[edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()
Yao, Jiewen
jiewen.yao at intel.com
Tue Feb 14 02:23:48 UTC 2023
I think so, we can still use 1.1 APIs in compatible mode. Please refer to:
https://www.openssl.org/docs/man3.0/man7/OPENSSL_API_COMPAT.html
https://github.com/openssl/openssl/blob/openssl-3.0.8/INSTALL.md#api-level
as recommended in https://github.com/openssl/openssl/issues/17930
Thank you
Yao, Jiewen
> -----Original Message-----
> From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Michael D
> Kinney
> Sent: Tuesday, February 14, 2023 6:14 AM
> To: devel at edk2.groups.io; kraxel at redhat.com
> Cc: Oliver Steffen <osteffen at redhat.com>; Pawel Polawski
> <ppolawsk at redhat.com>; Kinney, Michael D <michael.d.kinney at intel.com>
> Subject: Re: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using
> SHA1()
>
> Hi Gerd,
>
> This is an interesting pattern for the openssl 3.0 size issues.
>
> It looks like the 1.1.1 APIs we are currently using are still available.
> Are those legacy APIs guaranteed to be supported under openssl 3.0?
>
> Mike
>
> > -----Original Message-----
> > From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Gerd
> Hoffmann
> > Sent: Monday, February 13, 2023 11:20 AM
> > To: devel at edk2.groups.io
> > Cc: Oliver Steffen <osteffen at redhat.com>; Pawel Polawski
> <ppolawsk at redhat.com>; Gerd Hoffmann <kraxel at redhat.com>
> > Subject: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()
> >
> > In openssl 3.0 SHA1() goes through the provider logic,
> > requiring a huge amount of openssl code. The individual
> > functions do not, so use them instead.
> >
> > Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
> > ---
> > CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c | 16 +++++++++++++---
> > 1 file changed, 13 insertions(+), 3 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> > index 1e071ce2b325..cfe1f4bc44c9 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> > @@ -204,6 +204,8 @@ Sha1HashAll (
> > OUT UINT8 *HashValue
> > )
> > {
> > + SHA_CTX Context;
> > +
> > //
> > // Check input parameters.
> > //
> > @@ -218,11 +220,19 @@ Sha1HashAll (
> > //
> > // OpenSSL SHA-1 Hash Computation.
> > //
> > - if (SHA1 (Data, DataSize, HashValue) == NULL) {
> > + if (!SHA1_Init (&Context)) {
> > return FALSE;
> > - } else {
> > - return TRUE;
> > }
> > +
> > + if (!SHA1_Update (&Context, Data, DataSize)) {
> > + return FALSE;
> > + }
> > +
> > + if (!SHA1_Final (HashValue, &Context)) {
> > + return FALSE;
> > + }
> > +
> > + return TRUE;
> > }
> >
> > #endif
> > --
> > 2.39.1
> >
> >
> >
> >
> >
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100155): https://edk2.groups.io/g/devel/message/100155
Mute This Topic: https://groups.io/mt/96943603/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list