[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 48b858: iotests: fix expected output from gnu
From: |
Peter Maydell |
Subject: |
[Qemu-commits] [qemu/qemu] 48b858: iotests: fix expected output from gnutls |
Date: |
Mon, 09 Sep 2024 09:06:23 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 48b8583698d96d6290726400789fcd51c55691b1
https://github.com/qemu/qemu/commit/48b8583698d96d6290726400789fcd51c55691b1
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M tests/qemu-iotests/233.out
Log Message:
-----------
iotests: fix expected output from gnutls
Error reporting from gnutls was improved by:
commit 57941c9c86357a6a642f9ee3279d881df4043b6d
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Fri Mar 15 14:07:58 2024 +0000
crypto: push error reporting into TLS session I/O APIs
This has the effect of changing the output from one of the NBD
tests.
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: c72cab5ad9f849bbcfcf4be7952b8b8946cc626e
https://github.com/qemu/qemu/commit/c72cab5ad9f849bbcfcf4be7952b8b8946cc626e
Author: Tiago Pasqualini <tiago.pasqualini@canonical.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M crypto/pbkdf.c
Log Message:
-----------
crypto: run qcrypto_pbkdf2_count_iters in a new thread
CPU time accounting in the kernel has been demonstrated to have a
sawtooth pattern[1][2]. This can cause the getrusage system call to
not be as accurate as we are expecting, which can cause this calculation
to stall.
The kernel discussions shows that this inaccuracy happens when CPU time
gets big enough, so this patch changes qcrypto_pbkdf2_count_iters to run
in a fresh thread to avoid this inaccuracy. It also adds a sanity check
to fail the process if CPU time is not accounted.
[1]
https://lore.kernel.org/lkml/159231011694.16989.16351419333851309713.tip-bot2@tip-bot2/
[2]
https://lore.kernel.org/lkml/20221226031010.4079885-1-maxing.lan@bytedance.com/t/#m1c7f2fdc0ea742776a70fd1aa2a2e414c437f534
Resolves: #2398
Signed-off-by: Tiago Pasqualini <tiago.pasqualini@canonical.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: e6c09ea4f9e5f8af92a6453642b84b9efd52892f
https://github.com/qemu/qemu/commit/e6c09ea4f9e5f8af92a6453642b84b9efd52892f
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M crypto/pbkdf-gcrypt.c
M crypto/pbkdf-gnutls.c
Log Message:
-----------
crypto: check gnutls & gcrypt support the requested pbkdf hash
Both gnutls and gcrypt can be configured to exclude support for certain
algorithms via a runtime check against system crypto policies. Thus it
is not sufficient to have a compile time test for hash support in their
pbkdf implementations.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: b0fe44b56b6d02e6f57577cdf69dfb54fd6ada99
https://github.com/qemu/qemu/commit/b0fe44b56b6d02e6f57577cdf69dfb54fd6ada99
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M tests/unit/meson.build
M tests/unit/test-crypto-pbkdf.c
Log Message:
-----------
tests/unit: always build the pbkdf crypto unit test
The meson rules were excluding the pbkdf crypto test when gnutls was the
crypto backend. It was then excluded again in #if statements in the test
file.
Rather than update these conditions, remove them all, and use the result
of the qcrypto_pbkdf_supports() function to determine whether to skip
test registration.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: ebe0302ac822da214f347f6cc37a73139660bed8
https://github.com/qemu/qemu/commit/ebe0302ac822da214f347f6cc37a73139660bed8
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M tests/unit/test-crypto-pbkdf.c
Log Message:
-----------
tests/unit: build pbkdf test on macOS
Add CONFIG_DARWIN to the pbkdf test build condition, since we have a way
to measure CPU time on this platform since commit bf98afc75efedf1.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 586ac2c67d707c2588766c5195d94fa553cc25af
https://github.com/qemu/qemu/commit/586ac2c67d707c2588766c5195d94fa553cc25af
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M crypto/cipher-nettle.c.inc
Log Message:
-----------
crypto: avoid leak of ctx when bad cipher mode is given
Fixes: Coverity CID 1546884
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 41162dd6ee5bc8bfd73f549d6bddd24e9b205c18
https://github.com/qemu/qemu/commit/41162dd6ee5bc8bfd73f549d6bddd24e9b205c18
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M crypto/cipher-nettle.c.inc
Log Message:
-----------
crypto: use consistent error reporting pattern for unsupported cipher modes
Not all paths in qcrypto_cipher_ctx_new() were correctly distinguishing
between valid user input for cipher mode (which should report a user
facing error), vs program logic errors (which should assert).
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 5d04de7de54e163b056980be10ee1c281a600276
https://github.com/qemu/qemu/commit/5d04de7de54e163b056980be10ee1c281a600276
Author: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M crypto/hash.c
M include/crypto/hash.h
Log Message:
-----------
crypto: Define macros for hash algorithm digest lengths
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 9893da71b274cc16f9a5fc18b94896f4887bcc2d
https://github.com/qemu/qemu/commit/9893da71b274cc16f9a5fc18b94896f4887bcc2d
Author: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M crypto/hash-glib.c
Log Message:
-----------
crypto: Support SHA384 hash when using glib
QEMU requires minimum glib version 2.66.0 as per the root meson.build
file and per glib documentation[1] G_CHECKSUM_SHA384 is available since
2.51.
[1] https://docs.gtk.org/glib/enum.ChecksumType.html
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 10a1d34fc0d4dfe0dd6f5ec73f62dc1afa04af6c
https://github.com/qemu/qemu/commit/10a1d34fc0d4dfe0dd6f5ec73f62dc1afa04af6c
Author: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M crypto/meson.build
A crypto/x509-utils.c
A include/crypto/x509-utils.h
Log Message:
-----------
crypto: Introduce x509 utils
An utility function for getting fingerprint from X.509 certificate
has been introduced. Implementation only provided using gnutls.
Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
[DB: fixed missing gnutls_x509_crt_deinit in success path]
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit: 7bbadc60b58b742494555f06cd342311ddab9351
https://github.com/qemu/qemu/commit/7bbadc60b58b742494555f06cd342311ddab9351
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-09-09 (Mon, 09 Sep 2024)
Changed paths:
M crypto/cipher-nettle.c.inc
M crypto/hash-glib.c
M crypto/hash.c
M crypto/meson.build
M crypto/pbkdf-gcrypt.c
M crypto/pbkdf-gnutls.c
M crypto/pbkdf.c
A crypto/x509-utils.c
M include/crypto/hash.h
A include/crypto/x509-utils.h
M tests/qemu-iotests/233.out
M tests/unit/meson.build
M tests/unit/test-crypto-pbkdf.c
Log Message:
-----------
Merge tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu
into staging
Various crypto fixes
* Support sha384 with glib crypto backend
* Improve error reporting for unsupported cipher modes
* Avoid memory leak when bad cipher mode is given
* Run pbkdf tests on macOS
* Runtime check for pbkdf hash impls with gnutls & gcrypt
* Avoid hangs counter pbkdf iterations on some Linux kernels
by using a throwaway thread for benchmarking performance
* Fix iotests expected output from gnutls errors
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmbfAy4ACgkQvobrtBUQ
# T99ZLhAAomQ7GeUNYM2/Fh9VptSAy9nddp7WwMd2egTZ+wPMnvalxXiMupf0WNzb
# 3CJtXojeNCCV8PtBuTmlCmLg+HxFA+zQgkizS9WqUOMies54woGrwQCUIlyez1Au
# Y2+9GbRRrkJA860R1aK2EJI5C2ofJf+CJd/nWSxsTzZSPu6Iu3V9ZahSdAq8o96R
# AMh//6MOuX5pauyTYLXL3jpxEJEM4YjQ/+AF8D5FYustcN1Icjv2KPL1PArwUOTe
# m1NZtcWLxZpmis5vXO8davMbB16bda6YUxuBQ++pFlF3ars7U2JldZ4DIqECAKkI
# sxtw6Wq/IjdVwyJLj/+c7CX3/T1p4IuJ8ch6sfVnQz1KUf2NxPtBwSXqQneLUa2G
# b46swxL695nCBYkbcfgWYfL5BaU1b0W8Xkk4sRoTNN5tDcYOuE9nMTMu71pHifmz
# 1itkxvLdLkwH7mxzTAxVV+vdQk3KiXlmt42/hOJMgAC3WRp2JJsEv64Jpq9huooA
# a+7fM5c2r3b77q7hjIwp8X6HmNehCt2KQiGvn0DvMmqb22r/RT9VzE89iNhPNSUx
# rCj7b2+19Xrfe1wxwl07GJ7yUXX4XIcphH66iO9nu1RQDBATqNSiJ/dHCfP9iiEP
# 7PHf4krOSzA+wL67FP+u8x0sVhpPmbPRvU8VW4+D+Av91TK5wo0=
# =wLAZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 09 Sep 2024 15:16:14 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu:
crypto: Introduce x509 utils
crypto: Support SHA384 hash when using glib
crypto: Define macros for hash algorithm digest lengths
crypto: use consistent error reporting pattern for unsupported cipher modes
crypto: avoid leak of ctx when bad cipher mode is given
tests/unit: build pbkdf test on macOS
tests/unit: always build the pbkdf crypto unit test
crypto: check gnutls & gcrypt support the requested pbkdf hash
crypto: run qcrypto_pbkdf2_count_iters in a new thread
iotests: fix expected output from gnutls
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/f2aee60305a1...7bbadc60b58b
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications