From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by mx.groups.io with SMTP id smtpd.web10.10437.1603704908696266533
 for <devel@edk2.groups.io>;
 Mon, 26 Oct 2020 02:35:09 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=rdzJOD8/;
 spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jiewen.yao@intel.com)
IronPort-SDR: DiwXUl5vxzUGTTCQ+DMqOSITZd0nk59qfIXkzFCiz9EcdsoPQeeu7cns/siK4zt5Ya3nJsYKUs
 DCjVhPhcFF/w==
X-IronPort-AV: E=McAfee;i="6000,8403,9785"; a="154865031"
X-IronPort-AV: E=Sophos;i="5.77,417,1596524400"; 
   d="scan'208";a="154865031"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
  by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2020 02:35:06 -0700
IronPort-SDR: EKryyVwvBhEKs1YUipHX7KpijGPWyGlt5LK/QOTYzcPOYUANonrfmhPsTKv3A2zoshDEPmClYV
 ZL0gsqV+EBMw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.77,417,1596524400"; 
   d="scan'208";a="394056871"
Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86])
  by orsmga001.jf.intel.com with ESMTP; 26 Oct 2020 02:35:02 -0700
Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by
 fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Mon, 26 Oct 2020 02:35:01 -0700
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by
 fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5
 via Frontend Transport; Mon, 26 Oct 2020 02:35:01 -0700
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.42) by
 edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.1713.5; Mon, 26 Oct 2020 02:34:59 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=MTeWLz+gJ/4S5r//eIezGIdTIBPGY2YpZYinjteD9mHSU8zSJd7Z/La/hISX5HqsJeIYUw++0NHTyO3VLqBTek85GAb6yYR2vtebDP4k/DGMdgsFAx73FuqHrCCnklSs8FEJtjEPy5C1azJMjjcPLmCSIjnMqhsiGg7jwNg8hM4Ue8q0qWBGNU+KpIxvJSXAz6wqpAxmJqdgpkgjlKD1tUdQgtC6y3VRYx3GdnzHOuJ+PCgTG7tG/8BH8U9+mopJe1yTCFRys97+zGcOYXKBCITqBV3USQyZa0ddxTFt/uyRCHBrrrZ1QaKEPsGemmxqQiY9V4FdYX3b+X5Fz5fhxA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=QdI9kdATxAwAA+ZHirs4trxyLokiTgx/gPotH9awCCg=;
 b=BxPUOgmzlCevF6W7kKUbfOqwEY5XYy6URVlnUWT/YrEnaSruE8l0idVu+oETfVCcoHoo8NnCjF28Y3wxVx99mk3fn92qSNnnmsZiw1fkT9beG+414Djsci+3Y3LubN3fvewz2hPObyWg1q4TUU/9/OSLBjrUcliucNIiDdY9LKucDVxm12Z7v/u7FaaSRzXZcM8IWoK3Rrw8pGIloB4WW7vzL8Vz0JKRnIUhKE+UXeeV0EXroBL8HT+C77v8MX1ITbFdfVbxQqLO1RGKdv95P2/3PCg0uMxTbf/jqvj3mQiWGG+CIBFYcDx1ZnYcHPmZ9eRgPhNwc+Gk5kcQR+1HSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=QdI9kdATxAwAA+ZHirs4trxyLokiTgx/gPotH9awCCg=;
 b=rdzJOD8/qxEbRnMnwRhbLuXMJLwrsIw67YCQ+2hXT4Rmo8LAo23hXqhNMa21DkTpGYHovqzwhMAzemsNGi9S5HN/5Lt77N50WlPApNt6qFvDIiCAnzbH2lG77Dvbf/zwQI8KYG0/dbDJ9gVd9hwlkTIX8jOyni+xPctPebJTZac=
Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8)
 by CY4PR11MB1365.namprd11.prod.outlook.com (2603:10b6:903:22::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.23; Mon, 26 Oct
 2020 09:34:51 +0000
Received: from CY4PR11MB1288.namprd11.prod.outlook.com
 ([fe80::8948:caa4:ca1a:23ac]) by CY4PR11MB1288.namprd11.prod.outlook.com
 ([fe80::8948:caa4:ca1a:23ac%10]) with mapi id 15.20.3477.028; Mon, 26 Oct
 2020 09:34:51 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Gao, Zhichao" <zhichao.gao@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Justen, Jordan L" <jordan.l.justen@intel.com>, Laszlo Ersek
	<lersek@redhat.com>, Ard Biesheuvel <ard.biesheuvel@arm.com>, Sami Mujawar
	<sami.mujawar@arm.com>, Leif Lindholm <leif@nuviainc.com>, "Wang, Jian J"
	<jian.j.wang@intel.com>, "Lu, XiaoyuX" <xiaoyux.lu@intel.com>, "Jiang,
 Guomin" <guomin.jiang@intel.com>, "Kinney, Michael D"
	<michael.d.kinney@intel.com>, "Steele, Kelly" <kelly.steele@intel.com>, "Sun,
 Zailiang" <zailiang.sun@intel.com>, "Qian, Yi" <yi.qian@intel.com>, "Liming
 Gao" <gaoliming@byosoft.com.cn>, Maciej Rabeda
	<maciej.rabeda@linux.intel.com>, "Wu, Jiaxin" <jiaxin.wu@intel.com>, "Fu,
 Siyuan" <siyuan.fu@intel.com>, "Feng, Roger" <roger.feng@intel.com>
Subject: Re: [PATCH 0/5] Make the MD5 disable as default setting
Thread-Topic: [PATCH 0/5] Make the MD5 disable as default setting
Thread-Index: AQHWq3csNnGFbcUnNEqk37yQGsQWYKmpnzSA
Date: Mon, 26 Oct 2020 09:34:51 +0000
Message-ID: <CY4PR11MB1288A2488E17C3690200E4D88C190@CY4PR11MB1288.namprd11.prod.outlook.com>
References: <20201026090343.13048-1-zhichao.gao@intel.com>
In-Reply-To: <20201026090343.13048-1-zhichao.gao@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.5.1.3
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [101.80.124.211]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3b048049-a62c-4f0c-0bcf-08d879926383
x-ms-traffictypediagnostic: CY4PR11MB1365:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <CY4PR11MB13656A8F5A9886B1D19D6E1C8C190@CY4PR11MB1365.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UB76W3MbacAyJmIb5AvhOY1B7bZ1HOUsZow04gAI7QmJEboQNTog0s5NU7NjbSOX56NIr05zdEd3Kc7PexSet2qe7diRYF4rjMKZBjivb4cALvgIiYxAkk+yrMREIq+mIC8k0ovZoXruWDhorBbHxw+UP5CxdK1LI6fXjj/xM8kQOB+QC+5chx0C1VgtPINWRXAP7VJIKY2lM3k5qI/R9uVWO1XmNZVvab+pciJ1b+jNY6CU+AIZ9htX5vYwb2AYbekGMCkkqw3X0BbJkSKB9oa8vS3b2le+99FRzZq7YgU+i5/dJg1GHY254o7rEXygOzu+k/ywwoU0JBbpUlAVVoNj4TCzB7DPxdPqXXW16uolxlUo50h7jP3REQPptxRlWvtqKLDO4UY9PHDtoA9kqg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(52536014)(4326008)(66946007)(26005)(54906003)(66476007)(66556008)(110136005)(478600001)(64756008)(66446008)(7696005)(5660300002)(55016002)(86362001)(316002)(53546011)(8676002)(966005)(71200400001)(186003)(83380400001)(76116006)(2906002)(19627235002)(9686003)(33656002)(8936002)(6506007);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: 5GGhzvJA+dVyR2g+PzTcPPh/0qEn0IhP1XMvhNdsoYaFYBg7WrqkkCzKEahA+8NTrIDCE14IsOFkXr7AarwstAFMZHoINu+S/uGspXd2y6gBUUa9j5ujhhGKt3mclSxUF2kZ3TFSzySNRSw/1ygvB95hpj1xHjcY6T+dk+DcZPtJp45MGXpKcjVeKJIEq+K4ashtII76xV7yYQ4JkRyfxRE7t6RQaL54Uc/zsTDrdEZvu8EucB32dr7L3U987F3VfpdGHzQAfvfF1HIEPlrtRigWM3pmdW1nrhmkmtnwwmSZ5pri9ei3UGm3rjR6CyVJTGxhCzROrl+1oAA4bgfCrwn5bixez+wIHanWb+eZgchPsMDg5/SsHIz4FxfC9Ns5OpfIx/bTmmO6J51OyN14+Z3RNyLmltn+otZ2LXqWgBgEQTCZjulADvakdcspaGVEiLc4BPh9Q+8f9NsOXDzwJpbaD/FKNhtCalMGEVDwJ+itjxevkAJ4zoIK3JpH0AcBAeIWTtgBGzkbNodkI0Dmdxvvk5rAEpuDHg6eplFvAeqr/fVdb9Ac3dcE6cE0pXrvR4gYvdF+RzoNiDWOVjmnGQPou79e2UkqQJmyxlMxeAPAzehbPXJkA36hKXZkV8ySPrWqgPnLTkp82ZNMPEaWTw==
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b048049-a62c-4f0c-0bcf-08d879926383
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2020 09:34:51.2774
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sOCZCLip4WQFXCX4iWv4GnX9fvqulOwGrA6wShbnMrqPFlk1YbkGxICabsfHtfRswGU8VxaAL4mKXQXskUeqvg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1365
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks Zhichao.

Can we remove MD5 from Hash2DxeCrypto ?
I don't see a strong reason to include.
It should only be used by iSCSI.

Also, if possible, I prefer to remove SHA1 from Hash2DxeCrypto as well.

Thank you
Yao Jiewen


> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: Monday, October 26, 2020 5:04 PM
> To: devel@edk2.groups.io
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin
> <guomin.jiang@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>;
> Steele, Kelly <kelly.steele@intel.com>; Sun, Zailiang
> <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Maciej Rabeda
> <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu,
> Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com>
> Subject: [PATCH 0/5] Make the MD5 disable as default setting
>=20
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3003
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3021
>=20
> MD5 is deprecated, make it disable as default for security.
> It required to set MD5 enable explicitly if the module is still
> using MD5. List the modules that are still using it:
> iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config).
>=20
> This patch set would affact the platforms that are using iSCSI
> function.
>=20
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Zailiang Sun <zailiang.sun@intel.com>
> Cc: Yi Qian <yi.qian@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Roger Feng <roger.feng@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>=20
> Zhichao Gao (5):
>   NetworkPkg/Defines: Make iSCSI disable as default
>   NetworkPkg: Enable MD5 while enable iSCSI
>   SecurityPkg/dsc: Explicitly enable MD5 for package build
>   CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
>   CryptoPkg: Make the MD5 disable as default for security
>=20
>  CryptoPkg/CryptoPkg.dsc                                | 3 +++
>  CryptoPkg/Driver/Crypto.c                              | 4 ++--
>  CryptoPkg/Include/Library/BaseCryptLib.h               | 2 +-
>  CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c         | 2 +-
>  CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +-
>  NetworkPkg/Network.dsc.inc                             | 5 +++++
>  NetworkPkg/NetworkDefines.dsc.inc                      | 4 ++--
>  SecurityPkg/SecurityPkg.dsc                            | 2 +-
>  8 files changed, 16 insertions(+), 8 deletions(-)
>=20
> --
> 2.21.0.windows.1