From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Richard W.M. Jones" <rjones@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [PATCH] crypto: Remove use of GCRYPT_VERSION macro.
Date: Wed, 27 May 2020 10:42:06 +0100 [thread overview]
Message-ID: <20200527094206.GD2665520@redhat.com> (raw)
In-Reply-To: <20200527093409.3588189-1-rjones@redhat.com>
On Wed, May 27, 2020 at 10:34:09AM +0100, Richard W.M. Jones wrote:
> According to the gcrypt documentation it's intended that
> gcry_check_version() is called with the minimum version of gcrypt
> needed by the program, not the version from the <gcrypt.h> header file
> that happened to be installed when qemu was compiled. Indeed the
> gcrypt.h header says that you shouldn't use the GCRYPT_VERSION macro.
That's awesome, because the API docs illustrate gcry_check_version
with passing GCRYPT_VERSION !
> This causes the following failure:
>
> qemu-img: Unable to initialize gcrypt
>
> if a slightly older version of libgcrypt is installed with a newer
> qemu, even though the slightly older version works fine. This can
> happen with RPM packaging which uses symbol versioning to determine
> automatically which libgcrypt is required by qemu, which caused the
> following bug in RHEL 8:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1840485
>
> qemu actually requires libgcrypt >= 1.5.0, so we might put the string
> "1.5.0" here. However since 1.5.0 was released in 2011, it hardly
> seems we need to check that. So I replaced GCRYPT_VERSION with NULL.
> Perhaps in future if we move to requiring a newer version of gcrypt we
> could put a literal string here.
I checked that v1.5.0 still accepts NULL and it does, so we're
fine. We validate the 1.5.0 version in configure, and any
runtime usage would be hanlded by ELF symbol versioning as
you say.
>
> Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
> ---
> crypto/init.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/crypto/init.c b/crypto/init.c
> index b305381ec5..ea233b9192 100644
> --- a/crypto/init.c
> +++ b/crypto/init.c
> @@ -122,7 +122,7 @@ int qcrypto_init(Error **errp)
> #endif
>
> #ifdef CONFIG_GCRYPT
> - if (!gcry_check_version(GCRYPT_VERSION)) {
> + if (!gcry_check_version(NULL)) {
> error_setg(errp, "Unable to initialize gcrypt");
> return -1;
> }
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
and queued.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2020-05-27 9:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-27 9:34 [PATCH] crypto: Remove use of GCRYPT_VERSION macro Richard W.M. Jones
2020-05-27 9:42 ` Daniel P. Berrangé [this message]
2020-05-27 10:03 ` Richard W.M. Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200527094206.GD2665520@redhat.com \
--to=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).