On 20/07/2021 03.12, Eric Blake wrote:
On Mon, Jul 19, 2021 at 10:06:01AM +0200, Thomas Huth wrote:
Hi,
iotest 206 fails for me with:
--- 206.out
+++ 206.out.bad
@@ -99,55 +99,19 @@
{"execute": "blockdev-create", "arguments": {"job-id": "job0", "options":
{"driver": "qcow2", "encrypt": {"cipher-alg": "twofish-128", "cipher-mode":
"ctr", "format": "luks", "hash-alg": "sha1", "iter-time": 10, "ivgen-alg":
"plain64", "ivgen-hash-alg": "md5", "key-secret": "keysec0"}, "file":
{"driver": "file", "filename": "TEST_DIR/PID-t.qcow2"}, "size": 33554432}}}
{"return": {}}
+Job failed: Unsupported cipher algorithm twofish-128 with ctr mode
{"execute": "job-dismiss", "arguments": {"id": "job0"}}
{"return": {}}
Looks like it is missing a check for the availability of the corresponding
crypto stuff? Does anybody got a clue how to fix this?
What system is this on?
RHEL 8.4
Which crypto library versions are installed?
gnutls-3.6.14-8.el8_3.x86_64
nettle-3.4.1-4.el8_3.x86_64
I suspect this is related to Dan's effort to speed up crypto by
favoring gnutls over nettle, where the switch in favored libraries
failed to account for whether twofish-128 is supported?
https://lists.gnu.org/archive/html/qemu-devel/2021-07/msg03886.html
You're right, I've bisected the problem now, and the commit that introduced
the issue is this one here:
commit 8bd0931f63008b1d50c8df75a611323a93c052bf
Author: Daniel P. Berrangé <berra...@redhat.com>
Date: Fri Jul 2 17:38:33 2021 +0100
crypto: prefer gnutls as the crypto backend if new enough
If we have gnutls >= 3.6.13, then it has enough functionality
and performance that we can use it as the preferred crypto
backend.
Reviewed-by: Eric Blake <ebl...@redhat.com>
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
Thomas