[PATCH V4 00/13] Disable the deprecated MD5 and SHA1 support


Gao, Zhichao
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027

MD5 is deprecated, make it disable as default for security.
It required to set MD5 enable explicitly if the module is still using
MD5. List the modules that are still using it:
iSCSI, Hash2DxeCrypto, CryptoDxe(Pei, Smm) (with PACKAGE or ALL config).

This patch set would affact the platforms that are using iSCSI
function.

V2:
Remove MD5 and SHA1 support of Hash2DxeCrypto.
Remove the MD5 GUID defination in MdePkg.dec. SHA1 related GUIDs
are still using in TPM2, so keep them.
No requirement to add MD5 enable MACRO in SecurityPkg.

V3:
Explicitly enable iSCSI for ArmVirtQemu, ArmVirtQemuKernel,
OvmfPkgIa32, OvmfPkgIa32X64, OvmfPkgX64 and BhyveX64.
And set the MD5 enable base on the new MD5 MACRO.
Rejust the patch order.

V14:
Fix some typos.
Change the commit message.
Add NetworkBuildOptions.dsc.inc and add the MACRO for
different toolchain.
Using inc file in the related package dsc file:
ArmVirtQemu, ArmVirtQemuKernel, OvmfPkgIa32, OvmfPkgIa32X64,
OvmfPkgX64, OvmfXen and BhyveX64.
Enable iSCSI in NetworkPkg.dsc for build test.

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Cc: Sami Mujawar <sami.mujawar@...>
Cc: Leif Lindholm <leif@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyux.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Kelly Steele <kelly.steele@...>
Cc: Zailiang Sun <zailiang.sun@...>
Cc: Yi Qian <yi.qian@...>
Cc: Liming Gao <gaoliming@...>
Cc: Maciej Rabeda <maciej.rabeda@...>
Cc: Jiaxin Wu <jiaxin.wu@...>
Cc: Siyuan Fu <siyuan.fu@...>
Cc: Roger Feng <roger.feng@...>
Cc: Zhiguang Liu <zhiguang.liu@...>
Signed-off-by: Zhichao Gao <zhichao.gao@...>

Zhichao Gao (13):
SecurityPkg/Hash2DxeCrypto: Remove MD5 support
SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
CryptoPkg/dsc: Enable MD5 when CRYPTO_SERVICES enable MD5
NetworkPkg: Enable MD5 while enable iSCSI
ArmVirtPkg/ArmVirtQemu.dsc: Enable MD5 while enable iSCSI
ArmVirtPkg/ArmVirtQemuKernel.dsc: Enable MD5 while enable iSCSI
OvmfPkg/OvmfPkgIa32.dsc: Enable MD5 while enable iSCSI
OvmfPkg/OvmfPkgIa32X64.dsc: Enable MD5 while enable iSCSI
OvmfPkg/OvmfPkgX64.dsc: Enable MD5 while enable iSCSI
OvmfPkg/OvmfXen.dsc: Enable MD5 while enable iSCSI
OvmfPkg/BhyveX64.dsc: Enable MD5 while enable iSCSI
NetworkPkg/Defines: Make iSCSI disable as default
CryptoPkg: Make the MD5 disable as default for security

ArmVirtPkg/ArmVirtQemu.dsc | 6 ++++-
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
CryptoPkg/CryptoPkg.dsc | 6 +++++
CryptoPkg/Driver/Crypto.c | 4 ++--
CryptoPkg/Include/Library/BaseCryptLib.h | 2 +-
.../Library/BaseCryptLib/Hash/CryptMd5.c | 2 +-
.../BaseCryptLibOnProtocolPpi/CryptLib.c | 2 +-
NetworkPkg/Network.dsc.inc | 5 ++++-
NetworkPkg/NetworkBuildOptions.dsc.inc | 22 +++++++++++++++++++
NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
NetworkPkg/NetworkPkg.dsc | 4 +++-
OvmfPkg/Bhyve/BhyveX64.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32.dsc | 3 +++
OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
OvmfPkg/OvmfPkgX64.dsc | 3 +++
OvmfPkg/OvmfXen.dsc | 3 +++
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 2 --
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf | 4 +---
18 files changed, 68 insertions(+), 17 deletions(-)
create mode 100644 NetworkPkg/NetworkBuildOptions.dsc.inc

--
2.21.0.windows.1

Join devel@edk2.groups.io to automatically receive all group messages.