On 05/09/19 19:15, Laszlo Ersek wrote: > How about the following: > > - It seems like we cannot convince OpenSSL to *never* call these > functions, under UEFI. > > - We also cannot provide an implementation that is *guaranteed* to be > secure enough, IMO. > > - It seems like these functions *should* never be called in the edk2 > build however, given that we're not trying to do anything "new" with > OpenSSL in edk2 -- we just want to use the new OpenSSL release for the > same old things. > > - So why not just ensure that these functions *never return*? > > (1) Basically implement all of the functions like this: > > ASSERT (FALSE); > CpuDeadLoop (); > // > // if a return value is needed > // > return 0; > > What do you think about this approach?
I notice that "rand" is another module in OpenSSL. Can we try adding "no-rand" to our Configure invocation? Perhaps the need for all of the rand_* functions goes away then. Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40372): https://edk2.groups.io/g/devel/message/40372 Mute This Topic: https://groups.io/mt/31552212/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
