From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by mx.groups.io with SMTP id smtpd.web12.4791.1585277696944734521
 for <devel@edk2.groups.io>;
 Thu, 26 Mar 2020 19:54:57 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: zhichao.gao@intel.com)
IronPort-SDR: PlBfkD+BlkpSoCNJ1JJDdAoQ7998B+T0eaug6xQMKcEVMPK5nxnWZfJe+DkxQeWXekHn6FXktF
 dgkNdzPZrhjA==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 19:54:56 -0700
IronPort-SDR: NZgJS7d8IG9asnPHKVFDBtbQn1n7Z/p4pSJ4ufLqSZKGaEh9SEoAIwfmZC0FMX2KSHtIpc6cAf
 J6b2B+vHrlxg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; 
   d="scan'208";a="247756490"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
  by orsmga003.jf.intel.com with ESMTP; 26 Mar 2020 19:54:56 -0700
Received: from shsmsx601.ccr.corp.intel.com (10.109.6.141) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 26 Mar 2020 19:54:55 -0700
Received: from shsmsx603.ccr.corp.intel.com (10.109.6.143) by
 SHSMSX601.ccr.corp.intel.com (10.109.6.141) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Fri, 27 Mar 2020 10:54:53 +0800
Received: from shsmsx603.ccr.corp.intel.com ([10.109.6.143]) by
 SHSMSX603.ccr.corp.intel.com ([10.109.6.143]) with mapi id 15.01.1713.004;
 Fri, 27 Mar 2020 10:54:53 +0800
From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Wang, Jian J" <jian.j.wang@intel.com>, "Lu, XiaoyuX"
	<xiaoyux.lu@intel.com>, Maciej Rabeda <maciej.rabeda@linux.intel.com>, "Wu,
 Jiaxin" <jiaxin.wu@intel.com>, "Fu, Siyuan" <siyuan.fu@intel.com>
Subject: Re: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function
Thread-Topic: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
 function
Thread-Index: AQHWA9r3aQtoLHyFPEOF4iP+NZLjhqhbrwWwgAALAAD//305AIAAhlpQ
Date: Fri, 27 Mar 2020 02:54:53 +0000
Message-ID: <09948728c0a74151917f418ffb80ad9a@intel.com>
References: <20200327015629.2588-1-zhichao.gao@intel.com>
 <74D8A39837DF1E4DA445A8C0B3885C503F9A006D@shsmsx102.ccr.corp.intel.com>
 <2e5b18079d6549f9bb814eb3f713ffed@intel.com>
 <74D8A39837DF1E4DA445A8C0B3885C503F9A03F7@shsmsx102.ccr.corp.intel.com>
In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503F9A03F7@shsmsx102.ccr.corp.intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.36]
MIME-Version: 1.0
Return-Path: zhichao.gao@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Sorry for the mess. I used to view all the dsc as platform side. I would up=
date security pkg as well.

Thanks,
Zhichao

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Friday, March 27, 2020 10:51 AM
> To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>; Maciej Rabeda <maciej.rabeda@linux.intel.com>;
> Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> function
>=20
> The SHA1 is called explicitly in SecurityPkg. Are you sure we don't need
> update security pkg?
>=20
> > -----Original Message-----
> > From: Gao, Zhichao <zhichao.gao@intel.com>
> > Sent: Friday, March 27, 2020 10:44 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu@intel.com>; Maciej Rabeda <maciej.rabeda@linux.intel.com>;
> > Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> > function
> >
> > Jiewen,
> > Thanks for the reminder. But TPM didn't have the inc file as
> > NetWorkPkg to set the pcd for all platform. The change for TPM1.2 shou=
ld
> be at platform side.
> > I would change the edk2 platform code as well once the solution is dec=
ided.
> >
> > Thanks,
> > Zhichao
> >
> > > -----Original Message-----
> > > From: Yao, Jiewen
> > > Sent: Friday, March 27, 2020 10:01 AM
> > > To: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@intel.com>
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > <xiaoyux.lu@intel.com>; Maciej Rabeda
> > > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>;
> > > Fu, Siyuan <siyuan.fu@intel.com>
> > > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the
> > > deprecate function
> > >
> > > Good feature.
> > >
> > > I believe TPM1.2 still uses SHA1. It should be added as well.
> > >
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > > > Gao, Zhichao
> > > > Sent: Friday, March 27, 2020 9:56 AM
> > > > To: devel@edk2.groups.io
> > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
> > > > <xiaoyux.lu@intel.com>; Maciej Rabeda
> > > > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>;
> > > > Fu, Siyuan <siyuan.fu@intel.com>
> > > > Subject: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> > > > function
> > > >
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898
> > > >
> > > > MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longe=
r.
> > > > They are all deprecated. Edk2 would not support them any longer.
> > > > So remove them.
> > > > But uefi spec want to keep MD5 and SHA1 for backwards compatibilit=
y.
> > > > So add two pcds to control the MD5 and SHA1 enablement. Set the
> > > > pcds default value to false to indicate they are deprecated.
> > > >
> > > > NetWorkPkg's iSCSI driver would consume the MD5 function, so
> > > > change the md5 pcd to TURE when iSCSI is enabled.
> > > >
> > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> > > > Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > > > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > > >
> > > > Zhichao Gao (8):
> > > >   CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> > > >   CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> > > >   CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> > > >   CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> > > >   CryptoPkg/dec: Add pcds to avoid building the deprecated functio=
n
> > > >   NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI
> > > >   Crypto/BaseCryptLib: Using pcd to control MD5 enablement
> > > >   CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement
> > > >
> > > >  CryptoPkg/CryptoPkg.dec                       |  11 +
> > > >  CryptoPkg/CryptoPkg.uni                       |  11 +
> > > >  CryptoPkg/Driver/Crypto.c                     | 634 +------------=
-----
> > > >  CryptoPkg/Include/Library/BaseCryptLib.h      | 548 -------------=
--
> > > >  .../Library/BaseCryptLib/BaseCryptLib.inf     |   9 +-
> > > >  .../Library/BaseCryptLib/Cipher/CryptAes.c    | 114 ----
> > > >  .../BaseCryptLib/Cipher/CryptAesNull.c        |  52 --
> > > >  .../Library/BaseCryptLib/Cipher/CryptArc4.c   | 205 ------
> > > >  .../BaseCryptLib/Cipher/CryptArc4Null.c       | 124 ----
> > > >  .../Library/BaseCryptLib/Cipher/CryptTdes.c   | 364 ----------
> > > >  .../BaseCryptLib/Cipher/CryptTdesNull.c       | 160 -----
> > > >  .../Library/BaseCryptLib/Hash/CryptMd4.c      | 223 ------
> > > >  .../Library/BaseCryptLib/Hash/CryptMd4Null.c  | 143 ----
> > > >  .../Library/BaseCryptLib/Hash/CryptMd5.c      |   5 +-
> > > >  .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c  |   3 +
> > > >  .../BaseCryptLib/Hmac/CryptHmacMd5Null.c      |   3 +
> > > >  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c |   3 +
> > > >  .../BaseCryptLib/Hmac/CryptHmacSha1Null.c     |   3 +
> > > >  .../Library/BaseCryptLib/PeiCryptLib.inf      |  13 +-
> > > >  .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c        |   3 +
> > > >  .../Library/BaseCryptLib/Pk/CryptRsaBasic.c   |   5 +
> > > >  .../Library/BaseCryptLib/Pk/CryptRsaExt.c     |   5 +
> > > >  .../Library/BaseCryptLib/RuntimeCryptLib.inf  |  13 +-
> > > >  .../Library/BaseCryptLib/SmmCryptLib.inf      |  13 +-
> > > >  .../BaseCryptLibNull/BaseCryptLibNull.inf     |   3 -
> > > >  .../BaseCryptLibNull/Cipher/CryptAesNull.c    |  54 +-
> > > >  .../BaseCryptLibNull/Cipher/CryptArc4Null.c   | 124 ----
> > > >  .../BaseCryptLibNull/Cipher/CryptTdesNull.c   | 160 -----
> > > >  .../BaseCryptLibNull/Hash/CryptMd4Null.c      | 143 ----
> > > >  .../BaseCryptLibNull/Hash/CryptMd5Null.c      |   3 +
> > > >  .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c  |   3 +
> > > >  .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c |   4 +-
> > > >  .../BaseCryptLibOnProtocolPpi/CryptLib.c      | 604 +------------=
----
> > > >  .../Library/BaseHashApiLib/BaseHashApiLib.c   |  12 +
> > > >  .../Library/BaseHashApiLib/BaseHashApiLib.inf |   1 +
> > > >  CryptoPkg/Private/Protocol/Crypto.h           | 583 +------------=
---
> > > >  NetworkPkg/NetworkPcds.dsc.inc                |   5 +-
> > > >  37 files changed, 145 insertions(+), 4221 deletions(-)  delete
> > > > mode
> > > > 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
> > > >  delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
> > > >  delete mode 100644
> > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
> > > >
> > > > --
> > > > 2.21.0.windows.1
> > > >
> > > >
> > > >=20