[edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()

Yao, Jiewen jiewen.yao at intel.com
Tue Feb 14 02:23:48 UTC 2023 

I think so, we can still use 1.1 APIs in compatible mode. Please refer to:
https://www.openssl.org/docs/man3.0/man7/OPENSSL_API_COMPAT.html
https://github.com/openssl/openssl/blob/openssl-3.0.8/INSTALL.md#api-level
as recommended in https://github.com/openssl/openssl/issues/17930

Thank you
Yao, Jiewen

> -----Original Message-----
> From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Michael D
> Kinney
> Sent: Tuesday, February 14, 2023 6:14 AM
> To: devel at edk2.groups.io; kraxel at redhat.com
> Cc: Oliver Steffen <osteffen at redhat.com>; Pawel Polawski
> <ppolawsk at redhat.com>; Kinney, Michael D <michael.d.kinney at intel.com>
> Subject: Re: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using
> SHA1()
> 
> Hi Gerd,
> 
> This is an interesting pattern for the openssl 3.0 size issues.
> 
> It looks like the 1.1.1 APIs we are currently using are still available.
> Are those legacy APIs guaranteed to be supported under openssl 3.0?
> 
> Mike
> 
> > -----Original Message-----
> > From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Gerd
> Hoffmann
> > Sent: Monday, February 13, 2023 11:20 AM
> > To: devel at edk2.groups.io
> > Cc: Oliver Steffen <osteffen at redhat.com>; Pawel Polawski
> <ppolawsk at redhat.com>; Gerd Hoffmann <kraxel at redhat.com>
> > Subject: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()
> >
> > In openssl 3.0 SHA1() goes through the provider logic,
> > requiring a huge amount of openssl code.  The individual
> > functions do not, so use them instead.
> >
> > Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
> > ---
> >  CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c | 16 +++++++++++++---
> >  1 file changed, 13 insertions(+), 3 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> > index 1e071ce2b325..cfe1f4bc44c9 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> > @@ -204,6 +204,8 @@ Sha1HashAll (
> >    OUT  UINT8       *HashValue
> >    )
> >  {
> > +  SHA_CTX  Context;
> > +
> >    //
> >    // Check input parameters.
> >    //
> > @@ -218,11 +220,19 @@ Sha1HashAll (
> >    //
> >    // OpenSSL SHA-1 Hash Computation.
> >    //
> > -  if (SHA1 (Data, DataSize, HashValue) == NULL) {
> > +  if (!SHA1_Init (&Context)) {
> >      return FALSE;
> > -  } else {
> > -    return TRUE;
> >    }
> > +
> > +  if (!SHA1_Update (&Context, Data, DataSize)) {
> > +    return FALSE;
> > +  }
> > +
> > +  if (!SHA1_Final (HashValue, &Context)) {
> > +    return FALSE;
> > +  }
> > +
> > +  return TRUE;
> >  }
> >
> >  #endif
> > --
> > 2.39.1
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100155): https://edk2.groups.io/g/devel/message/100155
Mute This Topic: https://groups.io/mt/96943603/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list