Re: [edk2] Use of d2i_*_bio functions from OpenSSL

Subject: Re: [edk2] Use of d2i_*_bio functions from OpenSSL

From: Florian Weimer <>


Date: 2012-10-25 17:37:03

On 10/25/2012 04:37 AM, Long, Qin wrote:

> Thank you for this suggestion. Could you help to provide more information about this stability comparison (d2i_*_bio vs d2i_*) for our evaluation?

To my knowledge, this is not documented anywhere.  This is based on 
feedback I received when I reported issues in the *_bio functions to the 
OpenSSL developers.  (I no longer have access to these communications, 
I'm afraid.)

> We ever noticed one security vulnerability issue in OpenSSL ASN1 BIO (, and that's why EDKII OpenSSL version was updated to 0.9.8w.

You would have avoided this vulnerability if you've used the other 
functions. 8-)

Florian Weimer / Red Hat Product Security Team

Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
edk2-devel mailing list