[PATCH V4 00/13] Disable the deprecated MD5 and SHA1 support

[PATCH V4 00/13] Disable the deprecated MD5 and SHA1 support

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027

MD5 is deprecated, make it disable as default for security.
It required to set MD5 enable explicitly if the module is still using 
MD5. List the modules that are still using it:
iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config).

This patch set would affact the platforms that are using iSCSI 
function.

V2:
Remove MD5 and SHA1 support of Hash2DxeCrypto.
Remove the MD5 GUID defination in MdePkg.dec. SHA1 related GUIDs
are still using in TPM2, so keep them.
No requirement to add MD5 enable MACRO in SecurityPkg.

V3:
Explicitly enable iSCSI for ArmVirtQemu, ArmVirtQemuKernel,
OvmfPkgIa32, OvmfPkgIa32X64, OvmfPkgX64 and BhyveX64.
And set the MD5 enable base on the new MD5 MACRO.
Rejust the patch order.

V14:
Fix some typos.
Change the commit message.
Add NetworkBuildOptions.dsc.inc and add the MACRO for
different toolchain.
Using inc file in the related package dsc file:
ArmVirtQemu, ArmVirtQemuKernel, OvmfPkgIa32, OvmfPkgIa32X64,
OvmfPkgX64, OvmfXen and BhyveX64.
Enable iSCSI in NetworkPkg.dsc for build test.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Zailiang Sun <zailiang.sun@intel.com>
Cc: Yi Qian <yi.qian@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Roger Feng <roger.feng@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>

Zhichao Gao (13):
  SecurityPkg/Hash2DxeCrypto: Remove MD5 support
  SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
  CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
  NetworkPkg: Enable MD5 while enable iSCSI
  ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI
  ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI
  OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI
  OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI
  OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI
  OvmfPkg/OvmfXen.dsc: Enable MD5 while enable iSCSI
  OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI
  NetworkPkg/Defines: Make iSCSI disable as default
  CryptoPkg: Make the MD5 disable as default for security

 ArmVirtPkg/ArmVirtQemu.dsc                    |  6 ++++-
 ArmVirtPkg/ArmVirtQemuKernel.dsc              |  5 ++++-
 CryptoPkg/CryptoPkg.dsc                       |  6 +++++
 CryptoPkg/Driver/Crypto.c                     |  4 ++--
 CryptoPkg/Include/Library/BaseCryptLib.h      |  2 +-
 .../Library/BaseCryptLib/Hash/CryptMd5.c      |  2 +-
 .../BaseCryptLibOnProtocolPpi/CryptLib.c      |  2 +-
 NetworkPkg/Network.dsc.inc                    |  5 ++++-
 NetworkPkg/NetworkBuildOptions.dsc.inc        | 22 +++++++++++++++++++
 NetworkPkg/NetworkDefines.dsc.inc             |  4 ++--
 NetworkPkg/NetworkPkg.dsc                     |  4 +++-
 OvmfPkg/Bhyve/BhyveX64.dsc                    |  5 ++++-
 OvmfPkg/OvmfPkgIa32.dsc                       |  3 +++
 OvmfPkg/OvmfPkgIa32X64.dsc                    |  3 +++
 OvmfPkg/OvmfPkgX64.dsc                        |  3 +++
 OvmfPkg/OvmfXen.dsc                           |  3 +++
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c   |  2 --
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf |  4 +---
 18 files changed, 68 insertions(+), 17 deletions(-)
 create mode 100644 NetworkPkg/NetworkBuildOptions.dsc.inc

-- 
2.21.0.windows.1

[PATCH V4 01/13] SecurityPkg/Hash2DxeCrypto: Remove MD5 support

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027

Remove the deprecated MD5 support of Hash2DxeCrypto
driver.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c   | 1 -
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf | 3 +--
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
index d96bc136e2..50a6157bd9 100644
--- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
+++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
@@ -120,7 +120,6 @@ typedef struct {
 } EFI_HASH_INFO;
 
 EFI_HASH_INFO  mHashInfo[] = {
-  {&gEfiHashAlgorithmMD5Guid,     sizeof(EFI_MD5_HASH2),    Md5GetContextSize,    Md5Init,    Md5Update,    Md5Final  },
   {&gEfiHashAlgorithmSha1Guid,    sizeof(EFI_SHA1_HASH2),   Sha1GetContextSize,   Sha1Init,   Sha1Update,   Sha1Final   },
   {&gEfiHashAlgorithmSha256Guid,  sizeof(EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
   {&gEfiHashAlgorithmSha384Guid,  sizeof(EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
index a0b57f0514..a65943056a 100644
--- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
@@ -4,7 +4,7 @@
 #  This module will use EDKII crypto library to HASH2 protocol.
 #
 #  (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
-#  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -44,7 +44,6 @@
   UefiLib
 
 [Guids]
-  gEfiHashAlgorithmMD5Guid              ## CONSUMES               ## GUID
   gEfiHashAlgorithmSha1Guid             ## CONSUMES               ## GUID
   gEfiHashAlgorithmSha256Guid           ## CONSUMES               ## GUID
   gEfiHashAlgorithmSha384Guid           ## CONSUMES               ## GUID
-- 
2.21.0.windows.1

[PATCH V4 02/13] SecurityPkg/Hash2DxeCrypto: Remove SHA1 support

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027

Remove the deprecated SHA1 support of Hash2DxeCrypto
driver.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c   | 1 -
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf | 1 -
 2 files changed, 2 deletions(-)

diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
index 50a6157bd9..c1c0470be9 100644
--- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
+++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
@@ -120,7 +120,6 @@ typedef struct {
 } EFI_HASH_INFO;
 
 EFI_HASH_INFO  mHashInfo[] = {
-  {&gEfiHashAlgorithmSha1Guid,    sizeof(EFI_SHA1_HASH2),   Sha1GetContextSize,   Sha1Init,   Sha1Update,   Sha1Final   },
   {&gEfiHashAlgorithmSha256Guid,  sizeof(EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
   {&gEfiHashAlgorithmSha384Guid,  sizeof(EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
   {&gEfiHashAlgorithmSha512Guid,  sizeof(EFI_SHA512_HASH2), Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final },
diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
index a65943056a..6a456ed2a6 100644
--- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
@@ -44,7 +44,6 @@
   UefiLib
 
 [Guids]
-  gEfiHashAlgorithmSha1Guid             ## CONSUMES               ## GUID
   gEfiHashAlgorithmSha256Guid           ## CONSUMES               ## GUID
   gEfiHashAlgorithmSha384Guid           ## CONSUMES               ## GUID
   gEfiHashAlgorithmSha512Guid           ## CONSUMES               ## GUID
-- 
2.21.0.windows.1

[PATCH V4 03/13] CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021

CRYPTO_SERVICES PACKAGES and ALL config would enable MD5
function. So explicitly enable MD5 while CRYPTO_SERVICES
are set PACKAGES and ALL.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
 CryptoPkg/CryptoPkg.dsc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 7e51f6fac5..55383f2722 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -308,3 +308,9 @@
 
 [BuildOptions]
   *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
+!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
+  MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
+  INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
+  GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
+  RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
+!endif
-- 
2.21.0.windows.1

[PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

There is a plan to make MD5 disable as default.
The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
would be introduced to enable MD5. Make the
definition ahead of the change to avoid build
error after the MACRO changed.
1. Add the NetworkBuildOptions.dsc.inc to define
the MACRO for build (support: GCC, INTEL, MSFT and
RVCT)
2. Add the BuildOption file to Network.dsc.inc

Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
 NetworkPkg/Network.dsc.inc             |  5 ++++-
 NetworkPkg/NetworkBuildOptions.dsc.inc | 22 ++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 NetworkPkg/NetworkBuildOptions.dsc.inc

diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc
index 16f090a187..6cd0c005fc 100644
--- a/NetworkPkg/Network.dsc.inc
+++ b/NetworkPkg/Network.dsc.inc
@@ -7,7 +7,7 @@
 # This file defines one build flag PLATFORMX64_ENABLE to support
 # IA32 PEI and X64 DXE platform. Its default value is FALSE.
 #
-# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
 # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
 #
 #    SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -39,3 +39,6 @@
 !include NetworkPkg/NetworkComponents.dsc.inc
 
 !endif
+
+[BuildOptions]
+!include NetworkPkg/NetworkBuildOptions.dsc.inc
diff --git a/NetworkPkg/NetworkBuildOptions.dsc.inc b/NetworkPkg/NetworkBuildOptions.dsc.inc
new file mode 100644
index 0000000000..ce3460d472
--- /dev/null
+++ b/NetworkPkg/NetworkBuildOptions.dsc.inc
@@ -0,0 +1,22 @@
+## @file
+# Network DSC include file for [BuildOptions] sections of all Architectures.
+#
+# This file can be included in the [BuildOptions*] section(s) of a platform # DSC file
+# by using "!include NetworkPkg/NetworkBuildOptions.dsc.inc", to specify the C language
+# feature test macros (eg., API deprecation macros) according to the flags described
+# in "NetworkDefines.dsc.inc".
+#
+# Supported tool chain: "GCC:", "INTEL:", "MSFT:", "RVCT".
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+#
+#    SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+!if $(NETWORK_ISCSI_ENABLE) == TRUE
+  MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
+  INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
+  GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
+  RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
+!endif
-- 
2.21.0.windows.1

[PATCH V4 05/13] ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

There is a plan to make MD5 disable as default.
The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
would be introduced to enable MD5. Make the
definition ahead of the change to avoid build
error after the MACRO changed.

Enable iSCSI.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
---
 ArmVirtPkg/ArmVirtQemu.dsc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 3f649c91d8..365426bd7d 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -1,7 +1,7 @@
 #
 #  Copyright (c) 2011-2015, ARM Limited. All rights reserved.
 #  Copyright (c) 2014, Linaro Limited. All rights reserved.
-#  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+#  Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -40,6 +40,7 @@
   DEFINE NETWORK_SNP_ENABLE              = FALSE
   DEFINE NETWORK_TLS_ENABLE              = FALSE
   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS  = TRUE
+  DEFINE NETWORK_ISCSI_ENABLE            = TRUE
 
 !if $(NETWORK_SNP_ENABLE) == TRUE
   !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
@@ -105,6 +106,9 @@
 [LibraryClasses.common.UEFI_DRIVER]
   UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
 
+[BuildOptions]
+!include NetworkPkg/NetworkBuildOptions.dsc.inc
+
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
-- 
2.21.0.windows.1

[PATCH V4 06/13] ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

There is a plan to make MD5 disable as default.
The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
would be introduced to enable MD5. Make the
definition ahead of the change to avoid build
error after the MACRO changed.

Enable iSCSI.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
---
 ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 9449a01d6e..f447c62f68 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -1,7 +1,7 @@
 #
 #  Copyright (c) 2011-2015, ARM Limited. All rights reserved.
 #  Copyright (c) 2014, Linaro Limited. All rights reserved.
-#  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+#  Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -38,6 +38,7 @@
   DEFINE NETWORK_SNP_ENABLE              = FALSE
   DEFINE NETWORK_TLS_ENABLE              = FALSE
   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS  = TRUE
+  DEFINE NETWORK_ISCSI_ENABLE            = TRUE
 
 !if $(NETWORK_SNP_ENABLE) == TRUE
   !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
@@ -84,6 +85,8 @@
   UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
 
 [BuildOptions]
+!include NetworkPkg/NetworkBuildOptions.dsc.inc
+
   #
   # We need to avoid jump tables in SEC modules, so that the PE/COFF
   # self-relocation code itself is guaranteed to be position independent.
-- 
2.21.0.windows.1

[PATCH V4 07/13] OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

There is a plan to make MD5 disable as default.
The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
would be introduced to enable MD5. Make the
definition ahead of the change to avoid build
error after the MACRO changed.

Enable iSCSI.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
---
 OvmfPkg/OvmfPkgIa32.dsc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 58d9f292f9..0fe56a3106 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -42,6 +42,7 @@
   DEFINE NETWORK_IP6_ENABLE             = FALSE
   DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
+  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
 
 !include NetworkPkg/NetworkDefines.dsc.inc
 
@@ -86,6 +87,8 @@
   INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
   GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
 
+!include NetworkPkg/NetworkBuildOptions.dsc.inc
+
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
   GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
   XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
-- 
2.21.0.windows.1

[PATCH V4 08/13] OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

There is a plan to make MD5 disable as default.
The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
would be introduced to enable MD5. Make the
definition ahead of the change to avoid build
error after the MACRO changed.

Enable iSCSI.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
---
 OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 3551f9710a..a17abc3ae5 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -41,6 +41,7 @@
   DEFINE NETWORK_IP6_ENABLE             = FALSE
   DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
+  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
 
 !include NetworkPkg/NetworkDefines.dsc.inc
 
@@ -90,6 +91,8 @@
   INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
   GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
 
+!include NetworkPkg/NetworkBuildOptions.dsc.inc
+
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
   GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
   XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
-- 
2.21.0.windows.1

[PATCH V4 09/13] OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

There is a plan to make MD5 disable as default.
The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
would be introduced to enable MD5. Make the
definition ahead of the change to avoid build
error after the MACRO changed.

Enable iSCSI.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
---
 OvmfPkg/OvmfPkgX64.dsc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 7a8bdb8a86..10968da4e8 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -41,6 +41,7 @@
   DEFINE NETWORK_IP6_ENABLE             = FALSE
   DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
+  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
 
 !include NetworkPkg/NetworkDefines.dsc.inc
 
@@ -90,6 +91,8 @@
   INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
   GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
 
+!include NetworkPkg/NetworkBuildOptions.dsc.inc
+
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
   GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
   XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
-- 
2.21.0.windows.1

[PATCH V4 10/13] OvmfPkg/OvmfXen.dsc: Enable MD5 while enable iSCSI

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

There is a plan to make MD5 disable as default.
The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
would be introduced to enable MD5. Make the
definition ahead of the change to avoid build
error after the MACRO changed.

Enable iSCSI.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
---
 OvmfPkg/OvmfXen.dsc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 34c9de19df..83e1e9bbfd 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -38,6 +38,7 @@
   DEFINE NETWORK_IP6_ENABLE             = FALSE
   DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
+  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
 
 !include NetworkPkg/NetworkDefines.dsc.inc
 
@@ -80,6 +81,8 @@
   INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
   GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
 
+!include NetworkPkg/NetworkBuildOptions.dsc.inc
+
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
   GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
   XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
-- 
2.21.0.windows.1

[PATCH V4 11/13] OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

There is a plan to make MD5 disable as default.
The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
would be introduced to enable MD5. Make the
definition ahead of the change to avoid build
error after the MACRO changed.

Enable iSCSI.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
---
 OvmfPkg/Bhyve/BhyveX64.dsc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index 16d2233d77..77e31af5d5 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -1,6 +1,6 @@
 #
 #  Copyright (c) 2020, Rebecca Cran <rebecca@bsdio.com>
-#  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
 #  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
 #  Copyright (c) 2014, Pluribus Networks, Inc.
 #
@@ -41,6 +41,7 @@
   DEFINE NETWORK_IP6_ENABLE             = FALSE
   DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
+  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
 
 !include NetworkPkg/NetworkDefines.dsc.inc
 
@@ -83,6 +84,8 @@
   INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
   GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
 
+!include NetworkPkg/NetworkBuildOptions.dsc.inc
+
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
   GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
   XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
-- 
2.21.0.windows.1

[PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003

iSCSI is using the deprecated function MD5. It is
better to make the default setting secure. If the platforms
want to use the iSCSI, they should enable it in the platforms'
dsc file and be aware they are using an function with weak
cryptography.

Enable iSCSI in NetworkPkg.dsc for build.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Zailiang Sun <zailiang.sun@intel.com>
Cc: Yi Qian <yi.qian@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
 NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
 NetworkPkg/NetworkPkg.dsc         | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc
index a442d1b157..18921d81f6 100644
--- a/NetworkPkg/NetworkDefines.dsc.inc
+++ b/NetworkPkg/NetworkDefines.dsc.inc
@@ -17,7 +17,7 @@
 #   DEFINE NETWORK_TLS_ENABLE             = TRUE
 #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
 #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
-#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
+#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
 #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
 #
 # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
@@ -101,7 +101,7 @@
   #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
   #       since libssl is not required for iSCSI.
   #
-  DEFINE NETWORK_ISCSI_ENABLE = TRUE
+  DEFINE NETWORK_ISCSI_ENABLE = FALSE
 !endif
 
 !if $(NETWORK_ENABLE) == TRUE
diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
index 716d04fdad..e508995e3a 100644
--- a/NetworkPkg/NetworkPkg.dsc
+++ b/NetworkPkg/NetworkPkg.dsc
@@ -2,7 +2,7 @@
 # UEFI 2.4 Network Module Package for All Architectures
 #
 # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
 #    SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -18,6 +18,8 @@
   BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
   SKUID_IDENTIFIER               = DEFAULT
 
+  DEFINE NETWORK_ISCSI_ENABLE    = TRUE
+
 [LibraryClasses]
   DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
   BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
-- 
2.21.0.windows.1

[PATCH V4 13/13] CryptoPkg: Make the MD5 disable as default for security

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021

Make the deprecated MD5 disable as default setting for
security.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
 CryptoPkg/Driver/Crypto.c                              | 4 ++--
 CryptoPkg/Include/Library/BaseCryptLib.h               | 2 +-
 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c         | 2 +-
 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index d9096ea603..26f280cd5d 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -243,7 +243,7 @@ DeprecatedCryptoServiceMd4HashAll (
   return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE;
 }
 
-#ifdef DISABLE_MD5_DEPRECATED_INTERFACES
+#ifndef ENABLE_MD5_DEPRECATED_INTERFACES
 /**
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
 
@@ -4494,7 +4494,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
   DeprecatedCryptoServiceMd4Update,
   DeprecatedCryptoServiceMd4Final,
   DeprecatedCryptoServiceMd4HashAll,
-#ifdef DISABLE_MD5_DEPRECATED_INTERFACES
+#ifndef ENABLE_MD5_DEPRECATED_INTERFACES
   /// Md5 - deprecated and unsupported
   DeprecatedCryptoServiceMd5GetContextSize,
   DeprecatedCryptoServiceMd5Init,
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index ae9bde9e37..496121e6a4 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -72,7 +72,7 @@ typedef enum {
 //    One-Way Cryptographic Hash Primitives
 //=====================================================================================
 
-#ifndef DISABLE_MD5_DEPRECATED_INTERFACES
+#ifdef ENABLE_MD5_DEPRECATED_INTERFACES
 /**
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
 
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
index b85e7f4d12..d670f17424 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
@@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "InternalCryptLib.h"
 #include <openssl/md5.h>
 
-#ifndef DISABLE_MD5_DEPRECATED_INTERFACES
+#ifdef ENABLE_MD5_DEPRECATED_INTERFACES
 /**
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
 
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 3f14c6d262..8b43d1363c 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -99,7 +99,7 @@ CryptoServiceNotAvailable (
 //    One-Way Cryptographic Hash Primitives
 //=====================================================================================
 
-#ifndef DISABLE_MD5_DEPRECATED_INTERFACES
+#ifdef ENABLE_MD5_DEPRECATED_INTERFACES
 /**
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
 
-- 
2.21.0.windows.1

Re: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI

[Gao, Zhichao]

I just notice many platforms (such as the platform dsc file in edk2Platforms) are using the inc file incorrectly. I would adjust the [BuildOptions] section above [Components] section to unblock their build.

Thanks,
Zhichao

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> Zhichao
> Sent: Thursday, November 12, 2020 1:56 PM
> To: devel@edk2.groups.io
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> Subject: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable
> iSCSI
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES would be introduced
> to enable MD5. Make the definition ahead of the change to avoid build error
> after the MACRO changed.
> 1. Add the NetworkBuildOptions.dsc.inc to define the MACRO for build (support:
> GCC, INTEL, MSFT and
> RVCT)
> 2. Add the BuildOption file to Network.dsc.inc
> 
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  NetworkPkg/Network.dsc.inc             |  5 ++++-
>  NetworkPkg/NetworkBuildOptions.dsc.inc | 22 ++++++++++++++++++++++
>  2 files changed, 26 insertions(+), 1 deletion(-)  create mode 100644
> NetworkPkg/NetworkBuildOptions.dsc.inc
> 
> diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc index
> 16f090a187..6cd0c005fc 100644
> --- a/NetworkPkg/Network.dsc.inc
> +++ b/NetworkPkg/Network.dsc.inc
> @@ -7,7 +7,7 @@
>  # This file defines one build flag PLATFORMX64_ENABLE to support  # IA32 PEI
> and X64 DXE platform. Its default value is FALSE.
>  #
> -# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2019 - 2020, Intel Corporation. All rights
> +reserved.<BR>
>  # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights
> reserved.<BR>  #
>  #    SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -39,3 +39,6 @@
>  !include NetworkPkg/NetworkComponents.dsc.inc
> 
>  !endif
> +
> +[BuildOptions]
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> diff --git a/NetworkPkg/NetworkBuildOptions.dsc.inc
> b/NetworkPkg/NetworkBuildOptions.dsc.inc
> new file mode 100644
> index 0000000000..ce3460d472
> --- /dev/null
> +++ b/NetworkPkg/NetworkBuildOptions.dsc.inc
> @@ -0,0 +1,22 @@
> +## @file
> +# Network DSC include file for [BuildOptions] sections of all Architectures.
> +#
> +# This file can be included in the [BuildOptions*] section(s) of a
> +platform # DSC file # by using "!include
> +NetworkPkg/NetworkBuildOptions.dsc.inc", to specify the C language #
> +feature test macros (eg., API deprecation macros) according to the flags
> described # in "NetworkDefines.dsc.inc".
> +#
> +# Supported tool chain: "GCC:", "INTEL:", "MSFT:", "RVCT".
> +#
> +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> #
> +#    SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +!if $(NETWORK_ISCSI_ENABLE) == TRUE
> +  MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> +  INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> +  GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
> +  RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
> +!endif
> --
> 2.21.0.windows.1
> 
> 
> 
> 
> 

Re: [edk2-devel] [PATCH V4 03/13] CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
> 
> CRYPTO_SERVICES PACKAGES and ALL config would enable MD5
> function. So explicitly enable MD5 while CRYPTO_SERVICES
> are set PACKAGES and ALL.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  CryptoPkg/CryptoPkg.dsc | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index 7e51f6fac5..55383f2722 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -308,3 +308,9 @@
>  
>  [BuildOptions]
>    *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
> +!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
> +  MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> +  INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> +  GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
> +  RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
> +!endif
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Re: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
> would be introduced to enable MD5. Make the
> definition ahead of the change to avoid build
> error after the MACRO changed.
> 1. Add the NetworkBuildOptions.dsc.inc to define
> the MACRO for build (support: GCC, INTEL, MSFT and
> RVCT)
> 2. Add the BuildOption file to Network.dsc.inc
> 
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  NetworkPkg/Network.dsc.inc             |  5 ++++-
>  NetworkPkg/NetworkBuildOptions.dsc.inc | 22 ++++++++++++++++++++++
>  2 files changed, 26 insertions(+), 1 deletion(-)
>  create mode 100644 NetworkPkg/NetworkBuildOptions.dsc.inc
> 
> diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc
> index 16f090a187..6cd0c005fc 100644
> --- a/NetworkPkg/Network.dsc.inc
> +++ b/NetworkPkg/Network.dsc.inc
> @@ -7,7 +7,7 @@
>  # This file defines one build flag PLATFORMX64_ENABLE to support
>  # IA32 PEI and X64 DXE platform. Its default value is FALSE.
>  #
> -# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
>  # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
>  #
>  #    SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -39,3 +39,6 @@
>  !include NetworkPkg/NetworkComponents.dsc.inc
>  
>  !endif
> +
> +[BuildOptions]
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> diff --git a/NetworkPkg/NetworkBuildOptions.dsc.inc b/NetworkPkg/NetworkBuildOptions.dsc.inc
> new file mode 100644
> index 0000000000..ce3460d472
> --- /dev/null
> +++ b/NetworkPkg/NetworkBuildOptions.dsc.inc
> @@ -0,0 +1,22 @@
> +## @file
> +# Network DSC include file for [BuildOptions] sections of all Architectures.
> +#
> +# This file can be included in the [BuildOptions*] section(s) of a platform # DSC file

(1) runaway "#" sign between the words "platform" and "DSC"; probably a
consequence of rewrapping; it should be removed

> +# by using "!include NetworkPkg/NetworkBuildOptions.dsc.inc", to specify the C language
> +# feature test macros (eg., API deprecation macros) according to the flags described
> +# in "NetworkDefines.dsc.inc".
> +#
> +# Supported tool chain: "GCC:", "INTEL:", "MSFT:", "RVCT".

(2) The comment is a bit inconsistent: the GCC, INTEL and MSFT toolchain
family names include a trailing ":", while RVCT doesn't. The colons
(":") should be removed.

(3) These identifiers are not toolchains, but toolchain families.
(Please check the "BaseTools/Conf/tools_def.template" file for the
string "_FAMILY".) So the comment should say "Supported toolchain families".

> +#
> +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> +#
> +#    SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +!if $(NETWORK_ISCSI_ENABLE) == TRUE
> +  MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> +  INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> +  GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
> +  RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
> +!endif
> 

With (1) through (3) fixed:

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

(No need to repost just because of this, if a repost is not otherwise
required. Then the maintainer that merges the series should please
correct the above points before pushing.)

Thanks
Laszlo

Re: [edk2-devel] [PATCH V4 05/13] ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
> would be introduced to enable MD5. Make the
> definition ahead of the change to avoid build
> error after the MACRO changed.
> 
> Enable iSCSI.
> 
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> ---
>  ArmVirtPkg/ArmVirtQemu.dsc | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index 3f649c91d8..365426bd7d 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -1,7 +1,7 @@
>  #
>  #  Copyright (c) 2011-2015, ARM Limited. All rights reserved.
>  #  Copyright (c) 2014, Linaro Limited. All rights reserved.
> -#  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +#  Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
>  #
>  #  SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -40,6 +40,7 @@
>    DEFINE NETWORK_SNP_ENABLE              = FALSE
>    DEFINE NETWORK_TLS_ENABLE              = FALSE
>    DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS  = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE            = TRUE
>  
>  !if $(NETWORK_SNP_ENABLE) == TRUE
>    !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> @@ -105,6 +106,9 @@
>  [LibraryClasses.common.UEFI_DRIVER]
>    UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
>  
> +[BuildOptions]
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> +
>  ################################################################################
>  #
>  # Pcd Section - list of all EDK II PCD Entries defined by this Platform
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Build-tested-by: Laszlo Ersek <lersek@redhat.com>

Thanks
Laszlo

Re: [edk2-devel] [PATCH V4 06/13] ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
> would be introduced to enable MD5. Make the
> definition ahead of the change to avoid build
> error after the MACRO changed.
> 
> Enable iSCSI.
> 
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> ---
>  ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> index 9449a01d6e..f447c62f68 100644
> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
> @@ -1,7 +1,7 @@
>  #
>  #  Copyright (c) 2011-2015, ARM Limited. All rights reserved.
>  #  Copyright (c) 2014, Linaro Limited. All rights reserved.
> -#  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +#  Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
>  #
>  #  SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -38,6 +38,7 @@
>    DEFINE NETWORK_SNP_ENABLE              = FALSE
>    DEFINE NETWORK_TLS_ENABLE              = FALSE
>    DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS  = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE            = TRUE
>  
>  !if $(NETWORK_SNP_ENABLE) == TRUE
>    !error "NETWORK_SNP_ENABLE is IA32/X64/EBC only"
> @@ -84,6 +85,8 @@
>    UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
>  
>  [BuildOptions]
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> +
>    #
>    # We need to avoid jump tables in SEC modules, so that the PE/COFF
>    # self-relocation code itself is guaranteed to be position independent.
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Re: [edk2-devel] [PATCH V4 07/13] OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
> would be introduced to enable MD5. Make the
> definition ahead of the change to avoid build
> error after the MACRO changed.
> 
> Enable iSCSI.
> 
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> ---
>  OvmfPkg/OvmfPkgIa32.dsc | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 58d9f292f9..0fe56a3106 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -42,6 +42,7 @@
>    DEFINE NETWORK_IP6_ENABLE             = FALSE
>    DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
>    DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
>  
>  !include NetworkPkg/NetworkDefines.dsc.inc
>  
> @@ -86,6 +87,8 @@
>    INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
>    GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
>  
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> +
>  [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
>    GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
>    XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Build-tested-by: Laszlo Ersek <lersek@redhat.com>

Re: [edk2-devel] [PATCH V4 08/13] OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
> would be introduced to enable MD5. Make the
> definition ahead of the change to avoid build
> error after the MACRO changed.
> 
> Enable iSCSI.
> 
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> ---
>  OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index 3551f9710a..a17abc3ae5 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -41,6 +41,7 @@
>    DEFINE NETWORK_IP6_ENABLE             = FALSE
>    DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
>    DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
>  
>  !include NetworkPkg/NetworkDefines.dsc.inc
>  
> @@ -90,6 +91,8 @@
>    INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
>    GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
>  
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> +
>  [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
>    GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
>    XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Build-tested-by: Laszlo Ersek <lersek@redhat.com>

Re: [edk2-devel] [PATCH V4 09/13] OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
> would be introduced to enable MD5. Make the
> definition ahead of the change to avoid build
> error after the MACRO changed.
> 
> Enable iSCSI.
> 
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> ---
>  OvmfPkg/OvmfPkgX64.dsc | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 7a8bdb8a86..10968da4e8 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -41,6 +41,7 @@
>    DEFINE NETWORK_IP6_ENABLE             = FALSE
>    DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
>    DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
>  
>  !include NetworkPkg/NetworkDefines.dsc.inc
>  
> @@ -90,6 +91,8 @@
>    INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
>    GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
>  
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> +
>  [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
>    GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
>    XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Build-tested-by: Laszlo Ersek <lersek@redhat.com>

Re: [edk2-devel] [PATCH V4 10/13] OvmfPkg/OvmfXen.dsc: Enable MD5 while enable iSCSI

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
> would be introduced to enable MD5. Make the
> definition ahead of the change to avoid build
> error after the MACRO changed.
> 
> Enable iSCSI.
> 
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> ---
>  OvmfPkg/OvmfXen.dsc | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
> index 34c9de19df..83e1e9bbfd 100644
> --- a/OvmfPkg/OvmfXen.dsc
> +++ b/OvmfPkg/OvmfXen.dsc
> @@ -38,6 +38,7 @@
>    DEFINE NETWORK_IP6_ENABLE             = FALSE
>    DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
>    DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
>  
>  !include NetworkPkg/NetworkDefines.dsc.inc
>  
> @@ -80,6 +81,8 @@
>    INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
>    GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
>  
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> +
>  [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
>    GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
>    XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Build-tested-by: Laszlo Ersek <lersek@redhat.com>

Re: [edk2-devel] [PATCH V4 11/13] OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
> would be introduced to enable MD5. Make the
> definition ahead of the change to avoid build
> error after the MACRO changed.
> 
> Enable iSCSI.
> 
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> ---
>  OvmfPkg/Bhyve/BhyveX64.dsc | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
> index 16d2233d77..77e31af5d5 100644
> --- a/OvmfPkg/Bhyve/BhyveX64.dsc
> +++ b/OvmfPkg/Bhyve/BhyveX64.dsc
> @@ -1,6 +1,6 @@
>  #
>  #  Copyright (c) 2020, Rebecca Cran <rebecca@bsdio.com>
> -#  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
> +#  Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
>  #  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
>  #  Copyright (c) 2014, Pluribus Networks, Inc.
>  #
> @@ -41,6 +41,7 @@
>    DEFINE NETWORK_IP6_ENABLE             = FALSE
>    DEFINE NETWORK_HTTP_BOOT_ENABLE       = FALSE
>    DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE           = TRUE
>  
>  !include NetworkPkg/NetworkDefines.dsc.inc
>  
> @@ -83,6 +84,8 @@
>    INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
>    GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
>  
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> +
>  [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
>    GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
>    XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Also, on top of Rebecca's recently-merged series
(662b42db76a5..5e9a8a6dfb15), it makes sense to *attempt* building this
patch. So:

Build-tested-by: Laszlo Ersek <lersek@redhat.com>

Thanks
Laszlo

Re: [edk2-devel] [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> iSCSI is using the deprecated function MD5. It is
> better to make the default setting secure. If the platforms
> want to use the iSCSI, they should enable it in the platforms'
> dsc file and be aware they are using an function with weak
> cryptography.
> 
> Enable iSCSI in NetworkPkg.dsc for build.
> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Zailiang Sun <zailiang.sun@intel.com>
> Cc: Yi Qian <yi.qian@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
>  NetworkPkg/NetworkPkg.dsc         | 4 +++-
>  2 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc
> index a442d1b157..18921d81f6 100644
> --- a/NetworkPkg/NetworkDefines.dsc.inc
> +++ b/NetworkPkg/NetworkDefines.dsc.inc
> @@ -17,7 +17,7 @@
>  #   DEFINE NETWORK_TLS_ENABLE             = TRUE
>  #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
>  #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> -#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
> +#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
>  #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
>  #
>  # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> @@ -101,7 +101,7 @@
>    #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
>    #       since libssl is not required for iSCSI.
>    #
> -  DEFINE NETWORK_ISCSI_ENABLE = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE = FALSE
>  !endif
>  
>  !if $(NETWORK_ENABLE) == TRUE
> diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
> index 716d04fdad..e508995e3a 100644
> --- a/NetworkPkg/NetworkPkg.dsc
> +++ b/NetworkPkg/NetworkPkg.dsc
> @@ -2,7 +2,7 @@
>  # UEFI 2.4 Network Module Package for All Architectures
>  #
>  # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
> -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
>  #    SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -18,6 +18,8 @@
>    BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
>    SKUID_IDENTIFIER               = DEFAULT
>  
> +  DEFINE NETWORK_ISCSI_ENABLE    = TRUE
> +
>  [LibraryClasses]
>    DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
>    BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Re: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI

[Gao, Zhichao]

New change has been pushed to my branch: https://github.com/ZhichaoGao/edk2/commits/MD5_disable
Only #4 is changed to adjust the [BuildOptions] location. As there is not other change, so I keep Laszlo's R-B.

Hi Rebeda/Jiaxin/Siyuan,

Can you help to review the #4 and #12 patch?

Thanks,
Zhichao

> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: Saturday, November 14, 2020 7:47 AM
> To: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@intel.com>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> Subject: Re: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while
> enable iSCSI
> 
> On 11/12/20 06:55, Gao, Zhichao wrote:
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> >
> > There is a plan to make MD5 disable as default.
> > The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES would be
> introduced to
> > enable MD5. Make the definition ahead of the change to avoid build
> > error after the MACRO changed.
> > 1. Add the NetworkBuildOptions.dsc.inc to define the MACRO for build
> > (support: GCC, INTEL, MSFT and
> > RVCT)
> > 2. Add the BuildOption file to Network.dsc.inc
> >
> > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> > Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > ---
> >  NetworkPkg/Network.dsc.inc             |  5 ++++-
> >  NetworkPkg/NetworkBuildOptions.dsc.inc | 22 ++++++++++++++++++++++
> >  2 files changed, 26 insertions(+), 1 deletion(-)  create mode 100644
> > NetworkPkg/NetworkBuildOptions.dsc.inc
> >
> > diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc
> > index 16f090a187..6cd0c005fc 100644
> > --- a/NetworkPkg/Network.dsc.inc
> > +++ b/NetworkPkg/Network.dsc.inc
> > @@ -7,7 +7,7 @@
> >  # This file defines one build flag PLATFORMX64_ENABLE to support  #
> > IA32 PEI and X64 DXE platform. Its default value is FALSE.
> >  #
> > -# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> > +# Copyright (c) 2019 - 2020, Intel Corporation. All rights
> > +reserved.<BR>
> >  # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All
> > rights reserved.<BR>  #
> >  #    SPDX-License-Identifier: BSD-2-Clause-Patent
> > @@ -39,3 +39,6 @@
> >  !include NetworkPkg/NetworkComponents.dsc.inc
> >
> >  !endif
> > +
> > +[BuildOptions]
> > +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> > diff --git a/NetworkPkg/NetworkBuildOptions.dsc.inc
> > b/NetworkPkg/NetworkBuildOptions.dsc.inc
> > new file mode 100644
> > index 0000000000..ce3460d472
> > --- /dev/null
> > +++ b/NetworkPkg/NetworkBuildOptions.dsc.inc
> > @@ -0,0 +1,22 @@
> > +## @file
> > +# Network DSC include file for [BuildOptions] sections of all Architectures.
> > +#
> > +# This file can be included in the [BuildOptions*] section(s) of a
> > +platform # DSC file
> 
> (1) runaway "#" sign between the words "platform" and "DSC"; probably a
> consequence of rewrapping; it should be removed
> 
> > +# by using "!include NetworkPkg/NetworkBuildOptions.dsc.inc", to
> > +specify the C language # feature test macros (eg., API deprecation
> > +macros) according to the flags described # in "NetworkDefines.dsc.inc".
> > +#
> > +# Supported tool chain: "GCC:", "INTEL:", "MSFT:", "RVCT".
> 
> (2) The comment is a bit inconsistent: the GCC, INTEL and MSFT toolchain family
> names include a trailing ":", while RVCT doesn't. The colons
> (":") should be removed.
> 
> (3) These identifiers are not toolchains, but toolchain families.
> (Please check the "BaseTools/Conf/tools_def.template" file for the string
> "_FAMILY".) So the comment should say "Supported toolchain families".
> 
> > +#
> > +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> #
> > +#    SPDX-License-Identifier: BSD-2-Clause-Patent
> > +#
> > +##
> > +
> > +!if $(NETWORK_ISCSI_ENABLE) == TRUE
> > +  MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> > +  INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> > +  GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
> > +  RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
> > +!endif
> >
> 
> With (1) through (3) fixed:
> 
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> 
> (No need to repost just because of this, if a repost is not otherwise required.
> Then the maintainer that merges the series should please correct the above
> points before pushing.)
> 
> Thanks
> Laszlo

Re: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI

[Siyuan, Fu]

Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> Zhichao
> Sent: 2020年11月12日 13:56
> To: devel@edk2.groups.io
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> Subject: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable
> iSCSI
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> There is a plan to make MD5 disable as default.
> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES
> would be introduced to enable MD5. Make the
> definition ahead of the change to avoid build
> error after the MACRO changed.
> 1. Add the NetworkBuildOptions.dsc.inc to define
> the MACRO for build (support: GCC, INTEL, MSFT and
> RVCT)
> 2. Add the BuildOption file to Network.dsc.inc
> 
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  NetworkPkg/Network.dsc.inc             |  5 ++++-
>  NetworkPkg/NetworkBuildOptions.dsc.inc | 22 ++++++++++++++++++++++
>  2 files changed, 26 insertions(+), 1 deletion(-)
>  create mode 100644 NetworkPkg/NetworkBuildOptions.dsc.inc
> 
> diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc
> index 16f090a187..6cd0c005fc 100644
> --- a/NetworkPkg/Network.dsc.inc
> +++ b/NetworkPkg/Network.dsc.inc
> @@ -7,7 +7,7 @@
>  # This file defines one build flag PLATFORMX64_ENABLE to support
>  # IA32 PEI and X64 DXE platform. Its default value is FALSE.
>  #
> -# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
>  # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights
> reserved.<BR>
>  #
>  #    SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -39,3 +39,6 @@
>  !include NetworkPkg/NetworkComponents.dsc.inc
> 
>  !endif
> +
> +[BuildOptions]
> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> diff --git a/NetworkPkg/NetworkBuildOptions.dsc.inc
> b/NetworkPkg/NetworkBuildOptions.dsc.inc
> new file mode 100644
> index 0000000000..ce3460d472
> --- /dev/null
> +++ b/NetworkPkg/NetworkBuildOptions.dsc.inc
> @@ -0,0 +1,22 @@
> +## @file
> +# Network DSC include file for [BuildOptions] sections of all Architectures.
> +#
> +# This file can be included in the [BuildOptions*] section(s) of a platform # DSC
> file
> +# by using "!include NetworkPkg/NetworkBuildOptions.dsc.inc", to specify the
> C language
> +# feature test macros (eg., API deprecation macros) according to the flags
> described
> +# in "NetworkDefines.dsc.inc".
> +#
> +# Supported tool chain: "GCC:", "INTEL:", "MSFT:", "RVCT".
> +#
> +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> +#
> +#    SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +!if $(NETWORK_ISCSI_ENABLE) == TRUE
> +  MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> +  INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> +  GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
> +  RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
> +!endif
> --
> 2.21.0.windows.1
> 
> 
> 
> 
> 

Re: [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default

[Siyuan, Fu]

Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: 2020年11月12日 13:56
> To: devel@edk2.groups.io
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu,
> XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly
> <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; Qian, Yi
> <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Maciej Rabeda
> <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan
> <siyuan.fu@intel.com>
> Subject: [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> iSCSI is using the deprecated function MD5. It is
> better to make the default setting secure. If the platforms
> want to use the iSCSI, they should enable it in the platforms'
> dsc file and be aware they are using an function with weak
> cryptography.
> 
> Enable iSCSI in NetworkPkg.dsc for build.
> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Zailiang Sun <zailiang.sun@intel.com>
> Cc: Yi Qian <yi.qian@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
>  NetworkPkg/NetworkPkg.dsc         | 4 +++-
>  2 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/NetworkPkg/NetworkDefines.dsc.inc
> b/NetworkPkg/NetworkDefines.dsc.inc
> index a442d1b157..18921d81f6 100644
> --- a/NetworkPkg/NetworkDefines.dsc.inc
> +++ b/NetworkPkg/NetworkDefines.dsc.inc
> @@ -17,7 +17,7 @@
>  #   DEFINE NETWORK_TLS_ENABLE             = TRUE
>  #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
>  #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> -#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
> +#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
>  #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
>  #
>  # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> @@ -101,7 +101,7 @@
>    #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
>    #       since libssl is not required for iSCSI.
>    #
> -  DEFINE NETWORK_ISCSI_ENABLE = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE = FALSE
>  !endif
> 
>  !if $(NETWORK_ENABLE) == TRUE
> diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
> index 716d04fdad..e508995e3a 100644
> --- a/NetworkPkg/NetworkPkg.dsc
> +++ b/NetworkPkg/NetworkPkg.dsc
> @@ -2,7 +2,7 @@
>  # UEFI 2.4 Network Module Package for All Architectures
>  #
>  # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
> -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights
> reserved.<BR>
>  #    SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -18,6 +18,8 @@
>    BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
>    SKUID_IDENTIFIER               = DEFAULT
> 
> +  DEFINE NETWORK_ISCSI_ENABLE    = TRUE
> +
>  [LibraryClasses]
>    DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
>    BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> --
> 2.21.0.windows.1

Re: [edk2-devel] [PATCH V4 12/13] NetworkPkg/Defines: Make iSCSI disable as default

[Maciej Rabeda]

Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>

On 12-Nov-20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
>
> iSCSI is using the deprecated function MD5. It is
> better to make the default setting secure. If the platforms
> want to use the iSCSI, they should enable it in the platforms'
> dsc file and be aware they are using an function with weak
> cryptography.
>
> Enable iSCSI in NetworkPkg.dsc for build.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Zailiang Sun <zailiang.sun@intel.com>
> Cc: Yi Qian <yi.qian@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>   NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
>   NetworkPkg/NetworkPkg.dsc         | 4 +++-
>   2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc
> index a442d1b157..18921d81f6 100644
> --- a/NetworkPkg/NetworkDefines.dsc.inc
> +++ b/NetworkPkg/NetworkDefines.dsc.inc
> @@ -17,7 +17,7 @@
>   #   DEFINE NETWORK_TLS_ENABLE             = TRUE
>   #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
>   #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> -#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
> +#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
>   #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
>   #
>   # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> @@ -101,7 +101,7 @@
>     #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
>     #       since libssl is not required for iSCSI.
>     #
> -  DEFINE NETWORK_ISCSI_ENABLE = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE = FALSE
>   !endif
>   
>   !if $(NETWORK_ENABLE) == TRUE
> diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
> index 716d04fdad..e508995e3a 100644
> --- a/NetworkPkg/NetworkPkg.dsc
> +++ b/NetworkPkg/NetworkPkg.dsc
> @@ -2,7 +2,7 @@
>   # UEFI 2.4 Network Module Package for All Architectures
>   #
>   # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
> -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>   # Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
>   #    SPDX-License-Identifier: BSD-2-Clause-Patent
>   #
> @@ -18,6 +18,8 @@
>     BUILD_TARGETS                  = DEBUG|RELEASE|NOOPT
>     SKUID_IDENTIFIER               = DEFAULT
>   
> +  DEFINE NETWORK_ISCSI_ENABLE    = TRUE
> +
>   [LibraryClasses]
>     DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
>     BaseLib|MdePkg/Library/BaseLib/BaseLib.inf

Re: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI

[Gao, Zhichao]

Send to the commmunity.

Thanks,
Zhichao

> -----Original Message-----
> From: Rabeda, Maciej <maciej.rabeda@linux.intel.com>
> Sent: Monday, November 16, 2020 7:42 PM
> To: Gao, Zhichao <zhichao.gao@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>;
> Fu, Siyuan <siyuan.fu@intel.com>
> Subject: Re: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while
> enable iSCSI
> 
> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> 
> On 16-Nov-20 02:33, Gao, Zhichao wrote:
> > Hi Rabeda/Jiaxin/Siyuan,
> >
> > This patch set is plan to catch the 202011 stable tag and it need to be reviewed
> before this Tuesday (2020.11.17). Can you help to review it once you have time?
> >
> > Thanks,
> > Zhichao
> >
> >> -----Original Message-----
> >> From: Gao, Zhichao
> >> Sent: Monday, November 16, 2020 9:22 AM
> >> To: Laszlo Ersek <lersek@redhat.com>; devel@edk2.groups.io
> >> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> >> <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> >> Subject: RE: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5
> >> while enable iSCSI
> >>
> >> New change has been pushed to my branch:
> >> https://github.com/ZhichaoGao/edk2/commits/MD5_disable
> >> Only #4 is changed to adjust the [BuildOptions] location. As there is
> >> not other change, so I keep Laszlo's R-B.
> >>
> >> Hi Rebeda/Jiaxin/Siyuan,
> >>
> >> Can you help to review the #4 and #12 patch?
> >>
> >> Thanks,
> >> Zhichao
> >>
> >>> -----Original Message-----
> >>> From: Laszlo Ersek <lersek@redhat.com>
> >>> Sent: Saturday, November 14, 2020 7:47 AM
> >>> To: devel@edk2.groups.io; Gao, Zhichao <zhichao.gao@intel.com>
> >>> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> >>> <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> >>> Subject: Re: [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5
> >>> while enable iSCSI
> >>>
> >>> On 11/12/20 06:55, Gao, Zhichao wrote:
> >>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> >>>>
> >>>> There is a plan to make MD5 disable as default.
> >>>> The new MACRO ENABLE_MD5_DEPRECATED_INTERFACES would be
> >>> introduced to
> >>>> enable MD5. Make the definition ahead of the change to avoid build
> >>>> error after the MACRO changed.
> >>>> 1. Add the NetworkBuildOptions.dsc.inc to define the MACRO for
> >>>> build
> >>>> (support: GCC, INTEL, MSFT and
> >>>> RVCT)
> >>>> 2. Add the BuildOption file to Network.dsc.inc
> >>>>
> >>>> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> >>>> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> >>>> Cc: Siyuan Fu <siyuan.fu@intel.com>
> >>>> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> >>>> ---
> >>>>   NetworkPkg/Network.dsc.inc             |  5 ++++-
> >>>>   NetworkPkg/NetworkBuildOptions.dsc.inc | 22 ++++++++++++++++++++++
> >>>>   2 files changed, 26 insertions(+), 1 deletion(-)  create mode
> >>>> 100644 NetworkPkg/NetworkBuildOptions.dsc.inc
> >>>>
> >>>> diff --git a/NetworkPkg/Network.dsc.inc
> >>>> b/NetworkPkg/Network.dsc.inc index 16f090a187..6cd0c005fc 100644
> >>>> --- a/NetworkPkg/Network.dsc.inc
> >>>> +++ b/NetworkPkg/Network.dsc.inc
> >>>> @@ -7,7 +7,7 @@
> >>>>   # This file defines one build flag PLATFORMX64_ENABLE to support
> >>>> #
> >>>> IA32 PEI and X64 DXE platform. Its default value is FALSE.
> >>>>   #
> >>>> -# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> >>>> +# Copyright (c) 2019 - 2020, Intel Corporation. All rights
> >>>> +reserved.<BR>
> >>>>   # Copyright (c) 2020, Hewlett Packard Enterprise Development LP.
> >>>> All rights reserved.<BR>  #
> >>>>   #    SPDX-License-Identifier: BSD-2-Clause-Patent
> >>>> @@ -39,3 +39,6 @@
> >>>>   !include NetworkPkg/NetworkComponents.dsc.inc
> >>>>
> >>>>   !endif
> >>>> +
> >>>> +[BuildOptions]
> >>>> +!include NetworkPkg/NetworkBuildOptions.dsc.inc
> >>>> diff --git a/NetworkPkg/NetworkBuildOptions.dsc.inc
> >>>> b/NetworkPkg/NetworkBuildOptions.dsc.inc
> >>>> new file mode 100644
> >>>> index 0000000000..ce3460d472
> >>>> --- /dev/null
> >>>> +++ b/NetworkPkg/NetworkBuildOptions.dsc.inc
> >>>> @@ -0,0 +1,22 @@
> >>>> +## @file
> >>>> +# Network DSC include file for [BuildOptions] sections of all Architectures.
> >>>> +#
> >>>> +# This file can be included in the [BuildOptions*] section(s) of a
> >>>> +platform # DSC file
> >>> (1) runaway "#" sign between the words "platform" and "DSC";
> >>> probably a consequence of rewrapping; it should be removed
> >>>
> >>>> +# by using "!include NetworkPkg/NetworkBuildOptions.dsc.inc", to
> >>>> +specify the C language # feature test macros (eg., API deprecation
> >>>> +macros) according to the flags described # in "NetworkDefines.dsc.inc".
> >>>> +#
> >>>> +# Supported tool chain: "GCC:", "INTEL:", "MSFT:", "RVCT".
> >>> (2) The comment is a bit inconsistent: the GCC, INTEL and MSFT
> >>> toolchain family names include a trailing ":", while RVCT doesn't.
> >>> The colons
> >>> (":") should be removed.
> >>>
> >>> (3) These identifiers are not toolchains, but toolchain families.
> >>> (Please check the "BaseTools/Conf/tools_def.template" file for the
> >>> string
> >>> "_FAMILY".) So the comment should say "Supported toolchain families".
> >>>
> >>>> +#
> >>>> +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> #
> >>>> +#    SPDX-License-Identifier: BSD-2-Clause-Patent
> >>>> +#
> >>>> +##
> >>>> +
> >>>> +!if $(NETWORK_ISCSI_ENABLE) == TRUE
> >>>> +  MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> >>>> +  INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
> >>>> +  GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
> >>>> +  RVCT:*_*_*_CC_FLAGS = -DENABLE_MD5_DEPRECATED_INTERFACES
> >>>> +!endif
> >>>>
> >>> With (1) through (3) fixed:
> >>>
> >>> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> >>>
> >>> (No need to repost just because of this, if a repost is not otherwise required.
> >>> Then the maintainer that merges the series should please correct the
> >>> above points before pushing.)
> >>>
> >>> Thanks
> >>> Laszlo

Re: [edk2-devel] [PATCH V4 00/13] Disable the deprecated MD5 and SHA1 support

[Laszlo Ersek]

On 11/12/20 06:55, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027
>
> MD5 is deprecated, make it disable as default for security.
> It required to set MD5 enable explicitly if the module is still using
> MD5. List the modules that are still using it:
> iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config).
>
> This patch set would affact the platforms that are using iSCSI
> function.
>
> V2:
> Remove MD5 and SHA1 support of Hash2DxeCrypto.
> Remove the MD5 GUID defination in MdePkg.dec. SHA1 related GUIDs
> are still using in TPM2, so keep them.
> No requirement to add MD5 enable MACRO in SecurityPkg.
>
> V3:
> Explicitly enable iSCSI for ArmVirtQemu, ArmVirtQemuKernel,
> OvmfPkgIa32, OvmfPkgIa32X64, OvmfPkgX64 and BhyveX64.
> And set the MD5 enable base on the new MD5 MACRO.
> Rejust the patch order.
>
> V14:
> Fix some typos.
> Change the commit message.
> Add NetworkBuildOptions.dsc.inc and add the MACRO for
> different toolchain.
> Using inc file in the related package dsc file:
> ArmVirtQemu, ArmVirtQemuKernel, OvmfPkgIa32, OvmfPkgIa32X64,
> OvmfPkgX64, OvmfXen and BhyveX64.
> Enable iSCSI in NetworkPkg.dsc for build test.

I'm in the process of merging this series.

* For composing the branch / merge request:

(a) I have applied the v4 patches locally.

(b) I have added the feedback tags from the v4 thread.

(c) I have implemented changes (1) through (3) suggested here:

    [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI
    https://edk2.groups.io/g/devel/message/67558
    https://www.redhat.com/archives/edk2-devel-archive/2020-November/msg00718.html

(d) I have also lifted the [BuildOptions] section above [Components] in:

    [edk2-devel] [PATCH V4 04/13] NetworkPkg: Enable MD5 while enable iSCSI

    according to the following discussion:

    https://edk2.groups.io/g/devel/message/67525
    https://www.redhat.com/archives/edk2-devel-archive/2020-November/msg00684.html

    and

    https://edk2.groups.io/g/devel/message/67591
    https://www.redhat.com/archives/edk2-devel-archive/2020-November/msg00751.html

    My (c) and (d) changes match the updates in Zhichao's commit
    41ac3e7fa126, on his "MD5_disable" branch.

* The above actions of mine result in the following range-diff, relative
to the v4 posting on the list:

>  1:  c476b165a734 =  1:  5ee36bcf2a98 SecurityPkg/Hash2DxeCrypto: Remove MD5 support
>  2:  ee71ac319d1b =  2:  0c45603e7208 SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
>  3:  eebfdc4d1c34 !  3:  3d97de8735b8 CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
>     @@ -15,6 +15,7 @@
>          Cc: Laszlo Ersek <lersek@redhat.com>
>          Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>          Message-Id: <20201112055558.2348-4-zhichao.gao@intel.com>
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
>      --- a/CryptoPkg/CryptoPkg.dsc
>  4:  a9de45be7e52 !  4:  c17e682d01ce NetworkPkg: Enable MD5 while enable iSCSI
>     @@ -19,6 +19,11 @@
>          Cc: Siyuan Fu <siyuan.fu@intel.com>
>          Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>          Message-Id: <20201112055558.2348-5-zhichao.gao@intel.com>
>     +    [lersek@redhat.com: clean up comments in "NetworkBuildOptions.dsc.inc"]
>     +    [lersek@redhat.com: hoist "BuildOptions" above "Components" in
>     +     "Network.dsc.inc" for bug compat with edk2-platforms]
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>     +    Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
>
>      diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc
>      --- a/NetworkPkg/Network.dsc.inc
>     @@ -33,12 +38,15 @@
>       #
>       #    SPDX-License-Identifier: BSD-2-Clause-Patent
>      @@
>     - !include NetworkPkg/NetworkComponents.dsc.inc
>     + [LibraryClasses]
>     + !include NetworkPkg/NetworkLibs.dsc.inc
>
>     - !endif
>     -+
>      +[BuildOptions]
>      +!include NetworkPkg/NetworkBuildOptions.dsc.inc
>     ++
>     + !if $(PLATFORMX64_ENABLE) == TRUE
>     + [Components.X64]
>     + !include NetworkPkg/NetworkComponents.dsc.inc
>
>      diff --git a/NetworkPkg/NetworkBuildOptions.dsc.inc b/NetworkPkg/NetworkBuildOptions.dsc.inc
>      new file mode 100644
>     @@ -48,12 +56,12 @@
>      +## @file
>      +# Network DSC include file for [BuildOptions] sections of all Architectures.
>      +#
>     -+# This file can be included in the [BuildOptions*] section(s) of a platform # DSC file
>     ++# This file can be included in the [BuildOptions*] section(s) of a platform DSC file
>      +# by using "!include NetworkPkg/NetworkBuildOptions.dsc.inc", to specify the C language
>      +# feature test macros (eg., API deprecation macros) according to the flags described
>      +# in "NetworkDefines.dsc.inc".
>      +#
>     -+# Supported tool chain: "GCC:", "INTEL:", "MSFT:", "RVCT".
>     ++# Supported tool chain families: "GCC", "INTEL", "MSFT", "RVCT".
>      +#
>      +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>      +#
>  5:  69e9477abff3 !  5:  408c15466aa6 ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI
>     @@ -17,6 +17,8 @@
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>          Message-Id: <20201112055558.2348-6-zhichao.gao@intel.com>
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>     +    Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
>      --- a/ArmVirtPkg/ArmVirtQemu.dsc
>  6:  2a4e37a3eb1b !  6:  6f699db9003e ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI
>     @@ -17,6 +17,7 @@
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>          Message-Id: <20201112055558.2348-7-zhichao.gao@intel.com>
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>      --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
>  7:  46a433fb23d9 !  7:  f94376fa1c42 OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI
>     @@ -17,6 +17,8 @@
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>          Message-Id: <20201112055558.2348-8-zhichao.gao@intel.com>
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>     +    Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
>      --- a/OvmfPkg/OvmfPkgIa32.dsc
>  8:  943230f06d14 !  8:  d886a5ee0c1c OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI
>     @@ -17,6 +17,8 @@
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>          Message-Id: <20201112055558.2348-9-zhichao.gao@intel.com>
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>     +    Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
>      --- a/OvmfPkg/OvmfPkgIa32X64.dsc
>  9:  73a2128a6cca !  9:  5b942298b4c1 OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI
>     @@ -17,6 +17,8 @@
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>          Message-Id: <20201112055558.2348-10-zhichao.gao@intel.com>
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>     +    Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
>      --- a/OvmfPkg/OvmfPkgX64.dsc
> 10:  31677228ba91 ! 10:  d30e7861db19 OvmfPkg/OvmfXen.dsc: Enable MD5 while enable iSCSI
>     @@ -17,6 +17,8 @@
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>          Message-Id: <20201112055558.2348-11-zhichao.gao@intel.com>
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>     +    Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
>      --- a/OvmfPkg/OvmfXen.dsc
> 11:  c6c2704963e1 ! 11:  97d95fc17245 OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI
>     @@ -17,6 +17,8 @@
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>          Message-Id: <20201112055558.2348-12-zhichao.gao@intel.com>
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>     +    Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
>      --- a/OvmfPkg/Bhyve/BhyveX64.dsc
> 12:  7a5e013b925c ! 12:  900809889d32 NetworkPkg/Defines: Make iSCSI disable as default
>     @@ -31,6 +31,9 @@
>          Cc: Siyuan Fu <siyuan.fu@intel.com>
>          Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>          Message-Id: <20201112055558.2348-13-zhichao.gao@intel.com>
>     +    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>     +    Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
>     +    Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
>
>      diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc
>      --- a/NetworkPkg/NetworkDefines.dsc.inc
> 13:  7ed3343c20ba = 13:  31e5b14fc7ce CryptoPkg: Make the MD5 disable as default for security

* At this point, I have also compared my local branch (to be merged)
with Zhichao's MD5_disable branch, currently at commit e9f94f099f83.
Please see the range-diff below, with my comments (the changes are
expressed as working from Zhichao's branch to mine):

>  1:  3be76c44753f !  1:  5ee36bcf2a98 SecurityPkg/Hash2DxeCrypto: Remove MD5 support
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          SecurityPkg/Hash2DxeCrypto: Remove MD5 support
>
>     @@ -11,6 +11,7 @@
>          Cc: Jian J Wang <jian.j.wang@intel.com>
>          Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>          Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>     +    Message-Id: <20201112055558.2348-2-zhichao.gao@intel.com>
>
>      diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
>      --- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
>  2:  6ad0fd30037e !  2:  0c45603e7208 SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
>
>     @@ -11,6 +11,7 @@
>          Cc: Jian J Wang <jian.j.wang@intel.com>
>          Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>          Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>     +    Message-Id: <20201112055558.2348-3-zhichao.gao@intel.com>
>
>      diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
>      --- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
>  3:  2439f393cb9b !  3:  3d97de8735b8 CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
>
>     @@ -14,7 +14,7 @@
>          Cc: Guomin Jiang <guomin.jiang@intel.com>
>          Cc: Laszlo Ersek <lersek@redhat.com>
>          Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>     -    Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>     +    Message-Id: <20201112055558.2348-4-zhichao.gao@intel.com>
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc

This is worth highlighting.

Jiewen had given his R-b originally on patch #3 "CryptoPkg/dsc: Enable
MD5 when CRYPTO_SERVICES enable MD5", namely in the v2 thread:

  https://edk2.groups.io/g/devel/message/66629
  https://www.redhat.com/archives/edk2-devel-archive/2020-October/msg00848.html

However, under v3 I pointed out that the patch was not right:

  https://edk2.groups.io/g/devel/message/67319
  https://www.redhat.com/archives/edk2-devel-archive/2020-November/msg00476.html

Accordingly, Zhichao updated the patch in v4, and *correctly* dropped
Jiewen's R-b from v2 (as the patch has changed non-trivially):

  https://edk2.groups.io/g/devel/message/67362
  https://www.redhat.com/archives/edk2-devel-archive/2020-November/msg00521.html

Note that Jiewen did not re-review patch#3 in v4!

Therefore, Zhichao, it was *incorrect* from you to just go back to v2
and reapply Jiewen's R-b from there. You were right to *drop* it in v4,
and you were very wrong to *silently* re-add it on your "MD5_disble"
branch! (Commit 2439f393cb9b.)

Therefore, this CryptoPkg patch is now going in with *only* my review,
even though I'm not even a designated reviewer for CryptoPkg, let alone
a maintainer.

Merging patch#3 like this is not "ideal", to say the least, but the v4
patch has been on the list for 5 days now, and Jiewen was correctly CC'd
on it. It would have been a really simple incremental review. I'm quite
fed up with reviewers ignoring their responsibilities, so it's either
this, or we can delay (or revert) the series until after the stable tag
is released.

>  4:  41ac3e7fa126 !  4:  c17e682d01ce NetworkPkg: Enable MD5 while enable iSCSI
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          NetworkPkg: Enable MD5 while enable iSCSI
>
>     @@ -18,9 +18,12 @@
>          Cc: Jiaxin Wu <jiaxin.wu@intel.com>
>          Cc: Siyuan Fu <siyuan.fu@intel.com>
>          Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>     +    Message-Id: <20201112055558.2348-5-zhichao.gao@intel.com>
>     +    [lersek@redhat.com: clean up comments in "NetworkBuildOptions.dsc.inc"]
>     +    [lersek@redhat.com: hoist "BuildOptions" above "Components" in
>     +     "Network.dsc.inc" for bug compat with edk2-platforms]
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>          Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
>     -    Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
>
>      diff --git a/NetworkPkg/Network.dsc.inc b/NetworkPkg/Network.dsc.inc
>      --- a/NetworkPkg/Network.dsc.inc

Here Zhichao mistakenly applied an R-b from Maciej. Maciej did not
provide an R-b for this patch, as far as I can see.

Siyuan did review the patch, so the patch is OK to merge:

  https://edk2.groups.io/g/devel/message/67602
  https://www.redhat.com/archives/edk2-devel-archive/2020-November/msg00762.html

>  5:  7ffc00523613 !  5:  408c15466aa6 ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI
>
>     @@ -16,7 +16,9 @@
>          Cc: Laszlo Ersek <lersek@redhat.com>
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>     +    Message-Id: <20201112055558.2348-6-zhichao.gao@intel.com>
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>     +    Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
>      --- a/ArmVirtPkg/ArmVirtQemu.dsc

Here Zhichao missed my Build-tested-by:

  https://edk2.groups.io/g/devel/message/67559
  https://www.redhat.com/archives/edk2-devel-archive/2020-November/msg00719.html

>  6:  f832f46e1330 !  6:  6f699db9003e ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI
>
>     @@ -16,6 +16,7 @@
>          Cc: Laszlo Ersek <lersek@redhat.com>
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>     +    Message-Id: <20201112055558.2348-7-zhichao.gao@intel.com>
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>
>      diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
>  7:  eede1be8df57 !  7:  f94376fa1c42 OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI
>
>     @@ -16,6 +16,7 @@
>          Cc: Laszlo Ersek <lersek@redhat.com>
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>     +    Message-Id: <20201112055558.2348-8-zhichao.gao@intel.com>
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>          Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
>  8:  6318da723b53 !  8:  d886a5ee0c1c OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI
>
>     @@ -16,6 +16,7 @@
>          Cc: Laszlo Ersek <lersek@redhat.com>
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>     +    Message-Id: <20201112055558.2348-9-zhichao.gao@intel.com>
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>          Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
>  9:  e7c35bb40136 !  9:  5b942298b4c1 OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI
>
>     @@ -16,6 +16,7 @@
>          Cc: Laszlo Ersek <lersek@redhat.com>
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>     +    Message-Id: <20201112055558.2348-10-zhichao.gao@intel.com>
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>          Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
> 10:  901324b3b33f ! 10:  d30e7861db19 OvmfPkg/OvmfXen.dsc: Enable MD5 while enable iSCSI
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          OvmfPkg/OvmfXen.dsc: Enable MD5 while enable iSCSI
>
>     @@ -16,6 +16,7 @@
>          Cc: Laszlo Ersek <lersek@redhat.com>
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>     +    Message-Id: <20201112055558.2348-11-zhichao.gao@intel.com>
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>          Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
> 11:  64691d5671ba ! 11:  97d95fc17245 OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI
>
>     @@ -16,6 +16,7 @@
>          Cc: Laszlo Ersek <lersek@redhat.com>
>          Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>          Cc: Leif Lindholm <leif@nuviainc.com>
>     +    Message-Id: <20201112055558.2348-12-zhichao.gao@intel.com>
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>          Build-tested-by: Laszlo Ersek <lersek@redhat.com>
>
> 12:  40cb8b3e522a ! 12:  900809889d32 NetworkPkg/Defines: Make iSCSI disable as default
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          NetworkPkg/Defines: Make iSCSI disable as default
>
>     @@ -30,6 +30,7 @@
>          Cc: Jiaxin Wu <jiaxin.wu@intel.com>
>          Cc: Siyuan Fu <siyuan.fu@intel.com>
>          Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>     +    Message-Id: <20201112055558.2348-13-zhichao.gao@intel.com>
>          Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>          Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
>          Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> 13:  e9f94f099f83 ! 13:  31e5b14fc7ce CryptoPkg: Make the MD5 disable as default for security
>     @@ -1,4 +1,4 @@
>     -Author: Zhichao Gao <zhichao.gao@intel.com>
>     +Author: Gao, Zhichao <zhichao.gao@intel.com>
>
>          CryptoPkg: Make the MD5 disable as default for security
>
>     @@ -13,6 +13,7 @@
>          Cc: Guomin Jiang <guomin.jiang@intel.com>
>          Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>          Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>     +    Message-Id: <20201112055558.2348-14-zhichao.gao@intel.com>
>
>      diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
>      --- a/CryptoPkg/Include/Library/BaseCryptLib.h

The above process mistakes exemplify why I'm very reluctant to merge
branches from personal repositories "after review", as opposed to
picking up patches, feedback, and updates from the list, and composing
the branch pull request manually.

I'm going to submit a pull request now with my branch, and report back
with the commit range (hopefully).

Thanks,
Laszlo

Re: [edk2-devel] [PATCH V4 00/13] Disable the deprecated MD5 and SHA1 support

[Laszlo Ersek]

On 11/17/20 20:16, Laszlo Ersek wrote:

> I'm going to submit a pull request now with my branch, and report back
> with the commit range (hopefully).

Series merged as commit range 29d59baa3907..e6a12a0fc817, via
<https://github.com/tianocore/edk2/pull/1130>.

Thanks,
Laszlo