Ease security analsysis by excluding libssl functionality from the
OpensslLib instance we use with TLS_ENABLE=FALSE.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Notes:
I can't build-test this.
Nt32Pkg/Nt32Pkg.dsc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc
index 47e37ecae134..c84bd71be408 100644
--- a/Nt32Pkg/Nt32Pkg.dsc
+++ b/Nt32Pkg/Nt32Pkg.dsc
@@ -159,7 +159,11 @@ [LibraryClasses]
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!if $(TLS_ENABLE) == TRUE
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibNoSsl.inf
+!endif
!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
--
2.9.3
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Jiaxin, can you review this patch? Regards, Ray >-----Original Message----- >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Laszlo Ersek >Sent: Friday, February 24, 2017 5:58 AM >To: edk2-devel-01 <edk2-devel@ml01.01.org> >Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Tomas Hoger <thoger@redhat.com> >Subject: [edk2] [PATCH 4/5] Nt32Pkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE > >Ease security analsysis by excluding libssl functionality from the >OpensslLib instance we use with TLS_ENABLE=FALSE. > >Cc: Ruiyu Ni <ruiyu.ni@intel.com> >Cc: Tomas Hoger <thoger@redhat.com> >Contributed-under: TianoCore Contribution Agreement 1.0 >Signed-off-by: Laszlo Ersek <lersek@redhat.com> >--- > >Notes: > I can't build-test this. > > Nt32Pkg/Nt32Pkg.dsc | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc >index 47e37ecae134..c84bd71be408 100644 >--- a/Nt32Pkg/Nt32Pkg.dsc >+++ b/Nt32Pkg/Nt32Pkg.dsc >@@ -159,7 +159,11 @@ [LibraryClasses] > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf >+!if $(TLS_ENABLE) == TRUE > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf >+!else >+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibNoSsl.inf >+!endif > > !if $(SECURE_BOOT_ENABLE) == TRUE > PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf >-- >2.9.3 > > >_______________________________________________ >edk2-devel mailing list >edk2-devel@lists.01.org >https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Okay, I can review the patch. Laszlo, Would you like to change the module name (OpensslLibNoSsl or OpensslLibCrypto)? Best Regards, Jiaxin > -----Original Message----- > From: Ni, Ruiyu > Sent: Friday, February 24, 2017 12:09 PM > To: Laszlo Ersek <lersek@redhat.com>; edk2-devel-01 <edk2- > devel@ml01.01.org>; Wu, Jiaxin <jiaxin.wu@intel.com> > Cc: Tomas Hoger <thoger@redhat.com> > Subject: RE: [edk2] [PATCH 4/5] Nt32Pkg: exclude libssl functionality from > OpensslLib if TLS_ENABLE=FALSE > > Jiaxin, > can you review this patch? > > Regards, > Ray > > >-----Original Message----- > >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Laszlo Ersek > >Sent: Friday, February 24, 2017 5:58 AM > >To: edk2-devel-01 <edk2-devel@ml01.01.org> > >Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Tomas Hoger <thoger@redhat.com> > >Subject: [edk2] [PATCH 4/5] Nt32Pkg: exclude libssl functionality from > OpensslLib if TLS_ENABLE=FALSE > > > >Ease security analsysis by excluding libssl functionality from the > >OpensslLib instance we use with TLS_ENABLE=FALSE. > > > >Cc: Ruiyu Ni <ruiyu.ni@intel.com> > >Cc: Tomas Hoger <thoger@redhat.com> > >Contributed-under: TianoCore Contribution Agreement 1.0 > >Signed-off-by: Laszlo Ersek <lersek@redhat.com> > >--- > > > >Notes: > > I can't build-test this. > > > > Nt32Pkg/Nt32Pkg.dsc | 4 ++++ > > 1 file changed, 4 insertions(+) > > > >diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc > >index 47e37ecae134..c84bd71be408 100644 > >--- a/Nt32Pkg/Nt32Pkg.dsc > >+++ b/Nt32Pkg/Nt32Pkg.dsc > >@@ -159,7 +159,11 @@ [LibraryClasses] > > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibN > ull/CpuExceptionHandlerLibNull.inf > > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > >+!if $(TLS_ENABLE) == TRUE > > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > >+!else > >+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibNoSsl.inf > >+!endif > > > > !if $(SECURE_BOOT_ENABLE) == TRUE > > > PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.in > f > >-- > >2.9.3 > > > > > >_______________________________________________ > >edk2-devel mailing list > >edk2-devel@lists.01.org > >https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
On 02/24/17 06:18, Wu, Jiaxin wrote: > Okay, I can review the patch. > > Laszlo, > > Would you like to change the module name (OpensslLibNoSsl or OpensslLibCrypto)? Sure, I'll submit an update ASAP. Thanks Laszlo > > Best Regards, > Jiaxin > >> -----Original Message----- >> From: Ni, Ruiyu >> Sent: Friday, February 24, 2017 12:09 PM >> To: Laszlo Ersek <lersek@redhat.com>; edk2-devel-01 <edk2- >> devel@ml01.01.org>; Wu, Jiaxin <jiaxin.wu@intel.com> >> Cc: Tomas Hoger <thoger@redhat.com> >> Subject: RE: [edk2] [PATCH 4/5] Nt32Pkg: exclude libssl functionality from >> OpensslLib if TLS_ENABLE=FALSE >> >> Jiaxin, >> can you review this patch? >> >> Regards, >> Ray >> >>> -----Original Message----- >>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >> Laszlo Ersek >>> Sent: Friday, February 24, 2017 5:58 AM >>> To: edk2-devel-01 <edk2-devel@ml01.01.org> >>> Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Tomas Hoger <thoger@redhat.com> >>> Subject: [edk2] [PATCH 4/5] Nt32Pkg: exclude libssl functionality from >> OpensslLib if TLS_ENABLE=FALSE >>> >>> Ease security analsysis by excluding libssl functionality from the >>> OpensslLib instance we use with TLS_ENABLE=FALSE. >>> >>> Cc: Ruiyu Ni <ruiyu.ni@intel.com> >>> Cc: Tomas Hoger <thoger@redhat.com> >>> Contributed-under: TianoCore Contribution Agreement 1.0 >>> Signed-off-by: Laszlo Ersek <lersek@redhat.com> >>> --- >>> >>> Notes: >>> I can't build-test this. >>> >>> Nt32Pkg/Nt32Pkg.dsc | 4 ++++ >>> 1 file changed, 4 insertions(+) >>> >>> diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc >>> index 47e37ecae134..c84bd71be408 100644 >>> --- a/Nt32Pkg/Nt32Pkg.dsc >>> +++ b/Nt32Pkg/Nt32Pkg.dsc >>> @@ -159,7 +159,11 @@ [LibraryClasses] >>> >> CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibN >> ull/CpuExceptionHandlerLibNull.inf >>> LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf >>> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf >>> +!if $(TLS_ENABLE) == TRUE >>> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf >>> +!else >>> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibNoSsl.inf >>> +!endif >>> >>> !if $(SECURE_BOOT_ENABLE) == TRUE >>> >> PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.in >> f >>> -- >>> 2.9.3 >>> >>> >>> _______________________________________________ >>> edk2-devel mailing list >>> edk2-devel@lists.01.org >>> https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.