CryptoPkg/CryptoPkg.dsc | 3 +++ CryptoPkg/Driver/Crypto.c | 4 ++-- CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- NetworkPkg/Network.dsc.inc | 5 +++++ NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- SecurityPkg/SecurityPkg.dsc | 2 +- 8 files changed, 16 insertions(+), 8 deletions(-)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 MD5 is deprecated, make it disable as default for security. It required to set MD5 enable explicitly if the module is still using MD5. List the modules that are still using it: iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config). This patch set would affact the platforms that are using iSCSI function. Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Kelly Steele <kelly.steele@intel.com> Cc: Zailiang Sun <zailiang.sun@intel.com> Cc: Yi Qian <yi.qian@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Roger Feng <roger.feng@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Zhichao Gao (5): NetworkPkg/Defines: Make iSCSI disable as default NetworkPkg: Enable MD5 while enable iSCSI SecurityPkg/dsc: Explicitly enable MD5 for package build CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 CryptoPkg: Make the MD5 disable as default for security CryptoPkg/CryptoPkg.dsc | 3 +++ CryptoPkg/Driver/Crypto.c | 4 ++-- CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- NetworkPkg/Network.dsc.inc | 5 +++++ NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- SecurityPkg/SecurityPkg.dsc | 2 +- 8 files changed, 16 insertions(+), 8 deletions(-) -- 2.21.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#66595): https://edk2.groups.io/g/devel/message/66595 Mute This Topic: https://groups.io/mt/77811109/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Thanks Zhichao. Can we remove MD5 from Hash2DxeCrypto ? I don't see a strong reason to include. It should only be used by iSCSI. Also, if possible, I prefer to remove SHA1 from Hash2DxeCrypto as well. Thank you Yao Jiewen > -----Original Message----- > From: Gao, Zhichao <zhichao.gao@intel.com> > Sent: Monday, October 26, 2020 5:04 PM > To: devel@edk2.groups.io > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; > Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; > Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin > <guomin.jiang@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; > Steele, Kelly <kelly.steele@intel.com>; Sun, Zailiang > <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Maciej Rabeda > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, > Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com> > Subject: [PATCH 0/5] Make the MD5 disable as default setting > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 > > MD5 is deprecated, make it disable as default for security. > It required to set MD5 enable explicitly if the module is still > using MD5. List the modules that are still using it: > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config). > > This patch set would affact the platforms that are using iSCSI > function. > > Cc: Jordan Justen <jordan.l.justen@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> > Cc: Sami Mujawar <sami.mujawar@arm.com> > Cc: Leif Lindholm <leif@nuviainc.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > Cc: Guomin Jiang <guomin.jiang@intel.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Kelly Steele <kelly.steele@intel.com> > Cc: Zailiang Sun <zailiang.sun@intel.com> > Cc: Yi Qian <yi.qian@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> > Cc: Jiaxin Wu <jiaxin.wu@intel.com> > Cc: Siyuan Fu <siyuan.fu@intel.com> > Cc: Roger Feng <roger.feng@intel.com> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> > > Zhichao Gao (5): > NetworkPkg/Defines: Make iSCSI disable as default > NetworkPkg: Enable MD5 while enable iSCSI > SecurityPkg/dsc: Explicitly enable MD5 for package build > CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 > CryptoPkg: Make the MD5 disable as default for security > > CryptoPkg/CryptoPkg.dsc | 3 +++ > CryptoPkg/Driver/Crypto.c | 4 ++-- > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- > NetworkPkg/Network.dsc.inc | 5 +++++ > NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- > SecurityPkg/SecurityPkg.dsc | 2 +- > 8 files changed, 16 insertions(+), 8 deletions(-) > > -- > 2.21.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#66601): https://edk2.groups.io/g/devel/message/66601 Mute This Topic: https://groups.io/mt/77811109/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Let me prepare the V2 to remove them(MD5 and SHA1)。 Thanks, Zhichao > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Monday, October 26, 2020 5:35 PM > To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; Wang, > Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, > Guomin <guomin.jiang@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>; Sun, > Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Maciej Rabeda <maciej.rabeda@linux.intel.com>; > Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, > Roger <roger.feng@intel.com> > Subject: RE: [PATCH 0/5] Make the MD5 disable as default setting > > Thanks Zhichao. > > Can we remove MD5 from Hash2DxeCrypto ? > I don’t see a strong reason to include. > It should only be used by iSCSI. > > Also, if possible, I prefer to remove SHA1 from Hash2DxeCrypto as well. > > Thank you > Yao Jiewen > > > > -----Original Message----- > > From: Gao, Zhichao <zhichao.gao@intel.com> > > Sent: Monday, October 26, 2020 5:04 PM > > To: devel@edk2.groups.io > > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; > > Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, > > Guomin <guomin.jiang@intel.com>; Kinney, Michael D > > <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>; > > Sun, Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; > > Liming Gao <gaoliming@byosoft.com.cn>; Maciej Rabeda > > <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, > > Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com> > > Subject: [PATCH 0/5] Make the MD5 disable as default setting > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 > > > > MD5 is deprecated, make it disable as default for security. > > It required to set MD5 enable explicitly if the module is still using > > MD5. List the modules that are still using it: > > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config). > > > > This patch set would affact the platforms that are using iSCSI > > function. > > > > Cc: Jordan Justen <jordan.l.justen@intel.com> > > Cc: Laszlo Ersek <lersek@redhat.com> > > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> > > Cc: Sami Mujawar <sami.mujawar@arm.com> > > Cc: Leif Lindholm <leif@nuviainc.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > > Cc: Guomin Jiang <guomin.jiang@intel.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Kelly Steele <kelly.steele@intel.com> > > Cc: Zailiang Sun <zailiang.sun@intel.com> > > Cc: Yi Qian <yi.qian@intel.com> > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> > > Cc: Jiaxin Wu <jiaxin.wu@intel.com> > > Cc: Siyuan Fu <siyuan.fu@intel.com> > > Cc: Roger Feng <roger.feng@intel.com> > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> > > > > Zhichao Gao (5): > > NetworkPkg/Defines: Make iSCSI disable as default > > NetworkPkg: Enable MD5 while enable iSCSI > > SecurityPkg/dsc: Explicitly enable MD5 for package build > > CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 > > CryptoPkg: Make the MD5 disable as default for security > > > > CryptoPkg/CryptoPkg.dsc | 3 +++ > > CryptoPkg/Driver/Crypto.c | 4 ++-- > > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- > > NetworkPkg/Network.dsc.inc | 5 +++++ > > NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- > > SecurityPkg/SecurityPkg.dsc | 2 +- > > 8 files changed, 16 insertions(+), 8 deletions(-) > > > > -- > > 2.21.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#66614): https://edk2.groups.io/g/devel/message/66614 Mute This Topic: https://groups.io/mt/77811109/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
+Qi for review -----Original Message----- From: Gao, Zhichao <zhichao.gao@intel.com> Sent: Tuesday, October 27, 2020 8:55 AM To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; Qian, Yi <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger <roger.feng@intel.com> Subject: RE: [PATCH 0/5] Make the MD5 disable as default setting Let me prepare the V2 to remove them(MD5 and SHA1)。 Thanks, Zhichao > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Monday, October 26, 2020 5:35 PM > To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; > Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX > <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; > Kinney, Michael D <michael.d.kinney@intel.com>; Steele, Kelly > <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; > Qian, Yi <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin > <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger > <roger.feng@intel.com> > Subject: RE: [PATCH 0/5] Make the MD5 disable as default setting > > Thanks Zhichao. > > Can we remove MD5 from Hash2DxeCrypto ? > I don’t see a strong reason to include. > It should only be used by iSCSI. > > Also, if possible, I prefer to remove SHA1 from Hash2DxeCrypto as well. > > Thank you > Yao Jiewen > > > > -----Original Message----- > > From: Gao, Zhichao <zhichao.gao@intel.com> > > Sent: Monday, October 26, 2020 5:04 PM > > To: devel@edk2.groups.io > > Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek > > <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Sami > > Mujawar <sami.mujawar@arm.com>; Leif Lindholm <leif@nuviainc.com>; > > Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, > > Guomin <guomin.jiang@intel.com>; Kinney, Michael D > > <michael.d.kinney@intel.com>; Steele, Kelly > > <kelly.steele@intel.com>; Sun, Zailiang <zailiang.sun@intel.com>; > > Qian, Yi <yi.qian@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > > Maciej Rabeda <maciej.rabeda@linux.intel.com>; Wu, Jiaxin > > <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Feng, Roger > > <roger.feng@intel.com> > > Subject: [PATCH 0/5] Make the MD5 disable as default setting > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003 > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021 > > > > MD5 is deprecated, make it disable as default for security. > > It required to set MD5 enable explicitly if the module is still > > using MD5. List the modules that are still using it: > > iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config). > > > > This patch set would affact the platforms that are using iSCSI > > function. > > > > Cc: Jordan Justen <jordan.l.justen@intel.com> > > Cc: Laszlo Ersek <lersek@redhat.com> > > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> > > Cc: Sami Mujawar <sami.mujawar@arm.com> > > Cc: Leif Lindholm <leif@nuviainc.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > > Cc: Guomin Jiang <guomin.jiang@intel.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Kelly Steele <kelly.steele@intel.com> > > Cc: Zailiang Sun <zailiang.sun@intel.com> > > Cc: Yi Qian <yi.qian@intel.com> > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> > > Cc: Jiaxin Wu <jiaxin.wu@intel.com> > > Cc: Siyuan Fu <siyuan.fu@intel.com> > > Cc: Roger Feng <roger.feng@intel.com> > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> > > > > Zhichao Gao (5): > > NetworkPkg/Defines: Make iSCSI disable as default > > NetworkPkg: Enable MD5 while enable iSCSI > > SecurityPkg/dsc: Explicitly enable MD5 for package build > > CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5 > > CryptoPkg: Make the MD5 disable as default for security > > > > CryptoPkg/CryptoPkg.dsc | 3 +++ > > CryptoPkg/Driver/Crypto.c | 4 ++-- > > CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c | 2 +- > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +- > > NetworkPkg/Network.dsc.inc | 5 +++++ > > NetworkPkg/NetworkDefines.dsc.inc | 4 ++-- > > SecurityPkg/SecurityPkg.dsc | 2 +- > > 8 files changed, 16 insertions(+), 8 deletions(-) > > > > -- > > 2.21.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#66760): https://edk2.groups.io/g/devel/message/66760 Mute This Topic: https://groups.io/mt/77811109/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.