From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 45A22D811C5 for ; Wed, 15 May 2024 15:38:13 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=b+BfS4BhKW9ludpe1frbtN2thVzIvzBnA8fjNSE/pV4=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1715787491; v=1; b=3FCZKW//WYeYg7uwGZnZQWDS3pmL9xHaXQvKVfdI32P47sFKXG/2UFUPOJjUNWVXvlxvT11U I9UEzKTSeqOO95T7z60TpBRcOIN2FB8sJaEQH+4bwDltnmLlgL7dlVidd0jvujRxEiRUHdNQ8mP z3AB2ZV3/mWi8hko6oLD3w3CLAH+RlkFOOX1nNJtEAtJGr/81a0vAjZptGLhCUd2PU4Rs1FkP6I ToskGbP7RfvAGam/7tcXWTX9wzWeFRuH6Jb0dhTrEjVK+3gPZAgtgPlKc9TIhVcnBQHpjBzAM3t sjxiwjfbpLE+mPfvLEiiKcWRd4iLXKxYKmMHuFtysSXJg== X-Received: by 127.0.0.2 with SMTP id a45RYY7687511x9dRs3fuFP9; Wed, 15 May 2024 08:38:11 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.14]) by mx.groups.io with SMTP id smtpd.web10.19827.1715787490817810529 for ; Wed, 15 May 2024 08:38:10 -0700 X-CSE-ConnectionGUID: 8GhV00yoS+6WHvIN5YVQPA== X-CSE-MsgGUID: +ZX4tTjpRVSKehe53IE/1Q== X-IronPort-AV: E=McAfee;i="6600,9927,11074"; a="12063956" X-IronPort-AV: E=Sophos;i="6.08,162,1712646000"; d="scan'208";a="12063956" X-Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa108.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2024 08:38:11 -0700 X-CSE-ConnectionGUID: tGZWHeyaSjmB8SbbyNyRaA== X-CSE-MsgGUID: 8J9uF/BNRl6nB7svdzQOwQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,162,1712646000"; d="scan'208";a="31164848" X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmviesa006.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 15 May 2024 08:38:10 -0700 X-Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 15 May 2024 08:38:09 -0700 X-Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 15 May 2024 08:38:09 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.40) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 15 May 2024 08:38:09 -0700 X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com (2603:10b6:a03:45a::10) by MW4PR11MB7007.namprd11.prod.outlook.com (2603:10b6:303:22c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.55; Wed, 15 May 2024 15:38:01 +0000 X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::c4da:83f1:f7be:e307]) by SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::c4da:83f1:f7be:e307%4]) with mapi id 15.20.7587.028; Wed, 15 May 2024 15:38:01 +0000 From: "Li, Yi" To: "Shang, Qingyu" , "devel@edk2.groups.io" CC: "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Remove deprecated code related to SHA-1 Thread-Topic: [PATCH 1/1] CryptoPkg: Remove deprecated code related to SHA-1 Thread-Index: AQHaptlNqlgl/OehE0G2izZQf8JtYrGYbGjg Date: Wed, 15 May 2024 15:38:01 +0000 Message-ID: References: <053bd3e0735d077c0547821db795aa8bfd85b605.1715785356.git.qingyu.shang@intel.com> In-Reply-To: <053bd3e0735d077c0547821db795aa8bfd85b605.1715785356.git.qingyu.shang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ1PR11MB6227:EE_|MW4PR11MB7007:EE_ x-ms-office365-filtering-correlation-id: 6be161db-b13b-4af1-ba72-08dc74f50149 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?tDbzvu3nvNQma2WbLgzMBH5dRwuhYQRxpmlucbi0Jtem6k3hdAE8rlJ3ZvAz?= =?us-ascii?Q?QWHpzYEIQlQjkUhSdtqdHbWTRdpJHrv3o93erTgDg0ygP14WtjCyTj/uA+08?= =?us-ascii?Q?ffKCKfXPAMQpeqEHd89dmVC8YGnLWd98TrsgN1n/Nop3BDZJRA3KQlUTgSZE?= =?us-ascii?Q?ufJJcTaVv19DiznwGSybA1G6jY4ZJv0zIT9a7ZAVZZk4DjTRklXbL1JnQWBy?= =?us-ascii?Q?w1C7UVvdyMrNkr9S2QovHJ1HbGlChR1w4VBD65hK6ecPTU6XbY2J97hfFXeO?= =?us-ascii?Q?6MAWq8mwWnkVmSwiW8wyNp01xxNKLOKT3Ku9IX5D4WCAkk5TtqCI1zFcogLI?= =?us-ascii?Q?609MrmovEYNhwp2k+0ik3a7XmKD9YK3KAjGOqPTsArmNkQPsYwOiEV1bkki5?= =?us-ascii?Q?cKxxE2R/mPedLV4Qp192AgGRkdFsvq+9mazkXMFXoP9Ybcp2X/pPCRG0d6dx?= =?us-ascii?Q?qcd6Ui1z8kJWpAWPsq6bCwdouzGViPOARdJEVTmhdz5QiGPHBW0gUGJyHZW7?= =?us-ascii?Q?7gVBMS/khrQNwHEcvu6+2cIfliCGWz+gd1PLp5njBoECXv3W48JchvI0NOoo?= =?us-ascii?Q?CyfkAFjoo8nxl2b4A4iQmahW2QSE7vJ33KIMHxJLTTshIqWbckNE60QMPsqj?= =?us-ascii?Q?U7LwSJFIhgT7FawkmA/hnxz8uKkKkrv42uHXtA3iapgizcqLq1dCcFrxAWdR?= =?us-ascii?Q?4qVLRFiBqCDZNwe+4uN6EB+mayigbjI6/L2xeFnTTM6KFfpPMdKs4FdjnLOn?= =?us-ascii?Q?lmffcfgUY4lQSWRfpuc8ZjK1IH0TSZ1qwNrHAibVyBXp7ITnPeEz8XTkdHtd?= =?us-ascii?Q?r3DSGryDs7981LLt8Yw4oB/8uiUED2tHu1jjnikymyFN0XzFeWMevUcNJVhI?= =?us-ascii?Q?a7mN4wy76/yWuGfmapAMZtq7gSLn/k9ALHm5vxPn+vpoFkD6TepgKo6+F7SG?= =?us-ascii?Q?4dEzaqVE15pEiuqnRo3zCfHqcqsaLxoxOJAmQqoPuBybQUpS/mhNboRTY6Ap?= =?us-ascii?Q?T0yFGqrjBAFNvqYVuoZUmDgRBVq6U16b04Qm0qATwKNuTDsdd7BAHTwFqRLs?= =?us-ascii?Q?e+/Rx/pp1L72XcCJGf46eT9HZA0bq/xAzTKErJk+stB+cxcdWXJRDJpXZRRb?= =?us-ascii?Q?KdaNBdIqgYBm7cXccf/FJhC93zKSLK3y29YUNDxV8nRkMRVwPpNert+E/pG0?= =?us-ascii?Q?TuAfHlOjcB0JJ6JdQP9OfgRNXaYsqX3v477VUIjKrbwdj4jpCv2zETawYpD0?= =?us-ascii?Q?vH15o3VNdjN9/p5VlbbpbebIga09Vm+IUAwp1tT/xw=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?LfOw4uP9A1GeoHSMcFjchQ6qphwwOC76nAZn5f+9ua0oLqHJ6p3oHCIYby1a?= =?us-ascii?Q?BDzBQpitSdNpM8g+KTkpS/SsksiVYL/nuyZCKhSW0xKyU2F3cu9cYFm9vN6m?= =?us-ascii?Q?QKDKRpaZ+Wt3heu7Du5JgItGXz5ocBHQkLnqxvtzJKlBiKeIi9qiz2eINOOO?= =?us-ascii?Q?I+uBovePNfrMZNJmMJh3qjOZYAj0ANjBsFICKAtAhyxKizTr+/fOEBN7qdal?= =?us-ascii?Q?qeDsCtmB71CuNiNmKrIECt8f6R6tKqF3CubhQxgqk7O7uDdi7Xn02DQrzpkC?= =?us-ascii?Q?Xc3J4cxQTyrTEA6CXkK9uYAMPYKhSaS7JdnTgRGQ9pe2VgY3uDoV2AY4IkF9?= =?us-ascii?Q?U2yo+vXzt4mPOD0AP5Iw9XEY0eugVuPSY8uN/jyQ8k76x7jp4Lis7KT498Wm?= =?us-ascii?Q?ffkQKdzzO626Dyn+DcNoaXMDtbghmWN/RNl5gOvDbKo/mPgplWDxviPUOdOB?= =?us-ascii?Q?/NmbnLbIlhecEs+BsYKPX6E6HDE2vJRWTRieywVA69XqsiYik3bX8+x5TAUJ?= =?us-ascii?Q?lgmG7/RSxgk3TL7DwkBCWV+i0SZvja2FRTCxDawGaZMOJZoIl/j60F6zWHiM?= =?us-ascii?Q?cRpqkfuPL5Cjf1iloU3qDKoGI/kIqSapssnWXMUREpv3ecA24zC1BldEwKpi?= =?us-ascii?Q?HGZyVh3T/t+7rc4opELr77z4iEtUfYoNQnGMai9YuuU1lGOrlqagaSig9xbe?= =?us-ascii?Q?yOOUcoJ1DIg9TkUFqX8jpEGaAK+slC8GJ6RghwQPqb7MO8el6DWdWOFC0pmA?= =?us-ascii?Q?o6uXlDB014ToloBxeKTGrclEmiFLv8I0CoCx+WiS6FsSg2GygxMT6v2gDKuB?= =?us-ascii?Q?f0zd85HtjUMgn0STpqOqZYmqy+mIBoEac0xyqZd+kqL5r1oJaCVioObxa9a3?= =?us-ascii?Q?fh9GibIaqJfNlb8r7/GU8hzDGfw4c+msLSGgjCLWn4DKYo9FHfD12KBmO20y?= =?us-ascii?Q?dCXE6Tzq/5jSZtQ74Sk6y1vVAtPfwSYKX+e/G/j7p51w/V99jJ2BzUoktcVh?= =?us-ascii?Q?YvPeFsiwQ7DCfkuvnJD7afcB7pQlCRnCkBm3yQOHpTEpeoZCjT6J2GVrftaQ?= =?us-ascii?Q?7pBPLAZaWqXskERJRkWlpxN0IToldqiXvRH31aVOoXuAa0cMa4VDyKVhruhn?= =?us-ascii?Q?ZFclv4A6GWgKZmpO+H8fnqFgUkMbWJHrvoSNEay3ED8wiioa/yaKjgoLjSDi?= =?us-ascii?Q?gpk3Qo8jVnqAbeezDLjURoZBBCytvLfcEJGcm0PaUMqcCWvgcgbv7gQtdnmm?= =?us-ascii?Q?TLSmqmTD0QOG28eVtWX6UvkKWM1eY77KkVUItOQCuphn4R8m4bnguW4mByGG?= =?us-ascii?Q?mXAsfrOtB9PBGN1b7yIsRqehogwGTkO3oJUJdbf6GBH8LvF7f4TB60MIzVZM?= =?us-ascii?Q?dcx7iKvkkbn/Hwr8fXqnk2lwh4o+MAPly2USxaEnBplwca7Nt6O/mqZhvllr?= =?us-ascii?Q?w0JZHkc1aEToKA1uiHphYaw9tBwrOmNRlZSuZSuPv9mU7vbgl92DiaGLLy+Y?= =?us-ascii?Q?EB23Tuz12euGiQGLFF/hsTiSsU3mjvRMR92VZL3fhTUxwpE6K3BHBoAY9Y9q?= =?us-ascii?Q?kFwJOHEtR3TWM4lkHxQ=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ1PR11MB6227.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6be161db-b13b-4af1-ba72-08dc74f50149 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2024 15:38:01.6664 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vwmkS52cX1Ki8pZ9hNtEQseTbVroxL2yTWj32I/4NxYhMOuMbgRrVqxM20MBuPRR8QBFt38JsTYsRLvswKGHQA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB7007 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 15 May 2024 08:38:10 -0700 Resent-From: yi1.li@intel.com Reply-To: devel@edk2.groups.io,yi1.li@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: tAeEl6S6wbN1FKU6b0QsVndux7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="3FCZKW//"; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) Hi Qingyu, 1. Commit message is not clear enough, we need to clarify 'why removing SHA= -1 code does not affect the functionality of Rand'. Could you please add: The default drbg type of randlib has been switched to aes_256_ctr in openss= l1.1.1, so sha1 is not really used in RandomSeed(). 2. Please remove sha1 in BaseCryptLib\Rand\CryptRand.c also. Thanks, Yi -----Original Message----- From: Shang, Qingyu =20 Sent: Wednesday, May 15, 2024 11:04 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 Subject: [PATCH 1/1] CryptoPkg: Remove deprecated code related to SHA-1 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4698 SHA-1 is deprecated by NIST for any cryptographic use. Remove related code = which do SHA-1 support checking in CryptRandTsc.c Signed-off-by: Shang Qingyu Cc: Jiewen Yao Cc: Yi Li --- CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c b/CryptoPkg= /Library/BaseCryptLib/Rand/CryptRandTsc.c index 30454bf10f9b..b94c16de562d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c +++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c @@ -40,14 +40,6 @@ RandomSeed ( return FALSE; } =20 - // - // The software PRNG implementation built in OpenSSL depends on message = digest algorithm. - // Make sure SHA-1 digest algorithm is available here. - // - if (EVP_add_digest (EVP_sha1 ()) =3D=3D 0) { - return FALSE; - } - // // Seed the pseudorandom number generator with user-supplied value. // NOTE: A cryptographic PRNG must be seeded with unpredictable data. -- 2.44.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118925): https://edk2.groups.io/g/devel/message/118925 Mute This Topic: https://groups.io/mt/106115677/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-