public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH 0/8] CryptoPkg: Retire the deprecate function
@ 2020-03-27  1:56 Gao, Zhichao
  2020-03-27  1:56 ` [PATCH 1/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
                   ` (10 more replies)
  0 siblings, 11 replies; 38+ messages in thread
From: Gao, Zhichao @ 2020-03-27  1:56 UTC (permalink / raw)
  To: devel; +Cc: Jian J Wang, Xiaoyu Lu, Maciej Rabeda, Jiaxin Wu, Siyuan Fu

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer.
They are all deprecated. Edk2 would not support them any longer.
So remove them.
But uefi spec want to keep MD5 and SHA1 for backwards compatibility.
So add two pcds to control the MD5 and SHA1 enablement. Set the pcds
default value to false to indicate they are deprecated.

NetWorkPkg's iSCSI driver would consume the MD5 function, so change
the md5 pcd to TURE when iSCSI is enabled.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>

Zhichao Gao (8):
  CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
  CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
  CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
  CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
  CryptoPkg/dec: Add pcds to avoid building the deprecated function
  NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI
  Crypto/BaseCryptLib: Using pcd to control MD5 enablement
  CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement

 CryptoPkg/CryptoPkg.dec                       |  11 +
 CryptoPkg/CryptoPkg.uni                       |  11 +
 CryptoPkg/Driver/Crypto.c                     | 634 +-----------------
 CryptoPkg/Include/Library/BaseCryptLib.h      | 548 ---------------
 .../Library/BaseCryptLib/BaseCryptLib.inf     |   9 +-
 .../Library/BaseCryptLib/Cipher/CryptAes.c    | 114 ----
 .../BaseCryptLib/Cipher/CryptAesNull.c        |  52 --
 .../Library/BaseCryptLib/Cipher/CryptArc4.c   | 205 ------
 .../BaseCryptLib/Cipher/CryptArc4Null.c       | 124 ----
 .../Library/BaseCryptLib/Cipher/CryptTdes.c   | 364 ----------
 .../BaseCryptLib/Cipher/CryptTdesNull.c       | 160 -----
 .../Library/BaseCryptLib/Hash/CryptMd4.c      | 223 ------
 .../Library/BaseCryptLib/Hash/CryptMd4Null.c  | 143 ----
 .../Library/BaseCryptLib/Hash/CryptMd5.c      |   5 +-
 .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c  |   3 +
 .../BaseCryptLib/Hmac/CryptHmacMd5Null.c      |   3 +
 .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c |   3 +
 .../BaseCryptLib/Hmac/CryptHmacSha1Null.c     |   3 +
 .../Library/BaseCryptLib/PeiCryptLib.inf      |  13 +-
 .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c        |   3 +
 .../Library/BaseCryptLib/Pk/CryptRsaBasic.c   |   5 +
 .../Library/BaseCryptLib/Pk/CryptRsaExt.c     |   5 +
 .../Library/BaseCryptLib/RuntimeCryptLib.inf  |  13 +-
 .../Library/BaseCryptLib/SmmCryptLib.inf      |  13 +-
 .../BaseCryptLibNull/BaseCryptLibNull.inf     |   3 -
 .../BaseCryptLibNull/Cipher/CryptAesNull.c    |  54 +-
 .../BaseCryptLibNull/Cipher/CryptArc4Null.c   | 124 ----
 .../BaseCryptLibNull/Cipher/CryptTdesNull.c   | 160 -----
 .../BaseCryptLibNull/Hash/CryptMd4Null.c      | 143 ----
 .../BaseCryptLibNull/Hash/CryptMd5Null.c      |   3 +
 .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c  |   3 +
 .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c |   4 +-
 .../BaseCryptLibOnProtocolPpi/CryptLib.c      | 604 +----------------
 .../Library/BaseHashApiLib/BaseHashApiLib.c   |  12 +
 .../Library/BaseHashApiLib/BaseHashApiLib.inf |   1 +
 CryptoPkg/Private/Protocol/Crypto.h           | 583 +---------------
 NetworkPkg/NetworkPcds.dsc.inc                |   5 +-
 37 files changed, 145 insertions(+), 4221 deletions(-)
 delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
 delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c

-- 
2.21.0.windows.1


^ permalink raw reply	[flat|nested] 38+ messages in thread

end of thread, other threads:[~2020-04-14  4:38 UTC | newest]

Thread overview: 38+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-27  1:56 [PATCH 0/8] CryptoPkg: Retire the deprecate function Gao, Zhichao
2020-03-27  1:56 ` [PATCH 1/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-03-27  1:56 ` [PATCH 2/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-03-27  1:56 ` [PATCH 3/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
2020-03-27  1:56 ` [PATCH 4/8] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
2020-03-27  1:56 ` [PATCH 5/8] CryptoPkg/dec: Add pcds to avoid building the deprecated function Gao, Zhichao
2020-03-27  1:56 ` [PATCH 6/8] NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI Gao, Zhichao
2020-03-27  2:07   ` Siyuan, Fu
2020-03-30 12:01   ` [edk2-devel] " Maciej Rabeda
2020-03-27  1:56 ` [PATCH 7/8] Crypto/BaseCryptLib: Using pcd to control MD5 enablement Gao, Zhichao
2020-03-27  1:56 ` [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement Gao, Zhichao
2020-03-27  2:04   ` [edk2-devel] " Michael D Kinney
2020-03-27  2:44     ` Gao, Zhichao
2020-03-27  2:51       ` Wang, Jian J
2020-03-27 17:35         ` Laszlo Ersek
2020-03-27  2:01 ` [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function Yao, Jiewen
2020-03-27  2:43   ` Gao, Zhichao
2020-03-27  2:50     ` Yao, Jiewen
2020-03-27  2:54       ` Gao, Zhichao
     [not found] ` <160006BBBC4857E5.7267@groups.io>
2020-03-27  2:20   ` Yao, Jiewen
2020-03-27  2:53     ` Gao, Zhichao
2020-03-27  2:47 ` Siyuan, Fu
2020-03-27  2:57   ` [edk2-devel] " Yao, Jiewen
2020-03-27  3:06     ` Siyuan, Fu
2020-03-27  4:59       ` Yao, Jiewen
2020-03-27  5:43         ` Siyuan, Fu
2020-03-27  5:50           ` Yao, Jiewen
2020-03-27  6:03             ` Siyuan, Fu
2020-03-27  6:15               ` Yao, Jiewen
2020-03-27  9:19                 ` Ni, Ray
2020-03-27 16:38         ` Michael D Kinney
2020-03-27 23:43           ` Yao, Jiewen
2020-03-30  2:17             ` Siyuan, Fu
2020-03-30  2:47               ` Yao, Jiewen
2020-03-30  3:04                 ` Siyuan, Fu
2020-03-30 17:30                   ` Michael D Kinney
2020-03-31  0:34                     ` Yao, Jiewen
2020-04-14  4:36                       ` Gao, Zhichao

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox