[edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function

Fri Mar 27 02:54:53 UTC 2020

Sorry for the mess. I used to view all the dsc as platform side. I would update security pkg as well.

Thanks,
Zhichao

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Friday, March 27, 2020 10:51 AM
> To: Gao, Zhichao <zhichao.gao at intel.com>; devel at edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> <xiaoyux.lu at intel.com>; Maciej Rabeda <maciej.rabeda at linux.intel.com>;
> Wu, Jiaxin <jiaxin.wu at intel.com>; Fu, Siyuan <siyuan.fu at intel.com>
> Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> function
> 
> The SHA1 is called explicitly in SecurityPkg. Are you sure we don't need
> update security pkg?
> 
> > -----Original Message-----
> > From: Gao, Zhichao <zhichao.gao at intel.com>
> > Sent: Friday, March 27, 2020 10:44 AM
> > To: Yao, Jiewen <jiewen.yao at intel.com>; devel at edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> > <xiaoyux.lu at intel.com>; Maciej Rabeda <maciej.rabeda at linux.intel.com>;
> > Wu, Jiaxin <jiaxin.wu at intel.com>; Fu, Siyuan <siyuan.fu at intel.com>
> > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> > function
> >
> > Jiewen,
> > Thanks for the reminder. But TPM didn't have the inc file as
> > NetWorkPkg to set the pcd for all platform. The change for TPM1.2 should
> be at platform side.
> > I would change the edk2 platform code as well once the solution is decided.
> >
> > Thanks,
> > Zhichao
> >
> > > -----Original Message-----
> > > From: Yao, Jiewen
> > > Sent: Friday, March 27, 2020 10:01 AM
> > > To: devel at edk2.groups.io; Gao, Zhichao <zhichao.gao at intel.com>
> > > Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> > > <xiaoyux.lu at intel.com>; Maciej Rabeda
> > > <maciej.rabeda at linux.intel.com>; Wu, Jiaxin <jiaxin.wu at intel.com>;
> > > Fu, Siyuan <siyuan.fu at intel.com>
> > > Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the
> > > deprecate function
> > >
> > > Good feature.
> > >
> > > I believe TPM1.2 still uses SHA1. It should be added as well.
> > >
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of
> > > > Gao, Zhichao
> > > > Sent: Friday, March 27, 2020 9:56 AM
> > > > To: devel at edk2.groups.io
> > > > Cc: Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX
> > > > <xiaoyux.lu at intel.com>; Maciej Rabeda
> > > > <maciej.rabeda at linux.intel.com>; Wu, Jiaxin <jiaxin.wu at intel.com>;
> > > > Fu, Siyuan <siyuan.fu at intel.com>
> > > > Subject: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> > > > function
> > > >
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> > > >
> > > > MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer.
> > > > They are all deprecated. Edk2 would not support them any longer.
> > > > So remove them.
> > > > But uefi spec want to keep MD5 and SHA1 for backwards compatibility.
> > > > So add two pcds to control the MD5 and SHA1 enablement. Set the
> > > > pcds default value to false to indicate they are deprecated.
> > > >
> > > > NetWorkPkg's iSCSI driver would consume the MD5 function, so
> > > > change the md5 pcd to TURE when iSCSI is enabled.
> > > >
> > > > Cc: Jian J Wang <jian.j.wang at intel.com>
> > > > Cc: Xiaoyu Lu <xiaoyux.lu at intel.com>
> > > > Cc: Maciej Rabeda <maciej.rabeda at linux.intel.com>
> > > > Cc: Jiaxin Wu <jiaxin.wu at intel.com>
> > > > Cc: Siyuan Fu <siyuan.fu at intel.com>
> > > > Signed-off-by: Zhichao Gao <zhichao.gao at intel.com>
> > > >
> > > > Zhichao Gao (8):
> > > >   CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> > > >   CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> > > >   CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> > > >   CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> > > >   CryptoPkg/dec: Add pcds to avoid building the deprecated function
> > > >   NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI
> > > >   Crypto/BaseCryptLib: Using pcd to control MD5 enablement
> > > >   CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement
> > > >
> > > >  CryptoPkg/CryptoPkg.dec                       |  11 +
> > > >  CryptoPkg/CryptoPkg.uni                       |  11 +
> > > >  CryptoPkg/Driver/Crypto.c                     | 634 +-----------------
> > > >  CryptoPkg/Include/Library/BaseCryptLib.h      | 548 ---------------
> > > >  .../Library/BaseCryptLib/BaseCryptLib.inf     |   9 +-
> > > >  .../Library/BaseCryptLib/Cipher/CryptAes.c    | 114 ----
> > > >  .../BaseCryptLib/Cipher/CryptAesNull.c        |  52 --
> > > >  .../Library/BaseCryptLib/Cipher/CryptArc4.c   | 205 ------
> > > >  .../BaseCryptLib/Cipher/CryptArc4Null.c       | 124 ----
> > > >  .../Library/BaseCryptLib/Cipher/CryptTdes.c   | 364 ----------
> > > >  .../BaseCryptLib/Cipher/CryptTdesNull.c       | 160 -----
> > > >  .../Library/BaseCryptLib/Hash/CryptMd4.c      | 223 ------
> > > >  .../Library/BaseCryptLib/Hash/CryptMd4Null.c  | 143 ----
> > > >  .../Library/BaseCryptLib/Hash/CryptMd5.c      |   5 +-
> > > >  .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c  |   3 +
> > > >  .../BaseCryptLib/Hmac/CryptHmacMd5Null.c      |   3 +
> > > >  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c |   3 +
> > > >  .../BaseCryptLib/Hmac/CryptHmacSha1Null.c     |   3 +
> > > >  .../Library/BaseCryptLib/PeiCryptLib.inf      |  13 +-
> > > >  .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c        |   3 +
> > > >  .../Library/BaseCryptLib/Pk/CryptRsaBasic.c   |   5 +
> > > >  .../Library/BaseCryptLib/Pk/CryptRsaExt.c     |   5 +
> > > >  .../Library/BaseCryptLib/RuntimeCryptLib.inf  |  13 +-
> > > >  .../Library/BaseCryptLib/SmmCryptLib.inf      |  13 +-
> > > >  .../BaseCryptLibNull/BaseCryptLibNull.inf     |   3 -
> > > >  .../BaseCryptLibNull/Cipher/CryptAesNull.c    |  54 +-
> > > >  .../BaseCryptLibNull/Cipher/CryptArc4Null.c   | 124 ----
> > > >  .../BaseCryptLibNull/Cipher/CryptTdesNull.c   | 160 -----
> > > >  .../BaseCryptLibNull/Hash/CryptMd4Null.c      | 143 ----
> > > >  .../BaseCryptLibNull/Hash/CryptMd5Null.c      |   3 +
> > > >  .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c  |   3 +
> > > >  .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c |   4 +-
> > > >  .../BaseCryptLibOnProtocolPpi/CryptLib.c      | 604 +----------------
> > > >  .../Library/BaseHashApiLib/BaseHashApiLib.c   |  12 +
> > > >  .../Library/BaseHashApiLib/BaseHashApiLib.inf |   1 +
> > > >  CryptoPkg/Private/Protocol/Crypto.h           | 583 +---------------
> > > >  NetworkPkg/NetworkPcds.dsc.inc                |   5 +-
> > > >  37 files changed, 145 insertions(+), 4221 deletions(-)  delete
> > > > mode
> > > > 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
> > > >  delete mode 100644
> CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
> > > >  delete mode 100644
> > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
> > > >  delete mode 100644
> > > > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
> > > >
> > > > --
> > > > 2.21.0.windows.1
> > > >
> > > >
> > > > 

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56463): https://edk2.groups.io/g/devel/message/56463
Mute This Topic: https://groups.io/mt/72579461/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-