* [PATCH 0/5] Make the MD5 disable as default setting
@ 2020-10-26 9:03 Gao, Zhichao
2020-10-26 9:03 ` [PATCH 1/5] NetworkPkg/Defines: Make iSCSI disable as default Gao, Zhichao
` (5 more replies)
0 siblings, 6 replies; 9+ messages in thread
From: Gao, Zhichao @ 2020-10-26 9:03 UTC (permalink / raw)
To: devel
Cc: Jordan Justen, Laszlo Ersek, Ard Biesheuvel, Sami Mujawar,
Leif Lindholm, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Michael D Kinney, Kelly Steele, Zailiang Sun, Yi Qian, Liming Gao,
Maciej Rabeda, Jiaxin Wu, Siyuan Fu, Roger Feng
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
MD5 is deprecated, make it disable as default for security.
It required to set MD5 enable explicitly if the module is still
using MD5. List the modules that are still using it:
iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config).
This patch set would affact the platforms that are using iSCSI
function.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Zailiang Sun <zailiang.sun@intel.com>
Cc: Yi Qian <yi.qian@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Roger Feng <roger.feng@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Zhichao Gao (5):
NetworkPkg/Defines: Make iSCSI disable as default
NetworkPkg: Enable MD5 while enable iSCSI
SecurityPkg/dsc: Explicitly enable MD5 for package build
CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
CryptoPkg: Make the MD5 disable as default for security
CryptoPkg/CryptoPkg.dsc | 3 +++
CryptoPkg/Driver/Crypto.c | 4 ++--
CryptoPkg/Include/Library/BaseCryptLib.h | 2 +-
CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +-
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +-
NetworkPkg/Network.dsc.inc | 5 +++++
NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
SecurityPkg/SecurityPkg.dsc | 2 +-
8 files changed, 16 insertions(+), 8 deletions(-)
--
2.21.0.windows.1
^ permalink raw reply [flat|nested] 9+ messages in thread* [PATCH 1/5] NetworkPkg/Defines: Make iSCSI disable as default 2020-10-26 9:03 [PATCH 0/5] Make the MD5 disable as default setting Gao, Zhichao @ 2020-10-26 9:03 ` Gao, Zhichao 2020-10-26 9:03 ` [PATCH 2/5] NetworkPkg: Enable MD5 while enable iSCSI Gao, Zhichao ` (4 subsequent siblings) 5 siblings, 0 replies; 9+ messages in thread From: Gao, Zhichao @ 2020-10-26 9:03 UTC (permalink / raw) To: devel Cc: Jordan Justen, Laszlo Ersek, Ard Biesheuvel, Sami Mujawar, Leif Lindholm, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang, Michael D Kinney, Kelly Steele, Zailiang Sun, Yi Qian, Liming Gao, Maciej Rabeda, Jiaxin Wu, Siyuan Fu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 iSCSI is using the undeprecated function MD5. It is better to make the default setting secure. If the platforms want to use the iSCSI, they should enable it in the platforms' dsc file and be aware they are using an unsafe function. Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Kelly Steele <kelly.steele@intel.com> Cc: Zailiang Sun <zailiang.sun@intel.com> Cc: Yi Qian <yi.qian@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> --- NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc index a442d1b157..18921d81f6 100644 --- a/NetworkPkg/NetworkDefines.dsc.inc +++ b/NetworkPkg/NetworkDefines.dsc.inc @@ -17,7 +17,7 @@ # DEFINE NETWORK_TLS_ENABLE = TRUE # DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE # DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE -# DEFINE NETWORK_ISCSI_ENABLE = TRUE +# DEFINE NETWORK_ISCSI_ENABLE = FALSE # DEFINE NETWORK_VLAN_ENABLE = TRUE # # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> @@ -101,7 +101,7 @@ # Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used # since libssl is not required for iSCSI. # - DEFINE NETWORK_ISCSI_ENABLE = TRUE + DEFINE NETWORK_ISCSI_ENABLE = FALSE !endif !if $(NETWORK_ENABLE) == TRUE -- 2.21.0.windows.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/5] NetworkPkg: Enable MD5 while enable iSCSI 2020-10-26 9:03 [PATCH 0/5] Make the MD5 disable as default setting Gao, Zhichao 2020-10-26 9:03 ` [PATCH 1/5] NetworkPkg/Defines: Make iSCSI disable as default Gao, Zhichao @ 2020-10-26 9:03 ` Gao, Zhichao 2020-10-26 9:03 ` [PATCH 3/5] SecurityPkg/dsc: Explicitly enable MD5 for package build Gao, Zhichao ` (3 subsequent siblings) 5 siblings, 0 replies; 9+ messages in thread From: Gao, Zhichao @ 2020-10-26 9:03 UTC (permalink / raw) To: devel; +Cc: Maciej Rabeda, Jiaxin Wu, Siyuan Fu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 There is a plan to make MD5 disable as default. The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES would be introduced to enable MD5. Make the definition ahead of the change to avoid build error after the MACRO changed. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> --- NetworkPkg/Network.dsc.inc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc index 16f090a187..b761df900b 100644 --- a/NetworkPkg/Network.dsc.inc +++ b/NetworkPkg/Network.dsc.inc @@ -30,6 +30,11 @@ [LibraryClasses] !include NetworkPkg/NetworkLibs.dsc.inc +[BuildOptions] +!if $(NETWORK_ISCSI_ENABLE) == TRUE + *_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES +!endif + !if $(PLATFORMX64_ENABLE) == TRUE [Components.X64] !include NetworkPkg/NetworkComponents.dsc.inc -- 2.21.0.windows.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 3/5] SecurityPkg/dsc: Explicitly enable MD5 for package build 2020-10-26 9:03 [PATCH 0/5] Make the MD5 disable as default setting Gao, Zhichao 2020-10-26 9:03 ` [PATCH 1/5] NetworkPkg/Defines: Make iSCSI disable as default Gao, Zhichao 2020-10-26 9:03 ` [PATCH 2/5] NetworkPkg: Enable MD5 while enable iSCSI Gao, Zhichao @ 2020-10-26 9:03 ` Gao, Zhichao 2020-10-26 9:03 ` [PATCH 4/5] CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 Gao, Zhichao ` (2 subsequent siblings) 5 siblings, 0 replies; 9+ messages in thread From: Gao, Zhichao @ 2020-10-26 9:03 UTC (permalink / raw) To: devel; +Cc: Jiewen Yao, Jian J Wang REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 Hash2DxeCrypto.inf supports MD5. MD5 would be disable as default setting for edk2. Explicitly enable MD5 thru ENABLE_MD5_DEPRECATED_INTERFACES for package build. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> --- SecurityPkg/SecurityPkg.dsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 36d15b79f9..7af0a8c7eb 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -342,5 +342,5 @@ [BuildOptions] MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256 INTEL:*_*_IA32_DLINK_FLAGS = /ALIGN:256 - *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES -D ENABLE_MD5_DEPRECATED_INTERFACES -- 2.21.0.windows.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 4/5] CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 2020-10-26 9:03 [PATCH 0/5] Make the MD5 disable as default setting Gao, Zhichao ` (2 preceding siblings ...) 2020-10-26 9:03 ` [PATCH 3/5] SecurityPkg/dsc: Explicitly enable MD5 for package build Gao, Zhichao @ 2020-10-26 9:03 ` Gao, Zhichao 2020-10-26 9:03 ` [PATCH 5/5] CryptoPkg: Make the MD5 disable as default for security Gao, Zhichao 2020-10-26 9:34 ` [PATCH 0/5] Make the MD5 disable as default setting Yao, Jiewen 5 siblings, 0 replies; 9+ messages in thread From: Gao, Zhichao @ 2020-10-26 9:03 UTC (permalink / raw) To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 CRYPTO_SERVICES PACKAGES and ALL config would enable MD5 function. So explicitly enable MD5 while CRYPTO_SERVICES are set PACKAGES and ALL. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> --- CryptoPkg/CryptoPkg.dsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 0490eeb7e2..30c4909397 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -285,3 +285,6 @@ [BuildOptions] *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES +!if $(CRYPTO_SERVICES) IN "PACKAGE ALL" + *_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES +!endif -- 2.21.0.windows.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 5/5] CryptoPkg: Make the MD5 disable as default for security 2020-10-26 9:03 [PATCH 0/5] Make the MD5 disable as default setting Gao, Zhichao ` (3 preceding siblings ...) 2020-10-26 9:03 ` [PATCH 4/5] CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 Gao, Zhichao @ 2020-10-26 9:03 ` Gao, Zhichao 2020-10-26 9:34 ` [PATCH 0/5] Make the MD5 disable as default setting Yao, Jiewen 5 siblings, 0 replies; 9+ messages in thread From: Gao, Zhichao @ 2020-10-26 9:03 UTC (permalink / raw) To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 Make the deprecated MD5 disable as default setting for security. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> --- CryptoPkg/Driver/Crypto.c | 4 ++-- CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d9096ea603..26f280cd5d 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -243,7 +243,7 @@ DeprecatedCryptoServiceMd4HashAll ( return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE; } -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. @@ -4494,7 +4494,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { DeprecatedCryptoServiceMd4Update, DeprecatedCryptoServiceMd4Final, DeprecatedCryptoServiceMd4HashAll, -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES /// Md5 - deprecated and unsupported DeprecatedCryptoServiceMd5GetContextSize, DeprecatedCryptoServiceMd5Init, diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index ae9bde9e37..496121e6a4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -72,7 +72,7 @@ typedef enum { // One-Way Cryptographic Hash Primitives //===================================================================================== -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c index b85e7f4d12..d670f17424 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalCryptLib.h" #include <openssl/md5.h> -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 3f14c6d262..8b43d1363c 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -99,7 +99,7 @@ CryptoServiceNotAvailable ( // One-Way Cryptographic Hash Primitives //===================================================================================== -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. -- 2.21.0.windows.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 0/5] Make the MD5 disable as default setting 2020-10-26 9:03 [PATCH 0/5] Make the MD5 disable as default setting Gao, Zhichao ` (4 preceding siblings ...) 2020-10-26 9:03 ` [PATCH 5/5] CryptoPkg: Make the MD5 disable as default for security Gao, Zhichao @ 2020-10-26 9:34 ` Yao, Jiewen 2020-10-27 0:55 ` Gao, Zhichao 5 siblings, 1 reply; 9+ messages in thread From: Yao, Jiewen @ 2020-10-26 9:34 UTC (permalink / raw) To: Gao, Zhichao, devel@edk2.groups.io Cc: Justen, Jordan L, Laszlo Ersek, Ard Biesheuvel, Sami Mujawar, Leif Lindholm, Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin, Kinney, Michael D, Steele, Kelly, Sun, Zailiang, Qian, Yi, Liming Gao, Maciej Rabeda, Wu, Jiaxin, Fu, Siyuan, Feng, Roger Thanks Zhichao. Can we remove MD5 from Hash2DxeCrypto ? I don't see a strong reason to include. It should only be used by iSCSI. Also, if possible, I prefer to remove SHA1 from Hash2DxeCrypto as well. Thank you Yao Jiewen > -----Original Message----- > From: Gao, Zhichao <zhichao.gao@intel.com> > Sent: Monday, October 26, 2020 5:04 PM > To: devel@edk2.groups.io > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; > Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; > Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin > <guomin.jiang@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; > Steele, Kelly <kelly.steele@intel.com>; Sun, Zailiang > <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Maciej Rabeda > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, > Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com> > Subject: [PATCH 0/5] Make the MD5 disable as default setting > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 > > MD5 is deprecated, make it disable as default for security. > It required to set MD5 enable explicitly if the module is still > using MD5. List the modules that are still using it: > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config). > > This patch set would affact the platforms that are using iSCSI > function. > > Cc: Jordan Justen <jordan.l.justen@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> > Cc: Sami Mujawar <sami.mujawar@arm.com> > Cc: Leif Lindholm <leif@nuviainc.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > Cc: Guomin Jiang <guomin.jiang@intel.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Kelly Steele <kelly.steele@intel.com> > Cc: Zailiang Sun <zailiang.sun@intel.com> > Cc: Yi Qian <yi.qian@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> > Cc: Jiaxin Wu <jiaxin.wu@intel.com> > Cc: Siyuan Fu <siyuan.fu@intel.com> > Cc: Roger Feng <roger.feng@intel.com> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> > > Zhichao Gao (5): > NetworkPkg/Defines: Make iSCSI disable as default > NetworkPkg: Enable MD5 while enable iSCSI > SecurityPkg/dsc: Explicitly enable MD5 for package build > CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 > CryptoPkg: Make the MD5 disable as default for security > > CryptoPkg/CryptoPkg.dsc | 3 +++ > CryptoPkg/Driver/Crypto.c | 4 ++-- > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- > NetworkPkg/Network.dsc.inc | 5 +++++ > NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- > SecurityPkg/SecurityPkg.dsc | 2 +- > 8 files changed, 16 insertions(+), 8 deletions(-) > > -- > 2.21.0.windows.1 ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/5] Make the MD5 disable as default setting 2020-10-26 9:34 ` [PATCH 0/5] Make the MD5 disable as default setting Yao, Jiewen @ 2020-10-27 0:55 ` Gao, Zhichao 2020-10-29 3:01 ` Feng, Roger 0 siblings, 1 reply; 9+ messages in thread From: Gao, Zhichao @ 2020-10-27 0:55 UTC (permalink / raw) To: Yao, Jiewen, devel@edk2.groups.io Cc: Justen, Jordan L, Laszlo Ersek, Ard Biesheuvel, Sami Mujawar, Leif Lindholm, Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin, Kinney, Michael D, Steele, Kelly, Sun, Zailiang, Qian, Yi, Liming Gao, Maciej Rabeda, Wu, Jiaxin, Fu, Siyuan, Feng, Roger Let me prepare the V2 to remove them(MD5 and SHA1)。 Thanks, Zhichao > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Monday, October 26, 2020 5:35 PM > To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; Wang, > Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, > Guomin <guomin.jiang@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>; Sun, > Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Maciej Rabeda <maciej.rabeda@linux.intel.com>; > Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, > Roger <roger.feng@intel.com> > Subject: RE: [PATCH 0/5] Make the MD5 disable as default setting > > Thanks Zhichao. > > Can we remove MD5 from Hash2DxeCrypto ? > I don’t see a strong reason to include. > It should only be used by iSCSI. > > Also, if possible, I prefer to remove SHA1 from Hash2DxeCrypto as well. > > Thank you > Yao Jiewen > > > > -----Original Message----- > > From: Gao, Zhichao <zhichao.gao@intel.com> > > Sent: Monday, October 26, 2020 5:04 PM > > To: devel@edk2.groups.io > > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; > > Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, > > Guomin <guomin.jiang@intel.com>; Kinney, Michael D > > <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>; > > Sun, Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; > > Liming Gao <gaoliming@byosoft.com.cn>; Maciej Rabeda > > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, > > Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com> > > Subject: [PATCH 0/5] Make the MD5 disable as default setting > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 > > > > MD5 is deprecated, make it disable as default for security. > > It required to set MD5 enable explicitly if the module is still using > > MD5. List the modules that are still using it: > > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config). > > > > This patch set would affact the platforms that are using iSCSI > > function. > > > > Cc: Jordan Justen <jordan.l.justen@intel.com> > > Cc: Laszlo Ersek <lersek@redhat.com> > > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> > > Cc: Sami Mujawar <sami.mujawar@arm.com> > > Cc: Leif Lindholm <leif@nuviainc.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > > Cc: Guomin Jiang <guomin.jiang@intel.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Kelly Steele <kelly.steele@intel.com> > > Cc: Zailiang Sun <zailiang.sun@intel.com> > > Cc: Yi Qian <yi.qian@intel.com> > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> > > Cc: Jiaxin Wu <jiaxin.wu@intel.com> > > Cc: Siyuan Fu <siyuan.fu@intel.com> > > Cc: Roger Feng <roger.feng@intel.com> > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> > > > > Zhichao Gao (5): > > NetworkPkg/Defines: Make iSCSI disable as default > > NetworkPkg: Enable MD5 while enable iSCSI > > SecurityPkg/dsc: Explicitly enable MD5 for package build > > CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 > > CryptoPkg: Make the MD5 disable as default for security > > > > CryptoPkg/CryptoPkg.dsc | 3 +++ > > CryptoPkg/Driver/Crypto.c | 4 ++-- > > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- > > NetworkPkg/Network.dsc.inc | 5 +++++ > > NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- > > SecurityPkg/SecurityPkg.dsc | 2 +- > > 8 files changed, 16 insertions(+), 8 deletions(-) > > > > -- > > 2.21.0.windows.1 ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/5] Make the MD5 disable as default setting 2020-10-27 0:55 ` Gao, Zhichao @ 2020-10-29 3:01 ` Feng, Roger 0 siblings, 0 replies; 9+ messages in thread From: Feng, Roger @ 2020-10-29 3:01 UTC (permalink / raw) To: Gao, Zhichao, Yao, Jiewen, devel@edk2.groups.io Cc: Justen, Jordan L, Laszlo Ersek, Ard Biesheuvel, Sami Mujawar, Leif Lindholm, Wang, Jian J, Lu, XiaoyuX, Jiang, Guomin, Kinney, Michael D, Steele, Kelly, Sun, Zailiang, Qian, Yi, Liming Gao, Maciej Rabeda, Wu, Jiaxin, Fu, Siyuan, Zhang, Qi1 +Qi for review -----Original Message----- From: Gao, Zhichao <zhichao.gao@intel.com> Sent: Tuesday, October 27, 2020 8:55 AM To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com> Subject: RE: [PATCH 0/5] Make the MD5 disable as default setting Let me prepare the V2 to remove them(MD5 and SHA1)。 Thanks, Zhichao > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Monday, October 26, 2020 5:35 PM > To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; > Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX > <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; > Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly > <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; > Qian, Yi <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin > <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger > <roger.feng@intel.com> > Subject: RE: [PATCH 0/5] Make the MD5 disable as default setting > > Thanks Zhichao. > > Can we remove MD5 from Hash2DxeCrypto ? > I don’t see a strong reason to include. > It should only be used by iSCSI. > > Also, if possible, I prefer to remove SHA1 from Hash2DxeCrypto as well. > > Thank you > Yao Jiewen > > > > -----Original Message----- > > From: Gao, Zhichao <zhichao.gao@intel.com> > > Sent: Monday, October 26, 2020 5:04 PM > > To: devel@edk2.groups.io > > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; > > Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, > > Guomin <guomin.jiang@intel.com>; Kinney, Michael D > > <michael.d.kinney@intel.com>; Steele, Kelly > > <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; > > Qian, Yi <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > > Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin > > <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger > > <roger.feng@intel.com> > > Subject: [PATCH 0/5] Make the MD5 disable as default setting > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 > > > > MD5 is deprecated, make it disable as default for security. > > It required to set MD5 enable explicitly if the module is still > > using MD5. List the modules that are still using it: > > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config). > > > > This patch set would affact the platforms that are using iSCSI > > function. > > > > Cc: Jordan Justen <jordan.l.justen@intel.com> > > Cc: Laszlo Ersek <lersek@redhat.com> > > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> > > Cc: Sami Mujawar <sami.mujawar@arm.com> > > Cc: Leif Lindholm <leif@nuviainc.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > > Cc: Guomin Jiang <guomin.jiang@intel.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Kelly Steele <kelly.steele@intel.com> > > Cc: Zailiang Sun <zailiang.sun@intel.com> > > Cc: Yi Qian <yi.qian@intel.com> > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> > > Cc: Jiaxin Wu <jiaxin.wu@intel.com> > > Cc: Siyuan Fu <siyuan.fu@intel.com> > > Cc: Roger Feng <roger.feng@intel.com> > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> > > > > Zhichao Gao (5): > > NetworkPkg/Defines: Make iSCSI disable as default > > NetworkPkg: Enable MD5 while enable iSCSI > > SecurityPkg/dsc: Explicitly enable MD5 for package build > > CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 > > CryptoPkg: Make the MD5 disable as default for security > > > > CryptoPkg/CryptoPkg.dsc | 3 +++ > > CryptoPkg/Driver/Crypto.c | 4 ++-- > > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- > > NetworkPkg/Network.dsc.inc | 5 +++++ > > NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- > > SecurityPkg/SecurityPkg.dsc | 2 +- > > 8 files changed, 16 insertions(+), 8 deletions(-) > > > > -- > > 2.21.0.windows.1 ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-10-29 3:01 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-10-26 9:03 [PATCH 0/5] Make the MD5 disable as default setting Gao, Zhichao 2020-10-26 9:03 ` [PATCH 1/5] NetworkPkg/Defines: Make iSCSI disable as default Gao, Zhichao 2020-10-26 9:03 ` [PATCH 2/5] NetworkPkg: Enable MD5 while enable iSCSI Gao, Zhichao 2020-10-26 9:03 ` [PATCH 3/5] SecurityPkg/dsc: Explicitly enable MD5 for package build Gao, Zhichao 2020-10-26 9:03 ` [PATCH 4/5] CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 Gao, Zhichao 2020-10-26 9:03 ` [PATCH 5/5] CryptoPkg: Make the MD5 disable as default for security Gao, Zhichao 2020-10-26 9:34 ` [PATCH 0/5] Make the MD5 disable as default setting Yao, Jiewen 2020-10-27 0:55 ` Gao, Zhichao 2020-10-29 3:01 ` Feng, Roger
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox