From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46383)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1YzSrA-0005Rk-Rj
	for qemu-devel@nongnu.org; Mon, 01 Jun 2015 12:46:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1YzSr5-0002SS-PB
	for qemu-devel@nongnu.org; Mon, 01 Jun 2015 12:46:32 -0400
Received: from mx1.redhat.com ([209.132.183.28]:59868)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1YzSr5-0002SO-HO
	for qemu-devel@nongnu.org; Mon, 01 Jun 2015 12:46:27 -0400
Date: Mon, 1 Jun 2015 17:46:22 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20150601164621.GA17374@redhat.com>
References: <1432205817-16414-1-git-send-email-berrange@redhat.com>
	<1432205817-16414-2-git-send-email-berrange@redhat.com>
	<556717F4.7000104@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <556717F4.7000104@huawei.com>
Subject: Re: [Qemu-devel] [PATCH 01/10] crypto: introduce new module for
 computing hash digests
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Gonglei <arei.gonglei@huawei.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>

On Thu, May 28, 2015 at 09:28:20PM +0800, Gonglei wrote:
> On 2015/5/21 18:56, Daniel P. Berrange wrote:
> > Introduce a new crypto/ directory that will (eventually) contain
> > all the cryptographic related code. This initially defines a
> > wrapper for initializing gnutls and for computing hashes with
> > gnutls. The former ensures that gnutls is guaranteed to be
> > initialized exactly once in QEMU regardless of CLI args. The
> > block quorum code currently fails to initialize gnutls so it
> > only works by luck, if VNC server TLS is not requested. The
> > hash APIs avoids the need to litter the rest of the code with
> > preprocessor checks and simplifies callers by allocating the
> > correct amount of memory for the requested hash.
> > 
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

> > +##########################################
> > +# GNUTLS probe
> > +
> > +if test "$gnutls" != "no"; then
> > +    if $pkg_config --exists "gnutls"; then
> > +        gnutls_cflags=`$pkg_config --cflags gnutls`
> > +        gnutls_libs=`$pkg_config --libs gnutls`
> > +        libs_softmmu="$gnutls_libs $libs_softmmu"
> > +        libs_tools="$gnutls_libs $libs_tools"
> > +	QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
> > +        gnutls="yes"
> > +
> > +	# gnutls_hash_init requires >= 2.9.10
> 
> why 2.9.10 ? Isn't since 2.10.0 ?

I've double checked and 2.9.10 is correct according to the
gnutls NEWS file

[quote]
* Version 2.9.10 (released 2010-04-22)
...
** libgnutls: Exported API to access encryption and hash algorithms.
The new API functions are gnutls_cipher_decrypt, gnutls_cipher_deinit,
gnutls_cipher_encrypt, gnutls_cipher_get_block_size,
gnutls_cipher_init, gnutls_hash, gnutls_hash_deinit, gnutls_hash_fast,
gnutls_hash_get_len, gnutls_hash_init, gnutls_hash_output,
gnutls_hmac, gnutls_hmac_deinit, gnutls_hmac_fast,
gnutls_hmac_get_len, gnutls_hmac_init, gnutls_hmac_output.  New API
constants are GNUTLS_MAC_SHA224 and GNUTLS_DIG_SHA224.
[/quote]



> > diff --git a/vl.c b/vl.c
> > index 15bccc4..72313a4 100644
> > --- a/vl.c
> > +++ b/vl.c
> > @@ -119,6 +119,7 @@ int main(int argc, char **argv)
> >  #include "qapi/opts-visitor.h"
> >  #include "qom/object_interfaces.h"
> >  #include "qapi-event.h"
> > +#include "crypto/init.h"
> >  
> >  #define DEFAULT_RAM_SIZE 128
> >  
> > @@ -2777,6 +2778,7 @@ int main(int argc, char **argv, char **envp)
> >      uint64_t ram_slots = 0;
> >      FILE *vmstate_dump_file = NULL;
> >      Error *main_loop_err = NULL;
> > +    Error *err = NULL;
> >  
> >      qemu_init_cpu_loop();
> >      qemu_mutex_lock_iothread();
> > @@ -2819,6 +2821,12 @@ int main(int argc, char **argv, char **envp)
> >  
> >      runstate_init();
> >  
> > +    if (qcrypto_init(&err) < 0) {
> > +        fprintf(stderr, "Cannot initialize crypto: %s\n",
> > +                error_get_pretty(err));
> > +        error_free(err);
> 
> This free is superflous (before exit) IMO.

Personally I always free variables like this so valgrind doesn't complain
about leaks.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|