Bug 1549543

Summary: Use of Nettle crypto library prevents FIPS compliance, need to go back to libgcrypt
Product: Red Hat Enterprise Linux 7 Reporter: Daniel Berrangé <berrange>
Component: qemu-kvm-rhevAssignee: Miroslav Rezanina <mrezanin>
Status: CLOSED ERRATA QA Contact: Tingting Mao <timao>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.5CC: berrange, chayang, coli, ddepaula, hhuang, juzhang, michen, ngu, pingl, qzhang, timao, virt-maint, yhong
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.12.0-2.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1549544 1549751 (view as bug list) Environment:
Last Closed: 2018-11-01 11:04:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1549751    

Comment 2 Daniel Berrangé 2018-02-27 12:44:45 UTC
NB, the in-tree XTS impl provides a further complication for FIPS cert, since libgcrypt does not provide any impl for that.

Comment 4 Miroslav Rezanina 2018-05-16 07:52:56 UTC
Fix included in qemu-kvm-rhev-2.12.0-2.el7

Comment 10 Tingting Mao 2018-07-05 09:54:42 UTC
Regression test for luks

Packages Tested:
kernel-3.10.0-906.el7
qemu-kvm-rhev-2.12.0-3.el7

New Bugs(1): --------> not regression
Bug 1593111-qemu-img is very slow when changing the backing file from qcow2 image to luks image

reproduced Bugs(5)
Bug 1537485-test cases of qemu-iotests failed for luks format
Bug 1535894-RFE: qemu-img should support to create a sparse image during conversion when the source image is in luks format
Bug 1575578-Failed to convert a source image to the qcow2 image encrypted by luks
Bug 1534951-RFE: Support preallocation mode for luks format
Bug 1534898-qemu-img should give meaningful error messages when create 16TB luks format image on ext4



Regression test for luks-inside-qcow2

Packages Tested:
kernel: kernel-3.10.0-915.el7
qemu-kvm-rhev: qemu-kvm-rhev-2.12.0-6.el7

New Bugs(1): -------> not regression
Bug 1594622- The error info is misleading when creating snapshot with the specified format is not qcow2

reproduced Bugs(5)
Bug 1575578 - Failed to convert a source image to the qcow2 image encrypted by luks
Bug 1529209 - Fail to create internal snapshots when guest boots up with luks-inside-qcow2 format image
Bug 1191402 - The error info is not accurate when create image with specify wrong backing_fmt
Bug 1542858 - size of luks-encrypted qcow2 image exceeds the required in qemu-img measure output
Bug 1331279 - test cases of qemu-iotests failed

Comment 11 Tingting Mao 2018-07-06 02:06:50 UTC
Test for the VNC password

Steps:
1. Boot up guest with "-vnc :$port,password" and set up password on qemu monitor
(qemu)set_password vnc xxx
2. Connet to the guest by vnc with the password "xxx"

Result:
After step2 ,connect to guest with password successfully

Comment 12 errata-xmlrpc 2018-11-01 11:04:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3443