|
| From: | Thomas Huth |
| Subject: | Re: Failing iotest 206 |
| Date: | Tue, 20 Jul 2021 10:20:28 +0200 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 |
On 20/07/2021 03.12, Eric Blake wrote:
On Mon, Jul 19, 2021 at 10:06:01AM +0200, Thomas Huth wrote:Hi, iotest 206 fails for me with:--- 206.out +++ 206.out.bad @@ -99,55 +99,19 @@ {"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": {"driver": "qcow2", "encrypt": {"cipher-alg": "twofish-128", "cipher-mode": "ctr", "format": "luks", "hash-alg": "sha1", "iter-time": 10, "ivgen-alg": "plain64", "ivgen-hash-alg": "md5", "key-secret": "keysec0"}, "file": {"driver": "file", "filename": "TEST_DIR/PID-t.qcow2"}, "size": 33554432}}} {"return": {}} +Job failed: Unsupported cipher algorithm twofish-128 with ctr mode {"execute": "job-dismiss", "arguments": {"id": "job0"}} {"return": {}}Looks like it is missing a check for the availability of the corresponding crypto stuff? Does anybody got a clue how to fix this?What system is this on?
RHEL 8.4
Which crypto library versions are installed?
gnutls-3.6.14-8.el8_3.x86_64 nettle-3.4.1-4.el8_3.x86_64
I suspect this is related to Dan's effort to speed up crypto by favoring gnutls over nettle, where the switch in favored libraries failed to account for whether twofish-128 is supported? https://lists.gnu.org/archive/html/qemu-devel/2021-07/msg03886.html
You're right, I've bisected the problem now, and the commit that introduced the issue is this one here:
commit 8bd0931f63008b1d50c8df75a611323a93c052bf
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Fri Jul 2 17:38:33 2021 +0100
crypto: prefer gnutls as the crypto backend if new enough
If we have gnutls >= 3.6.13, then it has enough functionality
and performance that we can use it as the preferred crypto
backend.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Thomas
| [Prev in Thread] | Current Thread | [Next in Thread] |