REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 HMAC SHA1 is not secure any longer. Remove the HMAC SHA1 support from edk2. Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
		
			
				
	
	
		
			26 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			26 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| // /** @file
 | |
| // Cryptographic Library Instance for PEIM.
 | |
| //
 | |
| // Caution: This module requires additional review when modified.
 | |
| // This library will have external input - signature.
 | |
| // This external input must be validated carefully to avoid security issues such as
 | |
| // buffer overflow or integer overflow.
 | |
| //
 | |
| // Note: AES
 | |
| // functions, RSA external functions, PKCS#7 SignedData sign functions,
 | |
| // Diffie-Hellman functions, X.509 certificate handler functions, authenticode
 | |
| // signature verification functions, PEM handler functions, and pseudorandom number
 | |
| // generator functions are not supported in this instance.
 | |
| //
 | |
| // Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
 | |
| //
 | |
| // SPDX-License-Identifier: BSD-2-Clause-Patent
 | |
| //
 | |
| // **/
 | |
| 
 | |
| 
 | |
| #string STR_MODULE_ABSTRACT             #language en-US "Cryptographic Library Instance for PEIM"
 | |
| 
 | |
| #string STR_MODULE_DESCRIPTION          #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
 | |
| 
 |