mbox

[PULL,00/10] Crypto fixes patches

Message ID 20240909141635.1459701-1-berrange@redhat.com (mailing list archive)
State New, archived
Headers show

Pull-request

https://gitlab.com/berrange/qemu tags/crypto-fixes-pull-request

Message

Daniel P. Berrangé Sept. 9, 2024, 2:16 p.m. UTC
The following changes since commit f2aee60305a1e40374b2fc1093e4d04404e780ee:

  Merge tag 'pull-request-2024-09-08' of https://gitlab.com/huth/qemu into staging (2024-09-09 10:47:24 +0100)

are available in the Git repository at:

  https://gitlab.com/berrange/qemu tags/crypto-fixes-pull-request

for you to fetch changes up to 10a1d34fc0d4dfe0dd6f5ec73f62dc1afa04af6c:

  crypto: Introduce x509 utils (2024-09-09 15:13:38 +0100)

----------------------------------------------------------------
Various crypto fixes

 * Support sha384 with glib crypto backend
 * Improve error reporting for unsupported cipher modes
 * Avoid memory leak when bad cipher mode is given
 * Run pbkdf tests on macOS
 * Runtime check for pbkdf hash impls with gnutls & gcrypt
 * Avoid hangs counter pbkdf iterations on some Linux kernels
   by using a throwaway thread for benchmarking performance
 * Fix iotests expected output from gnutls errors

----------------------------------------------------------------

Daniel P. Berrangé (6):
  iotests: fix expected output from gnutls
  crypto: check gnutls & gcrypt support the requested pbkdf hash
  tests/unit: always build the pbkdf crypto unit test
  tests/unit: build pbkdf test on macOS
  crypto: avoid leak of ctx when bad cipher mode is given
  crypto: use consistent error reporting pattern for unsupported cipher
    modes

Dorjoy Chowdhury (3):
  crypto: Define macros for hash algorithm digest lengths
  crypto: Support SHA384 hash when using glib
  crypto: Introduce x509 utils

Tiago Pasqualini (1):
  crypto: run qcrypto_pbkdf2_count_iters in a new thread

 crypto/cipher-nettle.c.inc     | 25 ++++++++---
 crypto/hash-glib.c             |  2 +-
 crypto/hash.c                  | 14 +++----
 crypto/meson.build             |  4 ++
 crypto/pbkdf-gcrypt.c          |  2 +-
 crypto/pbkdf-gnutls.c          |  2 +-
 crypto/pbkdf.c                 | 53 ++++++++++++++++++++----
 crypto/x509-utils.c            | 76 ++++++++++++++++++++++++++++++++++
 include/crypto/hash.h          |  8 ++++
 include/crypto/x509-utils.h    | 22 ++++++++++
 tests/qemu-iotests/233.out     | 12 +++---
 tests/unit/meson.build         |  4 +-
 tests/unit/test-crypto-pbkdf.c | 13 +++---
 13 files changed, 200 insertions(+), 37 deletions(-)
 create mode 100644 crypto/x509-utils.c
 create mode 100644 include/crypto/x509-utils.h

Comments

Peter Maydell Sept. 9, 2024, 4:06 p.m. UTC | #1
On Mon, 9 Sept 2024 at 15:17, Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> The following changes since commit f2aee60305a1e40374b2fc1093e4d04404e780ee:
>
>   Merge tag 'pull-request-2024-09-08' of https://gitlab.com/huth/qemu into staging (2024-09-09 10:47:24 +0100)
>
> are available in the Git repository at:
>
>   https://gitlab.com/berrange/qemu tags/crypto-fixes-pull-request
>
> for you to fetch changes up to 10a1d34fc0d4dfe0dd6f5ec73f62dc1afa04af6c:
>
>   crypto: Introduce x509 utils (2024-09-09 15:13:38 +0100)
>
> ----------------------------------------------------------------
> Various crypto fixes
>
>  * Support sha384 with glib crypto backend
>  * Improve error reporting for unsupported cipher modes
>  * Avoid memory leak when bad cipher mode is given
>  * Run pbkdf tests on macOS
>  * Runtime check for pbkdf hash impls with gnutls & gcrypt
>  * Avoid hangs counter pbkdf iterations on some Linux kernels
>    by using a throwaway thread for benchmarking performance
>  * Fix iotests expected output from gnutls errors
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/9.2
for any user-visible changes.

-- PMM
Michael Tokarev Sept. 11, 2024, 5:59 a.m. UTC | #2
On 9/9/24 17:16, Daniel P. Berrangé wrote:

> Various crypto fixes
> 
>   * Support sha384 with glib crypto backend
>   * Improve error reporting for unsupported cipher modes
>   * Avoid memory leak when bad cipher mode is given
>   * Run pbkdf tests on macOS
>   * Runtime check for pbkdf hash impls with gnutls & gcrypt
>   * Avoid hangs counter pbkdf iterations on some Linux kernels
>     by using a throwaway thread for benchmarking performance
>   * Fix iotests expected output from gnutls errors

Hm.  Are you sure *all* of it should go to qemu-stable? :)

> Daniel P. Berrangé (6):
>    iotests: fix expected output from gnutls
>    crypto: check gnutls & gcrypt support the requested pbkdf hash
>    tests/unit: always build the pbkdf crypto unit test
>    tests/unit: build pbkdf test on macOS
>    crypto: avoid leak of ctx when bad cipher mode is given
>    crypto: use consistent error reporting pattern for unsupported cipher
>      modes
> 
> Dorjoy Chowdhury (3):
>    crypto: Define macros for hash algorithm digest lengths
>    crypto: Support SHA384 hash when using glib
>    crypto: Introduce x509 utils
> 
> Tiago Pasqualini (1):
>    crypto: run qcrypto_pbkdf2_count_iters in a new thread

Thanks,

/mjt