This function initializes user-supplied memory pointed by TdesContext as TDES context.
- In addition, it sets up all TDES key materials for subsequent encryption and decryption
- operations.
- There are 3 key options as follows:
- KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
- KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
- KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
-
- If TdesContext is NULL, then return FALSE.
- If Key is NULL, then return FALSE.
- If KeyLength is not valid, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] TdesContext Pointer to TDES context being initialized.
- @param[in] Key Pointer to the user-supplied TDES key.
- @param[in] KeyLength Length of TDES key in bits.
-
- @retval TRUE TDES context initialization succeeded.
- @retval FALSE TDES context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_INIT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_INIT) (
OUT VOID *TdesContext,
IN CONST UINT8 *Key,
IN UINTN KeyLength
);
-/**
- Performs TDES encryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_ECB_ENCRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
-/**
- Performs TDES decryption on a data buffer of the specified size in ECB mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in ECB mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be decrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[out] Output Pointer to a buffer that receives the TDES decryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_ECB_DECRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
OUT UINT8 *Output
);
-/**
- Performs TDES encryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES encryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES encryption succeeded.
- @retval FALSE TDES encryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_CBC_ENCRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -2552,38 +2442,9 @@ BOOLEAN
OUT UINT8 *Output
);
-/**
- Performs TDES decryption on a data buffer of the specified size in CBC mode.
-
- This function performs TDES decryption on data buffer pointed by Input, of specified
- size of InputSize, in CBC mode.
- InputSize must be multiple of block size (8 bytes). This function does not perform
- padding. Caller must perform padding, if necessary, to ensure valid input data size.
- Initialization vector should be one block size (8 bytes).
- TdesContext should be already correctly initialized by TdesInit(). Behavior with
- invalid TDES context is undefined.
-
- If TdesContext is NULL, then return FALSE.
- If Input is NULL, then return FALSE.
- If InputSize is not multiple of block size (8 bytes), then return FALSE.
- If Ivec is NULL, then return FALSE.
- If Output is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in] TdesContext Pointer to the TDES context.
- @param[in] Input Pointer to the buffer containing the data to be encrypted.
- @param[in] InputSize Size of the Input buffer in bytes.
- @param[in] Ivec Pointer to initialization vector.
- @param[out] Output Pointer to a buffer that receives the TDES encryption output.
-
- @retval TRUE TDES decryption succeeded.
- @retval FALSE TDES decryption failed.
- @retval FALSE This interface is not supported.
-
-**/
typedef
BOOLEAN
-(EFIAPI *EDKII_CRYPTO_TDES_CBC_DECRYPT) (
+(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT) (
IN VOID *TdesContext,
IN CONST UINT8 *Input,
IN UINTN InputSize,
@@ -3911,13 +3772,13 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_X509_FREE X509Free;
EDKII_CRYPTO_X509_STACK_FREE X509StackFree;
EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert;
- /// TDES
- EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE TdesGetContextSize;
- EDKII_CRYPTO_TDES_INIT TdesInit;
- EDKII_CRYPTO_TDES_ECB_ENCRYPT TdesEcbEncrypt;
- EDKII_CRYPTO_TDES_ECB_DECRYPT TdesEcbDecrypt;
- EDKII_CRYPTO_TDES_CBC_ENCRYPT TdesCbcEncrypt;
- EDKII_CRYPTO_TDES_CBC_DECRYPT TdesCbcDecrypt;
+ /// TDES - deprecated and unsupported
+ DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetContextSize;
+ DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit;
+ DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncrypt;
+ DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt;
+ DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt;
+ DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt;
/// AES
EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize;
EDKII_CRYPTO_AES_INIT AesInit;
--
2.21.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#58760): https://edk2.groups.io/g/devel/message/58760
Mute This Topic: https://groups.io/mt/74041192/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list