From: Gonglei <arei.gonglei@huawei.com>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 07/10] block: convert quorum blockdrv to use crypto APIs
Date: Fri, 29 May 2015 14:49:46 +0800 [thread overview]
Message-ID: <55680C0A.9020302@huawei.com> (raw)
In-Reply-To: <1432205817-16414-8-git-send-email-berrange@redhat.com>
On 2015/5/21 18:56, Daniel P. Berrange wrote:
> Get rid of direct use of gnutls APIs in quorum blockdrv in
> favour of using the crypto APIs. This avoids the need to
> do conditional compilation of the quorum driver. It can
> simply report an error at file open file instead if the
> required hash algorithm isn't supported by QEMU.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> block/Makefile.objs | 2 +-
> block/quorum.c | 38 +++++++++++++++++++-------------------
> configure | 39 ---------------------------------------
> 3 files changed, 20 insertions(+), 59 deletions(-)
>
> diff --git a/block/Makefile.objs b/block/Makefile.objs
> index 0d8c2a4..8f908d9 100644
> --- a/block/Makefile.objs
> +++ b/block/Makefile.objs
> @@ -3,7 +3,7 @@ block-obj-y += qcow2.o qcow2-refcount.o qcow2-cluster.o qcow2-snapshot.o qcow2-c
> block-obj-y += qed.o qed-gencb.o qed-l2-cache.o qed-table.o qed-cluster.o
> block-obj-y += qed-check.o
> block-obj-$(CONFIG_VHDX) += vhdx.o vhdx-endian.o vhdx-log.o
> -block-obj-$(CONFIG_QUORUM) += quorum.o
> +block-obj-y += quorum.o
> block-obj-y += parallels.o blkdebug.o blkverify.o
> block-obj-y += block-backend.o snapshot.o qapi.o
> block-obj-$(CONFIG_WIN32) += raw-win32.o win32-aio.o
> diff --git a/block/quorum.c b/block/quorum.c
> index f91ef75..4193f30 100644
> --- a/block/quorum.c
> +++ b/block/quorum.c
> @@ -13,8 +13,6 @@
> * See the COPYING file in the top-level directory.
> */
>
> -#include <gnutls/gnutls.h>
> -#include <gnutls/crypto.h>
> #include "block/block_int.h"
> #include "qapi/qmp/qbool.h"
> #include "qapi/qmp/qdict.h"
> @@ -23,6 +21,9 @@
> #include "qapi/qmp/qlist.h"
> #include "qapi/qmp/qstring.h"
> #include "qapi-event.h"
> +#include "crypto/hash.h"
> +
> +#include <glib/gi18n.h>
>
> #define HASH_LENGTH 32
>
> @@ -33,7 +34,7 @@
>
> /* This union holds a vote hash value */
> typedef union QuorumVoteValue {
> - char h[HASH_LENGTH]; /* SHA-256 hash */
> + uint8_t h[HASH_LENGTH]; /* SHA-256 hash */
> int64_t l; /* simpler 64 bits hash */
> } QuorumVoteValue;
>
> @@ -427,25 +428,18 @@ static void quorum_free_vote_list(QuorumVotes *votes)
>
> static int quorum_compute_hash(QuorumAIOCB *acb, int i, QuorumVoteValue *hash)
> {
> - int j, ret;
> - gnutls_hash_hd_t dig;
> QEMUIOVector *qiov = &acb->qcrs[i].qiov;
> -
> - ret = gnutls_hash_init(&dig, GNUTLS_DIG_SHA256);
> -
> - if (ret < 0) {
> - return ret;
> + size_t len = sizeof(hash->h);
> + uint8_t *data = hash->h;
> +
> + if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256,
> + qiov->iov, qiov->niov,
> + &data, &len,
> + NULL) < 0) {
The last argument should not be NULL, maybe miss error message.
Regards,
-Gonglei
> + return -EINVAL;
> }
>
> - for (j = 0; j < qiov->niov; j++) {
> - ret = gnutls_hash(dig, qiov->iov[j].iov_base, qiov->iov[j].iov_len);
> - if (ret < 0) {
> - break;
> - }
> - }
> -
> - gnutls_hash_deinit(dig, (void *) hash);
> - return ret;
> + return 0;
> }
>
> static QuorumVoteVersion *quorum_get_vote_winner(QuorumVotes *votes)
> @@ -872,6 +866,12 @@ static int quorum_open(BlockDriverState *bs, QDict *options, int flags,
> int i;
> int ret = 0;
>
> + if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA256)) {
> + error_setg(errp, "%s",
> + _("SHA256 hash support is required for quorum device"));
> + return -EINVAL;
> + }
> +
> qdict_flatten(options);
> qdict_extract_subqdict(options, &sub, "children.");
> qdict_array_split(sub, &list);
> diff --git a/configure b/configure
> index a48aa90..cc60f0b 100755
> --- a/configure
> +++ b/configure
> @@ -336,7 +336,6 @@ vte=""
> tpm="yes"
> libssh2=""
> vhdx=""
> -quorum=""
> numa=""
> tcmalloc="no"
>
> @@ -1133,10 +1132,6 @@ for opt do
> ;;
> --disable-vhdx) vhdx="no"
> ;;
> - --disable-quorum) quorum="no"
> - ;;
> - --enable-quorum) quorum="yes"
> - ;;
> --disable-numa) numa="no"
> ;;
> --enable-numa) numa="yes"
> @@ -1416,8 +1411,6 @@ Advanced options (experts only):
> --enable-libssh2 enable ssh block device support
> --disable-vhdx disable support for the Microsoft VHDX image format
> --enable-vhdx enable support for the Microsoft VHDX image format
> - --disable-quorum disable quorum block filter support
> - --enable-quorum enable quorum block filter support
> --disable-numa disable libnuma support
> --enable-numa enable libnuma support
> --disable-tcmalloc disable tcmalloc support
> @@ -2414,33 +2407,6 @@ EOF
> fi
>
> ##########################################
> -# Quorum probe (check for gnutls)
> -if test "$quorum" != "no" ; then
> -cat > $TMPC <<EOF
> -#include <gnutls/gnutls.h>
> -#include <gnutls/crypto.h>
> -int main(void) {char data[4096], digest[32];
> -gnutls_hash_fast(GNUTLS_DIG_SHA256, data, 4096, digest);
> -return 0;
> -}
> -EOF
> -quorum_tls_cflags=`$pkg_config --cflags gnutls 2> /dev/null`
> -quorum_tls_libs=`$pkg_config --libs gnutls 2> /dev/null`
> -if compile_prog "$quorum_tls_cflags" "$quorum_tls_libs" ; then
> - qcow_tls=yes
> - libs_softmmu="$quorum_tls_libs $libs_softmmu"
> - libs_tools="$quorum_tls_libs $libs_softmmu"
> - QEMU_CFLAGS="$QEMU_CFLAGS $quorum_tls_cflags"
> - quorum="yes"
> -else
> - if test "$quorum" = "yes"; then
> - feature_not_found "gnutls" "gnutls > 2.10.0 required to compile Quorum"
> - fi
> - quorum="no"
> -fi
> -fi
> -
> -##########################################
> # VNC SASL detection
> if test "$vnc" = "yes" -a "$vnc_sasl" != "no" ; then
> cat > $TMPC <<EOF
> @@ -4562,7 +4528,6 @@ echo "libssh2 support $libssh2"
> echo "TPM passthrough $tpm_passthrough"
> echo "QOM debugging $qom_cast_debug"
> echo "vhdx $vhdx"
> -echo "Quorum $quorum"
> echo "lzo support $lzo"
> echo "snappy support $snappy"
> echo "bzip2 support $bzip2"
> @@ -5038,10 +5003,6 @@ if test "$libssh2" = "yes" ; then
> echo "LIBSSH2_LIBS=$libssh2_libs" >> $config_host_mak
> fi
>
> -if test "$quorum" = "yes" ; then
> - echo "CONFIG_QUORUM=y" >> $config_host_mak
> -fi
> -
> if test "$vhdx" = "yes" ; then
> echo "CONFIG_VHDX=y" >> $config_host_mak
> fi
>
next prev parent reply other threads:[~2015-05-29 6:50 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-21 10:56 [Qemu-devel] [PATCH 00/10] Consolidate crypto APIs & implementations Daniel P. Berrange
2015-05-21 10:56 ` [Qemu-devel] [PATCH 01/10] crypto: introduce new module for computing hash digests Daniel P. Berrange
2015-05-28 13:28 ` Gonglei
2015-06-01 16:46 ` Daniel P. Berrange
2015-06-02 7:43 ` Markus Armbruster
2015-06-02 8:34 ` Daniel P. Berrange
2015-05-21 10:56 ` [Qemu-devel] [PATCH 02/10] crypto: move built-in AES implementation into crypto/ Daniel P. Berrange
2015-05-21 10:56 ` [Qemu-devel] [PATCH 03/10] crypto: move built-in D3DES " Daniel P. Berrange
2015-05-21 10:56 ` [Qemu-devel] [PATCH 04/10] crypto: introduce generic cipher API & built-in implementation Daniel P. Berrange
2015-05-21 19:52 ` Richard Henderson
2015-05-22 9:10 ` Daniel P. Berrange
2015-05-29 2:39 ` Gonglei
2015-06-01 16:50 ` Daniel P. Berrange
2015-05-21 10:56 ` [Qemu-devel] [PATCH 05/10] crypto: add a gcrypt cipher implementation Daniel P. Berrange
2015-05-29 3:53 ` Gonglei
2015-06-01 16:53 ` Daniel P. Berrange
2015-05-21 10:56 ` [Qemu-devel] [PATCH 06/10] crypto: add a nettle " Daniel P. Berrange
2015-05-21 19:35 ` Richard Henderson
2015-05-29 6:36 ` Gonglei
2015-05-21 19:38 ` Richard Henderson
2015-05-22 9:05 ` Daniel P. Berrange
2015-05-21 10:56 ` [Qemu-devel] [PATCH 07/10] block: convert quorum blockdrv to use crypto APIs Daniel P. Berrange
2015-05-29 6:49 ` Gonglei [this message]
2015-06-01 16:56 ` Daniel P. Berrange
2015-05-21 10:56 ` [Qemu-devel] [PATCH 08/10] ui: convert VNC websockets " Daniel P. Berrange
2015-05-29 6:55 ` Gonglei
2015-05-21 10:56 ` [Qemu-devel] [PATCH 09/10] block: convert qcow/qcow2 to use generic cipher API Daniel P. Berrange
2015-05-29 7:16 ` Gonglei
2015-06-01 16:58 ` Daniel P. Berrange
2015-05-21 10:56 ` [Qemu-devel] [PATCH 10/10] ui: convert VNC " Daniel P. Berrange
2015-05-21 12:51 ` Eric Blake
2015-06-01 16:58 ` Daniel P. Berrange
2015-05-22 11:29 ` [Qemu-devel] [PATCH 00/10] Consolidate crypto APIs & implementations Gonglei
2015-05-22 11:37 ` Daniel P. Berrange
2015-05-22 11:50 ` Gonglei
2015-05-22 12:12 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55680C0A.9020302@huawei.com \
--to=arei.gonglei@huawei.com \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).