sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CryptoPkg/BaseCrpytLib: Retire MD4 algorithm

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

MD4 is not secure any longer.
Remove the MD4 support from edk2.
Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
This commit is contained in:
Zhichao Gao
2020-04-17 15:37:59 +08:00
committed by mergify[bot]
parent aaa90aacaf
commit 0a6fc3d067
16 changed files with 62 additions and 1011 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
View File

@@ -6,7 +6,7 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -29,7 +29,6 @@
[Sources]
InternalCryptLib.h
Hash/CryptMd4.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c

223
CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
View File

@@ -1,223 +0,0 @@
/** @file
MD4 Digest Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
#include <openssl/md4.h>
/**
Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
@return The size, in bytes, of the context buffer required for MD4 hash operations.
**/
UINTN
EFIAPI
Md4GetContextSize (
VOID
)
{
//
// Retrieves the OpenSSL MD4 Context Size
//
return (UINTN) (sizeof (MD4_CTX));
}
/**
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
subsequent use.
If Md4Context is NULL, then return FALSE.
@param[out] Md4Context Pointer to MD4 context being initialized.
@retval TRUE MD4 context initialization succeeded.
@retval FALSE MD4 context initialization failed.
**/
BOOLEAN
EFIAPI
Md4Init (
OUT VOID *Md4Context
)
{
//
// Check input parameters.
//
if (Md4Context == NULL) {
return FALSE;
}
//
// OpenSSL MD4 Context Initialization
//
return (BOOLEAN) (MD4_Init ((MD4_CTX *) Md4Context));
}
/**
Makes a copy of an existing MD4 context.
If Md4Context is NULL, then return FALSE.
If NewMd4Context is NULL, then return FALSE.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
@retval TRUE MD4 context copy succeeded.
@retval FALSE MD4 context copy failed.
**/
BOOLEAN
EFIAPI
Md4Duplicate (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
)
{
//
// Check input parameters.
//
if (Md4Context == NULL || NewMd4Context == NULL) {
return FALSE;
}
CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX));
return TRUE;
}
/**
Digests the input data and updates MD4 context.
This function performs MD4 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
by Md4Final(). Behavior with invalid context is undefined.
If Md4Context is NULL, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE MD4 data digest succeeded.
@retval FALSE MD4 data digest failed.
**/
BOOLEAN
EFIAPI
Md4Update (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
//
// Check input parameters.
//
if (Md4Context == NULL) {
return FALSE;
}
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
return FALSE;
}
//
// OpenSSL MD4 Hash Update
//
return (BOOLEAN) (MD4_Update ((MD4_CTX *) Md4Context, Data, DataSize));
}
/**
Completes computation of the MD4 digest value.
This function completes MD4 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the MD4 context cannot
be used again.
MD4 context should be already correctly initialized by Md4Init(), and should not be
finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
If Md4Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
**/
BOOLEAN
EFIAPI
Md4Final (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
)
{
//
// Check input parameters.
//
if (Md4Context == NULL || HashValue == NULL) {
return FALSE;
}
//
// OpenSSL MD4 Hash Finalization
//
return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *) Md4Context));
}
/**
Computes the MD4 message digest of a input data buffer.
This function performs the MD4 message digest of a given data buffer, and places
the digest value into the specified memory.
If this interface is not supported, then return FALSE.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval TRUE MD4 digest computation succeeded.
@retval FALSE MD4 digest computation failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4HashAll (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
)
{
//
// Check input parameters.
//
if (HashValue == NULL) {
return FALSE;
}
if (Data == NULL && DataSize != 0) {
return FALSE;
}
//
// OpenSSL MD4 Hash Computation.
//
if (MD4 (Data, DataSize, HashValue) == NULL) {
return FALSE;
} else {
return TRUE;
}
}

143
CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
View File

@@ -1,143 +0,0 @@
/** @file
MD4 Digest Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for MD4 hash
operations.
Return zero to indicate this interface is not supported.
@retval 0 This interface is not supported.
**/
UINTN
EFIAPI
Md4GetContextSize (
VOID
)
{
ASSERT (FALSE);
return 0;
}
/**
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
subsequent use.
Return FALSE to indicate this interface is not supported.
@param[out] Md4Context Pointer to MD4 context being initialized.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Init (
OUT VOID *Md4Context
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Makes a copy of an existing MD4 context.
Return FALSE to indicate this interface is not supported.
@param[in] Md4Context Pointer to MD4 context being copied.
@param[out] NewMd4Context Pointer to new MD4 context.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Duplicate (
IN CONST VOID *Md4Context,
OUT VOID *NewMd4Context
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Digests the input data and updates MD4 context.
Return FALSE to indicate this interface is not supported.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Update (
IN OUT VOID *Md4Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Completes computation of the MD4 digest value.
Return FALSE to indicate this interface is not supported.
@param[in, out] Md4Context Pointer to the MD4 context.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4Final (
IN OUT VOID *Md4Context,
OUT UINT8 *HashValue
)
{
ASSERT (FALSE);
return FALSE;
}
/**
Computes the MD4 message digest of a input data buffer.
Return FALSE to indicate this interface is not supported.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
value (16 bytes).
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Md4HashAll (
IN CONST VOID *Data,
IN UINTN DataSize,
OUT UINT8 *HashValue
)
{
ASSERT (FALSE);
return FALSE;
}

5
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
View File

@@ -6,14 +6,14 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Note: MD4 Digest functions,
# Note:
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509
# certificate handler functions, authenticode signature verification functions,
# PEM handler functions, and pseudorandom number generator functions are not
# supported in this instance.
#
# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -35,7 +35,6 @@
[Sources]
InternalCryptLib.h
Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c

6
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
View File

@@ -6,13 +6,13 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
// generator functions are not supported in this instance.
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
@@ -21,5 +21,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."

5
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
View File

@@ -6,12 +6,12 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, AES/TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -35,7 +35,6 @@
[Sources]
InternalCryptLib.h
Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c

6
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
View File

@@ -6,12 +6,12 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."

5
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
View File

@@ -6,12 +6,12 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
# Note: SHA-384 Digest functions, SHA-512 Digest functions,
# HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external
# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and
# authenticode signature verification functions are not supported in this instance.
#
# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -34,7 +34,6 @@
[Sources]
InternalCryptLib.h
Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c

6
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
View File

@@ -6,12 +6,12 @@
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/
// TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, and authenticode signature verification functions are
// not supported in this instance.
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
@@ -20,5 +20,5 @@
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: HMAC-MD5 functions, HMAC-SHA1 functions, AES/ TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."