[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Fixation on polarssl 1.1.4 - EOL was 2013-10-01



create ^
thanks


On Fri, Mar 04, 2016 at 03:37:10AM +0000, Xu, Quan wrote:
> On February 16, 2016 1:08am, <wei.liu2@xxxxxxxxxx> wrote:
> > On Mon, Feb 15, 2016 at 10:45:48AM -0600, Doug Goldstein wrote:
> > > On 2/15/16 10:28 AM, Wei Liu wrote:
> > > > On Sun, Feb 14, 2016 at 07:39:35PM +1100, Steven Haigh wrote:
> > > >> Hi all,
> > > >>
> > > >> Just been looking at the polarssl parts in Xen 4.6 and others -
> > > >> seems like we're hard coded to version 1.1.4 which was released on 31st
> > May 2012.
> > > >>
> > > >> Branch 1.1.x has been EOL for a number of years, 1.2.x has been EOL
> > > >> since Jan.
> > > >>
> > > >> It's now called mbedtls and current versions are 2.2.1 released in
> > > >> Jan this year.
> > > >>
> > > >> I'm not exactly clear on what polarssl is used for (and why not
> > > >> openssl?) - but is it time this was shown some loving?
> > > >>
> > > >
> > > > I grep'ed for polarssl in tree and the only user seems to be vtpm.
> > > > I've CC'ed Daniel and Quan for you.
> > > >
> > > > Wei.
> > > >
> > >
> > > Looks like pv-grub has a build dependency on it as well based on the
> > > snippet from stubdom/Makefile.
> > >
> > > .PHONY: grub
> > > grub: cross-polarssl grub-upstream $(CROSS_ROOT)
> > >
> > 
> > Oh, yes, you're right.
> > 
> > Looking at the source code pv-grub only needs the sha1 function from 
> > polarssl
> > which might be easy to dealt with though. On the other hand, if there is no
> > critical bug fix to the sha1 function, I wouldn't bother upgrading polarssl.
> > 
> > In fact, I think vtpm also only cares about some crypto algorithms like AES 
> > and
> > SHA. We'd better check if there is any critical update to those functions 
> > before
> > doing anything.
> > 
> 
> 
> Agreed.
> If you really want to upgrade it, IMO this change would be backward 
> compatible.
> btw, it may be not an easy task to build the test env, and I can help you 
> test your patch.
> 

Right.

To be honest the chance of me working on it soon is rather low.  To
prevent this issue falling through the crack I've created an entry in
bug tracker.

Wei.

> Quan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.