CryptoPkg: Make the MD5 disable as default for security

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021

Make the deprecated MD5 disable as default setting for
security.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20201112055558.2348-14-zhichao.gao@intel.com>

diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index d9096ea6037c94e04ac576ea49cdc3a76de8652e..26f280cd5dbe2b69ea95ae3e9dac879d206803ff 100644 (file)
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -243,7 +243,7 @@ DeprecatedCryptoServiceMd4HashAll (
   return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE;\r
 }\r
 \r
-#ifdef DISABLE_MD5_DEPRECATED_INTERFACES\r
+#ifndef ENABLE_MD5_DEPRECATED_INTERFACES\r
 /**\r
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
 \r
@@ -4494,7 +4494,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
   DeprecatedCryptoServiceMd4Update,\r
   DeprecatedCryptoServiceMd4Final,\r
   DeprecatedCryptoServiceMd4HashAll,\r
-#ifdef DISABLE_MD5_DEPRECATED_INTERFACES\r
+#ifndef ENABLE_MD5_DEPRECATED_INTERFACES\r
   /// Md5 - deprecated and unsupported\r
   DeprecatedCryptoServiceMd5GetContextSize,\r
   DeprecatedCryptoServiceMd5Init,\r

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index ae9bde9e379a60a963605a5931f21187dc30f972..496121e6a4ed50bdc1a62ba716cd8fb95f337a1f 100644 (file)
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -72,7 +72,7 @@ typedef enum {
 //    One-Way Cryptographic Hash Primitives\r
 //=====================================================================================\r
 \r
-#ifndef DISABLE_MD5_DEPRECATED_INTERFACES\r
+#ifdef ENABLE_MD5_DEPRECATED_INTERFACES\r
 /**\r
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
 \r

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
index b85e7f4d12acbc57661d021110cc72a85bd4cf27..d670f17424f775cdc683da6965abec03a13adb45 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
@@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "InternalCryptLib.h"\r
 #include <openssl/md5.h>\r
 \r
-#ifndef DISABLE_MD5_DEPRECATED_INTERFACES\r
+#ifdef ENABLE_MD5_DEPRECATED_INTERFACES\r
 /**\r
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
 \r

diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 3f14c6d2625034d25e6bd5d750ce56d60da4be23..8b43d1363cb938a651cd0081f1ac602d11d971d0 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -99,7 +99,7 @@ CryptoServiceNotAvailable (
 //    One-Way Cryptographic Hash Primitives\r
 //=====================================================================================\r
 \r
-#ifndef DISABLE_MD5_DEPRECATED_INTERFACES\r
+#ifdef ENABLE_MD5_DEPRECATED_INTERFACES\r
 /**\r
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
 \r