From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web09.31448.1605029824101645772 for ; Tue, 10 Nov 2020 09:37:04 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: zhichao.gao@intel.com) IronPort-SDR: d22Ir3sK6HwPmHv+b/BkoMj4rSdJjWwLUodaSzitzQTY2SUMhmjmvd4xxJVJ5gV2D11pk44veb AN+8Cf1Ydhtg== X-IronPort-AV: E=McAfee;i="6000,8403,9801"; a="149867195" X-IronPort-AV: E=Sophos;i="5.77,466,1596524400"; d="scan'208";a="149867195" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Nov 2020 09:36:59 -0800 IronPort-SDR: 0me0ajA0LG5uht4EkV+/htOb4BGi9Hdpqmcpumuq8wdauizAYoNE+oWJDw+9Pmu9X9R0fXWaPo gudc9LXLQNrg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,466,1596524400"; d="scan'208";a="473509518" Received: from fieedk001.ccr.corp.intel.com ([10.239.153.118]) by orsmga004.jf.intel.com with ESMTP; 10 Nov 2020 09:36:54 -0800 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Sami Mujawar , Leif Lindholm , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang , Michael D Kinney , Kelly Steele , Zailiang Sun , Yi Qian , Liming Gao , Maciej Rabeda , Jiaxin Wu , Siyuan Fu , Roger Feng , Zhiguang Liu Subject: [PATCH V3 00/12] Disable the deprecated MD5 and SHA1 support Date: Wed, 11 Nov 2020 01:36:39 +0800 Message-Id: <20201110173651.54036-1-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027 MD5 is deprecated, make it disable as default for security. It required to set MD5 enable explicitly if the module is still using MD5. List the modules that are still using it: iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config). This patch set would affact the platforms that are using iSCSI function. V2: Remove MD5 and SHA1 support of Hash2DxeCrypto. Remove the MD5 GUID defination in MdePkg.dec. SHA1 related GUIDs are still using in TPM2, so keep them. No requirement to add MD5 enable MACRO in SecurityPkg. V3: Explicitly enable iSCSI for ArmVirtQemu, ArmVirtQemuKernel, OvmfPkgIa32, OvmfPkgIa32X64, OvmfPkgX64 and BhyveX64. And set the MD5 enable base on the new MD5 MACRO. Rejust the patch order. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Sami Mujawar Cc: Leif Lindholm Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Cc: Kelly Steele Cc: Zailiang Sun Cc: Yi Qian Cc: Liming Gao Cc: Maciej Rabeda Cc: Jiaxin Wu Cc: Siyuan Fu Cc: Roger Feng Cc: Zhiguang Liu Signed-off-by: Zhichao Gao Zhichao Gao (12): SecurityPkg/Hash2DxeCrypto: Remove MD5 support SecurityPkg/Hash2DxeCrypto: Remove SHA1 support CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 NetworkPkg: Enable MD5 while enable iSCSI ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI NetworkPkg/Defines: Make iSCSI disable as default CryptoPkg: Make the MD5 disable as default for security ArmVirtPkg/ArmVirtQemu.dsc | 8 +++++++- ArmVirtPkg/ArmVirtQemuKernel.dsc | 8 +++++++- CryptoPkg/CryptoPkg.dsc | 3 +++ CryptoPkg/Driver/Crypto.c | 4 ++-- CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- NetworkPkg/Network.dsc.inc | 5 +++++ NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- OvmfPkg/Bhyve/BhyveX64.dsc | 7 ++++++- OvmfPkg/OvmfPkgIa32.dsc | 5 +++++ OvmfPkg/OvmfPkgIa32X64.dsc | 5 +++++ OvmfPkg/OvmfPkgX64.dsc | 5 +++++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 2 -- SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf | 4 +--- 15 files changed, 51 insertions(+), 15 deletions(-) -- 2.21.0.windows.1