On Wed, Dec 21, 2016 at 06:34:05PM -0500, John Ferlan wrote:
>
>
> On 10/24/2016 04:40 AM, Pavel Hrdina wrote:
> > Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
> > ---
> > configure.ac | 109 +-----------------------------------------------------
> > m4/virt-gnutls.m4 | 64 ++++++++++++++++++++++++++++++++
> > 2 files changed, 66 insertions(+), 107 deletions(-)
> > create mode 100644 m4/virt-gnutls.m4
> >
>
> I'm not quite sure what, but something in this change has broken
> encrypted secret capabilities as the following API is not always
> returning false...
>
> bool
> virCryptoHaveCipher(virCryptoCipher algorithm)
> {
> switch (algorithm) {
>
> case VIR_CRYPTO_CIPHER_AES256CBC:
>
> #ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
> return true;
> #else
> return false;
> #endif
>
> ...
>
> Of course the virCryptoEncryptDataAESgntuls is also undefined.
>
> In order to work around short term, if I use HAVE_GNUTLS_CRYPTO_H I can
> at least get the API needed.
>
> Just so you know I have a customer case which I'm trying to
> resolve/debug that's impacted by this (naturally)!
>
>
> I "hand bisected" back to
>
> $ git co c290f216c47afbd4f3d1e082cdb98181675cd31e
> $ ./autogen.sh --system
> <lots of gnarly warnings about this omitted>
>
> $ grep HAVE_GNUTLS config.log
> | #define HAVE_GNUTLS_CRYPTO_H 1
> | #define HAVE_GNUTLS_RND 1
> | #define HAVE_GNUTLS_CIPHER_ENCRYPT 1
> | #define HAVE_GNUTLS_CRYPTO_H 1
> ...
> #define HAVE_GNUTLS_CRYPTO_H 1
> #define HAVE_GNUTLS_RND 1
> #define HAVE_GNUTLS_CIPHER_ENCRYPT 1
> ...
>
> $ git co 680d2f49dad425395de627a31006cb84848cfa65
> $ ./autogen.sh --system
> <lots of stuff ommitted>
>
> $ grep HAVE_GNUTLS config.log
> | #define HAVE_GNUTLS_CRYPTO_H 1
> ...
> #define HAVE_GNUTLS_CRYPTO_H 1
> ...
> $
>
> Note there's no HAVE_GNUTLS_CIPHER_ENCRYPT or HAVE_GNUTLS_RND
>
>
> doing the similar process for some followup patches that seemed to be
> related produced the same results
>
> $ git co 0c62ccf927c60c9c248db52a23670ec2f9bce2b2
> $ git co a55fdc3f251ab1800050505ac1e6158ee7535402
> $ git co 943ddcb71205524fe2a34ca7a9b6cb3744a07555
>
>
> Ironically the test for whether this functionality exists uses SKIP so
> as to not cause failures for environments without the gnutls_cipher_encrypt
Hi John,
nice job with the analysis. The issue is with usage of AC_CHECK_FUNC and
AC_CHECK_FUNCS. I'll send a patch shortly.
Pavel
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
