[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL 00/22] Crypto and more patches
From: |
Daniel P . Berrangé |
Subject: |
Re: [PULL 00/22] Crypto and more patches |
Date: |
Tue, 13 Jul 2021 16:45:39 +0100 |
User-agent: |
Mutt/2.0.7 (2021-05-04) |
On Tue, Jul 13, 2021 at 02:45:28PM +0100, Daniel P. Berrangé wrote:
> On Tue, Jul 13, 2021 at 10:25:44AM +0100, Peter Maydell wrote:
> > On Mon, 12 Jul 2021 at 14:23, Daniel P. Berrangé <berrange@redhat.com>
> > wrote:
> > >
> > > The following changes since commit
> > > bd38ae26cea0d1d6a97f930248df149204c210a2:
> > >
> > > Merge remote-tracking branch
> > > 'remotes/rth-gitlab/tags/pull-tcg-20210710' into staging (2021-07-12
> > > 11:02:39 +0100)
> > >
> > > are available in the Git repository at:
> > >
> > > https://gitlab.com/berrange/qemu tags/crypto-and-more-pull-request
> > >
> > > for you to fetch changes up to 1fc9958410c8683950ea22084b133a755561398b:
> > >
> > > tests/migration: fix unix socket migration (2021-07-12 14:00:20 +0100)
> > >
> > > ----------------------------------------------------------------
> > > Merge crypto updates and misc fixes
> > >
> > > * Introduce a GNUTLS backend for crypto algorithms
> > > * Change crypto library preference gnutls > gcrypt > nettle > built-in
> > > * Remove built-in DES impl
> > > * Remove XTS mode from built-in AES impl
> > > * Fix seccomp rules to allow resource info getters
> > > * Fix migration performance test
> > > * Use GDateTime in io/ and net/rocker/ code
> > >
> > > ----------------------------------------------------------------
> >
> > Hi; this failed 'make check' on ppc64be:
>
> > The failure is reproducible. Here's a backtrace from a debug
> > build:
> >
> > test-crypto-cipher: cbc.c:53: nettle_cbc_encrypt: Assertion `!(length
> > % block_size)' failed.
> >
> > Thread 1 "test-crypto-cip" received signal SIGABRT, Aborted.
> > 0x00007ffff77b8460 in __libc_signal_restore_set (set=0x7fffffffe468)
> > at ../sysdeps/unix/sysv/linux/internal-signals.h:86
> > 86 ../sysdeps/unix/sysv/linux/internal-signals.h: No such file or
> > directory.
> > (gdb) bt
> > #0 0x00007ffff77b8460 in __libc_signal_restore_set
> > (set=0x7fffffffe468) at
> > ../sysdeps/unix/sysv/linux/internal-signals.h:86
> > #1 __GI_raise (sig=<optimized out>) at
> > ../sysdeps/unix/sysv/linux/raise.c:48
> > #2 0x00007ffff779bd40 in __GI_abort () at abort.c:79
> > #3 0x00007ffff77ae490 in __assert_fail_base (fmt=<optimized out>,
> > assertion=assertion@entry=0x7ffff72b6f38 "!(length % block_size)",
> > file=file@entry=0x7ffff72b6f30 "cbc.c", line=line@entry=53,
> > function=function@entry=0x7ffff72b6f50 "nettle_cbc_encrypt") at
> > assert.c:92
> > #4 0x00007ffff77ae528 in __GI___assert_fail (assertion=0x7ffff72b6f38
> > "!(length % block_size)", file=0x7ffff72b6f30 "cbc.c",
> > line=<optimized out>, function=0x7ffff72b6f50
> > "nettle_cbc_encrypt") at assert.c:101
> > #5 0x00007ffff728c154 in nettle_cbc_encrypt () from
> > /usr/lib/powerpc64-linux-gnu/libnettle.so.8
> > #6 0x00007ffff7e6b894 in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libgnutls.so.30
> > #7 0x00007ffff7e6c72c in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libgnutls.so.30
> > #8 0x00007ffff7d6d794 in gnutls_cipher_encrypt2 () from
> > /usr/lib/powerpc64-linux-gnu/libgnutls.so.30
> > #9 0x000000010003c330 in qcrypto_gnutls_cipher_encrypt
> > (cipher=0x10016e550, in=0x7fffffffeca8, out=0x7fffffffecc8, len=32,
> > errp=0x100122b48 <error_abort>) at ../../crypto/cipher-gnutls.c.inc:103
> > #10 0x000000010003cef0 in qcrypto_cipher_encrypt (cipher=0x10016e550,
> > in=0x7fffffffeca8, out=0x7fffffffecc8, len=32,
> > errp=0x100122b48 <error_abort>) at ../../crypto/cipher.c:177
> > #11 0x000000010002e75c in test_cipher_null_iv () at
> > ../../tests/unit/test-crypto-cipher.c:749
> > #12 0x00007ffff7bbed38 in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #13 0x00007ffff7bbeabc in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #14 0x00007ffff7bbeabc in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #15 0x00007ffff7bbf364 in g_test_run_suite () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #16 0x00007ffff7bbf3bc in g_test_run () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #17 0x000000010002eb78 in main (argc=1, argv=0x7ffffffff8e8) at
> > ../../tests/unit/test-crypto-cipher.c:821
> >
> > In frame 9 len is 32 and ctx_>blocksize is 16, so ¯\_(ツ)_/¯
>
> The len in frame 9 is the plain text len, but I think the assert is
> complaining about the initialization vector len, which is likely
> zero here. I think I know what to fix, but I'm surprised this would
> be architecture specific though.
Turns out it is related to whether gnutls has hardware acceleration
for CBC mode for a given arch. After compiling gnutls without
acceleration for x86_64, I could reproduce it and figure out a
fix.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- [PULL 16/22] crypto: add gnutls hmac provider, (continued)
- [PULL 16/22] crypto: add gnutls hmac provider, Daniel P . Berrangé, 2021/07/12
- [PULL 17/22] crypto: add gnutls pbkdf provider, Daniel P . Berrangé, 2021/07/12
- [PULL 18/22] crypto: prefer gnutls as the crypto backend if new enough, Daniel P . Berrangé, 2021/07/12
- [PULL 19/22] net/rocker: use GDateTime for formatting timestamp in debug messages, Daniel P . Berrangé, 2021/07/12
- [PULL 20/22] io: use GDateTime for formatting timestamp for websock headers, Daniel P . Berrangé, 2021/07/12
- [PULL 21/22] seccomp: don't block getters for resource control syscalls, Daniel P . Berrangé, 2021/07/12
- [PULL 22/22] tests/migration: fix unix socket migration, Daniel P . Berrangé, 2021/07/12
- Re: [PULL 00/22] Crypto and more patches, Peter Maydell, 2021/07/13