On Wed, Dec 21, 2016 at 06:34:05PM -0500, John Ferlan wrote:
On 10/24/2016 04:40 AM, Pavel Hrdina wrote:
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- configure.ac | 109 +----------------------------------------------------- m4/virt-gnutls.m4 | 64 ++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 107 deletions(-) create mode 100644 m4/virt-gnutls.m4
I'm not quite sure what, but something in this change has broken encrypted secret capabilities as the following API is not always returning false...
bool virCryptoHaveCipher(virCryptoCipher algorithm) { switch (algorithm) {
case VIR_CRYPTO_CIPHER_AES256CBC:
#ifdef HAVE_GNUTLS_CIPHER_ENCRYPT return true; #else return false; #endif
...
Of course the virCryptoEncryptDataAESgntuls is also undefined.
In order to work around short term, if I use HAVE_GNUTLS_CRYPTO_H I can at least get the API needed.
Just so you know I have a customer case which I'm trying to resolve/debug that's impacted by this (naturally)!
I "hand bisected" back to
$ git co c290f216c47afbd4f3d1e082cdb98181675cd31e $ ./autogen.sh --system <lots of gnarly warnings about this omitted>
$ grep HAVE_GNUTLS config.log | #define HAVE_GNUTLS_CRYPTO_H 1 | #define HAVE_GNUTLS_RND 1 | #define HAVE_GNUTLS_CIPHER_ENCRYPT 1 | #define HAVE_GNUTLS_CRYPTO_H 1 ... #define HAVE_GNUTLS_CRYPTO_H 1 #define HAVE_GNUTLS_RND 1 #define HAVE_GNUTLS_CIPHER_ENCRYPT 1 ...
$ git co 680d2f49dad425395de627a31006cb84848cfa65 $ ./autogen.sh --system <lots of stuff ommitted>
$ grep HAVE_GNUTLS config.log | #define HAVE_GNUTLS_CRYPTO_H 1 ... #define HAVE_GNUTLS_CRYPTO_H 1 ... $
Note there's no HAVE_GNUTLS_CIPHER_ENCRYPT or HAVE_GNUTLS_RND
You'll be wanting this fix: ommit 943ddcb71205524fe2a34ca7a9b6cb3744a07555 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: Fri Nov 25 16:51:13 2016 +0100 virt-gnutls.m4: fixed check for gnutls_rnd and gnutls_cipher_encrypt Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|