From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.3969.1585274199082932232 for ; Thu, 26 Mar 2020 18:56:39 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: zhichao.gao@intel.com) IronPort-SDR: eKoG7VgFD1ICedxBf79TheMvKvSTqJWAGYU8KMsanSltWPrYMJmT1QKX3Ip4znKZoX958z8q4K emCDoKZVqL5w== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 18:56:38 -0700 IronPort-SDR: QdMftGSjTFIUGNLbf62mmJdOGdti+tjtikLG5dBaBP0n7kP4+VndZcQtFjmSArNTJagSGeqzOo s/Gx55WShPfQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447246790" Received: from fieedk001.ccr.corp.intel.com ([10.239.33.114]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 18:56:37 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu , Maciej Rabeda , Jiaxin Wu , Siyuan Fu Subject: [PATCH 0/8] CryptoPkg: Retire the deprecate function Date: Fri, 27 Mar 2020 09:56:21 +0800 Message-Id: <20200327015629.2588-1-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer. They are all deprecated. Edk2 would not support them any longer. So remove them. But uefi spec want to keep MD5 and SHA1 for backwards compatibility. So add two pcds to control the MD5 and SHA1 enablement. Set the pcds default value to false to indicate they are deprecated. NetWorkPkg's iSCSI driver would consume the MD5 function, so change the md5 pcd to TURE when iSCSI is enabled. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Maciej Rabeda Cc: Jiaxin Wu Cc: Siyuan Fu Signed-off-by: Zhichao Gao Zhichao Gao (8): CryptoPkg/BaseCrpytLib: Retire MD4 algorithm CryptoPkg/BaseCryptLib: Retire ARC4 algorithm CryptoPkg/BaseCryptLib: Retire the Tdes algorithm CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm CryptoPkg/dec: Add pcds to avoid building the deprecated function NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI Crypto/BaseCryptLib: Using pcd to control MD5 enablement CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement CryptoPkg/CryptoPkg.dec | 11 + CryptoPkg/CryptoPkg.uni | 11 + CryptoPkg/Driver/Crypto.c | 634 +----------------- CryptoPkg/Include/Library/BaseCryptLib.h | 548 --------------- .../Library/BaseCryptLib/BaseCryptLib.inf | 9 +- .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ---- .../BaseCryptLib/Cipher/CryptAesNull.c | 52 -- .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------ .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ---- .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ---------- .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 ----- .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------ .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ---- .../Library/BaseCryptLib/Hash/CryptMd5.c | 5 +- .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 3 + .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 3 + .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 + .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 + .../Library/BaseCryptLib/PeiCryptLib.inf | 13 +- .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 + .../Library/BaseCryptLib/Pk/CryptRsaBasic.c | 5 + .../Library/BaseCryptLib/Pk/CryptRsaExt.c | 5 + .../Library/BaseCryptLib/RuntimeCryptLib.inf | 13 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 13 +- .../BaseCryptLibNull/BaseCryptLibNull.inf | 3 - .../BaseCryptLibNull/Cipher/CryptAesNull.c | 54 +- .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ---- .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 ----- .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ---- .../BaseCryptLibNull/Hash/CryptMd5Null.c | 3 + .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 3 + .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 604 +---------------- .../Library/BaseHashApiLib/BaseHashApiLib.c | 12 + .../Library/BaseHashApiLib/BaseHashApiLib.inf | 1 + CryptoPkg/Private/Protocol/Crypto.h | 583 +--------------- NetworkPkg/NetworkPcds.dsc.inc | 5 +- 37 files changed, 145 insertions(+), 4221 deletions(-) delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c -- 2.21.0.windows.1