sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
f22feb0e3b3f08b95201b258b104c45a2acef71f
system76-edk2/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
Zhichao Gao c812d3209c CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

HMAC SHA1 is not secure any longer.
Remove the HMAC SHA1 support from edk2.
Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-05-15 07:22:36 +00:00

26 lines
1.4 KiB
Plaintext
Raw Blame History

// /** @file
// Cryptographic Library Instance for PEIM.
//
// Caution: This module requires additional review when modified.
// This library will have external input - signature.
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Note: AES
// functions, RSA external functions, PKCS#7 SignedData sign functions,
// Diffie-Hellman functions, X.509 certificate handler functions, authenticode
// signature verification functions, PEM handler functions, and pseudorandom number
// generator functions are not supported in this instance.
//
// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
Reference in New Issue View Git Blame Copy Permalink