Various crypto fixes
* Support sha384 with glib crypto backend * Improve error reporting for unsupported cipher modes * Avoid memory leak when bad cipher mode is given * Run pbkdf tests on macOS * Runtime check for pbkdf hash impls with gnutls & gcrypt * Avoid hangs counter pbkdf iterations on some Linux kernels by using a throwaway thread for benchmarking performance * Fix iotests expected output from gnutls errors -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmbfAy4ACgkQvobrtBUQ T99ZLhAAomQ7GeUNYM2/Fh9VptSAy9nddp7WwMd2egTZ+wPMnvalxXiMupf0WNzb 3CJtXojeNCCV8PtBuTmlCmLg+HxFA+zQgkizS9WqUOMies54woGrwQCUIlyez1Au Y2+9GbRRrkJA860R1aK2EJI5C2ofJf+CJd/nWSxsTzZSPu6Iu3V9ZahSdAq8o96R AMh//6MOuX5pauyTYLXL3jpxEJEM4YjQ/+AF8D5FYustcN1Icjv2KPL1PArwUOTe m1NZtcWLxZpmis5vXO8davMbB16bda6YUxuBQ++pFlF3ars7U2JldZ4DIqECAKkI sxtw6Wq/IjdVwyJLj/+c7CX3/T1p4IuJ8ch6sfVnQz1KUf2NxPtBwSXqQneLUa2G b46swxL695nCBYkbcfgWYfL5BaU1b0W8Xkk4sRoTNN5tDcYOuE9nMTMu71pHifmz 1itkxvLdLkwH7mxzTAxVV+vdQk3KiXlmt42/hOJMgAC3WRp2JJsEv64Jpq9huooA a+7fM5c2r3b77q7hjIwp8X6HmNehCt2KQiGvn0DvMmqb22r/RT9VzE89iNhPNSUx rCj7b2+19Xrfe1wxwl07GJ7yUXX4XIcphH66iO9nu1RQDBATqNSiJ/dHCfP9iiEP 7PHf4krOSzA+wL67FP+u8x0sVhpPmbPRvU8VW4+D+Av91TK5wo0= =wLAZ -----END PGP SIGNATURE----- Merge tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu into staging Various crypto fixes * Support sha384 with glib crypto backend * Improve error reporting for unsupported cipher modes * Avoid memory leak when bad cipher mode is given * Run pbkdf tests on macOS * Runtime check for pbkdf hash impls with gnutls & gcrypt * Avoid hangs counter pbkdf iterations on some Linux kernels by using a throwaway thread for benchmarking performance * Fix iotests expected output from gnutls errors # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmbfAy4ACgkQvobrtBUQ # T99ZLhAAomQ7GeUNYM2/Fh9VptSAy9nddp7WwMd2egTZ+wPMnvalxXiMupf0WNzb # 3CJtXojeNCCV8PtBuTmlCmLg+HxFA+zQgkizS9WqUOMies54woGrwQCUIlyez1Au # Y2+9GbRRrkJA860R1aK2EJI5C2ofJf+CJd/nWSxsTzZSPu6Iu3V9ZahSdAq8o96R # AMh//6MOuX5pauyTYLXL3jpxEJEM4YjQ/+AF8D5FYustcN1Icjv2KPL1PArwUOTe # m1NZtcWLxZpmis5vXO8davMbB16bda6YUxuBQ++pFlF3ars7U2JldZ4DIqECAKkI # sxtw6Wq/IjdVwyJLj/+c7CX3/T1p4IuJ8ch6sfVnQz1KUf2NxPtBwSXqQneLUa2G # b46swxL695nCBYkbcfgWYfL5BaU1b0W8Xkk4sRoTNN5tDcYOuE9nMTMu71pHifmz # 1itkxvLdLkwH7mxzTAxVV+vdQk3KiXlmt42/hOJMgAC3WRp2JJsEv64Jpq9huooA # a+7fM5c2r3b77q7hjIwp8X6HmNehCt2KQiGvn0DvMmqb22r/RT9VzE89iNhPNSUx # rCj7b2+19Xrfe1wxwl07GJ7yUXX4XIcphH66iO9nu1RQDBATqNSiJ/dHCfP9iiEP # 7PHf4krOSzA+wL67FP+u8x0sVhpPmbPRvU8VW4+D+Av91TK5wo0= # =wLAZ # -----END PGP SIGNATURE----- # gpg: Signature made Mon 09 Sep 2024 15:16:14 BST # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu: crypto: Introduce x509 utils crypto: Support SHA384 hash when using glib crypto: Define macros for hash algorithm digest lengths crypto: use consistent error reporting pattern for unsupported cipher modes crypto: avoid leak of ctx when bad cipher mode is given tests/unit: build pbkdf test on macOS tests/unit: always build the pbkdf crypto unit test crypto: check gnutls & gcrypt support the requested pbkdf hash crypto: run qcrypto_pbkdf2_count_iters in a new thread iotests: fix expected output from gnutls Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
7bbadc60b5
@ -525,8 +525,10 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
|
||||
case QCRYPTO_CIPHER_MODE_CTR:
|
||||
drv = &qcrypto_nettle_des_driver_ctr;
|
||||
break;
|
||||
default:
|
||||
case QCRYPTO_CIPHER_MODE_XTS:
|
||||
goto bad_cipher_mode;
|
||||
default:
|
||||
g_assert_not_reached();
|
||||
}
|
||||
|
||||
ctx = g_new0(QCryptoNettleDES, 1);
|
||||
@ -551,8 +553,10 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
|
||||
case QCRYPTO_CIPHER_MODE_CTR:
|
||||
drv = &qcrypto_nettle_des3_driver_ctr;
|
||||
break;
|
||||
default:
|
||||
case QCRYPTO_CIPHER_MODE_XTS:
|
||||
goto bad_cipher_mode;
|
||||
default:
|
||||
g_assert_not_reached();
|
||||
}
|
||||
|
||||
ctx = g_new0(QCryptoNettleDES3, 1);
|
||||
@ -663,8 +667,10 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
|
||||
case QCRYPTO_CIPHER_MODE_CTR:
|
||||
drv = &qcrypto_nettle_cast128_driver_ctr;
|
||||
break;
|
||||
default:
|
||||
case QCRYPTO_CIPHER_MODE_XTS:
|
||||
goto bad_cipher_mode;
|
||||
default:
|
||||
g_assert_not_reached();
|
||||
}
|
||||
|
||||
ctx = g_new0(QCryptoNettleCAST128, 1);
|
||||
@ -734,16 +740,23 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
|
||||
#ifdef CONFIG_CRYPTO_SM4
|
||||
case QCRYPTO_CIPHER_ALG_SM4:
|
||||
{
|
||||
QCryptoNettleSm4 *ctx = g_new0(QCryptoNettleSm4, 1);
|
||||
QCryptoNettleSm4 *ctx;
|
||||
const QCryptoCipherDriver *drv;
|
||||
|
||||
switch (mode) {
|
||||
case QCRYPTO_CIPHER_MODE_ECB:
|
||||
ctx->base.driver = &qcrypto_nettle_sm4_driver_ecb;
|
||||
drv = &qcrypto_nettle_sm4_driver_ecb;
|
||||
break;
|
||||
default:
|
||||
case QCRYPTO_CIPHER_MODE_CBC:
|
||||
case QCRYPTO_CIPHER_MODE_CTR:
|
||||
case QCRYPTO_CIPHER_MODE_XTS:
|
||||
goto bad_cipher_mode;
|
||||
default:
|
||||
g_assert_not_reached();
|
||||
}
|
||||
|
||||
ctx = g_new0(QCryptoNettleSm4, 1);
|
||||
ctx->base.driver = drv;
|
||||
sm4_set_encrypt_key(&ctx->key[0], key);
|
||||
sm4_set_decrypt_key(&ctx->key[1], key);
|
||||
|
||||
|
@ -29,7 +29,7 @@ static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
|
||||
[QCRYPTO_HASH_ALG_SHA1] = G_CHECKSUM_SHA1,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = -1,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = G_CHECKSUM_SHA256,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = -1,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = G_CHECKSUM_SHA384,
|
||||
[QCRYPTO_HASH_ALG_SHA512] = G_CHECKSUM_SHA512,
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = -1,
|
||||
};
|
||||
|
@ -23,13 +23,13 @@
|
||||
#include "hashpriv.h"
|
||||
|
||||
static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG__MAX] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = 16,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = 20,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = 28,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = 32,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = 48,
|
||||
[QCRYPTO_HASH_ALG_SHA512] = 64,
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = 20,
|
||||
[QCRYPTO_HASH_ALG_MD5] = QCRYPTO_HASH_DIGEST_LEN_MD5,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = QCRYPTO_HASH_DIGEST_LEN_SHA1,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = QCRYPTO_HASH_DIGEST_LEN_SHA224,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = QCRYPTO_HASH_DIGEST_LEN_SHA256,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = QCRYPTO_HASH_DIGEST_LEN_SHA384,
|
||||
[QCRYPTO_HASH_ALG_SHA512] = QCRYPTO_HASH_DIGEST_LEN_SHA512,
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = QCRYPTO_HASH_DIGEST_LEN_RIPEMD160,
|
||||
};
|
||||
|
||||
size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg)
|
||||
|
@ -24,6 +24,10 @@ crypto_ss.add(files(
|
||||
'rsakey.c',
|
||||
))
|
||||
|
||||
if gnutls.found()
|
||||
crypto_ss.add(files('x509-utils.c'))
|
||||
endif
|
||||
|
||||
if nettle.found()
|
||||
crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
|
||||
if hogweed.found()
|
||||
|
@ -33,7 +33,7 @@ bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash)
|
||||
case QCRYPTO_HASH_ALG_SHA384:
|
||||
case QCRYPTO_HASH_ALG_SHA512:
|
||||
case QCRYPTO_HASH_ALG_RIPEMD160:
|
||||
return true;
|
||||
return qcrypto_hash_supports(hash);
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash)
|
||||
case QCRYPTO_HASH_ALG_SHA384:
|
||||
case QCRYPTO_HASH_ALG_SHA512:
|
||||
case QCRYPTO_HASH_ALG_RIPEMD160:
|
||||
return true;
|
||||
return qcrypto_hash_supports(hash);
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
|
@ -19,6 +19,7 @@
|
||||
*/
|
||||
|
||||
#include "qemu/osdep.h"
|
||||
#include "qemu/thread.h"
|
||||
#include "qapi/error.h"
|
||||
#include "crypto/pbkdf.h"
|
||||
#ifndef _WIN32
|
||||
@ -85,12 +86,28 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long *val_ms,
|
||||
#endif
|
||||
}
|
||||
|
||||
uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
|
||||
const uint8_t *key, size_t nkey,
|
||||
const uint8_t *salt, size_t nsalt,
|
||||
size_t nout,
|
||||
Error **errp)
|
||||
typedef struct CountItersData {
|
||||
QCryptoHashAlgorithm hash;
|
||||
const uint8_t *key;
|
||||
size_t nkey;
|
||||
const uint8_t *salt;
|
||||
size_t nsalt;
|
||||
size_t nout;
|
||||
uint64_t iterations;
|
||||
Error **errp;
|
||||
} CountItersData;
|
||||
|
||||
static void *threaded_qcrypto_pbkdf2_count_iters(void *data)
|
||||
{
|
||||
CountItersData *iters_data = (CountItersData *) data;
|
||||
QCryptoHashAlgorithm hash = iters_data->hash;
|
||||
const uint8_t *key = iters_data->key;
|
||||
size_t nkey = iters_data->nkey;
|
||||
const uint8_t *salt = iters_data->salt;
|
||||
size_t nsalt = iters_data->nsalt;
|
||||
size_t nout = iters_data->nout;
|
||||
Error **errp = iters_data->errp;
|
||||
|
||||
uint64_t ret = -1;
|
||||
g_autofree uint8_t *out = g_new(uint8_t, nout);
|
||||
uint64_t iterations = (1 << 15);
|
||||
@ -114,7 +131,10 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
|
||||
|
||||
delta_ms = end_ms - start_ms;
|
||||
|
||||
if (delta_ms > 500) {
|
||||
if (delta_ms == 0) { /* sanity check */
|
||||
error_setg(errp, "Unable to get accurate CPU usage");
|
||||
goto cleanup;
|
||||
} else if (delta_ms > 500) {
|
||||
break;
|
||||
} else if (delta_ms < 100) {
|
||||
iterations = iterations * 10;
|
||||
@ -129,5 +149,24 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
|
||||
|
||||
cleanup:
|
||||
memset(out, 0, nout);
|
||||
return ret;
|
||||
iters_data->iterations = ret;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
|
||||
const uint8_t *key, size_t nkey,
|
||||
const uint8_t *salt, size_t nsalt,
|
||||
size_t nout,
|
||||
Error **errp)
|
||||
{
|
||||
CountItersData data = {
|
||||
hash, key, nkey, salt, nsalt, nout, 0, errp
|
||||
};
|
||||
QemuThread thread;
|
||||
|
||||
qemu_thread_create(&thread, "pbkdf2", threaded_qcrypto_pbkdf2_count_iters,
|
||||
&data, QEMU_THREAD_JOINABLE);
|
||||
qemu_thread_join(&thread);
|
||||
|
||||
return data.iterations;
|
||||
}
|
||||
|
76
crypto/x509-utils.c
Normal file
76
crypto/x509-utils.c
Normal file
@ -0,0 +1,76 @@
|
||||
/*
|
||||
* X.509 certificate related helpers
|
||||
*
|
||||
* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
|
||||
*
|
||||
* This work is licensed under the terms of the GNU GPL, version 2 or
|
||||
* (at your option) any later version. See the COPYING file in the
|
||||
* top-level directory.
|
||||
*/
|
||||
|
||||
#include "qemu/osdep.h"
|
||||
#include "qapi/error.h"
|
||||
#include "crypto/x509-utils.h"
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/crypto.h>
|
||||
#include <gnutls/x509.h>
|
||||
|
||||
static const int qcrypto_to_gnutls_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = {
|
||||
[QCRYPTO_HASH_ALG_MD5] = GNUTLS_DIG_MD5,
|
||||
[QCRYPTO_HASH_ALG_SHA1] = GNUTLS_DIG_SHA1,
|
||||
[QCRYPTO_HASH_ALG_SHA224] = GNUTLS_DIG_SHA224,
|
||||
[QCRYPTO_HASH_ALG_SHA256] = GNUTLS_DIG_SHA256,
|
||||
[QCRYPTO_HASH_ALG_SHA384] = GNUTLS_DIG_SHA384,
|
||||
[QCRYPTO_HASH_ALG_SHA512] = GNUTLS_DIG_SHA512,
|
||||
[QCRYPTO_HASH_ALG_RIPEMD160] = GNUTLS_DIG_RMD160,
|
||||
};
|
||||
|
||||
int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
|
||||
QCryptoHashAlgorithm alg,
|
||||
uint8_t *result,
|
||||
size_t *resultlen,
|
||||
Error **errp)
|
||||
{
|
||||
int ret = -1;
|
||||
int hlen;
|
||||
gnutls_x509_crt_t crt;
|
||||
gnutls_datum_t datum = {.data = cert, .size = size};
|
||||
|
||||
if (alg >= G_N_ELEMENTS(qcrypto_to_gnutls_hash_alg_map)) {
|
||||
error_setg(errp, "Unknown hash algorithm");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (result == NULL) {
|
||||
error_setg(errp, "No valid buffer given");
|
||||
return -1;
|
||||
}
|
||||
|
||||
gnutls_x509_crt_init(&crt);
|
||||
|
||||
if (gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM) != 0) {
|
||||
error_setg(errp, "Failed to import certificate");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
hlen = gnutls_hash_get_len(qcrypto_to_gnutls_hash_alg_map[alg]);
|
||||
if (*resultlen < hlen) {
|
||||
error_setg(errp,
|
||||
"Result buffer size %zu is smaller than hash %d",
|
||||
*resultlen, hlen);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (gnutls_x509_crt_get_fingerprint(crt,
|
||||
qcrypto_to_gnutls_hash_alg_map[alg],
|
||||
result, resultlen) != 0) {
|
||||
error_setg(errp, "Failed to get fingerprint from certificate");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
cleanup:
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
return ret;
|
||||
}
|
@ -23,6 +23,14 @@
|
||||
|
||||
#include "qapi/qapi-types-crypto.h"
|
||||
|
||||
#define QCRYPTO_HASH_DIGEST_LEN_MD5 16
|
||||
#define QCRYPTO_HASH_DIGEST_LEN_SHA1 20
|
||||
#define QCRYPTO_HASH_DIGEST_LEN_SHA224 28
|
||||
#define QCRYPTO_HASH_DIGEST_LEN_SHA256 32
|
||||
#define QCRYPTO_HASH_DIGEST_LEN_SHA384 48
|
||||
#define QCRYPTO_HASH_DIGEST_LEN_SHA512 64
|
||||
#define QCRYPTO_HASH_DIGEST_LEN_RIPEMD160 20
|
||||
|
||||
/* See also "QCryptoHashAlgorithm" defined in qapi/crypto.json */
|
||||
|
||||
/**
|
||||
|
22
include/crypto/x509-utils.h
Normal file
22
include/crypto/x509-utils.h
Normal file
@ -0,0 +1,22 @@
|
||||
/*
|
||||
* X.509 certificate related helpers
|
||||
*
|
||||
* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
|
||||
*
|
||||
* This work is licensed under the terms of the GNU GPL, version 2 or
|
||||
* (at your option) any later version. See the COPYING file in the
|
||||
* top-level directory.
|
||||
*/
|
||||
|
||||
#ifndef QCRYPTO_X509_UTILS_H
|
||||
#define QCRYPTO_X509_UTILS_H
|
||||
|
||||
#include "crypto/hash.h"
|
||||
|
||||
int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
|
||||
QCryptoHashAlgorithm hash,
|
||||
uint8_t *result,
|
||||
size_t *resultlen,
|
||||
Error **errp);
|
||||
|
||||
#endif
|
@ -69,8 +69,8 @@ read 1048576/1048576 bytes at offset 1048576
|
||||
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
|
||||
== check TLS with authorization ==
|
||||
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort
|
||||
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort
|
||||
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
||||
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
||||
|
||||
== check TLS fail over UNIX with no hostname ==
|
||||
qemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': No hostname for certificate validation
|
||||
@ -103,14 +103,14 @@ qemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0'
|
||||
qemu-nbd: TLS handshake failed: The TLS connection was non-properly terminated.
|
||||
|
||||
== final server log ==
|
||||
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort
|
||||
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort
|
||||
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
||||
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
||||
qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
|
||||
qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
|
||||
qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied
|
||||
qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied
|
||||
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort
|
||||
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort
|
||||
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
||||
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
||||
qemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received.
|
||||
qemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received.
|
||||
*** done
|
||||
|
@ -121,10 +121,8 @@ if have_block
|
||||
if config_host_data.get('CONFIG_REPLICATION')
|
||||
tests += {'test-replication': [testblock]}
|
||||
endif
|
||||
if nettle.found() or gcrypt.found()
|
||||
tests += {'test-crypto-pbkdf': [io]}
|
||||
endif
|
||||
endif
|
||||
|
||||
if have_system
|
||||
tests += {
|
||||
|
@ -25,8 +25,7 @@
|
||||
#include <sys/resource.h>
|
||||
#endif
|
||||
|
||||
#if ((defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT)) && \
|
||||
(defined(_WIN32) || defined(RUSAGE_THREAD)))
|
||||
#if defined(_WIN32) || defined(RUSAGE_THREAD) || defined(CONFIG_DARWNI)
|
||||
#include "crypto/pbkdf.h"
|
||||
|
||||
typedef struct QCryptoPbkdfTestData QCryptoPbkdfTestData;
|
||||
@ -394,7 +393,7 @@ static void test_pbkdf(const void *opaque)
|
||||
}
|
||||
|
||||
|
||||
static void test_pbkdf_timing(void)
|
||||
static void test_pbkdf_timing_sha256(void)
|
||||
{
|
||||
uint8_t key[32];
|
||||
uint8_t salt[32];
|
||||
@ -422,14 +421,18 @@ int main(int argc, char **argv)
|
||||
g_assert(qcrypto_init(NULL) == 0);
|
||||
|
||||
for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
|
||||
if (!qcrypto_pbkdf2_supports(test_data[i].hash)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!test_data[i].slow ||
|
||||
g_test_slow()) {
|
||||
g_test_add_data_func(test_data[i].path, &test_data[i], test_pbkdf);
|
||||
}
|
||||
}
|
||||
|
||||
if (g_test_slow()) {
|
||||
g_test_add_func("/crypt0/pbkdf/timing", test_pbkdf_timing);
|
||||
if (g_test_slow() && qcrypto_pbkdf2_supports(QCRYPTO_HASH_ALG_SHA256)) {
|
||||
g_test_add_func("/crypt0/pbkdf/timing/sha256", test_pbkdf_timing_sha256);
|
||||
}
|
||||
|
||||
return g_test_run();
|
||||
|
Loading…
Reference in New Issue
Block a user