From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40176) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aStKo-0000Vz-5y for qemu-devel@nongnu.org; Mon, 08 Feb 2016 16:27:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aStKn-0002tr-3g for qemu-devel@nongnu.org; Mon, 08 Feb 2016 16:27:02 -0500 References: <1453311539-1193-1-git-send-email-berrange@redhat.com> <1453311539-1193-18-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <56B9081E.5030502@redhat.com> Date: Mon, 8 Feb 2016 14:26:54 -0700 MIME-Version: 1.0 In-Reply-To: <1453311539-1193-18-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rrho9V1C1D5iqM3c7Slbr05DgJevKcFfW" Subject: Re: [Qemu-devel] [PATCH v2 17/17] block: remove support for legecy AES qcow/qcow2 encryption List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Kevin Wolf , Fam Zheng , qemu-block@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rrho9V1C1D5iqM3c7Slbr05DgJevKcFfW Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 01/20/2016 10:38 AM, Daniel P. Berrange wrote: > Refuse to use images with the legacy AES-CBC encryption > format in the system emulators. They are still fully > supported in the qemu-img, qemu-io & qemu-nbd tools in > order to allow data to be liberated and for compatibility > with older QEMU versions. Continued support in these tools > is not a notable burden with the new FDE framework. >=20 > Signed-off-by: Daniel P. Berrange > --- > +++ b/block/qcow.c > @@ -180,6 +180,14 @@ static int qcow_open(BlockDriverState *bs, QDict *= options, int flags, > s->crypt_method_header =3D header.crypt_method; > if (s->crypt_method_header) { > if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { > + if (bdrv_uses_whitelist()) { > + error_setg(errp, > + "Use of AES-CBC encrypted qcow images is no= longer " > + "supported. Please use the qcow2 LUKS forma= t instead."); error_setg() should be a single phrase with no trailing punctuation, not two sentences. Use error_append_hint() for the suggestion of the replacement. > +++ b/block/qcow2.c > @@ -1209,6 +1209,14 @@ static int qcow2_open(BlockDriverState *bs, QDic= t *options, int flags, > =20 > s->crypt_method_header =3D header.crypt_method; > if (s->crypt_method_header) { > + if (bdrv_uses_whitelist() && > + s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { > + error_setg(errp, > + "Use of AES-CBC encrypted qcow2 images is no lo= nger " > + "supported. Please use the qcow2 LUKS format in= stead."); Ditto --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --rrho9V1C1D5iqM3c7Slbr05DgJevKcFfW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWuQgeAAoJEKeha0olJ0NqpDQH/2OiRud5TqNjfqfx/zOHAtzv USIltwddobr8os7zO99XgVu5F2jnMxhSqpijjacJLLtEjH6h3JOD3PcQfNPlD6Jm NUmvL3AqJZxvUcVcw/X4amDeYkDasoCWkSWhtqlSdrZYwm8UPVJss0vdj/jMF8JF gnczeX/e4yk5sozAAGh9nHjW+LGlh9iI3rbP8Mf69v9w4BqLteHSGiLZ1pLol42l 4cdJdTJjD3q2y2yLeQPvJWB1IeUG/DZ/EhsMmDxBJ8N+6o8+kVrb1aLRu/DF/MvB i09H4Euelmh83EobEQo8ljyB9D8K99pdnBwZ3sJjBiUcrZszemlIgAJsTYSsD8c= =AnZ6 -----END PGP SIGNATURE----- --rrho9V1C1D5iqM3c7Slbr05DgJevKcFfW--