Bug 347361 - Port kexec-tools to use NSS library for cryptography
Port kexec-tools to use NSS library for cryptography
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: kexec-tools (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Neil Horman
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks: CryptoConsolidation
  Show dependency treegraph
 
Reported: 2007-10-23 06:19 EDT by Peter Vrabec
Modified: 2008-03-14 12:41 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-14 12:41:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Vrabec 2007-10-23 06:19:44 EDT
kexec-tools should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.
Comment 1 Neil Horman 2008-03-14 09:28:32 EDT
Not sure why this is open.  The only aspect of kdump that uses cryptographic
libraries is ssh/scp.  Since we just use those binaries directly, shouldn't this
be assigned over to that component?  We'll just pick up that change
automatically then.
Comment 2 Tomas Mraz 2008-03-14 09:37:19 EDT
No, the bug is open because kexec-tools contains/contained implementation of
SHA-256 hash. What is this hash function used for?
Comment 3 Neil Horman 2008-03-14 12:41:04 EDT
ah, Ok.  Its used by the purgatory code in kexec.  Purgatory is a section of the
kexec infrastructure that gets run after the initial kernel is shutdown and
before the secondary kernel is booted.  It is statically linked into this very
small piece of code to verify the integrity of the secondary kernel before we
boot it.  Since we have it around to link with the purgatory code, we also use
it during runtime to generate the sha1 sum for the kernel to be booted on kexec.
 We could remove it for that purpose and link against NSS instead, but we'd
still need to keep it around for use by purgatory, since we can't load dso's
there.  Unless theres a disposition you would rather see for this bug, I'll call
it CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.