CryptoPkg/BaseCryptLib: Retire the TDES algorithm

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898 TDES is not secure any longer. Remove the Tdes support from edk2. Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the function is unsupported any longer. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-04-22 17:48:02 +08:00
parent f4c15d3807
commit b8af2c9eda
16 changed files with 60 additions and 1377 deletions
--- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
@ -1,7 +1,7 @@
 /** @file
  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.

-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent

 **/
@ -82,11 +82,8 @@ RsaGetPrivateKeyFromPem (

  //
  // Add possible block-cipher descriptor for PEM data decryption.
-  // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.
+  // NOTE: Only support most popular ciphers AES for the encrypted PEM.
  //
-  if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) {
-    return FALSE;
-  }
  if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
    return FALSE;
  }