From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.10079.1603703131777658711 for ; Mon, 26 Oct 2020 02:05:31 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: zhichao.gao@intel.com) IronPort-SDR: NcBq/LWQNWenv6LhSaPtNkwtr+DovCDDHnKnAFHb+d+Qxxny0//RcsKZNOxNoT4DDddYV0VonL 9jinhbKBVgmQ== X-IronPort-AV: E=McAfee;i="6000,8403,9785"; a="252595194" X-IronPort-AV: E=Sophos;i="5.77,417,1596524400"; d="scan'208";a="252595194" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2020 02:05:30 -0700 IronPort-SDR: r/kqhCmcrh9tzyXNieu8osN7dOTPf6+PTZWfScZjsEULyEf+U5ENxPQft5QJxnts3unCTqlv/N H8hboo0jK3Ug== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,417,1596524400"; d="scan'208";a="350038484" Received: from fieedk001.ccr.corp.intel.com ([10.239.153.118]) by fmsmga004.fm.intel.com with ESMTP; 26 Oct 2020 02:05:26 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Sami Mujawar , Leif Lindholm , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Michael D Kinney , Kelly Steele , Zailiang Sun , Yi Qian , Liming Gao , Maciej Rabeda , Jiaxin Wu , Siyuan Fu , Roger Feng Subject: [PATCH 0/5] Make the MD5 disable as default setting Date: Mon, 26 Oct 2020 17:03:38 +0800 Message-Id: <20201026090343.13048-1-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 MD5 is deprecated, make it disable as default for security. It required to set MD5 enable explicitly if the module is still using MD5. List the modules that are still using it: iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config). This patch set would affact the platforms that are using iSCSI function. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Sami Mujawar Cc: Leif Lindholm Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Cc: Kelly Steele Cc: Zailiang Sun Cc: Yi Qian Cc: Liming Gao Cc: Maciej Rabeda Cc: Jiaxin Wu Cc: Siyuan Fu Cc: Roger Feng Signed-off-by: Zhichao Gao Zhichao Gao (5): NetworkPkg/Defines: Make iSCSI disable as default NetworkPkg: Enable MD5 while enable iSCSI SecurityPkg/dsc: Explicitly enable MD5 for package build CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 CryptoPkg: Make the MD5 disable as default for security CryptoPkg/CryptoPkg.dsc | 3 +++ CryptoPkg/Driver/Crypto.c | 4 ++-- CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- NetworkPkg/Network.dsc.inc | 5 +++++ NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- SecurityPkg/SecurityPkg.dsc | 2 +- 8 files changed, 16 insertions(+), 8 deletions(-) -- 2.21.0.windows.1