From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LVkuw-0001Re-J2 for qemu-devel@nongnu.org; Sat, 07 Feb 2009 06:00:10 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LVkuu-0001RS-5T for qemu-devel@nongnu.org; Sat, 07 Feb 2009 06:00:09 -0500 Received: from [199.232.76.173] (port=39175 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LVkut-0001RP-UD for qemu-devel@nongnu.org; Sat, 07 Feb 2009 06:00:07 -0500 Received: from mx1.redhat.com ([66.187.233.31]:42708) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LVkut-0001jq-GG for qemu-devel@nongnu.org; Sat, 07 Feb 2009 06:00:07 -0500 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n17B04FC026363 for ; Sat, 7 Feb 2009 06:00:04 -0500 Received: from file.fab.redhat.com (file.fab.redhat.com [10.33.63.6]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n17B06Sw017938 for ; Sat, 7 Feb 2009 06:00:06 -0500 Received: from file.fab.redhat.com (localhost.localdomain [127.0.0.1]) by file.fab.redhat.com (8.13.1/8.13.1) with ESMTP id n17B03ht016252 for ; Sat, 7 Feb 2009 11:00:03 GMT Received: (from berrange@localhost) by file.fab.redhat.com (8.13.1/8.13.1/Submit) id n17B03iA016061 for qemu-devel@nongnu.org; Sat, 7 Feb 2009 11:00:03 GMT Date: Sat, 7 Feb 2009 11:00:03 +0000 From: "Daniel P. Berrange" Subject: Re: [Qemu-devel] [PATCH 0/9] encryption code changes Message-ID: <20090207110003.GA29664@redhat.com> References: <1233954540-4754-1-git-send-email-ehabkost@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1233954540-4754-1-git-send-email-ehabkost@redhat.com> Reply-To: "Daniel P. Berrange" , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org On Fri, Feb 06, 2009 at 07:08:51PM -0200, Eduardo Habkost wrote: > Hi, > > This patch series for qemu contain multiple changes on the way encryption > and authentication code is handled. > > The first patch is a behaviour change to avoid silent security holes on > the VNC server caused by user configuration errors. > > Patches 2 and 3 are bugfixes to some of the multiple problems > I had with monitor_readline(), when testing the qcow encryption > support. monitor_readline() is still not completely functional, but > at least it allows the qcow password to be read when an qcow encrypted > image is specified on the command-line, now. > > The remaining patches may be more controversial. The first half makes the > use of aes.c and d3des.c optional at compile time. The rest remove aes.c > and d3des.c from the source tree and replace them with calls to libgcrypt. FYI, for those who don't realize, libgcrypt is the crypto library used by GNUTLS. QEMU already uses GNUTLS for its VNC server, if --with-vnc-tls flag is given to configure. IMHO, using libgcrypt for all crypto is a good idea, although it would become a compulsory dependancy instead of an optional one. Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|