From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3490E81F68 for ; Mon, 27 Feb 2017 01:46:28 -0800 (PST) Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B6B6915447; Mon, 27 Feb 2017 09:46:28 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-99.phx2.redhat.com [10.3.116.99]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1R9kQfI030507; Mon, 27 Feb 2017 04:46:27 -0500 To: "Wu, Jiaxin" , "Ni, Ruiyu" References: <20170224110132.19374-1-lersek@redhat.com> <20170224110132.19374-5-lersek@redhat.com> <895558F6EA4E3B41AC93A00D163B72741629E077@SHSMSX103.ccr.corp.intel.com> Cc: edk2-devel-01 , Tomas Hoger From: Laszlo Ersek Message-ID: Date: Mon, 27 Feb 2017 10:46:25 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: <895558F6EA4E3B41AC93A00D163B72741629E077@SHSMSX103.ccr.corp.intel.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 27 Feb 2017 09:46:28 +0000 (UTC) Subject: Re: [PATCH v2 4/5] Nt32Pkg: exclude libssl functionality from OpensslLib if TLS_ENABLE=FALSE X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2017 09:46:28 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 02/27/17 01:52, Wu, Jiaxin wrote: > Reviewed-by: Wu Jiaxin Thank you both, patch committed as 9fba024ed8f7. Cheers Laszlo > > > Thanks, > Jiaxin > >> -----Original Message----- >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >> Laszlo Ersek >> Sent: Friday, February 24, 2017 7:02 PM >> To: edk2-devel-01 >> Cc: Ni, Ruiyu ; Tomas Hoger >> Subject: [edk2] [PATCH v2 4/5] Nt32Pkg: exclude libssl functionality from >> OpensslLib if TLS_ENABLE=FALSE >> >> Ease security analysis by excluding libssl functionality from the >> OpensslLib instance we use with TLS_ENABLE=FALSE. >> >> Cc: Ruiyu Ni >> Cc: Tomas Hoger >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Laszlo Ersek >> --- >> >> Notes: >> v2: >> - fix typo "analsysis" in commit message >> - resolve OpensslLib to OpensslLibCrypto.inf rather than to >> OpensslLibNoSsl.inf in Nt32Pkg.dsc >> >> v1: >> - I can't build-test this. >> >> Nt32Pkg/Nt32Pkg.dsc | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc >> index 47e37ecae134..499b1fe8abe0 100644 >> --- a/Nt32Pkg/Nt32Pkg.dsc >> +++ b/Nt32Pkg/Nt32Pkg.dsc >> @@ -159,7 +159,11 @@ [LibraryClasses] >> >> CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibN >> ull/CpuExceptionHandlerLibNull.inf >> LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf >> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf >> +!if $(TLS_ENABLE) == TRUE >> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf >> +!else >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf >> +!endif >> >> !if $(SECURE_BOOT_ENABLE) == TRUE >> >> PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.in >> f >> -- >> 2.9.3 >> >> >> _______________________________________________ >> edk2-devel mailing list >> edk2-devel@lists.01.org >> https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel >