[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen master] Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-10-20-1' into staging



=== This changeset includes merge from high-traffic branch ===
Commits on that branch are not reported individually.

commit da158a86c407fa7b9da848b571356a26809d8df9
Merge: 1b0d3845b454eaaac0b2064c78926ca4d739a080 
373166636b9f07c60d7c32610bd346acf7d143e9
Author:     Peter Maydell <peter.maydell@xxxxxxxxxx>
AuthorDate: Thu Oct 20 14:46:19 2016 +0100
Commit:     Peter Maydell <peter.maydell@xxxxxxxxxx>
CommitDate: Thu Oct 20 14:46:19 2016 +0100

    Merge remote-tracking branch 
'remotes/berrange/tags/pull-qcrypto-2016-10-20-1' into staging
    
    Merge qcrypto 2016/10/20 v1
    
    # gpg: Signature made Thu 20 Oct 2016 12:58:41 BST
    # gpg:                using RSA key 0xBE86EBB415104FDF
    # gpg: Good signature from "Daniel P. Berrange <dan@xxxxxxxxxxxx>"
    # gpg:                 aka "Daniel P. Berrange <berrange@xxxxxxxxxx>"
    # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 
4FDF
    
    * remotes/berrange/tags/pull-qcrypto-2016-10-20-1:
      crypto: fix initialization of gcrypt threading
      crypto: fix initialization of crypto in tests
      qtest: fix make check complaint in crypto module
      crypto: add mode check in qcrypto_cipher_new() for cipher-builtin
      crypto: add CTR mode support
      crypto: extend mode as a parameter in qcrypto_cipher_supports()
    
    Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
 block/qcow.c                |  3 ++-
 block/qcow2.c               |  3 ++-
 crypto/cipher-builtin.c     | 25 +++++++++++++++++++-
 crypto/cipher-gcrypt.c      | 38 ++++++++++++++++++++++++------
 crypto/cipher-nettle.c      | 28 ++++++++++++++++++++--
 crypto/cipher.c             |  1 +
 crypto/init.c               |  7 +++---
 include/crypto/cipher.h     | 12 ++++++----
 qapi/crypto.json            |  3 ++-
 tests/pkix_asn1_tab.c       |  5 +++-
 tests/test-crypto-cipher.c  | 57 ++++++++++++++++++++++++++++++++++++++++++++-
 tests/test-crypto-hash.c    | 12 ++--------
 tests/test-io-channel-tls.c |  3 +++
 ui/vnc.c                    |  2 +-
 14 files changed, 165 insertions(+), 34 deletions(-)

diff --git a/block/qcow.c b/block/qcow.c
index 94f01b3..7540f43 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -153,7 +153,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, 
int flags,
         ret = -EINVAL;
         goto fail;
     }
-    if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
+    if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
+                                 QCRYPTO_CIPHER_MODE_CBC)) {
         error_setg(errp, "AES cipher not available");
         ret = -EINVAL;
         goto fail;
diff --git a/block/qcow2.c b/block/qcow2.c
index 0e53a4d..e11c7c9 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -959,7 +959,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, 
int flags,
         ret = -EINVAL;
         goto fail;
     }
-    if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
+    if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
+                                 QCRYPTO_CIPHER_MODE_CBC)) {
         error_setg(errp, "AES cipher not available");
         ret = -EINVAL;
         goto fail;
diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index 9d25842..b4bc2b9 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -400,14 +400,26 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher 
*cipher,
 }
 
 
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+                             QCryptoCipherMode mode)
 {
     switch (alg) {
     case QCRYPTO_CIPHER_ALG_DES_RFB:
     case QCRYPTO_CIPHER_ALG_AES_128:
     case QCRYPTO_CIPHER_ALG_AES_192:
     case QCRYPTO_CIPHER_ALG_AES_256:
+        break;
+    default:
+        return false;
+    }
+
+    switch (mode) {
+    case QCRYPTO_CIPHER_MODE_ECB:
+    case QCRYPTO_CIPHER_MODE_CBC:
+    case QCRYPTO_CIPHER_MODE_XTS:
         return true;
+    case QCRYPTO_CIPHER_MODE_CTR:
+        return false;
     default:
         return false;
     }
@@ -421,6 +433,17 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm 
alg,
 {
     QCryptoCipher *cipher;
 
+    switch (mode) {
+    case QCRYPTO_CIPHER_MODE_ECB:
+    case QCRYPTO_CIPHER_MODE_CBC:
+    case QCRYPTO_CIPHER_MODE_XTS:
+        break;
+    default:
+        error_setg(errp, "Unsupported cipher mode %s",
+                   QCryptoCipherMode_lookup[mode]);
+        return NULL;
+    }
+
     cipher = g_new0(QCryptoCipher, 1);
     cipher->alg = alg;
     cipher->mode = mode;
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index da3f4c7..c550db9 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -24,7 +24,8 @@
 #include <gcrypt.h>
 
 
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+                             QCryptoCipherMode mode)
 {
     switch (alg) {
     case QCRYPTO_CIPHER_ALG_DES_RFB:
@@ -37,6 +38,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
     case QCRYPTO_CIPHER_ALG_SERPENT_256:
     case QCRYPTO_CIPHER_ALG_TWOFISH_128:
     case QCRYPTO_CIPHER_ALG_TWOFISH_256:
+        break;
+    default:
+        return false;
+    }
+
+    switch (mode) {
+    case QCRYPTO_CIPHER_MODE_ECB:
+    case QCRYPTO_CIPHER_MODE_CBC:
+    case QCRYPTO_CIPHER_MODE_XTS:
+    case QCRYPTO_CIPHER_MODE_CTR:
         return true;
     default:
         return false;
@@ -48,6 +59,7 @@ struct QCryptoCipherGcrypt {
     gcry_cipher_hd_t handle;
     gcry_cipher_hd_t tweakhandle;
     size_t blocksize;
+    /* Initialization vector or Counter */
     uint8_t *iv;
 };
 
@@ -69,6 +81,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
     case QCRYPTO_CIPHER_MODE_CBC:
         gcrymode = GCRY_CIPHER_MODE_CBC;
         break;
+    case QCRYPTO_CIPHER_MODE_CTR:
+        gcrymode = GCRY_CIPHER_MODE_CTR;
+        break;
     default:
         error_setg(errp, "Unsupported cipher mode %s",
                    QCryptoCipherMode_lookup[mode]);
@@ -339,12 +354,21 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
     if (ctx->iv) {
         memcpy(ctx->iv, iv, niv);
     } else {
-        gcry_cipher_reset(ctx->handle);
-        err = gcry_cipher_setiv(ctx->handle, iv, niv);
-        if (err != 0) {
-            error_setg(errp, "Cannot set IV: %s",
-                   gcry_strerror(err));
-            return -1;
+        if (cipher->mode == QCRYPTO_CIPHER_MODE_CTR) {
+            err = gcry_cipher_setctr(ctx->handle, iv, niv);
+            if (err != 0) {
+                error_setg(errp, "Cannot set Counter: %s",
+                       gcry_strerror(err));
+                return -1;
+            }
+        } else {
+            gcry_cipher_reset(ctx->handle);
+            err = gcry_cipher_setiv(ctx->handle, iv, niv);
+            if (err != 0) {
+                error_setg(errp, "Cannot set IV: %s",
+                       gcry_strerror(err));
+                return -1;
+            }
         }
     }
 
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index 879d831..cd094cd 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -28,6 +28,7 @@
 #include <nettle/cast128.h>
 #include <nettle/serpent.h>
 #include <nettle/twofish.h>
+#include <nettle/ctr.h>
 
 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
                                                size_t length,
@@ -186,12 +187,13 @@ struct QCryptoCipherNettle {
     QCryptoCipherNettleFuncNative alg_decrypt_native;
     QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
     QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
-
+    /* Initialization vector or Counter */
     uint8_t *iv;
     size_t blocksize;
 };
 
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+                             QCryptoCipherMode mode)
 {
     switch (alg) {
     case QCRYPTO_CIPHER_ALG_DES_RFB:
@@ -205,6 +207,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
     case QCRYPTO_CIPHER_ALG_TWOFISH_128:
     case QCRYPTO_CIPHER_ALG_TWOFISH_192:
     case QCRYPTO_CIPHER_ALG_TWOFISH_256:
+        break;
+    default:
+        return false;
+    }
+
+    switch (mode) {
+    case QCRYPTO_CIPHER_MODE_ECB:
+    case QCRYPTO_CIPHER_MODE_CBC:
+    case QCRYPTO_CIPHER_MODE_XTS:
+    case QCRYPTO_CIPHER_MODE_CTR:
         return true;
     default:
         return false;
@@ -225,6 +237,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm 
alg,
     case QCRYPTO_CIPHER_MODE_ECB:
     case QCRYPTO_CIPHER_MODE_CBC:
     case QCRYPTO_CIPHER_MODE_XTS:
+    case QCRYPTO_CIPHER_MODE_CTR:
         break;
     default:
         error_setg(errp, "Unsupported cipher mode %s",
@@ -430,6 +443,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
                     ctx->iv, len, out, in);
         break;
 
+    case QCRYPTO_CIPHER_MODE_CTR:
+        ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+                    ctx->blocksize, ctx->iv,
+                    len, out, in);
+        break;
+
     default:
         error_setg(errp, "Unsupported cipher mode %s",
                    QCryptoCipherMode_lookup[cipher->mode]);
@@ -469,6 +488,11 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
                     ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
                     ctx->iv, len, out, in);
         break;
+    case QCRYPTO_CIPHER_MODE_CTR:
+        ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+                    ctx->blocksize, ctx->iv,
+                    len, out, in);
+        break;
 
     default:
         error_setg(errp, "Unsupported cipher mode %s",
diff --git a/crypto/cipher.c b/crypto/cipher.c
index cafb454..a9bca41 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -55,6 +55,7 @@ static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
     [QCRYPTO_CIPHER_MODE_ECB] = false,
     [QCRYPTO_CIPHER_MODE_CBC] = true,
     [QCRYPTO_CIPHER_MODE_XTS] = true,
+    [QCRYPTO_CIPHER_MODE_CTR] = true,
 };
 
 
diff --git a/crypto/init.c b/crypto/init.c
index 16e099b..f65207e 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -119,6 +119,10 @@ static struct gcry_thread_cbs qcrypto_gcrypt_thread_impl = 
{
 
 int qcrypto_init(Error **errp)
 {
+#ifdef QCRYPTO_INIT_GCRYPT_THREADS
+    gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl);
+#endif /* QCRYPTO_INIT_GCRYPT_THREADS */
+
 #ifdef CONFIG_GNUTLS
     int ret;
     ret = gnutls_global_init();
@@ -139,9 +143,6 @@ int qcrypto_init(Error **errp)
         error_setg(errp, "Unable to initialize gcrypt");
         return -1;
     }
-#ifdef QCRYPTO_INIT_GCRYPT_THREADS
-    gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl);
-#endif /* QCRYPTO_INIT_GCRYPT_THREADS */
     gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
 #endif
 
diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h
index 376654d..bec9f41 100644
--- a/include/crypto/cipher.h
+++ b/include/crypto/cipher.h
@@ -85,13 +85,15 @@ struct QCryptoCipher {
 /**
  * qcrypto_cipher_supports:
  * @alg: the cipher algorithm
+ * @mode: the cipher mode
  *
- * Determine if @alg cipher algorithm is supported by the
+ * Determine if @alg cipher algorithm in @mode is supported by the
  * current configured build
  *
  * Returns: true if the algorithm is supported, false otherwise
  */
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg);
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+                             QCryptoCipherMode mode);
 
 /**
  * qcrypto_cipher_get_block_len:
@@ -213,16 +215,16 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
 /**
  * qcrypto_cipher_setiv:
  * @cipher: the cipher object
- * @iv: the initialization vector bytes
+ * @iv: the initialization vector or counter (CTR mode) bytes
  * @niv: the length of @iv
  * @errpr: pointer to a NULL-initialized error object
  *
  * If the @cipher object is setup to use a mode that requires
- * initialization vectors, this sets the initialization vector
+ * initialization vectors or counter, this sets the @niv
  * bytes. The @iv data should have the same length as the
  * cipher key used when originally constructing the cipher
  * object. It is an error to set an initialization vector
- * if the cipher mode does not require one.
+ * or counter if the cipher mode does not require one.
  *
  * Returns: 0 on success, -1 on error
  */
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 6933b13..5c9d7d4 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -89,11 +89,12 @@
 # @ecb: Electronic Code Book
 # @cbc: Cipher Block Chaining
 # @xts: XEX with tweaked code book and ciphertext stealing
+# @ctr: Counter (Since 2.8)
 # Since: 2.6
 ##
 { 'enum': 'QCryptoCipherMode',
   'prefix': 'QCRYPTO_CIPHER_MODE',
-  'data': ['ecb', 'cbc', 'xts']}
+  'data': ['ecb', 'cbc', 'xts', 'ctr']}
 
 
 ##
diff --git a/tests/pkix_asn1_tab.c b/tests/pkix_asn1_tab.c
index 903bc02..f15fc51 100644
--- a/tests/pkix_asn1_tab.c
+++ b/tests/pkix_asn1_tab.c
@@ -4,7 +4,9 @@
  */
 
 #include "qemu/osdep.h"
-#include <libtasn1.h>
+#include "tests/crypto-tls-x509-helpers.h"
+
+#ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
 
 const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
   {"PKIX1", 536875024, 0},
@@ -1103,3 +1105,4 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
   {0, 1048586, "2"},
   {0, 0, 0}
 };
+#endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */
diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c
index b89dfa2..5d9e535 100644
--- a/tests/test-crypto-cipher.c
+++ b/tests/test-crypto-cipher.c
@@ -380,6 +380,61 @@ static QCryptoCipherTestData test_data[] = {
         .key =
             "27182818284590452353602874713526"
             "31415926535897932384626433832795",
+    },
+    {
+        /* NIST F.5.1 CTR-AES128.Encrypt */
+        .path = "/crypto/cipher/aes-ctr-128",
+        .alg = QCRYPTO_CIPHER_ALG_AES_128,
+        .mode = QCRYPTO_CIPHER_MODE_CTR,
+        .key = "2b7e151628aed2a6abf7158809cf4f3c",
+        .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+        .plaintext  =
+            "6bc1bee22e409f96e93d7e117393172a"
+            "ae2d8a571e03ac9c9eb76fac45af8e51"
+            "30c81c46a35ce411e5fbc1191a0a52ef"
+            "f69f2445df4f9b17ad2b417be66c3710",
+        .ciphertext =
+            "874d6191b620e3261bef6864990db6ce"
+            "9806f66b7970fdff8617187bb9fffdff"
+            "5ae4df3edbd5d35e5b4f09020db03eab"
+            "1e031dda2fbe03d1792170a0f3009cee",
+    },
+    {
+        /* NIST F.5.3 CTR-AES192.Encrypt */
+        .path = "/crypto/cipher/aes-ctr-192",
+        .alg = QCRYPTO_CIPHER_ALG_AES_192,
+        .mode = QCRYPTO_CIPHER_MODE_CTR,
+        .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
+        .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+        .plaintext  =
+            "6bc1bee22e409f96e93d7e117393172a"
+            "ae2d8a571e03ac9c9eb76fac45af8e51"
+            "30c81c46a35ce411e5fbc1191a0a52ef"
+            "f69f2445df4f9b17ad2b417be66c3710",
+        .ciphertext =
+            "1abc932417521ca24f2b0459fe7e6e0b"
+            "090339ec0aa6faefd5ccc2c6f4ce8e94"
+            "1e36b26bd1ebc670d1bd1d665620abf7"
+            "4f78a7f6d29809585a97daec58c6b050",
+    },
+    {
+        /* NIST F.5.5 CTR-AES256.Encrypt */
+        .path = "/crypto/cipher/aes-ctr-256",
+        .alg = QCRYPTO_CIPHER_ALG_AES_256,
+        .mode = QCRYPTO_CIPHER_MODE_CTR,
+        .key = "603deb1015ca71be2b73aef0857d7781"
+               "1f352c073b6108d72d9810a30914dff4",
+        .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+        .plaintext  =
+            "6bc1bee22e409f96e93d7e117393172a"
+            "ae2d8a571e03ac9c9eb76fac45af8e51"
+            "30c81c46a35ce411e5fbc1191a0a52ef"
+            "f69f2445df4f9b17ad2b417be66c3710",
+        .ciphertext =
+            "601ec313775789a5b7a7f504bbf3d228"
+            "f443e3ca4d62b59aca84e990cacaf5c5"
+            "2b0930daa23de94ce87017ba2d84988d"
+            "dfc9c58db67aada613c2dd08457941a6",
     }
 };
 
@@ -616,7 +671,7 @@ int main(int argc, char **argv)
     g_assert(qcrypto_init(NULL) == 0);
 
     for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
-        if (qcrypto_cipher_supports(test_data[i].alg)) {
+        if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) {
             g_test_add_data_func(test_data[i].path, &test_data[i], 
test_cipher);
         }
     }
diff --git a/tests/test-crypto-hash.c b/tests/test-crypto-hash.c
index 42fc77a..214a9f7 100644
--- a/tests/test-crypto-hash.c
+++ b/tests/test-crypto-hash.c
@@ -89,8 +89,6 @@ static void test_hash_alloc(void)
 {
     size_t i;
 
-    g_assert(qcrypto_init(NULL) == 0);
-
     for (i = 0; i < G_N_ELEMENTS(expected_outputs) ; i++) {
         uint8_t *result = NULL;
         size_t resultlen = 0;
@@ -123,8 +121,6 @@ static void test_hash_prealloc(void)
 {
     size_t i;
 
-    g_assert(qcrypto_init(NULL) == 0);
-
     for (i = 0; i < G_N_ELEMENTS(expected_outputs) ; i++) {
         uint8_t *result;
         size_t resultlen;
@@ -161,8 +157,6 @@ static void test_hash_iov(void)
 {
     size_t i;
 
-    g_assert(qcrypto_init(NULL) == 0);
-
     for (i = 0; i < G_N_ELEMENTS(expected_outputs) ; i++) {
         struct iovec iov[3] = {
             { .iov_base = (char *)INPUT_TEXT1, .iov_len = strlen(INPUT_TEXT1) 
},
@@ -199,8 +193,6 @@ static void test_hash_digest(void)
 {
     size_t i;
 
-    g_assert(qcrypto_init(NULL) == 0);
-
     for (i = 0; i < G_N_ELEMENTS(expected_outputs) ; i++) {
         int ret;
         char *digest;
@@ -230,8 +222,6 @@ static void test_hash_base64(void)
 {
     size_t i;
 
-    g_assert(qcrypto_init(NULL) == 0);
-
     for (i = 0; i < G_N_ELEMENTS(expected_outputs) ; i++) {
         int ret;
         char *digest;
@@ -253,6 +243,8 @@ static void test_hash_base64(void)
 
 int main(int argc, char **argv)
 {
+    g_assert(qcrypto_init(NULL) == 0);
+
     g_test_init(&argc, &argv, NULL);
     g_test_add_func("/crypto/hash/iov", test_hash_iov);
     g_test_add_func("/crypto/hash/alloc", test_hash_alloc);
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
index 3c361a7..bd3ae2b 100644
--- a/tests/test-io-channel-tls.c
+++ b/tests/test-io-channel-tls.c
@@ -27,6 +27,7 @@
 #include "io/channel-tls.h"
 #include "io/channel-socket.h"
 #include "io-channel-helpers.h"
+#include "crypto/init.h"
 #include "crypto/tlscredsx509.h"
 #include "qemu/acl.h"
 #include "qom/object_interfaces.h"
@@ -265,6 +266,8 @@ int main(int argc, char **argv)
 {
     int ret;
 
+    g_assert(qcrypto_init(NULL) == 0);
+
     module_call_init(MODULE_INIT_QOM);
     g_test_init(&argc, &argv, NULL);
     setenv("GNUTLS_FORCE_FIPS_MODE", "2", 1);
diff --git a/ui/vnc.c b/ui/vnc.c
index c1e98fb..1bedc95 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3606,7 +3606,7 @@ void vnc_display_open(const char *id, Error **errp)
             goto fail;
         }
         if (!qcrypto_cipher_supports(
-                QCRYPTO_CIPHER_ALG_DES_RFB)) {
+                QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
             error_setg(errp,
                        "Cipher backend does not support DES RFB algorithm");
             goto fail;
--
generated by git-patchbot for /home/xen/git/qemu-xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.