Xen project Mailing List

Re: [Xen-devel] Fixation on polarssl 1.1.4 - EOL was 2013-10-01

Date: Fri, 4 Mar 2016 10:09:00 +0000

Cc: Doug Goldstein <cardoe@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Steven Haigh <netwiz@xxxxxxxxx>

Delivery-date: Fri, 04 Mar 2016 10:09:22 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

create ^ thanks On Fri, Mar 04, 2016 at 03:37:10AM +0000, Xu, Quan wrote: > On February 16, 2016 1:08am, <wei.liu2@xxxxxxxxxx> wrote: > > On Mon, Feb 15, 2016 at 10:45:48AM -0600, Doug Goldstein wrote: > > > On 2/15/16 10:28 AM, Wei Liu wrote: > > > > On Sun, Feb 14, 2016 at 07:39:35PM +1100, Steven Haigh wrote: > > > >> Hi all, > > > >> > > > >> Just been looking at the polarssl parts in Xen 4.6 and others - > > > >> seems like we're hard coded to version 1.1.4 which was released on 31st > > May 2012. > > > >> > > > >> Branch 1.1.x has been EOL for a number of years, 1.2.x has been EOL > > > >> since Jan. > > > >> > > > >> It's now called mbedtls and current versions are 2.2.1 released in > > > >> Jan this year. > > > >> > > > >> I'm not exactly clear on what polarssl is used for (and why not > > > >> openssl?) - but is it time this was shown some loving? > > > >> > > > > > > > > I grep'ed for polarssl in tree and the only user seems to be vtpm. > > > > I've CC'ed Daniel and Quan for you. > > > > > > > > Wei. > > > > > > > > > > Looks like pv-grub has a build dependency on it as well based on the > > > snippet from stubdom/Makefile. > > > > > > .PHONY: grub > > > grub: cross-polarssl grub-upstream $(CROSS_ROOT) > > > > > > > Oh, yes, you're right. > > > > Looking at the source code pv-grub only needs the sha1 function from > > polarssl > > which might be easy to dealt with though. On the other hand, if there is no > > critical bug fix to the sha1 function, I wouldn't bother upgrading polarssl. > > > > In fact, I think vtpm also only cares about some crypto algorithms like AES > > and > > SHA. We'd better check if there is any critical update to those functions > > before > > doing anything. > > > > > Agreed. > If you really want to upgrade it, IMO this change would be backward > compatible. > btw, it may be not an easy task to build the test env, and I can help you > test your patch. > Right. To be honest the chance of me working on it soon is rather low. To prevent this issue falling through the crack I've created an entry in bug tracker. Wei. > Quan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.