From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>,
Eduardo Otubo <otubo@redhat.com>, Jiri Pirko <jiri@resnulli.us>,
Juan Quintela <quintela@redhat.com>,
Jason Wang <jasowang@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Gerd Hoffmann <kraxel@redhat.com>, Eric Blake <eblake@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [PULL 00/22] Crypto and more patches
Date: Tue, 13 Jul 2021 16:45:39 +0100 [thread overview]
Message-ID: <YO21Iz73ClrXdI58@redhat.com> (raw)
In-Reply-To: <YO2Y+IUJ0aGHbgDC@redhat.com>
On Tue, Jul 13, 2021 at 02:45:28PM +0100, Daniel P. Berrangé wrote:
> On Tue, Jul 13, 2021 at 10:25:44AM +0100, Peter Maydell wrote:
> > On Mon, 12 Jul 2021 at 14:23, Daniel P. Berrangé <berrange@redhat.com> wrote:
> > >
> > > The following changes since commit bd38ae26cea0d1d6a97f930248df149204c210a2:
> > >
> > > Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210710' into staging (2021-07-12 11:02:39 +0100)
> > >
> > > are available in the Git repository at:
> > >
> > > https://gitlab.com/berrange/qemu tags/crypto-and-more-pull-request
> > >
> > > for you to fetch changes up to 1fc9958410c8683950ea22084b133a755561398b:
> > >
> > > tests/migration: fix unix socket migration (2021-07-12 14:00:20 +0100)
> > >
> > > ----------------------------------------------------------------
> > > Merge crypto updates and misc fixes
> > >
> > > * Introduce a GNUTLS backend for crypto algorithms
> > > * Change crypto library preference gnutls > gcrypt > nettle > built-in
> > > * Remove built-in DES impl
> > > * Remove XTS mode from built-in AES impl
> > > * Fix seccomp rules to allow resource info getters
> > > * Fix migration performance test
> > > * Use GDateTime in io/ and net/rocker/ code
> > >
> > > ----------------------------------------------------------------
> >
> > Hi; this failed 'make check' on ppc64be:
>
> > The failure is reproducible. Here's a backtrace from a debug
> > build:
> >
> > test-crypto-cipher: cbc.c:53: nettle_cbc_encrypt: Assertion `!(length
> > % block_size)' failed.
> >
> > Thread 1 "test-crypto-cip" received signal SIGABRT, Aborted.
> > 0x00007ffff77b8460 in __libc_signal_restore_set (set=0x7fffffffe468)
> > at ../sysdeps/unix/sysv/linux/internal-signals.h:86
> > 86 ../sysdeps/unix/sysv/linux/internal-signals.h: No such file or
> > directory.
> > (gdb) bt
> > #0 0x00007ffff77b8460 in __libc_signal_restore_set
> > (set=0x7fffffffe468) at
> > ../sysdeps/unix/sysv/linux/internal-signals.h:86
> > #1 __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:48
> > #2 0x00007ffff779bd40 in __GI_abort () at abort.c:79
> > #3 0x00007ffff77ae490 in __assert_fail_base (fmt=<optimized out>,
> > assertion=assertion@entry=0x7ffff72b6f38 "!(length % block_size)",
> > file=file@entry=0x7ffff72b6f30 "cbc.c", line=line@entry=53,
> > function=function@entry=0x7ffff72b6f50 "nettle_cbc_encrypt") at assert.c:92
> > #4 0x00007ffff77ae528 in __GI___assert_fail (assertion=0x7ffff72b6f38
> > "!(length % block_size)", file=0x7ffff72b6f30 "cbc.c",
> > line=<optimized out>, function=0x7ffff72b6f50
> > "nettle_cbc_encrypt") at assert.c:101
> > #5 0x00007ffff728c154 in nettle_cbc_encrypt () from
> > /usr/lib/powerpc64-linux-gnu/libnettle.so.8
> > #6 0x00007ffff7e6b894 in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libgnutls.so.30
> > #7 0x00007ffff7e6c72c in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libgnutls.so.30
> > #8 0x00007ffff7d6d794 in gnutls_cipher_encrypt2 () from
> > /usr/lib/powerpc64-linux-gnu/libgnutls.so.30
> > #9 0x000000010003c330 in qcrypto_gnutls_cipher_encrypt
> > (cipher=0x10016e550, in=0x7fffffffeca8, out=0x7fffffffecc8, len=32,
> > errp=0x100122b48 <error_abort>) at ../../crypto/cipher-gnutls.c.inc:103
> > #10 0x000000010003cef0 in qcrypto_cipher_encrypt (cipher=0x10016e550,
> > in=0x7fffffffeca8, out=0x7fffffffecc8, len=32,
> > errp=0x100122b48 <error_abort>) at ../../crypto/cipher.c:177
> > #11 0x000000010002e75c in test_cipher_null_iv () at
> > ../../tests/unit/test-crypto-cipher.c:749
> > #12 0x00007ffff7bbed38 in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #13 0x00007ffff7bbeabc in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #14 0x00007ffff7bbeabc in ?? () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #15 0x00007ffff7bbf364 in g_test_run_suite () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #16 0x00007ffff7bbf3bc in g_test_run () from
> > /usr/lib/powerpc64-linux-gnu/libglib-2.0.so.0
> > #17 0x000000010002eb78 in main (argc=1, argv=0x7ffffffff8e8) at
> > ../../tests/unit/test-crypto-cipher.c:821
> >
> > In frame 9 len is 32 and ctx_>blocksize is 16, so ¯\_(ツ)_/¯
>
> The len in frame 9 is the plain text len, but I think the assert is
> complaining about the initialization vector len, which is likely
> zero here. I think I know what to fix, but I'm surprised this would
> be architecture specific though.
Turns out it is related to whether gnutls has hardware acceleration
for CBC mode for a given arch. After compiling gnutls without
acceleration for x86_64, I could reproduce it and figure out a
fix.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
prev parent reply other threads:[~2021-07-13 15:47 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-12 13:02 [PULL 00/22] Crypto and more patches Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 01/22] crypto: remove conditional around 3DES crypto test cases Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 02/22] crypto: remove obsolete crypto test condition Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 03/22] crypto: skip essiv ivgen tests if AES+ECB isn't available Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 04/22] crypto: use &error_fatal in crypto tests Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 05/22] crypto: fix gcrypt min version 1.8 regression Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 06/22] crypto: drop gcrypt thread initialization code Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 07/22] crypto: drop custom XTS support in gcrypt driver Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 08/22] crypto: add crypto tests for single block DES-ECB and DES-CBC Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 09/22] crypto: delete built-in DES implementation Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 10/22] crypto: delete built-in XTS cipher mode support Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 11/22] crypto: replace 'des-rfb' cipher with 'des' Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 12/22] crypto: flip priority of backends to prefer gcrypt Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 13/22] crypto: introduce build system for gnutls crypto backend Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 14/22] crypto: add gnutls cipher provider Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 15/22] crypto: add gnutls hash provider Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 16/22] crypto: add gnutls hmac provider Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 17/22] crypto: add gnutls pbkdf provider Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 18/22] crypto: prefer gnutls as the crypto backend if new enough Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 19/22] net/rocker: use GDateTime for formatting timestamp in debug messages Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 20/22] io: use GDateTime for formatting timestamp for websock headers Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 21/22] seccomp: don't block getters for resource control syscalls Daniel P. Berrangé
2021-07-12 13:02 ` [PULL 22/22] tests/migration: fix unix socket migration Daniel P. Berrangé
2021-07-13 9:25 ` [PULL 00/22] Crypto and more patches Peter Maydell
2021-07-13 13:45 ` Daniel P. Berrangé
2021-07-13 13:51 ` Peter Maydell
2021-07-13 15:45 ` Daniel P. Berrangé [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YO21Iz73ClrXdI58@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=eblake@redhat.com \
--cc=jasowang@redhat.com \
--cc=jiri@resnulli.us \
--cc=kraxel@redhat.com \
--cc=otubo@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).