From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EDF8282173 for ; Fri, 24 Feb 2017 01:46:28 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx16.intmail.prod.int.phx2.redhat.com [10.5.11.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 82C2C3DBC0; Fri, 24 Feb 2017 09:46:29 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-39.phx2.redhat.com [10.3.116.39]) by smtp.corp.redhat.com (Postfix) with ESMTP id CFFDB2D653; Fri, 24 Feb 2017 09:46:27 +0000 (UTC) To: "Wu, Jiaxin" , "Ni, Ruiyu" , edk2-devel-01 References: <20170223215744.7293-1-lersek@redhat.com> <20170223215744.7293-5-lersek@redhat.com> <734D49CCEBEEF84792F5B80ED585239D5B8AD55B@SHSMSX104.ccr.corp.intel.com> <895558F6EA4E3B41AC93A00D163B72741629D991@SHSMSX103.ccr.corp.intel.com> Cc: Tomas Hoger , "Long, Qin" From: Laszlo Ersek Message-ID: <1f0a3999-7390-2698-8dda-a8db44103d58@redhat.com> Date: Fri, 24 Feb 2017 10:46:25 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: <895558F6EA4E3B41AC93A00D163B72741629D991@SHSMSX103.ccr.corp.intel.com> X-Scanned-By: MIMEDefang 2.74 on 10.5.11.28 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Fri, 24 Feb 2017 09:46:29 +0000 (UTC) Subject: Re: [PATCH 4/5] Nt32Pkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2017 09:46:29 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 02/24/17 06:18, Wu, Jiaxin wrote: > Okay, I can review the patch. > > Laszlo, > > Would you like to change the module name (OpensslLibNoSsl or OpensslLibCrypto)? Sure, I'll submit an update ASAP. Thanks Laszlo > > Best Regards, > Jiaxin > >> -----Original Message----- >> From: Ni, Ruiyu >> Sent: Friday, February 24, 2017 12:09 PM >> To: Laszlo Ersek ; edk2-devel-01 > devel@ml01.01.org>; Wu, Jiaxin >> Cc: Tomas Hoger >> Subject: RE: [edk2] [PATCH 4/5] Nt32Pkg: exclude libssl functionality from >> OpensslLib if TLS_ENABLE=FALSE >> >> Jiaxin, >> can you review this patch? >> >> Regards, >> Ray >> >>> -----Original Message----- >>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >> Laszlo Ersek >>> Sent: Friday, February 24, 2017 5:58 AM >>> To: edk2-devel-01 >>> Cc: Ni, Ruiyu ; Tomas Hoger >>> Subject: [edk2] [PATCH 4/5] Nt32Pkg: exclude libssl functionality from >> OpensslLib if TLS_ENABLE=FALSE >>> >>> Ease security analsysis by excluding libssl functionality from the >>> OpensslLib instance we use with TLS_ENABLE=FALSE. >>> >>> Cc: Ruiyu Ni >>> Cc: Tomas Hoger >>> Contributed-under: TianoCore Contribution Agreement 1.0 >>> Signed-off-by: Laszlo Ersek >>> --- >>> >>> Notes: >>> I can't build-test this. >>> >>> Nt32Pkg/Nt32Pkg.dsc | 4 ++++ >>> 1 file changed, 4 insertions(+) >>> >>> diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc >>> index 47e37ecae134..c84bd71be408 100644 >>> --- a/Nt32Pkg/Nt32Pkg.dsc >>> +++ b/Nt32Pkg/Nt32Pkg.dsc >>> @@ -159,7 +159,11 @@ [LibraryClasses] >>> >> CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibN >> ull/CpuExceptionHandlerLibNull.inf >>> LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf >>> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf >>> +!if $(TLS_ENABLE) == TRUE >>> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf >>> +!else >>> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibNoSsl.inf >>> +!endif >>> >>> !if $(SECURE_BOOT_ENABLE) == TRUE >>> >> PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.in >> f >>> -- >>> 2.9.3 >>> >>> >>> _______________________________________________ >>> edk2-devel mailing list >>> edk2-devel@lists.01.org >>> https://lists.01.org/mailman/listinfo/edk2-devel