* Re: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and SHA1 support
[not found] <1646361F135EC661.31324@groups.io>
@ 2020-11-13 1:07 ` Gao, Zhichao
2020-11-13 6:25 ` 回复: " gaoliming
0 siblings, 1 reply; 6+ messages in thread
From: Gao, Zhichao @ 2020-11-13 1:07 UTC (permalink / raw)
To: devel@edk2.groups.io, Gao, Zhichao
Cc: Justen, Jordan L, Laszlo Ersek, Ard Biesheuvel, Sami Mujawar,
Leif Lindholm, Yao, Jiewen, Wang, Jian J, Lu, XiaoyuX,
Jiang, Guomin, Kinney, Michael D, Steele, Kelly, Sun, Zailiang,
Qian, Yi, Liming Gao, Maciej Rabeda, Wu, Jiaxin, Fu, Siyuan,
Feng, Roger, Liu, Zhiguang
I plan to catch the 202011 stable tag for this patch set. Please help to review this patch. I would like to request to extend time for review after feature freeze.
Make the default setting for security and let the user of edk2 aware of it if they are using unsecure functions make sense.
If you have any doubt or comment, please feel free to let me know.
Thanks,
Zhichao
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao, Zhichao
> Sent: Wednesday, November 11, 2020 1:37 AM
> To: devel@edk2.groups.io
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu,
> XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly
> <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; Qian, Yi
> <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Maciej Rabeda
> <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan
> <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com>; Liu, Zhiguang
> <zhiguang.liu@intel.com>
> Subject: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and SHA1
> support
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027
>
> MD5 is deprecated, make it disable as default for security.
> It required to set MD5 enable explicitly if the module is still using MD5. List the
> modules that are still using it:
> iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config).
>
> This patch set would affact the platforms that are using iSCSI function.
>
> V2:
> Remove MD5 and SHA1 support of Hash2DxeCrypto.
> Remove the MD5 GUID defination in MdePkg.dec. SHA1 related GUIDs are still
> using in TPM2, so keep them.
> No requirement to add MD5 enable MACRO in SecurityPkg.
>
> V3:
> Explicitly enable iSCSI for ArmVirtQemu, ArmVirtQemuKernel, OvmfPkgIa32,
> OvmfPkgIa32X64, OvmfPkgX64 and BhyveX64.
> And set the MD5 enable base on the new MD5 MACRO.
> Rejust the patch order.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Zailiang Sun <zailiang.sun@intel.com>
> Cc: Yi Qian <yi.qian@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Roger Feng <roger.feng@intel.com>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>
> Zhichao Gao (12):
> SecurityPkg/Hash2DxeCrypto: Remove MD5 support
> SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
> CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
> NetworkPkg: Enable MD5 while enable iSCSI
> ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI
> ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI
> OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI
> OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI
> OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI
> OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI
> NetworkPkg/Defines: Make iSCSI disable as default
> CryptoPkg: Make the MD5 disable as default for security
>
> ArmVirtPkg/ArmVirtQemu.dsc | 8 +++++++-
> ArmVirtPkg/ArmVirtQemuKernel.dsc | 8 +++++++-
> CryptoPkg/CryptoPkg.dsc | 3 +++
> CryptoPkg/Driver/Crypto.c | 4 ++--
> CryptoPkg/Include/Library/BaseCryptLib.h | 2 +-
> CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +-
> CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +-
> NetworkPkg/Network.dsc.inc | 5 +++++
> NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
> OvmfPkg/Bhyve/BhyveX64.dsc | 7 ++++++-
> OvmfPkg/OvmfPkgIa32.dsc | 5 +++++
> OvmfPkg/OvmfPkgIa32X64.dsc | 5 +++++
> OvmfPkg/OvmfPkgX64.dsc | 5 +++++
> SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 2 --
> SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf | 4 +---
> 15 files changed, 51 insertions(+), 15 deletions(-)
>
> --
> 2.21.0.windows.1
>
>
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* 回复: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and SHA1 support
2020-11-13 1:07 ` [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and SHA1 support Gao, Zhichao
@ 2020-11-13 6:25 ` gaoliming
2020-11-13 8:19 ` Yao, Jiewen
2020-11-13 20:04 ` 回复: " Laszlo Ersek
0 siblings, 2 replies; 6+ messages in thread
From: gaoliming @ 2020-11-13 6:25 UTC (permalink / raw)
To: devel, zhichao.gao
Cc: 'Justen, Jordan L', 'Laszlo Ersek',
'Ard Biesheuvel', 'Sami Mujawar',
'Leif Lindholm', 'Yao, Jiewen',
'Wang, Jian J', 'Lu, XiaoyuX',
'Jiang, Guomin', 'Kinney, Michael D',
'Steele, Kelly', 'Sun, Zailiang',
'Qian, Yi', 'Maciej Rabeda', 'Wu, Jiaxin',
'Fu, Siyuan', 'Feng, Roger',
'Liu, Zhiguang'
Zhichao:
I see the latest V4 version have been sent. Few days may be required for
code review.
Hi, NetworkPkg, CryptoPkg, OvmfPkg, ArmVirtPkg package maintainer and
reviewer:
Because stable tag 202011 is coming soon, can you finish the code review
for this patch set (V4 version) before Nov 17 (Next Tuesday)?
Thanks
Liming
> -----邮件原件-----
> 发件人: bounce+27952+67411+4905953+8761045@groups.io
> <bounce+27952+67411+4905953+8761045@groups.io> 代表 Gao, Zhichao
> 发送时间: 2020年11月13日 9:08
> 收件人: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@intel.com>
> 抄送: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin
> <guomin.jiang@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>;
> Steele, Kelly <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.
com>;
> Qian, Yi <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger
> <roger.feng@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>
> 主题: Re: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and
> SHA1 support
>
> I plan to catch the 202011 stable tag for this patch set. Please help to
review
> this patch. I would like to request to extend time for review after
feature
> freeze.
> Make the default setting for security and let the user of edk2 aware of it
if
> they are using unsecure functions make sense.
> If you have any doubt or comment, please feel free to let me know.
>
> Thanks,
> Zhichao
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> Zhichao
> > Sent: Wednesday, November 11, 2020 1:37 AM
> > To: devel@edk2.groups.io
> > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>;
> Yao,
> > Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu,
> > XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly
> > <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; Qian,
Yi
> > <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Maciej
> Rabeda
> > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu,
> Siyuan
> > <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com>; Liu, Zhiguang
> > <zhiguang.liu@intel.com>
> > Subject: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and
> SHA1
> > support
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027
> >
> > MD5 is deprecated, make it disable as default for security.
> > It required to set MD5 enable explicitly if the module is still using
MD5. List
> the
> > modules that are still using it:
> > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config).
> >
> > This patch set would affact the platforms that are using iSCSI function.
> >
> > V2:
> > Remove MD5 and SHA1 support of Hash2DxeCrypto.
> > Remove the MD5 GUID defination in MdePkg.dec. SHA1 related GUIDs are
> still
> > using in TPM2, so keep them.
> > No requirement to add MD5 enable MACRO in SecurityPkg.
> >
> > V3:
> > Explicitly enable iSCSI for ArmVirtQemu, ArmVirtQemuKernel, OvmfPkgIa32,
> > OvmfPkgIa32X64, OvmfPkgX64 and BhyveX64.
> > And set the MD5 enable base on the new MD5 MACRO.
> > Rejust the patch order.
> >
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> > Cc: Sami Mujawar <sami.mujawar@arm.com>
> > Cc: Leif Lindholm <leif@nuviainc.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Kelly Steele <kelly.steele@intel.com>
> > Cc: Zailiang Sun <zailiang.sun@intel.com>
> > Cc: Yi Qian <yi.qian@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> > Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > Cc: Roger Feng <roger.feng@intel.com>
> > Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> >
> > Zhichao Gao (12):
> > SecurityPkg/Hash2DxeCrypto: Remove MD5 support
> > SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
> > CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
> > NetworkPkg: Enable MD5 while enable iSCSI
> > ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI
> > ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI
> > OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI
> > OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI
> > OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI
> > OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI
> > NetworkPkg/Defines: Make iSCSI disable as default
> > CryptoPkg: Make the MD5 disable as default for security
> >
> > ArmVirtPkg/ArmVirtQemu.dsc | 8
> +++++++-
> > ArmVirtPkg/ArmVirtQemuKernel.dsc | 8
> +++++++-
> > CryptoPkg/CryptoPkg.dsc | 3 +++
> > CryptoPkg/Driver/Crypto.c | 4 ++--
> > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +-
> > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +-
> > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +-
> > NetworkPkg/Network.dsc.inc | 5
> +++++
> > NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
> > OvmfPkg/Bhyve/BhyveX64.dsc | 7
> ++++++-
> > OvmfPkg/OvmfPkgIa32.dsc | 5
> +++++
> > OvmfPkg/OvmfPkgIa32X64.dsc | 5
> +++++
> > OvmfPkg/OvmfPkgX64.dsc | 5
> +++++
> > SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 2 --
> > SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf | 4 +---
> > 15 files changed, 51 insertions(+), 15 deletions(-)
> >
> > --
> > 2.21.0.windows.1
> >
> >
> >
> >
> >
>
>
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and SHA1 support
2020-11-13 6:25 ` 回复: " gaoliming
@ 2020-11-13 8:19 ` Yao, Jiewen
2020-11-13 20:04 ` 回复: " Laszlo Ersek
1 sibling, 0 replies; 6+ messages in thread
From: Yao, Jiewen @ 2020-11-13 8:19 UTC (permalink / raw)
To: devel@edk2.groups.io, gaoliming@byosoft.com.cn, Gao, Zhichao
Cc: Justen, Jordan L, 'Laszlo Ersek',
'Ard Biesheuvel', 'Sami Mujawar',
'Leif Lindholm', Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin,
Kinney, Michael D, Steele, Kelly, Sun, Zailiang, Qian, Yi,
'Maciej Rabeda', Wu, Jiaxin, Fu, Siyuan, Feng, Roger,
Liu, Zhiguang
For CryptoPkg and SecurityPkg, Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> gaoliming
> Sent: Friday, November 13, 2020 2:25 PM
> To: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@intel.com>
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; 'Laszlo Ersek'
> <lersek@redhat.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com>; 'Sami
> Mujawar' <sami.mujawar@arm.com>; 'Leif Lindholm' <leif@nuviainc.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin
> <guomin.jiang@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>; Sun,
> Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; 'Maciej
> Rabeda' <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>;
> Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com>; Liu,
> Zhiguang <zhiguang.liu@intel.com>
> Subject: 回复: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5
> and SHA1 support
>
> Zhichao:
> I see the latest V4 version have been sent. Few days may be required for
> code review.
>
> Hi, NetworkPkg, CryptoPkg, OvmfPkg, ArmVirtPkg package maintainer and
> reviewer:
> Because stable tag 202011 is coming soon, can you finish the code review
> for this patch set (V4 version) before Nov 17 (Next Tuesday)?
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: bounce+27952+67411+4905953+8761045@groups.io
> > <bounce+27952+67411+4905953+8761045@groups.io> 代表 Gao, Zhichao
> > 发送时间: 2020年11月13日 9:08
> > 收件人: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@intel.com>
> > 抄送: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>;
> > Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>;
> > Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin
> > <guomin.jiang@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>;
> > Steele, Kelly <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.
> com>;
> > Qian, Yi <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> > Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> > <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger
> > <roger.feng@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>
> > 主题: Re: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and
> > SHA1 support
> >
> > I plan to catch the 202011 stable tag for this patch set. Please help to
> review
> > this patch. I would like to request to extend time for review after
> feature
> > freeze.
> > Make the default setting for security and let the user of edk2 aware of it
> if
> > they are using unsecure functions make sense.
> > If you have any doubt or comment, please feel free to let me know.
> >
> > Thanks,
> > Zhichao
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> > Zhichao
> > > Sent: Wednesday, November 11, 2020 1:37 AM
> > > To: devel@edk2.groups.io
> > > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> > > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> > > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>;
> > Yao,
> > > Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Lu,
> > > XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin
> <guomin.jiang@intel.com>;
> > > Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly
> > > <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; Qian,
> Yi
> > > <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Maciej
> > Rabeda
> > > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu,
> > Siyuan
> > > <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com>; Liu,
> Zhiguang
> > > <zhiguang.liu@intel.com>
> > > Subject: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and
> > SHA1
> > > support
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027
> > >
> > > MD5 is deprecated, make it disable as default for security.
> > > It required to set MD5 enable explicitly if the module is still using
> MD5. List
> > the
> > > modules that are still using it:
> > > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL
> config).
> > >
> > > This patch set would affact the platforms that are using iSCSI function.
> > >
> > > V2:
> > > Remove MD5 and SHA1 support of Hash2DxeCrypto.
> > > Remove the MD5 GUID defination in MdePkg.dec. SHA1 related GUIDs
> are
> > still
> > > using in TPM2, so keep them.
> > > No requirement to add MD5 enable MACRO in SecurityPkg.
> > >
> > > V3:
> > > Explicitly enable iSCSI for ArmVirtQemu, ArmVirtQemuKernel,
> OvmfPkgIa32,
> > > OvmfPkgIa32X64, OvmfPkgX64 and BhyveX64.
> > > And set the MD5 enable base on the new MD5 MACRO.
> > > Rejust the patch order.
> > >
> > > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > > Cc: Laszlo Ersek <lersek@redhat.com>
> > > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> > > Cc: Sami Mujawar <sami.mujawar@arm.com>
> > > Cc: Leif Lindholm <leif@nuviainc.com>
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > Cc: Kelly Steele <kelly.steele@intel.com>
> > > Cc: Zailiang Sun <zailiang.sun@intel.com>
> > > Cc: Yi Qian <yi.qian@intel.com>
> > > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> > > Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > > Cc: Roger Feng <roger.feng@intel.com>
> > > Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > >
> > > Zhichao Gao (12):
> > > SecurityPkg/Hash2DxeCrypto: Remove MD5 support
> > > SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
> > > CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
> > > NetworkPkg: Enable MD5 while enable iSCSI
> > > ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI
> > > ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI
> > > OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI
> > > OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI
> > > OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI
> > > OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI
> > > NetworkPkg/Defines: Make iSCSI disable as default
> > > CryptoPkg: Make the MD5 disable as default for security
> > >
> > > ArmVirtPkg/ArmVirtQemu.dsc | 8
> > +++++++-
> > > ArmVirtPkg/ArmVirtQemuKernel.dsc | 8
> > +++++++-
> > > CryptoPkg/CryptoPkg.dsc | 3 +++
> > > CryptoPkg/Driver/Crypto.c | 4 ++--
> > > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +-
> > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +-
> > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +-
> > > NetworkPkg/Network.dsc.inc | 5
> > +++++
> > > NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
> > > OvmfPkg/Bhyve/BhyveX64.dsc | 7
> > ++++++-
> > > OvmfPkg/OvmfPkgIa32.dsc | 5
> > +++++
> > > OvmfPkg/OvmfPkgIa32X64.dsc | 5
> > +++++
> > > OvmfPkg/OvmfPkgX64.dsc | 5
> > +++++
> > > SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 2 --
> > > SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf | 4 +---
> > > 15 files changed, 51 insertions(+), 15 deletions(-)
> > >
> > > --
> > > 2.21.0.windows.1
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: 回复: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and SHA1 support
2020-11-13 6:25 ` 回复: " gaoliming
2020-11-13 8:19 ` Yao, Jiewen
@ 2020-11-13 20:04 ` Laszlo Ersek
2020-11-16 16:00 ` 回复: " gaoliming
1 sibling, 1 reply; 6+ messages in thread
From: Laszlo Ersek @ 2020-11-13 20:04 UTC (permalink / raw)
To: gaoliming, devel, zhichao.gao
Cc: 'Justen, Jordan L', 'Ard Biesheuvel',
'Sami Mujawar', 'Leif Lindholm',
'Yao, Jiewen', 'Wang, Jian J',
'Lu, XiaoyuX', 'Jiang, Guomin',
'Kinney, Michael D', 'Steele, Kelly',
'Sun, Zailiang', 'Qian, Yi',
'Maciej Rabeda', 'Wu, Jiaxin',
'Fu, Siyuan', 'Feng, Roger',
'Liu, Zhiguang'
On 11/13/20 07:25, gaoliming wrote:
> Zhichao:
> I see the latest V4 version have been sent. Few days may be required for
> code review.
>
> Hi, NetworkPkg, CryptoPkg, OvmfPkg, ArmVirtPkg package maintainer and
> reviewer:
> Because stable tag 202011 is coming soon, can you finish the code review
> for this patch set (V4 version) before Nov 17 (Next Tuesday)?
I will do what I can, but I'm extremely annoyed that we're seeing this
kind of churn *again* just before the stable tag.
If we're not ready to release edk2 at this time, the release should be
delayed.
I've been reviewing various materials in 95% of my time this week. I do
*NOT* appreciate being prodded for reviews when I'm already one of the
most responsive and busiest reviewers.
Laszlo
^ permalink raw reply [flat|nested] 6+ messages in thread
* 回复: 回复: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and SHA1 support
2020-11-13 20:04 ` 回复: " Laszlo Ersek
@ 2020-11-16 16:00 ` gaoliming
2020-11-17 5:33 ` Gao, Zhichao
0 siblings, 1 reply; 6+ messages in thread
From: gaoliming @ 2020-11-16 16:00 UTC (permalink / raw)
To: 'Laszlo Ersek', devel, zhichao.gao
Cc: 'Justen, Jordan L', 'Ard Biesheuvel',
'Sami Mujawar', 'Leif Lindholm',
'Yao, Jiewen', 'Wang, Jian J',
'Lu, XiaoyuX', 'Jiang, Guomin',
'Kinney, Michael D', 'Steele, Kelly',
'Sun, Zailiang', 'Qian, Yi',
'Maciej Rabeda', 'Wu, Jiaxin',
'Fu, Siyuan', 'Feng, Roger',
'Liu, Zhiguang'
Laszlo:
Thanks for your great support in edk2 community. You are the really role
model as the package maintainer.
Now, I see this patch set have got all required reviewed-by from the
package maintainer.
Thanks for all package maintainers to give the quick response so that
there is no block issue for this stable tag.
I will continue to monitor the patch status in SFF and HFF, and try best
to deliver the smooth stable tag release.
Thanks
Liming
> -----邮件原件-----
> 发件人: Laszlo Ersek <lersek@redhat.com>
> 发送时间: 2020年11月14日 4:05
> 收件人: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io;
> zhichao.gao@intel.com
> 抄送: 'Justen, Jordan L' <jordan.l.justen@intel.com>; 'Ard Biesheuvel'
> <ard.biesheuvel@arm.com>; 'Sami Mujawar' <sami.mujawar@arm.com>;
> 'Leif Lindholm' <leif@nuviainc.com>; 'Yao, Jiewen' <jiewen.yao@intel.com>;
> 'Wang, Jian J' <jian.j.wang@intel.com>; 'Lu, XiaoyuX'
<xiaoyux.lu@intel.com>;
> 'Jiang, Guomin' <guomin.jiang@intel.com>; 'Kinney, Michael D'
> <michael.d.kinney@intel.com>; 'Steele, Kelly' <kelly.steele@intel.com>;
'Sun,
> Zailiang' <zailiang.sun@intel.com>; 'Qian, Yi' <yi.qian@intel.com>;
'Maciej
> Rabeda' <maciej.rabeda@linux.intel.com>; 'Wu, Jiaxin'
> <jiaxin.wu@intel.com>; 'Fu, Siyuan' <siyuan.fu@intel.com>; 'Feng, Roger'
> <roger.feng@intel.com>; 'Liu, Zhiguang' <zhiguang.liu@intel.com>
> 主题: Re: 回复: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5
> and SHA1 support
>
> On 11/13/20 07:25, gaoliming wrote:
> > Zhichao:
> > I see the latest V4 version have been sent. Few days may be required
for
> > code review.
> >
> > Hi, NetworkPkg, CryptoPkg, OvmfPkg, ArmVirtPkg package maintainer and
> > reviewer:
> > Because stable tag 202011 is coming soon, can you finish the code
review
> > for this patch set (V4 version) before Nov 17 (Next Tuesday)?
>
> I will do what I can, but I'm extremely annoyed that we're seeing this
> kind of churn *again* just before the stable tag.
>
> If we're not ready to release edk2 at this time, the release should be
> delayed.
>
> I've been reviewing various materials in 95% of my time this week. I do
> *NOT* appreciate being prodded for reviews when I'm already one of the
> most responsive and busiest reviewers.
>
> Laszlo
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: 回复: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and SHA1 support
2020-11-16 16:00 ` 回复: " gaoliming
@ 2020-11-17 5:33 ` Gao, Zhichao
0 siblings, 0 replies; 6+ messages in thread
From: Gao, Zhichao @ 2020-11-17 5:33 UTC (permalink / raw)
To: gaoliming, 'Laszlo Ersek', devel@edk2.groups.io
Cc: Justen, Jordan L, 'Ard Biesheuvel',
'Sami Mujawar', 'Leif Lindholm', Yao, Jiewen,
Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin, Kinney, Michael D,
Steele, Kelly, Sun, Zailiang, Qian, Yi, 'Maciej Rabeda',
Wu, Jiaxin, Fu, Siyuan, Feng, Roger, Liu, Zhiguang
Update the patch set with required changes and R-B received on my branch:
https://github.com/ZhichaoGao/edk2/tree/MD5_disable
And it pass the open-CI, see the result: https://github.com/tianocore/edk2/pull/1129
Maintainers,
Please help to merge.
Thanks,
Zhichao
> -----Original Message-----
> From: gaoliming <gaoliming@byosoft.com.cn>
> Sent: Tuesday, November 17, 2020 12:01 AM
> To: 'Laszlo Ersek' <lersek@redhat.com>; devel@edk2.groups.io; Gao, Zhichao
> <zhichao.gao@intel.com>
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; 'Ard Biesheuvel'
> <ard.biesheuvel@arm.com>; 'Sami Mujawar' <sami.mujawar@arm.com>; 'Leif
> Lindholm' <leif@nuviainc.com>; Yao, Jiewen <jiewen.yao@intel.com>; Wang,
> Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang,
> Guomin <guomin.jiang@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>; Sun,
> Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; 'Maciej
> Rabeda' <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu,
> Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com>; Liu,
> Zhiguang <zhiguang.liu@intel.com>
> Subject: 回复: 回复: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5
> and SHA1 support
>
> Laszlo:
> Thanks for your great support in edk2 community. You are the really role model
> as the package maintainer.
>
> Now, I see this patch set have got all required reviewed-by from the package
> maintainer.
> Thanks for all package maintainers to give the quick response so that there is no
> block issue for this stable tag.
>
> I will continue to monitor the patch status in SFF and HFF, and try best to deliver
> the smooth stable tag release.
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: Laszlo Ersek <lersek@redhat.com>
> > 发送时间: 2020年11月14日 4:05
> > 收件人: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io;
> > zhichao.gao@intel.com
> > 抄送: 'Justen, Jordan L' <jordan.l.justen@intel.com>; 'Ard Biesheuvel'
> > <ard.biesheuvel@arm.com>; 'Sami Mujawar' <sami.mujawar@arm.com>; 'Leif
> > Lindholm' <leif@nuviainc.com>; 'Yao, Jiewen' <jiewen.yao@intel.com>;
> > 'Wang, Jian J' <jian.j.wang@intel.com>; 'Lu, XiaoyuX'
> <xiaoyux.lu@intel.com>;
> > 'Jiang, Guomin' <guomin.jiang@intel.com>; 'Kinney, Michael D'
> > <michael.d.kinney@intel.com>; 'Steele, Kelly'
> > <kelly.steele@intel.com>;
> 'Sun,
> > Zailiang' <zailiang.sun@intel.com>; 'Qian, Yi' <yi.qian@intel.com>;
> 'Maciej
> > Rabeda' <maciej.rabeda@linux.intel.com>; 'Wu, Jiaxin'
> > <jiaxin.wu@intel.com>; 'Fu, Siyuan' <siyuan.fu@intel.com>; 'Feng, Roger'
> > <roger.feng@intel.com>; 'Liu, Zhiguang' <zhiguang.liu@intel.com>
> > 主题: Re: 回复: [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5
> > and SHA1 support
> >
> > On 11/13/20 07:25, gaoliming wrote:
> > > Zhichao:
> > > I see the latest V4 version have been sent. Few days may be
> > > required
> for
> > > code review.
> > >
> > > Hi, NetworkPkg, CryptoPkg, OvmfPkg, ArmVirtPkg package maintainer
> > > and
> > > reviewer:
> > > Because stable tag 202011 is coming soon, can you finish the code
> review
> > > for this patch set (V4 version) before Nov 17 (Next Tuesday)?
> >
> > I will do what I can, but I'm extremely annoyed that we're seeing this
> > kind of churn *again* just before the stable tag.
> >
> > If we're not ready to release edk2 at this time, the release should be
> > delayed.
> >
> > I've been reviewing various materials in 95% of my time this week. I
> > do
> > *NOT* appreciate being prodded for reviews when I'm already one of the
> > most responsive and busiest reviewers.
> >
> > Laszlo
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-11-17 5:33 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1646361F135EC661.31324@groups.io>
2020-11-13 1:07 ` [edk2-devel] [PATCH V3 00/12] Disable the deprecated MD5 and SHA1 support Gao, Zhichao
2020-11-13 6:25 ` 回复: " gaoliming
2020-11-13 8:19 ` Yao, Jiewen
2020-11-13 20:04 ` 回复: " Laszlo Ersek
2020-11-16 16:00 ` 回复: " gaoliming
2020-11-17 5:33 ` Gao, Zhichao
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox