[edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Laszlo Ersek
lersek at redhat.com
Thu May 9 17:30:11 UTC 2019
On 05/09/19 19:15, Laszlo Ersek wrote:
> How about the following:
>
> - It seems like we cannot convince OpenSSL to *never* call these
> functions, under UEFI.
>
> - We also cannot provide an implementation that is *guaranteed* to be
> secure enough, IMO.
>
> - It seems like these functions *should* never be called in the edk2
> build however, given that we're not trying to do anything "new" with
> OpenSSL in edk2 -- we just want to use the new OpenSSL release for the
> same old things.
>
> - So why not just ensure that these functions *never return*?
>
> (1) Basically implement all of the functions like this:
>
> ASSERT (FALSE);
> CpuDeadLoop ();
> //
> // if a return value is needed
> //
> return 0;
>
> What do you think about this approach?
I notice that "rand" is another module in OpenSSL.
Can we try adding "no-rand" to our Configure invocation? Perhaps the
need for all of the rand_* functions goes away then.
Thanks
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#40372): https://edk2.groups.io/g/devel/message/40372
Mute This Topic: https://groups.io/mt/31552212/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list