Ease security analysis by excluding libssl functionality from the
OpensslLib instance we use with TLS_ENABLE=FALSE.
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Notes:
v2:
- fix typo "analsysis" in commit message
- resolve OpensslLib to OpensslLibCrypto.inf rather than to
OpensslLibNoSsl.inf in Nt32Pkg.dsc
v1:
- I can't build-test this.
Nt32Pkg/Nt32Pkg.dsc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc
index 47e37ecae134..499b1fe8abe0 100644
--- a/Nt32Pkg/Nt32Pkg.dsc
+++ b/Nt32Pkg/Nt32Pkg.dsc
@@ -159,7 +159,11 @@ [LibraryClasses]
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+!if $(TLS_ENABLE) == TRUE
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!else
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+!endif
!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
--
2.9.3
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Thanks, Jiaxin > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Laszlo Ersek > Sent: Friday, February 24, 2017 7:02 PM > To: edk2-devel-01 <edk2-devel@ml01.01.org> > Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Tomas Hoger <thoger@redhat.com> > Subject: [edk2] [PATCH v2 4/5] Nt32Pkg: exclude libssl functionality from > OpensslLib if TLS_ENABLE=FALSE > > Ease security analysis by excluding libssl functionality from the > OpensslLib instance we use with TLS_ENABLE=FALSE. > > Cc: Ruiyu Ni <ruiyu.ni@intel.com> > Cc: Tomas Hoger <thoger@redhat.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > --- > > Notes: > v2: > - fix typo "analsysis" in commit message > - resolve OpensslLib to OpensslLibCrypto.inf rather than to > OpensslLibNoSsl.inf in Nt32Pkg.dsc > > v1: > - I can't build-test this. > > Nt32Pkg/Nt32Pkg.dsc | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc > index 47e37ecae134..499b1fe8abe0 100644 > --- a/Nt32Pkg/Nt32Pkg.dsc > +++ b/Nt32Pkg/Nt32Pkg.dsc > @@ -159,7 +159,11 @@ [LibraryClasses] > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibN > ull/CpuExceptionHandlerLibNull.inf > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > +!if $(TLS_ENABLE) == TRUE > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > +!else > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +!endif > > !if $(SECURE_BOOT_ENABLE) == TRUE > > PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.in > f > -- > 2.9.3 > > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
On 02/27/17 01:52, Wu, Jiaxin wrote: > Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Thank you both, patch committed as 9fba024ed8f7. Cheers Laszlo > > > Thanks, > Jiaxin > >> -----Original Message----- >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >> Laszlo Ersek >> Sent: Friday, February 24, 2017 7:02 PM >> To: edk2-devel-01 <edk2-devel@ml01.01.org> >> Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Tomas Hoger <thoger@redhat.com> >> Subject: [edk2] [PATCH v2 4/5] Nt32Pkg: exclude libssl functionality from >> OpensslLib if TLS_ENABLE=FALSE >> >> Ease security analysis by excluding libssl functionality from the >> OpensslLib instance we use with TLS_ENABLE=FALSE. >> >> Cc: Ruiyu Ni <ruiyu.ni@intel.com> >> Cc: Tomas Hoger <thoger@redhat.com> >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Laszlo Ersek <lersek@redhat.com> >> --- >> >> Notes: >> v2: >> - fix typo "analsysis" in commit message >> - resolve OpensslLib to OpensslLibCrypto.inf rather than to >> OpensslLibNoSsl.inf in Nt32Pkg.dsc >> >> v1: >> - I can't build-test this. >> >> Nt32Pkg/Nt32Pkg.dsc | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc >> index 47e37ecae134..499b1fe8abe0 100644 >> --- a/Nt32Pkg/Nt32Pkg.dsc >> +++ b/Nt32Pkg/Nt32Pkg.dsc >> @@ -159,7 +159,11 @@ [LibraryClasses] >> >> CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibN >> ull/CpuExceptionHandlerLibNull.inf >> LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf >> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf >> +!if $(TLS_ENABLE) == TRUE >> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf >> +!else >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf >> +!endif >> >> !if $(SECURE_BOOT_ENABLE) == TRUE >> >> PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.in >> f >> -- >> 2.9.3 >> >> >> _______________________________________________ >> edk2-devel mailing list >> edk2-devel@lists.01.org >> https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> Thanks/Ray > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Laszlo Ersek > Sent: Friday, February 24, 2017 7:02 PM > To: edk2-devel-01 <edk2-devel@ml01.01.org> > Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Tomas Hoger <thoger@redhat.com> > Subject: [edk2] [PATCH v2 4/5] Nt32Pkg: exclude libssl functionality from > OpensslLib if TLS_ENABLE=FALSE > > Ease security analysis by excluding libssl functionality from the OpensslLib > instance we use with TLS_ENABLE=FALSE. > > Cc: Ruiyu Ni <ruiyu.ni@intel.com> > Cc: Tomas Hoger <thoger@redhat.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > --- > > Notes: > v2: > - fix typo "analsysis" in commit message > - resolve OpensslLib to OpensslLibCrypto.inf rather than to > OpensslLibNoSsl.inf in Nt32Pkg.dsc > > v1: > - I can't build-test this. > > Nt32Pkg/Nt32Pkg.dsc | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc index > 47e37ecae134..499b1fe8abe0 100644 > --- a/Nt32Pkg/Nt32Pkg.dsc > +++ b/Nt32Pkg/Nt32Pkg.dsc > @@ -159,7 +159,11 @@ [LibraryClasses] > > CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibN > ull/CpuExceptionHandlerLibNull.inf > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > +!if $(TLS_ENABLE) == TRUE > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > +!else > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +!endif > > !if $(SECURE_BOOT_ENABLE) == TRUE > > PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.in > f > -- > 2.9.3 > > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.