Good feature. I believe TPM1.2 still uses SHA1. It should be added as well.
> -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao, > Zhichao > Sent: Friday, March 27, 2020 9:56 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.w...@intel.com>; Lu, XiaoyuX <xiaoyux...@intel.com>; > Maciej Rabeda <maciej.rab...@linux.intel.com>; Wu, Jiaxin > <jiaxin...@intel.com>; Fu, Siyuan <siyuan...@intel.com> > Subject: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 > > MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer. > They are all deprecated. Edk2 would not support them any longer. > So remove them. > But uefi spec want to keep MD5 and SHA1 for backwards compatibility. > So add two pcds to control the MD5 and SHA1 enablement. Set the pcds > default value to false to indicate they are deprecated. > > NetWorkPkg's iSCSI driver would consume the MD5 function, so change > the md5 pcd to TURE when iSCSI is enabled. > > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Xiaoyu Lu <xiaoyux...@intel.com> > Cc: Maciej Rabeda <maciej.rab...@linux.intel.com> > Cc: Jiaxin Wu <jiaxin...@intel.com> > Cc: Siyuan Fu <siyuan...@intel.com> > Signed-off-by: Zhichao Gao <zhichao....@intel.com> > > Zhichao Gao (8): > CryptoPkg/BaseCrpytLib: Retire MD4 algorithm > CryptoPkg/BaseCryptLib: Retire ARC4 algorithm > CryptoPkg/BaseCryptLib: Retire the Tdes algorithm > CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm > CryptoPkg/dec: Add pcds to avoid building the deprecated function > NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI > Crypto/BaseCryptLib: Using pcd to control MD5 enablement > CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement > > CryptoPkg/CryptoPkg.dec | 11 + > CryptoPkg/CryptoPkg.uni | 11 + > CryptoPkg/Driver/Crypto.c | 634 +----------------- > CryptoPkg/Include/Library/BaseCryptLib.h | 548 --------------- > .../Library/BaseCryptLib/BaseCryptLib.inf | 9 +- > .../Library/BaseCryptLib/Cipher/CryptAes.c | 114 ---- > .../BaseCryptLib/Cipher/CryptAesNull.c | 52 -- > .../Library/BaseCryptLib/Cipher/CryptArc4.c | 205 ------ > .../BaseCryptLib/Cipher/CryptArc4Null.c | 124 ---- > .../Library/BaseCryptLib/Cipher/CryptTdes.c | 364 ---------- > .../BaseCryptLib/Cipher/CryptTdesNull.c | 160 ----- > .../Library/BaseCryptLib/Hash/CryptMd4.c | 223 ------ > .../Library/BaseCryptLib/Hash/CryptMd4Null.c | 143 ---- > .../Library/BaseCryptLib/Hash/CryptMd5.c | 5 +- > .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 3 + > .../BaseCryptLib/Hmac/CryptHmacMd5Null.c | 3 + > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 3 + > .../BaseCryptLib/Hmac/CryptHmacSha1Null.c | 3 + > .../Library/BaseCryptLib/PeiCryptLib.inf | 13 +- > .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c | 3 + > .../Library/BaseCryptLib/Pk/CryptRsaBasic.c | 5 + > .../Library/BaseCryptLib/Pk/CryptRsaExt.c | 5 + > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 13 +- > .../Library/BaseCryptLib/SmmCryptLib.inf | 13 +- > .../BaseCryptLibNull/BaseCryptLibNull.inf | 3 - > .../BaseCryptLibNull/Cipher/CryptAesNull.c | 54 +- > .../BaseCryptLibNull/Cipher/CryptArc4Null.c | 124 ---- > .../BaseCryptLibNull/Cipher/CryptTdesNull.c | 160 ----- > .../BaseCryptLibNull/Hash/CryptMd4Null.c | 143 ---- > .../BaseCryptLibNull/Hash/CryptMd5Null.c | 3 + > .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c | 3 + > .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c | 4 +- > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 604 +---------------- > .../Library/BaseHashApiLib/BaseHashApiLib.c | 12 + > .../Library/BaseHashApiLib/BaseHashApiLib.inf | 1 + > CryptoPkg/Private/Protocol/Crypto.h | 583 +--------------- > NetworkPkg/NetworkPcds.dsc.inc | 5 +- > 37 files changed, 145 insertions(+), 4221 deletions(-) > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c > delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c > delete mode 100644 > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c > delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c > > -- > 2.21.0.windows.1 > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56450): https://edk2.groups.io/g/devel/message/56450 Mute This Topic: https://groups.io/mt/72579461/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
