From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web11.3332.1603940519375393875 for ; Wed, 28 Oct 2020 20:01:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=HoWOe3gl; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: roger.feng@intel.com) IronPort-SDR: nbkblqNsqS0a28TVjYwrqIrdn6AdumYjHf7ymyY3FgAftjj4lIa805psTSTGeMTOvgLa2u50A7 ZPTfp1O97DFA== X-IronPort-AV: E=McAfee;i="6000,8403,9788"; a="165781722" X-IronPort-AV: E=Sophos;i="5.77,428,1596524400"; d="scan'208";a="165781722" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2020 20:01:58 -0700 IronPort-SDR: RAIn4loWq8O17IxwD/F5jXbF8tg39O6KAczgpaFntmYESI2NBit85uDJF+PmZJ+3IoiM+6rsuP Bjyg3KVE5RZQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,428,1596524400"; d="scan'208";a="323564163" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga006.jf.intel.com with ESMTP; 28 Oct 2020 20:01:58 -0700 Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 28 Oct 2020 20:01:58 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 28 Oct 2020 20:01:57 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Wed, 28 Oct 2020 20:01:57 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.168) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Wed, 28 Oct 2020 20:01:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AOTIhDQ0LYiTCHznQDOfvqg33oSe9cuLoUvx0Qa2IDhWXJmfvqAoUK+XDsNeQPUUyuqMxv8S2C4QOboF90sU212YdYKlFvxu26nClcBIrbwFxQLqfSDJpamoewmtag328yswMro4qOcTzfIRtdGlroGbT/Q8HFFDMuzH3gbehhfjF642SwCZVv9BmhVdb8wwcelX1JZMQnb0hbwe9y+JoX3YhzktIZHbENKN1WyA5hFQGjmWeOCtYH246Vha4It9ernNOWhDp7plNBnDFbLff054pv+8tXIcfQmTp4CB4DuSGYjpKcBBfhINXtGiO8p4M6Ch2RkJaFQoPWc2Al11WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eMU64tufQ5HYfngmklm8Wz99Avd9z1nbpREjbr4wmEY=; b=FqOplxU/BHgxjkj/1P/CWPzLJpRicseEl6plo4cLtJnx9mTmT55N3xYZicH5dX0ZVo9qFIRJ8V81QZjD9I9W6ulTJK8VsDhRSAAwF4LgV5g8SwZfsZ9CcLlqsLD3E/GcxxMOXj1gkZOhuEOfI1aBYFRAlaG6z1KR9XZx0hYK8L5gJrI9RA1pfAKSD30iHjsh/A/o1EGNQL9d8WaOFRNVDBHUmIymKYzx/W4s7uws6+fWGmDndy8ocl9V6sqpq5unictJ7BhpZQ7uL8AQX2TwOf8nkDUlBWAlIB+EXF/y1C+hfUAVpJEfMP/A7dJ7xvzsN/jnxTioyKN+o38aTmCzJg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eMU64tufQ5HYfngmklm8Wz99Avd9z1nbpREjbr4wmEY=; b=HoWOe3gl4WwsaC44jryxJ9P1YcYH28PEIvoLtdfzD98qjjMQcPYJNbfO4CRFRR3NLmyZfCl9uhpNSnudXfmtY/VLFsAJNhk8kSN5gj4bt+O2qRmpY6KVdvYmrgYCHJEta3oaMOcWGHdOH91ymWUYu36PUG/D0gLwHuZKd+MHCJQ= Received: from DM6PR11MB3835.namprd11.prod.outlook.com (2603:10b6:5:139::32) by DM5PR11MB0057.namprd11.prod.outlook.com (2603:10b6:4:6b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18; Thu, 29 Oct 2020 03:01:52 +0000 Received: from DM6PR11MB3835.namprd11.prod.outlook.com ([fe80::ec26:337b:607:3ecf]) by DM6PR11MB3835.namprd11.prod.outlook.com ([fe80::ec26:337b:607:3ecf%4]) with mapi id 15.20.3499.027; Thu, 29 Oct 2020 03:01:52 +0000 From: "Feng, Roger" To: "Gao, Zhichao" , "Yao, Jiewen" , "devel@edk2.groups.io" CC: "Justen, Jordan L" , Laszlo Ersek , Ard Biesheuvel , Sami Mujawar , Leif Lindholm , "Wang, Jian J" , "Lu, XiaoyuX" , "Jiang, Guomin" , "Kinney, Michael D" , "Steele, Kelly" , "Sun, Zailiang" , "Qian, Yi" , "Liming Gao" , Maciej Rabeda , "Wu, Jiaxin" , "Fu, Siyuan" , "Zhang, Qi1" Subject: Re: [PATCH 0/5] Make the MD5 disable as default setting Thread-Topic: [PATCH 0/5] Make the MD5 disable as default setting Thread-Index: AQHWq3csLxfVifuj20e609VGd2mJ2ampn5OAgAEBHQCAA0ff8A== Date: Thu, 29 Oct 2020 03:01:52 +0000 Message-ID: References: <20201026090343.13048-1-zhichao.gao@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.206] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a83376e3-295a-46c1-4115-08d87bb6fcd8 x-ms-traffictypediagnostic: DM5PR11MB0057: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: cRTv3tVVXqw+5Nh4rMvb4svowV2uM617xjOeDB7YQw9uqUKSD87sZq+OS0hZsgbAW8l+LH2fHHKp5oPuz/rjNBQ9NIqclh/hfiRDkD6aby8FyWsbqMSLnfpnit062iUgzfZ1PIxX/Fsob7M0ylUMAMTnzkJOTv0/QqLB1+jscgmJsqzbLWlpVUmc93O3ae+CNshIo31t2RK3wxfJqrX8eXnx/JYFabAMcaT0sAtcZKYkT8mpWqZu97mmsNxipFGuX3WIXFlXuQ1NfoBQB53jDHnm5Zby9wIxH3W5/SgN2mtCnbhce2ExMmiM4WhiJssaqLfiWMxpKdNe68nV4a8nYE0FWFFTwSH/Gxq570kkKIBJSQ4IXMssDmKfg/+iupyC2bu9oqZK874EEovkIaVGkQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB3835.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(7696005)(316002)(966005)(55016002)(110136005)(86362001)(478600001)(6506007)(186003)(53546011)(2906002)(8676002)(26005)(33656002)(52536014)(5660300002)(54906003)(19627235002)(9686003)(71200400001)(8936002)(66446008)(66556008)(4326008)(66946007)(76116006)(66476007)(64756008)(83380400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: gFPeuj83gnUsZM7ywGXHXXpYlfCEbjFuHV1SZPVJTwxdo+GZzJrVJ/pZVdZ+CrMarGBckcRs6+s8agBhKQw0/mTc/n+yW/58dJHaNVHQLDrjBOoBsMCI/yVSMusIDWEDKF77gBYQArRgfcpmoPgTpcU24DUOl4qGNENhwI5Tc+zGXnCuXkp1q+NOT6DMbzUSXxttNxKVSnnKRadnGH5Q10V/yN8GHamx5LmieQy/rsZ8zVriJqfDkeEfQQeufns2w3AmFTLxbHvhdPoZB0//VKrEOT7gxG47dENB6j3Jy/Z+wKDrW0KpkxffZgQffwLjlGYlBI3mvzBHJV4DuZGAtWHQvmTjf/VwbosUOZqtVCNd0IJUnaNXkP1m0oOuTmRfLLY5RswfcHI1CrQ7XDnMqr3nLq+R2peR7ofoweEPQR5CZ6JiaC5nPXN0iJcyHgxNTGfYZyMEKos8O5tqNJJnFl/DmEsoIdUnX4ajYD3Gy1EPd06eoSIkgvw/aSVMNcdADPmtkviDaJ3aHs1S3f8QHoZew6kGHqXMSkdaV553bkJnfU8hChwq5rVFaumxiVrTSCxZk1XCxBOXvk3UqwoKNNBTkaMNXmmNWOf2epPMU2He1Ba53SycPc3kM3EK/+fAp8uA8myNOq9ujs2P1Qa/6Q== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB3835.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a83376e3-295a-46c1-4115-08d87bb6fcd8 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2020 03:01:52.7571 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ynmXHQxKb/c6cyYpFpkENPPg+g8YkeyvYqt2Ew3DUAM/1YpKcV1cLWbRObNvUXsiMk1fexhOjV7D0Sd6UylFDA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB0057 Return-Path: roger.feng@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable +Qi for review -----Original Message----- From: Gao, Zhichao =20 Sent: Tuesday, October 27, 2020 8:55 AM To: Yao, Jiewen ; devel@edk2.groups.io Cc: Justen, Jordan L ; Laszlo Ersek ; Ard Biesheuvel ; Sami Mujawar ; Leif Lindholm ; Wang, Jian J ; Lu, XiaoyuX ; Jiang, Guomin ; Kinney, Michael D ; Steele, Kelly ; Sun, Zailiang ; Qian, Yi ; Liming Gao ; Maciej Rabeda ; Wu, Jiaxin ; Fu, Siyuan = ; Feng, Roger Subject: RE: [PATCH 0/5] Make the MD5 disable as default setting Let me prepare the V2 to remove them(MD5 and SHA1)=1B$B!#=1B(B Thanks, Zhichao > -----Original Message----- > From: Yao, Jiewen > Sent: Monday, October 26, 2020 5:35 PM > To: Gao, Zhichao ; devel@edk2.groups.io > Cc: Justen, Jordan L ; Laszlo Ersek=20 > ; Ard Biesheuvel ; Sami=20 > Mujawar ; Leif Lindholm ;=20 > Wang, Jian J ; Lu, XiaoyuX=20 > ; Jiang, Guomin ;=20 > Kinney, Michael D ; Steele, Kelly=20 > ; Sun, Zailiang ;=20 > Qian, Yi ; Liming Gao ;=20 > Maciej Rabeda ; Wu, Jiaxin=20 > ; Fu, Siyuan ; Feng, Roger=20 > > Subject: RE: [PATCH 0/5] Make the MD5 disable as default setting >=20 > Thanks Zhichao. >=20 > Can we remove MD5 from Hash2DxeCrypto ? > I don=1B$B!G=1B(Bt see a strong reason to include. > It should only be used by iSCSI. >=20 > Also, if possible, I prefer to remove SHA1 from Hash2DxeCrypto as well. >=20 > Thank you > Yao Jiewen >=20 >=20 > > -----Original Message----- > > From: Gao, Zhichao > > Sent: Monday, October 26, 2020 5:04 PM > > To: devel@edk2.groups.io > > Cc: Justen, Jordan L ; Laszlo Ersek=20 > > ; Ard Biesheuvel ; Sami=20 > > Mujawar ; Leif Lindholm ;=20 > > Yao, Jiewen ; Wang, Jian J=20 > > ; Lu, XiaoyuX ; Jiang,=20 > > Guomin ; Kinney, Michael D=20 > > ; Steele, Kelly=20 > > ; Sun, Zailiang ;=20 > > Qian, Yi ; Liming Gao ;=20 > > Maciej Rabeda ; Wu, Jiaxin=20 > > ; Fu, Siyuan ; Feng, Roger=20 > > > > Subject: [PATCH 0/5] Make the MD5 disable as default setting > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3003 > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3021 > > > > MD5 is deprecated, make it disable as default for security. > > It required to set MD5 enable explicitly if the module is still=20 > > using MD5. List the modules that are still using it: > > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config)= . > > > > This patch set would affact the platforms that are using iSCSI=20 > > function. > > > > Cc: Jordan Justen > > Cc: Laszlo Ersek > > Cc: Ard Biesheuvel > > Cc: Sami Mujawar > > Cc: Leif Lindholm > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Cc: Guomin Jiang > > Cc: Michael D Kinney > > Cc: Kelly Steele > > Cc: Zailiang Sun > > Cc: Yi Qian > > Cc: Liming Gao > > Cc: Maciej Rabeda > > Cc: Jiaxin Wu > > Cc: Siyuan Fu > > Cc: Roger Feng > > Signed-off-by: Zhichao Gao > > > > Zhichao Gao (5): > > NetworkPkg/Defines: Make iSCSI disable as default > > NetworkPkg: Enable MD5 while enable iSCSI > > SecurityPkg/dsc: Explicitly enable MD5 for package build > > CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 > > CryptoPkg: Make the MD5 disable as default for security > > > > CryptoPkg/CryptoPkg.dsc | 3 +++ > > CryptoPkg/Driver/Crypto.c | 4 ++-- > > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- > > NetworkPkg/Network.dsc.inc | 5 +++++ > > NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- > > SecurityPkg/SecurityPkg.dsc | 2 +- > > 8 files changed, 16 insertions(+), 8 deletions(-) > > > > -- > > 2.21.0.windows.1