Weimer, Thanks for your feedback. We will check & evaluate the relative routines.
Best Regards & Thanks, LONG, Qin -----Original Message----- From: Florian Weimer [mailto:fwei...@redhat.com] Sent: Thursday, October 25, 2012 3:37 PM To: edk2-devel@lists.sourceforge.net Subject: Re: [edk2] Use of d2i_*_bio functions from OpenSSL On 10/25/2012 04:37 AM, Long, Qin wrote: > Thank you for this suggestion. Could you help to provide more information > about this stability comparison (d2i_*_bio vs d2i_*) for our evaluation? To my knowledge, this is not documented anywhere. This is based on feedback I received when I reported issues in the *_bio functions to the OpenSSL developers. (I no longer have access to these communications, I'm afraid.) > We ever noticed one security vulnerability issue in OpenSSL ASN1 BIO > (http://www.openssl.org/news/secadv_20120419.txt), and that's why EDKII > OpenSSL version was updated to 0.9.8w. You would have avoided this vulnerability if you've used the other functions. 8-) -- Florian Weimer / Red Hat Product Security Team ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
