From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web08.7019.1603760116157576898
 for <devel@edk2.groups.io>;
 Mon, 26 Oct 2020 17:55:16 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=UloHms8p;
 spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: zhichao.gao@intel.com)
IronPort-SDR: t1WlgItI14RwDik5oFDyi4cQNojat2/kerT+502F/M/CK8SfuC15s9x29ImE2qkitNJSoxVoj+
 SmACaW5gCMEQ==
X-IronPort-AV: E=McAfee;i="6000,8403,9786"; a="229645966"
X-IronPort-AV: E=Sophos;i="5.77,421,1596524400"; 
   d="scan'208";a="229645966"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2020 17:55:15 -0700
IronPort-SDR: c5TO/W1U4WXg974RKR6xZkUgd6QmXxIK2hO/xsl+slLI+Ca7ho3ayNP6worSdTucI45OOEsP/+
 ijHDZOwQZdQg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.77,421,1596524400"; 
   d="scan'208";a="535579646"
Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19])
  by orsmga005.jf.intel.com with ESMTP; 26 Oct 2020 17:55:15 -0700
Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by
 ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Mon, 26 Oct 2020 17:55:15 -0700
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
 orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5
 via Frontend Transport; Mon, 26 Oct 2020 17:55:15 -0700
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.171)
 by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.1713.5; Mon, 26 Oct 2020 17:55:12 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=X2TyfSaxfO6sSyQ+ejaq+AIZBbKduKiGYaGHPESCVR34X+i0KKAbgPvgtNoThXz+341Qdcr4E39zH38/+wlVGCw837zHxiLTaZ8kYcT4RCT/UShn5YTYpYk/qbZMlmbzKNtnBbgH08JY9u30N8GU5lrrFNDik8ueqSd+eqXHUckYXTzvCzYs0W/zTn2P1MH0s7sOHfZ18yRntAhNa2lKl07xUtmJjwRKWJSXXRq3XeTmzDo6ECGG3aCzctJL8fsnWwOBr/SG34FUd4h0TSWjr/M+bL4mxx0O0+Xbc/aa1RtRyIIoim9bvompeDLY1MHC9xnuI+a1MAOdb+0zwUTDGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=j8lYpAphipbFFg4c8W6tlcVbrNMVSQo/0LYB7pD0XgU=;
 b=GSb0m2Ze9/MUjxKFtH+rH/ePDGhSzpeRfEi7CvZpfaqHyHIBy7w/fxCD+GhlO7A5uD3ba6KIHlU9S997bK29DTV1GrtWQ9PzWiNOAt6k5SKqmQtlLib0wKiCES20wRhNWn0X3DDJgHzOGsexoY6rxuLPFVNqVqJTz7YgWcF2E9WhwyuCxmFzhs8X56ulOFrZ/RrJ7PdYpMWBfjBAXAAAPrZlhkNWdC8F8rVeyav/xevwXycEyiT/ZiU8CL3W9uOyp+di1EdAXEuWt5a0uUFXiG94jMKzYHYktDUG9obvBUsPunj9PveoG51wvBfXbStXwN6DhhE5OrXFxCNZtWUBpg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=j8lYpAphipbFFg4c8W6tlcVbrNMVSQo/0LYB7pD0XgU=;
 b=UloHms8pdIJmnIEIpJ16xk07EJkI1hInmMV66KI/QydpLGfo1cFooQgVUBEhrpr/cQopgV4qbiPrFBjA1SmuvQKjrws81/Di5mCP0NVn1y4TgMGmNtOOOmVVEAQxRL8PlqomfL2mNVSKARnwENZo2/4Gk/MiaELijqoWZt+GHjM=
Received: from MWHPR11MB1647.namprd11.prod.outlook.com (2603:10b6:301:d::12)
 by CO1PR11MB5090.namprd11.prod.outlook.com (2603:10b6:303:96::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.25; Tue, 27 Oct
 2020 00:55:07 +0000
Received: from MWHPR11MB1647.namprd11.prod.outlook.com
 ([fe80::b96a:621b:54b6:c8ea]) by MWHPR11MB1647.namprd11.prod.outlook.com
 ([fe80::b96a:621b:54b6:c8ea%8]) with mapi id 15.20.3477.028; Tue, 27 Oct 2020
 00:55:07 +0000
From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Justen, Jordan L" <jordan.l.justen@intel.com>, Laszlo Ersek
	<lersek@redhat.com>, Ard Biesheuvel <ard.biesheuvel@arm.com>, Sami Mujawar
	<sami.mujawar@arm.com>, Leif Lindholm <leif@nuviainc.com>, "Wang, Jian J"
	<jian.j.wang@intel.com>, "Lu, XiaoyuX" <xiaoyux.lu@intel.com>, "Jiang,
 Guomin" <guomin.jiang@intel.com>, "Kinney, Michael D"
	<michael.d.kinney@intel.com>, "Steele, Kelly" <kelly.steele@intel.com>, "Sun,
 Zailiang" <zailiang.sun@intel.com>, "Qian, Yi" <yi.qian@intel.com>, "Liming
 Gao" <gaoliming@byosoft.com.cn>, Maciej Rabeda
	<maciej.rabeda@linux.intel.com>, "Wu, Jiaxin" <jiaxin.wu@intel.com>, "Fu,
 Siyuan" <siyuan.fu@intel.com>, "Feng, Roger" <roger.feng@intel.com>
Subject: Re: [PATCH 0/5] Make the MD5 disable as default setting
Thread-Topic: [PATCH 0/5] Make the MD5 disable as default setting
Thread-Index: AQHWq3tAxV8twtvjLeQXME1QeUulX6mqnZZA
Date: Tue, 27 Oct 2020 00:55:06 +0000
Message-ID: <MWHPR11MB1647B8F8BA8C6BA7F10DB1B8F6160@MWHPR11MB1647.namprd11.prod.outlook.com>
References: <20201026090343.13048-1-zhichao.gao@intel.com>
 <CY4PR11MB1288A2488E17C3690200E4D88C190@CY4PR11MB1288.namprd11.prod.outlook.com>
In-Reply-To: <CY4PR11MB1288A2488E17C3690200E4D88C190@CY4PR11MB1288.namprd11.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.5.1.3
authentication-results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [192.102.204.38]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7f651f41-de0b-4066-5322-08d87a12f298
x-ms-traffictypediagnostic: CO1PR11MB5090:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <CO1PR11MB5090B0FF78AF536FC96FF66BF6160@CO1PR11MB5090.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Mt2Rh07MsORioAhjTwJFNE9kL+qLwlP+1h+y2nYBrFVDIr742d3wtWxFeROFnOoViFvyIn7oOpGKVv3qtPStBEilUwdW57ExoMhvv9IcRw4xdqRIu0YfzxXp7FwOmS3EBmTYR8CGwpLKF6cMnNeKbF+GVU5P/sqLnvSLxk3y2vD1/g1rwD+SQo9jnbyx+p1i/3bo8PTOrlTsT4AcJ6RlVCKAOJ0PdUe9VaTEsjJtPwDlyq2uqr1p32SLV1oJjbUcaHKWo6IGgvPsL51sv5vSKWMVrXeRl2w9HuSJSPjh1LwoL4PjXT14GjW46fxVqnqMmmutxQv7FhL8aTZPh1JDzhNUxQzztI8KEbTOHpgIsOSfcPFFQCMRC6c2gX4/y/KRKAYQv9NNdJUVrSY6oELcag==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR11MB1647.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(396003)(366004)(346002)(376002)(39860400002)(9686003)(7696005)(66946007)(26005)(8676002)(4326008)(33656002)(478600001)(966005)(8936002)(6506007)(19627235002)(316002)(55016002)(186003)(66446008)(110136005)(54906003)(76116006)(66556008)(86362001)(71200400001)(53546011)(5660300002)(2906002)(66476007)(64756008)(52536014)(83380400001);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: J9AgjGM6fE/EUG5Zs6zo5rpXv8yq+0d3AacSds59bo5nRnY5lWnxZFQk/2DNDx22rZsffzo3r1mRY/coGkWSAwQkJCDPHZpWrcaAF9IX1yvMsR2eWgh1MWWrRJeqMMK7uPRYbmz0Je7K4vU2vqab7xcBB+UxFe0wXAdTVDyXI/v5+F15R5yATJDpQWzqGRqtJ2JO0HQQBWSlc48+AZA/gKIVXoDGN6090jtxPLf36zezfxatFR2v4pIndbSz7pkOcY22ffChuGrH8dNoKlSQwLF/K0qQdyamzm/ZwKukEhCe8xBQRe8fv4FI8aiYwGbPETHZFMCNw46n/ltwmrUE4le3qDaEy1j43ipW8mcoWvGe9vOOM+j7iSQYX/w+a9NEJV+YSe9Ridu+FTC5q0cRku5Ta46EngRKlBY3pvmqd3EwZOasl3CMNuOztPAaJQWie83Sqb7D5uF0BsCiyG1+fRwlR7sjknN3OJUkis+XA/PjeC76MQw/0ab2NcyABUfUSLfE+X5rKlUSyJhgqrehedKzffahJap4YJ8xjIo+SeQt7yKyqRG9iw9Eue3Czm1jBOYd/dVQTm2ak6j7ooUBSmksfzslZSz+kynI4TYeqhIYagpX04YhGTT5LLwsAgjtJc0vQ10NopTVoJeiPYZclg==
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1647.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7f651f41-de0b-4066-5322-08d87a12f298
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2020 00:55:06.9584
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: n8PhDWeBRMxscXoSjpKcF5zXcr5VJxouYFQyS1swZHkI15Nyq3w9SeAqesFcmZdWa2cUZgVrT6pyub0GVIugew==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB5090
Return-Path: zhichao.gao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable

Let me prepare the V2 to remove them(MD5 and SHA1)=1B$B!#=1B(B

Thanks,
Zhichao

> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Monday, October 26, 2020 5:35 PM
> To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; Wang,
> Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang=
,
> Guomin <guomin.jiang@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>; Sun=
,
> Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; Liming G=
ao
> <gaoliming@byosoft.com.cn>; Maciej Rabeda <maciej.rabeda@linux.intel.com>=
;
> Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng,
> Roger <roger.feng@intel.com>
> Subject: RE: [PATCH 0/5] Make the MD5 disable as default setting
>=20
> Thanks Zhichao.
>=20
> Can we remove MD5 from Hash2DxeCrypto ?
> I don=1B$B!G=1B(Bt see a strong reason to include.
> It should only be used by iSCSI.
>=20
> Also, if possible, I prefer to remove SHA1 from Hash2DxeCrypto as well.
>=20
> Thank you
> Yao Jiewen
>=20
>=20
> > -----Original Message-----
> > From: Gao, Zhichao <zhichao.gao@intel.com>
> > Sent: Monday, October 26, 2020 5:04 PM
> > To: devel@edk2.groups.io
> > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek
> > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami
> > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>;
> > Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang,
> > Guomin <guomin.jiang@intel.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>;
> > Sun, Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>;
> > Liming Gao <gaoliming@byosoft.com.cn>; Maciej Rabeda
> > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu,
> > Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com>
> > Subject: [PATCH 0/5] Make the MD5 disable as default setting
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3003
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3021
> >
> > MD5 is deprecated, make it disable as default for security.
> > It required to set MD5 enable explicitly if the module is still using
> > MD5. List the modules that are still using it:
> > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config)=
.
> >
> > This patch set would affact the platforms that are using iSCSI
> > function.
> >
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> > Cc: Sami Mujawar <sami.mujawar@arm.com>
> > Cc: Leif Lindholm <leif@nuviainc.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Kelly Steele <kelly.steele@intel.com>
> > Cc: Zailiang Sun <zailiang.sun@intel.com>
> > Cc: Yi Qian <yi.qian@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> > Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > Cc: Roger Feng <roger.feng@intel.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> >
> > Zhichao Gao (5):
> >   NetworkPkg/Defines: Make iSCSI disable as default
> >   NetworkPkg: Enable MD5 while enable iSCSI
> >   SecurityPkg/dsc: Explicitly enable MD5 for package build
> >   CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
> >   CryptoPkg: Make the MD5 disable as default for security
> >
> >  CryptoPkg/CryptoPkg.dsc                                | 3 +++
> >  CryptoPkg/Driver/Crypto.c                              | 4 ++--
> >  CryptoPkg/Include/Library/BaseCryptLib.h               | 2 +-
> >  CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c         | 2 +-
> >  CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +-
> >  NetworkPkg/Network.dsc.inc                             | 5 +++++
> >  NetworkPkg/NetworkDefines.dsc.inc                      | 4 ++--
> >  SecurityPkg/SecurityPkg.dsc                            | 2 +-
> >  8 files changed, 16 insertions(+), 8 deletions(-)
> >
> > --
> > 2.21.0.windows.1