From 63e9999058661ebde66c3a4f5bfdea97d4e603eb Mon Sep 17 00:00:00 2001
From: Joey Vagedes <joey.vagedes@gmail.com>
Date: Mon, 23 Sep 2024 13:39:51 -0700
Subject: [PATCH] CryptoPkg: Require exact crypto version match (#1157)

## Description

Crypto versioning is not currently backwards compatible. This change
updates the check to require an exact match of the crypto version.

- [ ] Impacts functionality?
- [ ] Impacts security?
- [ ] Breaking change?
- [ ] Includes tests?
- [ ] Includes documentation?

## How This Was Tested

N/A

## Integration Instructions

N/A
---
 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c     | 4 ++--
 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c     | 4 ++--
 .../Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c    | 4 ++--
 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c     | 4 ++--
 .../Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c  | 4 ++--
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c
index b10e589d22..b94fa40fc1 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c
@@ -66,9 +66,9 @@ DxeCryptLibConstructor (
   }
 
   Version = mCryptoProtocol->GetVersion ();
-  if (Version < EDKII_CRYPTO_VERSION) {
+  if (Version != EDKII_CRYPTO_VERSION) {
     DEBUG ((DEBUG_ERROR, "[DxeCryptLib] Crypto Protocol unsupported version %d\n", Version));
-    ASSERT (Version >= EDKII_CRYPTO_VERSION);
+    ASSERT (Version == EDKII_CRYPTO_VERSION);
     mCryptoProtocol = NULL;
     return EFI_NOT_FOUND;
   }
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c
index 36c21cbe50..bcc2cb5204 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c
@@ -47,9 +47,9 @@ GetCryptoServices (
   }
 
   Version = CryptoPpi->GetVersion ();
-  if (Version < EDKII_CRYPTO_VERSION) {
+  if (Version != EDKII_CRYPTO_VERSION) {
     DEBUG ((DEBUG_ERROR, "[PeiCryptLib] Crypto PPI unsupported version %d\n", Version));
-    ASSERT (Version >= EDKII_CRYPTO_VERSION);
+    ASSERT (Version == EDKII_CRYPTO_VERSION);
     return NULL;
   }
 
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c
index 641d1213df..2b32ea62e0 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c
@@ -110,9 +110,9 @@ RuntimeDxeCryptLibConstructor (
   }
 
   Version = mCryptoProtocol->GetVersion ();
-  if (Version < EDKII_CRYPTO_VERSION) {
+  if (Version != EDKII_CRYPTO_VERSION) {
     DEBUG ((DEBUG_ERROR, "[%a] Crypto Protocol unsupported version %u.\n", __func__, Version));
-    ASSERT (Version >= EDKII_CRYPTO_VERSION);
+    ASSERT (Version == EDKII_CRYPTO_VERSION);
     mCryptoProtocol = NULL;
     return EFI_NOT_FOUND;
   }
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c
index 9fd1b4869d..290fd8c7fb 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c
@@ -68,9 +68,9 @@ SmmCryptLibConstructor (
   }
 
   Version = mSmmCryptoProtocol->GetVersion ();
-  if (Version < EDKII_CRYPTO_VERSION) {
+  if (Version != EDKII_CRYPTO_VERSION) {
     DEBUG ((DEBUG_ERROR, "[SmmCryptLib] Crypto SMM Protocol unsupported version %d\n", Version));
-    ASSERT (Version >= EDKII_CRYPTO_VERSION);
+    ASSERT (Version == EDKII_CRYPTO_VERSION);
     mSmmCryptoProtocol = NULL;
     return EFI_NOT_FOUND;
   }
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c
index eda635a357..9564702e88 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c
@@ -68,9 +68,9 @@ StandaloneMmCryptLibConstructor (
   }
 
   Version = mSmmCryptoProtocol->GetVersion ();
-  if (Version < EDKII_CRYPTO_VERSION) {
+  if (Version != EDKII_CRYPTO_VERSION) {
     DEBUG ((DEBUG_ERROR, "[StandaloneMmCryptLib] Crypto SMM Protocol unsupported version %d\n", Version));
-    ASSERT (Version >= EDKII_CRYPTO_VERSION);
+    ASSERT (Version == EDKII_CRYPTO_VERSION);
     mSmmCryptoProtocol = NULL;
     return EFI_NOT_FOUND;
   }