From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.81])
 by mx.groups.io with SMTP id smtpd.web12.1810.1588837869108092337
 for <devel@edk2.groups.io>;
 Thu, 07 May 2020 00:51:09 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UvIKjnWd;
 spf=pass (domain: redhat.com, ip: 207.211.31.81, mailfrom: philmd@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1588837868;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=22z1l7GDWAzGFvgiUzdrAO2XMjcPbWn7+ulr+uxeI34=;
	b=UvIKjnWdsy8gMjqs60DtBvPZNHkFzgpGPW2UkpmugnmHDYlwTdP5BKZXuQJQudDa7sUI+m
	GueuI8/DiV2GjnmbOGHucg/30YPK7Kgu+0oLvN4adp9AglzDbO71fnZ0nn/XF+d4UJaBo0
	RCi7YoS0979/WN9A+8FtXibUhe2m+Io=
Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com
 [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-437-cpV3SIBNMBmbby73fqqQSw-1; Thu, 07 May 2020 03:51:06 -0400
X-MC-Unique: cpV3SIBNMBmbby73fqqQSw-1
Received: by mail-wr1-f69.google.com with SMTP id a12so2930110wrv.3
        for <devel@edk2.groups.io>; Thu, 07 May 2020 00:51:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=22z1l7GDWAzGFvgiUzdrAO2XMjcPbWn7+ulr+uxeI34=;
        b=PU6nPSkZjoIM1TUIY+qx8pwekBEOh/Mj9ctnSLjx6EjmHfB4mu/qVsEdxx9xGtz4Y2
         ZjsLH1YbWQLcqV0zdgvEgMszcDW1tlPkgsls9CccYKcme/6sXxyaKKjXymgxV5HazebK
         D1ngDzJaJpFLfNQnjKT8fWdHxWD7i8pWKBex4gyC8YiSAwlGCkIxen16E6rULM0xg+OC
         sb4xwUJRt/gKMSci7diEObeu/5RcTTKmoy+rdu5zD7Fdx8ssaZog0djhynf+zKL21swv
         ha+vXtY6wFJqBJY5MVs0Q27lF6xq+Xp7NH1+FuBR6QJN8BSjkm13O1mR0Fa9/VzFKjVM
         YDsQ==
X-Gm-Message-State: AGi0PuZwd+aPAGOlYeBjqqi0bsojBd7IU1BOwja8xkLmqCTRK9SLe8jk
	DGaBeBhUeHkFOpcSnUCP5n07honemxhB27hacD19ZHs+E1E5kJvpllpVENfTtMbFGa0Ef/Dvfp1
	deCPQV9mjQEcAng==
X-Received: by 2002:a7b:c4d0:: with SMTP id g16mr9625144wmk.154.1588837865625;
        Thu, 07 May 2020 00:51:05 -0700 (PDT)
X-Google-Smtp-Source: APiQypL+CQRKRLqENRpnGqvhHc7/NeQ4YxMYZcmOuZSfKidHkndOQCZYzTQfDXJo6DCKI+WiryC/AA==
X-Received: by 2002:a7b:c4d0:: with SMTP id g16mr9625127wmk.154.1588837865461;
        Thu, 07 May 2020 00:51:05 -0700 (PDT)
Return-Path: <philmd@redhat.com>
Received: from [192.168.1.39] (248.red-88-21-203.staticip.rima-tde.net. [88.21.203.248])
        by smtp.gmail.com with ESMTPSA id i6sm6835315wrc.82.2020.05.07.00.51.04
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 07 May 2020 00:51:04 -0700 (PDT)
Subject: Re: [edk2-devel] [PATCH V3 4/8] CryptoPkg/BaseCryptLib: Retire the Tdes algorithm
To: devel@edk2.groups.io, zhichao.gao@intel.com
Cc: Jian J Wang <jian.j.wang@intel.com>, Xiaoyu Lu <xiaoyux.lu@intel.com>,
 Siyuan Fu <siyuan.fu@intel.com>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>
References: <20200506235746.19500-1-zhichao.gao@intel.com>
 <20200506235746.19500-5-zhichao.gao@intel.com>
From: =?UTF-8?B?UGhpbGlwcGUgTWF0aGlldS1EYXVkw6k=?= <philmd@redhat.com>
Message-ID: <f738854a-3077-c0e2-e5f8-b38482ee3f9b@redhat.com>
Date: Thu, 7 May 2020 09:51:03 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <20200506235746.19500-5-zhichao.gao@intel.com>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit

On 5/7/20 1:57 AM, Gao, Zhichao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898
> 
> Tdes is not secure any longer.

Please write acronyms in caps: TDES.

> Remove the Tdes support from edk2.
> Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the
> function is unsupported any longer.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>   CryptoPkg/Driver/Crypto.c                     | 181 +--------
>   CryptoPkg/Include/Library/BaseCryptLib.h      | 196 ----------
>   .../Library/BaseCryptLib/BaseCryptLib.inf     |   1 -
>   .../Library/BaseCryptLib/Cipher/CryptTdes.c   | 364 ------------------
>   .../BaseCryptLib/Cipher/CryptTdesNull.c       | 160 --------
>   .../Library/BaseCryptLib/PeiCryptLib.inf      |   3 +-
>   .../Library/BaseCryptLib/PeiCryptLib.uni      |   6 +-
>   CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c |   7 +-
>   .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   3 +-
>   .../Library/BaseCryptLib/RuntimeCryptLib.uni  |   6 +-
>   .../Library/BaseCryptLib/SmmCryptLib.inf      |   3 +-
>   .../Library/BaseCryptLib/SmmCryptLib.uni      |   6 +-
>   .../BaseCryptLibNull/BaseCryptLibNull.inf     |   1 -
>   .../BaseCryptLibNull/Cipher/CryptTdesNull.c   | 160 --------
>   .../BaseCryptLibOnProtocolPpi/CryptLib.c      | 214 ----------
>   .../Library/Include/openssl/opensslconf.h     |   3 +
>   CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  21 -
>   .../Library/OpensslLib/OpensslLibCrypto.inf   |  21 -
>   CryptoPkg/Private/Protocol/Crypto.h           | 169 +-------
>   19 files changed, 53 insertions(+), 1472 deletions(-)
>   delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
>   delete mode 100644 CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c
>   delete mode 100644 CryptoPkg/Library/BaseCryptLibNull/Cipher/CryptTdesNull.c