From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Gao, Zhichao" <zhichao.gao@intel.com>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>,
Maciej Rabeda <maciej.rabeda@linux.intel.com>,
"Wu, Jiaxin" <jiaxin.wu@intel.com>,
"Fu, Siyuan" <siyuan.fu@intel.com>
Subject: Re: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function
Date: Fri, 27 Mar 2020 02:01:01 +0000 [thread overview]
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F9A006D@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com>
Good feature.
I believe TPM1.2 still uses SHA1. It should be added as well.
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> Zhichao
> Sent: Friday, March 27, 2020 9:56 AM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> Subject: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
>
> MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer.
> They are all deprecated. Edk2 would not support them any longer.
> So remove them.
> But uefi spec want to keep MD5 and SHA1 for backwards compatibility.
> So add two pcds to control the MD5 and SHA1 enablement. Set the pcds
> default value to false to indicate they are deprecated.
>
> NetWorkPkg's iSCSI driver would consume the MD5 function, so change
> the md5 pcd to TURE when iSCSI is enabled.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>
> Zhichao Gao (8):
> CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> CryptoPkg/dec: Add pcds to avoid building the deprecated function
> NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI
> Crypto/BaseCryptLib: Using pcd to control MD5 enablement
> CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement
>
> CryptoPkg/CryptoPkg.dec | 11 +
> CryptoPkg/CryptoPkg.uni | 11 +
> CryptoPkg/Driver/Crypto.c | 634 +-----------------
> CryptoPkg/Include/Library/BaseCryptLib.h | 548 ---------------
> .../Library/BaseCryptLib/BaseCryptLib.inf | 9 +-
> .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ----
> .../BaseCryptLib/Cipher/CryptAesNull.c | 52 --
> .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------
> .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----
> .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ----------
> .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -----
> .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------
> .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----
> .../Library/BaseCryptLib/Hash/CryptMd5.c | 5 +-
> .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 3 +
> .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 3 +
> .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 +
> .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 +
> .../Library/BaseCryptLib/PeiCryptLib.inf | 13 +-
> .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 +
> .../Library/BaseCryptLib/Pk/CryptRsaBasic.c | 5 +
> .../Library/BaseCryptLib/Pk/CryptRsaExt.c | 5 +
> .../Library/BaseCryptLib/RuntimeCryptLib.inf | 13 +-
> .../Library/BaseCryptLib/SmmCryptLib.inf | 13 +-
> .../BaseCryptLibNull/BaseCryptLibNull.inf | 3 -
> .../BaseCryptLibNull/Cipher/CryptAesNull.c | 54 +-
> .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----
> .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -----
> .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----
> .../BaseCryptLibNull/Hash/CryptMd5Null.c | 3 +
> .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 3 +
> .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +-
> .../BaseCryptLibOnProtocolPpi/CryptLib.c | 604 +----------------
> .../Library/BaseHashApiLib/BaseHashApiLib.c | 12 +
> .../Library/BaseHashApiLib/BaseHashApiLib.inf | 1 +
> CryptoPkg/Private/Protocol/Crypto.h | 583 +---------------
> NetworkPkg/NetworkPcds.dsc.inc | 5 +-
> 37 files changed, 145 insertions(+), 4221 deletions(-)
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
>
> --
> 2.21.0.windows.1
>
>
>
next prev parent reply other threads:[~2020-03-27 2:01 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-27 1:56 [PATCH 0/8] CryptoPkg: Retire the deprecate function Gao, Zhichao
2020-03-27 1:56 ` [PATCH 1/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 2/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 3/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 4/8] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 5/8] CryptoPkg/dec: Add pcds to avoid building the deprecated function Gao, Zhichao
2020-03-27 1:56 ` [PATCH 6/8] NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI Gao, Zhichao
2020-03-27 2:07 ` Siyuan, Fu
2020-03-30 12:01 ` [edk2-devel] " Maciej Rabeda
2020-03-27 1:56 ` [PATCH 7/8] Crypto/BaseCryptLib: Using pcd to control MD5 enablement Gao, Zhichao
2020-03-27 1:56 ` [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement Gao, Zhichao
2020-03-27 2:04 ` [edk2-devel] " Michael D Kinney
2020-03-27 2:44 ` Gao, Zhichao
2020-03-27 2:51 ` Wang, Jian J
2020-03-27 17:35 ` Laszlo Ersek
2020-03-27 2:01 ` Yao, Jiewen [this message]
2020-03-27 2:43 ` [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function Gao, Zhichao
2020-03-27 2:50 ` Yao, Jiewen
2020-03-27 2:54 ` Gao, Zhichao
[not found] ` <160006BBBC4857E5.7267@groups.io>
2020-03-27 2:20 ` Yao, Jiewen
2020-03-27 2:53 ` Gao, Zhichao
2020-03-27 2:47 ` Siyuan, Fu
2020-03-27 2:57 ` [edk2-devel] " Yao, Jiewen
2020-03-27 3:06 ` Siyuan, Fu
2020-03-27 4:59 ` Yao, Jiewen
2020-03-27 5:43 ` Siyuan, Fu
2020-03-27 5:50 ` Yao, Jiewen
2020-03-27 6:03 ` Siyuan, Fu
2020-03-27 6:15 ` Yao, Jiewen
2020-03-27 9:19 ` Ni, Ray
2020-03-27 16:38 ` Michael D Kinney
2020-03-27 23:43 ` Yao, Jiewen
2020-03-30 2:17 ` Siyuan, Fu
2020-03-30 2:47 ` Yao, Jiewen
2020-03-30 3:04 ` Siyuan, Fu
2020-03-30 17:30 ` Michael D Kinney
2020-03-31 0:34 ` Yao, Jiewen
2020-04-14 4:36 ` Gao, Zhichao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74D8A39837DF1E4DA445A8C0B3885C503F9A006D@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox