From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.4147.1585274471996520376 for ; Thu, 26 Mar 2020 19:01:12 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jiewen.yao@intel.com) IronPort-SDR: /eR9T4Fh8JafK09q5yeokJqDb9XfSsGbImDsH+Bd7VCHgjRLPl8RTXoJVuc82wEuy9V7WQGtQT Kf3FeaBQeh8A== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2020 19:01:11 -0700 IronPort-SDR: kn+U56KOP8eTnYZhOb62mTSR3I3Ogr1bb03XmrI6V20LTNErc+hYT0T92WlGQ+4hpIit84zSby lN9YSsXKWAPg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,310,1580803200"; d="scan'208";a="447247832" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga005.fm.intel.com with ESMTP; 26 Mar 2020 19:01:11 -0700 Received: from fmsmsx111.amr.corp.intel.com (10.18.116.5) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 26 Mar 2020 19:01:04 -0700 Received: from shsmsx106.ccr.corp.intel.com (10.239.4.159) by fmsmsx111.amr.corp.intel.com (10.18.116.5) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 26 Mar 2020 19:01:04 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.50]) by SHSMSX106.ccr.corp.intel.com ([169.254.10.86]) with mapi id 14.03.0439.000; Fri, 27 Mar 2020 10:01:02 +0800 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Gao, Zhichao" CC: "Wang, Jian J" , "Lu, XiaoyuX" , Maciej Rabeda , "Wu, Jiaxin" , "Fu, Siyuan" Subject: Re: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function Thread-Topic: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function Thread-Index: AQHWA9r3vfbc0WLdPUSI70pQ90E/bahbrwWw Date: Fri, 27 Mar 2020 02:01:01 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F9A006D@shsmsx102.ccr.corp.intel.com> References: <20200327015629.2588-1-zhichao.gao@intel.com> In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jiewen.yao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Good feature. I believe TPM1.2 still uses SHA1. It should be added as well. > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Gao, > Zhichao > Sent: Friday, March 27, 2020 9:56 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Maciej Rabeda ; Wu, Jiaxin > ; Fu, Siyuan > Subject: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate functi= on >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1682 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1898 >=20 > MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer. > They are all deprecated. Edk2 would not support them any longer. > So remove them. > But uefi spec want to keep MD5 and SHA1 for backwards compatibility. > So add two pcds to control the MD5 and SHA1 enablement. Set the pcds > default value to false to indicate they are deprecated. >=20 > NetWorkPkg's iSCSI driver would consume the MD5 function, so change > the md5 pcd to TURE when iSCSI is enabled. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Maciej Rabeda > Cc: Jiaxin Wu > Cc: Siyuan Fu > Signed-off-by: Zhichao Gao >=20 > Zhichao Gao (8): > CryptoPkg/BaseCrpytLib: Retire MD4 algorithm > CryptoPkg/BaseCryptLib: Retire ARC4 algorithm > CryptoPkg/BaseCryptLib: Retire the Tdes algorithm > CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm > CryptoPkg/dec: Add pcds to avoid building the deprecated function > NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI > Crypto/BaseCryptLib: Using pcd to control MD5 enablement > CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement >=20 > CryptoPkg/CryptoPkg.dec | 11 + > CryptoPkg/CryptoPkg.uni | 11 + > CryptoPkg/Driver/Crypto.c | 634 +----------------- > CryptoPkg/Include/Library/BaseCryptLib.h | 548 --------------- > .../Library/BaseCryptLib/BaseCryptLib.inf | 9 +- > .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ---- > .../BaseCryptLib/Cipher/CryptAesNull.c | 52 -- > .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------ > .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ---- > .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ---------- > .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 ----- > .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------ > .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ---- > .../Library/BaseCryptLib/Hash/CryptMd5.c | 5 +- > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 3 + > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 3 + > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 + > .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 + > .../Library/BaseCryptLib/PeiCryptLib.inf | 13 +- > .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 + > .../Library/BaseCryptLib/Pk/CryptRsaBasic.c | 5 + > .../Library/BaseCryptLib/Pk/CryptRsaExt.c | 5 + > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 13 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 13 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 3 - > .../BaseCryptLibNull/Cipher/CryptAesNull.c | 54 +- > .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ---- > .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 ----- > .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ---- > .../BaseCryptLibNull/Hash/CryptMd5Null.c | 3 + > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 3 + > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 604 +---------------- > .../Library/BaseHashApiLib/BaseHashApiLib.c | 12 + > .../Library/BaseHashApiLib/BaseHashApiLib.inf | 1 + > CryptoPkg/Private/Protocol/Crypto.h | 583 +--------------- > NetworkPkg/NetworkPcds.dsc.inc | 5 +- > 37 files changed, 145 insertions(+), 4221 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.= c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.= c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c > delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null= .c >=20 > -- > 2.21.0.windows.1 >=20 >=20 >=20