[edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function
Gao, Zhichao
zhichao.gao at intel.com
Fri Mar 27 02:43:56 UTC 2020
Jiewen,
Thanks for the reminder. But TPM didn't have the inc file as NetWorkPkg to set the pcd for all platform. The change for TPM1.2 should be at platform side.
I would change the edk2 platform code as well once the solution is decided.
Thanks,
Zhichao
> -----Original Message-----
> From: Yao, Jiewen
> Sent: Friday, March 27, 2020 10:01 AM
> To: devel at edk2.groups.io; Gao, Zhichao <zhichao.gao at intel.com>
> Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> <xiaoyux.lu at intel.com>; Maciej Rabeda <maciej.rabeda at linux.intel.com>;
> Wu, Jiaxin <jiaxin.wu at intel.com>; Fu, Siyuan <siyuan.fu at intel.com>
> Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> function
>
> Good feature.
>
> I believe TPM1.2 still uses SHA1. It should be added as well.
>
>
>
>
> > -----Original Message-----
> > From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Gao,
> > Zhichao
> > Sent: Friday, March 27, 2020 9:56 AM
> > To: devel at edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu at intel.com>; Maciej Rabeda <maciej.rabeda at linux.intel.com>;
> > Wu, Jiaxin <jiaxin.wu at intel.com>; Fu, Siyuan <siyuan.fu at intel.com>
> > Subject: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> > function
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> >
> > MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer.
> > They are all deprecated. Edk2 would not support them any longer.
> > So remove them.
> > But uefi spec want to keep MD5 and SHA1 for backwards compatibility.
> > So add two pcds to control the MD5 and SHA1 enablement. Set the pcds
> > default value to false to indicate they are deprecated.
> >
> > NetWorkPkg's iSCSI driver would consume the MD5 function, so change
> > the md5 pcd to TURE when iSCSI is enabled.
> >
> > Cc: Jian J Wang <jian.j.wang at intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu at intel.com>
> > Cc: Maciej Rabeda <maciej.rabeda at linux.intel.com>
> > Cc: Jiaxin Wu <jiaxin.wu at intel.com>
> > Cc: Siyuan Fu <siyuan.fu at intel.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao at intel.com>
> >
> > Zhichao Gao (8):
> > CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> > CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> > CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> > CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> > CryptoPkg/dec: Add pcds to avoid building the deprecated function
> > NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI
> > Crypto/BaseCryptLib: Using pcd to control MD5 enablement
> > CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement
> >
> > CryptoPkg/CryptoPkg.dec | 11 +
> > CryptoPkg/CryptoPkg.uni | 11 +
> > CryptoPkg/Driver/Crypto.c | 634 +-----------------
> > CryptoPkg/Include/Library/BaseCryptLib.h | 548 ---------------
> > .../Library/BaseCryptLib/BaseCryptLib.inf | 9 +-
> > .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ----
> > .../BaseCryptLib/Cipher/CryptAesNull.c | 52 --
> > .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------
> > .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----
> > .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ----------
> > .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -----
> > .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------
> > .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----
> > .../Library/BaseCryptLib/Hash/CryptMd5.c | 5 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 3 +
> > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 3 +
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 +
> > .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 +
> > .../Library/BaseCryptLib/PeiCryptLib.inf | 13 +-
> > .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 +
> > .../Library/BaseCryptLib/Pk/CryptRsaBasic.c | 5 +
> > .../Library/BaseCryptLib/Pk/CryptRsaExt.c | 5 +
> > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 13 +-
> > .../Library/BaseCryptLib/SmmCryptLib.inf | 13 +-
> > .../BaseCryptLibNull/BaseCryptLibNull.inf | 3 -
> > .../BaseCryptLibNull/Cipher/CryptAesNull.c | 54 +-
> > .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----
> > .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -----
> > .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----
> > .../BaseCryptLibNull/Hash/CryptMd5Null.c | 3 +
> > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 3 +
> > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +-
> > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 604 +----------------
> > .../Library/BaseHashApiLib/BaseHashApiLib.c | 12 +
> > .../Library/BaseHashApiLib/BaseHashApiLib.inf | 1 +
> > CryptoPkg/Private/Protocol/Crypto.h | 583 +---------------
> > NetworkPkg/NetworkPcds.dsc.inc | 5 +-
> > 37 files changed, 145 insertions(+), 4221 deletions(-) delete mode
> > 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
> > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
> > delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
> > delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
> >
> > --
> > 2.21.0.windows.1
> >
> >
> >
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#56456): https://edk2.groups.io/g/devel/message/56456
Mute This Topic: https://groups.io/mt/72579461/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list