[edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function
Gao, Zhichao
zhichao.gao at intel.com
Fri Mar 27 02:54:53 UTC 2020
Sorry for the mess. I used to view all the dsc as platform side. I would update security pkg as well.
Thanks,
Zhichao
> -----Original Message-----
> From: Yao, Jiewen
> Sent: Friday, March 27, 2020 10:51 AM
> To: Gao, Zhichao <zhichao.gao at intel.com>; devel at edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> <xiaoyux.lu at intel.com>; Maciej Rabeda <maciej.rabeda at linux.intel.com>;
> Wu, Jiaxin <jiaxin.wu at intel.com>; Fu, Siyuan <siyuan.fu at intel.com>
> Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> function
>
> The SHA1 is called explicitly in SecurityPkg. Are you sure we don't need
> update security pkg?
>
> > -----Original Message-----
> > From: Gao, Zhichao <zhichao.gao at intel.com>
> > Sent: Friday, March 27, 2020 10:44 AM
> > To: Yao, Jiewen <jiewen.yao at intel.com>; devel at edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu at intel.com>; Maciej Rabeda <maciej.rabeda at linux.intel.com>;
> > Wu, Jiaxin <jiaxin.wu at intel.com>; Fu, Siyuan <siyuan.fu at intel.com>
> > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> > function
> >
> > Jiewen,
> > Thanks for the reminder. But TPM didn't have the inc file as
> > NetWorkPkg to set the pcd for all platform. The change for TPM1.2 should
> be at platform side.
> > I would change the edk2 platform code as well once the solution is decided.
> >
> > Thanks,
> > Zhichao
> >
> > > -----Original Message-----
> > > From: Yao, Jiewen
> > > Sent: Friday, March 27, 2020 10:01 AM
> > > To: devel at edk2.groups.io; Gao, Zhichao <zhichao.gao at intel.com>
> > > Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> > > <xiaoyux.lu at intel.com>; Maciej Rabeda
> > > <maciej.rabeda at linux.intel.com>; Wu, Jiaxin <jiaxin.wu at intel.com>;
> > > Fu, Siyuan <siyuan.fu at intel.com>
> > > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the
> > > deprecate function
> > >
> > > Good feature.
> > >
> > > I believe TPM1.2 still uses SHA1. It should be added as well.
> > >
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of
> > > > Gao, Zhichao
> > > > Sent: Friday, March 27, 2020 9:56 AM
> > > > To: devel at edk2.groups.io
> > > > Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> > > > <xiaoyux.lu at intel.com>; Maciej Rabeda
> > > > <maciej.rabeda at linux.intel.com>; Wu, Jiaxin <jiaxin.wu at intel.com>;
> > > > Fu, Siyuan <siyuan.fu at intel.com>
> > > > Subject: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> > > > function
> > > >
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> > > >
> > > > MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer.
> > > > They are all deprecated. Edk2 would not support them any longer.
> > > > So remove them.
> > > > But uefi spec want to keep MD5 and SHA1 for backwards compatibility.
> > > > So add two pcds to control the MD5 and SHA1 enablement. Set the
> > > > pcds default value to false to indicate they are deprecated.
> > > >
> > > > NetWorkPkg's iSCSI driver would consume the MD5 function, so
> > > > change the md5 pcd to TURE when iSCSI is enabled.
> > > >
> > > > Cc: Jian J Wang <jian.j.wang at intel.com>
> > > > Cc: Xiaoyu Lu <xiaoyux.lu at intel.com>
> > > > Cc: Maciej Rabeda <maciej.rabeda at linux.intel.com>
> > > > Cc: Jiaxin Wu <jiaxin.wu at intel.com>
> > > > Cc: Siyuan Fu <siyuan.fu at intel.com>
> > > > Signed-off-by: Zhichao Gao <zhichao.gao at intel.com>
> > > >
> > > > Zhichao Gao (8):
> > > > CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> > > > CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> > > > CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> > > > CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> > > > CryptoPkg/dec: Add pcds to avoid building the deprecated function
> > > > NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI
> > > > Crypto/BaseCryptLib: Using pcd to control MD5 enablement
> > > > CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement
> > > >
> > > > CryptoPkg/CryptoPkg.dec | 11 +
> > > > CryptoPkg/CryptoPkg.uni | 11 +
> > > > CryptoPkg/Driver/Crypto.c | 634 +-----------------
> > > > CryptoPkg/Include/Library/BaseCryptLib.h | 548 ---------------
> > > > .../Library/BaseCryptLib/BaseCryptLib.inf | 9 +-
> > > > .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ----
> > > > .../BaseCryptLib/Cipher/CryptAesNull.c | 52 --
> > > > .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------
> > > > .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ----
> > > > .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ----------
> > > > .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 -----
> > > > .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------
> > > > .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ----
> > > > .../Library/BaseCryptLib/Hash/CryptMd5.c | 5 +-
> > > > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 3 +
> > > > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 3 +
> > > > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 +
> > > > .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 +
> > > > .../Library/BaseCryptLib/PeiCryptLib.inf | 13 +-
> > > > .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 +
> > > > .../Library/BaseCryptLib/Pk/CryptRsaBasic.c | 5 +
> > > > .../Library/BaseCryptLib/Pk/CryptRsaExt.c | 5 +
> > > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 13 +-
> > > > .../Library/BaseCryptLib/SmmCryptLib.inf | 13 +-
> > > > .../BaseCryptLibNull/BaseCryptLibNull.inf | 3 -
> > > > .../BaseCryptLibNull/Cipher/CryptAesNull.c | 54 +-
> > > > .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ----
> > > > .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 -----
> > > > .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ----
> > > > .../BaseCryptLibNull/Hash/CryptMd5Null.c | 3 +
> > > > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 3 +
> > > > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +-
> > > > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 604 +----------------
> > > > .../Library/BaseHashApiLib/BaseHashApiLib.c | 12 +
> > > > .../Library/BaseHashApiLib/BaseHashApiLib.inf | 1 +
> > > > CryptoPkg/Private/Protocol/Crypto.h | 583 +---------------
> > > > NetworkPkg/NetworkPcds.dsc.inc | 5 +-
> > > > 37 files changed, 145 insertions(+), 4221 deletions(-) delete
> > > > mode
> > > > 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> > > > delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> > > > delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
> > > > delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
> > > > delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
> > > > delete mode 100644
> > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
> > > > delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> > > > delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
> > > > delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
> > > >
> > > > --
> > > > 2.21.0.windows.1
> > > >
> > > >
> > > >
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#56463): https://edk2.groups.io/g/devel/message/56463
Mute This Topic: https://groups.io/mt/72579461/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list