[ Retrieve as mbox ]
From: "Xu, Quan" <quan.xu@intel.com> To: Doug Goldstein <cardoe@cardoe.com>, Wei Liu <wei.liu2@citrix.com> Cc: Steven Haigh <netwiz@crc.id.au>, "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>, Daniel De Graaf <dgdegra@tycho.nsa.gov>, "Xu, Quan" <quan.xu@intel.com> Subject: Re: [Xen-devel] Fixation on polarssl 1.1.4 - EOL was 2013-10-01 Date: Fri, 4 Mar 2016 03:37:10 +0000 Message-ID: <945CA011AD5F084CBEA3E851C0AB28894B859023@SHSMSX101.ccr.corp.intel.com>
[ Reply to this message; Retrieve Raw Message; Archives: marc.info, gmane ]
On February 16, 2016 1:08am, <wei.liu2@citrix.com> wrote: > On Mon, Feb 15, 2016 at 10:45:48AM -0600, Doug Goldstein wrote: > > On 2/15/16 10:28 AM, Wei Liu wrote: > > > On Sun, Feb 14, 2016 at 07:39:35PM +1100, Steven Haigh wrote: > > >> Hi all, > > >> > > >> Just been looking at the polarssl parts in Xen 4.6 and others - > > >> seems like we're hard coded to version 1.1.4 which was released on 31st > May 2012. > > >> > > >> Branch 1.1.x has been EOL for a number of years, 1.2.x has been EOL > > >> since Jan. > > >> > > >> It's now called mbedtls and current versions are 2.2.1 released in > > >> Jan this year. > > >> > > >> I'm not exactly clear on what polarssl is used for (and why not > > >> openssl?) - but is it time this was shown some loving? > > >> > > > > > > I grep'ed for polarssl in tree and the only user seems to be vtpm. > > > I've CC'ed Daniel and Quan for you. > > > > > > Wei. > > > > > > > Looks like pv-grub has a build dependency on it as well based on the > > snippet from stubdom/Makefile. > > > > .PHONY: grub > > grub: cross-polarssl grub-upstream $(CROSS_ROOT) > > > > Oh, yes, you're right. > > Looking at the source code pv-grub only needs the sha1 function from polarssl > which might be easy to dealt with though. On the other hand, if there is no > critical bug fix to the sha1 function, I wouldn't bother upgrading polarssl. > > In fact, I think vtpm also only cares about some crypto algorithms like AES and > SHA. We'd better check if there is any critical update to those functions before > doing anything. > Agreed. If you really want to upgrade it, IMO this change would be backward compatible. btw, it may be not an easy task to build the test env, and I can help you test your patch. Quan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
From: Wei Liu <wei.liu2@citrix.com> To: "Xu, Quan" <quan.xu@intel.com> Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>, Steven Haigh <netwiz@crc.id.au>, Wei Liu <wei.liu2@citrix.com>, Doug Goldstein <cardoe@cardoe.com>, Daniel De Graaf <dgdegra@tycho.nsa.gov> Subject: Re: [Xen-devel] Fixation on polarssl 1.1.4 - EOL was 2013-10-01 Date: Fri, 4 Mar 2016 10:09:00 +0000 Message-ID: <20160304100900.GO5535@citrix.com>
[ Reply to this message; Retrieve Raw Message; Archives: marc.info, gmane ]
create ^ thanks On Fri, Mar 04, 2016 at 03:37:10AM +0000, Xu, Quan wrote: > On February 16, 2016 1:08am, <wei.liu2@citrix.com> wrote: > > On Mon, Feb 15, 2016 at 10:45:48AM -0600, Doug Goldstein wrote: > > > On 2/15/16 10:28 AM, Wei Liu wrote: > > > > On Sun, Feb 14, 2016 at 07:39:35PM +1100, Steven Haigh wrote: > > > >> Hi all, > > > >> > > > >> Just been looking at the polarssl parts in Xen 4.6 and others - > > > >> seems like we're hard coded to version 1.1.4 which was released on 31st > > May 2012. > > > >> > > > >> Branch 1.1.x has been EOL for a number of years, 1.2.x has been EOL > > > >> since Jan. > > > >> > > > >> It's now called mbedtls and current versions are 2.2.1 released in > > > >> Jan this year. > > > >> > > > >> I'm not exactly clear on what polarssl is used for (and why not > > > >> openssl?) - but is it time this was shown some loving? > > > >> > > > > > > > > I grep'ed for polarssl in tree and the only user seems to be vtpm. > > > > I've CC'ed Daniel and Quan for you. > > > > > > > > Wei. > > > > > > > > > > Looks like pv-grub has a build dependency on it as well based on the > > > snippet from stubdom/Makefile. > > > > > > .PHONY: grub > > > grub: cross-polarssl grub-upstream $(CROSS_ROOT) > > > > > > > Oh, yes, you're right. > > > > Looking at the source code pv-grub only needs the sha1 function from polarssl > > which might be easy to dealt with though. On the other hand, if there is no > > critical bug fix to the sha1 function, I wouldn't bother upgrading polarssl. > > > > In fact, I think vtpm also only cares about some crypto algorithms like AES and > > SHA. We'd better check if there is any critical update to those functions before > > doing anything. > > > > > Agreed. > If you really want to upgrade it, IMO this change would be backward compatible. > btw, it may be not an easy task to build the test env, and I can help you test your patch. > Right. To be honest the chance of me working on it soon is rather low. To prevent this issue falling through the crack I've created an entry in bug tracker. Wei. > Quan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Control reply; (Full Text)