From e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 10 Apr 2017 17:23:29 +0800
Subject: Cryptlib: remove DES

Disable DES completely since it's already old and insecure.
This makes MokManager not support the DES based password hash but
probably no one is using it.

Signed-off-by: Gary Lin <glin@suse.com>
---
 PasswordCrypt.c | 17 -----------------
 1 file changed, 17 deletions(-)

(limited to 'PasswordCrypt.c')

diff --git a/PasswordCrypt.c b/PasswordCrypt.c
index e0a82cfd..2494549c 100644
--- a/PasswordCrypt.c
+++ b/PasswordCrypt.c
@@ -3,7 +3,6 @@
 #include <Library/BaseCryptLib.h>
 #include <openssl/sha.h>
 #include <openssl/md5.h>
-#include <openssl/des.h>
 #include "PasswordCrypt.h"
 #include "crypt_blowfish.h"
 
@@ -31,20 +30,6 @@ UINT16 get_hash_size (const UINT16 method)
 	return 0;
 }
 
-static EFI_STATUS trad_des_crypt (const char *key, const char *salt, UINT8 *hash)
-{
-	char result[TRAD_DES_HASH_SIZE + 1];
-	char *ret;
-
-	ret = DES_fcrypt(key, salt, result);
-	if (ret) {
-		CopyMem(hash, result, TRAD_DES_HASH_SIZE);
-		return EFI_SUCCESS;
-	}
-
-	return EFI_UNSUPPORTED;
-}
-
 static const char md5_salt_prefix[] = "$1$";
 
 static EFI_STATUS md5_crypt (const char *key,  UINT32 key_len,
@@ -308,8 +293,6 @@ EFI_STATUS password_crypt (const char *password, UINT32 pw_length,
 
 	switch (pw_crypt->method) {
 	case TRADITIONAL_DES:
-		status = trad_des_crypt (password, (char *)pw_crypt->salt, hash);
-		break;
 	case EXTEND_BSDI_DES:
 		status = EFI_UNSUPPORTED;
 		break;
-- 
cgit v1.2.3