Re: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function

Gao, Zhichao Thu, 26 Mar 2020 19:54:01 -0700

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Friday, March 27, 2020 10:21 AM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com>; Gao,
> Zhichao <zhichao....@intel.com>
> Cc: Wang, Jian J <jian.j.w...@intel.com>; Lu, XiaoyuX
> <xiaoyux...@intel.com>; Maciej Rabeda <maciej.rab...@linux.intel.com>;
> Wu, Jiaxin <jiaxin...@intel.com>; Fu, Siyuan <siyuan...@intel.com>
> Subject: RE: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> function
> 
> Some other comments:
> 
> 2) You may consider disable those feature in openssl build as well, such as
> OPENSSL_NO_MD4, OPENSSL_NO_RC4, OPENSSL_NO_DES

Good point. I would follow this.

> 
> 3) Is there any usage of HMAC_MD5 or HMAC_SHA1 ?
> We can remove those if no real usage and just leave HMAC_SHA256 there.

I would view whole edk2 scope (edk2, edk2platform and so on). And remove them 
if there is no usage.

Thanks,
Zhichao

> 
> 
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> > Jiewen
> > Sent: Friday, March 27, 2020 10:01 AM
> > To: devel@edk2.groups.io; Gao, Zhichao <zhichao....@intel.com>
> > Cc: Wang, Jian J <jian.j.w...@intel.com>; Lu, XiaoyuX
> > <xiaoyux...@intel.com>; Maciej Rabeda <maciej.rab...@linux.intel.com>;
> > Wu, Jiaxin <jiaxin...@intel.com>; Fu, Siyuan <siyuan...@intel.com>
> > Subject: Re: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> > function
> >
> > Good feature.
> >
> > I believe TPM1.2 still uses SHA1. It should be added as well.
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gao,
> > > Zhichao
> > > Sent: Friday, March 27, 2020 9:56 AM
> > > To: devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.w...@intel.com>; Lu, XiaoyuX
> > <xiaoyux...@intel.com>;
> > > Maciej Rabeda <maciej.rab...@linux.intel.com>; Wu, Jiaxin
> > > <jiaxin...@intel.com>; Fu, Siyuan <siyuan...@intel.com>
> > > Subject: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate
> > > function
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> > >
> > > MD4, AR4, Tdes, Aes Ecb mode, MD5 and SHA1 is not secure any longer.
> > > They are all deprecated. Edk2 would not support them any longer.
> > > So remove them.
> > > But uefi spec want to keep MD5 and SHA1 for backwards compatibility.
> > > So add two pcds to control the MD5 and SHA1 enablement. Set the pcds
> > > default value to false to indicate they are deprecated.
> > >
> > > NetWorkPkg's iSCSI driver would consume the MD5 function, so change
> > > the md5 pcd to TURE when iSCSI is enabled.
> > >
> > > Cc: Jian J Wang <jian.j.w...@intel.com>
> > > Cc: Xiaoyu Lu <xiaoyux...@intel.com>
> > > Cc: Maciej Rabeda <maciej.rab...@linux.intel.com>
> > > Cc: Jiaxin Wu <jiaxin...@intel.com>
> > > Cc: Siyuan Fu <siyuan...@intel.com>
> > > Signed-off-by: Zhichao Gao <zhichao....@intel.com>
> > >
> > > Zhichao Gao (8):
> > >   CryptoPkg/BaseCrpytLib: Retire MD4 algorithm
> > >   CryptoPkg/BaseCryptLib: Retire ARC4 algorithm
> > >   CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
> > >   CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm
> > >   CryptoPkg/dec: Add pcds to avoid building the deprecated function
> > >   NetWorkPkg/Pcd.inc: Enable the MD5 for iSCSI
> > >   Crypto/BaseCryptLib: Using pcd to control MD5 enablement
> > >   CryptoPkg/BaseCryptLib: Use Pcd to control the SHA1 enablement
> > >
> > >  CryptoPkg/CryptoPkg.dec                       |  11 +
> > >  CryptoPkg/CryptoPkg.uni                       |  11 +
> > >  CryptoPkg/Driver/Crypto.c                     | 634 +-----------------
> > >  CryptoPkg/Include/Library/BaseCryptLib.h      | 548 ---------------
> > >  .../Library/BaseCryptLib/BaseCryptLib.inf     |   9 +-
> > >  .../Library/BaseCryptLib/Cipher/CryptAes.c    | 114 ----
> > >  .../BaseCryptLib/Cipher/CryptAesNull.c        |  52 --
> > >  .../Library/BaseCryptLib/Cipher/CryptArc4.c   | 205 ------
> > >  .../BaseCryptLib/Cipher/CryptArc4Null.c       | 124 ----
> > >  .../Library/BaseCryptLib/Cipher/CryptTdes.c   | 364 ----------
> > >  .../BaseCryptLib/Cipher/CryptTdesNull.c       | 160 -----
> > >  .../Library/BaseCryptLib/Hash/CryptMd4.c      | 223 ------
> > >  .../Library/BaseCryptLib/Hash/CryptMd4Null.c  | 143 ----
> > >  .../Library/BaseCryptLib/Hash/CryptMd5.c      |   5 +-
> > >  .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c  |   3 +
> > >  .../BaseCryptLib/Hmac/CryptHmacMd5Null.c      |   3 +
> > >  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c |   3 +
> > >  .../BaseCryptLib/Hmac/CryptHmacSha1Null.c     |   3 +
> > >  .../Library/BaseCryptLib/PeiCryptLib.inf      |  13 +-
> > >  .../BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c        |   3 +
> > >  .../Library/BaseCryptLib/Pk/CryptRsaBasic.c   |   5 +
> > >  .../Library/BaseCryptLib/Pk/CryptRsaExt.c     |   5 +
> > >  .../Library/BaseCryptLib/RuntimeCryptLib.inf  |  13 +-
> > >  .../Library/BaseCryptLib/SmmCryptLib.inf      |  13 +-
> > >  .../BaseCryptLibNull/BaseCryptLibNull.inf     |   3 -
> > >  .../BaseCryptLibNull/Cipher/CryptAesNull.c    |  54 +-
> > >  .../BaseCryptLibNull/Cipher/CryptArc4Null.c   | 124 ----
> > >  .../BaseCryptLibNull/Cipher/CryptTdesNull.c   | 160 -----
> > >  .../BaseCryptLibNull/Hash/CryptMd4Null.c      | 143 ----
> > >  .../BaseCryptLibNull/Hash/CryptMd5Null.c      |   3 +
> > >  .../BaseCryptLibNull/Hmac/CryptHmacMd5Null.c  |   3 +
> > >  .../BaseCryptLibNull/Hmac/CryptHmacSha1Null.c |   4 +-
> > >  .../BaseCryptLibOnProtocolPpi/CryptLib.c      | 604 +----------------
> > >  .../Library/BaseHashApiLib/BaseHashApiLib.c   |  12 +
> > >  .../Library/BaseHashApiLib/BaseHashApiLib.inf |   1 +
> > >  CryptoPkg/Private/Protocol/Crypto.h           | 583 +---------------
> > >  NetworkPkg/NetworkPcds.dsc.inc                |   5 +-
> > >  37 files changed, 145 insertions(+), 4221 deletions(-)  delete mode
> > > 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
> > >  delete mode 100644
> > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c
> > >  delete mode 100644
> > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
> > >  delete mode 100644
> > > CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
> > >  delete mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
> > >  delete mode 100644
> > > CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c
> > >  delete mode 100644
> > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptArc4Null.c
> > >  delete mode 100644
> > > CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c
> > >  delete mode 100644
> > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptMd4Null.c
> > >
> > > --
> > > 2.21.0.windows.1
> > >
> > >
> > >
> >
> >
> > 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56462): https://edk2.groups.io/g/devel/message/56462
Mute This Topic: https://groups.io/mt/72579461/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 0/8] CryptoPkg: Retire the deprecate function

Reply via email to
