Re: [Qemu-devel] [PATCH 0/9] encryption code changes

["Daniel P. Berrange" <berrange@redhat.com>]

On Fri, Feb 06, 2009 at 07:08:51PM -0200, Eduardo Habkost wrote:
> Hi,
> 
> This patch series for qemu contain multiple changes on the way encryption
> and authentication code is handled.
> 
> The first patch is a behaviour change to avoid silent security holes on
> the VNC server caused by user configuration errors.
> 
> Patches 2 and 3 are bugfixes to some of the multiple problems
> I had with monitor_readline(), when testing the qcow encryption
> support. monitor_readline() is still not completely functional, but
> at least it allows the qcow password to be read when an qcow encrypted
> image is specified on the command-line, now.
> 
> The remaining patches may be more controversial. The first half makes the
> use of aes.c and d3des.c optional at compile time. The rest remove aes.c
> and d3des.c from the source tree and replace them with calls to libgcrypt.

FYI, for those who don't realize, libgcrypt is the crypto library used
by GNUTLS. QEMU already uses GNUTLS for its VNC server, if --with-vnc-tls
flag is given to configure. IMHO, using libgcrypt for all crypto is
a good idea, although it would become a compulsory dependancy instead of
an optional one.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|