From: "Siyuan, Fu" <siyuan.fu@intel.com>
To: "Gao, Zhichao" <zhichao.gao@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>,
Maciej Rabeda <maciej.rabeda@linux.intel.com>,
"Wu, Jiaxin" <jiaxin.wu@intel.com>
Subject: Re: [PATCH 0/8] CryptoPkg: Retire the deprecate function
Date: Fri, 27 Mar 2020 02:47:15 +0000 [thread overview]
Message-ID: <B1FF2E9001CE9041BD10B825821D5BC58B9D0F1F@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <20200327015629.2588-1-zhichao.gao@intel.com>
Hi, Zhichao
We should never move/delete a member field of a previous defined protocol
Interface. Instead, these protocol APIs shall be kept and return an error code
If the function is retired. Otherwise the consumer driver may call into an
Incorrect function if it's build with different codebase/PCD settings with the
Crypto PEI/DXE/SMM driver.
This comment applies to all the EDKII_CRYPTO_PROTOCOL related changes in
your patch set.
Best Regards
Siyuan
> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: 2020年3月27日 9:56
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin
> <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> Subject: [PATCH 0/8] CryptoPkg: Retire the deprecate function
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
>
> MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer.
> They are all deprecated. Edk2 would not support them any longer.
> So remove them.
> But uefi spec want to keep MD5 and SHA1 for backwards compatibility.
> So add two pcds to control the MD5 and SHA1 enablement. Set the pcds
> default value to false to indicate they are deprecated.
>
> NetWorkPkg's iSCSI driver would consume the MD5 function, so change
> the md5 pcd to TURE when iSCSI is enabled.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>
> Zhichao Gao (8):
> CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> CryptoPkg/dec: Add pcds to avoid building the deprecated function
> NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI
> Crypto/BaseCryptLib: Using pcd to control MD5 enablement
> CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement
>
> CryptoPkg/CryptoPkg.dec | 11 +
> CryptoPkg/CryptoPkg.uni | 11 +
> CryptoPkg/Driver/Crypto.c | 634 +-----------------
> CryptoPkg/Include/Library/BaseCryptLib.h | 548 ---------------
> .../Library/BaseCryptLib/BaseCryptLib.inf | 9 +-
> .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ----
> .../BaseCryptLib/Cipher/CryptAesNull.c | 52 --
> .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------
> .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----
> .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ----------
> .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -----
> .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------
> .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----
> .../Library/BaseCryptLib/Hash/CryptMd5.c | 5 +-
> .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 3 +
> .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 3 +
> .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 +
> .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 +
> .../Library/BaseCryptLib/PeiCryptLib.inf | 13 +-
> .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 +
> .../Library/BaseCryptLib/Pk/CryptRsaBasic.c | 5 +
> .../Library/BaseCryptLib/Pk/CryptRsaExt.c | 5 +
> .../Library/BaseCryptLib/RuntimeCryptLib.inf | 13 +-
> .../Library/BaseCryptLib/SmmCryptLib.inf | 13 +-
> .../BaseCryptLibNull/BaseCryptLibNull.inf | 3 -
> .../BaseCryptLibNull/Cipher/CryptAesNull.c | 54 +-
> .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----
> .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -----
> .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----
> .../BaseCryptLibNull/Hash/CryptMd5Null.c | 3 +
> .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 3 +
> .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +-
> .../BaseCryptLibOnProtocolPpi/CryptLib.c | 604 +----------------
> .../Library/BaseHashApiLib/BaseHashApiLib.c | 12 +
> .../Library/BaseHashApiLib/BaseHashApiLib.inf | 1 +
> CryptoPkg/Private/Protocol/Crypto.h | 583 +---------------
> NetworkPkg/NetworkPcds.dsc.inc | 5 +-
> 37 files changed, 145 insertions(+), 4221 deletions(-)
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> delete mode 100644
> CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
> delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
>
> --
> 2.21.0.windows.1
next prev parent reply other threads:[~2020-03-27 2:47 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-27 1:56 [PATCH 0/8] CryptoPkg: Retire the deprecate function Gao, Zhichao
2020-03-27 1:56 ` [PATCH 1/8] CryptoPkg/BaseCrpytLib: Retire MD4 algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 2/8] CryptoPkg/BaseCryptLib: Retire ARC4 algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 3/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 4/8] CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm Gao, Zhichao
2020-03-27 1:56 ` [PATCH 5/8] CryptoPkg/dec: Add pcds to avoid building the deprecated function Gao, Zhichao
2020-03-27 1:56 ` [PATCH 6/8] NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI Gao, Zhichao
2020-03-27 2:07 ` Siyuan, Fu
2020-03-30 12:01 ` [edk2-devel] " Maciej Rabeda
2020-03-27 1:56 ` [PATCH 7/8] Crypto/BaseCryptLib: Using pcd to control MD5 enablement Gao, Zhichao
2020-03-27 1:56 ` [PATCH 8/8] CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement Gao, Zhichao
2020-03-27 2:04 ` [edk2-devel] " Michael D Kinney
2020-03-27 2:44 ` Gao, Zhichao
2020-03-27 2:51 ` Wang, Jian J
2020-03-27 17:35 ` Laszlo Ersek
2020-03-27 2:01 ` [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function Yao, Jiewen
2020-03-27 2:43 ` Gao, Zhichao
2020-03-27 2:50 ` Yao, Jiewen
2020-03-27 2:54 ` Gao, Zhichao
[not found] ` <160006BBBC4857E5.7267@groups.io>
2020-03-27 2:20 ` Yao, Jiewen
2020-03-27 2:53 ` Gao, Zhichao
2020-03-27 2:47 ` Siyuan, Fu [this message]
2020-03-27 2:57 ` Yao, Jiewen
2020-03-27 3:06 ` Siyuan, Fu
2020-03-27 4:59 ` Yao, Jiewen
2020-03-27 5:43 ` Siyuan, Fu
2020-03-27 5:50 ` Yao, Jiewen
2020-03-27 6:03 ` Siyuan, Fu
2020-03-27 6:15 ` Yao, Jiewen
2020-03-27 9:19 ` Ni, Ray
2020-03-27 16:38 ` Michael D Kinney
2020-03-27 23:43 ` Yao, Jiewen
2020-03-30 2:17 ` Siyuan, Fu
2020-03-30 2:47 ` Yao, Jiewen
2020-03-30 3:04 ` Siyuan, Fu
2020-03-30 17:30 ` Michael D Kinney
2020-03-31 0:34 ` Yao, Jiewen
2020-04-14 4:36 ` Gao, Zhichao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B1FF2E9001CE9041BD10B825821D5BC58B9D0F1F@SHSMSX103.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox