Bug 347361
Summary: | Port kexec-tools to use NSS library for cryptography | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Peter Vrabec <pvrabec> |
Component: | kexec-tools | Assignee: | Neil Horman <nhorman> |
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | tmraz |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-03-14 16:41:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 333741 |
Description
Peter Vrabec
2007-10-23 10:19:44 UTC
Not sure why this is open. The only aspect of kdump that uses cryptographic libraries is ssh/scp. Since we just use those binaries directly, shouldn't this be assigned over to that component? We'll just pick up that change automatically then. No, the bug is open because kexec-tools contains/contained implementation of SHA-256 hash. What is this hash function used for? ah, Ok. Its used by the purgatory code in kexec. Purgatory is a section of the kexec infrastructure that gets run after the initial kernel is shutdown and before the secondary kernel is booted. It is statically linked into this very small piece of code to verify the integrity of the secondary kernel before we boot it. Since we have it around to link with the purgatory code, we also use it during runtime to generate the sha1 sum for the kernel to be booted on kexec. We could remove it for that purpose and link against NSS instead, but we'd still need to keep it around for use by purgatory, since we can't load dso's there. Unless theres a disposition you would rather see for this bug, I'll call it CANTFIX. |