From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web11.8478.1603767243994477997 for ; Mon, 26 Oct 2020 19:54:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=mIzBZQcw; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com) IronPort-SDR: 0rCLN8XBixysxMkDirDci+5KicD84VBJsamZXrlNmVK9AmG/1IA8Zl+suahGG/+aSuwMrcYqx7 lpB4su8ROBRw== X-IronPort-AV: E=McAfee;i="6000,8403,9786"; a="168118741" X-IronPort-AV: E=Sophos;i="5.77,422,1596524400"; d="scan'208";a="168118741" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2020 19:54:02 -0700 IronPort-SDR: rXDtysE0dYXw/xdyZ39NRHGX1qa2+3pJ2R9RblmID+802CNNk48IQEsvoaXk2PEezbHodtMC8k 2nqLpmw81b3A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,422,1596524400"; d="scan'208";a="394320462" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga001.jf.intel.com with ESMTP; 26 Oct 2020 19:54:01 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 26 Oct 2020 19:54:01 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Mon, 26 Oct 2020 19:54:01 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.177) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Mon, 26 Oct 2020 19:54:00 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QzXD7WYYmCkzYJTzyKYoEDtA87T4ojcy+u1nTLjv0l1467EvEvCfVm57DX1OomdHe6OJhZKLZ06g3+q35sN5bed9vDZIp76evoeiHSUWOE6xGfxRjlrr0UTVmuFsdNlSXx3v0EYJizJyNCqLPNSMbSPgnHQP+AvsTyLL5HgWw/ORDe2k7joIsQ6B6Slp1gsPKCV+n09mm9hmHjYsbZhg71qeBo0fT+xPk/3QHKBXWZHwYfx9Mwe0R/221eXmjr69SRtSSFsFPrQFFZ+JVQ4ESUJGHndQjqsx8Ox1FBDx24rV2AB1BuhubJEDbzvacrg8msnqKJOXv1DgqAsPxt9SBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8EvSfeCi08a/GXfMSiGkYbA+82sxLbMOnczMRIokwBE=; b=W7EMt+shNLJpeGLKmLcRhUtuEX8AjbRxl+VbVo+wCb7EaxHuEJeEPdWCIJG1FQnKNafvorLO2k2n1HZEn9/xqEjL/RWILhr71PIf73Fiyr+PQ9trXnPkwDnOJVnmnhg1RcVz+qQORKrZrcBoCHVuI2mjxswt/pYfOHLmhaP9LdgprekMhTAdgdG4YuhdHUWv/jhpzM1EeTHUUN4VHlZM2MG1UI9x1muwuLeLnumR4sfP+yvnEw5q2hlmYSDPwzDNP8qyu5uK7DAzN4AJqu5dGK1kQXaoBx7a3xGjS6ZAm4m4ajB2U5jDTcngsufTiUaLC/u4TKemCVwooYl6N2Oceg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8EvSfeCi08a/GXfMSiGkYbA+82sxLbMOnczMRIokwBE=; b=mIzBZQcw9vAKV4uz8pl+1hOQCBFd027abuGtbf6qMyayvOfaCVmUcvvC2m0qzh+UvVFG1hzo+dwREatdyhEXJh2gA/J8EwLG8iCbnt7cy8hgN6bI9ukTlvfcNV/Wx61jZVWdU+AyQ6nkGKcX5f5LKbt5PVZwCjA1A4529SqCJMw= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR1101MB2166.namprd11.prod.outlook.com (2603:10b6:910:1e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Tue, 27 Oct 2020 02:53:59 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8948:caa4:ca1a:23ac]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8948:caa4:ca1a:23ac%10]) with mapi id 15.20.3477.028; Tue, 27 Oct 2020 02:53:59 +0000 From: "Yao, Jiewen" To: "Gao, Zhichao" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, XiaoyuX" , "Jiang, Guomin" Subject: Re: [PATCH V2 7/7] CryptoPkg: Make the MD5 disable as default for security Thread-Topic: [PATCH V2 7/7] CryptoPkg: Make the MD5 disable as default for security Thread-Index: AQHWrAr2BI5bpqRnIEmN4HKYoES98KmqwLjA Date: Tue, 27 Oct 2020 02:53:59 +0000 Message-ID: References: <20201027024300.21100-1-zhichao.gao@intel.com> <20201027024300.21100-8-zhichao.gao@intel.com> In-Reply-To: <20201027024300.21100-8-zhichao.gao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.195] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a5ec40b8-aad3-4b2f-9d1a-08d87a238dbf x-ms-traffictypediagnostic: CY4PR1101MB2166: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1775; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: qpe5bi7WFvLlkfe8NoYgj7k2SvVD7Cp2CEXXPLCK+2+ZYfjns/N+2z7Faa9GGPf7CHLePSKXvomufk3f/Hl0jSDYd15LSoSRJlGeBfAM9h+h6+rRnK23Khnba7dFUb5oQGUeQ1DqAvhllEyWGyYB/Hu9xcaVhf0a4/u78NZ4KIbjloyWkih8maBGzln0Pf1BDu/QyeZ8H3X8BLDAwf3UoDbPkNsyOQ1gPZO0RFtAwxjn5G17e9DwNeIizJ1pHu5dWAfII0Wd6KR9EcPllp7YAfxQzJzFefee6m9hJp808cd1roVv6OeVucmntsEtcKlT1F0O9WSTEkkzEJodI6MJ+Lj8oGNDPCPQWmfwFtpzgvPyqa4/zb6qdroIJMOfmCn+5mKzs8/aYsklMOac9hR1vw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(396003)(39860400002)(346002)(136003)(366004)(66946007)(7696005)(966005)(316002)(4326008)(64756008)(110136005)(76116006)(66446008)(55016002)(71200400001)(66476007)(107886003)(66556008)(9686003)(8936002)(15650500001)(5660300002)(54906003)(52536014)(6506007)(33656002)(2906002)(86362001)(8676002)(83380400001)(186003)(53546011)(478600001)(26005)(19627235002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: xBtVT0ThlM46AgtNWcizXFHPXROeXHm1nrq4FcAhie+6i4vpaLThq7ddPrEaR6sJqr8Sf8+v+HCgAIfeJeZ2OGSj8BOlEB6jd7n/EcF5SJk5ae6jcKLYdp+f7EoSPHU9ffRPcjKGAAzVdbzMrRlDejPVN52NN2j03fPiE9O63JAyZOJ12rR2v2glAPutPQBzvMmdDa6lQfRbwpDNNsiEDLGeDKq9Xg/V/OEEdUmrkC0uEWgYOB9cQjjSw0W5xK4TS0gMmFuai7i3b0AQh9aRjdrJ5bYs7w//B+wlRg+5KHDcmji1rJEonFhJwU7LwBJYWCwTV/fQmQruAIthVMohydN4kC1C/jRFf4NtQuGAdJjShpN1Oi2n795Dndp9QZVnC0LO9bHgZZQjkx8iVZ46EUZGX8UK2BbOPNQ0v0U1Vz6HI+Ex0us7NHwuJ6rT70fw5RQG46MTKVb2VQqaz1dzSNGszXjmykyf+rENf2iY3u8PvneqnYy6HATl1ezRQjxg6R5yuGRXObug9tV8jfwCcKsrbt5KZC5U0MfEQ3c5gg7fYoPQnf2ohYL9W0Z6M82uZO+KtVo6DSpzIgE7B9PxqzxG+YB3cxaWxJ9Nt3MIW8N2yBkq7oQWpZFEXpYS5o0LUCfYJFHBwLMrMLvTDth1ZA== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a5ec40b8-aad3-4b2f-9d1a-08d87a238dbf X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2020 02:53:59.1585 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 41vqJeCXGNxx/L/bc0iW5+irnOzpAhCXlv7TuSRjg+9XemKXPf0PDmztbhrNGvzizuesoNvUaN3wW1tiIQ9jqw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2166 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: Gao, Zhichao > Sent: Tuesday, October 27, 2020 10:43 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J > ; Lu, XiaoyuX ; Jiang, Guomi= n > > Subject: [PATCH V2 7/7] CryptoPkg: Make the MD5 disable as default for > security >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3021 >=20 > Make the deprecated MD5 disable as default setting for > security. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Signed-off-by: Zhichao Gao > --- > CryptoPkg/Driver/Crypto.c | 4 ++-- > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- > 4 files changed, 5 insertions(+), 5 deletions(-) >=20 > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index d9096ea603..26f280cd5d 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -243,7 +243,7 @@ DeprecatedCryptoServiceMd4HashAll ( > return BaseCryptLibServiceDeprecated ("Md4HashAll"), FALSE; > } >=20 > -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES > +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES > /** > Retrieves the size, in bytes, of the context buffer required for MD5 h= ash > operations. >=20 > @@ -4494,7 +4494,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { > DeprecatedCryptoServiceMd4Update, > DeprecatedCryptoServiceMd4Final, > DeprecatedCryptoServiceMd4HashAll, > -#ifdef DISABLE_MD5_DEPRECATED_INTERFACES > +#ifndef ENABLE_MD5_DEPRECATED_INTERFACES > /// Md5 - deprecated and unsupported > DeprecatedCryptoServiceMd5GetContextSize, > DeprecatedCryptoServiceMd5Init, > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index ae9bde9e37..496121e6a4 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -72,7 +72,7 @@ typedef enum { > // One-Way Cryptographic Hash Primitives >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES > +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES > /** > Retrieves the size, in bytes, of the context buffer required for MD5 h= ash > operations. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c > b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c > index b85e7f4d12..d670f17424 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c > +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c > @@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include "InternalCryptLib.h" > #include >=20 > -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES > +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES > /** > Retrieves the size, in bytes, of the context buffer required for MD5 h= ash > operations. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index 3f14c6d262..8b43d1363c 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -99,7 +99,7 @@ CryptoServiceNotAvailable ( > // One-Way Cryptographic Hash Primitives >=20 > //=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > -#ifndef DISABLE_MD5_DEPRECATED_INTERFACES > +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES > /** > Retrieves the size, in bytes, of the context buffer required for MD5 h= ash > operations. >=20 > -- > 2.21.0.windows.1