[PULL,00/10] Crypto fixes patches

Message ID	20240909141635.1459701-1-berrange@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com> To: qemu-devel@nongnu.org Cc: Hyman Huang <yong.huang@smartx.com>, =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>, =?utf-8?q?Marc?= =?utf-8?q?-Andr=C3=A9_Lureau?= <marcandre.lureau@redhat.com>, Eric Blake <eblake@redhat.com>, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>, Hanna Reitz <hreitz@redhat.com>, qemu-block@nongnu.org, qemu-stable@nongnu.org, Laurent Vivier <lvivier@redhat.com>, Thomas Huth <thuth@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Kevin Wolf <kwolf@redhat.com>, Markus Armbruster <armbru@redhat.com> Subject: [PULL 00/10] Crypto fixes patches Date: Mon, 9 Sep 2024 15:16:25 +0100 Message-ID: <20240909141635.1459701-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.141, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

20240909141635.1459701-1-berrange@redhat.com

State

New

Headers

From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Hyman Huang <yong.huang@smartx.com>,
 =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>, =?utf-8?q?Marc?=
	=?utf-8?q?-Andr=C3=A9_Lureau?= <marcandre.lureau@redhat.com>,
 Eric Blake <eblake@redhat.com>,
 =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Hanna Reitz <hreitz@redhat.com>, qemu-block@nongnu.org,
 qemu-stable@nongnu.org, Laurent Vivier <lvivier@redhat.com>,
 Thomas Huth <thuth@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>,
 Kevin Wolf <kwolf@redhat.com>, Markus Armbruster <armbru@redhat.com>
Subject: [PULL 00/10] Crypto fixes patches
Date: Mon,  9 Sep 2024 15:16:25 +0100
Message-ID: <20240909141635.1459701-1-berrange@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.133.124;
 envelope-from=berrange@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -21
X-Spam_score: -2.2
X-Spam_bar: --
X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.141,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message

Daniel P. Berrangé Sept. 9, 2024, 2:16 p.m. UTC

The following changes since commit f2aee60305a1e40374b2fc1093e4d04404e780ee:

  Merge tag 'pull-request-2024-09-08' of https://gitlab.com/huth/qemu into staging (2024-09-09 10:47:24 +0100)

are available in the Git repository at:

  https://gitlab.com/berrange/qemu tags/crypto-fixes-pull-request

for you to fetch changes up to 10a1d34fc0d4dfe0dd6f5ec73f62dc1afa04af6c:

  crypto: Introduce x509 utils (2024-09-09 15:13:38 +0100)

----------------------------------------------------------------
Various crypto fixes

 * Support sha384 with glib crypto backend
 * Improve error reporting for unsupported cipher modes
 * Avoid memory leak when bad cipher mode is given
 * Run pbkdf tests on macOS
 * Runtime check for pbkdf hash impls with gnutls & gcrypt
 * Avoid hangs counter pbkdf iterations on some Linux kernels
   by using a throwaway thread for benchmarking performance
 * Fix iotests expected output from gnutls errors

----------------------------------------------------------------

Daniel P. Berrangé (6):
  iotests: fix expected output from gnutls
  crypto: check gnutls & gcrypt support the requested pbkdf hash
  tests/unit: always build the pbkdf crypto unit test
  tests/unit: build pbkdf test on macOS
  crypto: avoid leak of ctx when bad cipher mode is given
  crypto: use consistent error reporting pattern for unsupported cipher
    modes

Dorjoy Chowdhury (3):
  crypto: Define macros for hash algorithm digest lengths
  crypto: Support SHA384 hash when using glib
  crypto: Introduce x509 utils

Tiago Pasqualini (1):
  crypto: run qcrypto_pbkdf2_count_iters in a new thread

 crypto/cipher-nettle.c.inc     | 25 ++++++++---
 crypto/hash-glib.c             |  2 +-
 crypto/hash.c                  | 14 +++----
 crypto/meson.build             |  4 ++
 crypto/pbkdf-gcrypt.c          |  2 +-
 crypto/pbkdf-gnutls.c          |  2 +-
 crypto/pbkdf.c                 | 53 ++++++++++++++++++++----
 crypto/x509-utils.c            | 76 ++++++++++++++++++++++++++++++++++
 include/crypto/hash.h          |  8 ++++
 include/crypto/x509-utils.h    | 22 ++++++++++
 tests/qemu-iotests/233.out     | 12 +++---
 tests/unit/meson.build         |  4 +-
 tests/unit/test-crypto-pbkdf.c | 13 +++---
 13 files changed, 200 insertions(+), 37 deletions(-)
 create mode 100644 crypto/x509-utils.c
 create mode 100644 include/crypto/x509-utils.h

Comments

Peter Maydell Sept. 9, 2024, 4:06 p.m. UTC | #1

On Mon, 9 Sept 2024 at 15:17, Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> The following changes since commit f2aee60305a1e40374b2fc1093e4d04404e780ee:
>
>   Merge tag 'pull-request-2024-09-08' of https://gitlab.com/huth/qemu into staging (2024-09-09 10:47:24 +0100)
>
> are available in the Git repository at:
>
>   https://gitlab.com/berrange/qemu tags/crypto-fixes-pull-request
>
> for you to fetch changes up to 10a1d34fc0d4dfe0dd6f5ec73f62dc1afa04af6c:
>
>   crypto: Introduce x509 utils (2024-09-09 15:13:38 +0100)
>
> ----------------------------------------------------------------
> Various crypto fixes
>
>  * Support sha384 with glib crypto backend
>  * Improve error reporting for unsupported cipher modes
>  * Avoid memory leak when bad cipher mode is given
>  * Run pbkdf tests on macOS
>  * Runtime check for pbkdf hash impls with gnutls & gcrypt
>  * Avoid hangs counter pbkdf iterations on some Linux kernels
>    by using a throwaway thread for benchmarking performance
>  * Fix iotests expected output from gnutls errors
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/9.2
for any user-visible changes.

-- PMM

Michael Tokarev Sept. 11, 2024, 5:59 a.m. UTC | #2

On 9/9/24 17:16, Daniel P. Berrangé wrote:

> Various crypto fixes
> 
>   * Support sha384 with glib crypto backend
>   * Improve error reporting for unsupported cipher modes
>   * Avoid memory leak when bad cipher mode is given
>   * Run pbkdf tests on macOS
>   * Runtime check for pbkdf hash impls with gnutls & gcrypt
>   * Avoid hangs counter pbkdf iterations on some Linux kernels
>     by using a throwaway thread for benchmarking performance
>   * Fix iotests expected output from gnutls errors

Hm.  Are you sure *all* of it should go to qemu-stable? :)

> Daniel P. Berrangé (6):
>    iotests: fix expected output from gnutls
>    crypto: check gnutls & gcrypt support the requested pbkdf hash
>    tests/unit: always build the pbkdf crypto unit test
>    tests/unit: build pbkdf test on macOS
>    crypto: avoid leak of ctx when bad cipher mode is given
>    crypto: use consistent error reporting pattern for unsupported cipher
>      modes
> 
> Dorjoy Chowdhury (3):
>    crypto: Define macros for hash algorithm digest lengths
>    crypto: Support SHA384 hash when using glib
>    crypto: Introduce x509 utils
> 
> Tiago Pasqualini (1):
>    crypto: run qcrypto_pbkdf2_count_iters in a new thread

Thanks,

/mjt

[PULL,00/10] Crypto fixes patches

Pull-request

Message

Comments