From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LVl1W-0002lA-39 for qemu-devel@nongnu.org; Sat, 07 Feb 2009 06:06:58 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LVl1V-0002kg-8c for qemu-devel@nongnu.org; Sat, 07 Feb 2009 06:06:57 -0500 Received: from [199.232.76.173] (port=54788 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LVl1V-0002kb-1j for qemu-devel@nongnu.org; Sat, 07 Feb 2009 06:06:57 -0500 Received: from mx1.redhat.com ([66.187.233.31]:60573) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LVl1U-0002HF-GA for qemu-devel@nongnu.org; Sat, 07 Feb 2009 06:06:56 -0500 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n17B6FR0028439 for ; Sat, 7 Feb 2009 06:06:15 -0500 Received: from file.fab.redhat.com (file.fab.redhat.com [10.33.63.6]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n17B6GgU019942 for ; Sat, 7 Feb 2009 06:06:17 -0500 Received: from file.fab.redhat.com (localhost.localdomain [127.0.0.1]) by file.fab.redhat.com (8.13.1/8.13.1) with ESMTP id n17B6E1t020159 for ; Sat, 7 Feb 2009 11:06:14 GMT Received: (from berrange@localhost) by file.fab.redhat.com (8.13.1/8.13.1/Submit) id n17B6EdA020155 for qemu-devel@nongnu.org; Sat, 7 Feb 2009 11:06:14 GMT Date: Sat, 7 Feb 2009 11:06:14 +0000 From: "Daniel P. Berrange" Subject: Re: [Qemu-devel] [PATCH 0/9] encryption code changes Message-ID: <20090207110614.GB29664@redhat.com> References: <1233954540-4754-1-git-send-email-ehabkost@redhat.com> <498CCB11.1090005@codemonkey.ws> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <498CCB11.1090005@codemonkey.ws> Reply-To: "Daniel P. Berrange" , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org On Fri, Feb 06, 2009 at 05:43:13PM -0600, Anthony Liguori wrote: > Eduardo Habkost wrote: > >Hi, > > > >This patch series for qemu contain multiple changes on the way encryption > >and authentication code is handled. > > > >The first patch is a behaviour change to avoid silent security holes on > >the VNC server caused by user configuration errors. > > > >Patches 2 and 3 are bugfixes to some of the multiple problems > >I had with monitor_readline(), when testing the qcow encryption > >support. monitor_readline() is still not completely functional, but > >at least it allows the qcow password to be read when an qcow encrypted > >image is specified on the command-line, now. > > > >The remaining patches may be more controversial. The first half makes the > >use of aes.c and d3des.c optional at compile time. The rest remove aes.c > >and d3des.c from the source tree and replace them with calls to libgcrypt. > > > > What's the availability of libgcrypt? Are there Windows versions > readily available? That would be my biggest concern here. It is available for Windows - we build it in the Fedora MinGW project as it is a pre-requisite for GNUTLS and thus libvirt on Windows. It is also used by (and comes from the) GnuPG project http://www.gnupg.org/documentation/manuals/gcrypt/ Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|